About JP

Jean-Paul Lizotte (« Jaypee »)

SecDevOps Transformation Leader | Zero-Trust & Compliance Automation | 30 + years in IT driving resilient, people-centric delivery

I build high-trust, Zero-Trust engineering cultures. From programming Microsoft BASIC in 1981 to leading SOC 2 Type II attestations, my career arcs around one idea: technology should empower people, not become their bottleneck

Today I coach organisations out of “guru dependency” and into collaborative, self-healing SecDevOps ecosystems that cut lead-time, raise security posture, and make audits almost invisible to engineers.

Signature Results

• SOC 2 Type II readiness in under 12 months – Automation and coordination of implementation of Audit controls.
• 45 % fewer production defects after embedding SAST / DAST / IaC gates into CI / CD.
• Daily releases down from bi-weekly by coaching five cross-functional squads on trunk-based development and feature flags.
• Hub-and-spoke Azure landing zone Bicep Deployment, with policy-as-code and private endpoints, now hosting 30 + workloads.

Playbook

1. Strategy & Governance – Map business risk to guard-rails; bake compliance into workflow.
2. Automation – Everything-as-Code: pipelines, policies, infrastructure.
3. Culture – Psychological safety, shared ownership, continuous feedback loops, security baked-in everything.

Core Competencies

• SecDevOps Leadership & Cultural Transformation
• Zero-Trust Architecture & SOC 2 Type II Compliance
• CI / CD & IaC: Azure DevOps · GitHub Actions · Bicep · Docker / AKS, SonaQube, Snyk
• Multi-Cloud & Hybrid Governance (Azure-first, some AWS)
• Data & Pipeline Security: SAST · DAST · Secrets Management · SIEM log centralisation
• Coaching & Mentoring cross-functional squads

Recent Roles

Emyode | Certified B Corp 

7 years 10 months 

SecDevOps Practice Leader | Deputy CIOSO 

May 2024 - May 2025 (1 year 1 month) 

Montreal, Quebec, Canada 

As Deputy to the CIOSO, I contributed to the company’s operational security strategy by identifying systemic risks, establishing process controls, and implementing scalable governance frameworks across development teams. A key part of this role involved leading the implementation of Emyode’s SOC 2 security readiness program, aligning teams and operations with rigorous audit controls and evidence-based compliance standards. As SecDevOps Practice Leader, I fostered a security-first culture by embedding security at every stage of the SDLC. I coached cross-functional teams on secure automation, threat modeling, and continuous improvement— transforming DevOps maturity into measurable business value. Key Contributions: Operationalized the SOC 2 readiness initiative, from gap analysis to policy implementation and evidence collection, ensuring audit readiness.

• Designed DevSecOps pipelines with embedded quality and compliance checks. 
• Led security training, risk workshops, and architecture reviews with both internal teams and external clients. 
• Established metrics and dashboards for real-time security KPIs and remediation tracking. 
• Acted as an executive liaison to support communication between stakeholders and security teams. Drove enterprise SOC 2 program, instituted Zero-Trust controls, and centralised observability

DevSecOps Practice Lead | DevOps Technical Expert: People, Process & Tool Optimization 

August 2017 - May 2025 (7 years 10 months) 

Montreal, Canada Area 

Appointed to lead the DevOps practice across Emyode’s consulting and delivery divisions. My mission was to modernize software delivery pipelines, improve development efficiency, and enable secure and scalable cloud-native architectures. Key Responsibilities: 

• Designed and deployed Azure-based architectures (PaaS, IaaS) with Dockerized delivery. 
• Built and scaled reusable CI/CD frameworks with quality gates, metrics, and rollback capabilities. Delivered advisory services on secure SDLC practices, Zero Trust models, and pipeline governance. Coached internal and client teams on best practices across GitOps, 
• Infrastructure as Code, and Agile work planning. 
• Introduced and refined workflow processes supporting bimodal project management. Impact: Improved deployment velocity and auditability in client environments. 
• Contributed to Emyode’s positioning as a leader in DevSecOps consulting in the Quebec market. Developed internal tooling to track pipeline health, change metrics, and client success KPIs.

DrJPSoftware Inc 

DevOps Corporate Learning and Development Manager - Solution 

Architect April 2017 - August 2017 (5 months) 

Longueuil 

• Implement the Devops initiative.
• Deploy and implement an ALM collaboration tool. 
• Identify and promote lean working. 
• Train users on the Agile tools Coach on bimodal workflows. 
• Consult on new technological paradigms 
• Identify and report on possible improvements in the build, deploy and testing processes. 
• Design and develop processes to automate recurring tasks such as software builds, deployment and Quality assurance tests.
• Coach on managing code branches. 
• Cloud architecture consulting: Azure/AWS Monitor and control staged deployments across different pipelines (Integration, QA, UAT, Prod) 
• Recommend and implement tools to track and report metrics across processes and wokflows. Onboarding of new projects 
• Train Dev team in Code management and best practices. 
• System Architecture, Solution design and validation

Featured Work

• Ongoing blog about SecDevOps and it's philosophy: SecDevOps illustrated
• Commercial product: Online Robot Gcode Post processor: transactional website Epost Post processor
  
• Publication (credited as drjp81) Bypassing Throttling Using Protocol Encryption (Pervices inc)

Technical Stack

PowerShell · .NET Core · Bicep · YAML Pipelines · Docker / Compose ·· NGINX · Certbot · FFmpeg · Node-RED · Ollama / AnythingLLM. PoweBI, Azure, Azure Devops, Agile 2.0, SonarQube, Snyk

Languages

French (native) · English (fluent) · Spanish (conversational)