Financial Infrastructure · DevOps · Boston

Engineering inside
financial services.

Ten years across private equity, retail, and asset management. Real technical experience covering infrastructure, cloud, security, and trading systems. Written plainly to help other engineers navigate this world.

Michael Harlow
Michael Harlow // sys.ghost  ·  Boston, MA
☕ Buy me a coffee
Latest post
Every engineering org I talk to is running AI agents somewhere in production now. Almost none of them have figured out how to operate them the way we operate everything else that touches customer data.
Jul 14, 2026 · 11 min read
Read →
Latest post
Every engineering org I talk to is running AI agents somewhere in production now. Almost none of them have figured out how to operate them the way we operate everything else that touches customer data.
Jul 14, 2026 · 11 min read
Read →
All posts

Archive

We scheduled a Technology Connect event for our engineering team and built a lineup of games around AI and infrastructure topics. Here's how we put it together and what I'd do differently.
← Back to posts
Finance Tech May 29, 2026 · 14 min read

Investment Management Technology in 2026: The Trends Actually Reshaping the Industry

Investment Management Technology in 2026: The Trends Actually Reshaping the Industry

Every year the big consulting firms publish their investment management technology outlook reports. They are usually right about what is happening and wrong about how fast it is happening. The timelines slip, the budgets get cut, and the legacy systems survive another cycle.

I have been building and maintaining infrastructure inside investment management firms for over a decade, across private equity, retail asset management, and institutional investment operations. What I am writing about here is not what the reports say. It is what I am seeing in the systems I work on and the conversations I am having with engineers and architects at peer firms right now.

Some of these trends are exciting. Some are genuinely hard problems. All of them are real.

The T+1 Hangover Is Still Being Felt

The United States moved to T+1 equity settlement in May 2024. Canada followed. The UK and Europe are in various stages of their own transitions. The regulatory intent was clear: faster settlement reduces systemic risk. The operational reality was that a lot of firms discovered their middle and back office infrastructure was not built for the pace that T+1 requires.

Affirmation deadlines moved from the morning after trade date to the evening of trade date itself. That sounds like a small change. For firms running overnight batch processes, reconciling positions against custodians in the early hours, and relying on next-day corrections to handle breaks, it was a significant re-architecture problem.

I spent much of late 2024 and into 2025 on exactly this: pulling processes out of overnight batches and moving them into near-real-time streams. The infrastructure challenge is not just latency. It is that the whole ecosystem of counterparty communication, custodian data feeds, and reconciliation tooling was built around the assumption that you had hours to work with, not minutes.

The firms that handled T+1 well were the ones that had already been investing in event-driven architecture. The ones that struggled were those where core settlement processes were still tightly coupled to end-of-day batch runs. That gap is now a competitive and compliance risk, and it is driving a wave of middle office modernisation that is likely to continue for several more years as other markets follow the US schedule.

Real-Time Portfolio Analytics Are No Longer Optional

Related to T+1 but broader in scope: the expectation that portfolio managers can see accurate, real-time position and risk data throughout the trading day has shifted from a differentiator to a baseline expectation.

Five years ago, intraday position data was a competitive advantage for larger firms. Smaller managers accepted that their portfolio analytics would be based on prior-close positions updated with intraday estimates. That is no longer commercially acceptable for most client-facing strategies, and regulators are increasingly expecting firms to demonstrate real-time risk awareness.

The infrastructure required to do this properly is non-trivial. You need streaming data pipelines from execution venues, real-time price feeds that are properly cleaned and validated, a position-keeping engine that can handle the volume and latency of intraday updates, and analytics that can run against a constantly-changing dataset without either lagging behind or producing inconsistent snapshots.

What I find interesting about this trend is how it is changing the build-versus-buy calculation. The established portfolio management system vendors have been slow to move their core platforms to real-time architectures because doing so requires re-writing engines that have decades of client customisation baked in. This is creating real openings for newer platforms built natively on streaming infrastructure, and I am seeing more firms seriously evaluate switching costs that they would not have considered two or three years ago.

Cloud Migration Has Entered Its Messy Middle Phase

Investment management was a late adopter of cloud infrastructure compared to most industries. Regulatory concerns about data residency, latency sensitivity for trading workloads, and the general risk-aversion of the industry meant that cloud migration often stalled at the "lift the development environment" stage while production workloads stayed on-premises.

