I started running production systems in 1992. I deployed my latest AI agent pipeline last month.
That sentence is the whole pitch. Longevity in this field only matters if it comes with currency, so here's the current state: I lead Information Security & Compliance at an enterprise AI technology company, where I own SOC 2 and HIPAA readiness, security architecture, and a physical infrastructure footprint that grew from half a rack to six racks of GPU compute under my design — now migrating into a private suite built for up to eleven. The fleet self-heals; production systems in it have run over 1,450 consecutive days without unplanned downtime.
I ran a technology consultancy for nearly three decades — Indigo Productions, which I co-founded in 1992 — serving Chicagoland businesses across every layer of the stack: networks, servers, security, and the business systems on top of them. Along the way I managed over $70M in client IT budgets and built software where the market had none, including InfoExchange, one of the first CRM-style applications that let construction companies securely exchange CAD files with their partners. Consulting for that long teaches you something a corporate ladder can't: every client is a new company, a new threat model, a new budget constraint. I've effectively done a hundred first-90-days.
Compliance frameworks describe outcomes; engineers deliver them. The industry's biggest gap is between the people who write policies and the people who implement controls — most organizations pay two salaries and still get finger-pointing. My entire career is that gap, closed. When I write an access-control policy, I also write the automation that enforces it. When an auditor asks how a control works, I can show them the code.
Alongside my security work, I co-founded and run Mad Monkey Creative LLC — seven live brands across e-commerce, software, music, and education. Fair question: how? The honest answer is that they're the proving ground for my automation philosophy. The portfolio runs on systems I built — automated fulfillment, AI-assisted content pipelines, self-monitoring infrastructure — and demands hours a week, not days. I don't run seven businesses; I run one automation platform with seven storefronts. Everything I recommend to clients, I've stress-tested on my own P&L first.
I build AI-integrated systems and operate AI infrastructure, but I'm not an AI author. AI shows up in my work as an integrated component in shipping products (the self-healing remediation agent in the ITSM platform; an event-log pipeline that analyzes logs and opens its own tickets; a multi-agent layer coordinating my own applications and brands) and as a tool in my own development workflow. The judgment calls, architecture decisions, and product direction are mine. I'm interested in using AI to make systems that work better — not to make things that look technical.
I'm a practitioner first. My formal training includes cybersecurity studies at Northwestern University (bootcamp certificate program with Security+, 2021) and electrical-engineering coursework at DeVry University — but my real education was three decades of production systems, client audits, and 2 a.m. incident calls. I've also taught: after the Northwestern program I was invited back as a paid senior tutor and cybersecurity mentor (2020–2021), guiding career-changers through Security+, CISSP preparation, and security architecture — which sharpened my ability to explain security to non-specialists, a skill I now use with boards and executives. I hold CompTIA Security+; CISSP is in progress.
SOC 2 Type 2, HIPAA, GDPR, ISO 27001-aligned controls. Risk assessments, vulnerability management, SIEM deployment, incident response, security awareness training, penetration testing coordination, Zero Trust / ZTNA architecture, PAM / MFA / endpoint security, policy development, audit coordination.
Production GPU/CPU compute at scale. Owned the multi-year buildout from half a rack to six full colocation racks and into a private suite (~$5M of AI infrastructure; ~2,900 CPU cores, ~34 TB RAM, A100/B300-class GPUs, 48 VMs across 35 hosts), now expanding toward eleven racks. Co-architecting a second hot-hot facility connected over dark fiber for active-active workload distribution and DR. Spine & leaf BGP fabrics, network segmentation, NFS/SMB/iSCSI storage, Proxmox/VMware virtualization, HA design.
Full-stack development from PRD to production deployment, with AI integration baked in. I define the product, design the data model, write the API and the frontend, ship it, and own the infrastructure it runs on. Multiple shipped SaaS platforms plus a dozen-plus internal tools — from a recipe-scheduling SaaS to a full enterprise ITSM platform.
IT department leadership, vendor management, technical project leadership, budget oversight ($70M+ across career), operational scaling, cross-functional leadership, business technology strategy. 30 years running a technology consultancy serving small and mid-sized organizations.
Senior tutor and cybersecurity mentor at Trilogy Educational Services (2020–2021), guiding students through Security+, CISSP preparation, penetration testing, security architecture, compliance frameworks, and threat analysis. One-on-one instruction for career-changers entering cybersecurity.
Self-healing applications built with scripting and AI — systems that detect, diagnose, and recover from their own faults. Plus a production multi-agent layer coordinating specialized agents across my own applications and brands: durable session memory, vault-based handoff, cross-host execution, scheduled routines, browser automation, custom skill library. AI is a tool I architect with — not a marketing line.
Available for fractional CISO/CIO engagements and board-level advisory — and full-time security & compliance leadership, for the right company.