53 Articles written
Lori Crooks
Lori Crooks is the Founder and CEO of Cadra, a woman-owned cybersecurity compliance firm dedicated to helping small and mid-sized businesses cut through the complexity of audits and regulations. With over two decades of experience in security assessments, policy development, and compliance strategy, Lori is known for translating dense frameworks like FedRAMP, NIST, HIPAA, and SOC into plain English—giving clients the clarity and confidence they need to move forward.
Before launching Cadra, Lori led security teams and compliance audits across industries, guiding organizations through ISO gap analyses, policy and procedure development, and third-party assessments. Today, she and her team bring that expertise to growing companies who need big-firm skill without the big-firm red tape.
Clients value Lori’s approachable style and steady leadership. Her ability to make complex requirements simple and actionable has helped dozens of organizations go from overwhelmed to audit-ready. Under her guidance, Cadra has become a trusted partner for businesses looking to build strong security foundations, reduce risk, and achieve compliance without the chaos.
When she’s not guiding clients through audits, Lori is passionate about building human-centered businesses that balance technical excellence with clarity, care, and a touch of humor.
Latest Articles
Avoiding the Most Common Mistakes in CMMC Compliance
Partner with Cadra to Confidently Achieve Cybersecurity Maturity Model Certification
Earning compliance with the Cybersecurity Maturity Model Certification (CMMC) is a crucial requirement for any...
Understanding FedRAMP: Everything You Need to Know About Federal Cloud Security
Navigating the maze of compliance and regulations is no easy task, especially for organizations in technology, healthcare, and finance. Among the many frameworks designed...
A Comprehensive Guide to Achieving FedRAMP Compliance
As more organizations transition to cloud-based systems, the protection and integrity of data have become critical priorities. For any company working with the U.S....
FedRAMP vs. NIST 800-53: Understanding the Key Differences in Cybersecurity Frameworks
In today’s complex cybersecurity landscape, choosing and implementing the right regulatory framework is crucial—especially for organizations working with the U.S. federal government. Among the...
Aligning Compliance Policies With Actual Practices
Writing compliance policies can feel like a tug-of-war between ideal frameworks and the reality of daily business operations. On one side, you have standards,...
How the New FedRAMP Vulnerability Detection and Response Standard (Effective 9/10/2025) Impacts You
TLDR Version:
FedRAMP has updated its minimum-security requirements for Vulnerability Detection and Response (VDR), bringing significant flexibility for Cloud Service Providers (CSPs) seeking FedRAMP Authorization....
Discover How Technical Writing Services Can Help Prevent Audit Failures
Mastering Compliance: How Cadra’s Technical Writing Services Deliver Accurate, Audit-Ready Documentation
In today’s demanding regulatory environment, maintaining compliance isn’t just a best practice—it’s a business...
The Top 5 Common Mistakes Companies Make in Compliance Audit Preparation (And How to Avoid Them)
Preparing for a compliance audit can feel like preparing your home for a visit from your in-laws—stressful, hurried, and filled with the nagging worry...
The FedRAMP Consultant You’ve Been Searching For
From Gap Assessment to Authorization: How Cadra Redefines the FedRAMP Consulting Experience
In a world where cybersecurity threats continue to evolve and federal regulations grow...
What’s an SSP for FedRAMP? Your No-Stress Guide to Getting It Right
If you’re diving into the world of FedRAMP (the Federal Risk and Authorization Management Program), chances are you’ve already encountered the daunting acronym: SSP.
The...
How to Prepare for a 3PAO Assessment (Without the Panic)
A straightforward guide to help you stay calm, organized, and audit-ready
If the words “3PAO assessment” make you break into a cold sweat, take a...
Mastering the Development of a Comprehensive Written Information Security Plan (WISP)
In today’s digital landscape, information security isn’t optional—it’s essential. As businesses increasingly depend on digital systems and interconnected networks, the potential for cyber threats...
