Available for new engagements

SOC 2 & HIPAA Compliance for Healthcare and B2B SaaS Startups

I help small startups get audit-ready without hiring a full-time security team — handling both the compliance frameworks and the technical infrastructure work.

Let's Talk → See My Work ↓
84→13
Vulnerabilities Resolved
15+
Azure Services Hardened
SOC 2+
HIPAA Audit Prepared
The Problem

The Gap Most Startups Fall Into

Most compliance consultants understand SOC 2 and HIPAA frameworks but can't do the hands-on technical work. Most cloud engineers can harden infrastructure but don't understand what auditors actually need.


I do both — simultaneously. That means faster engagements, lower cost, and no finger-pointing between your GRC consultant and your cloud team.

🔒
GRC + Technical SOC 2 framework knowledge combined with hands-on Azure hardening in one person
🏥
Healthcare Specialized HIPAA compliance, BAA management, and PHI-adjacent infrastructure experience
Vanta Native Administered Vanta through a complete SOC 2 Type I audit cycle from setup to evidence
What I Do

Services

📋
SOC 2 Readiness

End-to-end audit preparation including Vanta setup, automated test remediation, evidence collection, risk register, policy approvals, and auditor coordination.

🏥
HIPAA Compliance

Full HIPAA compliance program setup including BAA management, PHI data mapping, security policies, employee training, and ongoing monitoring.

☁️
Azure Security Hardening

Infrastructure security across Azure services — Key Vault migration, TLS configuration, diagnostic logging, network security, and Entra ID MFA policies.

🔧
Vanta Implementation

Full Vanta setup and configuration, integration with your existing stack, automated test remediation, and ongoing compliance dashboard management.

🔍
Security Audit & Gap Analysis

Comprehensive cloud security audit identifying critical findings — open ports, credential exposure, weak configurations, missing logging, and compliance gaps.

📅
Ongoing Retainer

Monthly Vanta maintenance, remediation of new failing tests, vendor risk management, pen test coordination, and keeping your compliance posture current.

Portfolio

Recent Work

SOC 2 Type I + HIPAA Audit Preparation
27-person healthcare AI startup · Seattle, WA · Azure infrastructure · Audit date: June 12, 2026
Completed

Served as the sole security person at a HIPAA-regulated healthcare AI startup, functioning as Security Lead through a full SOC 2 Type I and HIPAA audit preparation cycle using Vanta.

Administered Vanta from scratch through complete audit cycle
Reduced Dependabot vulnerabilities from 84 to 13
Hardened Azure infrastructure across 15+ services
Migrated plaintext credentials to Key Vault references
Closed open SSH port, upgraded TLS cipher suite
Coordinated third-party pen test with NYP
Managed risk register with 15+ risk scenarios
Built network diagram, managed vendor BAA tracking
Background

About Joseph Valenzuela

Security engineer and compliance consultant graduating from the University of Washington Bothell in June 2026 with a cybersecurity focus and a 3.7 GPA.


I specialize in helping small healthcare and B2B SaaS startups navigate SOC 2 and HIPAA compliance using Vanta on Azure infrastructure. Based in Seattle, WA.


Connect on LinkedIn →

Certifications

CompTIA Security+ (Active)
CompTIA Network+ (Active)
Google Cybersecurity Certificate
AZ-500 Azure Security Engineer (In Progress)
Get Started

Ready to Get Audit-Ready?

Let's talk about your SOC 2 or HIPAA compliance needs. I offer a free 30-minute gap assessment for new clients — no commitment required.

Email Me → LinkedIn ↗