Legal
This page covers all publications and services operated by GRC Path LLC, including this personal site, the FloodTheNetwork newsletters, and GRC Path consulting services.
These properties are operated by GRC Path LLC, a Maryland limited liability company. Our primary contact for privacy matters is contact@francellflood.com.
Information you provide:
Information collected automatically:
We do not sell your data. We do not share it with advertisers or third-party marketers.
We work with trusted third-party service providers to operate our services. These providers may process your data on our behalf and include:
All providers are contractually required to handle your data in accordance with applicable privacy law. We do not share your data with providers beyond what is necessary to deliver the service you requested.
If you are located in the EU or Germany, you have the following rights regarding your personal data:
To exercise any of these rights, email contact@francellflood.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.
Our websites use cookies for basic functionality, analytics, and subscriber form behavior. You may disable cookies in your browser settings at any time. Disabling cookies will not prevent you from receiving emails you have already subscribed to, but may affect site functionality.
We retain subscriber data for as long as your subscription is active. If you unsubscribe, your email address is removed from active send lists. You may request full deletion at any time. Payment records are retained as required by applicable tax law (typically 7 years).
Our services are intended for adults. We do not knowingly collect data from anyone under the age of 16. If you believe a minor has subscribed, please contact us immediately for removal.
We may update this Privacy Policy at any time. Active subscribers will be notified by email before material changes take effect. The "Last updated" date at the top of this page reflects the most recent revision.
The FloodTheNetwork newsletters are published by GRC-PATH. Contact: intel@floodthenetwork.com.
SOFA CyberJobs and Security & LEO Jobs are weekly email digests that aggregate publicly listed job postings relevant to SOFA-eligible US citizens in Germany and the broader EUCOM theater. Job listings are sourced from public career portals, defense contractor websites, and USAJobs.
These newsletters are not a staffing agency, recruiting firm, or employment service. We do not represent any employer, negotiate on your behalf, or guarantee the accuracy or availability of any listed position.
Job postings are verified for availability at the time of newsletter generation. Positions may be filled, removed, or altered after publication. We are not responsible for the accuracy, completeness, or continued availability of any job listing. Always verify directly with the employer before applying.
Free tier: Subscribers receive a weekly digest of curated job picks at no cost. You may unsubscribe at any time via the link in any email.
Premium tier ($9.99/month): Premium subscribers receive the full weekly job database, organized by clearance level and location, with optional preference filtering. Subscriptions renew monthly and may be cancelled at any time. Refunds are not provided for partial billing periods.
By subscribing, you provide your email address and optionally your first name. This information is used solely to deliver the newsletter you requested. Premium subscriber preferences are stored securely and are never shared with third parties. See the Privacy Policy above for full details.
All newsletter content, including job curation, editorial summaries, and SOFA eligibility classifications, is the intellectual property of GRCPATH. You may share individual listings with colleagues or your JAG office for personal use. You may not republish, resell, or redistribute the newsletter content without written consent.
The newsletters are provided "as is." We make no warranties regarding the suitability of any listed position for your specific situation, clearance eligibility, SOFA status, or employment outcome.
To the fullest extent permitted by law, FloodTheNetwork shall not be liable for any direct, indirect, or consequential damages arising from your reliance on any job listing, editorial classification, or content in the newsletter. Our total liability for any claim shall not exceed the amount you paid us in the preceding 30 days.
These terms are governed by the laws of the State of Maryland, United States. Nothing in these terms limits rights you may hold under German or EU consumer protection law.
GRC PATH Threat Intel ("the Brief") is published by GRC Path LLC, a Maryland limited liability company. Contact: contact@francellflood.com.
The Brief is a curated weekly summary of publicly disclosed cybersecurity vulnerabilities, written in plain English for small business owners and non-technical decision-makers. It is not professional cybersecurity consulting, legal advice, or I.T. services.
Each item is rated with one of three urgency labels — Patch Now, Patch Soon, or Watch — based on publicly available exploitation data and editorial judgment. These ratings reflect general risk levels and may not reflect your organization's specific infrastructure, configuration, or exposure.
