Articles

Field notes from the audit room.

Practical writing on information security, GRC and digital transformation. New essays land monthly. In the meantime, you can read longer pieces on Medium.

Read on Medium

ISO 27001Coming soon

Six years, zero non-conformities: what a real ISO 27001 programme looks like

Most ISMS programmes survive certification and quietly rot. Here's the operating cadence we used to make ISO 27001 a living system, not a binder.

Coming soon

Essential EightComing soon

Essential Eight ML3 without burning the house down

A practical path from ML1 to ML3 that respects existing tooling, change capacity and the people who have to live with the controls.

Coming soon

Zero TrustComing soon

Zero Trust for organisations that aren't Google

An identity-first reference architecture for mid-market and government-regulated providers running hybrid Microsoft estates.

Coming soon

TransformationComing soon

The low-code dividend: how we replaced shadow IT with a governed Quality Portal

How embedding Quality Management principles into a low-code portal eliminated manual processing and cut operational cost by 30%.

Coming soon