Obsidian Rowe logo - homepage link
Headshot of Paul M. Rush Jr.

Paul M. Rush Jr.

COO and President, Obsidian Rowe

Paul M. Rush Jr. is co-founder, COO, and President of Obsidian Rowe. As our resident expert in Risk Management, Compliance, Governance, and Cybersecurity, Paul designs NIST-based, audit-proof security and compliance programs for organizations of all sizes. His experience spans a variety of highly regulated industries (e.g., the Defense Industrial Base, manufacturing, and telecommunications). Paul partners with executives to create board-ready programs, measurable controls, and practical AI solutions that streamline operations, reduce risk, and enable confident, compliant decision-making.

Insights by Paul M. Rush Jr.

This is a close-up photo taken by Ilya Semenov (available on Unsplashed.com). A carefully balanced pile of stones, reflecting the structured cadence needed to prevent security drift.

CINDER (Pt. 2): Turning Insight Into Action — The Controls, Cadence, and Evidence That Work

CINDER becomes operational: each behavior is paired with fast tests, corrective moves, and mapped controls, supported by a weekly–monthly–quarterly rhythm and a 90‑day plan that aligns CSF, 800‑171, AS9100, and SCF into durable, human‑centered security.

This is a close-up photo of a fire burning taken by Vitali Adutskevich (available on Unsplashed.com). It is a symbolic image representing human behaviors like complacency, ignorance, neglect, drift, evasion, and resistance (acronym: CINDER) that erode security programs.

CINDER (Pt. 1): The Human Behaviors That Quietly Erode Security Programs

CINDER identifies predictable human behaviors that undermine security and positions governance, clarity, and evidence‑driven systems as the foundation for preventing routine work pressures from turning into structural security failures.

Security operations center with digital network visualization and data displays representing NIST governance and cybersecurity framework implementation. (Image from Unsplashed.com)

Security Playbook: A CISO's Guide to NIST Governance

A playbook for CISOs to run governance as a system. Align CSF 2.0 and RMF with SP 800‑53/55/137 and BCEB, set decision forums, and execute a 90‑day plan to prove, monitor, and improve controls.