Enterprise Security,written from inside the work.
Notes on cyber risk, governance, and the gap between strategy and reality.
About
I'm an enterprise security practitioner working in-house at a global organization. My day-to-day sits at the intersection of risk, governance, and the operational reality of running security at scale.
I write here about what most enterprise security writing misses: the gap between what's reported in board decks and what actually happens at the access list, the architecture review, the audit response. My focus is enterprise risk and cyber strategy — specifically, the structural patterns that make security programs succeed or quietly fail.
The goal of this writing isn't to teach fundamentals or chase trends. It's to surface the operational truths that the senior people in this industry already half-know but rarely see articulated. If that's useful to you, you're in the right place.
What I write about
Enterprise risk
How risk actually moves through a large organization — from the dashboard, to the audit committee, to the team that has to act on it. Where the wires get crossed and what that costs.
Cyber strategy
The structural choices that determine whether a security program produces real outcomes or just well-formatted reports. What separates a strategy from a slide.
Writing
New pieces on enterprise risk and cyber strategy published regularly.
Follow on LinkedIn for the latest — longer pieces appear here.
Follow on LinkedIn →