[{"content":" Michael A. Davis is Managing Director and Global Chief Security Architect at JPMorgan Chase \u0026amp; Co., where he helps shape the cyber-defense strategy protecting one of the world\u0026rsquo;s most consequential financial institutions.\nOver the last two decades he has built security teams, launched companies, advised global enterprises, and worked across the fault lines where business ambition meets operational risk.\nThis site is where he writes about security architecture, secure-by-design execution, leadership at scale, and the practical lessons that come from building programs meant to last.\nCurrent focus # Turning security architecture into an accelerant for cloud, AI, and digital transformation. Building systems that help defenders move earlier, faster, and with better context. Translating complex technical risk into decisions executives can actually act on. Experience that informs the work # Before JPMorgan Chase, Michael built Amazon\u0026rsquo;s dedicated security organization for a broad portfolio of subsidiaries, including Prime Air, Zoox, and Zappos. Earlier, as CTO of CounterTack, he helped advance one of the industry\u0026rsquo;s early commercial endpoint detection and response platforms. He also founded Savid Technologies, an Inc. 5000 security consultancy recognized for its rapid growth.\nHe is a contributing author to the Hacking Exposed series, a longtime conference speaker, and an operator who has spent his career working at the intersection of technology, risk, and growth.\n\u0026ldquo;The phrase \u0026lsquo;I can\u0026rsquo;t\u0026rsquo; is the most powerful force of negation in the human psyche. When done properly, security controls enable IT to say, \u0026lsquo;we can\u0026rsquo;.\u0026rdquo;\nOn this site # You\u0026rsquo;ll find short essays and practical notes on modern cyber defense, secure platforms, organizational leverage, and the disciplines required to keep builders moving without losing sight of resilience.\nMichael also speaks regularly with executive, technical, and conference audiences on cyber defense, leadership, resilient systems, and the operating lessons behind secure growth. If you\u0026rsquo;re evaluating him for a keynote, panel, or custom session, visit the speaking page.\nIf you\u0026rsquo;re new here, start with the recent posts below, read more about Michael, or explore speaking topics and booking details.\n","date":"4 April 2026","externalUrl":null,"permalink":"/","section":"Michael A. Davis","summary":"","title":"Michael A. Davis","type":"page"},{"content":" Michael A. Davis is a keynote speaker, panelist, and session leader known for translating complex security, technology, and growth challenges into clear operational guidance for executive and technical audiences.\nHis speaking draws on leadership roles across JPMorgan Chase, Amazon, CounterTack, and Savid Technologies, as well as years of writing, advising, and public-facing work in the security community.\nSpeaking themes # Michael\u0026rsquo;s sessions are best suited for organizations and events that want practical perspective rather than abstract theory. Common themes include:\nSecure-by-design execution in large, fast-moving organizations. Cyber defense strategy and how to help defenders move ahead of attackers. Endpoint visibility, resilience, and modern detection thinking. Insider risk, organizational blind spots, and the cost of negligence. Entrepreneurship, fundraising, and scaling responsibly. Selected talks # Hacking Exposed: Malware and Rootkits # Real-world examples of how attackers use readily available tools to infiltrate and hijack systems, with practical countermeasures for detection, prevention, and cleanup.\nData-Centric Security in a Mobile World # A session on protecting enterprise data as work moves onto mobile devices, with emphasis on policy, enforcement, and end-user education.\nA Thin Line Between Malicious Insiders and External Attackers # An exploration of insider risk, organizational negligence, behavioral indicators, and the practical steps teams can take to improve resilience.\nHow to Raise a Big A** Round # Lessons from raising significant venture capital across multiple companies, focused on how founders navigate the realities behind growth capital.\nCash Kings: 5 Steps To Take Now To Focus on Your Fastest Path to Revenue # Guidance for entrepreneurs on identifying leverage in the customer lifecycle and concentrating effort where revenue momentum compounds fastest.\nGrowing Pains: Not Every Dollar is Worth a Dollar # A practical talk about growth quality, operating discipline, and how to scale without confusing speed for strength.\nFormats # Michael is available for:\nConference keynotes Executive sessions and leadership forums Panels and moderated discussions Technical talks for security and engineering audiences Customized talks for company offsites or customer events He is also happy to tailor a session to a specific audience or event theme.\nBooking # For speaking inquiries:\nJess Loren jl@jessloren.com 312-480-1085 If you are reaching out about an event, it is helpful to include the audience, venue or format, timing, and the type of session you have in mind.\n","date":"4 April 2026","externalUrl":null,"permalink":"/speaking/","section":"Michael A. Davis","summary":"","title":"Speaking","type":"page"},{"content":"","date":"3 April 2026","externalUrl":null,"permalink":"/categories/architecture/","section":"Categories","summary":"","title":"Architecture","type":"categories"},{"content":"Supporting a new business inside a large company is different from protecting a mature operating environment.