Asyraf

Security professional by day, builder by night. Based in Singapore — writing about AI risk, enterprise governance, and shipping things in public.

Latest posts

A DLP Baseline for Small Teams: Stopping Leaks Without a SOC

7/12/2026

Data-loss prevention is usually sold as enterprise tooling. Here's a pragmatic baseline a small team can actually run — built on classification, identity, and a few high-leverage controls.

Threat-Modelling Your First MCP Server: STRIDE for the Agent Era

7/3/2026

MCP servers hand an AI agent real tools and real access. Here's how to run a classic STRIDE threat model over one before you wire it to anything that matters.

Machine Identity Is the New Perimeter

6/17/2026

Human logins are well defended. The unguarded door now is the service account, the API key, and the AI agent. A baseline for treating non-human identities as first-class.