Subscribing to the Brief does not create a consulting, advisory, or professional services relationship between you and GRC Path LLC. Any action you take based on Brief content — including patching, configuration changes, or I.T. decisions — is taken at your own discretion and risk. We recommend engaging a qualified I.T. professional or managed service provider to implement any recommended actions.
We make every effort to ensure the Brief is accurate at the time of publication. Cybersecurity information changes rapidly. We do not guarantee that any advisory, patch, or rating reflects the current state of a vulnerability after the issue date. Verify information with your I.T. team or the original vendor advisory before taking action.
The Brief operates on a free opt-in basis. By subscribing, you agree to receive a weekly email from GRC Path LLC. You may unsubscribe at any time via the link in any issue. If paid tiers are introduced, separate pricing terms will be presented at the time of purchase.
All Brief content — including summaries, urgency ratings, editorial framing, and formatting — is the intellectual property of GRC Path LLC. You may share individual items with your I.T. team, MSP, or insurance broker for operational purposes. You may not republish, sell, or redistribute the Brief in whole or in part without written consent.
The Brief is provided "as is" without warranties of any kind, express or implied. GRC Path LLC disclaims all warranties including merchantability, fitness for a particular purpose, accuracy, and non-infringement.
To the fullest extent permitted by applicable law, GRC Path LLC shall not be liable for any damages — direct, indirect, incidental, consequential, or punitive — arising from your reliance on any information in the Brief, including any failure to patch a vulnerability or any breach, data loss, or operational disruption resulting from delayed or omitted action. Our total liability for any claim shall not exceed the amount you paid us in the preceding 30 days.
These terms are governed by the laws of the State of Maryland, United States. Any dispute shall be resolved in the courts of Maryland.
We may revise these terms at any time. Active subscribers will be notified by email before material changes take effect.
GRC Path consulting services are provided by GRC Path LLC, a Maryland limited liability company. Francell Flood is the principal consultant. Contact: contact@francellflood.com.
GRC Path LLC provides cybersecurity consulting, governance, risk, and compliance (GRC) advisory services, and educational products to small businesses and organizations. Specific scope, deliverables, timeline, and fees for any engagement are defined in a separate written agreement or statement of work provided prior to commencement.
Cybersecurity consulting advice is provided based on information available at the time of the engagement. GRC Path LLC does not guarantee that implementing any recommendation will prevent a data breach, satisfy a regulatory requirement, or achieve any specific security outcome. You remain responsible for your organization's security posture and compliance obligations.
Consulting fees are agreed upon in writing before work begins. Book and digital product sales are processed through a third-party payment processor. We do not store payment card details. All sales of digital products and completed consulting engagements are final. Refund requests for products that have not been delivered should be directed to contact@francellflood.com.
Any client information shared during a consulting engagement is treated as confidential and will not be disclosed to third parties except as required by law or as necessary to deliver the agreed services. Specific confidentiality obligations may be formalized in a non-disclosure agreement at client request.
All deliverables, frameworks, templates, and written materials produced by GRC Path LLC during an engagement remain the intellectual property of GRC Path LLC until full payment is received, at which point they are licensed to the client for internal business use. You may not resell, sublicense, or redistribute GRC Path deliverables without written consent.
Services and products are provided "as is." GRC Path LLC makes no representations or warranties, express or implied, regarding fitness for a particular regulatory requirement, standard, or compliance framework.
To the fullest extent permitted by applicable law, GRC Path LLC shall not be liable for any indirect, incidental, or consequential damages arising from any consulting engagement or product sale. Our total liability for any claim arising from a consulting engagement shall not exceed the total fees paid by you for the specific engagement giving rise to the claim.
These terms are governed by the laws of the State of Maryland, United States. Any dispute shall be resolved in the courts of Maryland. Nothing in these terms limits rights you may hold under applicable EU or German consumer protection law.
For privacy requests, data deletion, or questions about any of the terms above, use the appropriate contact below.