That phase is broadly over. Most firms I have contact with now have meaningful production workloads in the cloud, including some that were previously considered untouchable. What we are now in is what I think of as the messy middle: enough is in the cloud that you have real cloud costs to manage and real cloud security posture to maintain, but enough is still on-premises that you are running a genuinely hybrid environment with all the complexity that entails.

The interesting technology problems in this phase are not "should we go to the cloud" but rather: how do we get consistent security policy enforcement across cloud and on-premises, how do we manage costs that are now variable in ways our fixed-infrastructure budgeting never had to account for, and how do we handle the latency requirements of workloads that span both environments.

On the cost side specifically, I have seen a pattern that surprises people: cloud migration often increases infrastructure costs in the medium term before the efficiency gains materialise. The firms that went in with a detailed unit economics model have fared better than those that went in with a general assumption that cloud would be cheaper. If you are early in a migration, model your costs at the workload level before you commit.

The Alternative Data Integration Problem

The use of alternative data in investment research and portfolio construction has been a persistent trend for several years. Satellite imagery of retail parking lots, credit card transaction aggregates, shipping container tracking, social media sentiment, web traffic estimates. The research case for these datasets is often compelling. The operational case is frequently a mess.

The fundamental challenge is that alternative data sources are radically non-uniform. Each vendor has its own data format, delivery mechanism, update frequency, and quality characteristics. The schema changes without notice. The coverage changes without notice. The vendor goes out of business or gets acquired and the feed disappears. Integrating one well-maintained traditional data source is an engineering project. Integrating twenty alternative data sources of varying quality is a data engineering and governance problem of a different order.

I have worked with firms that have built impressive alternative data pipelines and firms that have abandoned the effort after significant investment. The difference between them is almost never the data itself. It is whether they treated the integration infrastructure as a first-class engineering problem rather than a series of one-off scripts, and whether they had a data governance framework that could accommodate sources that do not behave like traditional market data.

The trend I am watching here is the emergence of alternative data platforms that try to normalise delivery and quality across multiple vendors. Some of these are good. None of them solves the fundamental problem that you still need to understand each source well enough to know when its quality has degraded, and that work cannot be fully abstracted away.

RegTech Is Growing Up

Regulatory technology has been talked about as a transformative force in financial services for at least eight years. The transformation has been slower than advertised, but the underlying investment has compounded and there is now a generation of RegTech tooling that is genuinely mature and genuinely useful.

The areas where I see the most traction are transaction monitoring, regulatory reporting, and compliance surveillance. These are not glamorous use cases, but they are areas where the cost of manual processes is directly measurable and where automated tooling can demonstrably reduce both cost and error rates.

The more interesting development, and the one I think will matter more over the next few years, is the integration of AI into compliance workflows. Not in the "AI will replace your compliance team" framing that gets written about breathlessly, but in more specific and credible applications: classifying communications for surveillance purposes, identifying anomalies in trading patterns that warrant human review, summarising regulatory updates and identifying their impact on specific business lines.

I have a particular interest in the communications surveillance space because the data volumes involved are enormous and the signal-to-noise problem is genuinely hard. Getting AI to surface the small number of communications that warrant compliance review from a corpus of millions of emails and messages per day is a problem where the technology is now good enough to be useful, but where the deployment and governance challenges remain significant. Regulated firms cannot simply point a model at their communications data without answering hard questions about data handling, model explainability, and the audit trail around decisions made or escalated.

The Front-to-Back Data Model Remains Elusive

One trend that I have watched get promised and not delivered repeatedly is the truly integrated front-to-back data model: a single, consistent view of positions, valuations, risk, and cash that is shared across the front office, middle office, and back office without reconciliation gaps.

The aspiration is clear. Portfolio managers should be working with the same numbers that operations is reconciling against and that finance is using for P&L. In practice, most firms operate with multiple systems of record that are reconciled nightly, with the gaps managed by exception processes that have been running for years and are maintained by people who are the only ones who fully understand them.

