NIS2 Compliance for IT Service Providers: The Practical Checklist
A 47-item operational checklist mapping Article 21 risk-management measures, the 24-hour incident-reporting clock, supply-chain obligations, and board-level personal accountability under NIS2 — for the IT service providers caught in scope.
The 2026 Cloud Posture Audit: 12 Misconfigurations We Find in Every AWS Account
A field-tested audit checklist of the 12 findings present in 9 out of 10 AWS account audits — IAM, networking, logging, KMS, SCPs, and the contextual misconfigurations CSPM tools still miss in 2026.
Self-Hosted LLMs for Regulated Industries: A Deployment Guide
vLLM, TGI, Ollama, llama.cpp compared. GPU sizing tables you can defend. Quantization trade-offs. Hosting choices for EU sovereignty. The operational stack that separates a self-hosted LLM from a self-hosted incident.
ISO 27001 Certification Journey: What Nobody Tells You About the Audit
What three completed ISO 27001 certifications taught us about the real timeline, the scope decision, the Annex A controls that trip up first-time projects, what auditors actually do during Stage 1 and Stage 2, and the post-certification operating cost nobody budgets.
DORA Compliance for Financial Services: An IT Consultant's Field Guide
The practitioner field guide to DORA for financial services: five pillars, the 4-hour incident clock, Article 28 third-party requirements, the control function obligation, and the cost reality from three real implementations.