Blog
I write about security compliance and GRC, including frameworks like CMMC, FedRAMP, NIST 800-53/171, ISO 27001, SOC 2, and PCI DSS. I also share insights on GRC automation and AI agents for streamlining compliance workflows.
Tool · Team · Trustee: A Simple Model for Ownership in Complex SaaS Environments
GRC / Operations
A practical way to clarify who funds, operates, and is accountable for shared SaaS tools and security platforms using the Tool · Team · Trustee model.
AI-Powered GRC Evidence Automation
GRC Automation / AI Agents
Exploring how AI agents can automate evidence collection, control testing, and compliance mapping to reduce manual GRC overhead.
CMMC 2.1 for Cloud Teams
CMMC / Cloud Security
Practical guidance for cloud engineering teams implementing CMMC 2.1 (NIST 800-171) controls in modern cloud environments.
FedRAMP Continuous Monitoring Best Practices
FedRAMP / Continuous Monitoring
Strategies for maintaining FedRAMP authorization through effective continuous monitoring and automated compliance reporting.