Two Advisory Boards · Ten Open Seats

We are not looking for capital.
We are looking for seven people.

Two distinct boards. One validates that we are solving the right compliance workflow problems in the right way. The other validates that we can displace the incumbents currently holding the market hostage. Different expertise. Different networks. Different moments in the go-to-market.

This is a deliberate sequence. Advisory seats before funding. Domain fit before design partners. Design partners before raise. We are not racing to a premature launch in the most risk-averse segment in enterprise software.

Current State · Honest

What is built. What is not.
Why the sequence matters.

What is built
Core workflow infrastructure — board engine, card model, EAV storage layer, agent host orchestrator — in active development. Platform architecture fully designed across 21 modules. DXM Agent Host (bare metal Linux, TPM attestation, capability manifest engine) architected and in build. Three whitepapers and technical brief complete and available on request.
What is not built yet
The 49-workflow taxonomy is a roadmap, not a shipped catalog. The Bullshit Meter (Module 20 — sovereign knowledge graph validation) is designed, not yet implemented. The Claude API integration layer is staged for near-term development. We know exactly what we are building. We are building it deliberately.
Why advisory seats before funding
DXMachine operates in FFIEC examination cycles, HIPAA program operations, ITAR-controlled workflows, state mainframe modernization programs, and SAP exit projects. These are not domains where you learn from paying customers. Getting the domain right before going to market is the strategic move. The alternative is discovering domain gaps in front of the most risk-averse buyers in enterprise software. That is not a plan.
I
Domain Advisory Board
Six seats. Compliance workflow domain authority. These advisors validate that DXMachine solves the right problem in the right way for the right buyer — before the first customer signs. Pre-market. Critical path.
Why this board exists
The compliance workflows DXMachine targets are domain problems wearing software clothing. You cannot design the correct solution by reading the regulations. You need someone who has been accountable for the outcome when the examiner pulls a thread and finds something missing. These six seats bring that accountability into the design process before it is too late to change anything.
Domain · Seat 01
Open
Regulated Financial Services
FFIEC · OCC · Fed · FDIC · BSA/AML
The FFIEC examination cycle is DXMachine's primary financial services entry workflow. We need someone who has been on both sides of that examination — who understands not just what the examiner asks for, but what they are actually looking for, how they pull threads, and what a well-prepared response looks like versus one that invites more questions.
Looking for
  • Current or former CISO, CCO, or CRO at a mid-market bank, credit union, or regulated fintech
  • Direct accountability for FFIEC IT examination cycles — not as a consultant, as the person whose name was on the response
  • A view on where current GRC tooling fails the compliance team at the moment of examination
Not looking for
Big-four compliance consultants. People who advise on examination prep but have not owned the outcome.
Domain · Seat 02
Open
Healthcare Compliance Operations
HIPAA · HITECH · BAA · OCR · CMS
Healthcare compliance in a mid-to-large system is poorly served by generic GRC tooling. The BAA landscape, the OCR audit cycle, the interaction between clinical operations and compliance obligations — these require someone who has run a HIPAA program under examination pressure, not just implemented one.
Looking for
  • Chief Privacy Officer or Compliance Officer at a health system, hospital network, or regulated health tech company
  • Direct OCR audit response or breach notification experience — the moments where the compliance program is actually tested
  • Perspective on where AI creates new BAA exposure that existing vendor agreements do not cover
Not looking for
HIPAA training vendors. EHR implementation consultants. People whose primary experience is policy documentation rather than program operation under examination pressure.
Domain · Seat 03
Open
Defense & ITAR Operations
ITAR · CMMC · RMF · DCSA · DFARS
For defense and ITAR environments, sovereign execution is not an architectural preference — it is a legal requirement. We need someone who has managed export-controlled technical data in compliance workflow contexts and understands exactly where cloud AI creates unauthorized export exposure that organizations are currently treating as undocumented risk.
Looking for
  • Empowered Official, FSO, or ISSO at a defense contractor or ITAR-registered organization
  • Direct CMMC Level 2 or 3 assessment experience, or RMF ATO cycle ownership
  • Relationships in the defense industrial base that open design partner conversations
Not looking for
General cybersecurity advisors without specific ITAR or CMMC operational experience in controlled-data environments.
Domain · Seat 04
Open
Enterprise Architecture & Platform Failure
ERP · GRC · ITSM · Platform Migration
DXMachine's graveyard analysis — the six failure modes of universal enterprise platforms — is an intellectual argument. We want someone for whom it is a personal history. Someone who has been inside a failed SAP implementation, a ServiceNow deployment that became the thing everyone built their roadmap around escaping, a Salesforce consolidation that produced the exact lock-in pattern we are designing against.
Looking for
  • CTO, CIO, or Enterprise Architect with direct experience of the moment a platform relationship turns extractive
  • Ability to speak credibly to the source license model as a buyer, not as a concept
  • A view on what a compliance workflow platform needs to look like to earn trust from an organization that has been burned before
Not looking for
Technology optimists who have not lived the failure modes. Greenfield architects without remediation and recovery experience.
Domain · Seat 05
Open
Legal Operations · Regulated Industries
GC · Compliance Counsel · Regulatory Filing · Examination Response · Matter Management
The legal workflows AI is disrupting fastest — document review, contract analysis, regulatory filing preparation, examination response drafting — carry the highest audit exposure in regulated industries. We need someone who has managed legal workflows where chain of custody and defensibility were not optional, and who has hit the wall where general-purpose AI tools produced outputs that could not survive scrutiny.
Looking for
  • GC, Deputy GC, or senior compliance counsel at a regulated financial institution, health system, or defense contractor — someone whose legal work was routinely subject to regulatory examination
  • Direct experience with the specific document types where AI disruption is landing: examination response preparation, regulatory filing drafting, contract analysis for compliance obligations
  • Someone who has attempted to deploy AI tooling into a regulated legal workflow and encountered the audit trail gap firsthand
Not looking for
Legal tech investors or law firm innovation partners whose relationship to regulated legal work is advisory rather than operational. People whose primary experience is commercial rather than regulatory.
Full seat profile on Legal & Clinical page →
Domain · Seat 06
Open
Clinical Operations · Regulated Healthcare
Prior Authorization · Clinical Documentation · Coding · HEDIS · CMS · Accreditation
Clinical AI disruption is arriving simultaneously from multiple directions — prior authorization automation, ambient documentation, coding AI, care gap identification. Almost none of it produces the attestation record that CMS, OCR, or an accreditation body will require when they examine it. We need someone who has been accountable for clinical administrative workflows whose outputs regulators actually examined.
Looking for
  • VP of Clinical Operations, Director of Clinical Documentation Integrity, or equivalent at a health system or regional hospital network — accountable for workflow outputs that survived or failed regulatory examination
  • Direct experience with prior authorization operations at scale — specifically the governance gap between AI-assisted determinations and the ability to defend every one of them
