About — MERA Security

— PHOTO PLACEHOLDER

Richard Cugini

FOUNDER & PRINCIPAL

CISSP CySA+ CCNA AWS CP SentinelOne IR

FOUNDER'S NOTE

Why MERA Security exists.

I started MERA after years inside MSPs and IT teams watching small and mid-sized businesses fall into the same trap. They were too big to run security off the side of someone's desk, but too small to be taken seriously by enterprise consulting firms. The result was usually some combination of expensive tools nobody fully understood, compliance documentation that wouldn't survive a real audit, and a constant low-grade anxiety about what might be missing.

"MERA Security exists because there's a meaningful gap between break-fix IT and Big Four consulting, and nobody was filling it well."

MERA is a focused practice, deliberately small, built to deliver senior security expertise directly. No account managers between you and the answer. No junior staff cutting their teeth on your environment. The practitioner who scopes your engagement is the practitioner who does the work.

That's the deal.

AREAS OF PRACTICE

The stack we work in.

Platform-agnostic by design. MERA Security operates fluently across the modern SMB security stack — Microsoft and Google ecosystems, multi-cloud, leading EDR and SIEM tools, and the compliance automation platforms that tie it all together.

— 01

Identity & Productivity

Microsoft 365 · Google Workspace · Entra ID

Conditional access, identity protection, lifecycle controls, and the audit logging foundation everything else depends on.

— 02

Endpoint & EDR

SentinelOne · Defender for Endpoint · CrowdStrike

Deployment, tuning, and incident response operations on the leading endpoint detection and response platforms.

— 03

Cloud Security

Azure · AWS · Google Cloud

Posture review, identity and access baselines, and security control implementation across all three major clouds.

— 04

Email Security

Defender for O365 · Proofpoint · Mimecast

The number-one attack vector for SMBs. Email gateway hardening, phishing-resistant authentication, and response playbooks.

— 05

SIEM & Detection

Microsoft Sentinel · Splunk

Detection engineering, alert tuning, and response runbooks. The "we have a SIEM but it just generates noise" problem solved.

— 06

Compliance Automation

Vanta · Drata

Continuous compliance monitoring deployment for organizations pursuing SOC 2 or ISO 27001 attestations, HIPAA compliance, or other framework alignment.

HOW WE WORK

The way we run a security engagement.

These aren't slogans. They're the operating rules we hold ourselves to in every engagement, written down so you can hold us to them too.

— 01

Scope before signature.

No engagement begins without a written scope, a clear deliverable, and a defined price. We'd rather walk away from work that can't be cleanly scoped than write a check that becomes a black hole.

— 02

Documentation is the deliverable.

If we did the work but you can't show it to an auditor, your insurer, or your board, we didn't finish the job. Every engagement ends with written documentation your team genuinely owns.

— 03

One practitioner, one client.

The senior security professional who scopes your engagement is the one doing the work. No bait-and-switch with junior staff. No account managers between you and the answer.

— 04

Right-sized, not down-sized.

We bring senior-level thinking calibrated to SMB realities. Not Fortune 500 frameworks force-fit onto teams of five. Not consumer-grade advice dressed up in a deliverable template.