1
2
3
4
Customer Security Intake
Submit a customer or prospect security request
Why this process?
Trust Portal answers the majority of security questions automatically...
Production
Customer Security Intake
Fully automated security request intake system, from GTM to Linear to Wolfia. 14 systems integrated, zero manual steps. Reduced time spent on customer security questionnaires by 90%+.
→ 90%+ time reduction on questionnaires
Next.js
Cloud Run
Linear
Wolfia
IAP
View case study →
TPRM
Dashboard
Vendors
Total Vendors
162
Critical
48
Pending
55
Non-Critical
59
VENDOR
DECISION
PII
INTEGRATION
AuthProvider Co
Critical
DataViz Platform
Not Critical
LLM Provider
Critical
Monitoring SaaS
Pending
Production
TPRM | Third-Party Risk Management
Automated vendor risk platform that syncs with procurement (Ramp) and project tracking (Linear). Tracks 162 vendors with automated risk evaluation, daily syncs, and Slack alerts.
→ 162 vendors, 100% audit coverage
FastAPI
React
Cloud Run
Ramp API
Linear
View case study →
company-grc-security-policies
Private
Name
Last commit
.github/workflows
Update sync workflow
access-control-policy.md
Annual policy review
acceptable-use-policy.md
Clarify BYOD section
asset-management-policy.md
Add cloud asset tagging
data-classification-policy.md
Initial commit
incident-response-policy.md
Update escalation path
✓
Production
Security Policies as Code
22 security policies managed as markdown in GitHub with automated publishing to Notion via GitHub Actions. Every change is version-controlled, peer-reviewed, and audit-ready.
→ 22 policies, 0 manual publishing steps
Markdown
GitHub Actions
Notion API
Claude
View case study →
Vulnerability Management Update
Posted to #engineering
Weekly Status
Critical: 2
High: 8
Medium: 14
Low: 6
SLA Compliance: 96%
Fixes since last report: 5
Exceptions: 3 active, 1 approaching
Kudos: Platform Team (3 fixes), Auth Team (2 fixes)
Production
Vulnerability Management Operations
Automated the operational layer behind a vulnerability management program: weekly reporting, metrics reconstruction, triage routing from code ownership, exception tracking, and program hygiene. Built entirely through Claude Cowork, not a standalone application.
→ Full program automation, zero manual reporting
Claude Cowork
Linear
Slack
Aikido
View case study →
Production
Automated Evidence Collection
Self-service SOC 2 evidence collection through GCP and GitHub integrations with Anecdotes. Achieved 100% evidence coverage and 80% auditor acceptance of automated evidence.
→ 80% compliance effort reduction
GCP
GitHub
Anecdotes
Python
Shipped
Vendor Risk Tiering System
Risk-based vendor tiering workflows in Sudozi. Cut vendor security review SLA from 8 days to 2 business days with 100% review coverage for all in-scope vendors.
→ 8-day SLA → 2-day SLA
Sudozi
Risk Tiering
Workflow Design
Shipped
City-Scale Risk Management Engine
Built the City of San Francisco's cybersecurity risk management program using FAIR methodology. Guided 55 departments through risk assessments, gap analysis, and treatment plans.
→ 55 departments, 2,000 vendors assessed
FAIR
LogicGate
CAIQ-Lite
SecurityScorecard