Asyraf
Security professional by day, builder by night. Based in Singapore — writing about AI risk, enterprise governance, and shipping things in public.
Latest posts
Machine Identity Is the New Perimeter
6/17/2026
Human logins are well defended. The unguarded door now is the service account, the API key, and the AI agent. A baseline for treating non-human identities as first-class.
PCI DSS 4.0, Part 2: How the 12 Requirements Ladder Up to 6 Goals
6/13/2026
A practitioner's map of PCI DSS 4.0 — the 6 control objectives, the 12 requirements beneath them, and how to read the standard as a security model rather than a checklist.
Building Sakinah: An App for the Hardest Moment
6/8/2026
I built Sakinah to help Muslim families in Singapore through the hours after a death. The decisions I'm surest about weren't features — they were the things I chose not to build, hold, or collect.