[ hackidle.com ]

hackIDLE

Engineering-minded tooling for cloud GRC.

grclanker.com myctrl.tools
application: Daytona Startup Grid founder: Ethan Troy contact: et@hackidle.com
01 // THE PROBLEM

GRC is stuck in the screenshot era.

01

Manual evidence

Auditors copy AWS console screenshots into spreadsheets. Cloud changes hourly. Evidence is stale before the PDF saves.

02

Frozen frameworks

FedRAMP, FISMA, CMMC controls live in Word documents. Mapping them to live infrastructure is a human-hours problem nobody wants to solve.

03

Annual theater

Organizations chase point-in-time reports for an audit window. The other 360 days the posture is unknown.

// Federal contractors spend 6 figures per year on assessments that capture a single moment in time.

02 // THE STACK

Two products. One opinionated stack.

KNOWLEDGE LAYER
myctrl.tools
myctrl.tools ↗

Searchable controls reference across NIST 800-53, FedRAMP, ISO 27001, CMMC, HIPAA, DORA, AU ISM, and more.

  • Cross-framework crosswalks and mappings
  • Authenticated /api/v1 for programmatic access
  • AI view builder for natural-language queries
  • Technology guidance with verification commands
EXECUTION LAYER
GRC Clanker
grclanker.com ↗

CLI agent that runs scans, collects evidence, and drafts artifacts against live cloud environments.

  • Prowler-driven scans across AWS, GCP, Azure
  • Pulls control data live from myctrl.tools API
  • Generates OSCAL artifacts and SSP narratives
  • Continuous posture, not annual snapshots

// myctrl.tools defines what to check. GRC Clanker actually checks it.

03 // GRC CLANKER

A CLI agent that does the audit work.

~/grclanker — fish
$ grclanker scan --framework fedramp-high
→ spinning up sandbox (87ms)
→ running prowler against aws-prod-1234
→ collected 412 evidence artifacts
→ mapped to 318 nist 800-53 controls
→ drafted oscal ssp section 13.1
ready in 11.4s. review queue: 6 findings.
SCAN

Prowler-driven cloud security scans across AWS, GCP, and Azure

MAP

Findings to NIST 800-53, FedRAMP, CMMC, ISO 27001 controls

GENERATE

OSCAL artifacts, SSP narratives, and POA&M entries from evidence

WATCH

Continuous posture instead of annual snapshots

04 // WHY DAYTONA

Agent-driven GRC needs real isolation.

Every scan executes AI-generated commands and security tooling against customer cloud accounts. Federal buyers will not accept a shared Lambda or a long-lived container. They want ephemeral, auditable, per-job runtimes that disappear when the work is done.

<90ms
sandbox spin-up
per scan job
1:1
ephemeral runtime
per customer scope
0
long-lived state
between customers

// Daytona is the only sandbox primitive that matches the security posture our buyers require.

05 // WHO IS BUILDING THIS

Built by the auditor who got tired of auditing.

Ethan Troy

Founder, hackIDLE
  • Former Principal at Fortreum, a FedRAMP-accredited 3PAO
  • Led FedRAMP, FISMA, DoD IL4-5, and CMMC assessments
  • GCP Subject Matter Expert. CISSP, CISA, GCP PCSE
  • Spoke on a FedRAMP panel with Amazon and Paramify
  • Led successful FedRAMP 20x assessments

EARLY TRACTION

myctrl.tools
live controls reference, 10+ frameworks, /api/v1 shipped
AWS Labs
merged contribution to the OSCAL MCP server
anticheckbox Tour
events in Dallas, Houston, San Diego summer 2026
3PAO network
warm pilots queued from former assessment clients
06 // HOW WE USE THE CREDITS

$10K unlocks the beta. $50K unlocks scale.

PHASE 1 // $10K

Closed beta with 3-5 design partners

  • Per-customer ephemeral sandboxes for Prowler scans
  • Multi-cloud reach: AWS, GCP, Azure scopes
  • Evidence collection runs scheduled daily, not annually
  • Hardened isolation story for federal buyer conversations
PHASE 2 // UP TO $50K

Scale to paying federal contractors

  • Continuous monitoring across customer fleets
  • Parallel scan jobs for FedRAMP package authoring
  • Snapshot retention for audit trail and 3PAO review
  • Public posture badges generated from live runs

// Credits remove the compute line item gating pilots with 3PAOs and federal contractors.

07 // LET'S BUILD

Let's run
the scan.

hackIDLE + Daytona = continuous compliance for the cloud era.

Ethan Troy

Founder, hackIDLE

grclanker.com // myctrl.tools
github.com/ethanolivertroy