Kessel Security AnalyticsClear Guidance on Cyber Risk for Local Businesses

About Kessel Security Analytics

Advisory-only cybersecurity services for Minnesota small and midsize businesses.

Who We Are

Kessel Security Analytics helps Minnesota businesses build clarity, stability, and resilience through advisory-only cybersecurity services.

We do not log into systems or perform remediation. Your IT provider executes changes based on our recommendations—keeping roles clear, liability manageable, and giving you control over implementation timing.

Our Four-Pillar Advisory System provides structured guidance tailored to the unique challenges facing Minnesota SMBs: regulatory uncertainty, vendor sprawl, limited IT resources, and operational fragility.

Our Mission

To give SMBs the visibility and confidence they need to operate safely in a digital world.

Most small businesses face the same regulatory obligations as enterprise organizations—HIPAA, FTC Safeguards, PCI-DSS, data breach notification laws—but lack dedicated security teams or compliance departments. We bridge that gap with clear, practical advisory services designed for businesses without CISOs.

Our Philosophy

1

Clarity prevents surprises.

Understand what regulations apply to your business, what risks you face, and what obligations you need to meet. Regulatory clarity eliminates guesswork and prevents costly compliance surprises.

2

Stability reduces chaos.

Build operational stability through foundational security hygiene (strength) and balanced vendor relationships (balance). Stability means fewer emergencies, less firefighting, and more predictable operations.

3

Resilience ensures continuity.

Know what must keep running, how long you can tolerate downtime, and where your critical dependencies lie. Business resilience means you can endure disruptions without catastrophic consequences.

Why Advisory-Only?

We deliberately focus on assessment and guidance—not technical implementation. Here's why:

Clear Liability

Once a consultant touches your systems, responsibility for outcomes becomes blurred. Advisory-only keeps roles clear: we assess and guide, your IT team implements.

Cost Predictability

Implementation work creates scope creep and unpredictable costs. Advisory services have clear deliverables and fixed pricing.

Your Control

You decide when and how to implement recommendations based on your budget, timeline, and business priorities—not consultant availability.

IT Flexibility

Work with your existing IT provider, hire someone new, or implement changes internally. Our recommendations aren't vendor-locked.

Who We Serve

Kessel Security Analytics focuses exclusively on Minnesota small and midsize businesses—typically organizations with:

  • Solo practitioners to ~100 employees – Small enough to lack dedicated security staff, large enough to face regulatory obligations
  • No CISO or compliance department – Security decisions fall to owners, office managers, or overburdened IT generalists
  • SaaS-dependent operations – Heavy reliance on cloud tools with limited visibility into vendor risks
  • Regulatory uncertainty – Unsure what compliance frameworks apply or how to meet requirements
  • Operational fragility – Single points of failure, unclear recovery priorities, or minimal backup strategies

Background & Credentials

Kessel Security Analytics is led by Gerhard (Henry) Kessel, a CISSP-certified cybersecurity professional with over 20 years of operational IT and security experience.

Professional Background:

  • • CISSP certified since 2011
  • • 8+ years Fortune 5 healthcare security (Optum/UnitedHealth Group)
  • • Federal healthcare.gov marketplace security
  • • Network monitoring and threat detection at scale
  • • HIPAA, SOC2, HITRUST compliance experience

Service Philosophy:

  • • Advisory-first, implementation-never
  • • Plain-language communication
  • • SMB-focused service design
  • • Low-liability, high-clarity model
  • • Minnesota business community focus

Service Area

We serve businesses throughout Minnesota, with both remote and on-site assessment options available.

Most assessments are conducted remotely via structured interviews, document review, and asynchronous communication. On-site visits can be arranged for businesses requiring physical facility assessments or preferring in-person consultation.

Ready to Get Started?

Schedule a free 30-minute consultation to discuss your cybersecurity and regulatory needs.

Schedule Free Consultation