David Wolf · Project Use Case
AI SECURITY · PRODUCT SECURITY · CORNERSTONE ONDEMAND
Cornerstone OnDemand
Cornerstone FedRAMP Moderate ATO Security Controls
A control-architecture and evidence-readiness effort translating FedRAMP Moderate requirements into policy, standards, technical controls, operational...
Supported Cornerstone's FedRAMP Moderate authorization effort by helping turn formal control requirements into security policies, standards, guidelines, technical-control architecture, ownership models, procedures, and evidence...
Client
Cornerstone OnDemand
Engagement Type
Full-Time or role-based contribution; exact title and dates should be confirmed from resume/Profile source
Period
Career Role; exact dates should be confirmed
Role
Security / Product Security / Compliance Engineering Contributor
Focus Areas
FedRAMP Moderate ATO, Control Evidence, NIST 800-53, Security Policy
The Research Narrative
Strategic Problem
The challenge was traceability. A requirement must map to a control. A control must map to an owner. An owner must operate a procedure. The procedure must produce evidence. The evidence must support...
What David Did
David contributed to policy, standards, guidelines, technical-control architecture, and evidence-readiness work. The emphasis was on making security documentation operationally useful and...
What Became Clearer
The project created practical experience in building controls that survive assessment. That same lesson now applies directly to AI governance: controls must be real, owned, testable,...
Consulting Proof
This is evidence of turning messy security telemetry into explainable dashboards, alert-quality improvements, and executive-ready operating views.
The Context
FedRAMP Moderate authorization requires a working control system, not a binder of policy language. Policies, standards, procedures, architecture, monitoring, ownership, and evidence have to describe the same reality.
The Challenge
The challenge was traceability. A requirement must map to a control. A control must map to an owner. An owner must operate a procedure. The procedure must produce evidence. The evidence must support assessment and continuous monitoring.
What I Did
David contributed to policy, standards, guidelines, technical-control architecture, and evidence-readiness work. The emphasis was on making security documentation operationally useful and audit-supporting.
- •Translated FedRAMP Moderate and NIST 800-53-style control expectations into practical security and engineering requirements
- •Defined or contributed to security policies, standards, guidelines, and procedural documents that aligned with real system behavior
- •Helped architect technical control patterns for identity and access management, logging, monitoring, vulnerability management, configuration management, change control, and secure operations
- •Connected control statements to evidence expectations so teams understood what proof would be needed during assessment and ongoing monitoring
- •Supported traceability between formal requirements, policy language, technical implementation, operational procedures, and audit artifacts
- •Helped reduce the gap between compliance documentation and engineering reality by making standards actionable
- •Worked from a control-evidence mindset: every major claim should be supported by repeatable procedures, system artifacts, review records, or telemetry
- •Supported cross-functional alignment across security, engineering, operations, compliance, audit-facing teams, and leadership stakeholders
The Outcome
The project created practical experience in building controls that survive assessment. That same lesson now applies directly to AI governance: controls must be real, owned, testable, evidenced, and reviewable.
Research Outcomes
Signal Quality
Improved the trustworthiness of operational security signals
Operational Clarity
Translated complex security data into clearer operating views
Stakeholder Visibility
Made technical risk and status easier to explain
Operational Impact
Turned raw telemetry into actionable security intelligence
Capabilities Demonstrated
Security Analytics
Signal investigation and event analysis
IAM / Access Control
Identity telemetry and access insights
Public-Safe Evidence
Shareable insights without sensitive data
SIEM Alert Debugging
Noise reduction and signal validation
Dashboard Development
Operational and executive views
Executive Reporting
Security data translated for leadership
Telemetry Normalization
Consistent and trusted data
Operational Reporting
Actionable views for security operations
Key Deliverables
- •FedRAMP Moderate control evidence support
- •Security policy documentation
- •Security standards documentation
- •Security guideline documentation
- •Control implementation guidance
- •Technical-control architecture support
- •Policy-to-control traceability model
- •Control evidence expectations
Tools & Technologies
Consulting Translation
The reusable pattern is not Disney-specific: normalize fragmented security telemetry, debug low-signal alert behavior, build trusted operating views, and give leadership evidence they can act on without exposing sensitive systems.