James leads cloud security and compliance engineering at Wolk Inc, helping SaaS companies and regulated enterprises build security programs that satisfy auditors without making engineering teams miserable. He joined in 2024 after a decade in cloud security, SIEM engineering, and compliance program delivery for financial services and healthcare clients.

His work centres on the intersection of infrastructure security and compliance frameworks — implementing the technical controls that SOC 2, HIPAA, ISO 27001, and Cyber Essentials require as concrete Terraform, IAM policy, and audit logging configurations rather than policy documents. He is particularly focused on helping security-naive engineering organisations get to audit-readiness without slowing product delivery.

He writes about what actually determines whether a compliance programme passes or fails: the gap between what auditors ask for and what engineering teams understand as the requirement. His articles are structured to be actionable for a CTO who needs to make technical decisions under compliance pressure, not just reassuring for one who wants to feel compliant.