The reason this keeps not getting solved is that it is genuinely hard. The front office wants data that is optimised for speed and usability. The back office wants data that is optimised for auditability and regulatory completeness. These are not the same data, and the systems that serve them have been built for their specific purposes over many years.

What I think is changing is not that this problem is getting solved, but that the cost of not solving it is rising. Real-time settlement requirements, intraday risk reporting expectations, and the growing use of AI on operational data all assume a level of data consistency that the classic reconciliation-gap model cannot provide. Firms that want to take advantage of the new technology capabilities increasingly need to address the foundational data architecture first.

Cybersecurity in Financial Services: The Threat Surface Is Changing

This is not strictly an investment management trend but it affects every infrastructure decision we make. The threat surface for financial services firms has changed significantly over the past three years and continues to evolve.

The move to cloud and hybrid infrastructure has expanded the perimeter in ways that traditional network security models were not designed for. The growth of third-party connectivity, from data vendors to execution platforms to regulatory reporting services, creates attack vectors that are harder to monitor and control than the internal network. The rise of AI-assisted attacks means that phishing and social engineering attempts are better targeted and harder to distinguish from legitimate communications.

What I find genuinely concerning from an infrastructure standpoint is the combination of legacy systems and modern connectivity. A lot of investment management infrastructure includes systems that were built before modern security practices and have not been meaningfully updated. These systems are now connected to cloud environments and third-party services in ways that their original architects did not anticipate. The risk is not theoretical.

The firms investing most seriously in security right now are treating it as an infrastructure discipline rather than a compliance checklist. That means security engineers embedded in platform teams, automated policy enforcement across cloud and on-premises environments, and security posture monitoring that can detect anomalies before they become incidents. That model is more expensive than the checkbox model and genuinely harder to sustain, but the alternative is increasingly untenable.

What This Means if You Are Building Infrastructure Here

If you are an engineer or architect working in investment management technology right now, a few practical observations from where I sit.

The skills that are most valuable have shifted toward data engineering and distributed systems. The classic investment management technologist who was expert in the specific quirks of portfolio management systems and trading platforms is still valuable, but the work that is growing is around the data infrastructure layer: pipelines, streaming, governance, integration. If you are early in your career in this space, invest time in understanding event-driven architectures and data platform engineering. They are directly applicable to the problems this industry is now trying to solve.

Domain knowledge remains a genuine differentiator. The tools are getting better but the problems are still specific to this industry in ways that take years to fully understand. T+1 settlement, position reconciliation, fund accounting, regulatory reporting: these are domains where technical skill without domain context produces systems that technically work and practically fail. The engineers who combine solid technical foundations with real understanding of how the business works are the ones I see having the most impact.

The rate of change is accelerating. Investment management technology was historically conservative and slow-moving. That is less true now. The combination of regulatory pressure, competitive pressure, and the genuine capability improvements in AI and data tooling is forcing change at a pace the industry has not seen before. If you have been able to run on existing knowledge for a while, now is a good time to reinvest in learning.

I find this moment genuinely interesting to be working in. The problems are hard, the stakes are real, and the gap between what is possible and what most firms are currently doing is large enough that good engineering work has clear, measurable impact. That combination does not come along often.

Found this useful?
☕ Buy Michael a Coffee
← More posts

Hey, I'm Michael Harlow.

Senior Systems Engineer · Boston, MA · Writing as sys.ghost

I have spent over a decade building and maintaining infrastructure at the intersection of technology and financial services. My career has taken me through three distinct sectors -- technology, private equity, and asset management -- and each one changed how I think about what reliable infrastructure actually requires.

I started in general IT, which is where most engineers who did not go straight into software end up. Data centers, networking, on-call rotations, learning to label cables properly because unlabeled cables are a promise that someone else will suffer later. The work taught me that almost every sophisticated system is, one layer down, a collection of unglamorous fundamentals that either hold or do not. I still believe that. I still label everything.

Private equity came next, and it was a different world. The infrastructure stakes there are less about uptime and more about data integrity. When deal teams are making acquisition decisions based on data you are responsible for, and when a due diligence process has a hard deadline that does not move regardless of what broke overnight, your relationship with reliability changes. A wrong number in an LP report does not cause an immediate incident. It causes a conversation in a partner meeting six weeks later, and by then you need to reconstruct what happened from imperfect records. I became obsessive about data provenance in PE and I have not stopped.

