What we do

Founded in 2007, Level Nine is an exclusive cybersecurity consultancy with a primary focus on healthcare.

Our selective client list enables us to form deep relationships that drive unrivaled quality through an intimate understanding of the business and long-term strategic partnerships.

We provide uncommon strategic insight and practical solutions that help our clients develop cybersecurity programs that unlock digital potential.

What we value


We take time to understand the way things are, by challenging assumptions and status quos, so that we can reveal the spaces of what could be.


We integrate perspective and experiences outside of the disciplines of technology and risk management to discover possibilities others would not have considered.


We make complex cybersecurity topics approachable, identifying and elevating what's essential to relieve the exhaustion and overwhelm of cyber risk decision making.


We are vendor neutral and discrete in our engagements which enables us to provide expertise with integrity, free from brand building or salesmanship.


We consider aesthetic an important part of everything we make because how a person experiences information changes what they can do with it.


We work for and on behalf of people because we want to make a better world, not just a more profitable one.

Who we are

Level Nine is a consortium of highly-skilled and multi-disciplinary individuals. Our team offers diverse perspectives that allow us to craft innovative and holistic solutions.

Our clients receive the highest value from advisors who are passionate about what they do and enjoy the projects they engage. Level Nine takes care to match each client with individuals possessing the specialized knowledge and team chemistry to ensure success. As a result, many of our clients form close, enduring professional relationships with Level Nine team members.

John Jiang

John is the founder and managing principal of Level Nine. Before founding Level Nine, he was with the financial service practice at PricewaterhouseCoopers LLP in New York. He was instrumental in creating and bringing to market a set of key cybersecurity services as co-leader for the firm's Threat and Vulnerability Management practice in the US. As a thought leader, he has shaped cybersecurity programs at several leading financial services firms.

Before PricewaterhouseCoopers, John was the first Chief Security Officer and co-head of IT operations at the Guardian Life Insurance Company of America. John joined Guardian from CrossLogix in 2001, an enterprise software start-up acquired by BEA Systems.

Jason Sinchak

Jason leads Level Nine's Product Security and Threat Management practice. Jason began his career as a penetration tester and has brought that attacker mindset along with him for over a decade of advising Fortune 500 organizations. His cross-discipline product and enterprise security expertise has helped healthcare companies develop innovative and pragmatic methods to solve complex security problems.

Jason is regularly sought out as an advisor, keynote speaker, and industry commentator who is able to connect the deep technical aspects of security with insight at an executive decision-making level. During his career, Jason has published numerous zero-day exploits, authored publications on cybersecurity, given talks at major industry conferences, given insight on high-profile cybersecurity news, and developed suites of tools for offensive security and behavioral biometric encryption.

Nic Harris

Nic leads Level Nine's Strategy and Risk Management practice. He blends professional knowledge of design, risk modeling, and risk management to improve cybersecurity decision making. His work has been enjoyed from board rooms to TV screens across the world. As a designer for television and events, Nic honed the art of storytelling and using aesthetics to connect with an audience and now teaches those concepts to technology executives.

Nic is consistently recognized for his aptitude in applying design thinking concepts to traditionally non-creative disciplines like risk management. His human-centered and intuitive approach has helped technology leaders explore and explain complex topics of risk quantification and qualification.

Fueled by insatiable curiosity and the pursuit of simplicity Nic has helped organizations with novel approaches to modeling, analyzing, and presenting their impact on the business and our society.

Pushkar Srivastava

Pushkar is a technology professional with 33 years of work experience in the secure engineering, design and manufacture of state of the art information systems. He has delivered technology solutions and consulting services to Fortune 500 clients in a broad range of verticals, including the healthcare, retail, telecommunications and financial industries. His areas of expertise include cybersecurity governance, management, and architecture frameworks, as well as enterprise architecture, solution and network architecture, and all aspects of software development. He holds certifications as an ISC2 CISSP, CompTIA Network+, CA Siteminder and Sun Certified Enterprise Architecture professional. Pushkar attended the University of Illinois at Urbana-Champaign and received his Bachelor's degree in Computer Engineering from UIUC in 1987. He resides in the Chicago area and enjoys outdoor activities and family vacations.

Ty Bodell

In addition to traditional penetration testing of applications and networks, Ty has 15 years of experience researching and testing mission critical Industrial Control Systems (ISC), operational technology, and medical devices. Ty has discovered hundreds of zero-day exploits and is a respected industry contributor. Ty’s advanced low-level hardware and software experience is a strong assets that is employed across Level Nine engagements.

Sam Granger

Sam has over nine years of experience providing IT security and data protection services to companies across industries in the U.S. and New Zealand. His areas of expertise include web application security, embedded security, penetration testing, threat modeling, security attestations, control assessments, and risk management.

