David Ornstein

Principal Security Architect & Project Lead · SIGMA (CISO)

Conceived and built Indra, an AI-first app platform inside Microsoft’s CISO organization. Indra solves a fundamental problem: security knowledge across dozens of CISO domains is fragmented across dashboards, Kusto queries, and engineers’ heads — inaccessible to leaders who need a cross-domain view, and invisible to AI. Indra gives SIGMA engineers the building blocks to turn their security expertise into tools the whole organization can use, and gives deputy CISOs a unified view of posture across verticals.

Lead Indra as its sole human architect, working daily alongside a team of eight specialized AI agents built as GitHub Copilot custom agents — each owning a distinct domain: engineering lifecycle, strategy, security review, narrative, builder advocacy, live demos, and editorial. The platform provides unified security reporting dashboards, a natural-language AI agent over security data, Kusto query integration under real user identity, Power BI embedding with pass-through permissions, an app hosting ecosystem for SIGMA engineers, and a full CI/CD pipeline with multi-environment promotion.

Deployed across dev, pre-production, and production environments. Unified Security Reporting dashboards ready for dCISO adoption. Proving the AI-native super-IC model: one architect sustaining a full platform ecosystem — architecture, code, documentation, strategy, and operations — with the throughput of a full engineering org.

Principal Engineering Manager / Senior Director · Assurance Engineering

Conceived and led Liquid, Microsoft's internal platform for continuous security assurance. Assembled a 20+ person Deep Engineering team to automate the SDL and compliance processes. Architected automated policy scanners, code compliance pipelines, and a unified dashboard. Co-incubated CodeQL Central for company-wide code analysis. Established the unified Security Bugs S360 KPI tracking vulnerabilities across 1,200+ repos and ~18,000 services. In parallel, drove the full Liquid team — PMs and engineers alike — toward AI-accelerated development practices, demonstrating AI-augmented workflows for design, coding, and analysis that became a model for the broader organization.

Automated SDL compliance for 8,000+ services company-wide. Transformed Microsoft's assurance from manual attestations to data-driven continuous monitoring. Executive acclaim for "incredible impact" on the security engineering ecosystem.

Chief of Staff · Trustworthy Computing (TwC)

Coordinated security initiatives across Microsoft as right-hand to CVP Scott Charney. Unified assurance programs spanning security reviews, SDL, and privacy across divisions. Shifted focus from pure compliance checklists to proactive security assurance. Managed executive communications and security review follow-ups. Oversaw TwC's reorganization into CELA in 2014.

Drove SDL requirements integration and incident response improvements. Elevated Microsoft's overall security posture and helped evolve the culture from compliance to secure-by-design.

Director, Compliance Engineering · Engineering Excellence

Ensured engineering teams complied with mandatory policies and DOJ antitrust consent decree requirements. Developed APIscan and CheckPoint Express to verify API compliance. Established company-wide governance processes for policy design, tracking, enforcement, and training. Managed program budget exceeding $10M annually.

Achieved full compliance with DOJ consent decree with no violations. Compliance frameworks became standard engineering workflow across the company.

Lead Program Manager · Digital Documents, Windows

Led the cross-team initiative to develop the XML Paper Specification — coordinating between Windows and Office teams. Architected and evangelized the format, championed document standards bridging internal and external efforts. Built and led the team that shipped Rights Management Add-on for IE. Filed 12+ patent applications as primary inventor.

Shipped XPS as a core document format in Windows and Office 2007. Strengthened Microsoft's IP portfolio with 12+ granted patents for document and security innovations.

Architect · Emerging Technologies

Applied startup e-book expertise to Microsoft's digital reading initiatives, contributing to Microsoft Reader architecture and DRM for e-books. Built FlexWiki, a wiki engine in C#/.NET that became one of the most widely used internal collaboration tools.

FlexWiki grew to 1,000+ instances inside Microsoft, fostering knowledge sharing years before tools like Confluence. Later released as open source.

