About

Security leadership that speaks human.

I'm Carrie Muthee, MSIA, CISSP; a security and GRC leader based in the Pacific Northwest. I founded Ariadne (Air-Eee-Add-Nee) Advisory to bring security expertise to small to mid-size businesses that need it most: organizations building real things, serving real clients, under real compliance pressure.

My background spans identity and access management, governance, risk, AI governance, and compliance program design at organizations including U.S. Bank, Puget Sound Energy and Seattle Public Schools. I specialize in translating complex regulatory requirements into practical programs that non-technical stakeholders can actually use, and that auditors can actually validate.

I believe security is fundamentally a human problem. The best technology stack in the world won't protect you if your people don't understand the risks. My approach combines rigorous technical expertise with a deep commitment to building cultures where security is understood, not just mandated.

Credentials & Expertise

  • Masters of Science in Information Assurance

  • Certified Information Systems Security Professional (CISSP)

  • Governance, Risk & Compliance - 15+ Years

  • Identity & Access Management architecture and design

  • Responsible AI Governance and Policy Frameworks

Diagnostic work. Opinionated findings. Concrete next steps.

Every engagement starts with what is actually happening in your environment — not a framework checklist. The deliverable is a ranked set of risks: what is one incident away from breaking the business, and what to fix first.

Compliance is finished when the next questionnaire lands and you answer it without panic — not when you sign off on a report.

Work Together
Frameworks Covered
Clients Served
Entry Point

HIPAA · SOC 2 · NIST CSF · Cyber Insurance

10 – 200 person companies across North America

One scoped engagement. No retainer required to start.

Each framework treated as a live operational requirement — not a one-time audit artifact.

Founders, ops leaders, and finance teams who own security by default — not by choice.

The Security Health Check is a fixed-fee first step — findings in hand before any longer commitment.

Ariadne Advisory

(C) 2026 Ariadne Advisory-Independent practice.

Discover. Assess. GUIDE.

Threading businesses through the Information Security & Compliance maze — without the enterprise budget.

Start the Conversation