Ben Hamilton

Founder & Fractional CSO/CISO

PraeSyn · Greater Seattle Area

Dec 2025 – Present(5 mos)

PraeSyn is my fractional CSO/CISO practice. I work with growth-stage and PE-backed companies as an embedded security executive — building security programs, navigating compliance (SOC 2, ISO 27001, CMMC), and preparing leadership teams and boards to speak confidently about risk. Engagements are structured around clear deliverables and measurable outcomes, not billable hours. For clients adopting AI, I bring formal AI governance frameworks through LatusAI (ISO 42001, NIST AI RMF).

Founder & Chief AI Officer

Latus AI

Dec 2025 – Present(5 mos)

co-Founded Latus.AI to address the critical gap in AI adoption strategy: the lack of data-driven frameworks causing widespread AI implementation failures. We enable organizations to assess their AI maturity across multiple dimensions using a formalized adoption framework based on ISO 42001 and NIST AI Risk Management Framework (AI RMF). Strategic AI Consulting: Deliver comprehensive AI maturity assessments that provide leadership with actionable insights and data-driven decision-making frameworks for successful AI adoption. Our methodology transforms AI implementation from experimental projects into strategic, measurable business initiatives. Framework Development: Created proprietary assessment tools and methodologies aligned with international standards (ISO 42001, NIST AI RMF), enabling organizations to identify gaps, prioritize investments, and build sustainable AI capabilities across governance, risk management, technical infrastructure, and organizational readiness. Market Innovation: Addressing the root cause of AI implementation failures by providing the structured, evidence-based approach that has been missing in the marketplace—bridging the gap between AI ambition and execution.

Enterprise Security Architect

Avalara · Seattle, WA

May 2020 – Dec 2025(5 yrs 8 mos)

Strategic Security Leadership: Led Avalara's enterprise cybersecurity strategy and architecture, aligning security investments with business priorities for a fast-growing SaaS tax compliance provider. Served as primary AI Security Architect, providing strategic direction for security and product initiatives across AI implementations. Enterprise Governance, Risk & Compliance (GRC): Designed and implemented Avalara's enterprise-wide GRC strategy, governance processes, and control framework spanning security, marketing, engineering, HR, legal, and finance. Delivered technical solutions aligned with global regulations and industry standards (GDPR, PCI DSS, SOC 2, HIPAA, CPRA, India and Brazil privacy regulations, NIST 800-53, NIST 800-171, NIST CSF, ISO 27001). This transformation enabled significant improvements in compliance assessment capabilities, internal audit function, and enterprise risk management maturity. Authored security policies, facilitated ISO 27001 assessments, and managed cyber insurance renewals. Data Security Architecture: Established data lifecycle management frameworks and controls as Avalara's Data Security Architect. Partnered with data science, engineering, legal, and revenue operations teams to implement data protection measures across the organization's data ecosystem. Cross-Functional Influence: Embedded security into product development and cloud infrastructure (DevSecOps) through collaboration with engineering, IT, and legal teams. Championed secure coding standards and cloud security best practices, significantly reducing critical vulnerabilities across products. Team Leadership & Communication: Mentored security architects and engineers, fostering a security-first culture organization-wide. Delivered security program updates to executive leadership and the Board, translating technical threats into business impact.

Technical Operations (volunteer)

Northwest Foursquare Church · Federal Way, WA

Apr 2012 – Jan 2025(12 yrs 10 mos)

• Collaborated with full-time staff to implement Google Apps for Education/Non-Profit, enhancing resource utilization. • Spearheaded the selection and implementation of a comprehensive church management system for Northwest Foursquare Church. • Designed a secure guest wireless network and resolved issues related to public website attacks for improved accessibility.

Security Leader

Teradata · Bellevue, WA

Mar 2018 – May 2020(2 yrs 3 mos)

Enterprise Security Program: Directed the design and implementation of robust security architecture for Teradata’s global data analytics platforms, ensuring protection of sensitive data at scale across cloud and on-premises environments. Compliance & Data Privacy: Championed adherence to international security standards and regulations (ISO 27001, GDPR, NIST 800-53) in both product offerings and internal operations. Led data protection initiatives to prepare for GDPR enforcement, including implementing data encryption, strict access controls, and user privacy consent frameworks. Business Alignment: Collaborated with product management and client teams to integrate security requirements into solutions for Fortune 500 customers, balancing stringent protection with performance and usability, and enabling sales in highly regulated industries by aligning Teradata’s security posture with customers’ compliance needs. Risk Reduction: Conducted production risk assessments and threat modeling for new big-data services, providing executive stakeholders with clear risk evaluations and mitigation plans. Achieved a significant reduction in high-risk findings by instituting proactive security controls and continuous monitoring. Leadership & Collaboration: Worked closely with product management and engineering leadership to establish a unified, company-wide security strategy. Provided leadership in incident response planning and cybersecurity awareness training, resulting in improved incident response times and a strengthened security culture across the organization.

Staff Information Security Architect

LogMeIn · Greater Seattle Area

May 2017 – Dec 2017(8 mos)

Product Security & Architecture: Led security architecture for LogMeIn's enterprise software and cloud services, ensuring that products incorporated robust security and privacy features from design through deployment. Secure Development Lifecycle: Furthered the maturity and evangelized secure SDLC and DevSecOps practices, integrating threat modeling, code analysis, and penetration testing into the development process. This proactive approach significantly decreased security vulnerabilities in production releases. Compliance & Standards: Ensured LogMeIn SaaS offerings adhered to industry security standards and certifications (SOC 2, ISO 27001, PCI DSS), meeting the stringent requirements of enterprise customers. Developed internal security guidelines that enabled the company’s cloud products to support clients’ compliance obligations seamlessly. Customer Trust & Enablement: Acted as a security liaison to key enterprise clients, translating complex security controls into business-friendly language. Provided executive-level briefings to customers on LogMeIn's security posture, helping to secure key contracts and maintain customer confidence in the platform. Cross-Team Leadership: Partnered with IT and network teams to bolster internal corporate security, implementing initiatives such as zero-trust network access and improved identity management. Mentored junior security engineers and championed security awareness programs across the organization.

Information Security Architect

LogMeIn · Greater Seattle Area

Jan 2017 – May 2017(5 mos)

Global Security Architecture: Defined and implemented the security architecture for LogMeIn’s suite of cloud-based collaboration and remote-access products, safeguarding millions of user accounts and sensitive data. Drove adoption of enterprise identity management and advanced threat protection solutions across global operations. M&A Security Integration: Played a key role during the LogMeIn/Citrix GoTo merger, leading security integration efforts to unify policies, networks, and controls. Ensured the combined company maintained a consistent, strong security posture post-merger, minimizing business disruption and risk. Regulatory Readiness: Implemented comprehensive compliance frameworks (ISO 27001, SOC 2) and strengthened data privacy practices ahead of emerging regulations. Led GDPR readiness assessments and data protection enhancements, positioning LogMeIn as a trusted provider in terms of privacy compliance. Risk & Incident Management: Established a formal risk assessment program and improved incident response processes, resulting in faster threat detection and resolution. Collaborated with executives to develop a multi-year cybersecurity roadmap that prioritized high-impact risk reduction initiatives and informed resource allocation. Stakeholder Communication: Communicated the state of security regularly to senior leadership and technical teams, providing clear visibility into security initiatives and their business impact. Worked closely with product leaders and customer success teams to address client security concerns, directly contributing to high customer retention and satisfaction.

