Continuous Cyber Risk Governance
Fractional CISO leadership and AI-powered cyber risk governance for boards that need clarity, not dashboards.
We embed with your team to build security programs that are measurable, defensible, and aligned to business outcomes — then we automate the governance that keeps them that way.
Advisory and platform-enabled governance across seven practice areas
Fractional and interim CISO leadership for organizations that need senior security direction without the full-time overhead. Board-ready reporting, program strategy, and executive alignment.
Comprehensive cyber risk assessments grounded in real telemetry, not questionnaires. We identify what matters, quantify exposure, and deliver actionable remediation roadmaps.
Design and implementation of zero trust frameworks tailored to your environment. Identity-centric security, micro-segmentation, and continuous verification.
Cloud security architecture, network hardening, endpoint protection, and infrastructure modernization. We build secure foundations that scale with your business.
Security budget development and multi-year planning that ties every dollar to risk reduction. Defensible investment strategies for boards and executive stakeholders.
Evaluate your existing security stack, eliminate redundancy, and identify gaps. Vendor-neutral recommendations that maximize the value of every tool in your portfolio.
Continuous risk posture monitoring, automated compliance evidence aggregation, and board-ready reporting with zero manual lift. Real-time control effectiveness tracking through intelligent orchestration.
Xiaotime is led by Stephan Hundley, CTO and co-founder of Xiaotime Labs, with over 20 years as a cybersecurity executive, fractional CISO, and board-level advisor across regulated industries, financial services, and critical infrastructure. CISM certified since 2016.
Stephan has built and led security programs from the ground up, served as CISO and vCISO for organizations at every stage of maturity, and guided boards through complex risk decisions. His approach is rooted in measurable outcomes: telemetry over attestation, risk context over compliance theater.
He is also the creator of ICRG (Integrated Cyber Risk Governance), an AI-enabled platform that eliminates tool sprawl and delivers continuous risk governance through intelligent orchestration. He's building the technology that solves the problems he's spent two decades managing manually.
Xiaotime Labs is our product company, building AI-powered tools that operationalize the principles we practice in advisory. Our flagship platform, Junior, is a personalized AI agent that learns how you work and makes you better at it.
Where Xiaotime brings the strategy, Xiaotime Labs builds the technology.
Visit Xiaotime Labs →Whether you need fractional CISO leadership, a risk assessment, or want to see how ICRG can automate your governance posture — let's talk.