The person behind the practice.
I'm Jacob Lehnert — founder of Lehnert Consulting, and for over a decade before that, the person organizations called when technology was on fire or about to be.
I've spent my career inside the Microsoft ecosystem: architecting M365 and Azure environments, leading SOC 2, HITRUST, and CMMC efforts, running post-breach response and forensics, and advising executives at organizations from two employees to more than a thousand. I've seen what security looks like when it's done as an afterthought, and what it costs — in dollars, in trust, and occasionally in businesses that don't survive the incident.
That's the short version of why this practice exists.
What I believe about your data
Somewhere along the way, the industry decided that other people's data is a resource to be extracted. I think that's wrong — not naively, but professionally. Data is something organizations hold in trust. The businesses that internalize that build customer relationships that survive audits, breaches, and headlines. The ones that don't are borrowing against a bill that always comes due.
You can see this conviction in small places. This website sets no cookies, runs no analytics, loads nothing from a third party, and honors every visitor's privacy whether their browser asks for it or not. Not because a regulation demanded it — because it's how I think the web should work, and I'd rather demonstrate it than just advise it.
Why I run my own AI
I advise organizations on responsible AI adoption — and I hold myself to the standard I recommend. The AI I use daily runs on hardware I own, on models I host locally. My prompts, my documents, and my clients' context never leave equipment under my control.
That's not a rejection of cloud AI, which is the right answer for plenty of organizations. It's proof of an alternative most businesses don't realize is within reach: capable, private, self-hosted AI on hardware you own — no per-token metering, no data leaving your walls, no terms-of-service drift deciding what happens to your information next quarter. When I design a private AI deployment for a client, it's the same architecture I trust with my own work.
Why fractional
Most organizations under $100M don't need — and can't justify — a full-time CISO or CTO. What they need is the judgment: someone who has made these decisions before, sitting at the table when the decisions get made. Fractional leadership exists to close that gap honestly. You get the experience without the salary, and I get to do the work I'm best at across organizations where it genuinely moves the needle.
I don't do drive-by assessments that end in a PDF nobody reads. I take on engagements where leadership actually wants to get better, and I stay accountable to outcomes.
Off the clock, I'm usually deep in the homelab — testing the next model release, breaking things on purpose, and occasionally winning. If you want to talk strategy, security, or why your AI deployment should live on your own hardware, the door is open.