Trever Falconi

Started my IT career supporting the United States Department of the Navy at Camp Pendleton. Seventeen years later, I’m building enterprise security programs from scratch, delivering SOC 2, HITRUST certifications, and advising on FDA regulatory strategy and AI governance at one of the most regulated intersections in tech healthcare AI.

That gap isn’t luck. It’s 15+ years of learning everything the hard way across nine regulated industries: Federal/DoD, Fortune 10 healthcare, medical device AI, global gaming, financial services, insurance, manufacturing, and venture-backed startups.

I specialize in building security and compliance programs where nothing exists yet, the hardest version of this work, in the highest-stakes environments. My track record:

→ Delivered SOC 2 Type I in 4 months, solo, at a healthcare AI startup, then SOC 2 Type II and HITRUST e1 certification
→ HITRUST readiness in an FDA-regulated medical device company preparing for IPO
→ PCI-DSS compliance across international multi-jurisdiction gaming operations
→ Security architecture and compliance advisory at CVS Health during the Aetna acquisition — one of the largest healthcare mergers in U.S. history
→ Multi-cloud security architecture across AWS and OCI for HIPAA-regulated AI workloads
→ IT and security program leadership spanning DoD, Fortune 10, and venture-backed startups

Currently Director of IT Security & Operations at HOPPR, a healthcare AI company, where I own the full security and IT function, advancing ISO 42001 (AI Management System) for responsible AI governance while advising co-founders on security architecture and FDA product clearance strategy.

My mission in this work is personal. I’ve experienced firsthand what it means to have a family member navigating a healthcare system that didn’t have the right answers in time. That’s why I show up fully in healthcare technology, building the secure, trustworthy infrastructure that makes better patient outcomes possible.

Frameworks: SOC 2 · HITRUST · ISO 42001 · PCI-DSS · HIPAA · NIST · CIS Controls · FDA · DISA
Certifications: CompTIA SecurityX (Expert) · CCSK · Security+ · Network+ · Azure Fundamentals
Clearance: Former DoD (inactive)