Social Media Links

Experts & Advisors

Alex Trafton

Senior Managing Director

Photograph of Alex Trafton

1 Park Plaza, Suite 1050
Irvine, CA 92614

+1.949.660.8200 Main
+1.949.529.2623 Direct
+1.760.975.9758 Mobile

Get in touch

Alex Trafton is a Senior Managing Director at Ankura based in Irvine, focused on national security, trade, and technology. He has over 15 years of experience in finance, risk management, and cybersecurity. He leads the NSTT information security services function and serves as a subject matter expert in cybersecurity program design, implementation, and assessment with a focus in foreign investment control and oversight (CFIUS), Defense Industrial Base (DIB) cybersecurity requirements, international trade control compliance program support (ITAR/EAR), and artificial intelligence (AI). He was named one of the top 50 cybersecurity consultants and leaders of 2023 by the Consulting Report.


Alex’s professional experience includes:

  • High-Performance Computing Export Controls: Worked with a foreign cloud services and AI developer to implement a multibillion-dollar infrastructure pivot in order to meet U.S. Commerce Department export control requirements for high-performance computing (HPC) assets to support a new generative AI environment. Worked with company and external counsel personnel to document security policies and a system security plan (SSP) for a segregated regulated technology environment which included the refit of multiple large regional data centers. Through the application of network security controls and asset depreciation schedules was able to save the company over $150 million in removal and replacement costs.
  • FedRAMP Authorization: Worked with a SaaS developer to prepare their build and production environments for a FedRAMP moderate baseline Authority to Operate (ATO) with a U.S. government agency. Worked with company business leaders, developers, and security personnel to assess the environment and build a robust SSP prior to C3PAO assessment. Conducted in-depth technical interviews, reviewed policy and procedure documentation, and built detailed Plans of Action and Milestones (POAMs) to ensure successful authorization.
  • CFIUS Monitorship: Led quarterly product integrity testing of the secure software build environments for a global software developer subject to a National Security Agreement (NSA). Oversaw a multidisciplinary team conducting white box and black box testing with direct reporting to U.S. government agency monitors. Worked with integrity testers to ensure alignment with software security best practices, review and classify findings, and develop comprehensive reporting to address NSA requirements.
  • Defense Industrial Base Cybersecurity: Led an information security program assessment of a U.S.-based defense contractor to assess its current implementation of DFARS requirements, NIST SP 800-171, and its readiness for Cybersecurity Maturity Model Certification (CMMC) audit. The project included integration and harmonization of export control and Controlled Unclassified Information (CUI) requirements. Conducted in-depth technical interviews, reviewed evidence and artifacts, and enhanced the evidence and artifacts supporting the SSP.
  • Defense Industrial Base Cybersecurity: Led a security controls and risk assessment of the regulated data environment of a multinational manufacturing company in support of DoD cybersecurity contract requirements (DFARS) and to prepare the company for a third-party assessment of its implementation of the CMMC. Conducted in-depth technical interviews and reviewed evidence and artifacts to build an assurance case of controls implementation.
  • CFIUS Monitorship: Served as third-party monitor engagement manager for multiple solar sites in Southern California. Coordinated the multidisciplinary monitorship which included physical security, personnel security, cybersecurity, and ICS and SCADA security. Worked with the transaction parties to optimize workflows to reduce burden and cost while effectively mitigating U.S. government agency identified risks.
  • CFIUS Audit: Led the audit of a foreign language media company to review the auditee’s compliance with an NSA focused on mitigating the risk of foreign malign influence. Worked closely with the Department of Justice (DOJ) to ensure CMA equities were incorporated into the assessment of governance and technical requirements. Worked with the auditee to ensure all technical vulnerabilities were effectively remediated to provide assurance that U.S. citizen PII was protected.
  • CFIUS Mitigation and Cybersecurity: Worked with a U.S.-based data analytics company serving DOD and Intelligence Community (IC) clients to ensure its AI-driven platform met all U.S. government contract cybersecurity requirements including the CMMC (NIST SP 800-171) and the NISPOM (NIST SP 800-53). Project deliverables included governance program development, data infrastructure migration, SSP development, and POA&M remediation.
  • BA, University of California, Berkeley
  • Certificate – Cybersecurity Risk Management, Harvard University
  • Certificate – Finance, Harvard Business School
  • ISO 27001 Lead Auditor
  • ISO 27032 Lead Cybersecurity Manager
  • ISO 31000 Lead Risk Manager
  • CompTIA Security Analytics Professional-CSAP
  • CompTIA Cybersecurity Analyst (CySA+)
  • CompTIA Security+
  • CompTIA Network+
  • CMMC AB Registered Practitioner
  • Arabic
  • Hebrew

Thought Leadership

Let’s Connect

We solve problems by operating as one firm to deliver for our clients. Where others advise, we solve. Where others consult, we partner.

I’m interested in
I need help with