I’m a technology risk manager at a bank in Kuwait, working across non-financial risk — technology risk, cyber governance, third-party risk, and operational resilience — inside a CBK-regulated environment. Frameworks I live in day to day include COBIT, ISO 27001, NIST, SR 11-7, and the Three Lines of Defence.

This site is two things: a place to write down what I’m thinking about in risk and governance, and a shelf for the things I build on the side.

If you want to reach me, email is best.