AI Security & Governance Architect
I secure, govern, and run the systems companies can’t afford to get wrong — now including their AI.
AI security and governance, backend architecture, and tamper-proof audit trails for regulated industries: guardrails and hard spend caps for LLM apps and agents, GRC / compliance platforms, and self-hosted infrastructure I run myself. Three decades shipping software end to end — and I still write the code.
- Building software since 1993
- CISOteria — GRC SaaS architect (7 yrs)
- National Cyber Directorate GRC portal — backend lead
- Flixel founder · 7 patents
- IDF Major (ret.)
- EOSIO StackExchange — #11 globally
- B.Sc. Math & Physics, TAU
What I do
AI security & governance
Guardrails for LLM apps and agents: prompt-injection and abuse defense, hard spend caps, PII redaction, output validation, and audit trails — mapped to EU AI Act / ISO 42001 controls. Built as Guardrail, a fail-closed AI gateway. (smallestbusiness.com)
GRC & compliance engineering
Seven years as backend architect for CISOteria (GRC / compliance SaaS) and the Israel National Cyber Directorate portal. I turn regulatory obligations into working, enforced controls — not slideware.
Backend & full-stack architecture
Multi-tenant SaaS, API and data-layer design, legacy modernization, containerization — owned end to end, for regulated industries. Data visualization when the data needs to be legible (D3.js, React).
Tamper-proof audit trails
Immutable, independently verifiable audit logs and evidence — self-hosted BFT chains, no third-party dependency. Wire-fraud prevention (ChainVault), art provenance (Verarta), and verifiable records for AI systems.
Selected work

CISOteria
Security-compliance (GRC) SaaS · backend architect, 2019–present
Multi-tenant CISO / compliance platform on AWS Marketplace. I own the API, data model, and architecture — Node.js + a modernized PHP core, MariaDB / Redis / Docker, vulnerability dashboards and analytics, SSO / SAML.

CISOteria — asset risk graph (D3)
Compliance data-viz · D3.js hierarchy
A D3 hierarchy I built for CISOteria: an asset’s risk score traced down to the systems and infrastructure it depends on — colour-coded by risk, so the weakest link is obvious.

Israel National Cyber Directorate — GRC portal
grc.cyber.gov.il · built at CISOteria · backend lead
The Israel National Cyber Directorate’s governance-risk-compliance portal, powered by CISOteria (“Cyber OS”). I led most of the backend and built parts of the front end.

IMS — interactive weather map
Israel Meteorological Service · front-end / data-viz
Map-overlay work I contributed to the Israel Meteorological Service (ims.gov.il) — data overlays on their interactive synoptic forecast maps.

ChainVault
Private-blockchain deal room
Tamper-proof real-estate closing platform with on-chain wire-fraud prevention — a 4-node Antelope / BFT chain and a client-side-encrypted document vault.

Verarta
Art provenance on a private chain
Immutable provenance records for artworks — no third-party dependency, full audit trail.
Smallest Business
Cloud & AI-cost engineering
My consultancy and a daily learn-in-public series on cutting cloud bills and controlling AI spend.
Writing
The Tel Aviv Parking Ticket Scandal: A Cautionary Tale for Municipal Systems
Benefits of Private Blockchain for Managing Parking Tickets in Large Cities
I write more often at smallestbusiness.com
My main blog lives there — near-daily posts on cutting cloud bills and controlling AI / LLM spend. This site keeps the occasional longer piece; the frequent writing is over there.
Read smallestbusiness.comAvailable for short- and long-term engagements. If your infrastructure is something you can’t afford to get wrong, let’s talk.