The people behind the mission

Built by someone who has seen what's at stake

Diffidentia.ai was not born in a boardroom. It was built by someone who spent decades on the front lines — military and civilian — watching organizations fall through gaps that should never have existed.

Michael Hogue-Rennie — Founder of Diffidentia.ai
Michael Hogue-Rennie
Founder & CEO, Diffidentia.ai
U.S. Army Veteran · 14+ Years
Cybersecurity · 18 Years
Pentesting & Red Teaming
Threat Hunting & IR
Network Security & Architecture
LinkedIn michael@diffidentia.ai

Fourteen plus years wearing the uniform taught me things no certification ever could

Before there was Diffidentia, there was a young man who raised his right hand and swore an oath to protect something larger than himself. Fourteen plus years in the United States Army will change how you see the world. It will teach you discipline, yes — but more than that, it will teach you what it actually means when a system fails and real people pay the price.

The Army is also where the security career quietly began. Working in signals intelligence, Michael spent years learning to track adversaries through noise, read patterns in data that most people would never think to look at, and understand that in any conflict — physical or digital — the side that controls information controls the outcome. That perspective never left when the uniform came off.

"In the military, a misconfiguration is not just a ticket in a queue. It is a gap in a defense that someone, somewhere, will eventually find."

Every firewall rule left too permissive, every default credential left unchanged, every vulnerability left unpatched — Michael sees it through the same lens forged in service: a gap in a perimeter that will be tested. Not if. When.

Watching the same mistakes happen in boardrooms that happen on battlefields

The transition from military service to a civilian cybersecurity career was not a pivot — it was a continuation. The adversaries changed. The stakes stayed the same. Over 18 years Michael moved through the full arc of the profession: starting as a SIGINT analyst and threat hunter — learning how adversaries behave before most defenders even know they are in the network; evolving into red team infrastructure and penetration testing — actively breaking systems across government and fintech; and ultimately into security engineering and infrastructure hardening as a Senior Security Engineer and Cyber Network Defender — building the controls that make the attackers' job hard. Each phase informed the next. All of it shaped Diffidentia.

The pattern he kept seeing across government, enterprise, and fintech was consistent and frustrating: organizations were not being breached by sophisticated nation-state actors using zero-days. They were being breached by misconfigured cloud storage buckets, by firewall rules nobody reviewed in three years, by source code that went to production with hardcoded credentials still in it. A government agency with a eight-figure security budget. An enterprise with a CISO and a team of thirty. A fintech startup that had just closed a Series B. Preventable. Every single time.

Where it began
SIGINT analyst, threat hunter & OSINT analyst — government
The career started not with tools and terminals, but with signals intelligence. Working as a SIGINT analyst embedded in government environments, Michael spent the early years learning how adversaries behave before most defenders even know they are in the network — hunting threats, building OSINT profiles, and developing the analytical instincts that no certification teaches. It is one thing to read about how attackers think. It is another to spend years tracking them through the noise. That foundation never left.
Moving to offense
Red team infrastructure & penetration testing — fintech and government
The pivot to offensive security was a natural one. Armed with years of understanding how adversaries operate, Michael moved into building the infrastructure that red teams run their engagements from — purpose-built test environments designed to simulate real-world threat actors — then running the engagements themselves. Penetration tests and red team operations across fintech startups with customer financial data on the line and federal government environments with zero tolerance for exposure, balancing compliance with operational reality. The recurring lesson: the critical finding was rarely exotic. It was the rule nobody had reviewed, the credential nobody had rotated, the service nobody remembered enabling.
Hardening the perimeter
Security engineering & infrastructure hardening — Cyber Network Defender
The latter part of the career brought everything full circle. Working as a Cyber Network Defender and Senior Security Engineer, Michael shifted from finding the holes to making sure they could not exist in the first place — security engineering and infrastructure hardening across government agencies, large enterprise environments, and fintech organizations. Designing architectures, building controls, and running the reviews that turn a network from something an attacker can move through freely into something they have to work hard to get anywhere in. The years spent hunting threats and running red team engagements informed every decision — because the best defenders are the ones who have spent time thinking like the offense.
2026
Founded Diffidentia.ai
After nearly two decades of watching small organizations get security wrong — not because they didn't care, but because they didn't have the tools — Michael built one.

Michael holds an extensive portfolio of industry certifications earned across his career, spanning offensive security, defensive operations, intrusion analysis, and enterprise architecture:

EC-CouncilCEH Practical
(ISC)²CISSP
CompTIAPenTest+
CompTIASecurity+
CompTIALinux+
CompTIAData+
GIACGCIA
GIACGCIH
GIACGCED
GIACGSEC
GIACGCWN
GIACGDSA

The name means something

Diffidentia is Latin for distrust — specifically, a careful, disciplined skepticism. It is the opposite of assuming everything is fine because nothing has broken yet. It is the security mindset the Army instilled, and that nearly two decades of professional experience reinforced: trust nothing at face value, verify everything, and never let familiarity breed complacency.

The tool carries that philosophy through everything it does. When you connect a firewall config, it does not assume the rules are correct because they have always been there. When it reviews source code, it does not give credentials a pass because they look like placeholders. It questions. It verifies. It flags.

"I did not build Diffidentia for companies with eight-figure security budgets. I built it for the startup that just went to production, the small business holding customer data on a shoestring, the nonprofit that cannot afford a breach and cannot afford to ignore one either."

That is who this is for. The organizations who need security the most and have historically had the fewest tools to pursue it. That is the gap Michael spent 18 years watching exist, and decided to do something about.

Principles forged in service

Mission first
Fourteen plus years in the Army means one thing above all else: you do not let the mission fail because it was inconvenient. Security is the mission. Everything else is in service of it.
No one left behind
Enterprise security tools are not built for small teams. We are. A startup's data is just as worth protecting as a Fortune 500's.
Radical transparency
We do not sugarcoat findings. A misconfiguration is a misconfiguration. You cannot fix what you cannot see clearly — and we will always show you clearly.
Your data stays yours
Diffidentia runs on your local LLM. Your configs, your code, your vulnerability data — none of it leaves your machine. That is not a feature. It is a commitment.

Ready to question everything?

Diffidentia is actively being developed. Join the early access list and be the first to know when it is ready for your team.

Get early access