Shimon Wright
AI, Cybersecurity & Service Delivery Authority26 years embedded in high-friction field environments — Indonesian swamps, ships at sea, remote mountain mines, and data centers wired into Mozambique mining operations — leading cybersecurity, service delivery, and GRC from the field to the enterprise deal room. Now channeling that field-tested judgment into AI-enabled solution development.
Live applied-AI systems,shipped & fit for use.
My projects represent solutions I built directly from real-world field experience accumulated across 26 years in technology. Each project was shaped by operational pain, delivery challenges, risk patterns, or recurring inefficiencies I encountered throughout my career.
Three disciplines.One operating model.
AI Governance & Enablement
- 01EU AI Act readiness and risk-tier classification
- 02NIST AI RMF alignment (Govern, Map, Measure, Manage)
- 03ISO/IEC 42001 AI management system design
- 04ISO/IEC 23894 AI risk assessment and control mapping
- 05Responsible and trustworthy AI evaluation
- 06Human-in-the-loop oversight and accountability
- 07Model, data, and decision traceability
- 08Rapid AI prototyping — field problem to deployed solution
Cybersecurity & GRC
- 01CISO and embedded security leadership
- 02Enterprise deal-risk and board-level cyber assurance
- 03ISO 27001, NIST CSF, and ISMS assessment
- 04Audit, assurance, and control governance
- 05External cyber-risk and security-rating remediation
- 06Secure SDLC and DevSecOps governance
- 07Incident response and on-the-ground crisis command
- 08Critical-infrastructure, OT, and IoT security
Service Delivery
- 01Global ITSM and 24×7 operations
- 02Infrastructure and data-center delivery in remote field sites
- 03Transition, transformation, and migration governance
- 04Cutover, SAT/UAT, and DR validation
- 05Incident, change, problem, and configuration management
- 06SLA recovery and cost-optimization programs
- 07Embedded, distributed-team and remote-field leadership
- 08Executive and client governance reporting
Experience, throughmultiple lenses.
Founded a field-to-product studio translating 25+ years of cybersecurity, service delivery, GRC and transformation experience into a portfolio of nine AI, data and workflow applications — from federated incident response and audit automation to deal intelligence, service-delivery assurance and governed execution.
9applications built25+years translatedFieldto productApplied AICybersecurityService DeliveryAdvised Group-level cybersecurity and deal-risk governance across enterprise pursuits, M&A and high-value contracts — turning fragmented commercial, legal, delivery and security evidence into executive-ready risk decisions.
85+risk reviews$17B+contract value35%cycle-time cutCybersecurityService DeliveryRan Capgemini’s external cyber-risk function — driving public security ratings upward and clearing score issues that were blocking major deals and renewals through a governed validation, remediation and evidence lifecycle.
730→740BitSight rating80→100SecurityScorecardE2Efinding lifecycleCybersecurityService DeliveryLed global cybersecurity, GRC and audit/assurance for a major QSR digital-retail account — 23 delivery locations within a ~37,000+ site estate — authoring the enterprise security plan, standing up the GRC operating model, and commanding crisis response.
37,000+sites transformed€560Mexposure avoided23sites audited / yrCybersecurityService DeliveryDelivered secure-by-design strategy for connected-vehicle systems — telematics, firmware, OTA pipelines, ECU and in-vehicle networks, and third-party components — aligned to ISO/SAE 21434, ENISA and Auto-ISAC practices.
ISO/SAE21434 alignmentOTAfirmware & ECU securityAuto-ISACpractices appliedCybersecurityGoverned cybersecurity and operations across vessel and shoreside environments — payment and guest-data protection, cloud/IoT exposure, and ship-to-shore continuity for globally distributed maritime operations.
Fleetship + shoreside15security / ops teamIoTcloud & guest dataCybersecurityService DeliveryClient-badged Interim CISO for a federated network of ~139 member firms across 130 countries — building the global incident-response and threat-flash model (later the basis for GIRP) across firms with shared brand exposure but uneven security maturity.
139member firms130countries~50%faster responseCybersecurityService DeliverySecurity and test-governance lead for a data-center transformation into a managed model — building the Pathfinder validation process, RACI and tracking dashboard, and governing SAT/UAT, DR validation and go-live across migration waves.
Pathfindervalidation processSAT/UAT& DR validationAzuresecurity planCybersecurityService DeliveryLed delivery for regulated biopharma data-center hosting — reshaping configuration management and promote-to-production discipline, aligning incident priority to business impact, and hardening secure-hosting hygiene with CyberArk, ArcSight and Splunk.
124delivery teamMTTRreduced via SIEMConfigmgmt redesignService DeliveryCybersecurityRan regional hosting and service delivery across ~15 countries for remote metals, mining, port and logistics operations — from Indonesian swamp sites to the Port of Nacala — where a technical failure meant stalled ore, demurrage exposure and SLA penalties.
15countries$40K/hrloss avoided~$500KSLA penalties recoveredService DeliveryDelivered NERC CIP critical-infrastructure remediation for a utility energy-market environment — standing up the CIP-defined access points (Cisco ASA), switching and management tooling across primary and backup data centers, with as-built security documentation.
NERC CIPSCADA remediationASA 5540CIP access pointsCiscoWorksLMS / NCMCybersecurityProvided security architecture and engineering for new EDS technology offerings before launch — running Design- and Build-Phase Security Assessments, engineering multi-context Cisco ASA firewalls and PCI-DSS SSL VPN, and turning SOW, SLA and scan evidence into implementation-ready guidance.
PCI DSSSSL VPN engineeredASAmulti-context active/activeDPSA/BPSAdesign & build reviewsCybersecurityRan retail enterprise infrastructure across Windows, Unix and Exchange — piloting Active Directory, engineering an NLB Terminal Server / thin-client estate of 172 Wyse appliances, and standing up secure Solaris DNS/FTP on BIND.
172Wyse thin clientsADpilot & scriptingBINDsecure DNS / FTPService DeliveryCybersecurityManaged service desk and end-user operations for ~1,100 retail users across New York, Virginia and North Carolina — Tier 1/2 escalation and SLAs — while expanding into Unix, DNS and Exchange administration, patching and secure remote access.
1,100users supported3states coveredTier 1/2escalation & SLAService Delivery
Available to lead,advise, build &transform.
Hands-on, senior technology leadership across AI, cybersecurity, and enterprise service delivery. Available for executive, advisory & interim engagements.