There has never been more money, software, or talent poured into cybersecurity than there is right now. There has also never been more anxiety about whether any of it is worthwhile. For Chris Moschovitis, Founder, Chairman, Cybersecurity Expert, and CEO at Technology Management Group (TMG), that contradiction has become the defining feature of the modern security landscape.
“We have more technology at our disposal than ever before,” Chris Moschovitis observes. “More platforms, more automation, more intelligence. Yet many organizations feel less certain about their footing than they did twenty years ago. That tells me the problem is not capability, it’s execution.”
That perspective was forged over the decades spent watching computing evolve from room-sized machines and floppy disks to cloud hyperscalers and artificial intelligence. No matter how sophisticated the technology becomes, the fundamentals of risk, governance, and human behavior remain largely the same.
From Athens to Brockport: Learning to Think in Systems
Chris Moschovitis was born and raised in Athens, Greece. After high school, he made the deliberate choice to come to the United States to study physics, computer science, and mathematics at the State University of New York at Brockport.
I kept seeing organizations pushed toward solutions that solved someone else’s sales target rather than their operational problem. I wanted to build a firm where judgment came before procurement.
“Those years taught me how to think,” he says. “Scientific training forces you to be precise. You test assumptions. You respect evidence. You learn quickly that shortcuts almost always come back to haunt you.”
That mindset became a permanent fixture of his professional identity. Brockport was formative not simply because of the degree it granted, but because it instilled the habits of systems thinking and methodical problem solving that would later define his approach to technology leadership.
Building Before the Buzzwords
After graduation, Chris Moschovitis began his career in academic computing, first in Rochester and later as Director of Academic Computing at Pratt Institute in New York City. At Pratt, he oversaw four computing centers dedicated to art, architecture, engineering, and information science. The work was not theoretical. These were production environments that students and faculty depended on every day.
“Academic environments are unforgiving in a useful way,” he reflects. “If systems go down, learning stops. There is nowhere to hide.”
From Pratt, he was recruited to serve as Vice President of Information Technology at the O’Connor Group, a real estate management and development firm in New York City. The shift from education to commercial enterprise exposed him to technology as an engine of business operations rather than an academic resource. Reliability, access, and continuity became practical concerns with measurable financial consequences.
These early years taught Chris Moschovitis something that has stayed with him ever since. Technology does not fail in theory, it fails in practice. It fails in configuration, in ownership, in communication, and in preparation.
Founding TMG in an Uncertain Economy
In 1989, in the midst of a recession, Chris Moschovitis made the decision to found Technology Management Group (TMG). He wasn’t driven by disruption for its own sake. He was responding to what he saw as a widening gap between vendor-driven technology adoption and the sober, independent guidance organizations actually needed.
We don’t sell products. We help organizations think clearly about risk and responsibility. Tools can support that work, but they cannot replace it.
“I kept seeing organizations pushed toward solutions that solved someone else’s sales target rather than their operational problem,” Chris Moschovitis says. “I wanted to build a firm where judgment came before procurement.”
From its earliest days, TMG was structured around vendor neutrality, senior-level advisory work, and long-term partnership rather than transactional consulting. That philosophy has remained intact as the firm expanded into cybersecurity operations, governance, privacy, and managed services.
Security as a Lifelong Thread
Long before “cybersecurity” entered the common vocabulary, Chris Moschovitis had already developed a fixation on protection, recovery, and continuity. His early networks ran on BitNet. He formatted the first ten-megabyte hard drives. He fed endless floppies into the first Macintosh computers and subscribed to CompuServe and AOL. The hardware evolved, but the risks remained.
“Even in those early days, I was always asking the same questions,” he recalls. “What happens if this fails. What happens if this gets out? How fast can we recover?”
Inside TMG, one of the first rules every consultant learns is simple: an unverified backup may as well not exist at all. It’s a hard lesson learned the hard way, by watching organizations discover, at the absolute worst possible moment, that their assumptions were comforting but incorrect.
True security won’t be achieved by reacting to headlines. Security is a habit—a lifestyle, even—that must be cultivated long before a breach ever occurs.
Formalizing a Discipline Already in Practice
After decades as a practitioner of IT governance and cybersecurity management, Chris Moschovitis chose to formalize the work he had long been doing by joining ISACA and, later, the International Association of Privacy Professionals. He earned certifications including CISM, CGEIT, CDPSE, and CIPP/US.
