# Christopher Hernandez **AI Team Lead | Dubai, UAE***Building the AI infrastructure that actually runs the future of fintech — Security, Compliance, Finance & Beyond* ## About Most people talk about AI transformation. I build it, ship it, and make it scale. Operating out of Dubai as AI Team Lead at one of the world's largest fintech platforms, I architect and deliver production-grade, multi-agent AI systems across Security, Compliance, Finance, and Antifraud — at a pace and depth that most organizations treat as a multi-year roadmap. I don't just lead a team; I set the engineering standards, design the infrastructure, write the code, and ship the systems myself. From autonomous SOC operations to real-time compliance automation to org-wide AI cost intelligence — my work doesn't live in demo environments. It runs in production, it moves real metrics, and it solves problems that actually matter. ## Core Expertise - **Security AI (SecAI):** Designing AI-native SOC infrastructure from scratch — autonomous anomaly detection, ML-driven behavioral baselines, and LLM agents that investigate, correlate, and *respond* to threats without human bottlenecks. - **Agent Infrastructure & Identity:** Architecting the authentication and authorization layer for the entire multi-agent ecosystem. Built the Agent Auth Hub — a production microservice managing agent identity, keyless AWS/GCP federation via Workload Identity, Okta group-based RBAC, and cryptographically signed token flows. Zero static credentials. Zero credential sprawl. Every bot, every agent, locked down. - **Compliance & Finance AI:** Shipping a full suite of multi-agent systems covering KYC, EDD, transaction monitoring, IFTR automation, sanctions screening, and regulatory horizon scanning across dozens of jurisdictions. - **AI Cost Intelligence:** Built a full-stack AI Cost Tracking & Optimization platform from the ground up — multi-provider ingestion pipelines (OpenAI, Anthropic, Gemini, Cursor, Claude Code), a dynamic live pricing engine, anomaly detection with smart spike vs. model-shift classification, department-level spend dashboards, auto API key detection with Slack alerting, and a public API layer with scoped key management. Then deployed an autonomous AI agent (Ziggy) on top of it to investigate high spend and coach the team on model efficiency. - **Cloud Infrastructure & Architecture:** Deep GCP/GKE expertise, Cloudflare Zero Trust provisioning, Kubernetes deployments, CloudSQL, BigQuery, Redis, and multi-tenant LLM infrastructure with RAG, RBAC, and full audit trails baked in. Set and enforced org-wide engineering standards across the entire AI division. - **Business Automation & Intelligence:** Engineering high-leverage SaaS intelligence layers, predictive contract management, vendor risk automation, and fraud detection pipelines. ## What I've Actually Built **🔐 Security & Identity Infrastructure** - **Agent Auth Hub** — Production microservice managing agent identity and authorization across AWS and GCP. Keyless authentication via Workload Identity Federation, Okta group RBAC, cryptographic token flows, Static IP egress via Cloud NAT. Eliminated credential sprawl org-wide and became the mandated auth standard for all Slack bots and AI agents. - **Next-Gen AI SOC** — Designed from the ground up for full operational autonomy: AI-driven detection, correlation engine, behavioral baseline modeling with Isolation Forest, and end-to-end incident response in a single pipeline. - **Harvey** — Autonomous AI alert closure agent running live in the SOC, monitoring channels and closing security alerts without human intervention. - **IAM Backoffice** — AI-powered identity management platform with RBAC/BRAC data on PostgreSQL, Sage sync, Okta integration, and a machine learning model for over-provisioning detection. Now the access control backbone for the org. - **GRC Dashboard** — Full modernization of the Governance, Risk & Compliance dashboard. Migrated backend from Flask/SQLite to FastAPI/PostgreSQL, redesigned UI, integrated system scoring and real-time risk visualizations. - **Vendiant** — AI vendor risk management platform, live at vendiant.deriv.dev. - **Threat Intelligence Platform** — Integrated multi-source threat intelligence with an AI analysis engine, feeding directly into other security projects like Techmapper. - **System Update Radar** — Real-time intelligence on security configuration changes across Okta, Cloudflare, and GCP, with AI-driven risk assessment. - **Endpoint Verifier** — Cloud instance protection monitoring across CrowdStrike and Qualys, with automated alerts for unprotected assets. - **Slack PII Watchdog** — ML/LLM-based PII detection pipeline scanning Slack channels and alerting the security team on potential data leaks. - **Fake PoT Classifier** — Proof-of-transaction fraud classifier with bounding box detection, live at pot-classifier.deriv.dev. - **LLM Security Layer** — Achieved 78% accuracy on blocked malicious requests, with Gemini Flash integration targeting sub-150ms response thresholds. **🧠 AI Cost Intelligence** - **AI Cost Tracking & Optimization Platform** — Full-stack platform tracking AI spend across OpenAI, Anthropic, Gemini, Cursor, and Claude Code. Features: multi-provider ingestion, dynamic live pricing engine, anomaly detection (spike vs. model-shift classification), department-level dashboards, API key auto-detection, Slack alerting, scoped public API layer, and immutable historical pricing. Live at [ai-cost-tracking.deriv.dev](https://ai-cost-tracking.deriv.dev/). - **Ziggy the Inference Optimizer** — Autonomous AI agent deployed on top of the cost platform. Handles repo mapping for API keys, investigates anomalous spend, questions users directly in Slack, and performs automated code analysis to identify model efficiency improvements. **⚙️ Platform & Org Infrastructure** - **Omnitrix** — Enterprise agent management platform with full lifecycle controls, per-user RAG knowledge base buckets, and real-time deployment monitoring. Migrated to GCP with dedicated Cloud Run instances. - **AI Finance Hub** — Centralized portal overseeing 8+ live AI Finance projects with interactive project cards, real-time status, Slack channel access, and Cloudflare Zero Trust authentication. - **AI Compliance Hub** — Centralized portal for all compliance automation projects across KYC, AML, sanctions screening, and regulatory monitoring. - **Holt** — AI investigation agent that cut complaint resolution time from 4–8 hours down to 5–10 minutes — a 98% reduction. - **Cloudflare Zero Trust Automation** — Custom provisioning scripts for full-stack tunnel, DNS, routing, and Okta OIDC policy deployment across the org. - **Deriv AI Engineering Standard** — Authored and enforced the org-wide engineering standardization guide covering tech stack (Next.js, FastAPI, PostgreSQL/CloudSQL), auth standards (Cloudflare Zero Trust + Agent Auth Hub), CI/CD pipelines (GitHub → Cloud Build → Cloud Deploy → GKE), logging standards, Kubernetes monitoring baselines, and secret management. Rolled out across Security, Compliance, and Finance AI teams. ## Professional Experience **AI Team Lead — Deriv (Dubai, UAE)** Leading a multi-disciplinary AI engineering org spanning Security, Compliance, Finance, and Antifraud. Overseeing 30+ production AI projects, managing a growing team of AI engineers across multiple domains, setting org-wide infrastructure and engineering standards, and personally shipping systems that move metrics that actually matter. - Hosted the **Dubai AI Community** - Ran the **Agentic AI Hackathon** alongside lablab.ai - Featured on the **Tech Laughs & Bytes podcast** discussing autonomous SOC operations, LLM-driven threat response, and the future of AI-native security ## Presence & Contact - Location: Dubai, United Arab Emirates - LinkedIn: https://www.linkedin.com/in/christopher-hernandez-94196049/