John Flack
System Engineer
High Point, NC
About Me
I'm at a strange intersection of legacy infrastructure, governance, risk, and practical assurance. My background is rooted in IBM i, AIX, infrastructure operations, change governance, disaster recovery, audit response, and regulated healthcare environments. Over time, that operational work has evolved into a broader focus on how organizations govern the systems they depend on but often do not fully understand.
My GRC interests center on the gap between frameworks and operating reality. I’m especially interested in legacy systems governance, cyber risk quantification, AI governance, cloud risk, modernization debt, and the practical evidence organizations need to make better decisions. I tend to approach GRC less as a documentation exercise and more as a way to create visibility, accountability, and decision support.
A lot of my current work is artifact-driven. I build and write around tools, models, explainers, and practical examples that connect control language to real-world systems. That includes cyber risk financial modeling, IBM i governance research, AI assurance concepts, and writing through the “i on GRC” series.
My big thing is helping make invisible infrastructure visible enough to govern. Whether the topic is legacy platforms, AI systems, cloud services, or risk quantification, I’m most interested in the point where governance stops being abstract and starts helping people understand what they own, what they depend on, and what decisions they need to make.
Experience Highlights
- IBM i, AIX, and infrastructure operations experience in regulated healthcare environments
- Practical experience with change governance, audit response, disaster recovery planning, and operational control evidence
- Focused on legacy systems governance, modernization risk, and accountability gaps in critical business systems
- Builder of GRC artifacts that connect risk analysis to operational and financial decision-making
- Active writer on governance, risk, legacy infrastructure, AI governance, and decision-grade assurance
- Experience translating technical platform constraints into governance, risk, and executive-facing language
- Interested in FAIR-style cyber risk quantification, AI assurance, cloud governance, and practical control mapping
- Board/member involvement in cybersecurity and cloud security professional communities
Get in Touch
LinkedIn DM is the best way to connect. I’m always interested in thoughtful conversations around GRC, legacy systems, IBM i, cyber risk quantification, AI governance, cloud security, auditability, and practical ways to make governance more decision-ready.
Specializations
Languages & Tools
Frameworks
Certifications
Projects
IMPACT! — Cyber Risk Financial Impact Model A browser-based risk modeling artifact that connects cyber risk scenarios to executive finance concepts such as EBITDA impact, recovery cost, debt service coverage, and operational loss exposure. Built to help move GRC conversations beyond heatmaps and into decision-grade analysis.
Inheritance is an interactive governance and risk simulation platform designed to explore complex decision-making in animal welfare systems. The simulator allows users to test how funding choices, policy interventions, enforcement strategies, and resource constraints influence real-world outcomes for non-human animals
The project was created as a companion artifact to the article “Audit-Ready Is Not Decision-Ready,” and is intended to demonstrate how governance work can move from risk display toward decision support. It is especially oriented toward legacy systems, IBM i / midrange environments, operational resilience, audit evidence, modernization risk, and cyber risk quantification practices.