Michael Stringer

Lead Security Engineer, Enterprise Security

AppOmni Inc

SaaS security platform protecting enterprise SaaS deployments across Salesforce, Microsoft 365, ServiceNow, and others.

• Established the enterprise security function from the ground up; defined the long-term roadmap, control maturity targets, and operating model presented quarterly to executive leadership.
• Own the SOC 2 Type II program end-to-end — control design, evidence automation, audit coordination, ongoing stewardship; reduced audit prep overhead by ~30%.
• Designed security controls and SOPs for 1,500+ cloud resources, cutting misconfigurations by 40%.
• Architected zero-trust workstation isolation, achieving 80% reduction in lateral-movement attack surface.
• Lead AI security for AppOmni's "AskOmni" AI Agent — LLM threat modeling, prompt injection testing, adversarial AI assessments, guardrail validation.
• Built and operate the customer trust program (questionnaires, due diligence, customer briefings), improving response efficiency >25% and accelerating sales cycles.
• Drove secure SDLC adoption across all product teams, reaching 85%+ developer adoption.
• Built automated assessment & reporting pipelines — 22% reduction in time-to-delivery, >40% faster critical remediation.
• Influenced flagship product posture, contributing to $60M+ ARR through secure product design and customer-facing security capabilities.

Principal Information Security Consultant, Lead Penetration Tester

Online Business Systems

~800-person technology and consulting firm across North America.

• Built and led the Offensive Security Services (OSS) practice from inception — scaled to a 15-person global team representing 2% of headcount while delivering 14% of annual realized revenue.
• Grew practice revenue to $6.6M+ annually across 250+ engagements; drove $5M in gross revenue growth and a 150% profit-margin increase over three years.
• Owned full P&L — pricing, capacity planning, vendor selection, hiring, career ladders, KPI frameworks.
• Designed and executed red team operations and APT simulations for Fortune 500 clients; one engagement directly contributed to a $2M contract renewal.
• Created a social engineering / spear-phishing service line generating $300K in new annual revenue.
• Translated adversary findings into executive roadmaps and SSDLC changes with measurable, tracked risk reduction.
• Conducted compliance-driven assessments across NIST SP 800-53, PCI DSS 4.0, HIPAA, HITRUST, SOC 2, ISO 27001/27002.
• Migrated OSS infrastructure to AWS with Terraform-managed IaC, VPC segmentation, IAM hardening, CI/CD automation; deployed K8s assessment infrastructure.
• Introduced AI-augmented testing (Horizon3.ai NodeZero) and automated reporting — 25% less assessment time, 80% faster delivery, $250K annual cost reduction.
• Authored playbooks, training, and methodology adopted across the practice; mentored senior engineers into team leads.

CISO / Director of Security Services

Nemesis Security Group

• Owned the multi-year roadmap mapped to business OKRs; stood up the risk register, treatment plans, and quarterly executive reviews.
• Established control framework alignment across SOC 2, ISO 27001/27002, NIST CSF, PCI DSS, HIPAA, FISMA with full policy library and maturity metrics.
• Coordinated third-party audits and customer trust reviews with zero critical findings; centralized evidence streamlined prep by 25%+.
• Designed cloud and on-prem architectures across AWS, Azure, GCP — IAM controls, logging/telemetry, zero-trust patterns.
• Built detection/response runbooks, vulnerability SLAs, and purple-team exercises — >40% improvement in critical patch deployment timelines.
• Launched a security champions program and BCDR tabletops; elevated secure coding adoption across >80% of dev teams.

Chief Information Security Officer (Fractional)

Mechanical Piping Systems Inc

• Defined data protection strategy, risk program, and baseline compliance posture from scratch; instituted asset classification and change control.
• Architected secure network segmentation, Zero Trust access, email/web security, endpoint controls, and centralized logging.
• Implemented DLP, MFA, least-privilege IAM, continuous patching, and IR playbooks & tabletops.

Senior Information Security Research Analyst

SecureState (acquired by RSM US LLP)

• Advanced vulnerability research, exploit development, and red team ops; co-discovered and disclosed CVE-2017-9770 and CVE-2017-9769 (Razer rzpnk.sys local privilege escalation).
• Co-developed King Phisher, an open-source phishing & adversary simulation platform widely adopted across the security community.
• Subject Matter Expert for Vulnerability Management service line responsible for $2.5M+ annual revenue.
• Led PCI DSS Requirement 11 penetration testing & scan services across the client portfolio.
• Contributed to technical marketing and BD — 40+ new client leads in a single year.

Senior Network Security Engineer

Cornerstone IT

• Designed, built, and maintained the AlienVault SIEM for SOC 2-compliant managed security services — correlation rules and alert tuning.
• Developed the firm's DFIR methodology and ransomware response procedures; led recovery for 10+ clients during the Osiris/Odin epidemic.
• Automated backup, recovery, and infra workflows via Datto — 45% improvement in containment and recovery times.

Founder & Principal Consultant

Elec-Techs IT Solutions

Founded and operated an independent IT and network security consultancy serving enterprise, education, manufacturing, and SMB clients across NE Ohio.

• Lubrizol Corporation (via KForce): managed Cisco Nexus switch infrastructure across multiple NE Ohio facilities; remediated a total network-blackout event at the Wickliffe HQ campus.
• Monreal LLC: Cisco CCNA-level infrastructure management supporting a gross annual revenue stream of $800K.
• Cardinal Local School District: designed and deployed Windows Active Directory replacing aging Novell systems.
• Cleveland Charter School District: introduced vulnerability management, patch management, and ticketing systems.
• Windows/Linux admin, network architecture, malware analysis, DFIR, custom tooling in C/C++, Python, Ruby.

Supply Specialist (E-4), Acting Supply Sergeant (92Y)

United States Army Reserve

Served with the 12/100th Battalion Reserve Regiment in support of operations in Afghanistan and Iraq. Honor Student, NCO Academy. Expert rifle marksmanship; top 90th percentile physical fitness.