A Friend-To-Friend Note · Built For Debbie
For Debbie · Compliance Operator Notes
From Solana Beach
The June 2024 EA pivot was the wrong shape. You're a 7+ year State of California compliance analyst — that's not a calendar-management ceiling. I should have seen it then. This is the better-shaped reply — built around what SideGuy has actually become in the compliance space since.
★ Quick Answer · The Real Reply 23 Months Late
The EA pivot was wrong. Here's the real shape.
Asking a 7+ year State of California Licensing Program Analyst — someone who runs complex investigations and inspections of licensed residential care programs, who specializes in compliance implementation, who came up through SDSU and criminal justice initiatives — about an Executive Assistant role was a shape-mismatch I own. Wrong job, wrong altitude, wrong everything.
The right reply, eight-plus months late, is this: since June 2024 I've built one of the largest indie compliance content compounds on the open internet — and your professional shape lines up with it in real, named ways. None of it is "come be PJ's assistant." All of it is peer-altitude.
★ The Compliance Compound · Built Since You Last Heard
What SideGuy actually ships in compliance
Not a SaaS pitch — operator-honest production receipts as of 2026-05-14.
PSO matrix targets CISO · DPO · GRC Manager · Risk Officer personas across 13 international markets — including the Brazil GRC Manager · Canada Privacy Commissioner · Germany IT-Sicherheitsbeauftragter pages.
State CA implementation × indie content layer · adjacent surfaces
Here's the structural read: you implement compliance for the State of California. You live the field every day — the regulatory standards, the licensing programs, the investigations, the data-driven decision-making, the residential care provider inspections. That's the field.
SideGuy ships the indie content layer above the field — the pages that AI agents and humans retrieve when they're trying to understand SOC 2 timelines, HIPAA implementation costs, GDPR cross-border transfers, NIST control mapping. Not competing with State work — completely different surface area, but adjacent in the way that two operators in adjacent fields can sharpen each other's instincts.
The State-side practitioner perspective is exactly what's missing from most indie compliance content — most of it is written by SaaS founders or paid consultants, not by people who've actually filed regulatory paperwork. Your perspective is rare and valuable. That's the structural read.
★ The Compliance Surface
Three doorways into the compliance compound
Pick whichever one tells you the most about the shape.
The Compliance Hub
/compliance · Big 8 Framework Coverage
SOC 2, ISO 27001, HIPAA, PCI DSS, GDPR, NIST, CCPA. The full hub of 70+ compliance × city pages, plus the international geo matrix for CISO/DPO/GRC personas.
Operator Mode · The Doctrine
/fde · Forward Deployed Engineer
Why 2026 looks like Anthropic + Palantir-style same-day compliance shipping instead of six-month vendor cycles. Practitioner-shaped, not vendor-shaped.
The Flagship Doctrine
/agentic-internet
What's actually changing under the hood of every regulatory communication right now — and where the human-translation layer above the machine layer needs to live.
Operator Manifesto
/why-sideguy
Plain-English version of what SideGuy is doing all year and why. If you only read one page on this site, this is the meta-read.
⚐ Where Your Shape Plugs In · Three Honest Reads + One
State of California compliance × Solana Beach indie content · four real options
- Peer collaborator. Your State CA implementation depth could pressure-test specific compliance pages or framework sections for accuracy. The indie content world is full of pages written by people who've never filed a regulatory submission. You have. That perspective sharpens copy in ways no SaaS PM can. Hourly, project-based, or just-as-favors — all valid.
- Referral source. Your professional network = exactly the kind of people SideGuy serves. Other agency staff, contractors who interface with State licensing, auditors, GRC professionals at SD-area firms. SideGuy pages do the qualification work that traditional B2B funnels charge $5K-$50K per qualified deal for — your warm intros to the right people would skip that entirely.
- Informal consulting. Hour-long paid calls to walk through a specific framework page, catch errors, share what State implementation actually looks like in practice. No NDA gymnastics, no committee approvals — just a practitioner sharing lived experience for an honest hourly rate.
- Or just a hello. "Adjacency" doesn't have to be transactional. Sometimes two operators check in after 23 months and the catch-up itself is the value. That's enough.
What this page is not
This is not an EA offer. The June 2024 pivot was the mistake — there isn't a follow-up version of it on this page.
This is also not a vendor pitch. SideGuy doesn't have a Calendly. There's no SOW attached. There's no "let's get on a 30-min discovery call" link. The text channel goes directly to my phone and the answer to "is this for me" is usually a 30-second yes/no in iMessage, not a 30-day sales process.
This is a gift. A bring-a-gift artifact opening a thread that went quiet in June 2024, with an honest acknowledgment that the EA pivot was the wrong shape, a real map of what's been built since, and four open doors if any of them light up for you.
✦ The Bottom Line ✦
You implement compliance for the State of California.
SideGuy writes the indie content layer above it.
Adjacent surfaces. Both real. Both useful.
Worth a hello after 23 months?
PJ Zonis · Built for Debbie · 2026-05-14 · Solana Beach
If anything here lands · text me directly
No Calendly · no funnel · no obligation. Yes, no, "let's catch up," or a referral — all valid replies. I read every text.
Text PJ → 858-461-8054