top of page


"Mike was wonderful to work with - knowledgeable, well spoken, and very resourceful.  I am super pleased with the documentation, the process, and the final outcome." - Tim Greiner, Managing Director, Pure Strategies

"There is nobody I respect more than Mike, professionally and personally. He delivers measured, definitive security analysis and guidance." - Mick Bauer, Information Security Officer, Wells Fargo

Taproot Security advises industry and government on cybersecurity issues, policy, systems design, risk remediation, and incident response.


Our clients include a global retailer, global auto manufacturer, national financial institution, regional Federal Reserve bank, agriculture consultants and organic co-ops, sustainability consultants, poison hotline, private religious order, standards bodies, and a US federal agency.  We seek clients whose mission, like ours (below), benefits humanity, society, and the planet. In special cases we offer pro bono or discount work.

The mission of Taproot Security is to protect our clients from threats in accordance with our core values.  Our core values are collaboration with communities of all kinds, preserving the planet for future generations, and courage in the face of aggression. 


After three decades working as a security expert in major corporations and government agencies, Michael McCormick founded Taproot Security to bring his experience and perspective to others. 


Taproot Security advises industry and government clients on vital cyber issues.  Taproot contributed to the NIST cybersecurity framework, developed sustainability cyber controls for a global retailer, and protected a major bank against SWIFT hackers.


Prior to founding Taproot, Mike was Managing Security Architect at a Fortune 50 company, responsible for IT security strategy and projects across one of the world’s largest enterprises.  Before that he led security initiatives at various companies and federal agencies.

Taproot Security founder Michael McCormick
Michael McCormick
Founder and President



Mike is past chairman of the Security Steering Committee of the Financial Services Roundtable.  He worked with the Obama White House on executive orders and advised Congress on cyber legislation.  He represented the United States to an international standards body (ISO) and coauthored numerous US security standards. 


Mike collaborates with security researchers at Columbia and Harvard.  His work is published in books and journals, and he regularly speaks at conferences.  He holds patents for biometric, cryptographic, and anti-fraud inventions.  Mike also volunteers as a founding member of the Minnesota Cybersecurity Career Consortium (MnC3) helping young people pursue careers in information security.

Mike is a Certified Information Systems Security Professional (CISSP) active in the Information Systems Security Association (ISSA).

  • Interviews in eWeek, Information Week, Network World, and Computer Security

  • "Cracks in Facebook's Walled Garden", ISSA Journal

  • "Iran is Ready for Cyberwar", ISSA Journal

  • "The End of Security", ISSA Journal

  • "Security Made Amazon Profitable", ISSA Journal

  • "VEP Makes Me Wanna Cry", ISSA Journal

  • "Your Social Insecurity Number", ISSA Journal

  • “Safeguarding & Securing Pipelines from Unauthorized Access”, Industrial Security News

  • “Optimizing False Match Rate in Biometric System Deployments”, ISSA Journal

  • “Challenge of Safe Web Browsing for the Financial Services Industry”, FSTC Innovator

  • Security without Obscurity: Guide to PKI Operations 2nd edition (book contributor)

  • Chapter on data theft in Dr. Steven Bellovin’s book Insider Attack and Cyber Security: Beyond the Hacker

    • Mike's chapter cited in eleven academic books and papers

  • Invasion of the Internet Impostors”, Internet Underground magazine

    • cited in book Database Nation by Dr. Simson Garfinkel

    • cited in book IT Concepts and Issues by Dr. Kenneth Loudon

  • Programming Extremism”, Communications of the ACM

    • reprinted and translated in four languages

    • cited at three conferences

    • cited in five academic papers

    • cited in book Object Thinking by Dr. David West

Public Appearances


  • Cyber legislation panel. NAMWOLF conference

  • Identity panel, FS-ISAC conference

  • Cloud security panel, CSO Summit

  • Application Security panel, AppSec USA conference

  • ISSA webinar on biometrics

  • Financial biometrics talk at Biometrics Summit

  • Insider threats panel, RAND academic symposium

  • Security innovation panel, TRUST Forum

  • Interview on “Face to Fingerprint” radio program

bottom of page