May 2, 2026
What an FDA auditor actually sees when they look at your security controls
When the auditor opens the change-control log, they're not looking for what you did. They're looking for what you didn't document.
Insights
Writing on vCISO practice, regulated-industry security leadership, and audit readiness.
Recent posts
May 2, 2026
The first 90 days: what a vCISO actually does in a regulated environment
Most fractional CISO content is written for SaaS startups. Regulated environments work differently — the cadence is the audit cycle, not the sprint.