Tech Cartographer helps SMBs, regulated organizations, and MSPs understand where they stand on security and compliance, and build the programs, processes, and leadership capacity to stay there.
"Most businesses don't know where they stand on security and compliance. Not until something forces the question."
A vendor questionnaire. A regulatory exam. A cyber insurance renewal. A breach.
That's where I come in.
I'm Martin Perkins, founder of Tech Cartographer and a 20+ year technology and operations leader who now works exclusively on security, compliance, and risk. I help SMBs and regulated organizations understand where they are, where the risks are, and exactly what to do about it.
And when compliance work surfaces broken processes, we fix those too.
What usually forces the question:
What We Do
Five integrated service offerings spanning assessment, compliance programs, ongoing advisory, MSP partnership, and operational transformation.
Structured assessment of your current security posture, control environment, and compliance readiness. Answers: where do you stand, what are the gaps, what should you do first.
Scoped to your organization, applicable framework, and complexity. Fixed scope. No hourly billing. The starting point for most client relationships.
Request InfoBuilding the policies, procedures, controls, and documentation required to meet your compliance obligations and satisfy auditor, insurer, or client requirements.
Key Deliverables
Scoped per engagement based on your framework, org size, and what already exists. Every deliverable is built to be used, not filed away.
Request InfoOngoing security leadership on a monthly retainer. Tech Cartographer serves as your organization's security and compliance function, owning the program, advising leadership, driving continuous improvement.
White-label and referral model for MSPs who want to offer security and compliance services without building internal expertise. Tech Cartographer acts as the behind-the-scenes security and compliance engine, under your brand, with your client relationships.
Structured around what works for your model: white-label delivery, referral arrangement, or co-delivery. Let's build something that fits your practice.
Start a Partner ConversationWe help growing businesses evolve their operations through workflow automation, AI integration, and process redesign, turning compliance findings into operational improvements.
Is your organization ready to adopt AI tools safely and effectively? We assess governance gaps, data handling risks, and readiness for AI integration.
Identify manual, repetitive processes and build automated workflows that integrate compliance requirements directly into operations.
Audit your current tools, eliminate redundancy, and design an integrated stack that supports both security and operational efficiency.
Deep expertise in Microsoft 365, Entra ID, Power Automate, and connecting compliance and business tools into unified workflows.
Every engagement is scoped to your specific situation. The conversation starts with understanding your processes, not a rate sheet.
Let's Map Your ProcessesDifferentiation
What separates this engagement from a typical consultant or advisory firm.
I've built MSP service lines from scratch, managed P&L, negotiated vendor contracts, and run teams. I know how businesses actually work, and I build compliance programs that fit that reality, not enterprise templates that collect dust.
I've coached over 100 MSPs on building security practices, spoken at national industry events, and I know how to work alongside your IT provider, not around them. Your technology stack is a known quantity, not a learning curve.
No hand-off to a junior analyst. The person you meet is the person doing the work. You get direct access to 20+ years of technology and operations leadership throughout the entire engagement.
You get a usable roadmap, executive-ready reporting, and a clear path forward. Not a 200-page report no one reads. Every deliverable is built to be actionable by the people who receive it.
Who We Serve
Regulated industries with real compliance obligations and the SMBs navigating growing security and compliance pressure.
SEC cybersecurity rules, NCUA requirements, client data fiduciary obligations, written policies, annual risk assessments, vendor oversight requirements, and examination readiness.
HIPAA business associate obligations, vendor questionnaires, breach risk, clinical system access governance, and protecting patient data in non-covered-entity environments.
Bar guidance on data security, cyber insurance requirements, client confidentiality obligations, and the growing pressure from underwriters who want to see written security programs.
White-label security services, compliance co-delivery, client retention through expanded service offerings, and building scalable security practices without internal hiring overhead.
About
I think like an operator, not just a security consultant. My background spans MSP practice development, regulated-industry compliance delivery, executive advisory, and critically, the operational reality of what it means to run a technology practice or business under compliance pressure.
I spent a year coaching over 100 MSPs, helping them build and monetize security practices from the ground up. Before that, I built a managed services division from scratch, growing it 225% in year one. As Director of Services, I managed security and compliance programs for 15 regulated clients across financial services, healthcare-adjacent, and SEC-regulated environments.
I'm also co-founder of The Tech Degenerates, an independent MSP peer community that's grown to 800+ members, because the industry gets stronger when practitioners share openly.
I've spoken at national events including Xchange and NextGen. I work hands-on with Entra ID, Conditional Access, Intune, Microsoft Defender, and M365 Compliance (DLP, retention, audit, eDiscovery). I don't outsource the work. The person you meet is the person doing the work.
Frameworks I Work In Regularly
How It Works
A simple, direct process built around your situation, not a sales funnel.
30 minutes. No agenda except understanding your situation and risk posture. No pitch. Just a direct conversation about where you are and what pressure you're under.
No pitch. Just a conversation.
Structured evaluation against your applicable framework. Prioritized findings, executive-ready output, usable roadmap. Not a shelf document. You leave with clarity on exactly where you stand and what to do first.
Actionable deliverables, not a 200-page report.
Retainer, program ownership, or project delivery: the engagement model that fits your business. For most clients, the assessment is the beginning of a longer relationship, not a one-time transaction.
The model that fits your business.
Get in Touch
Whether you're dealing with a vendor questionnaire, a regulatory exam, an insurance renewal, or just a nagging feeling that something isn't right, let's start with a conversation. No agenda. No pitch.
Security & Compliance Advisor | vCISO
Business Process Transformation | Helping SMBs and MSPs Navigate Risk, Governance & Operational Maturity
No pitch. Just a conversation.
β Message received. I'll be in touch within one business day.