Writings
Newest-first feed across Field Notes, Control Automation, and Labs — plus quick links to each section overview.
Explore sections
Prefer to start broad? Pick a stream and work forward.
Field Notes
Writing that stays close to evidence and real control problems.
Control Automation
Guardrails, testable requirements, and control-as-code patterns.
Labs
Experiments, playbooks, and builder-friendly working notes.
GRCTech
GRC technology patterns, platforms, and operating models.
SecOPs
Security operations: detection, response, and measurable outcomes.
DevOPs
Delivery + reliability: pipelines, environments, and safe change.
AuditOPs
Audit operations: evidence, QA, and scalable assurance.
UserTech
Personal tech systems that support focus and execution.
FinTech
Markets, systems thinking, and risk-first finance notes.
Python Encounters
Scripts and patterns for builders.
Establishing Effective Guardrails in Infrastructure as Code
Securing, scaling, and complying with cloud automation using preventative, detective, and corrective guardrails.
A Guide to Auditing Generative AI
The rise of generative AI has turned every office chat into a potential Black Swan for risk-aware auditors. Tools like Microsoft Copilot, Power Platform LLM agents, ChatGPT Enterprise or Google’s Gemini can supercharge…
Continuous Auditing: A Game-Changer for IT Audits?
I remember when IT audits felt like looking at a snapshot of the past—by the time we assessed the data, the risks had already evolved, and businesses had moved on to a different risk landscape. It always felt like we…
The Quantum Apocalypse: Is Your Data Safe From Tomorrow's Computers?
Imagine a world where your most sensitive data—your medical records, financial information, even state secrets—are suddenly vulnerable. Not to hackers of today, but to a technological leap so profound it renders our…
IT Audit Landscape: Navigating the Digital Horizon
I'll be honest, I did not anticipate Copilot to write such an apt detailing of the technology audit process. Keep in mind that I've had my fair share of technology audit experience, and I can certainly see this as a…
AI in IT Audits: Speed Demon or Silent Threat?
The integration of artificial intelligence (AI) into IT audits promises increased efficiency and comprehensive data analysis. However, the critical question remains: does this pursuit of speed jeopardize the accuracy…
State-Sponsored Cyber Espionage
The interconnected nature of our world presents unprecedented risks, with governments increasingly accused of leveraging cyber espionage against global banking systems. This silent war threatens not only financial data…
RTAPULSE PromptOps Manual
A starting map for prompt engineering as auditable practice.
The Invisible Threat: How Third-Party Vendors Could Be Your Achilles Heel
In today's interconnected banking ecosystem, third-party vendors play a pivotal role in delivering seamless services. However, this reliance introduces significant risks that, if left unaddressed, could compromise the…
Open Banking Risks: Balancing Innovation and Security in a Global Ecosystem
The Dual-Edged Sword of Open Banking: Balancing Innovation with Risk Management Imagine walking into a store where you don’t need to pull out your wallet—your bank, phone, and merchant are all seamlessly connected,…
Risk Awareness and Residual Risk: What Actually Matters
Residual Risk: Understanding, identification and measurement: Understanding: Residual risk refers to risk exposure of an organization after considering the existing control environment. Residual risk is measured with…
Collaborate
If you have a correction, a counterexample, or a build idea, pick the channel that fits:
Please avoid confidential or client-identifying material.