“These credentials did not change the work,” he explains. “They gave me a common language to share with others. Frameworks matter because they help organizations govern, not because they sound impressive.”
Teaching and writing followed naturally. He became an adjunct professor in the SUNY Brockport MBA program and a frequent lecturer on IT governance, cybersecurity, and digital transformation. He has also authored two books for Wiley: Cybersecurity Program Development for Business (2018) and Privacy, Regulations, and Cybersecurity (2021). For Chris Moschovitis, this work reflects a belief that technical leadership carries an obligation to educate and strengthen the profession itself.
Throughout, Chris Moschovitis’ core beliefs have remained the same: disciplined execution over theatrical innovation.
The Present Moment: AI, Cloud Dependence, and New Fragility
The modern technology environment is defined by speed and interconnection. Artificial intelligence is embedded in everyday workflows. Cloud platforms host mission-critical data. Third-party applications form dense webs of dependency. Chris Moschovitis views these developments with both interest and restraint.
On AI, his assessment is deliberately mixed. There is real operational value in narrow use cases such as data analysis, content summarization, and automation. At the same time, many organizations expecting dramatic transformations are ending up disappointed. Attackers, meanwhile, have been quick to exploit AI to improve phishing, social engineering, and attack automation.
“It’s essential to understand that AI is neither miracle nor menace,” he says. “It’s a powerful tool, but it has a tendency to amplify whatever already exists in an organization, be it discipline or disorder.”
The same tension appears in cloud adoption. Cloud platforms have enabled scalability and flexibility that would have been impossible in earlier eras. Yet they have also shifted risk outward into complex vendor ecosystems. Increasingly, breaches arrive through partners rather than through a firm’s own perimeter.
“Any decent security posture has to take into account all third-party dependencies,” Chris Moschovitis notes. “Data flows don’t respect organizational boundaries, and governance has to expand accordingly.”
Tool Sprawl and the Illusion of Safety
One of the most persistent patterns Chris Moschovitis has observed in recent years is the phenomenon of tool sprawl. Executives are more aware of threats than ever, which is good, but too often they respond by going shopping. Each security acquisition promises visibility, detection, or control. But it also adds credentials, integrations, configuration demands, and alert streams.
Analysts toggle between consoles. Dashboards disagree. Fatigue sets in. Meanwhile, the attack surface quietly expands.
“Owning a tool and operating it well are two very different things,” he says. “If you cannot name who is responsible for a system, demonstrate how it is tested, and show when it was last reviewed, then you’re living in denial. Without that information, control doesn’t truly exist.”
Mature security, in Chris Moschovitis’ view, is defined less by quantity of software and more by the quality of process. Patch management done on schedule. Backups tested rather than assumed. Access controlled tightly and reviewed regularly. Logs actually read.
These are unglamorous routines, and they rarely feature in vendor keynotes. Yet across decades of incident response, Chris Moschovitis has seen them separate organizations that recover cleanly from those that struggle.
TMG as an Expression of Governance
TMG was built as a direct expression of this operating philosophy. The firm blends consulting, advisory, and managed services because a strategy divorced from execution rarely survives contact with reality. Clients engage TMG for governance, cybersecurity, cloud modernization, and operations, often at the same time.
“We don’t sell products,” Chris Moschovitis explains. “We help organizations think clearly about risk and responsibility. Tools can support that work, but they cannot replace it.”
The firm’s emphasis on calm, senior-level guidance reflects a belief that clarity is more valuable than velocity. Many clients come to TMG in moments of transition, regulatory pressure, or institutional stress. The work is rarely glamorous, but it’s consequential.
Endurance Over Excitement
After more than thirty years in the field, Chris Moschovitis is cautious about grand declarations. Technologies change faster than ever, true, but human behavior changes very little. Fear, urgency, and the desire for immediate relief still drive many decisions. The organizations that endure, in his experience, are those that resist panic long enough to govern carefully.
Security and governance remain the work of routine discipline. They are built through configuration, testing, ownership, and review. None of this attracts headlines. All of it determines whether an organization can function when conditions deteriorate.
“The work that matters most tends to be quiet,” Chris Moschovitis reflects. “It is also the work that holds everything else together.”
Explore more articles:
Arthur L. Allen—Heidi AI: Equipping Students with Their Own Personal Supercomputers
