Asyraf
Security professional by day, builder by night. Based in Singapore — writing about AI risk, enterprise governance, and shipping things in public.
Latest posts
PCI DSS 4.0, Part 2: How the 12 Requirements Ladder Up to 6 Goals
6/13/2026
A practitioner's map of PCI DSS 4.0 — the 6 control objectives, the 12 requirements beneath them, and how to read the standard as a security model rather than a checklist.
Building Sakinah: An App for the Hardest Moment
6/8/2026
I built Sakinah to help Muslim families in Singapore through the hours after a death. The decisions I'm surest about weren't features — they were the things I chose not to build, hold, or collect.
Governing AI Agents: When the User Isn't a Person Anymore
6/8/2026
Agentic AI breaks the assumption that every action traces back to a human. Here's a baseline for giving agents identity, scope, and accountability.