Technology risk. Evidence. Resilience.
Built for regulated environments.
I publish practical notes and small artifacts you can reuse: validation patterns, evidence rules, and control engineering that survives scrutiny.
What I focus on
Three recurring themes I keep coming back to.
Control automation
Patterns for automating control execution and evidence capture across the stack, with clear ownership and audit trails.
Evidence engineering
How to move from “screenshots and spreadsheets” to repeatable evidence pipelines: sources → rules → exceptions → remediation.
GRC platform modernization
How to think about data model, workflows, and integrations so your GRC tool becomes a system of record—not a ticket graveyard.
Where this shows up
Start with the friction that creates repeat findings and “audit panic”.
SOX / ITGC continuous evidence
Automated evidence collection and exception reporting aligned to control owners and review cadence.
Third-party risk intake → monitoring
From onboarding questionnaires to continuous signal tracking and remediation workflows.
AI governance & GenAI controls
Policy-to-control mapping, model risk controls, and operational guardrails for enterprise AI usage.
Publishing
Two streams: writing for humans, scripts for builders.
Writings
Newest-first feed across Field Notes, Control Automation, and Labs. (Older entries may be undated until I add publication dates.)
- Establishing Effective Guardrails in Infrastructure as Code • 2026-01-17
- A Guide to Auditing Generative AI • Field Notes
- AI in IT Audits: Speed Demon or Silent Threat? • Field Notes
- Continuous Auditing: A Game-Changer for IT Audits? • Field Notes
- Open Banking Risks: Balancing Innovation and Security in a Global Ecosystem • Field Notes
Python Encounters
Small, opinionated utilities with a clear use-case. Source stays on GitHub.
- Technology / Engineering
- Email header analyzer
- MD5 integrity tool
- NetMon quick network monitor
- FinTech Encounters
- FinTech stream (index) • growing
- Full script catalog on GitHub
Explore by section
Start with a stream that matches your work. Each section cross-links back to the running Writings feed.
Field Notes
Opinionated notes built for audit defensibility and clarity.
Control Automation
Guardrails, control engineering, evidence rules, and repeatable patterns.
Labs
Experiments, frameworks, and build logs that may evolve quickly.
GRCTech
GRC-flavoured tooling, automation, and scripts that serve assurance.
SecOPs
Security operations patterns: detection, response, and operational hygiene.
DevOPs
Delivery guardrails, CI/CD control points, and practical developer ergonomics.
AuditOPs
Running an audit / validation function with evidence that scales.
UserTech
Practical tools and workflows for everyday power users.
FinTech
Finance-flavoured risk, controls, and systems thinking.