I help technology leaders design and build their AI security capability.
I ship AI-security tooling in public — including tachi, an AI security tool that detects OWASP LLM Top 10 vulnerabilities in agentic architectures — and created the AOD methodology that guides how it's built. I also mentor security and technology leaders through weekly 1:1 sessions.
Services
Two Ways to Build Your AI Security Program
Plenty of advisors will assess your AI risk and hand you a roadmap. Few stay for the build — I do. One offer builds that program with your organization; the other — weekly mentoring — is for the leader carrying the risk personally.
A scoped engagement that takes your organization from AI risk assessment through a roadmap to a working AI security program — anchored to NIST AI RMF, the OWASP LLM Top 10, and ISO 42001.
CTOs, CISOs, and VP-Engineering leaders whose organization is adopting AI faster than it can secure itRecurring weekly 1:1 sessions, application-based, focused on AI governance, board-level pressure, and building your security program.
Individual security and technology leaders who want a mentor, not another vendor engagementProof
Built in Public
I don't just advise on AI security — I build it in the open. Every claim below is one click from its living source.
I formalized the paradigm — a published, living book on building software with AI agents.
I shipped it as open-source tooling — triad governance, a six-stage lifecycle, and security scanning teams run today.
I built the AI-security tool — a threat-modeling and AI-reasoning vulnerability-detection harness for agentic systems (STRIDE + AI + MAESTRO).
80 GitHub stars as of Jul 8, 2026
Grounded in the frameworks that matter
Writing & talks
What's next
I'm currently writing my second book, on securing agentic systems.
Ready to put this to work on your AI security program?
Book an intro callPracticing Agentic AI Security

I help organizations build security programs, ship secure AI products, and turn cybersecurity from a cost center into a competitive advantage.
My practice sits at the intersection of three disciplines most consultancies treat separately: agentic AI development, cybersecurity leadership, and product management. I bring all three to every engagement because the hardest security problems today live at those boundaries.
Agentic AI & AI Security— I don't just assess AI risk — I build agentic AI systems and ship them in public. I've built tachi, an AI security tool that detects OWASP LLM Top 10 vulnerabilities in agentic architectures, and I created AOD (Agentic-Oriented Development), a governance methodology for building software with AI agents. I also design AI governance programs grounded in NIST AI RMF. When I advise on AI security, it's from the perspective of someone who writes the code, not just the policy.
Cybersecurity & Risk— I've built and scaled security programs for Fortune 500 enterprises, state government, and startups. Enterprise AppSec programs that cut critical vulnerabilities by 75%. Cloud security functions built from zero with $6M+ in funding. Secure development practices adopted by 4,000+ engineers. Compliance and governance across 160 agencies managing $131B+ in annual spend. I build programs that survive the leader who built them.
Product Security & Engineering — I lead like a product manager, not just a security executive. DevSecOps transformations that reduced deployment times by 92%. Identity platforms consolidated from 40 systems to one, serving 4 million customers. I think in roadmaps, customer outcomes, and engineering velocity — not just controls and audit findings.
Previous clients include Fortune 500 financial services, insurance, and technology companies. I'm a published thought leader on agentic development, a recognized voice in cybersecurity, and an active builder — not a slide deck consultant.
By the Numbers
- 75%
- cut in critical vulnerabilities across enterprise AppSec programs
- $6M+
- in funding for cloud security functions built from zero
- 4,000+
- engineers who adopted the secure development practices I shipped
- $131B+
- in annual spend overseen across 160 agencies
- 92%
- faster deployments after the DevSecOps transformations I led
- 4M
- customers served by identity platforms I consolidated from 40 systems to one
Contact
Get in Touch
Whether you want to design and build your organization's AI security capability or you're looking for weekly 1:1 mentoring, the fastest way to start is a short intro call — no pitch, just a conversation about where you are. Prefer email? There's a short form below. I read every message myself and reply within one business day. All inquiries are confidential.