fractional CTO
Technical partner to a founding team of physicians building a value-based care platform — architecting the stack and embedding security from the first commit.
About AlignHTC
The track record is the product.
AlignHTC is a focused technical practice, not a generalist agency. It was founded on a simple idea: health-tech founders don’t need another consultant who produces strategy decks. They need an operator who has actually built and secured the systems — and will do it again, for them.
The defining engagement
Sitka, and an acquisition that put the work to the test.
As lead DevOps and InfoSec engineer at Sitka — a venture-backed health-tech company — AlignHTC’s founder rebuilt the platform’s infrastructure as code and carried it through SOC 2 Type 2 and HIPAA compliance.
That architecture was then tested in the most demanding way possible. When Sitka was acquired by AristaMD, the infrastructure and security posture had to withstand the acquirer’s technical due diligence — the most rigorous audit a startup’s technology will ever face.
It held. That is the standard AlignHTC builds to: not “compliant enough for now,” but architecture that survives the hardest scrutiny there is.
Role
Lead DevOps & InfoSec Engineer, Sitka
Scope
IaC rebuild · SOC 2 Type 2 · HIPAA
Outcome
Passed M&A due diligence · acquired by AristaMD
The operator difference
An engineer who never stopped building.
There is a category of consultant who advises from a distance — frameworks, slide decks, recommendations handed off to someone else to implement. AlignHTC is the opposite of that.
The work is hands-on by definition. Writing the infrastructure-as-code. Configuring the AWS environments. Building the CI/CD pipelines. Implementing the controls and producing the evidence. Standing up the custom RAG tooling that answers a security questionnaire in hours instead of weeks.
That is what a founder is actually buying: not advice about the build, but the build — done by someone who has carried health-tech infrastructure through compliance, through enterprise security review, and through acquisition.
M&A technical due diligence
Built infrastructure and security architecture that passed acquisition-grade scrutiny.
SOC 2 Type 2 · HIPAA · HITRUST
Navigated all three frameworks as an engineer — implementing controls, not just advising on them.
Infrastructure as Code
Rebuilt production health-tech environments as version-controlled, reproducible IaC.
Custom AI / RAG tooling
Built RAG systems that turn policy corpora into instant security-questionnaire responses.
Where the work is now
Active engagements.
Beyond the Sitka pedigree, AlignHTC’s practice spans current and recent work with high-calibre health-tech companies — described here within the bounds of client confidentiality.
compliance engineering
Cloud infrastructure and compliance work for the team behind an FDA-authorized clinical AI platform.
developer workflow
Development and delivery workflows architected for a high-growth senior-care analytics platform.
Client identities are held confidential. Specifics — including names, where permitted — can be discussed directly on a strategy call.
Next step
Work with the operator directly.
Every engagement is led hands-on by AlignHTC's founder. The strategy session is a direct conversation — no account managers, no handoff.