SOC 2
14 analysesTrust Services Criteria, SOC 2 Type I and II, control design, evidence collection, auditor handoffs.
Browse all SOC 2 analyses →Private Practice
Private Compliance
Practitioner-depth analysis on the frameworks private-sector security and compliance leaders actually defend in audits. Written from inside the practice, not summarized from outside it.
AI Governance
37 analysesNIST AI RMF, EU AI Act, ISO 42001, agentic AI risk, model cards, AI incident response.
- AI Literacy Training Requirements: What the EU AI Act Article 4 Demands from Every Organization
- EU AI Act Prohibited AI Practices: The Eight Banned Uses That Take Effect February 2025
Cybersecurity
21 analysesNIST CSF, vulnerability management, incident response, security event escalation, tabletop exercises.
- PCI DSS 4.0 Compliance Requirements: The 12 Requirements Rebuilt for 2026
- CMMC 2.0 Compliance Guide: What Defense Contractors Need Before October 2026
GRC Engineering
22 analysesCompliance-as-code, continuous monitoring, third-party risk, control automation patterns.
- Cyber Risk Quantification with the FAIR Model: From Heat Maps to Dollar Amounts
- GRC Automation ROI: Building the Business Case for Engineering-Led Compliance
Cloud Security
4 analysesCSPM, the shared responsibility model, IaC compliance, cloud control planes.
- Cloud Shared Responsibility Model: Where Your Compliance Obligation Begins
- Cloud Security Compliance Frameworks: CSA CCM, ISO 27017, and SOC 2 Mapped for Multi-Cloud
See also: HIPAA (maintenance only, 32 published analyses).