David J. Drake

I started in technology in the mid-1990s — freelance web development during the early days of the internet, then moving into professional roles in web application development, IT, and management. In 2010, I joined Chargebacks911 as its first developer when the company was 12 people.

Over 15 years, I built and led the development team (growing it to 12 engineers), then transitioned into forming and scaling the IT organization. After years of working closely with our compliance leadership, I recognized an opportunity to bring the security and compliance function under long-tenured, cross-functional leadership. I pursued my CISM certification, stepped into the role, and have owned the program since — bringing deep organizational context and cross-functional technical experience to the role.

Today I hold dual Director roles across three entities, personally owning PCI DSS Level 1, SOC 2 Type II, ISO 27001 ISMS, GDPR, HIPAA, and cross-border data compliance programs — while managing cloud infrastructure, security architecture, incident response, vendor risk, with a lean team of 8 and no MSSP dependency.

What I've Built

• ›Software development team — hired, scaled to 12 engineers, delivered core SaaS platform
• ›IT organization — infrastructure, helpdesk, vendor management across US, UK, and India
• ›DevOps practice — CI/CD, AWS architecture, deployment automation
• ›Compliance program — assumed ownership and matured PCI DSS L1, SOC 2 Type II, ISO 27001, GDPR, HIPAA across three entities
• ›Greenfield ISMS — built a sister entity's entire security and compliance program from zero
• ›Global privacy program — 7 frameworks across 5 regions (EU, UK, Canada, Brazil, APAC)

Credentials

• ›CISM — Certified Information Security Manager
• ›CISSP — In Progress
• ›B.S. Cloud & Network Engineering — In Progress
• ›25+ years professional technology experience