Andy Laken
Fractional CTO · Security and AI for growth-stage companies
Andy Laken
Secure your business and get your team moving at the speed of AI … without a full-time hire.
Your growth-stage company deserves rigorous security without full-time IT. And you need AI enablement without hiring a dev team. I'm one person, accountable for the technical decisions that matter.
Nobody needed to own and secure your systems at first. Now it's costing you.
Kicking the security can down the road
You grew your business with a smart, lean team. It was easy to spin up email, docs, CRM, chat, payroll – no IT needed right? But your growth is exposing cracks in the foundation. You're seeing data breaches, ransomware, and hacks hitting peers and much larger companies. Do you really know your customer, financial, strategic, and other sensitive data is secure? Does anyone actually know who has access to your systems? Full-time IT doesn't pencil out at your size – so you cross your fingers and kick the can down the road.
Missing the boat on AI
Meanwhile your investors are asking about your AI strategy. The LLMs have boosted your personal productivity, but that's a long way from AI-enabling the whole operation. You know your team could be saving time and money by automating routine tasks, but where do you start? And how do you ensure data security and privacy while working with AI?
Let me own it
As a Fractional CTO I plan and implement robust security programs – so when the vendor security assessment lands in your inbox, it's no sweat. That background security anxiety? Gone. And I enable your business with secure AI workflows that free your team from rote work so they can spend more time on what actually moves the needle.
When someone owns the whole picture,
this is what changes.
Your security worries are gone
You know you’re secure, who has access to what, and what you’d do if something went wrong – all planned and documented, ongoing.
You’re actually benefiting from AI
The workflows are in place, the data is connected, and your people are spending time on work that moves the needle.
Compliance is easy
Whether it’s passing an audit or responding to a vendor security questionnaire, you don’t break a sweat – it’s already been handled.
You still don’t have a full-time CTO
You have something more useful: one senior technologist who owns the whole picture, makes the calls, and hands everything off clean.
I’ve worked with Andy for over a decade, and I've seen him deliver across a range of demanding contexts, so he was my first call when we needed a fractional CTO at Hyla. He identified important security upgrades and operational gaps and closed them fast. When sophisticated malware attacks started targeting our industry, Andy had a hardening program in place before it became our problem.
On the fundraising side, he rebuilt our pipeline from scratch, replacing spreadsheets and personal notes with an AI-enabled CRM the team actually uses.
What I trust most is his judgment: he finds the threats before they find you, and gets things done. If you're running a lean, fast-moving team that needs senior technical leadership without a full-time hire, he's your person.
Andy is one of those rare leaders who sees across technical, product, and people problems at the same time. At Extraordinary, he drove key decisions around architecture and engineering leadership that set us up to scale and serve enterprise clients effectively.
I’d recommend him to anyone who needs senior technical leadership that actually moves the business forward.
Andy has a great balance of engineering skills and people skills. He works well with other engineers and has an ease and credence with clients. His ability to think through problems and ask the right questions makes him an excellent partner.
Selected work
Protected digital asset funds from cyberattack – before it became their problem
Fractional CTO • Hyla Funds / Amphibian Capital
Digital asset firms are high-value targets – lean teams, personal devices, no IT department – and the adversaries know it. In the past year, sophisticated AI-augmented cyberattacks have spiked in the industry. Basic phishing emails have given way to Telegram account takeovers, highly personal social engineering attacks, deepfake Zoom sessions, and state-level threats. State-sponsored hackers stole over $2 billion from the crypto sector in 2025 alone.
Hyla and Amphibian Capital hired me at first to help combat phishing, but as the threat grew before our eyes – and as we saw colleagues in the industry get catastrophically hit – I declared a code red and proposed a comprehensive security program that would address immediate threats, while laying the foundation for the compliance posture an RIA requires.
The foundation: CrowdStrike EDR and Cloudflare Zero Trust. As a result, no company systems have been touched. The program is live, monitored, and ongoing.
“What I trust most is Andy’s judgment: he finds the threats before they find you, and gets things done.”
— Andrew Hoppin, CIO, Hyla Fund Management
Digital health startup: pilot to acquisition, with a full product pivot in between
Cofounder and Head of Product • CoverUS
At CoverUS I owned product and technical vision end to end – vetting and managing external dev teams, driving UX and delivery, as well as CS. The pilot iOS app exceeded user trust goals by 49% and earned 90% five-star reviews. When COVID killed the original product, I led the pivot to a prescription savings web app in four months, extending our runway.
CoverUS was acquired by HealthNow (now Extraordinary) in 2022, and I joined as CPO.
Benefits startup sandbagged by technical debt – fixed the foundation, flourishing three years later
CPO • Extraordinary
“Andy drove key decisions around architecture and engineering leadership that set us up to scale and serve enterprise clients effectively.”
— Steven Zinsli, , Extraordinary
Capabilities
Security
Defense-in-depth security controls for lean teams with real assets and real risk. A pragmatic, layered program that's documented for compliance, operational, and built to hold up against real threats.
AI, Development, and Tooling
Hybrid AI workflows that combine deterministic business logic with LLM integration, production web applications, APIs, and internal tools, with security included.
Infrastructure & Cloud
Full-stack infrastructure ownership: from cloud architecture and CI/CD to SaaS integration, tooling, and the development lifecycle, with a security mindset throughout.
Ready to secure your business and put AI to work?
About
I'm a fractional CTO and Alētheia-trained developmental coach based in Portland, Oregon. I work with growth-stage companies that have real customers, real revenue, and real risk — and no one person accountable for the technical picture.
My career has moved between two things that don't usually travel together: building and running technical programs, and working with the people who have to make decisions about them. At Acquia – a Drupal-based martech startup that grew from 120 people to over a thousand while I was there, and later sold to Vista Equity Partners – I started as an individual contributor and finished as practice director, leading senior technical consultants embedded in enterprise customer success. The job was to understand what clients were actually trying to accomplish and translate that into programs their teams could execute. That's still the job.
I co-founded a digital health startup and built an iOS app that exceeded its user trust benchmarks by 49%. When COVID killed the original model, we pivoted to a prescription savings web app in four months and got acquired. I stayed on as CPO post-acquisition, then moved into fractional work — which is where my technical skills and my founder experience finally came together in the same role.
As a developmental coach, I know that listening and emotional intelligence aren't soft skills — they're how you find the actual problem. Few problems in growth-stage companies are purely technical, and the ones that look technical often unlock through an organizational or human lens first.
I take on a small number of clients at a time. If you're talking to me, I'm the one doing the work.
