About

I help organisations prove they can be trusted.

I'm Shihan Suhail, an ISO 27001 Lead Auditor, Azure cloud security specialist, and IT compliance consultant. My work sits at the point where regulatory expectation meets real, running infrastructure: turning framework controls into evidence, and architecture diagrams into defensible security posture.

Over the last several years I've evaluated SOC 2 reports for vendor risk decisions, run Azure landing zone reviews, and built automation that takes the manual grind out of compliance. Lately my attention is on a single question: how do AI agents change the practice of governance, risk and compliance, and what new risks do they create in the process?

This site is where I think out loud about all of it. No vendor fluff, just field notes from the audit and cloud trenches.