\nThe risk surface changes quickly. The product direction changes quickly. The people, vendors, and systems involved can change just as quickly. Security teams that succeed in that environment do not begin by importing the full weight of enterprise process. They begin by understanding the shape of the bet.\nStart with the mission, not the checklist # Every venture has a few things that matter disproportionately in its earliest phase:\nThe assets or capabilities that make the business viable. The decisions that are hard to reverse later. The controls that let the team scale without rebuilding its foundation. If security can identify those three things early, it can provide leverage instead of drag.\nDesign for what the team will become # Founders and venture leaders do not need a security lecture. They need a way to make good decisions while the business is still taking shape.\nThat means meeting them where they are, keeping the control set intentionally small, and choosing patterns that grow with the business. The goal is not to make an early-stage venture look like a finished enterprise. The goal is to ensure it can become one without accumulating avoidable risk and technical debt.\nThe best architecture creates room to move now and fewer regrets later.\n","date":"3 April 2026","externalUrl":null,"permalink":"/posts/building-security-for-new-businesses/","section":"Writing","summary":"New businesses need security that respects speed, changing assumptions, and the reality that not every control should arrive at once.","title":"Building Security for New Businesses Inside Big Ones","type":"posts"},{"content":"","date":"3 April 2026","externalUrl":null,"permalink":"/categories/","section":"Categories","summary":"","title":"Categories","type":"categories"},{"content":"","date":"3 April 2026","externalUrl":null,"permalink":"/tags/leadership/","section":"Tags","summary":"","title":"Leadership","type":"tags"},{"content":"","date":"3 April 2026","externalUrl":null,"permalink":"/tags/operating-model/","section":"Tags","summary":"","title":"Operating Model","type":"tags"},{"content":"","date":"3 April 2026","externalUrl":null,"permalink":"/tags/security-architecture/","section":"Tags","summary":"","title":"Security Architecture","type":"tags"},{"content":"","date":"3 April 2026","externalUrl":null,"permalink":"/tags/","section":"Tags","summary":"","title":"Tags","type":"tags"},{"content":"Essays and working notes from Michael A. Davis on cyber defense, secure-by-design execution, leadership, and the operating lessons that come from building security programs across startups and global enterprises.\n","date":"3 April 2026","externalUrl":null,"permalink":"/posts/","section":"Writing","summary":"","title":"Writing","type":"posts"},{"content":"","date":"3 April 2026","externalUrl":null,"permalink":"/categories/cyber-defense/","section":"Categories","summary":"","title":"Cyber Defense","type":"categories"},{"content":"","date":"3 April 2026","externalUrl":null,"permalink":"/tags/detection-and-response/","section":"Tags","summary":"","title":"Detection and Response","type":"tags"},{"content":"","date":"3 April 2026","externalUrl":null,"permalink":"/tags/endpoint-security/","section":"Tags","summary":"","title":"Endpoint Security","type":"tags"},{"content":"For years, defenders treated the network perimeter as the place where decisive battles would be won. That model made sense when systems were more centralized and traffic patterns were easier to reason about.\nThat is no longer the world most organizations operate in.\nCloud adoption, remote work, identity sprawl, and increasingly distributed applications have changed the geometry of defense. The endpoint is not the whole answer, but it remains one of the most revealing places to observe attacker behavior, privilege misuse, and operational drift.\nVisibility is only the start # Telemetry by itself does not create resilience. It creates the possibility of resilience.\nOrganizations still need:\nAnalysts who understand what matters. Architecture that supports containment and recovery. Leaders willing to invest in the boring disciplines that make response repeatable. The lesson from the rise of endpoint detection was never just \u0026ldquo;collect more data.\u0026rdquo; The lesson was that defenders need enough context to recognize patience, staging, and intent before an incident becomes a headline.\nBetter defense is cumulative # The strongest programs do not wait for a perfect control. They combine visibility, decision quality, and execution readiness over time.\nThat is what resilience looks like in practice: a system that can see enough, decide fast enough, and recover cleanly enough to stay in the fight.\n","date":"3 April 2026","externalUrl":null,"permalink":"/posts/from-endpoint-to-enterprise-resilience/","section":"Writing","summary":"The endpoint remains one of the clearest places to understand attacker behavior, but only if the organization is ready to act on what it sees.","title":"From Endpoint Signals to Enterprise Resilience","type":"posts"},{"content":"","date":"3 April 2026","externalUrl":null,"permalink":"/tags/resilience/","section":"Tags","summary":"","title":"Resilience","type":"tags"},{"content":"","date":"3 April 2026","externalUrl":null,"permalink":"/tags/innovation/","section":"Tags","summary":"","title":"Innovation","type":"tags"},{"content":"","date":"3 April 2026","externalUrl":null,"permalink":"/categories/leadership/","section":"Categories","summary":"","title":"Leadership","type":"categories"},{"content":"","date":"3 April 2026","externalUrl":null,"permalink":"/tags/secure-by-design/","section":"Tags","summary":"","title":"Secure by Design","type":"tags"},{"content":"One of the most damaging ideas in security is that our value is proven by how effectively we say no.