Rakesh Sharma

Rakesh leads Level Nine’s CISO Advisory services, focusing on Financial Management, Project, Program & Portfolio Management, and Operational Integrity. He manages large-scale, multi-year transformations of cybersecurity organizations, ensuring the business receives the maximum value from their investments. His approach focuses heavily on communication, pairing alignment and appropriate visibility with actionable data for executive decision making.

Before joining Level Nine, Rakesh spent 20+ years in hands-on IT and Executive positions with the largest financial exchanges in the world and was instrumental in the transition from floor to electronic trading of derivatives.

Garth Nichols

Garth has over 24 years of IT technical, risk management, cybersecurity and strategy experience within heavily regulated industries. He is a sought-after executive in the Insurance and Healthcare industries developing fit-for-purpose cybersecurity risk management programs to address realistic threats and risks facing large organizations.

Garth started his career in the military holding multiple technical and IT security roles for over 8 years with two combat tours. After his military service he held multiple positions within the insurance and financial services sectors, including deputy CISO. Garth was also the Cyber Risk Management leader at multiple large consultancies including EY and Accenture before focusing on healthcare services in a boutique setting which offers the ability to drive more innovation and creative thinking.

Mark Snyder

Mark specializes in risk management and cybersecurity capability development for customer-facing products.

Mark has broad experience across the healthcare sector, leading projects at medical device manufacturers, healthcare providers, and insurers. His expertise includes threat modeling, risk assessment, third-party evaluation, vulnerability handling and disclosure, and secure design and engineering.

He possesses a unique blend of technical proficiency and risk management skills, enabling meaningful collaboration with security architects, engineers, and senior business and customer leadership.

Michael Courter

Michael's perspective comes from over 25 years of change leadership across multiple industries: healthcare, financial services, manufacturing, and retail. His integrative process engineering approach leverages CMMI, ITIL, Agile, Lean, and Six Sigma. Michael got his start in Healthcare with both clinical and operational experience. His foray into financial services was at Merrill Lynch where he led a $100MM global security initiatives portfolio and served as lead architect of Bank of America’s Information Security Center of Excellence.

Gareth Parker

Gareth is an IT Manager with over seventeen years of initiating and delivering sustained results and effective change across a wide range of industries, including healthcare, utility services, call center, IT consulting, and the federal government.

His experience lies in strategizing and leading cross-functional teams to bring about fundamental change and improvement in strategy, process, project delivery and operations with a focus on profitability – both as a leader and as a subject matter expert.

Matt Leclair

For over fifteen years, Matt has led cybersecurity design and engineering initiatives. Matt comes from a military background and still lives by those values, with a dash of Texan on top. Currently, he researches in the area of network survivability in nomadic military networks. Outside of cybersecurity, Matt is an amateur bodybuilder and competes two or three times a year as a hobby.

Joe Lobdell

Joe developed his eye for detail over a decade as a military intelligence analyst. Combining a love for learning and efficiency, Joe has a wide breadth of experience including policy and process writing as well as tailoring communication for specific audiences.

Alain Akiele

Alain is a seasoned professional with comprehensive and in-depth cyber threat management and information security experience.

He has a successful track record assisting organizations in achieving their information security goal. Alain's approach to designing and implementing information security solutions gives organizations practical and methods to accelerate their risk management program and achieve compliance without unnecessary cyber spending.

Tom Landry

In the continuous pursuit of knowledge, Tom has honed his skills in cybersecurity and computer engineering. He holds a Bachelor of Science in Computer Science & Engineering and a Masters in Cybersecurity. His areas of expertise include process design & engineering, risk assessments, and policy development.

Valerie Solis

Valerie is a Cybersecurity Project Manager with expertise in delivering a repeatable, comprehensive, and consistent process that drives effective change. She has successfully managed cross-functional teams in healthcare, financial institutions, IT consulting, and law firms.

Her background as a Network Security Engineer allows her to bridge the gap between the technical and executive level, making task management and reporting more seamless.

Michael Larson

Michael performs a variety of technical security tests and assessments with a focus in the medical device security space.

In the past, Michael was a Senior Associate in PwC's Cybersecurity and Privacy practice with experience in providing threat and vulnerability management and technical security assessments to a range of Fortune 500 organizations. He specialized in advanced technical testing such as web application security assessments and penetration testing. Additionally, Michael has built experience performing a variety of information security work including building and supporting Bug Bounty programs, mobile application security assessments, red teaming, social engineering, security maturity assessments and security compliance audits.

Outside of client work, Michael supported PwC's Purple Team service offering by conducting research to identify Indicators of Compromise (IOCs) and detection methods for well-known attacks and advanced adversarial tactics