Founder & Principal Security Practitioner, CISSP
Kfir Yair
CISSP-certified security practitioner with over a decade of cybersecurity experience across security operations, identity protection, endpoint security, and compliance work. Provenance spans the Israeli Defense Forces (IDF) cyber unit, the Israeli Government Tax Authority, Deloitte, Varonis, and TEKRiSQ. Currently leading Zero Trust Island Browser deployment for a Fortune 500 airline. Obsidian Ridge reflects a simple operating philosophy: direct practitioner access, plain-language guidance, and security work that reduces real risk instead of generating shelfware.
Kfir Yair founded Obsidian Ridge to deliver cybersecurity help that feels practical, direct, and accountable. The practice works across three audiences: individuals and families who need plain-language protection from scams and account compromise, growing businesses that need managed security and compliance support, and enterprise teams that need focused depth in architecture, hardening, or response.
Across that work, the focus has ranged from security architecture and Zero Trust implementation to endpoint security, identity protection, compliance support, and incident response preparation. That includes hands-on experience with NIST, ISO 27001, PCI-DSS, and HIPAA-aligned programs — and work supporting organizations that needed security outcomes they could actually operate, not just approve on paper.
Obsidian Ridge is intentionally practitioner-led. Clients work with a real operator who can translate technical risk into decisions, priorities, and next steps without relying on fear, jargon, or bloated reporting.
Provenance
Where the depth comes from
The Obsidian Ridge practice is informed by direct operational work across military cyber, national-government security, big-four consulting, enterprise security engineering, and the small-to-mid-market practice the firm serves today.
Present
Founder & Principal Security Practitioner · Obsidian Ridge
Practitioner-led managed cybersecurity for individuals, SMBs, and lean security teams. CISSP-led SOC, identity threat detection, security awareness training, managed SIEM, and compliance program support.
Present (concurrent engagement)
Zero Trust Browser Deployment Lead · Fortune 500 airline
Leading the rollout of the Island enterprise browser for a Fortune 500 carrier — workforce identity, conditional access, and Zero Trust enforcement at the browser tier.
Prior
Security Practitioner · TEKRiSQ
Cyber-risk and compliance work for small and mid-market organizations across the United States.
Prior
Security Engineering · Varonis Systems
Data security platform engineering — identity, data classification, and DSPM-adjacent telemetry for enterprise environments.
Prior
Cybersecurity Consultant · Deloitte
Security architecture and operations consulting for enterprise clients across financial services, healthcare, and government.
Prior
Information Security Lead · Israeli Government Tax Authority
Identity, access, and security operations for a national government tax agency.
Early career
Cyber Unit Operator · Israel Defense Forces (IDF)
Operational cyber training and field deployment in the IDF cyber unit — the formative depth that shaped the practice.
Practice focus
Where the practice spends its time
- Managed Detection & Response (MDR) and 24×7 security operations
- Identity Threat Detection & Response (ITDR) — Microsoft 365, Entra ID, Google Workspace
- Zero Trust architecture and rollout — workforce identity, conditional access, browser-tier enforcement
- Endpoint Detection & Response (EDR), endpoint hardening, agent deployment
- Compliance program support: SOC 2, HIPAA Security Rule, ISO 27001, PCI DSS, NIST CSF 2.0
- Cyber-insurance readiness and renewal evidence packaging
- Incident response preparation and tabletop exercises
Writing
Field notes & technical guides
Articles written and reviewed by Kfir Yair. Cybersecurity is a YMYL topic — every piece is sourced against vendor documentation, primary regulatory text, and the practitioner's own engagements.
Direct practitioner access
Talk to the practitioner, not a queue
Briefings are direct. No SDR layer, no demo theatre. Thirty minutes, an honest read on your situation, and a clear next step — or a clear “you don't need us.”