AI Governance · Risk · Compliance

Builds the systems. Governs the systems. Defends the evidence.

The rare operator at the intersection of DoD program execution, ISO/IEC 42001 & 27001 audit leadership, and hands-on GenAI engineering. I don’t just write the AI policy — I ship the governance software that enforces it and the evidence trail that survives the audit.

See the proof ◆ Verify on Credly Résumé

Fellow — Management Systems Auditing ISO 42001 Lead Auditor ISO 27001 Lead Auditor ISO 27701 Lead Auditor PMI-CPMAI CompTIA SecurityX

Track record, in numbers

82% first-pass ATO rate across 22 authorization campaigns

9-figure DoD CRM & training portfolio under governance authority

90 days to clear a 2-year cloud authorization backlog

30% cut in compliance overhead via a unified management system

400K+ users on the federal portfolio he stabilized

3 public governance-grade systems — open the repos, not slideware

Why the bridge is rare

Most AI-governance candidates can do one of these. The value is in holding all three at once — and having the federal program scars to know what a control actually costs.

Builds

The systems

Hands-on GenAI and agentic engineering — governed multi-agent frameworks, a live governance platform, and a software factory. Practitioner depth, not vendor slideware.

Governs

The systems

ISO/IEC 42001 / 27001 / 27701 Lead Auditor directing a corporate AIMS toward certification. Translates EU AI Act, NIST AI RMF, and RMF mandates into executable controls.

Defends

The evidence

22 ATO campaigns, an 82% first-pass rate, and a nine-figure DoD portfolio briefed to the C-suite. Governance that holds up when an auditor — or a federal sponsor — pushes back.

The proof stack

Working systems you can open and inspect — public repositories, a live platform, and a published playbook. The credential is the artifact, not the claim.

Governed AI agent · public repo

Lliam-GOV

An agentic LLM assistant where autonomy stays accountable. Seven enforced controls — encryption at rest, a hash-chained append-only audit log, default-deny egress allowlist, a human-approval gate on self-modification, capability isolation, CUI handling, and auditor-ready evidence export — each crosswalked to ISO/IEC 42001 and the NIST AI RMF.

ISO 42001NIST AI RMFGovernance-as-codeAudit evidence

Read the control matrix →

Governed software factory · public template

DoW AI PM Builder

A single-repo template that instantiates a governed AI software factory: 15 accountable agents with a Security & Compliance Officer in every phase gate, 136 specialization packages across 10 domains tied to a 272-entry ownership map, and CPMAI / ISO 42001 / NIST AI RMF baked into the operating model. It refuses to fabricate compliance mappings — governance discipline enforced by construction.

CPMAIISO 42001NIST AI RMFCMMC 2.0FedRAMP

View the template →

AI-lifecycle governance platform · live demo

Priora

Turns passive policy into software-enforced control: CPMAI phase gates, a live risk register, a Statement of Applicability with mandatory justification, a SHA-256 evidence locker, and AEP generation. Built in a governed repo — signed commits, branch protection, green CI from the first commit.

Statement of ApplicabilityRisk registerEvidence integrity

Open the live demo →

Authored playbook · 2025

The Decisions That Come Before Scale

The AI-lifecycle governance playbook — the decisions teams must make before they scale AI in regulated environments. Grounded in CPMAI, ISO/IEC 42001, NIST AI RMF, and DoD frameworks. Written first; then made executable in Priora.

Thought leadershipRegulated environmentsAI lifecycle

Download free →

Full case studies

Read the thinking the software is built on.

The Decisions That Come Before Scale

Download the playbook Start a conversation