For the past several years I have been in asset management, supporting trading and investment operations infrastructure. This is the environment I find most technically interesting. The compliance requirements are demanding, the legacy systems have long institutional memories, and the tolerance for operational errors is genuinely low -- not just in terms of business impact, but in terms of regulatory consequence. When markets are open, there is no fixing it after the weekend.

I started Packet & Profit in January 2026 because I kept looking for the kind of writing I wanted to read and finding it mostly did not exist. There is a lot of content for engineers online. There is much less written by engineers working specifically inside regulated financial services firms, being honest about what that actually involves day to day. The compliance conversations, the legacy constraints, the incident management in front of stakeholders who measure downtime in dollars per minute. That is what I write about here.

Outside of work I have been running a Saturday morning robotics course at my local YMCA for kids aged 10 to 14. It is one of the better decisions I have made.

Certifications

Red Hat Certified Engineer (RHCE)
Certified Kubernetes Administrator (CKA)
AWS Solutions Architect -- Associate
CompTIA Security+
HashiCorp Vault Associate

My Stack

RHEL / Ubuntu
Kubernetes
OpenShift
Terraform
Ansible
Prometheus
Grafana
Python / Bash
AWS / Azure
Cisco / Palo Alto
PostgreSQL
Redis
HashiCorp Vault
Fluent Bit
Helm
ArgoCD

Career

2022 -- Present
Senior Systems Engineer, Asset Management -- Boston, MA
Leading infrastructure for trading operations and investment management systems. Responsibilities span network security, cloud migration strategy, Kubernetes platform engineering, and incident response. Deeply involved in T+1 settlement infrastructure work and the shift from overnight batch processing to near-real-time event-driven architecture.
2018 -- 2022
Systems Engineer, Private Equity -- Boston, MA
Built and maintained data infrastructure supporting deal teams, portfolio monitoring, and investor reporting. Managed infrastructure through multiple due diligence cycles with hard deadlines and high data integrity requirements. Led a major data platform migration from on-premises to cloud-hosted infrastructure, including security controls satisfying LP and regulatory requirements.
2015 -- 2018
Infrastructure Engineer, Retail Technology
Supported inventory management, real-time pricing, and supply chain integration systems across a high-SKU retail environment. Operated under peak load conditions where scale was a concrete engineering problem rather than an abstract one. Built out monitoring and alerting infrastructure from scratch and managed a full data center relocation.
2013 -- 2015
IT Engineer, Technology Sector
Established the professional fundamentals: data center operations, network infrastructure, endpoint management, and the on-call rotations that teach you more about system fragility than any textbook. Developed an appreciation for cable labeling that has never left me.

Get in Touch

If you are an engineer working in financial services, curious about the career path, or have a question about something I have written, I would genuinely like to hear from you. Use the and I will get back to you. If something here has been useful, a coffee is always appreciated.

A note on anonymity: I write under my own name but keep my current employer private. The financial services industry is small, the regulatory environment is real, and I want to write honestly without those constraints. All incidents and case studies on this site are anonymised. The technical content is real; identifying details are not.
Get in touch

Contact

Whether you are an engineer in financial services, have a question about something I have written, or just want to say hello - feel free to reach out. I read everything.

Powered by Resend · No spam, ever

Legal

Privacy Policy

Last updated: April 2026

This policy explains what information Packet & Profit collects when you visit this site, how it is used, and what choices you have.

Information We Collect

We do not require you to create an account or provide personal information to read this blog. The only personal information we collect is what you voluntarily submit through the contact form: your name, email address, and message. This information is transmitted via Resend and used solely to respond to your enquiry.

Google AdSense and Advertising

This site uses Google AdSense to display advertisements. Google AdSense uses cookies and similar tracking technologies to serve ads based on your prior visits to this and other websites. This means Google may use information about your visits to this site to show you personalised ads on other sites across the web.

You can opt out of personalised advertising by visiting Google Ads Settings, aboutads.info, or optout.networkadvertising.org. See Google advertising policies for more.

