About

Practitioner, not vendor.

Why GuardXID exists

I started GuardXID because most small and mid-size businesses are being asked to make AI decisions without operational guidance from people who actively run AI programs themselves.

At the same time, a lot of security and compliance consulting still revolves around selling platforms rather than helping businesses build operational discipline around the way those platforms are actually used.

Neither pattern works for the businesses I want to serve. Law firms, medical practices, CPA firms, ag businesses, and the operators in transportation, logistics, and construction don’t need slide decks. They need someone who is actively making AI and security decisions inside an institution, and brings that working pattern to their business at the right scale.

AI is moving fast, and the decisions it forces on your business move with it. One of the biggest reasons AI programs fail to pay off is that nobody owns them. At GuardXID, I own the decisions and the deliverables — the work that gets done here is the work I do.

The mission: GuardXID helps small and mid-size businesses use modern technology with discipline, security, and clear ownership. We turn scattered AI use, automation ideas, and compliance pressure into practical operating systems that protect sensitive data, support staff, and help the business move with confidence.

The vision: To make responsible technology adoption normal for small businesses — practical, secure, measurable, and owned by people who understand the cost of getting it wrong.

About me

I’m Nathan Francis, the founder and operator of GuardXID. I’m a Nebraska native, based in Lincoln.

I served twenty years in the U.S. Army and defense industry — in Special Operations as a Psychological Operations (PSYOP) sergeant, as a Combat Engineer, and later as a Senior Special Operations Planner. Four combat deployments between Iraq and Afghanistan taught me how to operate in environments where the cost of being wrong is high and the room for theatrics is zero.

Those experiences shaped how I think about risk, operational discipline, accountability, and the responsibility involved when a business trusts someone to help shape its AI or security program.

After the Army, I worked as a technologist with a regional outsourced-IT firm (a “managed service provider”), where I conducted networking and security for SMBs in the law, medical, financial, and agriculture sectors. That’s the work that taught me what an SMB actually looks like from the inside, what they can afford, what they can’t, what’s worth fixing first, and what most consultants miss because they’ve never sat across the table from a managing partner who’s trying to decide between hiring an associate and hiring me.

I hold a BS in Strategic Studies and Defense Analysis from Norwich University and an MS in Cybersecurity from Bellevue University. The credentials list at the end of this page covers the technical certifications.

Today, I run GuardXID and serve as AI Program Lead at the University of Nebraska College of Law — the institutional work I describe in the next section.

The live laboratory

The single thing that separates GuardXID from most AI consultancies is that I’m not just teaching about AI governance — the written rules, roles, and oversight for how a business uses AI. I’m actively running a program.

At the University of Nebraska College of Law, I run the AI program day to day:

  • Chair the AI committee
  • Develop and maintain the governance documents the institution operates under
  • Maintain the risk assessment
  • Manage the rollout of AI licenses to faculty and staff
  • Run the tool inventory that keeps the program coherent as new platforms appear and old ones change

I also work daily on AI use cases, automations, workflows, and AI agents — tools that carry out multi-step tasks on their own — built for specific duties.

That work is the live laboratory. Frameworks I teach in a workshop have been pressure-tested in an institution where the cost of getting AI governance wrong is real. Every document I deliver in an Assessment is a refined version of work I’ve already done at scale. When I tell a business that the free version of an AI tool trains on their data and the enterprise version doesn’t, I’m not reciting a slide. I’m telling them something I’ve personally written into policy at an institution that protects privileged communications.

This is the difference between a consultant who studied the topic and a practitioner who lives it.

Practitioner across all four major business AI platforms

Most consultants specialize in one platform. I work across all four in active operational environments:

  • Microsoft 365 Copilot — I lead the AI program around an institutional-scale deployment: 30+ paid Copilot licenses and 450+ users on the free chat version, plus the governance and policy controls I write around them (the tenant itself is run by central IT)
  • ChatGPT Business — GuardXID runs its own paid licenses; I know the difference between business plans and personal paid plans firsthand — and why it matters for your data
  • Anthropic Claude — the AI tool I rely on most for sustained complex work, including substantial portions of this website
  • Google Gemini Enterprise — current tester through the University of Nebraska, evaluating Google’s enterprise AI platform

When I help you decide which platform fits your business, or how to better use what you’ve already selected, I’m comparing tools I work with daily. When the AI vendor market shifts, I see the shift from inside the platforms — not from a press release.

Why this matters for your business

You’re a small or mid-size business. AI is already in your operations whether you planned for it or not. Your team is using ChatGPT, your software vendors are adding AI features, and someone in your business — maybe you — has been quietly handed responsibility for figuring out what to do about it.

You don’t need a pitch deck. You need someone who has been in your seat, on a smaller scale and a larger one, and who can tell you which decisions matter, which ones don’t, and how to build a program that holds up over time.

That’s what GuardXID is built to be. Everything GuardXID sells — training, assessments, automation, fractional work (part-time, ongoing advisory), compliance — draws from the same daily practice.

Credentials

Military & operational background
20+ years across military, defense, and security environments including Special Operations, Psychological Operations, Information Warfare, and Combat Engineer roles. Purple Heart recipient, four Bronze Stars, former Top Secret (TS-SCI) security clearance holder, and graduate of multiple military leadership and operational planning programs including the Sapper Leader Course, Special Forces Network Development Course, and Cyberwarfare Operational Planners Course.

Education

  • MS, Cybersecurity — Bellevue University
  • BS, Strategic Studies and Defense Analysis — Norwich University
  • Certificate, CASP+ Pathway (CompTIA Advanced Security Practitioner), Syracuse University
  • Certificate, Cyber Foundations, UMBC (University of Maryland, Baltimore County)
  • Certificate, Generative AI Prompting, UNL
  • Certificate, Generative AI Automation, UNL (in progress)

Certifications

  • EC-Council CEH (Certified Ethical Hacker)
  • CySA+ (CompTIA Cybersecurity Analyst)
  • CompTIA networking, security, and hardware certifications (Net+, Sec+, A+, ITF+)
  • Linux Essentials (Linux Professional Institute)
  • CompTIA Secure Infrastructure Specialist

Current institutional role AI Program Lead and Chair of the Staff AI Committee — University of Nebraska College of Law

Partnerships Vanta (compliance automation platform) verified partner · NordStellar (threat intelligence and continuous monitoring platform) verified partner

The boundary: I assess the container, not the contents

GuardXID examines who has access to AI tools and what those tools can reach inside your business. I do not read your client files, patient records, or matter documents. This is what makes the work appropriate for law firms, medical practices, and any business where the contents of the work are protected by professional duty.

Want to talk?

A free consultation is the right place to start. We'll figure out what you have, what's missing, and whether GuardXID is the right partner for what you need. No pitch.

Book a free consultation