Field Notes

Writing

Searchable posts on AI governance, security, leadership, and platform engineering.

Featured

Jun 9, 2026 4 min

Your Security Program Is a Sales Asset. Start Treating It Like One.

Why provable security closes deals in regulated industries — and why the next budget conversation should lead with revenue, not fear.

May 5, 2026 6 min

AWS Cost Levers That Actually Moved the Needle

Cutting ~35% off a multi-region AWS footprint with no capability loss — the levers in the order they paid back, best first.

5/3/2026 6 min

The Eight-Domain Azure Security Review for Regulated Environments

An automated tool scores your Azure posture; an assessor walks your architecture. The eight domains I review, in the order an audit walks them, and the evidence each one has to produce.

Cloud SecurityAzureAuditCompliance

3/29/2026 3 min

The Audit Passed in March. Is It Still True?

Point-in-time certification is the floor, not the goal. The case for continuous assurance over annual audits.

ComplianceGRCAuditFintech

2/19/2026 3 min

How to Report Risk to People Who Don't Speak Security

Translating security for boards and investors — the three questions leadership actually asks, and how to answer them.

LeadershipRisk ManagementCommunicationBoard Reporting

1/27/2026 4 min

Security and DevOps Under One Roof: Why I Stopped Apologizing for It

The case for the dual mandate, and why org-chart distance doesn't create security.

DevOpsSecurityLeadershipOrg Design

1/14/2026 6 min

Capital Allocation Governance: The Framework Companies Build Too Late

Mid-market capital allocation is rarely a strategy — it's individual capex, M&A, and debt decisions made in isolation. The governance framework that makes it programmatic.

LeadershipGovernanceBoard ReportingRisk Management

8/25/2025 5 min

Board Reporting That Drives Decisions, Not Status Updates

The fifty-page board pre-read is the artifact most responsible for meetings that produce no decisions. Three sections fix it.

LeadershipBoard ReportingGovernanceCommunication

8/4/2025 7 min

The First 100 Days: A Post-Close Cyber Integration Playbook

The post-close decade is decided in the first 100 days. The eight cyber controls to ship by day 30, and the identity-sprawl audit every exit diligence will run.

SecurityM&ACloud SecurityLeadership

7/14/2025 6 min

Cloud FinOps for the Mid-Market: Where 25–40% of Spend Actually Hides

The press-release version of cloud savings cancels workloads and books compliance debt. The version that lasts is commitment management and SaaS rationalization.

FinOpsAWSAzureCloud Cost

Case Studies & Practice

Open Source