// CURIOUS OPERATOR — SECURITY · SYSTEMS · SIDE-QUESTS

Security. Systems.
Side-quests.

I'm Ashley — a security practitioner and founder who writes about what he's actually doing. No hype. Working shown.

// FEATURED

THOUGHT LEADERSHIP · CYBER

You Don't Need a GRC Platform to Get ISO 27001 Certified

Every man and his dog has a GRC tool these days. But the platform won't do ISO 27001 for you — and if you already live in Atlassian, Jira and Confluence done well will get you further than a shiny box you'll abandon by month nine.

8 min read · May 2026

// THE LANES — one operator, many obsessionsAll topics →

🔒

Security, ISO 27001 & vCISO

The advisory core — ISMS, audits, risk, governance.

15 posts

🚀

Founder & Business

The journey — MSP growth, entrepreneurship, building.

3 posts

🖥

Systems Engineering & Administration

20 years of infrastructure, how I run things.

40+ posts

🤖

AI & Automation

The cyber guy automates X — AI, scripting, IaC, APIs.

—

💰

Money & Side Hustles

Crypto, products, property, the trading bot.

3 posts

🏎

Motorsport & Sim Racing

F1, iRacing, GT3 — the rigs and the cars.

7 posts

🏁

Career

Breaking in, certs, growth — the craft.

5 posts

🧪

Curiosities

The off-beat — Cold War, cooking, travel, homebrew.

6 posts

// LATEST WRITINGBrowse all →

You Don’t Need a GRC Platform to Get ISO 27001 Certified

May 28, 2026

Every man and his dog has a GRC tool these days. But the platform won’t do ISO 27001 for you — and if you already live in Atlassian, Jira and Confluence done well will get you further than a shiny box you’ll abandon by month nine.

The Essential 8 isn’t 8 controls. And it isn’t really a framework. Here’s what it actually is.

May 21, 2026

The Australian Signals Directorate’s Essential 8 is one of the most widely-referenced cyber security frameworks in the country.

The prompt is not the problem

April 30, 2026

We are in danger of building a society full of architects with nobody left to pour the concrete.

// THE GUIDE

NEW · GUMROAD

The Honest Guide to ISO 27001

The certification book I wish I'd had — written by the guy who was being audited, not selling you a platform. Plain-English, no FUD, no vendor pitch. Just what actually works.

The Honest Guide to Your First Audit
The Honest Guide to Where Your ISMS Lives
The Honest Guide to Internal Audit
The Honest Guide to Risk Assessment
The Honest Guide to ISO 27001
Worked Statement of Applicability — free bonus

Get it on Gumroad →

US$69one-time · instant download · save ~30%

THE HONEST GUIDE TO

ISO 27001
SERIES

5 field guides + 1 free bonus

A curious operator

Founder of Securitribe, ISO 27001 practitioner (the one being audited, not just advising), AICD-trained on governance and risk, twenty years deep in infrastructure — and someone who genuinely enjoys digging drainage and tuning a sim rig on the weekend.

ISO 27001 PRACTITIONERAICD GOVERNANCEFOUNDERvCISO20Y INFRASTRUCTURE

No hype. Just the working.

Occasional notes from across the lanes — security, systems, side-quests. No spam, unsubscribe any time.

Security. Systems.Side-quests.