Mary Carmichael is a strategic advisor and entrepreneur working at the intersection of cybersecurity, risk, and innovation. Mary is the founder of Momentum Technology, a boutique consultancy that helps organizations turn technology risk into trusted, business-aligned strategy. She works with executive leaders to connect technical realities with business priorities—bringing clarity to complexity, and helping organizations build resilience and value.
Momentum delivers advisory services including BISO (Business Information Security Officer) leadership, GRC (governance, risk, and compliance) strategy development, and emerging tech readiness.
As a BISO, Mary embeds security into business operations to support growth and change. Unlike a traditional CISO, the BISO role is integrated within business units, aligning cybersecurity initiatives with strategic goals. Using her ABC model – awareness, behaviour, and communication – Mary ensures security becomes a cultural asset, not a compliance burden.
Mary’s GRC advisory services help organizations shift from reactive compliance to proactive risk management.
Her frameworks support board oversight, operational planning, and metrics reporting. She guides clients to ask better questions, strengthen governance models, and embed risk into decision-making. Her emerging technology readiness consulting focuses on AI strategy, governance and internal controls to support responsible adoption and oversight.
Mary leads process reviews, recommends risk frameworks, and develops roadmaps to support strategic decision-making. Engagement deliverables include technology strategy, maturity assessments, policy development, and implementation plans aligned with business priorities. Mary brings expertise across risk, audit, governance, and IT operations. She holds CPA CMA, CISA, CISM, CRISC, PMP, Lean Green Belt , and Prosci Change Management certifications.
Her background includes senior roles at the City of Vancouver, Metro Vancouver, and UBC, and consulting engagements with Province of British Columbia, FortisBC, BCI, Capilano University, and CPABC.
Mary recently served as President of ISACA Vancouver, leading the chapter to receive ISACA Global’s Outstanding Chapter Achievement Award. She contributes to ISACA Global initiatives, authors the “Tips” column for over 200,000 professionals, and speaks at leading conferences, including RSAC, ISACA North America, and ISACA Europe.
As a Fellow with Toronto Metropolitan University’s Rogers Cybersecure Catalyst, Mary leads research on third party AI risk, with a focus on public sector use. In 2025, she was named one of Security Magazine’s Women in Security and received the “Lift as You Climb” Mentorship Award from Canadian Women in Cybersecurity.
BUILDING MOMENTUM TECHNOLOGY
Momentum Technology is a boutique consulting firm that transforms technology risk into strategic advantage.
Founded by award-winning advisor Mary Carmichael, the firm partners with executive leaders to align cybersecurity, governance, and innovation with business strategy, bridging the gap between technical complexity and organizational priorities.
Working with public institutions, private enterprises, and regulated sectors, Momentum provides advisory services including BISO (Business Information Security Officer) leadership, GRC (governance, risk, and compliance) strategy development, and readiness planning for emerging tech. These services help organizations embed security into operations, manage risks, and adopt technologies like AI responsibly.
In addition, the firm offers assurance services in cybersecurity, tech governance, and business continuity. Rather than offering generic advice, Momentum provides clients with tangible tools – risk analysis, maturity assessments, governance frameworks, board reports, and implementation plans.
Intentionally small for agility and depth, Momentum combines sharp technical insight with boardroom fluency. The founder, Mary, a CPA CMA, CISA, CISM, CRISC, and PMP, brings rare cross-disciplinary expertise and has community leadership roles with ISACA Global and Toronto Metropolitan University’s Rogers Cybersecure Catalyst, supporting cybersecurity collaboration.
At Momentum, the philosophy is simple: help clients lead with intention, build with purpose, and grow with confidence in today’s digital world.
IN HER WORDS.
“Entrepreneurship has always been a mindset for me. I have consistently viewed the world through a problem-solving lens – spotting gaps, imagining better ways of doing things, and bringing others along to help build them. I am constantly thinking about possibilities and exploring alternative approaches.
Early in my career, while working in large organizations such as the City of Vancouver, Metro Vancouver, and UBC, I recognized that I did not wait for permission to improve processes – I initiated change and explored possibilities. Whether I was leading a new cybersecurity initiative or untangling legacy risk systems, I consistently challenged the status quo. That mindset – equal parts curiosity and courage – is what I now recognize as entrepreneurial.
I have always gravitated toward roles where I could rethink established processes and improve them. That is why I have always held onto this quote from Grace Hopper: “The most dangerous phrase in the language is, ‘We have always done it this way.’“ It captures the mindset I live by – challenging outdated playbooks and co-creating better ones with others.
HUMBLE BEGINNINGS
Growing up on our family farm in Southern Alberta was my first education in entrepreneurship. My parents immigrated to Canada with very little.
They had to learn not just how to farm, but also a new language and culture while building a business from the ground up. I am proud to be a first-generation Canadian. Life on the farm – 100 kilometres from Lethbridge – taught me grit, resilience, and hands-on leadership.
