Security+ · Vanta (SOC 2 Type I cycle) · Azure · SOC 2, HIPAA, GDPR & ISO 27001
I implement and run Vanta programs for small healthcare and B2B SaaS teams — SOC 2, HIPAA, GDPR, and ISO 27001 readiness plus hands-on Azure hardening.
Most GRC consultants know SOC 2, HIPAA, GDPR, and ISO 27001 frameworks but cannot remediate failing Vanta tests or harden Azure. Most cloud engineers can fix infrastructure but do not know what auditors need in evidence.
I handle both in one engagement: Vanta program management, policy and control work, and hands-on remediation. One point of contact, faster path to audit-ready.
Scoped engagements for startups preparing for their first audit or adding a new framework in Vanta.
End-to-end Type I or Type II preparation in Vanta — test remediation, evidence collection, risk register, policy approvals, and auditor coordination.
Who it's for: B2B SaaS startups (roughly 10–50 people) pursuing their first SOC 2 on Azure.
HIPAA Security Rule program setup — BAA management, PHI data mapping, policies, workforce training, and ongoing monitoring in Vanta.
Who it's for: Healthcare or health-adjacent startups handling PHI and selling to covered entities.
Framework mapping, gap assessment, and control implementation in Vanta for EU data protection and ISO 27001 certification paths.
Who it's for: Startups expanding into EU markets or customers requiring ISO 27001 attestation.
Key Vault migration, TLS configuration, diagnostic logging, network security, Entra ID MFA, and remediation aligned to Vanta automated tests.
Who it's for: Teams on Azure whose Vanta tests fail on infrastructure or identity controls.
Full Vanta setup — integrations (cloud, IdP, HR), policy library, control mapping, and team training for day-to-day compliance workflows.
Who it's for: Startups new to Vanta or switching frameworks and needing a clean baseline.
Monthly Vanta maintenance, new failing test remediation, vendor risk, pen test coordination, and keeping posture current between audits.
Who it's for: Post-audit teams that need fractional security support without a full-time hire.
A structured engagement model built for lean teams — clear phases, no open-ended consulting hours.
30 minutes to understand your frameworks, timeline, stack, and whether Vanta is already in place.
Review controls, Vanta test results, and Azure posture against your target framework(s).
Prioritized plan — what to fix first, what evidence to collect, and what can wait until after Type I.
Evidence packaged, policies approved, failing tests resolved, and your team prepared for the auditor or customer questionnaire.
Served as the only security practitioner at a HIPAA-regulated healthcare AI startup in Seattle — owning Vanta administration, control remediation, Azure hardening, and audit preparation end to end.
I'm a compliance and cloud security consultant based in Seattle. I help small healthcare and B2B SaaS companies implement Vanta and harden Azure for SOC 2, HIPAA, GDPR, and ISO 27001 readiness — as a single practitioner who owns both the GRC program and the technical remediation.
Most recently I served as the sole security lead for a 27-person healthcare AI startup through SOC 2 Type I and HIPAA audit preparation: Vanta setup, failing test remediation, risk register, vendor BAAs, and infrastructure fixes across 15+ Azure services.
Credentials
No. Only licensed CPA firms can issue SOC 2 reports. I get your team audit-ready — Vanta configured, controls implemented, evidence collected, and gaps remediated before you engage an auditor.
Vanta is the system of record for controls, tests, and evidence. I set up integrations, remediate failing automated tests, maintain policies and the risk register, and prepare your team for what auditors and customers will ask for.
Both. I handle GRC program work and hands-on Azure remediation — Key Vault, TLS, logging, identity, and vulnerability fixes — so you are not coordinating separate GRC and engineering vendors.
Primarily small startups, roughly 10–50 employees, often on Azure, preparing for a first SOC 2, HIPAA, GDPR, or ISO 27001 engagement or adding a framework in Vanta.
We start with a free 30-minute discovery call, then a scoped gap assessment. You receive a prioritized roadmap; implementation can be project-based or a monthly retainer depending on your timeline.
Tell me which frameworks you need — SOC 2, HIPAA, GDPR, or ISO 27001 — and where you are with Vanta and Azure. I will follow up to schedule a no-commitment gap conversation.