A builder at heart and a strategist by discipline, blending technology, security, and real-world solutions to help organizations scale with confidence. Passionate about turning complex challenges into practical outcomes, with a focus on cybersecurity, technical systems, and emerging digital risks.

With a background rooted in both hands-on problem-solving and strategic advisory, every project is approached with a commitment to simplicity, effectiveness, and authenticity. Believer in building trust through transparency, and scaling impact without losing the human element.

Building Practical Solutions

Exploring technology, cybersecurity, and life with strategy, discipline, and transparency.

AI Employees Are Coming — Is Your Risk Program Ready?

The Future Isn’t Coming — It’s Already Here Several leading AI and research companies are actively exploring the deployment of AI-powered “employees” within enterprise environments. These aren’t your typical chatbots — they’re fully autonomous agents with persistent memory, role-based access, credentials, and the ability to perform tasks independently, often with system-level permissions. Now ask yourself: Is your risk program ready to onboard a non-human employee? Why This Matters for GRC Let’s cut through the hype and get real about what this means for Governance, Risk, and Compliance. ...

I Built My Own Blog from Scratch: Here's How (and Why)

Why I Decided to Build My Blog In an world where platforms like Substack, Medium, and LinkedIn dominate the content landscape, you might wonder—why bother coding your blog? For me, it came down to three things: Ownership: Full control over my content, design, and data Learning: Improving my coding skills, even starting simple Creative Freedom: No platform restrictions I wanted a clean, fast, no-bloat experience that I could fully control, learn, update, and evolve over time. Step 1: Choosing Hugo I chose Hugo, a popular static site generator, because: ...

ISO 27001 Sets the Foundation—But Why Stop There?

ISO 27001 Sets the Foundation—But Why Stop There? How the ISO 27000 family helps SaaS companies scale security and privacy beyond the basics If you’re running a SaaS company, you’ve already heard of ISO 27001. Maybe you’ve even implemented it. It’s a solid start—arguably the gold standard for building an Information Security Management System (ISMS). But here’s the thing: ISO 27001 is just the beginning. The ISO/IEC 27000 series is more than a single framework. It’s a family of standards, each designed to help you customize your security and privacy program to fit your specific risk environment. For SaaS companies operating in cloud-native environments, handling personal data, and facing a fast-moving regulatory landscape, flexibility matters. ...

Building AI Governance, Risk, and Security Frameworks for SaaS Companies: Where to Start

Building AI Governance, Risk, and Security Frameworks for SaaS Companies: Where to Start AI isn’t coming — it’s already reshaping how SaaS companies build products, operate internally, and interact with customers. But with this opportunity comes a real risk: if you don’t govern AI properly, you invite bias, regulatory trouble, and security failures into your business. Building a clear governance, risk, and security framework for AI is no longer optional — it’s essential. ...

PCI DSS: What It Is, Why It Matters, and How SaaS Companies Should Think About It

A Little History Before PCI DSS, every credit card company had its own security program. Visa had CISP, Mastercard had SDP, Amex had DSOP — and it was a mess. Merchants didn’t know which rules to follow. Security was inconsistent. Fraud was exploding. In 2004, Visa, Mastercard, Amex, Discover, and JCB finally came together and said: enough. They formed the PCI Security Standards Council (PCI SSC) and created one standard: PCI DSS — the Payment Card Industry Data Security Standard. ...