Roles, scope, and outcomes from 21+ years of building security and platform programs in regulated, high-growth environments.
2021 - Present
SavvyMoney
Lead the information security and DevOps functions for SavvyMoney, a fintech platform serving 1,500+ financial institutions. Built and matured a program scoring above the industry average on the NIST Cybersecurity Framework, sustained through SOC 2 Type II attestation, a CSA STAR Level II continuous-audit posture, and HITRUST r2. Designed a multi-region cloud architecture with warm-standby failover for business continuity, drove security-operations automation to reallocate the team toward higher-judgment work, and established a recurring threat-intelligence program that turned security into a relationship and sales asset. Currently building AI governance frameworks for financial services — the controls layer for automated decision-making, from audit trails to the boundary between outputs a system can act on and those that require a human first.
2021 - Present
SavvyMoney
Lead the information security and DevOps functions for SavvyMoney, a fintech platform serving 1,500+ financial institutions. Built and matured a program scoring above the industry average on the NIST Cybersecurity Framework, sustained through SOC 2 Type II attestation, a CSA STAR Level II continuous-audit posture, and HITRUST r2. Designed a multi-region cloud architecture with warm-standby failover for business continuity, drove security-operations automation to reallocate the team toward higher-judgment work, and established a recurring threat-intelligence program that turned security into a relationship and sales asset. Currently building AI governance frameworks for financial services — the controls layer for automated decision-making, from audit trails to the boundary between outputs a system can act on and those that require a human first.
2019 - 2021
Altais
Led technology and information security for a healthcare organization, owning both the security program and the platform and infrastructure underneath it.
2019 - 2021
Altais
Led technology and information security for a healthcare organization, owning both the security program and the platform and infrastructure underneath it.
2018 - 2019
Xolv Technology Solutions
Owned the information security and infrastructure functions, responsible for the security program and the systems and cloud environment that ran the business.
2018 - 2019
Xolv Technology Solutions
Owned the information security and infrastructure functions, responsible for the security program and the systems and cloud environment that ran the business.
2016 - 2018
Easterseals Northern California
Led information security and infrastructure, having grown into the role from running cloud operations.
2016 - 2018
Easterseals Northern California
Led information security and infrastructure, having grown into the role from running cloud operations.
2015 - 2016
Captricity
Directed the information security function, responsible for the security program and its controls.
2015 - 2016
Captricity
Directed the information security function, responsible for the security program and its controls.
2013 - 2015
Starwood Waypoint Residential Trust
Directed the infrastructure function, responsible for the systems, networks, and cloud environment behind the business.
2013 - 2015
Starwood Waypoint Residential Trust
Directed the infrastructure function, responsible for the systems, networks, and cloud environment behind the business.
Built the program so its maturity could be demonstrated up front — external attestations, a documented control environment, and a recurring intelligence offering — turning security from a deal-blocker into part of the pitch.
Automated the repetitive core of security operations — scheduled, structured operational briefings — so humans review the exceptions and machines handle the recurring work.
Moved from point-in-time certification to a continuous-assurance model — SOC 2 Type II, a CSA STAR Level II continuous-audit posture, and a NIST CSF maturity program scored above the industry average.
Architected a multi-region cloud environment with a warm-standby region ready to take over, balancing the cost of redundancy against the cost of downtime.
Treated AI security as a multi-year strategic track — tracking how offensive capabilities evolve, evaluating defensive tooling, and building governance for AI-driven decisions where fairness and explainability matter.
This site uses only first-party, functional browser storage — to remember your theme, save your AskMichael chat feedback, and record this choice. No analytics, advertising, or third-party tracking. Privacy Policy
