Case studies
Governance you can click on. Public systems, a nine-figure federal program, and the evidence behind the numbers — not slideware.
Governed AI agent · public repository
Lliam-GOV
An agentic LLM assistant built for environments where autonomy has to stay accountable. The governance overlay sits in the runtime’s privileged paths, so every privileged action is mediated, logged, and constrained by explicit policy.
Seven enforced controls, each wired to real instrumentation: encryption at rest with managed keys, a hash-chained append-only audit log, a default-deny egress allowlist with TLS, a human-approval gate over the agent’s own self-modification, capability and principal isolation, CUI marking and handling, and auditor-ready evidence export (AEP). The full control set is crosswalked to ISO/IEC 42001 and the NIST AI RMF.
Honest lineage: derived from the MIT-licensed Hermes Agent (Nous Research); the contribution is the governance overlay and the evidence set around it. The attribution is documented, not buried.
Governed software factory · public template
DoW AI PM Builder Template
A provider-agnostic, single-repository template that instantiates a complete governed AI software factory — application source, governance records, decision logic, verification evidence, and agent identities living together with clear boundaries.
The operating model puts 15 accountable agents into a mandatory handoff chain, with a Security & Compliance Officer participating in every phase gate and 136 specialization packages across 10 domains, mapped to accountable owners through a 272-entry ownership map. CPMAI is the lifecycle backbone; ISO/IEC 42001 and the NIST AI RMF are baseline overlays. Generated projects start in Draft / Not Approved and cannot proceed to implementation until phase-gate evidence exists.
Notably, it refuses to infer product compliance or fabricate framework mappings — the intellectual honesty an auditor looks for, enforced in the tooling itself.
AI-lifecycle governance platform · live
Priora
Priora operationalizes the AI-lifecycle governance playbook as working software — CPMAI lifecycle gates, a risk register, a Statement of Applicability with mandatory justification, a SHA-256 evidence locker, AEP generation, and role-based access.
Built solo as a governed-repo exercise: signed commits, branch protection, and green CI from the first commit. The repository is the credential — governance-as-code at practitioner depth.
ISO/IEC 42001 · enterprise
ISO 42001 AI Management System implementation
Architecting and directing a corporate ISO/IEC 42001 AI Management System toward formal certification — scoping, Statement of Applicability, AI risk and impact assessment, and the evidence trail an auditor actually wants. Positions the organization as an early, secure mover for future federal and commercial contract capture.
Part of a broader compliance transformation: a unified Integrated Management System consolidating ISO 9001, ISO 27001, and CMMI Level 3 — which cut administrative compliance overhead by 30%.
DoD program leadership · the track record
Nine-figure federal portfolio
Principal governance and cybersecurity authority for a nine-figure DoD enterprise CRM and training modernization portfolio serving 400,000+ users. The work behind the credentials:
- 82% first-pass ATO across 22 enterprise authorization campaigns in 24 months — and a major aviation program authorized from zero compliance history in 7 months.
- Cleared a two-year cloud authorization backlog in under 90 days with an automated control-ownership schema.
- Remediated a formal Letter of Concern, preserving CPARS ratings and mitigating millions in contract risk on a distressed portfolio.