Stephan Hundley is the CTO and Co-Founder of Xiaotime Labs, where he builds AI-powered governance systems that turn continuous telemetry into continuous compliance. With over 20 years of experience as a CISO and IT engineering leader across finance, healthcare, manufacturing, and critical infrastructure, Stephan has led enterprise-wide Zero Trust transformations and built security programs that maintained zero severity-1 incidents for over a decade.
At Xiaotime Labs, Stephan combines deep CISO experience with full-stack engineering and AI/ML expertise to pioneer Integrated Cyber Risk Governance, a telemetry-driven approach that automates evidence collection, validates controls in real time, and transforms GRC teams from documentation factories into strategic risk advisors.
Stephan holds an MBA and MSIM from Keller Graduate School of Management and is a Certified Information Security Manager (CISM). He is a thought leader in preemptive cyber defense, AI governance, and continuous compliance automation.
We met as security practitioners working inside complex, regulated organizations, building programs from scratch, defending against real threats, and translating technical risk into board-level language.
From the advisory side, the problem became visible in a new way: the institutional knowledge that makes an operator valuable lived entirely in their head. Every tool we used forgot it the moment the session ended.
From the governance side, the same pattern appeared: organizations weren't failing audits because they were negligent. They were failing because the model was never designed for the environments they were running.
Two sides of the same problem. One platform.
Join the beta or start a conversation. We're working directly with practitioners and operators, not running a waitlist.