No certs planned, but I鈥檓 always learning.
AI Governance, Infrastructure (constant evolution), and anything to simplify and automate evidence collection are my current focus.
I鈥檇 start by doing a gap analysis of the requirements of CPRA/CCPA. I鈥檇 wager it鈥檚 easier to solo that pair first before going full US Data Privacy via Vanta - Just my $0.02.
The multiple frameworks aspect is entirely based on how many automated controls exist within their add-on frameworks. NIST-based ones have historically been lacking in automated controls, but have improved recently.
