Available for new engagements

Security+ · Vanta (SOC 2 Type I cycle) · Azure · SOC 2, HIPAA, GDPR & ISO 27001

Audit-ready compliance without a full-time security hire

I implement and run Vanta programs for small healthcare and B2B SaaS teams — SOC 2, HIPAA, GDPR, and ISO 27001 readiness plus hands-on Azure hardening.

SOC 2 HIPAA GDPR ISO 27001 Vanta
84 → 13
Vulnerabilities reduced
15+
Azure services hardened
1
Full SOC 2 Type I cycle via Vanta

Compliance and engineering rarely sit on the same desk

Most GRC consultants know SOC 2, HIPAA, GDPR, and ISO 27001 frameworks but cannot remediate failing Vanta tests or harden Azure. Most cloud engineers can fix infrastructure but do not know what auditors need in evidence.


I handle both in one engagement: Vanta program management, policy and control work, and hands-on remediation. One point of contact, faster path to audit-ready.

GRC
GRC + Technical SOC 2, GDPR, and ISO 27001 control work combined with hands-on Azure hardening in one engagement
HIP
Healthcare & SaaS HIPAA programs, BAA management, and PHI-adjacent infrastructure on Azure
VTA
Vanta-native delivery Administered Vanta through a complete SOC 2 Type I cycle — setup, integrations, remediation, and evidence

Services

Scoped engagements for startups preparing for their first audit or adding a new framework in Vanta.

SOC
SOC 2 Readiness

End-to-end Type I or Type II preparation in Vanta — test remediation, evidence collection, risk register, policy approvals, and auditor coordination.

Who it's for: B2B SaaS startups (roughly 10–50 people) pursuing their first SOC 2 on Azure.

HIP
HIPAA Compliance

HIPAA Security Rule program setup — BAA management, PHI data mapping, policies, workforce training, and ongoing monitoring in Vanta.

Who it's for: Healthcare or health-adjacent startups handling PHI and selling to covered entities.

MFW
GDPR & ISO 27001 Readiness

Framework mapping, gap assessment, and control implementation in Vanta for EU data protection and ISO 27001 certification paths.

Who it's for: Startups expanding into EU markets or customers requiring ISO 27001 attestation.

AZ
Azure Security Hardening

Key Vault migration, TLS configuration, diagnostic logging, network security, Entra ID MFA, and remediation aligned to Vanta automated tests.

Who it's for: Teams on Azure whose Vanta tests fail on infrastructure or identity controls.

VTA
Vanta Implementation

Full Vanta setup — integrations (cloud, IdP, HR), policy library, control mapping, and team training for day-to-day compliance workflows.

Who it's for: Startups new to Vanta or switching frameworks and needing a clean baseline.

RET
Ongoing Retainer

Monthly Vanta maintenance, new failing test remediation, vendor risk, pen test coordination, and keeping posture current between audits.

Who it's for: Post-audit teams that need fractional security support without a full-time hire.

From first call to audit-ready

A structured engagement model built for lean teams — clear phases, no open-ended consulting hours.

01
Discovery call

30 minutes to understand your frameworks, timeline, stack, and whether Vanta is already in place.

02
Gap assessment

Review controls, Vanta test results, and Azure posture against your target framework(s).

03
Remediation roadmap

Prioritized plan — what to fix first, what evidence to collect, and what can wait until after Type I.

04
Audit-ready

Evidence packaged, policies approved, failing tests resolved, and your team prepared for the auditor or customer questionnaire.

Healthcare AI startup — SOC 2 Type I + HIPAA

SOC 2 Type I + HIPAA Audit Preparation
27-person healthcare AI startup · Seattle, WA · Azure infrastructure · Audit date: June 12, 2026
Completed
Sole security lead 27-person team Vanta + Azure SOC 2 Type I HIPAA

Served as the only security practitioner at a HIPAA-regulated healthcare AI startup in Seattle — owning Vanta administration, control remediation, Azure hardening, and audit preparation end to end.

Administered Vanta from scratch through complete audit cycle
Reduced Dependabot vulnerabilities from 84 to 13
Hardened Azure infrastructure across 15+ services
Migrated plaintext credentials to Key Vault references
Closed open SSH port, upgraded TLS cipher suite
Coordinated third-party pen test with NYP
Managed risk register with 15+ risk scenarios
Built network diagram, managed vendor BAA tracking

How I work with startup teams

I'm a compliance and cloud security consultant based in Seattle. I help small healthcare and B2B SaaS companies implement Vanta and harden Azure for SOC 2, HIPAA, GDPR, and ISO 27001 readiness — as a single practitioner who owns both the GRC program and the technical remediation.


Most recently I served as the sole security lead for a 27-person healthcare AI startup through SOC 2 Type I and HIPAA audit preparation: Vanta setup, failing test remediation, risk register, vendor BAAs, and infrastructure fixes across 15+ Azure services.


Connect on LinkedIn →

B.S. Cybersecurity, University of Washington Bothell (2026)

Credentials

CompTIA Security+ (Active)
AZ-500 Azure Security Engineer (expected 2026)
CompTIA Network+ (Active)
Google Cybersecurity Certificate

Common questions

Do you perform SOC 2 audits?

No. Only licensed CPA firms can issue SOC 2 reports. I get your team audit-ready — Vanta configured, controls implemented, evidence collected, and gaps remediated before you engage an auditor.

How does this work with Vanta?

Vanta is the system of record for controls, tests, and evidence. I set up integrations, remediate failing automated tests, maintain policies and the risk register, and prepare your team for what auditors and customers will ask for.

Do you only write policies, or do technical work too?

Both. I handle GRC program work and hands-on Azure remediation — Key Vault, TLS, logging, identity, and vulnerability fixes — so you are not coordinating separate GRC and engineering vendors.

What size companies do you work with?

Primarily small startups, roughly 10–50 employees, often on Azure, preparing for a first SOC 2, HIPAA, GDPR, or ISO 27001 engagement or adding a framework in Vanta.

What does the first engagement look like?

We start with a free 30-minute discovery call, then a scoped gap assessment. You receive a prioritized roadmap; implementation can be project-based or a monthly retainer depending on your timeline.

Book a free 30-minute discovery call

Tell me which frameworks you need — SOC 2, HIPAA, GDPR, or ISO 27001 — and where you are with Vanta and Azure. I will follow up to schedule a no-commitment gap conversation.