Compliance

I support teams as they implement compliance programs—turning SOC 2, ITAR, and CMMC requirements into practical processes that fit how engineering actually works.

SOC 2 Type 2

Policy frameworks, evidence gathering, and audits aligned with delivery velocity.

ITAR

Controls and supplier practices that keep space and defense programs secure.

CMMC readiness

Gap analyses and remediation paths tuned for AWS GovCloud and mixed-stack deployments.

How I Help

Readiness scans, gap analyses, and pragmatic roadmaps
Policy/evidence frameworks that don’t slow delivery
Vendor assessments and secure supplier practices

Selected Work

Amazon Project Kuiper — third‑party security assessments at scale
Duro — SOC 2 Type 2; CMMC readiness on AWS GovCloud

Ready to talk?

Quick intro calls are the fastest way to see if I can help. No pitch decks.

Book a quick intro