  • Working knowledge of CMS prior auth requirements as they apply to AI-assisted decisions and what an OCR audit of AI-assisted clinical documentation actually looks like
Not looking for
Physicians whose primary relationship to clinical AI is as end users or conference advocates. Health IT vendors whose business model depends on the current tooling landscape.
Full seat profile on Legal & Clinical page →
II
Platform Migration Advisory Board
Four seats. Incumbent platform displacement expertise. These advisors validate the migration path, sharpen the sales motion, and carry credibility into accounts currently trapped in platforms DXMachine is designed to replace. Market-entry. High leverage.
Why this board is different
This board is not about domain knowledge. It is about platform-specific insider credibility. Someone who has navigated an SAP exit as the accountable decision-maker — not as the consultant — carries a completely different authority in a sales conversation with a prospect currently inside that situation. They are not selling DXMachine. They are describing their own experience. We need people with genuine scar tissue from specific platforms, weighted toward the ones where extraction complexity is hardest and budget exposure is highest. Jira and AuditBoard migrations are engineering problems we can solve ourselves. What requires a seat at this table is the platforms where the coupling goes deep, the politics go sideways, and the budgets go into the millions.
Migration · Seat M1
Open
SAP & Oracle Enterprise ERP
SAP S/4HANA · ECC · Oracle Fusion · EBS · GRC Module
SAP and Oracle represent the highest-complexity migration scenarios in the enterprise — deep coupling between compliance workflows and core ERP processes, a consultant ecosystem that financially benefits from prolonging the engagement, and organizational dynamics where "getting off SAP" has been on the IT roadmap for years without moving. This is the seat where insider credibility matters most and where we have no direct experience to draw on.
Looking for
  • CIO, CTO, or program executive who has owned an SAP or Oracle exit program — not managed it as a consultant, owned it as the accountable leader with the budget and the consequences
  • Direct experience with the political dynamics of escaping deep ERP coupling — the internal resistance, the consultant entrenchment, the sunk cost arguments that keep organizations stuck
  • Knowledge of which SAP compliance workflow modules have clean exit paths versus which require indefinite parallel-run
  • Network in the SAP/Oracle customer community — particularly mid-market organizations paying enterprise pricing for compliance workflows they could replace
Not looking for
SAP implementation consultants whose revenue depends on SAP staying installed. Anyone whose SAP experience is primarily implementation rather than extraction.
Migration · Seat M2
Open
State Medicaid IT · MITA & MMIS Operations
MITA · MMIS · APD · CMS · IBM z/Series · Gainwell · Conduent
The person this seat is looking for has spent serious time inside a state Medicaid IT program or a major MMIS implementer — not as a policy architect or a conference circuit presence, but as someone accountable for systems that processed real claims and failed in ways they personally had to fix. They understand the gap between what an SS-A documents and what the system actually does. They know the APD process well enough to construct one that CMS approves and that protects scope against internal budget redirection. And they have enough distance from the incumbent vendor ecosystem to speak candidly about where it fails.
Looking for
  • Senior technical leader from a major MMIS implementer — Gainwell, Conduent, DXC, or equivalent — with direct operational accountability for systems that ran in production at scale, not engagement management or pre-sales
  • Or: Senior MMIS program manager or Deputy Director of Medicaid IT from a state agency — the person who managed the SS-A cycle operationally, watched the documentation game play out, and knows which processes were papered over at which maturity level
  • Direct experience with the APD process — specifically, how to write APD language that is specific enough that CMS approves a named deliverable with defined milestones, rather than generic "modernization" language that gives the CTO's office discretion to redirect the allocation
  • Understanding of the CMS relationship as a scope protection mechanism — how to build the federal-side relationship so that approved APD deliverables have accountability above the agency level
  • Peer network built through shared operational experience — state Medicaid IT program managers, MESC, MMIS user groups — not conference circuit relationships
Not looking for
State CIOs or agency executives whose MMIS exposure was budgetary and political rather than operational. Anyone with active or recently-exited financial relationships with incumbent MMIS vendors — the conflict is real and the Medicaid IT ecosystem is small enough that it matters. The NASCIO conference circuit profile: title-credentialed, network-rich, and never accountable for a batch job that failed at 2am.
Migration · Seat M3
Open
Salesforce & Microsoft Ecosystem
Salesforce · Azure DevOps · Microsoft 365 · Power Platform · Dynamics
The Salesforce and Microsoft seat is less about migration technical complexity and more about the enshittification narrative from the buyer side. The pricing escalation. The acquisition rationalization. The forced upgrade to a product the customer did not choose. Regulated organizations running compliance workflows in ADO, Dynamics, or Salesforce GRC products have lived this cycle. Someone who survived it and found a way out carries a specific kind of credibility in a room full of people currently inside it.
Looking for
  • IT or compliance executive who has experienced the specific moment a Salesforce or Microsoft relationship turned extractive — the licensing audit, the price increase post-renewal, the product rationalization after acquisition
  • Direct experience with ADO or Azure-based compliance workflow management in a regulated environment and the specific gaps where Microsoft general-purpose tooling fails under examination pressure
  • A view on where Power Platform low-code compliance workflows break when regulators start asking questions
  • Network in regulated enterprise organizations where Microsoft and Salesforce dependency is high and frustration with pricing trajectory is real and growing
Not looking for
Microsoft or Salesforce partners and implementation consultants. People whose business model depends on the ecosystem staying intact. Advocates, not survivors.
Migration · Seat M4
Open
CMS · Federal Medicaid Policy
CMS · APD Review · MITA · 90/10 Matching · Federal-State IT Policy
The M2 seat owns the state side of the Medicaid IT relationship. This seat owns the federal side. The APD approval process — the mechanism through which states access 90/10 federal matching funds for Medicaid IT modernization — is gated by CMS reviewers who have specific, sometimes undocumented expectations about how deliverables are scoped, how milestones are defined, and what constitutes an approvable investment narrative. Someone who understands what CMS actually approves, and why, closes the loop on the most powerful funding mechanism available to state Medicaid IT programs.
Looking for
  • Former CMS policy official, federal project officer, or senior CMCS staff with direct experience reviewing and approving APD submissions — the person who read the state filings and decided what got funded
  • Working knowledge of how CMS evaluates MITA maturity claims in APD narratives — what language gets approved, what language gets questioned, and what the difference actually is
  • Understanding of the 90/10 matching structure as a platform positioning mechanism — how to frame a DXMachine deployment as a MITA-advancing investment that CMS will approve with named deliverables and defined milestones
  • Relationships on the federal side of the state-federal Medicaid IT relationship that complement the state-side network M2 brings
Not looking for
Medicaid policy generalists without direct APD review experience. Consultants who have written APDs for states but never been on the CMS side of the table evaluating them. Anyone with active financial relationships with incumbent MMIS vendors.
What We Offer