Cookies

This site uses a single first-party cookie to remember your theme preference (light or dark mode). This cookie contains no personal information. Third-party cookies may be set by Google AdSense for advertising purposes as described above.

Analytics

This site does not currently use any analytics platform beyond what Vercel provides as part of its standard hosting service (aggregated, anonymised traffic data).

Contact Form

When you submit the contact form, your name, email address, subject, and message are transmitted to the blog author via Resend. This data is not stored by this site and is not shared with any third party beyond Resend. See Resend's privacy policy for details.

Third-Party Links

Posts on this site may link to external websites. We are not responsible for the privacy practices or content of those sites.

Your Rights

If you have submitted a message via the contact form and would like that information removed, or if you have any questions about this policy, please use the contact form to get in touch.

Changes to This Policy

We may update this policy from time to time. The date at the top of this page reflects when it was last revised.

Legal

Terms of Service

Last updated: April 2026

By accessing and using Packet & Profit (packetandprofit.com), you agree to be bound by these Terms of Service. If you do not agree, please do not use this site.

Use of Content

All written content, illustrations, and code examples published on this site are the original work of Michael Harlow unless otherwise stated. You are welcome to share links to posts and quote brief excerpts (with attribution), but you may not reproduce full articles, copy content to other websites, or use the content for commercial purposes without written permission.

No Professional Advice

Content published on this site reflects personal opinions and professional experience. It is provided for informational and educational purposes only. Nothing on this site constitutes financial, investment, legal, or professional advice of any kind. See the for more detail.

Third-Party Links

This site may contain links to third-party websites. These links are provided for convenience and do not constitute an endorsement of the linked site or its content. We have no control over and accept no responsibility for external sites.

Advertising

This site participates in Google AdSense, which displays advertisements from third-party advertisers. The presence of an advertisement does not constitute an endorsement of the advertiser's products or services. Ad content is determined by Google based on the content of this site and your browsing history.

Accuracy of Information

While we make every effort to ensure the accuracy of information published on this site, technology and financial markets change rapidly. Information that was accurate at the time of publication may become outdated. We do not warrant the completeness, accuracy, or timeliness of any content on this site.

Limitation of Liability

To the fullest extent permitted by law, Packet & Profit and its author shall not be liable for any direct, indirect, incidental, or consequential damages arising from your use of, or inability to use, this site or its content.

Changes to These Terms

We reserve the right to update these terms at any time. Continued use of the site following any changes constitutes your acceptance of the revised terms. The date at the top of this page reflects the most recent revision.

Contact

If you have questions about these terms, please use the .

Legal

Disclaimer

Last updated: April 2026

Packet & Profit is a personal blog written by Michael Harlow, a Systems Engineer based in Boston, MA. The views expressed here are entirely his own and do not represent those of any employer, client, or organisation he is affiliated with.

Not Financial or Investment Advice

This site discusses financial services technology, investment management infrastructure, and related engineering topics from a technical practitioner's perspective. Nothing published here is financial advice, investment advice, or a recommendation to buy, sell, or hold any security, asset, or financial instrument. The author is not a registered financial adviser, broker, or investment professional.

Content that references financial markets, trading systems, or investment firms is provided for technical and educational context only. Any figures, case studies, or examples are illustrative and should not be relied upon for financial decisions.

Not Legal or Professional Advice

Nothing on this site constitutes legal, compliance, regulatory, or professional advice. Readers should consult qualified professionals for advice specific to their circumstances.

Professional Experience

Posts on this site draw on the author's professional experience in systems engineering across private equity, retail technology, and asset management. Specific details about employers, clients, projects, and colleagues have been anonymised or generalised. Any resemblance to specific organisations is incidental.

Accuracy

The author makes reasonable efforts to ensure published information is accurate at the time of writing. The technology and financial services landscape changes quickly. Readers should verify any technical or regulatory information against current primary sources before acting on it.

Affiliate Links and Advertising

This site displays advertisements through Google AdSense. The site may also contain links to tools, services, or products that the author uses or finds useful. These are not paid endorsements unless explicitly stated. The author's opinions are his own and are not influenced by advertisers.

Questions

For questions about anything on this site, please use the .

This site uses cookies for theme preferences and displays ads via Google AdSense, which may use cookies to personalise ads.