A complete CTO function. Without the partner-track salary line.

Local-first AI installation on partner machines. Architectural design that ensures the underlying duty of confidentiality (Rule 1.6, Cal RPC 1.6, and parallel state rules) is preserved by the technology itself, not just by policy. Citation-grade output with primary-source verification. Audit logs that survive a Bar discipline inquiry.

• Local AI workstation install (the Knight Legal AI deployment is the productized version of this)
• RAG pipeline against the firm's matter library, with per-matter access isolation
• Prompt audit log + verification protocol training
• Custom integrations with iManage, NetDocuments, SharePoint, Clio
• Quarterly model and prompt refresh as the underlying models evolve

// when you'd hire me for this

Your associates are pasting privileged work into ChatGPT. Or your partners want to use AI but ethics counsel is uncomfortable with the SaaS tools. Or you've already bought Harvey/CoCounsel and want a defensible second layer that handles the matters those tools can't touch.

Migration off whatever the firm has been limping along on. Practice management (Clio / MyCase / PracticePanther / Smokeball / Filevine), document management (iManage / NetDocuments / SharePoint), billing (Tabs3 / Soluno / TimeSolv), e-signature (DocuSign / Adobe Sign), client portals, conflict checking, calendaring. Picking the right combination for your firm size, practice mix, and revenue model — without referral fees.

• Full audit of current tech stack and contracts
• Vendor selection scored against a 60-question evaluation framework
• Data migration plan with rollback contingencies
• Six-to-twelve week migration with weekly demos
• Training plan for attorneys, paralegals, and support staff

// when you'd hire me for this

The current setup is held together with duct tape. The Office Manager is the only one who understands the workflow. Your billable hour leakage is real but invisible. Or you're growing and the stack that worked at 5 attorneys does not work at 25.

Independent evaluation of every vendor the firm pays for or is considering. Read the actual Master Service Agreement, not the sales deck. Decode the data-residency clause, the breach-notification timeline, the indemnification carve-outs, the model-improvement language. Score against a defensible framework. Tell you which ones to negotiate, which to walk away from, and what specific clauses to flag to your insurance carrier.

• RFP design and oversight
• TOS / DPA / BAA review with engineering interpretation
• Reference calls with comparable firms (not vendor-furnished references)
• Comparative pricing analysis with three-year TCO
• Negotiation support: term sheets, redlines, fallback positions

// when you'd hire me for this

You're about to sign a six-figure contract and want a real second opinion. Or you signed one a year ago and the renewal is up. Or your IT person quit and the vendor relationships are now your problem.

Translation between what regulators / courts / insurance carriers expect and what your IT environment actually does. ABA Model Rule 1.6 / 5.3 / 1.4 / 1.5 oversight. Encryption posture audit. Breach response playbook drafted before you need it. SOC 2 Type 2 readiness for firms that need it (typically 250+ attorneys, or smaller firms with enterprise clients who require it). HIPAA, CCPA, GDPR exposure mapped to specific matters.

• Annual security and compliance posture review presented to partners
• Incident response plan + tabletop exercise
• SOC 2 readiness assessment and remediation
• Cyber insurance application support (the form alone is 40+ pages)
• Drafted firm AI policy (see the public template)

// when you'd hire me for this

Your client just sent a 12-page security questionnaire. Or your cyber insurance renewal came back at 3x the premium. Or a partner wants to know "are we exposed?" and nobody can answer.

Cloud strategy that matches the firm's actual risk tolerance, not the IT vendor's preferred margins. Cost optimization (most firms overspend on cloud by 30–50% from forgotten resources, oversized instances, and stale licenses). Disaster recovery and business continuity that actually works when tested. Hybrid posture for firms with a real reason to keep some workloads on-prem (sealed records, M&A war rooms, jurisdictional data residency).

• Cloud cost audit and optimization (typical first-year savings: 25–40%)
• Disaster recovery design and quarterly test
• Identity and access management consolidation
• Endpoint device management (MDM) policy and rollout
• VPN, zero-trust network, remote-work posture for distributed firms

// when you'd hire me for this

Your AWS bill is going up every month and nobody knows why. Or you had a "ransomware close call" and the IT vendor's plan turned out to be one Excel file. Or the firm is acquiring and the two stacks need to converge.

The Clio-to-QuickBooks-to-DocuSign-to-Outlook work that nobody on your IT team is willing to take on. The bespoke automations that 50 hours of attorney time per month flow through. The edge-case workflows that the off-the-shelf tool doesn't quite cover, and that the vendor's "implementation specialist" has never built.

• API integrations between practice management, billing, document, and client systems
• Workflow automation (intake → conflict check → engagement letter → matter open)
• Document automation and assembly
• Reporting dashboards (real-time, not the vendor's stale exports)
• Matter-specific custom apps when the workflow justifies it

// when you'd hire me for this

The same data is being typed three times by three different people. Or the office manager has a "system" of color-coded spreadsheets that the firm cannot survive without. Or you tried to hire a developer once and it ended badly.

Most law firms hire engineers the way they hire associates — and it does not work. Engineering hiring requires technical interviews, reference calls about code quality, and comp benchmarking against the actual market the engineer is in (which is not legal). I run the technical interview, do the reference calls, sanity-check the comp, and tell you whether the candidate can ship the work you need shipped.

• Job description writing (the JD itself is usually the problem)
• Technical interview design and execution
• Coding-exercise design and grading (calibrated for the work the firm needs)
• Reference calls with prior engineering managers
• Compensation benchmarking against actual market data

// when you'd hire me for this

Your last in-house developer left after 9 months and you're not sure why. Or you have a budget approved for a senior engineer and you don't know how to evaluate one. Or you're considering a $300K hire and want a second opinion on the candidate before the offer goes out.

A three-year hardware, software, security, and AI roadmap presented to the partnership in a deck the partners actually read. Tied to the firm's growth model — not generic vendor wishlists. Includes a budget that rolls up to the firm's actual P&L, with capex / opex / amortization handled correctly. Updated quarterly with the year's lessons baked in.

• Annual partner-meeting tech presentation (the deck + the room)
• Three-year tech budget tied to firm growth
• Quarterly executive updates to the Managing Partner
• Vendor renewal calendar with negotiation triggers
• M&A technology diligence when the firm is acquiring or being acquired

// when you'd hire me for this

The Managing Partner wants a tech strategy and the IT vendor's "strategy" is selling you more of their products. Or you're approaching a generational transition and the next generation of partners has different expectations. Or you're in the middle of an M&A discussion and the diligence on your tech stack is going badly.