Background
Security executive.
Operator. Advisor.
I've spent twenty years at the intersection of enterprise security and commercial strategy — building practices, running businesses, and working with the CISOs and founders who are shaping how the industry evolves.
The work
I started in professional services, building and leading Accenture's security practice through a period when enterprise security was transitioning from compliance-driven checkbox work to something closer to a genuine business function. That meant working with the largest organizations in the world on the hardest integration problems — not just buying the right tools, but making them work together as a system.
From there I moved to Palo Alto Networks as SVP, where I saw the other side of the table: what it takes to build and sell a security platform at scale, how enterprise buyers actually make decisions, and where the gap between vendor promise and operational reality tends to show up.
Today I operate across several fronts. As CCO at Staris AI, I'm working to change how security teams think about continuous attack path validation — moving the industry away from point-in-time pentesting toward something that keeps pace with how environments actually change. As a board member at SDG, I'm involved in building the leading IAM managed services platform through both organic growth and acquisition. And through Passarel, my advisory practice, I work directly with CISOs and security founders on the decisions that don't fit neatly into a vendor pitch or an analyst report.
What I believe
Security breaks at the integration layer. The hardest problems aren't inside any single product — they're in the seams between them. Organizations that treat security as a portfolio of point solutions will keep losing ground to ones that build it as a system.
The hardest problems in security aren't technical. For operators, they're organizational — getting the right people, processes, and accountability structures in place. For founders, they're commercial — partners, distribution, timing, and knowing when to take money or sell.
Identity is the foundation. IAM done well is the difference between a security program that scales and one that collapses under its own complexity. Most organizations haven't done it well.
Discipline compounds. The organizations that get security right aren't the ones with the biggest budgets or the newest tools. They're the ones that do the fundamentals consistently — and build the operating discipline to make them stick.
Current roles
Continuous attack path validation for security teams that can't afford to wait for the next pentest to find out what's exposed.
Advising on go-to-market and CISO introductions for a leading IAM managed services practice building through organic growth and strategic acquisition.
Advising SRA leadership on go-to-market strategy and CISO relationship development as the firm scales its enterprise security practice.
Advisory practice built for CISOs and security founders who want a trusted advisor with direct operating experience and skin in the game.
Get in touch