David Pahlman

Hey, I’m David Pahlman — a cybersecurity and compliance leader with more than 25 years of hands-on experience helping organizations stay secure, stay compliant, and stay sane. I’ve worked across healthcare, manufacturing, enterprise IT, state and local government, software companies, audit firms, and MSP’s, and today I serve as the Director of Compliance and Technical Operations at Ruvos.

My background blends information security, compliance frameworks, technical operations, and real-world engineering, which means I don’t just know the rules — I understand how they actually apply in the messy world where businesses operate every day.

I love breaking down complex standards like HIPAA, ISO 27001, SOC 2, and NIST 800-53 so teams can understand them and incorporate them into their day-to-day work. If you’ve ever felt overwhelmed by compliance, trust me — it doesn’t have to be that way.

Outside of work, I contribute to We Make Sure, a blog dedicated to simplifying cybersecurity and removing the mystery from audits, operational security, and compliance frameworks.

What I Do Today

Director of Compliance & Technical Operations — Ruvos

At Ruvos, I lead compliance strategy, technical operations, and security programs that support large-scale public health and enterprise data systems. My focus is on:

  • Turning compliance frameworks into real, working processes
  • Building secure-by-design environments
  • Supporting teams through SOC 2, HIPAA, and ISO 27001 readiness
  • Strengthening operational security across the organization

Before stepping into my current role, I was the Manager of Security Operations, where I helped mature security capabilities and improve the organization’s overall readiness and resilience.

My Journey So Far

I’ve had a long and pretty diverse career in IT and cybersecurity:

  • Blog Contributor – We Make Sure
    Sharing practical advice, compliance strategy, and lessons learned from real audits.
  • Lead Practitioner & Information Security Auditor – KirkpatrickPrice
    Guided hundreds of organizations through compliance audits and security assessments.
  • Manager of Professional Services / Security Engineer – Howard Technology Solutions
    Built and led teams delivering security engineering projects and enterprise IT solutions.
  • Chief Information Officer – Camellia Healthcare
    Directed technology strategy, operations, and HIPAA compliance across an extensive healthcare network.
  • Early-career roles in IT support, networking, and systems management gave me a strong foundation in real-world technology challenges.

Certifications I Hold

Certifications aren’t everything, but they help show where my focus is. A few of mine include:

  • ISACA CISA, CISM, CGEIT, CDPSE, CRISC,
  • CISSP
  • ECSA, CEH
  • ISO 27001 Lead Auditor

My Core Strengths

I’m best known for helping organizations:

  • Navigate compliance frameworks without the stress
  • Build practical security programs that teams can actually use
  • Break down technical problems into everyday language
  • Promote servant leadership and management controls
  • Prepare for and pass audits with confidence

My work lives at the intersection of security, compliance, technical operations, and people — exactly where modern cybersecurity needs to be.

Education

  • University of Southern Mississippi – Computer Science
  • Pearl River Community College – General Studies

Let’s Connect

If you’re into cybersecurity, compliance, audits, or want to talk shop: