Gerard Israel
Security Strategy & Architecture · Critical Infrastructure

Security, designed upstream.

Executive security leader for financial services, healthcare, fintech, and critical infrastructure. I build security organizations that turn technical risk into measurable business outcomes, and embed protection into platforms before they ship rather than after.

What I lead

Domains of expertise

01

Critical Infrastructure & OT/ICS

Cyber-physical convergence and security for operational environments, with protection engineered into platforms upstream of deployment.

02

Cloud, Product & AI Security

AWS, Azure, GCP, Kubernetes, secure SDLC, DevSecOps, CI/CD security, and AI security governance for enterprise adoption.

03

Security Operations

Detection engineering, SIEM, SOAR, incident response, threat intelligence, and vulnerability management at large scale.

04

Data Protection & Third-Party Risk

Encryption, DLP, data activity monitoring, identity, and vendor and supply-chain risk across regulated environments.

05

Governance, Risk & Regulatory

Board and executive reporting, audit readiness, and regulatory alignment across FINRA, PCI-DSS, SOC 2, HIPAA, NIST, and ISO 27001.

06

Org Building & M&A

Standing up security functions from zero, scaling leadership teams, and running security due diligence through acquisition.

Career

Experience

I learned security on a particle accelerator. At 17, I was accepted into an internship at a national physics lab expecting to work alongside physicists, since I wanted to be an astrophysicist at the time. Instead I was paired with the head of network engineering. There was no separate "security" job in those days; if you ran the network for the accelerators, you secured them too.

The stakes were physical, not just digital. The same family of accelerator technology was moving into hospitals to treat cancer, where a misconfiguration doesn't cause a data breach, it can push the wrong settings to a machine pointed at a patient. That is where security designed upstream comes from for me. When failure is physical, you don't bolt security on at the end. You design it in from the start.

2025 – Present

Executive Director, Head of Security Strategy & Architecture

JPMorgan Chase · Consumer & Community Banking
  • Lead security strategy, architecture, governance, and risk for a next-generation core banking platform at one of the world's largest banks.
  • Run a security organization through three director-level leaders covering platform security, infrastructure security, and GRC across a large technology organization.
  • Translate platform, cloud, CI/CD, and resiliency risk into executive-ready narratives, monthly business reviews, and remediation decisions.
2022 – 2025

Amazon

Arlington, VA · Healthcare & Retail Security
Head of Infrastructure & Clinic Security One Medical & Amazon Pharmacy · 2023–2025
  • Standardized security controls across 300+ healthcare sites, lifting control coverage from 42% to 96% and cutting high-risk issues from 1,200+ to under 100.
  • Governed $60M+ in cloud security controls across 800+ accounts; secure-by-default guardrails reduced provisioning time from days to under an hour.
  • Led AI-assisted detection and SOAR work that raised true positives, cut alert volume, and halved mean time to respond.
Head of Data Protection Whole Foods Market · 2022–2023
  • Led enterprise data-protection strategy across 350+ retail environments spanning encryption, DLP, data activity monitoring, and audit readiness.
  • Reached 90%+ encryption coverage on Tier-1 datasets at 100% audit readiness, and optimized logging at 12TB+/day for roughly $5M in annual savings.
2020 – 2022

Director of Cybersecurity, Head of Global SOC/IR, Platform & Architecture

IG Group / tastytrade / tastyworks · Chicago, IL
  • Brought on as the first dedicated security hire to build a centralized security program ahead of a proposed $1B acquisition, under direct FINRA scrutiny.
  • Inherited a fragmented environment, including an EDR tool running without alerting and a SIEM purchased but never configured, and stood up both properly alongside a new product-security framework and operational-security team.
  • Built a two-track threat-intelligence function: account-level fraud and takeover detection for a platform managing customers' money, and application-layer threat monitoring during the Log4j crisis.
  • Post-acquisition, led all of North American security under a 24/7 follow-the-sun model with an operations team in India, building the program that served as IG Group's entry point into the US market.
2012 – 2021

Founder & CISO / vCISO

TechBreakdown (acquired by Proven IT) · Chicago, IL
  • Started by securing small independent businesses (setting up routers, access points, and early wireless), then grew into supporting SMB offices and eventually companies with 100+ employees as their needs matured.
  • Built a repeatable managed-security model before "MSSP" was a term I knew, partnering with enterprise EDR and SIEM vendors to run security operations across a portfolio of clients.
  • Founded and scaled the practice into $5M+ in revenue across 200+ clients and roughly 100k endpoints, advising CEOs, CIOs, and boards on risk and investment strategy.
  • Built security architectures and compliance programs aligned to NIST, ISO 27001, SOC 2, HIPAA, and PCI-DSS.
Credentials

Certifications & education

CISSP ISACA AAISM CAISP · In Progress HCISPP GIAC (GSEC · GFACT · GISF) EC-Council CCISO CompTIA Security+ / Network+ DoD 8140 (IAT III · IAM III · IASAE II)

B.A. Physics · Lake Forest College

Let's talk

Open to the right conversation.

Security leadership roles, advisory work, or a thoughtful exchange about critical-infrastructure security.