I spent 15+ years in Technology Risk Consulting and Internal Audit. I moved between KPMG, BDO, and Fortune 500 leadership roles. I have issued opinions on SOC 1, SOC 2, HITRUST, and HIPAA attestations for global organizations.
At BDO, I managed the Third-Party Risk Management practice group, running SOC 1, SOC 2, HITRUST, and HIPAA engagements across healthcare, financial services, and technology sectors. At Stryker, I managed the IT Audit function for a Fortune 500 medical device company: scoping, risk assessment, testing strategy, and the critical reliance relationship with external auditors.
My career is defined by a single methodology: Identify the Issue. Quantify the Risk. Design the Fix.
I do not identify compliance gaps and hand over a findings report. I engineer the controls that close them. My playbooks are built on the reality of operational audits, not the theory of content marketing.
In 2024, I launched The Audit Defense Library to solve a specific problem. There is a knowledge gap between rigid frameworks and agile execution. I am here to close it.
You should not have to pay a consultant to understand the baseline requirements of NIST, ISO, or HIPAA. I am building a technical directory of audit-ready answers for the compliance community. I provide the textbook for free. I partner with firms on the high-level strategy.
Every article in the Audit Defense Library reflects the same standard I applied to audit opinions at KPMG and BDO: verified, cited, and built for practitioners who need answers they can act on Monday morning.