About Anchor Cyber Security

Enterprise Security. SMB Friendly.

Founded by a practitioner who has spent 25+ years on the inside — leading GRC programs, responding to incidents, building security teams, and sitting across the table from auditors. Anchor brings that experience to Maine SMBs through products and consulting that actually work.

Jonathan Carpenter

Founder & Principal Consultant, Anchor Cyber Security

Director of GRC, Kevel · BS in Information Technology

Jonathan has spent 25+ years working across every layer of security — from network administration and Linux systems engineering to leading GRC programs at scale. He has held Director, Principal, and Lead roles at organizations ranging from startups to mid-market SaaS companies.

In his current day role as Director of GRC at Kevel, he leads compliance programs spanning SOC 1, SOC 2, and third-party vendor risk. Prior to Kevel, he served as Lead Security Engineer at Formstack, where he drove PCI DSS compliance and led the security engineering function. Anchor Cyber Security is where he applies that same breadth of experience to the SMBs that need it most — without the enterprise price tag.

CISSPCISMCCSPGRCPProject+

Jonathan built Anchor's products to solve problems he experienced firsthand: security training employees ignore, incident response plans that have never been tested, CPE tracking that lives in a spreadsheet, and sensitive data leaking into AI tools without anyone noticing.

Areas of Expertise

Governance, Risk & Compliance
SOC 2, ISO 27001, HIPAA, PCI DSS, NIST CSF, NIST 800-53, GDPR — framework implementation, audit preparation, and ongoing program management.
Cloud Security
AWS, Azure, and GCP security architecture, identity & access management, and cloud-native security controls.
Security Operations
Incident response planning and execution, threat detection, vulnerability management, and tabletop exercises.
Security Leadership
vCISO services, board-level communication, security program development, and team building.

Career highlights

25+ years spanning network administration, Linux systems engineering, security engineering, and executive GRC leadership.

Director of GRCCurrent
Kevel
Jun 2025 – Present
Principal GRC Analyst
Kevel
Sep 2021 – May 2025
Lead Security Engineer
Formstack
Aug 2019 – Feb 2022
Information Security Engineer
BriteCore
Mar 2018 – Jul 2019
Director of IT / Information Security
Bost, Inc.
Apr 2006 – Jun 2020
Senior Systems Analyst / Team Lead
Earthlink
May 1998 – Jan 2001

What colleagues say

LinkedIn recommendations from professional roles prior to Anchor Cyber Security.

I have had the absolute pleasure of working with Jonathan at two different organizations. He provides so much value to our team, using his deep understanding of security best practices and risk management to provide very practical advice. An invaluable asset to our compliance function — an incredible partner to the legal team as well, assisting in everything from the pre-sales process, to redlining, to eDiscovery, to audit activity.

Leslie Pierce-Connor
General Counsel · Kevel

Jonathan was instrumental in standing up our Information Security Program and was essential to the successful completion of our annual SOC audits. He not only drove key initiatives within the organization, he also educated our staff about security best practices and helped to shift the culture. Jonathan was a strong partner and a true professional, even in the most challenging situations.

Jennifer Settlow
Manager, Privacy & Compliance · Epson America

Recommendations via LinkedIn — reflecting work performed in professional roles prior to Anchor Cyber Security.

Our Philosophy

Security should be practical, not theatrical.

Practitioner-Built

Everything we create comes from real experience. We've been in your shoes — dealt with auditors, responded to incidents, and presented to boards.

Business-Aligned

Security exists to enable business, not block it. We help you find the right balance between protection and productivity.

No Checkbox Mentality

Compliance is a byproduct of good security, not the goal. We focus on what actually reduces risk.

Based in Maine

Anchor Cyber Security is based in Biddeford, Maine. We work with clients across the United States and internationally.

Biddeford, Maine 04005

[email protected]

Ready to work together?

Whether you need products, consulting, or both—let's talk about your security goals.

Get in Touch