Over a decade of enterprise security leadership. I chaired AI governance across 50+ models and agentic systems, built security programs at Fortune 500 companies, and created the ACR Standard — an enforcement architecture for runtime AI control. Three published books. Having built these programs from the inside, I now focus on thought leadership, advisory, and speaking — bringing an operator's perspective to the governance and security challenges most organizations are navigating for the first time.
10+
Years Security
Leadership
50+
AI Models & Agents
Governed
Chair
AI Governance
Committee
3
Books
Published
Leadership Experience
AI Governance — Committee Chair
Built an enterprise AI governance program from first principles — committee charter, policy architecture, risk classification, and a runtime enforcement pipeline covering 50+ AI models and agentic systems. Aligned to ISO/IEC 42001 and NIST AI RMF. This is not a review board. It is an operating governance function with enforcement authority.
Enterprise Security Operations
Designed and operated enterprise security programs end-to-end across Fortune 500 and high-growth technology companies — vulnerability management, incident response, risk architecture, security engineering, and executive reporting. Operated in environments where security decisions carry direct operational, regulatory, and reputational consequence.
Risk Architecture & Compliance
Stood up risk programs across regulated and high-velocity environments. Built control frameworks that bridge security engineering and executive accountability — giving boards and leadership verifiable evidence of control, not dashboards and assumptions.
Published Author & Industry Speaker
Author of The ABCs of Agentic AI and other published works on security and governance. Speaks at industry events on runtime AI governance, agentic AI control, and enterprise security program design. Translates operational experience into frameworks other practitioners can use.
Enterprise Experience
AI Governance Operating Philosophy
Governance is an operational control problem — not a policy-writing exercise.
Most organizations treat AI governance as documentation. They draft acceptable use policies, stand up review committees, and create risk registers. That work matters — but it is not governance. Governance means enforcement. It means controls that execute at runtime, evidence that proves compliance under audit, and containment that limits blast radius when systems fail.
I approach AI governance the same way I approach security: as infrastructure that has to work in production, not just exist in a policy library. The question is never “do we have a governance framework?” It is “can we prove, right now, that our AI systems are operating within their approved boundaries?”
Governance must enforce, not just document
Policies without runtime controls are suggestions. Controls must execute at the point of decision.
Evidence over assumptions
Executives need proof of control, not attestation. Every governed system must produce verifiable evidence.
Human authority is non-negotiable
Autonomous systems must operate under human oversight. Escalation paths, override capabilities, and kill switches are architectural requirements.
Containment before deployment
Blast radius must be defined and enforced before any AI system touches production data or makes real-world decisions.
What I Created
The ACR Standard
The ACR Standard is the runtime control standard for agentic AI. It defines the mandatory control plane through which protected AI actions must pass before execution — enforcing identity, purpose, policy, risk, and human authority in real time.
I created the ACR Standard to solve the problem most governance frameworks avoid: how do you enforce control over AI systems that act independently, at speed, with real-world permissions, across infrastructure you partially own? It codifies what I learned governing AI in production — trust paths, containment boundaries, human authority checkpoints, and evidence mechanisms that prove compliance under audit.
ACR is not a maturity model or a checklist. It is an enforcement architecture — built from direct operating experience, not academic abstraction. Start with runtime enforcement, prove it works under audit, and make human authority non-negotiable.
Areas of Expertise
The domains where I've built programs, published frameworks, and continue to lead the conversation.
AI Governance Program Design
Committee structure, policy architecture, model risk classification, runtime enforcement strategy, and compliance alignment to ISO 42001 and NIST AI RMF — built from direct program leadership.
Security & Risk Architecture
Enterprise security programs, trust frameworks, risk architecture, and executive reporting. A decade of hands-on leadership across Fortune 500 and high-growth environments.
Agentic AI Control Architecture
Containment boundaries, blast radius limits, human authority checkpoints, and trust path design for autonomous systems — the problem the ACR Standard was built to solve.
Board & Executive Accountability
Governance structures that give leadership verifiable oversight — enforceable audit trails, evidence of control, and risk reporting that boards can act on.
Credentials & Education
Certifications
Education
M.S. Cybersecurity
Concentration in Cyber Operations
B.S. Computer Science
Publications
Author of The ABCs of Agentic AI and other published works. Created the ACR Standard for runtime AI governance.
Connect
Selectively available for advisory, board briefings, and speaking.