The upside is asymmetric
for the right people.

Working relationships with meaningful upside. Not honorary titles and logo placement. The specific terms will be discussed individually with each advisor — this is the honest framing of what that conversation looks like.

Equity Participation
Advisory equity commensurate with contribution and timing. Early advisors who help shape go-to-market and domain fit carry more risk and will be compensated accordingly. Terms to be discussed. We will not lowball people who are genuinely useful.
Category Creation
The people in the room when a new category gets defined are not anonymous. If DXMachine becomes the platform for AI-augmented compliance in regulated industries, the advisory boards that helped get it there will have a story worth telling. That is not a financial instrument. It is real.
Working Relationship
Not a quarterly check-in. We want advisors who will read a workflow design and tell us where it breaks, make an introduction when it matters, and tell us when we are wrong. In exchange, they see everything we are building before anyone else does.

"We are doing this right, or we are not doing it. A platform this close to examination-critical workflows and this close to the most consequential IT modernization programs in state government earns its position by getting the domain correct before the first customer signs — not after."

This is also a timing question. The advisors who join before the first design partner agreement is signed are joining at a different moment than those who join after. The category is not yet defined. The people who help define it will have shaped something, not just endorsed it.

If this is your domain,
we want to have the conversation.

No pitch deck. No NDAs on first contact. A direct conversation about the domain, the architecture, and whether there is genuine fit. If there is, we figure out the rest.

advisory@genreason.com
Read the investor thesis