Building practical AI-powered compliance systems.

I design and build practical AI-powered compliance systems. My work connects compliance requirements to operational data, automates repetitive workflows, and helps security, IT, and engineering teams understand—not just document—their compliance posture. The goal is simple: spend less time chasing evidence and more time improving systems.

sourceOkta, Jamf, Jira, GitHub, HRIS
modelOperating model
workflowAgents collect, map, and draft
reviewHumans approve evidence

What I build

An operating model for compliance automation.

The central idea is not AI agents by themselves. It is the platform they operate against: a normalized view of operational data, control state, evidence, findings, and human review.

Continuous compliance

Move from periodic evidence collection to ongoing visibility into control state and operational exceptions.

MonitoringEvidencePosture

Operational data

Normalize signals from HR, identity, device, ticketing, security, and quality systems into one usable model.

HRISMDMQMS

Control evaluation

Turn compliance requirements into checks, workflows, review queues, and evidence records.

ControlsFindingsAudits

Human oversight

Use agents to collect, analyze, and explain while keeping accountability with the teams who own the work.

AgentsReviewDecisions

Ideas

Compliance systems should start from operational reality.

The examples matter, but the point of view matters more: compliance automation works when operational data, controls, agents, and people share the same model.

01

Continuous Compliance

Modern compliance should not depend on quarterly scrambles or screenshot hunts. The systems should know what changed, what needs review, and what evidence already exists.

  • Device coverage monitoring
  • Training and lifecycle exceptions
  • Vulnerability and asset-return workflows
02

Operational Data

The hard part is not connecting APIs. It is creating a canonical representation of compliance state from messy operational systems.

  • HRIS and identity correlation
  • Asset and owner mapping
  • Ticketing and control evidence alignment
03

AI Agents

Agents are most useful when they operate against a shared model. They can collect, analyze, explain, and recommend without pretending to own the decision.

  • Auditor question answering
  • Evidence retrieval
  • Drafted control responses
04

Control Evaluation

Controls become more valuable when they are connected to system behavior, exception handling, and review outcomes.

  • Automated checks
  • Exception queues
  • Control-aligned records
05

Human Oversight

Automation should make accountability clearer, not blur it. People still approve evidence, own remediation, and decide what risk means.

  • Review workflows
  • Evidence approval
  • Engineering, security, IT, quality, and auditor collaboration

Operating Model

A shared representation of compliance state that agents and people can reason over.

Modern compliance should not depend on periodic evidence collection. I build systems that continuously connect operational data to compliance requirements, allowing automation and AI agents to work against the same view of an organization's compliance posture.

Enterprise Systems

HRISIdentityAsset MgmtMDMEDRTicketingQMSCloud

Compliance Platform

NormalizeCorrelateEvaluateMonitor

AI Agents

CollectAnalyzeExplainRecommend

People

EngineeringSecurityITQualityAuditors

Principles

Automation should make compliance more legible.

  • Build around existing tools.
  • Avoid vendor lock-in.
  • Automate repetitive work.
  • Humans remain accountable.
  • Design for audits from day one.

Current experiments

A living bench for what comes next.

This section is intentionally easy to update as tools, standards, and workflows change.

MCP servers for GRC
Multi-agent compliance workflows
Continuous ISO monitoring
Shared compliance operating models
AI-assisted control testing