AI Governance
AI Third-Party Risk: What Vendor Management Should Look Like in 2026
Questions to ask AI vendors, contract terms that matter for AI specifically, how AI complicates traditional vendor risk programs.
vCISO
Cybersecurity Reporting to the Board: What Directors Actually Need to See
What board reports should contain, common mistakes (too technical, too long, no business framing), and the metrics directors care about.
AI Governance
NIST AI Risk Management Framework: A Practical Walkthrough
The four functions (Govern, Map, Measure, Manage), how to apply the framework to a real organization, and why it's becoming the de facto AI governance standard.
HIPAA & AI
HIPAA and AI Tools: What Healthcare Leaders Are Getting Wrong
The risks executives don't see when deploying AI in healthcare. ChatGPT in clinical settings, AI scribes, ambient listening, and BAA gaps.
DoD & SLED
FedRAMP, Explained: What It Is, Who Needs It, How to Get It
FedRAMP impact levels, the authorization process, the cost and timeline, and the relationship to other federal frameworks.
DoD & SLED
DoD Contractor Cybersecurity: A Roadmap for Companies New to Defense Work
What new defense contractors need to understand: DFARS, CMMC, DIBNet, FedRAMP overlap, and where to start when entering DoD work.
AI Governance
10 Questions Every Executive Should Ask Before Deploying AI
Checklist-style article aimed at C-suite. Practical questions to bring to AI vendor pitches and internal AI proposals.
DoD & SLED
Supply Chain Security in the Defense Industrial Base: What Primes Expect From Subs
Flow-down requirements, how primes audit subs, the SBOM expectation, and what subcontractors need to prepare for.
Regulatory Compliance
What a Regulatory Compliance Program Actually Looks Like
The architecture of a real compliance program: governance, risk assessment, policies, controls, evidence, incident response. What good looks like.
AI Governance
What Is AI Governance? A Framework for Organizations Deploying AI
Definition, why it matters now, the relationship to data governance and compliance, and what an AI governance program actually contains.
CMMC
POA&Ms in CMMC: What They Are, What They Allow, and What They Don't
Plans of Action and Milestones in CMMC 2.0, when they're permitted, the specific controls eligible for POA&Ms, and time limits.
Privacy
CCPA vs CPRA: What Changed and What You Need to Do
The expansion from CCPA to CPRA, new rights for consumers, new obligations for businesses, and the California Privacy Protection Agency.