About Bryan Curnutt, the founder of Practical Dragon
I founded Practical Dragon to help organizations close the gap between intent and execution in their security and compliance efforts.
I specialize in helping small and mid-sized businesses that are under real pressure: facing audits, chasing certifications, or just trying to stop spinning their wheels. My clients don’t need hype. They need precision. They want to know what matters, what doesn’t, and how to get it done without unnecessary overhead.
Background Highlights
- 25+ years in cybersecurity
- 15+ years leading IT audits and SOX remediation & governance
- 5+ years implementing and internally assessing CMMC
- MBA, CISA, GCIA, GCIH, CMMC RP & RPA
- Perfect 110 outcome on DoD DIBCAC assessment for a contractor under DOJ scrutiny for alleged DFARS cybersecurity false claims
- Turned a borderline SOX material weakness into zero deficiencies – and trained up the team who kept it that way in the years since
- Built and cleaned up programs across CMMC, SOX, DFARS, NIST 800-53 and 800-171, HIPAA, CCPA/CPRA, and more
This work matters—to your business, to your customers, and to national security. I help you get it right.
