Building a GRC Agent with the Claude Agent SDK
··59 mins
Build a GRC assessment agent with the Claude Agent SDK that analyzes SSPs against NIST 800-53, FedRAMP, CMMC, and EU AI Act, generates POA&M entries, and converts documents to OSCAL format.
- /
- Posts/
Posts
5 articles
Writing about GRC engineering, compliance automation, cloud security, and building tools at the intersection of security and software engineering.
Build an AI Agent from Scratch (No Frameworks)
·14 mins
An AI agent is just an LLM in a loop with some tools. Let me prove it by building one from scratch — raw HTTP, zero dependencies.
You Can Standardize Principles, Not Methodologies.
·4 mins
Standardized consulting playbooks break down in real-world GRC engineering. Principles scale; implementation methodology depends on context.
The Browser Session Gap Is Still Security's Biggest Blind Spot
··5 mins
Trusted browser processes and encrypted traffic let session-layer attacks evade endpoint controls. This post breaks down token theft, syncjacking, and AI-agent risks, with practical defenses using passkeys, ITDR, and session-aware monitoring.
