Risk & Compliance
ISO 27001 Lead Auditor work, SOC 2 evaluation, control mapping and audit readiness, translating framework requirements into decisions executives can act on.
Risk · Compliance · AI
I'm Shihan Suhail, an ISO 27001 Lead Auditor and Azure cloud security specialist. I write about the collision of governance, risk and compliance with the AI that is rapidly reshaping all three.
Shihan Suhail ISO 27001 Lead Auditor · Azure Cloud Security What I work on
The interesting problems live where audit rigour, cloud architecture, and machine intelligence overlap.
ISO 27001 Lead Auditor work, SOC 2 evaluation, control mapping and audit readiness, translating framework requirements into decisions executives can act on.
Azure landing zone assessments, policy as code, and security posture, hardening cloud estates against the gap between architecture intent and live configuration.
Where intelligent agents meet governance: continuous compliance validation, automated control mapping, and the new risks AI itself introduces.
Latest writing
The moment you put an AI chatbot in front of the public, people start trying to talk it into misbehaving. Here's a small Python guard that screens user input for the common prompt-injection tricks before it ever reaches the model…
Compliance regimes are starting to ask a hard question: what exactly did your AI do, and can you prove the record wasn't changed after the fact? Here's a small hash-chained audit log in Python that answers both…
The moment a colleague pastes real customer data into a public AI tool, you've made a data transfer you probably can't account for. Here's a small Python redaction gate that removes the personal data before the prompt ever leaves your systems…
Let's talk
I'm always happy to compare notes with peers building trustworthy systems.
Get in touch