Information Security Architect

Citrix · Santa Barbara, California

Mar 2016 – Jan 2017(11 mos)

Defined and executed the security strategy for Citrix’s GoTo cloud services (e.g. GoToMeeting, GoToMyPC), establishing a robust security architecture and controls for a global SaaS user base Implemented enterprise-wide security measures – from network segmentation and encryption to identity and access management – strengthening defense-in-depth and protecting customer data Ensured regulatory and industry compliance by developing secure data handling processes and leading internal security audits in alignment with PCI DSS and ISO 27001 requirements Collaborated closely with software development and product teams to integrate security into the SDLC, reducing vulnerabilities and enabling secure, on-schedule feature releases Led incident response and threat intelligence efforts, quickly mitigating security events and communicating risk status and remediation plans to stakeholders and executives

Sr. Security Engineer

Citrix · Santa Barbara, California

Aug 2007 – Mar 2016(8 yrs 8 mos)

Engineered and managed global security solutions for the enterprise, protecting intellectual property and customer data across a Fortune 500 storage technology company’s worldwide network Deployed and administered critical security infrastructure (firewalls, IDS/IPS, SIEM, encryption, endpoint protection), greatly improving threat detection capabilities and response times Led vulnerability management and security compliance efforts, conducting regular security assessments and ensuring adherence to corporate policies and standards Partnered with IT infrastructure and network teams to design secure network architectures and harden systems, reducing the external attack surface and internal security risks Served as a subject matter expert in identity and access management, network security, and data protection, contributing to a significantly stronger overall security posture

Owner and Principal Architect

Core Systems, Inc.

Sep 2006 – Aug 2007(1 yr)

Founded and directed a technology consulting firm delivering IT infrastructure and cybersecurity solutions for small and mid-sized businesses Architected and implemented secure networks, servers, and storage systems tailored to clients’ needs, ensuring high availability and robust data protection Provided hands-on expertise across system administration, network engineering, and security, deploying solutions such as firewalls, VPNs, and intrusion prevention systems Advised clients on best practices for data security and regulatory compliance, improving their security posture and meeting industry standards on limited budgets Managed all aspects of the business—from client relationships and project scoping to solution delivery—demonstrating entrepreneurial leadership and technical proficiency

Sr. Infrastructure Architect

Washington Mutual

Sep 2005 – Sep 2006(1 yr 1 mo)

Secured large-scale banking systems by implementing enterprise security controls for core financial platforms handling millions of customer records Administered and monitored security technologies (firewalls, intrusion detection systems, authentication servers) in a 24/7 environment, proactively identifying and mitigating threats Played a key role in identity and access management, streamlining user provisioning and enforcing least-privilege access across critical banking applications Supported financial regulatory compliance (GLBA, SOX) by ensuring security policies and controls met or exceeded industry requirements and audit standards Coordinated incident response for security events, working with cross-functional IT teams to quickly contain issues and strengthen preventive measures

Systems Security Professional

Washington Mutual

Sep 2003 – Oct 2005(2 yrs 2 mos)

Delivered information security consulting services to diverse clients, assessing their IT environments and implementing solutions to protect networks and systems Designed and deployed secure infrastructure components, including network firewalls, VPNs, and encryption mechanisms, to safeguard sensitive data for small businesses Performed security audits and risk assessments, identifying vulnerabilities and recommending remediation strategies to improve clients’ security postures Educated client teams on cybersecurity best practices (access controls, patch management, incident response), enabling organizations to maintain stronger defenses and meet compliance obligations

Security Architect

Seagate

1997 – 2003(6 yrs)

Designed the corporate wide public key infrastructure. Implemented the core key management system that was then turned over to an operations group. Performed full analysis of encryption technologies used in business to business transactions and external business collaboration tools. Assessed internal systems against security best practice and industry standards. Initiated new full disk encryption product. The initial concept and high level design were handed over to a product development team for detailed engineering and production. The Momentus Full Disk Encryption (FDE) product was released August of 2005.

IT / Support

Adaptec

1994 – 1996(2 yrs)

IT/Support

Skyway Freight Systems, Inc.

1993 – 1994(1 yr)

IT/Support

Owner

Hamilton Consulting

Jan 1990 – Sep 1993(3 yrs 9 mos)