Nicholas Ferguson For Courtney Gordon · RISE
A follow-up note, written after our conversation Saint Augustine, FL

A few things I kept thinking about after.

Courtney, I thoroughly enjoyed the conversation. It's a rare thing to talk with a man who has real vision. A few of the things you brought up connected to work I've done that I didn't get into in the room, so I wrote them down here. No need to reply. I just wanted you to have it.

Nicholas Ferguson
25 years building. CTO, acting CISO, hands on keyboard.
01 The short answers I gave, filled in

You asked about data centers and drones. Here's the longer version of both.

I kept my answers brief in the moment. I'm someone who likes to sit with a conversation and let the thinking settle before it's any good, and this is where mine went in the hours after we spoke. Each one connects to the installation work, and they all point the same direction: these are the pieces you automate and tie together with AI. That's the job I want, and it's the thread running through everything below.

Built it, ran it
i.

Two Tier III data centers. Five years, no downtime.

At the fund I designed, architected, and helped build two private Tier III facilities. Thirty high-capacity racks each, one in our building and a second next door a few years later. In five years of running them we never dropped the load. That includes the day a power distribution unit arced and started a small electrical fire. Everything stayed up.

The base work is a building problem and a compute problem at the same time. Power, cooling, and staying up when something fails. I've done it for real, not on paper.
Before it had a name
ii.

I wrote the automation that ran the whole data center.

I built a platform that tied together the monitoring system, the network and firewalls, the SAN storage and switches, and the headless server management interfaces. It provisioned and moved workloads on the fly, stood up test environments on demand, and ran a lot of the day-to-day operations from one place. This was infrastructure-as-code, DevOps, and data center management years before any of those were words people used.

That was rules-based automation. The version of it now is agentic: systems that provision, monitor, and respond on their own. Same instinct, far more capable tools.
The Hitachi piece
iii.

My old storage certifications were on Hitachi's platform.

Earlier in my career I held HP Master ASE certifications in enterprise storage and recovery, XP storage, clusters and HPC, and servers. They're long lapsed, so I'm not going to pretend they're current. The part that still matters is that HP's XP array line was Hitachi's hardware. I've spent real time on that platform.

I'm not claiming to be current on it. But when RISE and Hitachi are in a room talking storage and HPC, I follow the whole conversation without anyone translating it for me.
On the drones
iv.

I haven't run drones. I've built the pipeline they'd feed into.

After big storms we used a satellite service to survey properties for damage, and I pulled that data into our analytics. A drone is another sensor feeding a comparable pipeline. The work that's actually hard is the ingestion and the analysis on the other end, and that part I've done.

The pile of sensor data isn't useful until something reads it. That's an AI job now: pulling many feeds into one picture and surfacing what matters. Satellite now, drones and other feeds later, a similar problem either way.
The security seat
v.

I've sat in the security chair myself.

Alongside the CTO role I served as acting CISO, owning the security and compliance function directly. I haven't taken a system through federal accreditation. But from what I understand of it, it's largely a security-engineering job: defining the boundary, implementing the controls, monitoring them, and producing the evidence. That work I know.

The security seat is the one most technologists have never held. I have.
The short version

I've built the data centers, written the software that runs them, and secured them. The interesting part now is pointing AI at all of it.

02 The actual job

Underneath the title, this is one thing: automate the operation with AI.

Whether it's a base or the day-to-day of the business, the work is the same shape. Pull the scattered systems together, put agents on the repetitive parts, and build a model of the operation that agents can act through, not just a report leadership reads. My recent years have been exactly this: multi-model orchestration, MCP integrations, and agent tooling in production.

The near-term wins
The unglamorous, high-value stuff comes first. Accounts payable, vendor and contract handling, reporting, the work-order and approval chains. Agents that take the repetitive load off people, with a human in the loop until they've earned trust. Real savings you can measure in the first months.
The larger build
Underneath, a semantic model of the business: the scattered systems pulled into one operable layer that agents and people work through, with the rules enforced and a clean record kept as a byproduct. Not a dashboard to look at, a kernel to act through. That's the layer I keep coming back to, across the fund, the data centers, and my own projects.
2b On the partner side

Hitachi Vantara Federal runs an Army practice already: mission-ready storage, HPC for AI, zero-trust on-prem file systems, and GovCloud work across FedRAMP, NIST, and CMMC. Given where I came up on their platform, I can hold my own in that conversation.

03 On the compliance side

The IL target drives everything, and I've built the pattern it wants.

Where you land on the ladder sets the cost, the architecture, and who's even allowed to touch the system. IL4 and IL5 are two very different builds.

IL2 Public, non-critical. Lines up directly with FedRAMP Moderate. baseline
IL4 Controlled unclassified info. FedRAMP plus a CUI overlay. U.S. persons. Logical separation is fine. + DoD overlay
IL5 Sensitive CUI and national-security systems. Physical separation. U.S. citizens only. FedRAMP High floor

The reason the compliance side isn't foreign to me is that I already build in it. KAMN is a Rust trust-and-proof layer for the agent economy. It isn't a production network yet, but it runs locally today: agents authenticate, exchange signed work, write durable state, and it produces machine-readable proof reports. Where it touches settlement it uses devnet evidence and labels that boundary plainly.

The part that matters here is how it's built. KAMN runs on a real governance stack: spec-first TDD, contract lanes, policy checkers, fail-closed reason codes, evidence bundles, fuzzing. Policy as code, and machine-readable evidence generated by the pipeline itself. That's the shape the FedRAMP 20x direction is moving toward. I haven't done an authorization, and I'm not calling this certified. But it's closely related technical ground, and the code is public.

Where I land

I build the systems, run the infrastructure, and hold the security. Then I point AI at all of it.

That combination is the thread through everything above, from the data centers to KAMN. It's what I've spent my career doing, and it's what I'd bring here.

One more thing, since it says more than any adjective would. The projects above run to thousands of commits, most of them built on nights and weekends. The tooling is what I reach for every day, and I've kept a nine-year research project going the whole time as a personal side project. I don't stop building. And now I want to point my relentless tenacity at the new problem domain RISE is stepping into.

Nicholas Ferguson Builder · CTO / acting CISO · Saint Augustine, FL
The federal details here are from public sources, put together after we talked: the Army's installation leasing program, Hitachi Vantara Federal's Army practice, the FedRAMP 2026 rules, and the DoD's cloud impact levels. This is my own note, not a RISE document.