Fractional CISO and AI governance advisory for FinTech and crypto companies preparing for what's next — a fundraise, an audit, a regulatory exam, or a public listing.
Former CISO at Bitcoin Depot (NASDAQ: BTM). 25+ years in FinTech, payments, and digital assets. Advisor to companies navigating SOC 2, PCI DSS, NYDFS Part 500, and SEC cybersecurity disclosure.
Most Series B investors have seen a SOC 2 report before. What they haven't seen is a CEO who can confidently answer:
“What's your process if your custody provider halts withdrawals?”
“Who gets called at 2am when you detect a breach 6 weeks before your fundraise?”
“How does your board actually oversee AI risk?”
The companies that pass these questions cold have something most Seed–Series B companies don't: a security program built by someone who's sat in the CISO chair through a public listing.
That doesn't mean hiring a full-time CISO at $350K + equity. It means hiring the right expertise for the stage you're in.
Ongoing security leadership for companies that need a CISO, not a consultant. Board reporting, audit management, incident response, and regulatory relationships.
A 90–120 day sprint to build a security and compliance program that passes investor diligence and external audit. Not a checkbox exercise — a real program.
A 30–45 day build of an AI governance program aligned with NIST AI RMF and emerging SEC/FTC guidance. For companies adopting AI before regulators force their hand.
High-intensity, time-bounded support for M&A transactions, fundraising rounds, or SPAC processes where security is a diligence workstream.
Not ready for a full retainer? Join a small group of FinTech and crypto leaders for twice-monthly advisory calls, a private community, and access to our Operator's Vault.
We work with 2–3 companies at a time. That's intentional. Security leadership doesn't scale through playbooks — it scales through judgment.
20–150 employees. One or zero security hires. A hard deadline.
If that's you, we should talk.
I've been on both sides of the diligence table.
As CISO at Bitcoin Depot, I led the security program through a SPAC transaction, Nasdaq listing, and multiple SOC 2 and PCI DSS audits. I know what institutional investors ask. I know what regulators actually look for. I know the difference between a policy that passes an audit and a program that survives scrutiny under pressure.
Before Bitcoin Depot, I spent 20+ years in FinTech and payments — including SVP roles at Cardtronics and security leadership at multiple financial services companies.
Now I work with a small number of companies at a time as their fractional CISO. I don't install firewalls. I don't run pen tests. I do the things that keep CEOs and CFOs awake at night.
The 5 areas that generate the most friction in Series B security diligence — and how to find the gaps before your investor does.
Based on 20+ investor diligence calls and the security program that took Bitcoin Depot public.