Belle Mead, New Jersey, United States
On 7 April 2026, an AI system autonomously discovered thousands of zero-day vulnerabilities across global critical infrastructure. Hours. Not months. Not years. I've spent 20 years working cybersecurity for financial institutions — the Federal Reserve, Citigroup, Morgan Stanley, DTCC. I know what a broken control looks like from the inside. April 7th told me three ISO 27001 controls weren't just degraded. They were structurally broken. I did what I do when the tools stop working. I went to the math. Three controls — A.8.8, A.8.16, A.8.15 — fail not because they're implemented poorly. They fail because their founding operational assumption — that human response can close within the available window — no longer holds. I mapped every relevant MITRE ATT&CK v15 technique against each control, scored the Brewer & List class shift, and grounded it in DBIR breach data (n=12,195). The result: a control that reports green while providing zero protection. That's not a gap. That's a trap. I am also an independent researcher (ORCID: 0009-0006-0530-5235) working at the intersection of advanced mathematics and AI-speed security threats. The frameworks I apply draw on Ramanujan's mock theta functions and the Atiyah-Singer index theorem — tools developed decades before the internet existed, now uniquely suited to detecting structural failure in complex systems operating at machine speed. AI will not fix what AI broke. Speed layered on a broken architecture produces faster failure, not security. The correct response is architectural: identify which controls require redesign, which retain forensic value, and what a mathematically grounded direction signal actually looks like. That's what I'm building. 20 years. 600+ risk assessments. 7 of the first 12 ISO 27001 certifications in the United States. Federal Reserve. Citigroup. Morgan Stanley. DTCC. Reuters. The practitioner experience tells me what's broken. The mathematics tells me why — and what comes next.
1. Mizuho Bank 2. Mitsubishi Union Bank 3. Mitsubishi Union Trust Bank
1. Capital One (SOC, PCI Compliance, Managed Security Services) 2. Citigroup (SOC, App Security) 3. KPMG (SOC) 4. SouthWest (SOC) 5. Wells Fargo (Risk Assessments)
1. GRC Process Review 2. Control Gap Remediation 3. Risk Assessments (All Division's covered twice)
1. SOX Compliance 2. Supply Chain Audit Lead