josecustom.ai josecustom.ai Book

Your team is using AI. The question is whether your data is going with it.

I help data-sensitive firms find where AI tools are leaking client data, fix it, and build the systems that keep watching. CISSP-led. Two-week audits. Fixed prices.

Book a CallSee how the audit works
CISSPU.S. Army VeteranM365 Endpoint AdminAzure + EU-Grade Security

Built for firms where data exposure is not theoretical.

Law firms (10-50 attorneys)

Associates pasting privileged memos into ChatGPT. State bar opinions stacking up.

Start with the audit. Most firms move into a Copilot governance build.

Accounting and tax firms

Tax-season staff using consumer ChatGPT on client returns. FTC Safeguards on the table.

Start with the audit. AI Acceptable Use Policy in two weeks.

RIAs and wealth advisors

Copilot summarizing client records the SEC will ask about. Reg S-P 72-hour clock running.

Start with the audit. Move into the embedded retainer once the SEC exam is on the calendar.

Healthcare practices

Staff dropping PHI into free AI tools to draft letters and notes.

Start with the audit. HIPAA-aligned policy and Copilot configuration follow.

Insurance brokers and underwriters

Quotes and client records flowing through ChatGPT. Carrier audits coming.

Start with the audit. Most brokers move into Copilot deployment after.

Managed service providers

Your clients are leaking, and you are the one who gets the call when it goes wrong.

White-label the audit. Run it on your top five clients. Keep the margin.

Also working with:

  • Real estate brokerages. Listing copy, client comms, transaction docs. Keep client data out of consumer AI.
  • Architecture and engineering firms. Project files, IP, client drawings. AI in the workflow without leaking the IP.
  • Marketing and creative agencies. Client briefs and campaign data flowing through AI tools. Vendor due diligence and AUP.
  • Consulting and professional services firms. Client engagements documented in tools that train on the input. Stop the leak, keep the productivity.
  • HR and recruiting firms. Candidate data through AI screening tools. Bias audits, NYC LL 144, Illinois HB 3773.
  • Education and training providers. Student records, course materials. FERPA-aligned AI policy.
  • Logistics and supply chain. Vendor data, contracts, route optimization. Contain the AI to your tenant.
  • Manufacturing (mid-size). IP in CAD files, supplier negotiations, quality control AI. Keep it on your infrastructure.
  • Nonprofits handling sensitive populations. Donor data, beneficiary records. AI without violating trust.
  • Family offices and small private equity. Deal data, LP communications, portfolio monitoring. AI inside the firewall.

If your firm handles data that should not be in someone else's training set, the work fits. Book a call.

Based in Germany. Steuerberater, Kanzleien, and Versicherungsmakler. Same audit, German-language delivery, §203 StGB and DSGVO covered.

Three ways we work together.

AI Data Exposure Audit

$2,500 flat. Two weeks.

You get: a written findings report on where data is leaking, a 30-60 day remediation roadmap, an AI Acceptable Use Policy draft.

Most clients move from this into a retainer within 60 days.

Copilot and Azure OpenAI Builds

$4,900 to $15,000. Two to five weeks. Fixed price per scope.

  • Copilot Governance Build. $4,900, 2 weeks. Purview labels, DLP, sensitivity inheritance, AUP rollout.
  • Azure OpenAI Private Deployment. $15,000, 3-5 weeks. EU region, PII redaction, integrated with your tenant.
  • RAG and Document Search Build. From $8,000. SharePoint or OneDrive, source citations.

Embedded AI-Security Partner

$2,500 to $4,500 per month. Ongoing.

  • Monitoring. $2,500/mo. Quarterly review, regulatory tracking, on-call.
  • Embedded Partner. $3,500/mo. Monthly working sessions, new-tool vetting, incident response.
  • Fractional AI-Security Officer. $4,500/mo. Multi-week presence, strategy, board-ready reporting.
The Work

Real audits. Real tools. Real findings.

The audit uses the same AI tools your team already has. Claude, Copilot, GPT, Gemini. Turned against them to find exposure. Below: the four workstreams you get in 14 days, in the tools that ran them.

 

Shadow AI Detection

 

Copilot Posture Analysis

 

DPIA Generation

 

Continuous Drift Monitoring

Three steps. Discovery to delivery.

01

Discovery Call

30 minutes. I learn your tools, your data flows, your regulatory exposure. No pitch deck.

02

The Audit

Two weeks. I find the leaks, draft the policy, hand back a 30-60 day remediation roadmap.

03

The Build, Then the Retainer

If the audit revealed pain we should keep watching, we move into a build, then into a retainer where I stay embedded. Most engagements end here.

Jose Lugo

Jose Lugo. CISSP certified. 12 years securing systems for the U.S. Army. Now I build AI infrastructure for firms that take their data seriously. Based in Germany. Serving Orlando and remote clients across the U.S. I work on five engagements at a time. If we work together, you get my actual attention.

I build the system. Not the slide deck about the system.

Ready to find out what your team is actually doing with AI?

Free 30-minute discovery call. No pitch deck. Just a conversation about what your firm needs.

Calendar not loading? Book directly here.