Continuous compliance
Move from periodic evidence collection to ongoing visibility into control state and operational exceptions.
I design and build practical AI-powered compliance systems. My work connects compliance requirements to operational data, automates repetitive workflows, and helps security, IT, and engineering teams understand—not just document—their compliance posture. The goal is simple: spend less time chasing evidence and more time improving systems.
An operating model for compliance automation.
The central idea is not AI agents by themselves. It is the platform they operate against: a normalized view of operational data, control state, evidence, findings, and human review.
Move from periodic evidence collection to ongoing visibility into control state and operational exceptions.
Normalize signals from HR, identity, device, ticketing, security, and quality systems into one usable model.
Turn compliance requirements into checks, workflows, review queues, and evidence records.
Use agents to collect, analyze, and explain while keeping accountability with the teams who own the work.
Compliance systems should start from operational reality.
The examples matter, but the point of view matters more: compliance automation works when operational data, controls, agents, and people share the same model.
Modern compliance should not depend on quarterly scrambles or screenshot hunts. The systems should know what changed, what needs review, and what evidence already exists.
The hard part is not connecting APIs. It is creating a canonical representation of compliance state from messy operational systems.
Agents are most useful when they operate against a shared model. They can collect, analyze, explain, and recommend without pretending to own the decision.
Controls become more valuable when they are connected to system behavior, exception handling, and review outcomes.
Automation should make accountability clearer, not blur it. People still approve evidence, own remediation, and decide what risk means.
A shared representation of compliance state that agents and people can reason over.
Modern compliance should not depend on periodic evidence collection. I build systems that continuously connect operational data to compliance requirements, allowing automation and AI agents to work against the same view of an organization's compliance posture.
Automation should make compliance more legible.
A living bench for what comes next.
This section is intentionally easy to update as tools, standards, and workflows change.