Audit Agent Compliance evidence & audit prep Operations Agent M365 operations & CIS benchmarks CyberAware Training Security awareness & phishing sims Remote Support Start a secure support session All Customer Tools Portals, admin consoles & more
Preview Your Audit
Preview Your Audit

Insights

Thought leadership on ISO 27001 compliance, M365 security, and the future of automated evidence collection.

Featured

Compliance as a Moat

Why genuine ISO 27001 compliance — not certification theatre — is one of the strongest competitive advantages an MSP can build.

By JJ Milner 29 March 2026
strategycomplianceMSP
Read article →

What Does an Auditor Actually Want?

The gap between what auditors need and what organisations prepare. Evidence over documentation. Demonstration over description.

By JJ Milner 3 November 2025
ISO 27001audit
Read on substack →

First Principles: Why Are DevOps VMs in My Compliance Report?

Most compliance failures are classification failures, not security failures. The denominators in your compliance measurements are wrong.

By JJ Milner 18 November 2025
DevOpscompliance
Read on substack →

The Compliance Industrial Complex

Why does ISO 27001 certification take 12 to 18 months when the standard itself isn't that complicated? 93 controls. That's it.

By JJ Milner 15 October 2025
ISO 27001compliance
Read on substack →

Forging a New Security Frontier: Why Microsoft Sentinel's Data Lake Is a Game-Changer

Security teams face an impossible choice — maintain expensive log archives for compliance, or optimise for current operations while losing the historical data needed for deeper analysis. Microsoft Sentinel's data lake fundamentally restructures this dynamic.

By Claudia Correia de Araujo 7 August 2025
Microsoft SentinelSOC
Read article →

The Digital Employee: Why AI Agents Need Governance, Not Just Guardrails

AI agents are smart enough to be convincing, even when they are wrong. When an agent makes a costly decision, whose name goes on the incident report? The accountability gap is where organisational risk hides.

By Claudia Correia de Araujo 28 January 2026
AI governancerisk management
Read article →

South African Organisations Are Not Seeing AI ROI. The Reason Is Not the Technology.

Three claims. Three sectors. Same question. The technology is not failing. The organisations operating it are. The AI hype phase is over — accountability matters now.

By Claudia Correia de Araujo 27 March 2026
AIstrategy
Read article →

Beyond Copilot: What Agentic AI Actually Means for the Enterprise

Copilot was the beginning. Autonomous agents that reason, plan, and act across systems are the next phase — but governance cannot be an afterthought.

By Claudia Correia de Araujo 17 September 2025
AIgovernance
Read article →

Forging a New Security Frontier: Sentinel, Data Lakes, and Seven-Year Retention

Microsoft Sentinel's data lake architecture changes the economics of long-term security data retention — and POPIA's seven-year requirement finally becomes achievable.

By Claudia Correia de Araujo 7 August 2025
SentinelPOPIA
Read article →