Phishable is a project that logs misconfigured DNS that can be exploited to conduct phishing attacks & spoof domains. Phishable helps orgs investigate phishing campaigns, gauge third-party risk & mitigate these risks. All orgs on the list are exposed to higher risk of threat actors gaining initial entry to their org, supply chain, and customers.

Enterprise AI Third Party Risk Management Platform with 100+ API endpoints, 4 AI Agents, 12 Compliance Frameworks including SOC 2, NIST, ISO 27001, DORA and SIG. Reduces vendor assessment time from 8 hours to 15 minutes.

Simple CLI script to assist GRC analysts with risk ranking vendors.

Professional Governance, Risk & Compliance Portfolio

GRC project analysing risks of AI-driven compliance automation and false assurance in third-party risk management (SOC 2 / ISO 27001)

A comprehensive third-party risk management framework for a global media streaming platform. Focuses on vendor classification, content security, intellectual property protection, and compliance monitoring, delivering risk maps, due diligence checklists, and strategic recommendations

Vendor-agnostic pattern for automating vendor risk governance and translating reassessment cadence into executive oversight.

Transforming vendor risk management post-breach: from failed checklists to evidence-based assurance.

Practical playbook for Third-Party Risk Management in healthcare environments.

Conducted a proactive DPIA for a Nigerian fintech, identifying high-risk gaps in cross-border transfers and consent management.

Bitsight Security Ratings for Splunk App provides prebuilt dashboards, modular input collection, lookup-backed enrichment, workflow actions, setup pages, alert actions, additional functionality that is not found in the BitSight Security Ratings UI and documentation views for BitSight data in Splunk.

A structured framework for assessing third-party vendor risk, with model contract clauses.

Third-party vendor risk assessment template with questionnaire, scoring rubric, risk categories, and remediation tracking. For supply chain security and compliance programs.

Enterprise GRC lab for a fictional financial services company, aligned to NIST CSF and ISO 27001.

Minimum-viable vendor risk intake workflow + evidence pack

DORA Art. 28/30 Contract Management — 10 MCP tools for clause checking, CIF analysis, exit readiness

CRAG — Cognitive Resilience and Automated Governance. An AI-powered third-party vendor risk monitoring prototype featuring real-time risk scoring, automated alerts, and a comprehensive audit log.

Risk-based third-party cybersecurity risk management (GRC-focused)

TPRM portfolio focused on US privacy & cloud vendor risk: minimization, retention/deletion, DSAR readiness, subprocessors, evidence-backed decisions.

Auto-generate, distribute, and score vendor risk assessment questionnaires based on vendor service type, data access level, geography, and regulatory exposure.