4. Security & Compliance

Specializes in ISO 27001/27002 implementation, ISMS design, and compliance for HealthTech and MedTech organizations.

ISO 13485 compliance specialist for medical device QMS implementation, documentation control, internal auditing, and certification activities.

Enforces multi-layer data validation across system boundaries to prevent failures from invalid data, making structural bugs impossible via layered security checks.

Provides strategic quality leadership and regulatory compliance oversight for HealthTech and MedTech quality systems, including governance and strategic planning.

Provides expert coaching for CISOs and security leaders on executive communication, security strategy, and translating technical risks for non-technical stakeholders.

Provides expert guidance on FDA regulatory pathways, QSR compliance, HIPAA evaluations, and cybersecurity for medical device companies to ensure regulatory submissions and compliance.

Provides ISO 14971-compliant risk management services for medical device lifecycle, covering analysis, evaluation, control, and documentation.

Manages regulatory documentation control, change management, and compliance verification for quality documentation systems.

Expert ISMS audit support for ISO 27001 compliance, security control testing, and certification preparation for internal and external audits.

Expert guidance for internal and external ISO 13485 quality management system audits, covering planning, execution, and corrective action verification.

Provides automated security review guardrails to enforce best practices and prevent vulnerabilities in AIRBot development.

Automates deletion of temporary, clinical, and log files to ensure HIPAA compliance and maintain privacy in healthcare operations.

Guides AI assistants through Gray Swan MITM CTF challenges using Playwright browser automation for AI agent interaction.

Automates MITM security challenge execution for healthcare, critical infrastructure, and WordPress vulnerabilities using Playwright and compliance frameworks.

Comprehensive guide for Gray Swan MITM challenges, covering defense bypass, AI agent profiling, and platform troubleshooting in security testing.

Enforces security and compliance policies on skill and agent manifests to ensure adherence to defined rules and standards.

Generates STRIDE-based threat models with automated threat analysis, CVSS risk scoring, and actionable mitigation recommendations for security assessment.

Executes AI security CTF challenges with research-grounded techniques for indirect prompt injection, jailbreaks, and agent exploitation across competition platforms.

Executes Gray Swan AI Arena CTF challenges involving indirect prompt injection and machine-in-the-middle attacks with optimized payloads and evidence collection.

Executes Wave 3 MITM attacks with updated strategies, accounting for AI defenses, WordPress container isolation, and platform stability in security simulations.

Generates optimized AI security test payloads (prompt injection, H-CoT, multi-layer) for CTF and security testing with automated success rate optimization.

Automates Indirect Prompt Injection (IPI) attacks on AI models in the Gray Swan AI Arena Wave 2, including payload execution, model profiling, and evidence collection.

Performs security testing on REST and GraphQL APIs to identify vulnerabilities including authentication bypass, authorization flaws, and injection attacks during penetration testing.

Analyzes source code for security and compliance violations using Kantra CLI, a unified tool for code analysis and transformation.