Insights
Practical writing on engineering, security, control, automation, and regulatory delivery.
Ideas shaped by real systems and real constraints
Mob Programming for One
Agents can generate useful material faster than an engineer can absorb it. This post uses mob programming as a model for structuring engineer-writer-reviewer loops that preserve understanding, …
Beyond the first submission: three governance failures that will break your DORA RoI in 2026
The 2025 Register of Information submission was a scramble for most organizations. In 2026, the biggest challenge many organizations still face is unresolved governance, driven by unclear ownership, …
Why your DORA Register of Information looks complete but fails regulatory validation
The Register of Information often looks complete during internal preparation but fails regulatory validation. This happens because the reporting templates do not enforce the underlying data model. …
The DORA Register of Information is a Data Problem, Not a Compliance Problem
The Register of Information is creating confusion across the industry. But the difficulty is not DORA itself. The EBA published a structured information model with entities, relationships, and …
Painless compliance, and a thousand audits a day. An engineering first approach
An audit is just a test plan we run once a year, by hand, with dozens of people. The same engineering principles that solved software testing can transform compliance. Instead of manual processes and …
What If We Applied the Self-Driving Car Levels to Security?
Knowing that automation is the future is one thing. Understanding how to do it is another. This insight explores how applying the SAE autonomous vehicle framework to security helps to create a clear …