🎯 Who it's for:

• Solo security practitioners and startup CISOs who need structure without enterprise complexity

• Small teams standing up their first compliance program

• Security professionals who want their operational tools to match their storytelling methodology

• Enterprise GRC teams looking to gamify internal processes

⚔️ What's inside:

• A fully interactive Coda-based dungeon dashboard

• Over 40 pre-built core and side quests tagged by Control Area, Framework, and Role Class

• Support for SOC 2, ISO 27001, NIST CSF, and CIS

• Progress bars, XP tracking, and role-based assignments (like Policy Mages, IAM Rangers, and Audit Bards)

• A lore-driven onboarding experience with dungeon levels, story progression, and visual theming

Why I Built This

I built The Compliance Dungeon after watching too many teams struggle to make compliance programs stick.

The frameworks were solid. The controls were correct. The trackers were… technically fine.

But nobody remembered them. Nobody enjoyed using them. And most programs stalled the moment things got busy.

This project started as an experiment.

What if compliance felt more like a system you explore instead of a checklist you survive? What if storytelling could help teams understand where they are, what comes next, and why it matters?

The Compliance Dungeon is my answer to those questions.

What This Shows About How I Think

This project reflects how I approach security work:

• I design systems that bridge strategy and execution

• I care deeply about adoption, not just correctness

• I use storytelling as a tool for teaching and change

• I build frameworks that help teams move from theory to practice

It is part toolkit, part experiment, and part proof that security does not have to be boring to be effective.

Explore the Dungeon

Want to see what compliance looks like as a quest instead of a chore?