President & Board Member

Led a 100+ member international trade and standards organization. Facilitated collaboration among major tech companies and publishers to create Open eBook Publication Structure — the XML-based standard for eBook content. Defined strategic plans, negotiated organizational partnerships, and managed frameworks for electronic publishing and digital rights management.

Published the first open eBook format specifications, laying groundwork for EPUB — now the dominant open standard for eBooks worldwide.

Director of Software Development → Chief Technical Officer

Led engineering for the Rocket eBook device software, secure content distribution system, and desktop software. Defined technical strategy and product roadmap. Built the development team and methodology. Promoted to CTO after successful product launch.

Launched the Rocket eBook in 1998 — a 22-ounce handheld holding ~55,000 pages. NuvoMedia acquired by Gemstar in 2000 for $200M, validating the e-book market.

CTO

Led cross-organization team of 12 who developed and launched eBookNet.com, described at launch as the world's largest eBook portal. Co-authored drafts of the Open eBook Publication Structure standard. Managed IP portfolio.

Founder, President & CEO

Founded and led a web-tools startup building an object-oriented web programming language with SGML syntax (predating XML). Recruited executive team, secured multiple rounds of angel investment, and wrote substantial portions of the ~100,000-line C++ codebase.

Grew to 10 employees in addition to consultants and attracted ~5,000 customers. Established reputation as an innovative technology entrepreneur.

Consulting in OO technology, primarily Smalltalk. Clients included OOCL (international shipping) and Lockheed. Services included mentoring, design pattern coaching, and hands-on implementation.

Member of Technical Staff · Mountain View, CA

Architected and built the first versions of LongView's framework-based derivatives trading systems in VisualWorks Smalltalk. Built a direct-manipulation UI with drag-drop, templates, and folders. Designed persistence layer using GemStone object database.

Director of Development & Chief Architect · San Jose, CA

Led development of Excelerator II, a large OS/2-based CASE tool, and its LAN repository. Managed a bi-coastal team of 12. Built a pioneering interface between relational databases and Smalltalk's world. Created an ER data model compiler producing production-grade relational schemas.

Chief Architect, Corporate Technology · Rockville, MD & Santa Clara, CA

Coordinated technology across INTERSOLV's four development centers. Led technical due diligence for successful acquisitions of Visual Software and Polytron Corp. Built the company's first internet-to-internal email gateway.

Chairman · ANSI/EIA Technical Committee

Chaired the CASE Data Interchange Format standards committee with ~30 voting members and 500+ on its mailing list. Completed and published the first version of the standard, including a two-volume entity-relationship model with over 700 entities and relationships.

Chief Architect, PC Product Development · Rockville, MD

Responsible for all PC-related technology. Built ER diagramming tools in Smalltalk. Conceived and implemented CRTS, a 100K+ line set of OS extensions and development tools for DOS. Proposed and built a 20-station LAN that eventually grew to span 7 states and 2 countries.

Member of Technical Staff · S. Natick, MA

Developed functional specifications and prototypes for multi-user software products. Led research into text management systems, text databases, and archival systems. Involved in due diligence for multiple acquisitions.

Project Manager · E. Hartford, CT

Managed the OEM/International group for Multimate's word-processing system. Ported the product to the Zenith Z-100 (for a US Air Force contract at the Pentagon) and the HP Portable Plus, making it run from ROM cartridges. Contributed to architectural design for next-generation products.

Member of Technical Team · Middlebury, CT

Worked across hardware and software teams developing the Timex/Sinclair 2000. Designed a memory bank-switching mechanism and a semi-custom chip to implement it. Authored the complete technical manual for third-party developers. Patented the bank switching memory system.

Founder & President · Newton, MA

Founded a technical services company for the Sinclair computing community. The only authorized Sinclair technical service center in the US. ~$50K revenue with ~40% pre-tax profit.

Manager of Technical Services · Boston, MA

One of the earliest employees at Sinclair's US operation, starting part-time before the ZX80 had even launched. Managed a team providing written support, telephone support, and machine repair services to ~300 customers per month.