> Blog
I write about security compliance and GRC, including frameworks like CMMC, FedRAMP, NIST 800-53/171, ISO 27001, SOC 2, and PCI DSS. I also share insights on GRC automation and AI agents for streamlining compliance workflows.
Tool · Team · Trustee: A Simple Model for Ownership in Complex SaaS Environments
GRC / Operations
A practical way to clarify who funds, operates, and is accountable for shared SaaS tools and security platforms using the Tool · Team · Trustee model.
AI-Powered GRC Evidence Automation
GRC Automation / AI Agents
Exploring how AI agents can automate evidence collection, control testing, and compliance mapping to reduce manual GRC overhead.