\nThat instinct is understandable. Risk is real, consequences are expensive, and the easiest way to avoid a bad outcome is often to shut down a path entirely. But organizations do not hire security teams to freeze motion. They need security leaders to help the business move with more confidence, not less.\nThe most effective controls change the conversation from \u0026ldquo;you cannot do that\u0026rdquo; to \u0026ldquo;here is how to do it safely and at scale.\u0026rdquo; That shift matters because it reframes security as a design discipline instead of a late-stage objection.\nWhat enabling looks like # In practice, enabling controls usually share a few traits:\nThey show up early enough to influence architecture, not just approve outcomes. They create reusable patterns so teams do not have to solve the same risk problem from scratch each time. They make tradeoffs visible in language that product, engineering, and executive stakeholders can understand. When security teams work this way, they stop being remembered for gatekeeping and start being valued for accelerating the right decisions.\nThe operational test # Every control has an operational truth test: does it make the next safe decision easier?\nIf the answer is no, the control might still be necessary, but it should not be mistaken for strategy. Strategy compounds. It creates clarity, templates, and confidence that teams can reuse. It helps organizations ship important work without relearning the same painful lessons each quarter.\nSecurity is strongest when it helps an organization keep its ambition.\n","date":"3 April 2026","externalUrl":null,"permalink":"/posts/security-controls-should-enable-innovation/","section":"Writing","summary":"Security becomes durable when it gives builders better options instead of only more friction.","title":"Security Controls Should Enable Innovation","type":"posts"},{"content":"","date":"3 April 2026","externalUrl":null,"permalink":"/tags/security-leadership/","section":"Tags","summary":"","title":"Security Leadership","type":"tags"},{"content":" Michael A. Davis serves as Managing Director and Global Chief Security Architect at JPMorgan Chase \u0026amp; Co., where he helps guide the firm\u0026rsquo;s global cyber-defense strategy across cloud, zero trust, threat intelligence, and long-range security planning.\nHis work sits at the point where architecture, operations, and business ambition need to align. The through line across his career has been straightforward: make security concrete enough to guide decisions, practical enough to ship, and strong enough to stand up to real-world pressure.\nLeadership journey # Michael\u0026rsquo;s background spans large-scale enterprise security, venture-backed product leadership, and entrepreneurship.\nAt Amazon, he built security capabilities for a portfolio of more than 30 subsidiaries, including Prime Air, Zoox, and Zappos. As CTO of CounterTack, he helped shape product strategy for one of the early commercial EDR platforms and supported more than $100 million in venture funding. Earlier, he founded Savid Technologies, an IT security consultancy that grew onto the Inc. 5000 and earned him BusinessWeek\u0026rsquo;s \u0026ldquo;Top 25 Under 25\u0026rdquo; recognition. He has also advised industry groups, contributed to security publications, and mentored emerging founders and operators.\nWriting and public speaking # Michael is a contributing author to the Hacking Exposed series and has written for outlets including Dark Reading and InformationWeek. He is also a frequent speaker known for translating complex threat landscapes into clear operational and executive guidance.\nSelected themes from past talks include:\nMalware, rootkits, and the practical controls that hold up under pressure. Data-centric security in a mobile world. The insider threat and the thin line between negligence and malicious behavior. Fundraising, sustainable growth, and building security businesses that last. He is comfortable with keynotes, panels, and customized sessions for executive, technical, and mixed audiences.\nPoint of view # Michael\u0026rsquo;s work is shaped by a simple belief: security should not exist to stop the business from moving. It should exist to make meaningful progress possible with better visibility, better decisions, and fewer surprises.\n\u0026ldquo;When done properly, security controls enable IT to say, \u0026lsquo;we can\u0026rsquo;.\u0026rdquo;\nFor conference organizers, leadership teams, and event producers, more detail is available on the dedicated speaking page.\n","date":"3 April 2026","externalUrl":null,"permalink":"/about/","section":"Michael A. Davis","summary":"","title":"About","type":"page"},{"content":"","externalUrl":null,"permalink":"/authors/","section":"Authors","summary":"","title":"Authors","type":"authors"},{"content":"","externalUrl":null,"permalink":"/series/","section":"Series","summary":"","title":"Series","type":"series"}]