Advisory
The Problem
Your organization is deploying AI agents, or your competitors are. Your GRC program was built for a world where humans made every consequential decision. It doesn't cover autonomous systems that can exceed scope, lose context, access sensitive data, and take action without human review.
EU AI Act enforcement hits August 2026. OWASP published the Agentic Top 10 in December 2025. Your board is asking questions your team can't answer yet.
That's where I come in.
What I Bring
Thirty years of hands-on enterprise security: architecture, risk assessments, maturity models, framework alignments, incident response, and program implementation. Leadership experience includes global advisory practices at NTT, CISO/CIO roles in financial services, and executive engagement with boards across healthcare, financial services, and critical infrastructure.
And something most security advisors can't offer: over the past year, I've been building agentic systems myself, writing workflows, constructing governance primitives, working daily in Claude Code and Codex. I know what happens when an agent exceeds its delegation scope not because I read about it, but because I watched it happen in my own pipelines. AGF didn't come from a committee. It came from building.
How I Engage
Agentic AI Governance
Governance design for autonomous systems: trust models, identity and delegation, escalation policies, runtime policy enforcement, and compliance mapping; grounded in the Agentic Governance Framework (AGF). If you're deploying agents and don't know what your risk posture looks like, this is where we start.
Enterprise Security Advisory
Security architecture reviews, risk and control assessments, maturity models, framework alignments (NIST CSF, ISO 27001, HIPAA, SOC 2), and security program strategy. The same work I've done for decades, now informed by what AI changes about the threat landscape.
Enablement & Practice Development
Security enablement programs for field sales and engineering teams, community of practice development, methodology design, and go-to-market strategy for security services. Building the programs that make other people more effective has always been the most rewarding work I do.
Strategy & Executive Advisory
Board-level security advisory, security investment justification, organizational design, and strategic planning. I've sat across from CISOs and boards during a breach and I know what holds up under pressure and what doesn't.
Speaking
Enterprise security architecture, AI governance, the intersection of traditional security disciplines with autonomous systems, and what the OWASP Agentic Top 10 means for your GRC program.
Best Fit
Organizations that need security leadership depth: whether that's maturing a security program, aligning to compliance frameworks, building out a security practice, or figuring out what governing AI agents actually looks like in practice.
I work with enterprise security teams, CISOs, and leadership who want a practitioner's perspective; someone who's built the systems, not just reviewed the slides.
Start a Conversation
If you're working through a security challenge or trying to figure out what AI governance means for your organization, I'm happy to talk. I can usually tell you pretty quickly if there's a fit.