SS Shihan Suhail Risk · Compliance · AI

Risk · Compliance · AI

Building the systems that
keep enterprises trustworthy.

I'm Shihan Suhail, an ISO 27001 Lead Auditor and Azure cloud security specialist. I write about the collision of governance, risk and compliance with the AI that is rapidly reshaping all three.

Shihan Suhail Shihan Suhail ISO 27001 Lead Auditor · Azure Cloud Security
Read the writing About me ↗
ISO 27001 Lead Auditor
Azure Cloud Security
24 Articles published
GRC × AI Research focus

What I work on

Three intersecting disciplines

The interesting problems live where audit rigour, cloud architecture, and machine intelligence overlap.

01

Risk & Compliance

ISO 27001 Lead Auditor work, SOC 2 evaluation, control mapping and audit readiness, translating framework requirements into decisions executives can act on.

ISO 27001SOC 2GRC
02

Cloud Security

Azure landing zone assessments, policy as code, and security posture, hardening cloud estates against the gap between architecture intent and live configuration.

AzurePostureGovernance
03

AI in GRC

Where intelligent agents meet governance: continuous compliance validation, automated control mapping, and the new risks AI itself introduces.

AI AgentsAutomationAssurance

Latest writing

Field notes on GRC & AI

All articles →
01 · 5 min read

How I Built a Chatbot for wagah.lk on a Mac Mini

Customers kept asking the same handful of questions on WhatsApp. Is this in stock, how much is it, do you deliver to my town. So I built a chatbot for the store and ran the whole thing locally on a Mac Mini to keep the bill at zero…

AIChatbot
Read →
02 · 5 min read

Securing Your AI Chatbot With a Free Cloudflare Tunnel

After I put a chatbot on the store running off a Mac Mini at home, the obvious problem was how to let the website reach it without opening my home network to the world. A free Cloudflare Tunnel turned out to be the clean way to do it…

AISecurity
Read →
03 · 8 min read

Scanning Terraform Against Azure Policy at Build Time in Azure DevOps

Azure Policy stops noncompliant resources at deploy time. This shows how to catch the same violations earlier, in the Azure DevOps build, so a bad Terraform plan fails the pipeline instead of the deployment.

AzureSecurityGRC
Read →

Let's talk

Have a compliance, cloud security or AI governance problem?

I'm always happy to compare notes with peers building trustworthy systems.

Get in touch