Jeremy Canale Agentic Security
Work with me
World-Class Agentic Security Expert

Jeremy Canale I design

Twelve years securing the world's most regulated industries, banking, insurance, defense. Now architecting the security perimeter for autonomous AI agents, MCP infrastructure, and the cloud platforms they run on.

Engage Jeremy LinkedIn Profile
  • 12+years in cyber
  • 8Fortune-500 clients
  • 25+industry certifications
  • 3continents · SG · UAE · EU
Hands-on experience for
  • Swiss Re
  • AXA
  • BNP Paribas
  • Standard Chartered
  • Thomson Reuters
  • Société Générale
  • Seddiqi Holding
  • NusaVest
  • Thales
  • Dassault Systèmes
  • Veolia
  • Baxter
  • Gemalto
Credentials

Certified across the agentic stack

From Anthropic AI Fluency to NVIDIA Generative-AI LLMs, ISACA CISM/CRISC, and the full Microsoft Cybersecurity Architect & AWS Security tracks.

Microsoft2025

Building Secure Agents for Public Sector Services

Agentic automation security curriculum.

Agentic
NVIDIA2026

Certified Professional · Agentic AI

Agentic
NVIDIA2026 → 2028

Certified Associate · Generative AI LLMs

GenAI
Anthropic2026

AI Fluency Framework & Foundations

ud6tp3nbypsc

AI Trust
Anthropic2026

Claude Code in Action

bqps2dqo8oaa

Anthropic2026

Introduction to Claude Cowork

qn62hbyfx7ky

Anthropic2026

Claude Code 101

cyrei883psj9

Anthropic2026

Claude 101

pok9weot8j3p

Palo Alto Networks2023 → 2025

Prisma Certified Cloud Security Engineer

Microsoft2023 → 2024

Cybersecurity Architect Expert

EAB47D8F4EDC1058

Microsoft2023 → 2024

DevOps Engineer Expert

D7EF2C23EF149EA4

Microsoft2023 → 2024

Azure Developer Associate

A6B7126C06F9C786

Microsoft2023 → 2024

Security Operations Analyst Associate

8B08474D2BE410E8

Microsoft2023

Security, Compliance & Identity Fundamentals

BD23427E7A5DF944

Microsoft2023

Azure Fundamentals

B7635962A1631A02

Microsoft2020 → 2022

Azure Security Engineer Associate

H344-1450

ISACA2023

CISM, Certified Information Security Manager

ISACA2023

CRISC, Risk & Information Systems Control

Amazon Web Services2019 → 2021

AWS Certified Security, Specialty

6S5MRC92DFR11RCW

Amazon Web Services2018 → 2020

AWS Certified SysOps Administrator, Associate

FZN3QCE2J21E1N5F

Amazon Web Services2018 → 2020

AWS Certified Cloud Practitioner

WH8FRT11JNBQQXCM

Amazon Web Services2017 → 2019

AWS Certified Developer, Associate

4NBMCXH12EVEQB36

Amazon Web Services2016 → 2018

AWS Certified Solutions Architect, Associate

AWS-ASA-14402 · 3Z8KF6HK22VQQ83R

Coursera · Google Cloud2020

Managing Security in Google Cloud Platform

Coursera · Google Cloud2020

Google Cloud Platform Fundamentals · Core Infrastructure

Scrum.org2019

Professional Scrum Master I

Cisco2007 → 2009

Cisco Certified Network Associate (CCNA)

Domains

Where I operate at the frontier

From securing autonomous AI agents to underwriting cyber risk for global insurers, my work sits at the intersection of regulated industries and emerging AI.

Agentic AI Security

Securing autonomous LLM agents end-to-end: MCP servers, tool-call authorization, prompt-injection defense, sub-agent isolation, and runtime guardrails.

  • MCP
  • Claude / GPT
  • Sub-agents
  • Tool auth
  • Guardrails
Signature practice

AI Governance & Trust

Operationalizing ISO/IEC 42001, NIST AI RMF and the EU AI Act. Bringing Anthropic's AI Fluency Framework into the enterprise risk register.

