About

The Lateral Movement is a blog about the parts of information security and GRC that don't make it into the framework documentation.

Written by a CISM with hands-on experience building and running security programs. The focus is compliance automation, AI tools, risk management, and the gap between how this work is supposed to go and how it actually goes.

Longer posts cover tools, comparisons, and decision frameworks. Shorter posts are takes on current events and industry news. Both are written for practitioners, not beginners.