Workshop
Vibe-Coded to Compliant
A 90-minute working session for AI builders moving from prototype to enterprise, covering the documentation, governance posture, and control mapping required before security review.
Aysha DavisSpring 2026
Field Notes & Insights
Writing from the field.
Working references, workshop materials, and field notes from HFI founders on federal GRC, AI governance, and the practice of operating under scrutiny.
More From The Field
Field Note
What "Continuous Monitoring" Actually Means
A practitioner read on NIST SP 800-37 Step 7, and why most organizations treat ConMon as a quarterly task instead of an operating posture.
Aysha DavisForthcoming
Field Note
The GRC Workforce Pipeline We Keep Skipping
Why federal GRC is bleeding mid-career talent, and what a real apprenticeship pipeline from community college through a cleared role would actually look like.
Bruce FortForthcoming
Reference
Reading NIST SP 800-37 Rev 2 as a Practitioner
A working annotation of the Risk Management Framework: what each step is really asking you to produce, and where the document is silent on practice.
Bruce FortForthcoming
Field Note
When AI Governance Meets FedRAMP
Notes from the seam between emerging AI governance frameworks and existing federal authorization processes, and how to write a control implementation statement that does not pretend the tension is resolved.
Aysha DavisForthcoming
Editorial Note
Field Notes is the founders' working desk, not a marketing channel.
New notes go up when the work makes them necessary. If a topic here is relevant to your environment, the fastest path to a conversation is the contact form.
Bring a practitioner to your problem.
If a note here touches an environment you operate in, HFI's founders can be engaged directly.