Scott Stevenson.
LinkedIn Get in touch
Greater Toronto Area Infrastructure & Security Open to senior & leadership roles

Infrastructure and security leadership for systems that can't afford to fail.

Twenty-five years across defence, pharmaceutical and banking — at the level where the blast radius is real. Now focused on securing and building production agentic AI systems.

Get in touch View LinkedIn
Profile
// the through-line

A practitioner who has held the keys, not just managed the people who hold them.

I've spent my career inside environments where a mistake is measured in regulatory findings, downtime, or worse — FDA-validated pharmaceutical systems, security-cleared defence and aerospace programmes, and retail banking. The kind of places where you earn trust by being right about risk, consistently, for years.

I'm hands-on by instinct and senior by experience. I've held enterprise-wide administrative authority over critical estates, designed the security controls beneath them, and more recently built and secured the agentic AI systems that are starting to run real business processes. That combination — deep security ground-truth plus working agentic AI — is where I focus now.

Track record
// regulated, high-consequence
Pharmaceutical

Enterprise & root-forest authority

Part of a small core team holding Enterprise Admin and Root Forest Admin authority across a global FDA-validated estate, including large-scale Active Directory consolidation.

Defence & aerospace

Cleared infrastructure & early strong authentication

UK MoD Developed Vetting (DV) cleared. Delivered secure infrastructure for defence and aerospace programmes — including one of the earliest RSA SecurID two-factor deployments in UK defence.

Retail banking

Interim security & infrastructure

Senior interim infrastructure and security work inside major UK retail banks, in environments with strict change control and audit expectations.

Recent — commercial

Cloud migration & integration architecture

Led cloud migration, Microsoft 365 adoption and integration architecture for a multi-year engagement — and built a working LLM-driven integration between finance systems and the business.

Focus now
// security × agentic AI

Securing AI properly means understanding both sides of it.

The interesting problems now sit where autonomous AI meets real systems and real risk. I work that seam from both directions — as a hands-on security practitioner, and as someone who actually builds and runs agentic systems in production rather than just talking about them.

Hands-on security

  • Offensive practice since the BackTrack era
  • Top-percentile on hands-on skills platforms
  • CASA-certified; OSCP in progress
  • Active in the local security community

Building agentic AI

  • Production MCP integration bridging finance systems
  • Self-hosted agent infrastructure, secured end to end
  • Deterministic automation alongside agentic runtimes
  • Pragmatic about where autonomy belongs — and where it doesn't
Selected work
// a few specifics

Large-scale Active Directory consolidation

Helped unify a fragmented global directory estate into a single, governable forest under strict validation requirements.

Early two-factor authentication in UK defence

Delivered one of the earliest RSA SecurID strong-authentication deployments in the UK defence sector.

Microsoft 365 migration & incident recovery

Ran Exchange Online administration through migration, including recovery from a retention-policy incident affecting more than 160 mailboxes.

LLM-driven finance integration

Designed and shipped a working Model Context Protocol server connecting an ERP/finance platform to the business through large language models — then decommissioned it cleanly, fully documented.

Contact
// say hello

Open to senior infrastructure and security leadership roles.

If you're hiring for the place where security, infrastructure and agentic AI meet, I'd be glad to talk.

Get in touch
scott@scottstevenson.dev LinkedIn Greater Toronto Area