About Mayhem Shield
Buyer-side assurance for enterprise AI: documented findings, evidence requests, and gate-level conditions, without reselling or implementing the product under review.
What Mayhem Shield does
Assess whether controls hold for your deployment: data paths, identities, integrations, workflows, and go-live conditions, documented for approvers.
- Architecture-led review, not vendor marketing checklist exercises
- Evidence-based control findings and remediation priorities
- One assurance model across AI deployment categories
- Buyer-side independence with explicit approval criteria
Independence policy
If independence is in doubt, the assessment has no value. We do not combine those roles for one tool in one engagement.
In practice: if we were paid by a vendor to prepare materials for a tool, we will not run a buyer-side review of that tool for an enterprise client, and the reverse. Vendor-side relationships are disclosed before engagement; a current list of affected tools is maintained.
Leadership team
More than twenty years in enterprise security architecture and engineering, with emphasis on cloud, identity, and AI-related governance. Co-chairs GenAI architectural review boards in large enterprise settings and routinely reviews AI solution designs from vendors, internal teams, and integrators. That enterprise review cadence informed how Mayhem Shield defines scoping, control outcomes, and evidence for client engagements. Background spans Zero Trust and identity architecture, cloud security, and AI security governance across regulated industries.
More than twenty years leading technology services delivery, client relationships, and commercial operations for government and enterprise organizations: chief executive of an IT and cybersecurity services firm in the Washington, DC region, with depth in managed services, cloud operations, and enterprise account management. At Mayhem Shield she runs proposals and delivery coordination so technical scope, procurement timelines, and engagement handoffs stay aligned for enterprise buyers.
More than twenty years in cybersecurity operations, vulnerability management, and cloud security, including public-sector environments: SIEM operations, incident response support, risk assessment, and control validation. On engagements he contributes technical delivery: architecture review, stakeholder interviews, control-gap analysis, and evidence review, with emphasis on how controls behave in live operation, not only as written.
Proof points
Why the model is grounded in enterprise work
- Review experience: The framework reflects structured assurance work in large enterprise environments, not a paper-only exercise.
- Architecture depth: Technical leads have assessed AI solution designs from vendors, internal teams, and integrators in live governance contexts.
- Structured coverage: 84 structured control-gap categories spanning identity through integration security, informed by NIST AI RMF, NIST CSF 2.0, ISO 42001, and OWASP LLM/GenAI guidance; applicability depends on deployment pattern.
- Inspectable methodology: Mayhem Shield Framework for independent review.Repository: github.com/shumba-ux/mayhem-shield-framework
Deliverables
What a review produces
Documented, defensible material for approvers, scope-dependent:
- Architecture and data-flow views with trust boundaries
- Findings tracker: current vs. required state, severity, evidence per review area
- Remediation roadmap with owners and dates
- Written go/no-go with conditions at POC, pilot, production
Next step: a short discovery call
We use it to confirm deployment fit, outline review scope, and match you to the right packaged offer. No engagement starts until you decide to proceed.