About Gruntworks Technology

Gruntworks Technology helps B2B SaaS companies prepare for SOC 2 by focusing on the parts of security programs that actually determine whether they pass audit.

Many teams don’t struggle because they lack frameworks.
They struggle because those frameworks don’t translate into day-to-day operations.

Controls exist, but ownership is unclear. Documentation is in place, but it drifts.
Exceptions pile up, and risk decisions lose clarity over time.

We focus on fixing those gaps early so programs hold up under real conditions, and not just during an audit.

How we work

Security and compliance should work in practice, not just on paper.

Gruntworks focuses on:

  • Exception management

  • Audit readiness

  • Operational GRC execution

The goal is not just to pass audits.
It’s to build programs that continue to work after the audit is over.

Background

Gruntworks is led by a CISSP, CISA, and CISM-certified practitioner with hands-on experience across enterprise environments, startups, and regulated industries.

This includes environments where security programs had to function under pressure—not just meet requirements.

That experience drives a practical approach:

  • Focus on what works

  • Remove what doesn’t

  • Align programs with how the business actually operates

The Gruntworks Way

  • Integrity First
    Clear, direct guidance. No unnecessary complexity.

  • Service-Driven
    Founded by a service-disabled veteran, with a focus on responsibility and follow-through.

  • Practicality Over Theory
    Frameworks matter, but only if they work in real environments.

  • Partnership
    Work alongside your team to solve problems, not just point them out.

  • Founder & Principal Consultant

    Glenn is an information security and GRC practitioner focused on making security programs work in real environments, not just on paper.

    He has worked across Fortune 500 companies, startups, and higher education, with a focus on exception management, audit readiness, and operational GRC. Much of his work centers on the areas where programs break down: backlog growth, unclear ownership, and documentation that doesn’t hold up under scrutiny.

    Glenn holds CISSP, CISM, and CISA certifications and has over 15 years of experience in IT and cybersecurity. After serving in the Army, he founded Gruntworks Technology to bring practical, experience-driven security guidance to organizations that need it.

    He is also the author of The GRC Exception Handbook, a practical guide to building and maintaining effective exception management programs.

  • Senior Consultant

    Dylan has a background in security operations, compliance, and identity management, with expertise in strengthening cloud and endpoint environments. He has supported organizations across healthcare, retail, and enterprise technology by implementing IAM controls, administering platforms like Wiz Cloud Security and JumpCloud, and driving compliance initiatives including ISO 27001, SOC 2, and HITRUST. Dylan leads security reviews, manages cloud security operations, and partners with stakeholders to safeguard sensitive data through a business-minded, results driven approach.

  • Senior Consultant

    Ryan is a seasoned information security and privacy expert with extensive experience in fast-paced environments. Ryan is nearing the defense of his dissertation and looking to complete his PhD in Cybersecurity Leadership in 2026!