These are long pieces that I've written for this website.

on strategic risk management

Strategic risk management is a hard subject to grasp. These are the matters so big it's a problem even understanding where to start when you're in the day-to-day.

third-party risk

This guide on third party risk was written towards controlling a range of risks can possibly arise from the outsourcing of core functions.

risk, opportunity, and the service organization

How to get a technology service organization through a SOC-2 audit with a minimum pain and with maximum gain. This goes beyond the how-tos of information security and good governance and explains the competitive advantages that a company will invariably experience when it can consistently excel.


I had formerly written a number of these pieces for an older website,

a non-profit risk management process manual


Non-profits require processes monitoring the enterprise for loss, including missed opportunity. I have written a manual for doing so that avoids common pitfalls in risk management.