About
A risk practitioner for the AI era.
For twenty-five years I have worked at the intersection of cybersecurity, enterprise risk, and emerging technology — building security programs, leading teams through breaches, and translating technical risk into terms boards and executives could act on.
My work today focuses on what comes next: artificial intelligence as a class of risk that boards have not yet learned to oversee, and that most enterprises are deploying faster than their governance can keep up with. The same discipline that built the modern security function — structured frameworks, clear lines of accountability, ongoing measurement — is what AI governance needs now. The clock is the EU AI Act, fully operational in August 2026, and a wave of national legislation behind it.
I write here for a specific audience: board directors, senior executives, and the technology leaders who advise them. The pieces are longer than a LinkedIn post and shorter than a consulting deliverable — built to give a busy reader the framing they need before their next governance review.
Alongside the writing, I host Promise & Risk of AI, a YouTube channel applying the same balanced framework in long-form video. Every episode covers both the genuine benefits of an AI capability and the real risks attached to it — because no honest assessment leaves either out.
Areas of focus
AI Governance
Translating frameworks like the NIST AI Risk Management Framework and the EU AI Act into oversight structures boards can actually run — from charter updates and committee design to the dashboards that keep AI risk visible between meetings.
Cybersecurity Strategy
Twenty-five years of practitioner experience across enterprise security programs, vendor evaluation, and breach response. The core question I keep coming back to: where does the technical risk meet the fiduciary duty, and is the board seeing both sides clearly?
Enterprise AI Adoption
The integration paradox — the gap between what AI can do in a demo and what it does in a production environment with legacy systems, real workflows, and human oversight. Most enterprise AI failures are governance failures, not capability failures.
Board & Advisory
I work selectively with boards and senior leadership teams on AI governance design, security committee formation, and the literacy that directors need to ask better questions. If your committee meets next quarter and AI is on the agenda, that is the right time to be in touch.