Services

AI Security Strategist

Fractional AI security leadership. Most AI strategists don't have security depth. Most security leaders don't build agentic systems. 25 years of offensive security practice, 10+ production AI systems shipped.

Why This Engagement Exists

Companies hiring AI strategists are finding the same gap: candidates who understand agentic architectures but have never run a security program, or security leaders who talk about AI but have never shipped a production system.

The market is pricing this at $350K+ full-time. For most organizations, the need is real but the full-time headcount isn't justified yet. I do this work on a fractional basis: embedded with your security leadership and engineering teams, building production systems.

How I Operate

  • Find and prioritize where AI and agentic systems actually improve security operations and adjacent business functions. Measurable outcomes, not slide decks
  • Assess AI maturity using structured frameworks. Identify gaps in agentic capability, governance, and infrastructure. Deliver improvement roadmaps your team can execute
  • Design reference architectures for agentic security systems: multi-agent patterns, human-in-the-loop controls calibrated to your risk profile, vendor-independent platform design
  • Hands-on proof-of-value delivery. AI modeling and agentic implementation for security use cases, from concept to production on compressed timelines
  • Establish AI governance standards: model development and deployment practices, decision audit trails, data privacy controls, model provenance
  • Train your team to own and extend everything I build. Embedded knowledge transfer, not a black box handoff
  • Evaluate AI technology posture for strategic decisions, including due diligence on AI capabilities, technical debt, and readiness for agentic adoption

Engagement Model

Most engagements start with an AI maturity assessment: where your security program benefits from AI, where your current AI systems carry risk, and how ready your infrastructure and teams are for agentic adoption. That assessment is a deliverable on its own, with a scored evaluation and an improvement roadmap your team can execute independently.

From there, the work takes one of several forms. Fractional embedded leadership: I work alongside your security and engineering teams building production systems, standing up governance, and transferring the capability. Targeted engagements scoped to a specific need: align with NIST AI RMF, design an AI governance program, map agentic systems against MITRE ATLAS, or build reference architectures for your agentic security platform. Due diligence: evaluate AI technology posture, technical debt, and agentic readiness for investment or acquisition decisions.

Who This Is For

  • CISOs evaluating AI risk across their organization or standing up AI governance programs
  • Engineering leaders building AI-powered products who need security in the room, not bolted on after
  • Companies adopting agentic systems without the in-house expertise to secure them
  • Private equity and portfolio leadership assessing AI maturity, technical debt, or agentic readiness across investments

Portfolio

Production AI Systems I've Built

MoE OSINT Researcher

Mixture-of-experts architecture combining local LLMs, browser automation, and multi-modal analysis for automated intelligence gathering. Confidence scoring, multi-phase verification, and structured output.

Threat Intelligence System

Four-phase automated threat landscape review: CISA KEV ingestion, threat actor attribution by industry vertical, detection gap correlation against Nuclei templates, and multi-factor CVE scoring. Evolved from a single skill to a 3-skill architecture in 10 days.

ROI Reporting Pipeline

Automated board-level report generation pulling live platform data and benchmarking against IBM Cost of a Data Breach, Verizon DBIR, and FAIR Institute frameworks. 3,500 lines of production code, shipped in 6 days.

Media Intelligence Platform

Full-stack platform using cloud LLMs for news ingestion at scale, entity extraction, media classification, and conversational AI agents for narrative intelligence and competitive benchmarking.

Business Intelligence Analytics

Direct data pulling and analysis bypassing traditional enterprise analytics teams. 10 hours of focused work replacing what would have been 10 weeks of organizational negotiation.

Rationalization Guardrails

Anti-pattern framework preventing AI agents from rationalizing their way out of necessary tasks. 6 documented failure patterns with 13 counters, born from real production incidents.

Four of these were built at Praetorian. Read the full story →

Frequently Asked Questions

What does a fractional AI security strategist do?

I work part-time inside your org instead of full-time. Same senior leadership, scoped to what you actually need right now.

When do you need a fractional AI security strategist instead of a full-time hire?

When you need senior AI security leadership but don't need it five days a week. Most organizations need it for the strategy and initial build, not as a permanent seat. You get the senior leadership without the full-time cost or a six-month search.

What frameworks are used for AI security?

Engagements draw on NIST AI RMF 1.0 for risk management, MITRE ATLAS for threat modeling against AI systems, and OWASP Top 10 for LLM and Agentic Applications for assessing deployed AI. Which ones matter depends on where you are and what you're protecting.

Other Services

Virtual CISO
Learn more →
Offensive Security
Learn more →
Compliance & Risk
Learn more →