Kinan Al Haffar — Technology & Security Executive

Where business growth, cyber risk, and responsible AI converge.

Twenty-three years building and securing global technology organizations across regulated healthcare SaaS, biotech, and financial services. Today, leading enterprise IT, cybersecurity, infrastructure, and AI governance at Reveleer. Partnering with the CEO, CFO, and Board on the decisions that earn customer trust.

Boston, MA CISSP · CRISC · CEH · PMP Available for Conversations

A career built where strategy, security, and engineering meet.

I'm an enterprise technology and security executive who spends his days at the intersection of business growth, cyber risk, compliance, and AI adoption, mostly in regulated healthcare SaaS, where getting all four right at once is the job.

I've built and scaled global technology organizations that treat security and IT as a single strategic function rather than two competing ones. I've led technology through eleven M&A integrations, advised boards on AI and cyber risk, achieved SOC 2, HITRUST, and ISO 27001 attestations, and built global teams that have outlasted the org charts I drew them on.

"Security is not a product, but a process." — Bruce Schneier

The practice areas I'm known for.

/ 01

Cybersecurity & Risk

Building defense-in-depth programs for regulated SaaS: from SOC 2 and HITRUST attestation through executive cyber risk reporting and incident response readiness.

CISOSOC 2HITRUSTISO 27001XDR · IAM · SASE

/ 02

M&A Integration

Eleven integrations led end-to-end across identity, devices, collaboration, security tooling, and cultural alignment. The work that turns a deal into an operating company.

Due DiligenceDay-1 ReadinessIdentity MigrationPE-Backed

/ 03

AI Governance & Adoption

Standing up AI policy, agent governance, and PHI-safe usage frameworks. Pairing employee enablement with the controls Legal, Compliance, and customers need to see.

AI PolicyAgent GovernanceBAA StrategyLLM Deployment

/ 04

Cloud & Infrastructure

Modern, multi-cloud architectures with disaster recovery built in across AWS, Azure, and GCP. Containerized microservices, managed databases, and serverless workloads.

AWS · Azure · GCPEKSDevOpsDR & BCP

/ 05

IT Strategy & Operations

Translating business strategy into technology roadmaps, vendor portfolios, and the unglamorous operational discipline that lets a SaaS platform scale without breaking.

Budgets to $25MVendor StrategyITSMKPIs & SLAs

/ 06

Executive Partnership

Board-level reporting on cyber and AI risk. Day-to-day partnership with CEO, CFO, GC, and Compliance. Translating technical reality into the language executives use to decide.

Board ReportingCompliance CmteCEO/CFO Partner

A path through the regulated end of technology.

2023 — Present

VP, IT, Security & Infrastructure / CISOReveleer · Glendale, CA

Healthcare SaaS. Lead IT Operations, SecOps, Compliance, and DevOps. Concurrent CISO and Privacy & Data Protection Officer. Board Compliance Committee partner.

2022 — 2023

VP, IT & Infrastructure / CIODotmatics · Boston, MA

Recruited to modernize legacy stack and lead cloud-first transition. Global responsibility across 14 locations and 1,000+ employees. M&A integration leadership.

2018 — 2022

VP, IT & Production Support / CISOCareMetx · Boston, MA

Rebuilt IT/DevOps; turned IT into a true business partner. Secured and scaled the Resilix SaaS platform across 17 locations and 1,500+ employees. 13 direct reports.

2016 — 2018

IT Operations ManagerAbiomed · Danvers, MA

Filled the IT leadership vacuum and rebuilt the function. Global operations across US, Germany, and Japan supporting 1,700+ employees. 16 direct reports.

2013 — 2016

Senior Systems Engineering RolesClean Harbors · Boston Helpdesk

Senior systems engineering across complex enterprise infrastructure programs and consultative client engagements.

2003 — 2012

Earlier CareerBank Audi · MHG International · SKIC · Others

Foundational years across banking, insurance, and group IT leadership in Damascus, including IT Group Manager owning architecture, security, and vendor strategy for the holding.

Certifications and academic foundation.

CISSP

ISC² · Security Professional

CRISC

ISACA · Risk & Information Systems Control

CEH

EC-Council · Ethical Hacker

PMP

PMI · Project Management Professional

Executive & Academic Education

Executive Certificate, Management & Leadership

MIT Sloan School of Management

Professional Certificate, Leadership & Communication

HarvardX

Master of Management, Information Technology

Charles Sturt University · Australia

Bachelor of Humanitarian Science, History

Damascus University · Syria

Notes on security, AI, and the executive seat.

Featured · Field Note Compliance

Closing the BYOD Gap Without Breaking the Employee Experience

Why Microsoft Intune MAM paired with Conditional Access tends to be the right shape of answer for HITRUST mobile device control, without the customer-service disaster of full MDM.

Read on LinkedIn

Essay AI Governance

Building an AI Governance Program That Survives First Contact

Standing up AI policy and agent governance inside a regulated healthcare SaaS, including the PHI and BAA nuances most enablement-first programs miss until it's expensive to fix.

Coming soon

Playbook M&A

Eleven Integrations In: A CIO's Day-1 Checklist

The things you only learn after the fifth or sixth integration: identity, devices, security tooling, and the cultural work no due-diligence binder mentions.

Coming soon

What others have said.

In our time working together, Kinan and I built a strong, collaborative partnership that squared security and technology into two complementary yet independent functions. The CIO of the future comes with a strong security mind, and Kinan has and does exactly that.

Daniel Ayala Chief Security & Trust Officer · Dotmatics

Kinan has built and strengthened the backbone of HCS's security with incredible tenacity and unwavering focus. He led his team through a grueling SOC 2 Type 2 certification, cementing our clients' trust in our platform, security, and data management.

Gil Dror Chief Technology Officer · Human Care Systems

Kinan gave me excellent security advice to help me prepare my company for an IPO. He identified security issues I did not realize I had, and his explanations opened my eyes to a lot of new security topics. I was able to plug many security holes thanks to him.

Steve Ariza Principal Software Architect · 908 Devices

Where business growth, cyber risk, and responsible AI converge.

A career built where strategy, security, and engineering meet.

The practice areas I'm known for.

A path through the regulated end of technology.

Certifications and academic foundation.

Notes on security, AI, and the executive seat.

Closing the BYOD Gap Without Breaking the Employee Experience

Building an AI Governance Program That Survives First Contact

Eleven Integrations In: A CIO's Day-1 Checklist

What others have said.

For executive search, board work, and serious conversations.