  • ISO 42001
  • NIST AI RMF
  • EU AI Act
  • Model risk

Cloud Security & CSPM

Multi-cloud security architecture for AWS, Azure and GCP. Global Prisma Cloud deployment at AXA. Cloudflare estate at Thomson Reuters. Hardened blueprints, IaC and SRE practices.

  • AWS
  • Azure
  • GCP
  • Prisma
  • Cloudflare

Cyber Risk Quantification

Founder & CEO of Rankiteo, the first AI-powered cyber underwriting desktop platform. Pricing, exposure and portfolio analytics for insurers and reinsurers.

  • Rankiteo
  • CRQ
  • Underwriting
  • Actuarial AI

GRC & Compliance

ISO/IEC 27001 group certifications, SOC 2, HIPAA, DORA, NIS2, UAE & KSA PDPL. Built the GRC program at Seddiqi Holding and the BNP Paribas maturity roadmap.

  • ISO 27001
  • SOC 2
  • DORA
  • NIS2
  • PDPL

Threat Intel & Offensive

Published OWASP research in Hakin9. Pentesting, exploit prediction, attack-surface intelligence and the Rankiteo Cyber Incident Chronicle (100k+ incidents).

  • OWASP
  • Pentest
  • Threat intel
  • Hakin9
Trust by design

One architect. Every framework that matters.

From ISO/IEC 27001 to the EU AI Act, my engagements bridge engineering and regulation. I translate frameworks into deployable controls, and prove them with measurable assurance.

  • Cyber maturity 0 → 30% in <12 months for BNP Paribas Asset Management.
  • Global Prisma CSPM rollout across all AXA entities, worldwide.
  • Group ISO 27001 program at Seddiqi Holding, aligned to UAE & KSA PDPL.
  • Security architecture gatekeeper at Swiss Re & Thomson Reuters.
Career

Twelve years at the security helm of regulated enterprises

Hands-on roles, from Vice-President at Swiss Re to Deputy CISO at the BNP Paribas Asset Management group, and now CEO of an AI cyber-underwriting company.

  1. 2026 → now

    Fractional CISO · NusaVest

    Singapore · Remote

    Cyber strategy and ISMS for a Southeast-Asia asset-backed securities platform (SC Ventures · Standard Chartered).

  2. 2022 → now

    Founder & CEO · Rankiteo

    Palo Alto, California · Remote

    Building the world's first multi-OS AI cyber-underwriting desktop platform. Cyber ratings, third-party risk, exposure modeling, and MCP-native distribution to Cursor, Claude Desktop, ChatGPT and n8n.

  3. 2025 → 2026

    AI GRC Lead · Seddiqi Holding

    Dubai, UAE · Hybrid

    Group ISO/IEC 27001 certification program across the holding. Risk register, Statement of Applicability, UAE & KSA PDPL alignment for every department.

  4. 2023 → 2025

    Deputy CISO · GAMBIT / BNP Paribas Asset Management

    Liège, Belgium · Remote

    Built a NIST-based cybersecurity program from the ground up. After BNP Paribas acquisition, drove the maturity transformation from 0% to 30% within the group framework.

  5. 2023 → 2024

    Head of Cloud Security GRC & CSPM · AXA

    Paris, France · Remote

    Technical lead for the worldwide rollout of Palo Alto Prisma CSPM across every AXA entity. Aligned global standards with local regulatory constraints.

  6. 2022 → 2023

    Cloud & Product Security Lead · Thomson Reuters

    Zug, Switzerland

    Security architecture gatekeeper within enterprise architecture governance. Global Cloudflare deployment. Cyber-underwriting advisory bridging engineering and insurance.

  7. 2020 → 2022

    Vice-President · Cloud Security & GRC · Swiss Re

    Zurich, Switzerland

    Security by design across the enterprise. Architecture review for every major program. Reusable security blueprints across cloud, application and infrastructure domains.

  8. 2018 → 2019

    AI CyberSecurity Architect · Société Générale

    Paris, France

    Defined and enforced the cloud security framework for the bank. Risk-based cloud governance and security-by-design for every cloud initiative.

