Steve Weiker is a Principal Consultant in Blair Carlisle's Cybersecurity and Risk practice — but his path to cybersecurity advisory wound through software engineering, healthcare technology, and a decade of building products. We sat down with Steve to talk about his background, his work as a fractional CISO, and what drew him to Blair Carlisle.
Tell us a bit about your background.
I grew up in Columbus and spent the early part of my career in software development. I founded HyperActive, where we built software for software companies — tools that helped development teams manage their own development lifecycle. That experience gave me a developer's perspective on security that I've carried ever since.
McKesson acquired HyperActive, and I spent about 10 years there leading development. After that I served as CTO for two healthcare startups — one in patient records and one in telemedicine. Both of those roles put me at the intersection of technology and regulatory compliance in a very high-stakes environment.
How did that lead you to fractional CISO work?
Healthcare technology puts you face-to-face with HIPAA, with clinical workflows, with the consequences of getting security wrong. I started doing compliance advisory on the side and realized that organizations needed someone who could bridge the technical side and the compliance side — who understood what the engineers were actually building and could translate that into a posture the regulators and auditors could evaluate. That's where I've operated ever since: SOC 2 audits, ISO 27001 certifications, HIPAA compliance programs.
What drew you to Blair Carlisle specifically?
Cultural alignment. I met Pete through a mutual acquaintance, and it became clear quickly that we shared a philosophy about how to work with clients. We're not a firm that shows up with a checklist and declares compliance. We work WITH the organization — flexible process, adapted to their context. That matters to me.
If I had to describe Blair Carlisle in one word, it would be: Ethical. That's not a small thing in this industry.
What's the most important lesson you've learned working with clients?
That the best compliance programs are the ones that make sense to the people running them. If your team doesn't understand why a control exists, they won't maintain it — and then your audit evidence becomes theater. The goal is to build security that the organization actually operates, not just passes a test with.
Questions about your specific situation?
Our advisors work with organizations of every size across the industries covered in this article. Start a conversation — no obligation.