PH
Peter Hallen
AI Governance · Fractional CISO · Healthcare & Health-Adjacent

AI governance for healthcare and health-adjacent companies.

Boards are asking about AI strategy. Customers and auditors are starting to ask about AI controls. Most security teams don't have a defensible answer yet. I help them build one — policy, controls, agent operations review, and a roadmap your auditor can sign off on.

Fractional CISO·25 years across infrastructure, security, and platform engineering·Operating production agents every day

See the healthcare case study
25+ years
Security & infrastructure leadership
SOC 2 + HIPAA
Type II audits delivered to unqualified opinion
Production agents
Operating multi-LLM stacks daily across Claude, OpenAI, and self-hosted models
How I work

Three engagement types.

No price list — pricing happens on the discovery call after I understand your scope. No retainers where I just show up at the end of the month.

One-time engagement

AI Governance Sprint

4–6 weeks

Deliverables

AI usage policy, agent and tool inventory, control mapping to your existing framework (SOC 2 / HIPAA / HITRUST as relevant), and a 12-month roadmap for ongoing governance.

Best for

Companies whose board, customers, or auditor has started asking about AI and need a defensible position fast.

Most common

Ongoing retainer

Fractional CISO with AI scope

Monthly engagement

Deliverables

Everything a fractional CISO does — risk management, policy, compliance program, audit support — plus AI-specific controls, agent operations oversight, and ongoing review of LLM-integrated workflows for prompt injection, authority escalation, and PHI/PII leakage.

Best for

Companies that need a security executive in the seat but aren't ready for a full-time CISO, and whose AI surface area is growing.

Project-based

SOC 2 / HIPAA / HITRUST Audit Prep

Scoped to audit timeline

Deliverables

Full readiness through audit, with AI usage and agent operations integrated into the control set rather than bolted on after. No surprises at the finish line.

Best for

Companies on a defined audit clock who don't want to be surprised by an AI-controls question they haven't answered.

How it works

From discovery to deployment in weeks, not months.

Every engagement starts with understanding what's actually at risk — then builds toward something durable that your team can own.

📞

30 minutes

Discovery Call

Map your workflows, tools, pain points, and compliance obligations. I listen more than I talk.

🔧

3–5 days

Setup Sprint

Deploy a secure AI operations center, assess your current control posture, and identify highest-priority gaps.

⚙️

2 weeks

Tuning Period

Calibrate agents, refine workflows, close documented gaps, and stand up evidence collection for audit.

✈️

Ongoing

Embedded Execution

AI handles day-to-day monitoring, you handle strategy. I stay until it's running right and your team can own it.

Get in touch

Book Your Free Strategy Session

Let's discuss your security goals and compliance requirements in a no-obligation 45-minute call.

Why work with me

Operator experience,
not just advisory.

I run production AI systems every day. I know what breaks, where credentials leak, and which controls are theater versus substance.

Expert guidance on SOC 2, HIPAA & AI governance
Actionable advice tailored to your specific stack and compliance obligations
Quick, focused conversation
45 minutes on your specific needs — no sales deck, no wasted time
No obligation
Free consultation with honest advice, even if we don't work together

Can't find a time? peter@peterhallen.com