🏰 Welcome to The Compliance Dungeon
The GRC tracker that speaks your language - organize your compliance program with the same storytelling approach that transforms boring presentations into executive epics.
A fantasy-themed, Coda-powered compliance tracker for GRC practitioners, security teams, and startup warriors who believe work should have meaning and story. Why track compliance like everyone else when you can turn it into an adventure?
🎯 Who it's for:
Solo security practitioners and startup CISOs who need structure without enterprise complexity
Small teams standing up their first compliance program
Security professionals who want their operational tools to match their storytelling methodology
Enterprise GRC teams looking to gamify internal processes
⚔️ What's inside:
A fully interactive Coda-based dungeon dashboard
Over 40 pre-built core and side quests tagged by Control Area, Framework, and Role Class
Support for SOC 2, ISO 27001, NIST CSF, and CIS
Progress bars, XP tracking, and role-based assignments (like Policy Mages, IAM Rangers, and Audit Bards)
A lore-driven onboarding experience with dungeon levels, story progression, and visual theming
Why I Built This
I built The Compliance Dungeon after watching too many teams struggle to make compliance programs stick.
The frameworks were solid. The controls were correct. The trackers were… technically fine.
But nobody remembered them. Nobody enjoyed using them. And most programs stalled the moment things got busy.
This project started as an experiment.
What if compliance felt more like a system you explore instead of a checklist you survive? What if storytelling could help teams understand where they are, what comes next, and why it matters?
The Compliance Dungeon is my answer to those questions.
What This Shows About How I Think
This project reflects how I approach security work:
I design systems that bridge strategy and execution
I care deeply about adoption, not just correctness
I use storytelling as a tool for teaching and change
I build frameworks that help teams move from theory to practice
It is part toolkit, part experiment, and part proof that security does not have to be boring to be effective.
Explore the Dungeon
Want to see what compliance looks like as a quest instead of a chore?