  9. 2015 → 2018

    Security Solutions Architect · multiple Fortune-500

    Thales · Baxter · Gemalto · Veolia · Dassault Systèmes

    Cloud migrations under PCI-DSS, HIPAA and regulated workloads. IaC, hardened blueprints, vulnerability automation, native cloud SSO.

Consulting

Hands-on consulting for AI-native enterprises

End-to-end advisory and implementation across the agentic security stack, from boardroom strategy and architecture blueprints to production-grade guardrails on Azure AI Foundry, LangGraph, NeMo, SageMaker and Prisma Cloud.

Phase 01 · Strategy

Agentic AI Security Strategy

Boardroom-level diagnostic of your AI agent estate. Target architecture, regulatory posture, and the 12-month roadmap to get there.

  • Threat model of every agent & tool call
  • Mapping to NIST AI RMF, ISO 42001, EU AI Act
  • CISO-ready risk & cost model
Phase 02 · Build

Build & Harden

Forward-deployed engineering on your stack. Guardrails, sub-agent isolation, tool authorization, Langfuse observability, shipped to production.

  • Reference architecture on Azure AI Foundry / AWS Bedrock
  • LangGraph + LangChain workflows with guardrails
  • Prisma Cloud + Cloudflare integration
Phase 03 · Assure

Audit & Assurance

Independent agentic security audit. Red-team prompt injection, tool-chain abuse, data exfiltration. Boardroom-ready evidence pack.

  • Red-team across prompt, tool & data layers
  • SOC 2 / ISO 27001 / DORA / NIS2 mapping
  • Continuous-assurance Langfuse dashboards
01

Agentic AI platforms & orchestration

02

Model serving & inference

03

Cloud security & CSPM

04

Observability, evals & guardrails

05

Governance, risk & compliance

Ready to secure your agentic platform? Initial scoping call, typically 30 minutes, no commitment.
contact@jeremycanale.com
Case Studies

Selected engagements at the frontier of agentic security

Anonymised summaries of recent missions across cyber insurance, multi-cloud security and group GRC. Details vary by industry and are kept deliberately broad to respect client confidentiality.

Cyber Insurance

AI driven cyber underwriting platform

Challenge

Insurers and reinsurers needed real time, evidence based cyber risk data to replace static questionnaires and accelerate the pricing workflow.

Approach

Designed and shipped a multi OS desktop application backed by an AI rating engine, with MCP native distribution to common assistant clients and an underlying incident intelligence corpus.

Outcome

A production grade platform recognised across the cyber insurance market.

Global Insurance Group

Worldwide CSPM rollout

Challenge

A multinational insurer operating across dozens of entities had a heterogeneous cloud security posture and no unified visibility.

Approach

Technical lead for the global deployment. Cross entity workshops, alignment of group security standards with local regulatory constraints and translation into implementable controls.

Outcome

A single CSPM signal across the entire group, with regulatory alignment per jurisdiction.

Asset Management, Tier 1 Banking

Post acquisition cyber maturity

Challenge

A newly acquired entity needed a formalised cyber programme aligned to the acquirer's group framework, with measurable, defensible evidence of progress.

Approach

Built a NIST based cybersecurity programme from the ground up. Controls, policies and procedures, risk register, structured reporting to group level stakeholders.

Outcome

Validated maturity progress within the acquirer's framework.

Diversified Holding, GCC

Group ISO 27001 certification

Challenge

A multi business holding with no unified information security management system, operating under regional data protection laws.

Approach

High level designs, application level IT risk assessments, group policy framework, Statement of Applicability, and alignment to regional regulatory requirements.

Outcome

Group wide ISO 27001 readiness with structured assurance per department.

Global Financial Information Provider

Security architecture stewardship

Challenge

A global enterprise required consistent security by design across every major digital initiative.

Approach

Acted as security architecture gatekeeper within enterprise architecture governance, with reusable blueprints across cloud, application and infrastructure domains.

Outcome

Accelerated secure delivery and stronger, more consistent control maturity.

Southeast Asia, Asset Backed Securities

Fractional CISO mandate

Challenge

An emerging investment platform needed senior cyber leadership to define its information security strategy and ISMS from day one.

Approach

Fractional CISO engagement covering target operating model, risk appetite, control catalogue and the regulatory roadmap, in coordination with a global banking parent.

