Principals

Ray founded Diriga Services to address a gap he observed repeatedly across defense, healthcare, and financial services: organizations spending heavily on compliance and security consulting but receiving generic guidance from junior practitioners who had never held operational responsibility for the outcomes they were advising on.

Before founding the practice, Ray served as CISO and compliance officer for organizations in the defense industrial base. He has led compliance programs across CMMC, HIPAA, FedRAMP, and FINRA frameworks. His advisory work is informed by the experience of having been on the receiving end of audit findings and regulatory scrutiny.

Ray leads the firm's strategic direction and personally oversees every engagement. He is based in Orlando, Florida.

Margaret brings fifteen years of compliance experience spanning federal audit, regulatory advisory, and organizational readiness assessment. Her career began in federal service, where she conducted compliance examinations for defense contractors and healthcare organizations subject to federal oversight.

That experience — seeing compliance from the assessor's perspective — shapes her advisory approach. She understands what auditors look for, where organizations typically underperform, and what separates documentation that reflects practice from documentation that exists only on paper.

Margaret's engagements focus on CMMC, FedRAMP, and HIPAA compliance frameworks, with particular expertise in helping organizations translate regulatory requirements into operational practices that their teams can actually sustain.

James has spent fifteen years developing and implementing cybersecurity strategies for defense contractors, critical infrastructure operators, and regulated industries. His work focuses on the intersection of security investment, regulatory compliance, and organizational capability — the point where strategy either becomes operational or remains aspirational.

Before joining Diriga Services, James led cybersecurity strategy engagements for a national consulting firm, where he observed that most security strategies fail not because of technical shortcomings but because of insufficient organizational commitment. That insight informs his approach: strategy development that accounts for what an organization can actually execute, not just what it should theoretically implement.

James's engagements result in security roadmaps that align investment with risk, meet regulatory obligations, and can be sustained by the organization's existing team with realistic resource allocations.