Farming was not just work; it was a way of life. Everyone contributed. One day you might be hauling irrigation pipes, the next repairing machinery or helping with bookkeeping. We grew sugar beets, alfalfa, and wheat, each with its own risks and rewards. Some seasons brought hailstorms and even tornadoes that wiped out entire fields. I learned early to face uncertainty and adapt quickly.
What stayed with me most was watching my parents manage everything – crop contracts, insurance claims, taxes, and long- term planning – often in a second language. It was entrepreneurship in its rawest form: uncertain, demanding, and quietly courageous.
One of my earliest business memories was helping with the sugar beet harvest. I was about ten, wearing oversized gloves and boots. At day’s end, my father handed me a five-dollar bill. It felt monumental. That was my first lesson in sweat equity. It was earned, and I was proud.
Not every season ended well. One year, just before harvest, hail destroyed a major portion of the crop. I remember my parents sitting at the kitchen table late into the night, surrounded by insurance forms. That moment taught me more about risk and resilience than any business course ever could. Farming revealed the truth of entrepreneurship: you plan, work hard, and sometimes things still fall apart – but you get back up and begin again.
OVERCOMING OBSTACLES
Whether I am developing event programming for ISACA Vancouver or advising clients on emerging tech strategy, I carry the values I learned on the farm: resourcefulness, resilience, shared responsibility, and long- term thinking. That foundation influences every idea I pursue. We learned to work with what we had, stay grounded, and face challenges directly – even when unpredictable. We planned ahead but adapted quickly when conditions changed.
A NEW BUSINESS IS BORN
Momentum Technology was shaped by real-world needs and rapid shifts in the tech landscape. I founded the firm to help clients manage cyber risk, strengthen governance, and adopt innovation with intention. The COVID-19 pandemic became a turning point. Organizations had to rapidly shift to cloud platforms, secure remote teams, and launch new systems – often without time to prepare or govern.
That period defined my work. One key project involved helping a regulatory agency manage a fast- tracked cloud migration. Despite multiple approved digital initiatives, they lacked visibility into risks, dependencies, and compliance requirements.
Within weeks, I assessed their current state, built a governance framework, and aligned security, compliance, and operations under a roadmap. We implemented a lightweight but effective risk model and introduced project controls – giving leadership visibility to proceed. That experience reaffirmed my core belief: entrepreneurship means showing up in uncertainty and building the path forward.
One of the biggest challenges I have faced has been keeping pace with rapidly evolving technology while scaling my business.
I address this by investing in ongoing learning and surrounding myself with trusted collaborators. The ISACA Vancouver Chapter has been essential to this growth, introducing me to professionals such as Ritchie Po, who works at the intersection of cybersecurity, privacy, and AI.
Each venture I pursue aligns with my core purpose: helping organizations navigate complexity, championing responsible governance, building community, and shaping the future of cybersecurity and innovation. I am actively involved in every initiative.
I founded Momentum Technology to help organizations manage technology risk, align cybersecurity with business goals, and prepare for emerging technologies like AI and quantum. Too often, I saw risk treated as an isolated function – disconnected from operations and innovation. Through BISO services, GRC strategy development, and emerging tech readiness consulting, I help clients embed security into operations, not just for compliance only.
ROLES TO GROW IN
My involvement with ISACA Vancouver Chapter began as a volunteer and evolved into a leadership role. As Chapter President, I helped expand mentorship, AI literacy, and SheLeadsTech initiatives, serving over 1,000 members. During my tenure, our chapter received the Outstanding Chapter Achievement Award from ISACA Global. That work led to a role with ISACA Global, where I now represent Canada on international working groups, shaping IT risk certification and advise on member experience. As Secretary-Treasurer and External Governor for Columbia College in Vancouver, I contribute to board governance and fiduciary oversight. I was drawn to this work because it merges strategy and accountability, supporting education and community impact.
Through my role as a Catalyst Ambassador and Catalyst Fellow at Toronto Metropolitan University’s Rogers Cybersecure Catalyst, I lead research into AI supply chain risks – developing practical governance frameworks to help public sector organizations manage third-party risk and AI procurement responsibly.
Beyond my consulting and board roles, I remain active as a writer and speaker, contributing to ISACA’s Tips newsletter, which reaches over 200 ,000 professionals globally. I share insights on cybersecurity, risk leadership, and innovation on panels, podcasts, and global stages such as RSAC, ISACA North America, and ISACA Europe.
Each of these ventures began with a gap I identified – whether a missing voice, a governance weakness, or an overlooked risk. I stay involved because I see real impact: helping leaders strengthen systems, align values with action, and move forward with confidence.
EVOLUTION OF STYLE
My leadership journey has also evolved. Early on, I focused on execution and delivery – what I now call the “expert mindset.” Over time, I realized leadership also means stepping back, creating space for others to grow, and guiding strategy in moments of uncertainty. During the pandemic, this shift became especially important. I expanded Momentum’s services to include BISO advisory, strategic GRC, and tech readiness, helping organizations lead with intention and build sustainable systems under pressure.
