About

Why GuardXID exists

I started GuardXID because most small and mid-size businesses are getting AI advice from people who watched videos last quarter and security advice from vendors selling the platform they happen to resell.

Neither pattern works for the businesses I want to serve. Law firms, medical practices, CPA firms, ag businesses, and the operators in transportation, logistics, and construction don’t need slide decks. They need someone who is actively making AI and security decisions inside an institution, and brings that working pattern to their business at the right scale.

AI is moving fast, and decisions affecting AI in your business need to be agile. The work that gets done at GuardXID is the work I do. One of the biggest reasons AI programs fail to make an organization money is lack of ownership and responsibility. At GuardXID I own these decisions and deliverables. The credibility behind every claim on this site is verifiable: ask me about the AI committee I chair, the governance documents we ship, the Vanta partnership, or any of the credentials below. Every one of them earns its place.

About me

I’m Nathan Francis, the founder and operator of GuardXID. I’m a Nebraska native, based in Lincoln.

I served twenty years in the U.S. Army, most of it in Special Operations as a PSYOP non-commissioned officer, and Combat Engineer. The work taught me how to operate in environments where the cost of being wrong is high and the room for theatrics is zero. I came home with a Purple Heart, four Bronze Stars, and a former TS-SCI clearance. I don’t lead with these things in conversation, they’re earned credentials, not marketing material. However, they’re part of how I think about risk, discipline, and the duty I take on when a business hires me to develop their AI or security program.

After the Army, I worked as a technologist with a regional managed service provider, where I conducted networking and security for SMBs in the law, medical, financial, and agriculture sectors. That’s the work that taught me what an SMB actually looks like from the inside, what they can afford, what they can’t, what’s worth fixing first, and what most consultants miss because they’ve never sat across the table from a managing partner who’s trying to decide between hiring an associate and hiring me.

I hold a BS in Strategic Studies and Defense Analysis from Norwich University and an MS in Cybersecurity from Bellevue University. The credentials list at the end of this page covers the technical certifications.

Today, I run GuardXID and serve as AI Program Lead at the University of Nebraska College of Law - the institutional work I describe in the next section.

The live laboratory

The single thing that separates GuardXID from most AI consultancies is that I’m not just teaching about AI governance. I’m actively running a program.

At the University of Nebraska College of Law, I chair the AI committee, develop and maintain the governance documents the institution operates under, maintain the risk assessment, manage the rollout of AI licenses to faculty and staff, and run the tool inventory that keeps the program coherent as new platforms appear and old ones change.

That work is the live laboratory. Frameworks I teach in a workshop have been pressure-tested in an institution where the cost of getting AI governance wrong is real. Every document I deliver in an Assessment is a refined version of work I’ve already done at scale. When I tell a business that the free version of an AI tool trains on their data and the enterprise version doesn’t, I’m not reciting a slide, I’m telling them something I’ve personally written into policy at an institution that protects privileged communications.

This is the difference between a consultant who studied the topic and a practitioner who lives it. The College of Law role is not the headline of GuardXID, but it’s the foundation and experience under the AI program that GuardXID sells.

Why this matters for your business

You’re a small or mid-size business. AI is already in your operations whether you planned for it or not. Your team is using ChatGPT, your software vendors are adding AI features, and someone in your business — maybe you — has been quietly handed responsibility for figuring out what to do about it.

You don’t need a pitch deck. You need someone who has been in your seat, on a smaller scale and a larger one, and who can tell you which decisions matter, which ones don’t, and how to build a program that holds up over time.

That’s what GuardXID is built to be. The training, the assessments, the fractional engagements, and the compliance work all draw from the same underlying practice: AI governance and identity security as ongoing disciplines, run by someone who treats them as such.

Credentials

Military 25+ years of military, defense, and security experience. U.S. Army Special Operations veteran, PSYOP and Combat Engineer. Purple Heart. Four Bronze Stars. Former TS-SCI clearance. Graduate of: Sapper Leader Course, Special Forces Network Developmnt Course, Naval Special Warfare Intel Team Training, Military Deception Planners Course, Cyberwarfare Operational Planner Course, Battle Staff NCO Course, many more.

Education

BS, Strategic Studies and Defense Analysis - Norwich University
MS, Cybersecurity - Bellevue University
Certificate, CASP+ Pathway, Syracuse University
Certificate, Cyber Foundations, University of Maryland Baltimore Campus
Certificate, Generative AI Prompting, UNL

Certifications

EC-Council CEH (Certified Ethical Hacker)
CySA+ (CompTIA Cybersecurity Analyst)
Net+, Sec+, A+, ITF+ (CompTIA)
Linux Essentials (Linux Professional Institute)
CompTIA Secure Infrastructure Specialist

Current institutional role AI Program Lead and Chair of the AI Committee - University of Nebraska College of Law

Partnerships Vanta verified partner · Nordstellar verified partner

The boundary: I assess the container, not the contents