Paul Merrison

Chief Information Security Officer, Speaker & AI Governance Leader

I'm a business-focused and technically adept CISO with a proven track record of building and leading comprehensive security and compliance programs. Currently serving as CISO at Tetrate, I'm a recognized thought leader in AI Governance and security, actively shaping industry standards through FINOS and engaging with Financial Services organizations on AI adoption strategies. In October 2025, I received the FINOS Newcomer Award for my contributions to open source AI governance. I combine executive-level security strategy with hands-on experience in cloud-native technologies, DevSecOps, and open-source communities including Istio and Envoy.

View LinkedIn Profile Speaking Engagements

Featured Speaking Engagements

View all talks →

October 21, 2025

FINOS OSFF NY 2025 New York, USA

Bridging AI Governance and Cloud Infrastructure

How to use FINOS CALM architecture-as-code to implement re-usable deployment patterns for AI in financial services

October 20, 2025

FINOS Workshops Microsoft, NY, USA

Designing an Agentic AI Reference Architecture for Financial Services

Multiple three hour workshops where I guided attendees through the process of brainstorming and developing an AI reference architecture for financial services institutions.

September 22, 2025

APIDays London 2025 London, UK

Beyond Compliance Theater: Building Production-Ready AI Governance with Multi-Agent Workflows

How to build executable governance, transforming abstract policies into resilient, auditable code.

Featured Writing

View all articles →

October 21, 2025 Tetrate Blog

Visualizing AI Governance: Why We Built a Modern CALM Tool ↗

Tetrate developed a modern visualization tool for FINOS CALM to address the critical gap between AI governance frameworks and their practical implementation.

AI GovernanceFINOSCALMCompliance

October 16, 2025 Tetrate Blog

AI Governance for CISOs: Securing SaaS AI Deployment ↗

A practical guide for Chief Information Security Officers on implementing controls for governing distributed AI tools across enterprise SaaS applications.

AI GovernanceCISOSaaSSecurity

October 1, 2025 Tetrate Blog

Securing the MCP Supply Chain: A New Approach to Agentic AI Governance ↗

Examining how agentic AI systems depending on third-party Model Context Protocol (MCP) services face unique security challenges and proposing infrastructure-level governance solutions.

AI GovernanceMCPSupply Chain SecurityAgentic AI

Recent Blog Posts

View all posts →

November 4, 2025

OpenAI's Long Term Model Is...

An agent for everything?

aibusiness

October 31, 2025

Aardvark could be great - if it can really understand threat models

Who ever really trusted SCA anyway?

aiappsec