Outcome

A defensible cyber posture, ready for investor and regulator scrutiny.

Publications & Recognition

A decade contributing to the public conversation

OWASP vulnerability research, an early social media search engine recognised at the highest level, and ongoing coverage of the agentic cyber underwriting work.

Manifesto

Autonomous agents need a new perimeter.

Legacy security was built for humans clicking buttons. Agents click thousands per minute, call external tools, spawn sub-agents and chain decisions across systems. The blast radius is no longer a session, it's a workflow.

My work re-anchors the perimeter at the place where intent meets execution: the tool call. I design authorization, observability and policy guardrails that make autonomous agents auditable, reversible and trustworthy at enterprise scale.

"In the agentic era, the question isn't can the AI take an action. It's should it, and can we prove it after the fact."
FAQ

Questions enterprises ask before engaging

Short answers to the questions that come up most often from boards, CISOs and AI platform teams scoping their first agentic security engagement.

What is Agentic Security and why does it matter now?

Agentic Security is the discipline of securing autonomous AI agents and the infrastructure they call into. Unlike a chatbot, an agent reasons, plans, invokes tools, spawns sub agents and chains decisions across systems. Each tool call is an executable action with real world impact, which means the security perimeter must move from the user session to the tool invocation itself. With the rapid adoption of Model Context Protocol, LangGraph, LangChain and frameworks like Azure AI Foundry, enterprises now ship agents into production faster than their security teams can catch up. Agentic Security is what closes that gap.

How does Agentic Security differ from traditional AI or LLM security?

Traditional LLM security focuses on the prompt and the model output: jailbreaks, prompt injection, hallucinations, data leakage at inference time. Agentic Security extends that perimeter to everything the agent can do once it has produced a plan, including authorization of tool calls, isolation of sub agents, observability of multi step workflows, reversibility of actions, and red teaming against tool chain abuse and data exfiltration. The blast radius is no longer a single response but an entire workflow.

What engagement models do you offer?

Three primary engagement models. Strategy: a board level diagnostic of your AI agent estate with a target architecture and a twelve month roadmap. Build: forward deployed engineering with your teams to implement guardrails, sub agent isolation, tool authorization and Langfuse observability in production. Assure: an independent agentic security audit including red teaming and a regulatory mapping pack ready for boardroom review. Fractional CISO engagements are also available for emerging platforms.

Which industries do you serve?

Regulated industries with high stakes, including banking, insurance and reinsurance, asset management, financial information providers, defense, healthcare, and the public sector. Twelve years of engagements span Europe, the GCC and Asia, with hands on experience for Swiss Re, AXA, BNP Paribas, Standard Chartered, Thomson Reuters, Société Générale, Seddiqi Holding, NusaVest, Thales, Dassault Systèmes, Veolia, Baxter and Gemalto.

Which frameworks and regulations do you align with?

ISO/IEC 42001 for AI management systems, NIST AI Risk Management Framework, and the EU AI Act for AI specific governance. ISO/IEC 27001 and 27701, SOC 2 Type II, HIPAA, PCI DSS, DORA, NIS2, and regional regimes such as UAE PDPL, KSA PDPL and GDPR for information security and data protection. Engagements consistently translate these frameworks into deployable controls rather than paperwork.

Where are you based and how do you work?

Based across Singapore, Dubai, Paris and Palo Alto, with active engagements across three continents. Most work is delivered remotely, with on site visits scoped to the engagement. Typical projects run from a few weeks for a strategy or audit, to multi quarter programmes for full builds and fractional CISO mandates.

How do we get started?

A short scoping call, typically thirty minutes, no commitment. The call clarifies your agent estate, your regulatory exposure and the outcome you need. Most engagements start with a structured diagnostic and a written proposal within ten working days.

Let's talk

Securing your agentic platform starts with a conversation.

Boards, CISOs, insurers and AI platform teams, if you're shipping autonomous agents, multi-cloud workloads, or building cyber-underwriting capability, I can help.

contact@jeremycanale.com LinkedIn
  • Singapore
  • Dubai
  • Paris
  • Palo Alto