Sometimes, what appears to be a simple request reveals deeper issues. For example, a client once asked me to write a cybersecurity policy. Instead of delivering a template, I facilitated leadership conversations that uncovered systemic gaps in ownership and governance. The end result was not just a policy, but a full governance roadmap. That experience reminded me that meaningful consulting goes beyond quick fixes – it involves surfacing the right questions and co-creating durable solutions.
DIGITAL GROWTH
A pivotal moment for Momentum came when I began showing up consistently on LinkedIn.
By sharing insights on cybersecurity, community updates, and reflections on leadership, I created meaningful dialogue. Those posts opened doors. People reached out from across Canada and beyond – seeking collaboration, inviting me to speak, or asking about my services. This visibility led to new clients, expanded opportunities, and national recognition as one of the Top 20 Cybersecurity Influencers in Canada and one of the Top 5 Women Influencers. That was the turning point when I realized this was not just content – it was connection, credibility, and trust in action.
Support has been a constant theme in my journey. My parents modelled resilience, problem-solving, and ethical leadership under pressure. My husband, John – a DevSecOps engineer – brings a technical lens that complements my strategic approach. Together, we explore the intersection of security, systems, and innovation. In the ISACA community, mentors like Anthony Green gave me encouragement at critical moments, challenging me to lead boldly.
One of the most formative experiences was my selection as class valedictorian for the Emerging Leaders in Cyber Initiative by Rogers Cybersecure Catalyst. This program brought together thirty women and non-binary professionals across Canada for executive- level training in cybersecurity leadership. It gave me a peer network that continues to inspire and ground me today.
BUILT TO LAST
Scaling Momentum Technology has never been solely about revenue – it has always been about relevance, impact, and reach. My early leadership roles at the City of Vancouver, Metro Vancouver, and UBC taught me how to drive value in complex stakeholder environments. I led digital transformation projects that were recognized with City Excellence Awards, including the launch of online services and modernization of permitting and licensing platforms. These experiences deepened my understanding of enterprise risk, service delivery, and stakeholder alignment.
Momentum Technology builds on that foundation. I formalized my service offerings around BISO leadership, GRC strategy development, and emerging tech readiness to meet the growing need for cybersecurity that is aligned with business strategy. My engagements include organizations such as the Province of British Columbia, BCI, FortisBC, Capilano University, and CPABC.
Each engagement is an opportunity to help leaders strengthen governance, build resilience, and plan for what comes next – especially in high-stakes areas like AI adoption and cybersecurity.
STRENGTH IN INNOVATION
To continue growing, I am focused on contract and consulting engagements with organizations that are ready to approach security and innovation more strategically. I work with both public and private sector clients, as well as, startups and I am open to collaboration with consultancy firms, venture groups, and boards that need specialized insight. I also support companies facing regulatory challenges or preparing for AI transformation, helping them embed governance from day one.
By the end of 2026, my vision for Momentum Technology is to be recognized as a trusted partner for organizations navigating digital complexity. I want our legacy to be systems that are stronger, leadership that is more informed, and strategies that are built for long- term value. Through the Catalyst Fellowship, I am contributing to the development of AI governance frameworks – especially focused on third-party risk in public institutions – so organizations can adopt AI responsibly and with confidence.
In my work with ISACA Vancouver, I will continue to support mentorship and knowledge sharing through initiatives like the SheLeadsTech podcast and AI literacy events. Globally, I remain focused on shaping technology standards and advancing conversations on digital trust. Whether guiding a client or mentoring a leader, my goal is to strengthen systems, build confidence, and create lasting, strategic progress. That is Momentum.”
Author Profile
- Helen Siwak is the founder of EcoLuxLuv Marketing & Communications Inc and publisher of Folio.YVR Luxury Lifestyle Magazine and PORTFOLIOY.YVR Business & Entrepreneurs Magazine. She is a prolific content creator, consultant, and marketing and media strategist within the ecoluxury lifestyle niche. Post-pandemic, she has worked with many small to mid-sized plant-based/vegan brands to build their digital foundations and strategize content creation and business development. Helen is the west coast correspondent to Canada’s top-read industry magazine Retail-Insider, holds a vast freelance portfolio, and consults with many of the world’s luxury heritage brands. Always seeking new opportunities and challenges, you can email her at helen@ecoluxluv.com.
Latest entries
Events & ConferencesSeptember 11, 2025Her Wealth Summit 2025: Empowering Women to Redefine Financial Confidence in Vancouver
PORTFOLIO.YVRAugust 17, 2025From Governance to Growth: Mary Carmichael’s Approach to Cybersecurity Leadership
PORTFOLIO.YVRAugust 17, 2025From Lebanon to Leadership: Ali Alame’s Mission to Protect Canada’s Critical Systems
PORTFOLIO.YVRAugust 17, 2025Irina Manolescu: Shaping Business Futures with MIV Advisory
