Writing

GRC Engineered

Practical writing on AI governance, cloud risk, and building compliance programs that actually scale.

AI Governance

ISO 42001 in Practice: What It Actually Takes to Implement AI Governance

Most ISO 42001 guides read like a standard summary. This one doesn't — here's what the gaps look like when you're in the room doing the actual work.

May 2025 7 min read

GRC Engineering

Automating Compliance Evidence with AWS SSM and Splunk

Why manual evidence collection is a liability, and how I built an automated pipeline that maps SSM outputs directly to SOC 2 control evidence.

Apr 2025 9 min read

Cloud Risk

CSPM Is Not a Product — It's a Practice

Wiz, ScoutSuite, and the tools are table stakes. The real work is building the process, escalation paths, and risk appetite that make alerts mean something.

Mar 2025 6 min read

Topics

All AI Governance GRC Engineering Cloud Risk Automation Career

Recent Posts

About

GRC Specialist at Cisco Splunk. ISO 42001 & 27001 Lead Auditor. CISA, CISM. Writing about engineering-grade compliance.