REF-008 // Insights

Insights

Writing on GRC automation, cloud-native security, and building programs that actually work.

  • Your policies should be on Git

    Treating policy documents like code isn’t just a clever idea — it solves real problems that SharePoint, Confluence, and annual review cycles never will.

  • Why OSCAL changes everything about compliance automation

    Most compliance programs fail not because of bad intent but because the tooling is fundamentally mismatched to the problem. OSCAL is the first serious attempt to fix that at the format level.