Skip to main content

Alexander
North

Founder | Cybersecurity Professional | AI-Assisted Development & Governance

0
PROJECTS
0
CERTS
0
MILESTONES
0
HOURS

ABOUT

Alexander North

Solo founder and cybersecurity practitioner. My path has moved through different environments, but the constant has been building systems and understanding how they work. I design software and tools to solve real problems, then refine them through direct use. LabList started as a personal solution for tracking hands-on work and continues to evolve through that process.

I build web applications, think in systems, and treat security as foundational rather than optional. I enjoy analyzing risk and evaluating mitigations across supply chain, architecture, third-party trust boundaries, and the governance frameworks that hold them together. I'm targeting roles in GRC, AI governance, and compliance where this thinking compounds.

Always building. Always learning. Always improving.

BACKGROUND

2026Founder — Dynamiq Learning LLC | LabList.io — Built secure SaaS apps. Designed IAM, session controls, input validation, and secure third-party API data handling to meet secure coding standards.
2023Water Treatment Operator — City of Dunedin — Operated SCADA and physical equipment to meet strict water quality regulations. Ran lab tests, monitored system data, and fixed equipment to prevent downtime.
2019Water Treatment Operator — Charleston Water System — Managed chemical treatment following EPA and OSHA rules. Analyzed water samples, prepared operations reports, and trained new hires on plant safety.
2017Sergeant (E-5) — United States Marine Corps — NCO managing operational risk and personnel compliance for 3rd LAR Battalion. Audited training programs and held an active Secret security clearance.

PROJECTS

TGF — The Governance Framework for AI-Assisted Development

A Claude Code plugin that turns senior DevSecOps judgment into enforceable rules grounded in primary sources. Every rule cites a sub-rule identifier from OWASP ASVS, NIST, ISO, MITRE, or an RFC. Built for developers using AI heavily who want their work to actually meet industry standards by default.

Claude Code plugin platformHooks for enforcementMarkdown language for skillsJSONGitOWASP ASVSNIST SP 800-39NIST SP 800-53+6 more

05/04/2026ongoing

CERTS

Linux Essentials

Linux Professional Institute (LPI)

Credential ID

Hidden

Status

● Active

Issued

12/21/2025

Skills
LinuxLinux AdministrationCommand LineFile PermissionsUser and Group ManagementLinux Security

ACTIVITY LOG

DEValexlearnstech313/tgf — 31 commits

Audit skills/code-quality/ — WS4 Target 14 (Build Step 5, Commit 16/22) — closes Build Step 5; Audit skills/discovery/ — WS4 Target 11 (Build Step 4, Commit 13/22) — closes Build Step 4; Audit skills/project-management/ — WS4 Target 10 (Build Step 4, Commit 12/22)

View full writeup →
Type

dev

Duration

4h

WRITEUPWhen the vibes are high, but the guardrails are low.

My view: AI will be largely responsible for the bulk of code going forward. I’ll defend that in a minute, but I should disclose something first. I’m not a software engineer. I have experience in languages like Python and SQL from classes I’ve taken, but fingers to keyboard coding isn’t my bread and butter. My domain is security, and software engineering itself isn’t my desired goal. I respect the work software engineers do and I commend their skills. That being said, I do see a shift happening....

View full writeup →
Type

writeup

Duration

DEValexlearnstech313/tgf — 8 commits

Audit skills/security-input-validation/ — WS4 Target 4 (Build Step 3, Commit 6/22) — closes Build Step 3; Amend CLAUDE.md §2 with communication discipline + file research-security hook bug; Audit skills/security-output-encoding/ — WS4 Target 3 (Build Step 3, Commit 5/22)

View full writeup →
Type

dev

Duration

6h

DEValexlearnstech313/tgf — 11 commits

Operationalize security-auditor agent + coordinate boundary discipline (WS3 Build Step 3, Commit 4/6); Operationalize red-team agent + apply smoke-test refinements (WS3 Build Step 4, Commit 5/6); Freshen status docs to reflect Phase 6 pause + framework-hardening progress

View full writeup →
Type

dev

Duration

DEValexlearnstech313/tgf — 4 commits

Add Workstream 2 plan for WORKFLOW-V2 methodology grounding; Update planning docs to reflect Workstream 1 completion; Register 12 framework sources for WORKFLOW-V2 research

View full writeup →
Type

dev

Duration

DEValexlearnstech313/tgf — 4 commits

Workstream 1: research-security infrastructure (M1-M19 enforcement); Skills/security-output-encoding/; Skills/security-error-handling/

View full writeup →
Type

dev

Duration

DEValexlearnstech313/tgf — 4 commits

Phase 6 Checkpoint 1 cleared — all four decisions resolved; Phase 6 plan drafted: docs/phase-6-plan.md (awaiting Checkpoint 1); Skills/security-input-validation/

View full writeup →
Type

dev

Duration

DEValexlearnstech313/tgf — 8 commits

Phase 5 plan amendment: add UI-CRAFT skill (Decision F); Closeout — CLAUDE.md/ROADMAP/CHANGELOG updates + session log; Skills/disagreement/ (SKILL.md + rules.md + anti-patterns.md)

View full writeup →
Type

dev

Duration

DEValexlearnstech313/tgf — 10 commits

Phase 5 Checkpoint 1 cleared — all five decisions resolved; Phase 5 plan drafted: docs/phase-5-plan.md (awaiting Checkpoint 1); DEC-2026-05-20-010: Disable security-guidance plugin hook for TGF

View full writeup →
Type

dev

Duration

PROJECTTGF — The Governance Framework for AI-Assisted Development

A Claude Code plugin that turns senior DevSecOps judgment into enforceable rules grounded in primary sources. Every rule cites a sub-rule identifier from OWASP ASVS, NIST, ISO, MITRE, or an RFC. Built for developers using AI heavily who want their work to actually meet industry standards by default.

Claude Code plugin platformHooks for enforcementMarkdown language for skillsJSONGitOWASP ASVSNIST SP 800-39NIST SP 800-53NIST SP 800-63NIST SP 800-218NIST Cybersecurity Framework 2.0ISO/IEC 27002MITRE ATT&CKMITRE ATLAS
View full writeup →

CONTRIBUTIONS

JanFebMarAprMayJunJulAugSepOctNovDec
Certs
DEV
Writeups