Asyraf
Security professional by day, builder by night. Based in Singapore — writing about AI risk, enterprise governance, and shipping things in public.
Latest posts
A DLP Baseline for Small Teams: Stopping Leaks Without a SOC
7/12/2026
Data-loss prevention is usually sold as enterprise tooling. Here's a pragmatic baseline a small team can actually run — built on classification, identity, and a few high-leverage controls.
Threat-Modelling Your First MCP Server: STRIDE for the Agent Era
7/3/2026
MCP servers hand an AI agent real tools and real access. Here's how to run a classic STRIDE threat model over one before you wire it to anything that matters.
Machine Identity Is the New Perimeter
6/17/2026
Human logins are well defended. The unguarded door now is the service account, the API key, and the AI agent. A baseline for treating non-human identities as first-class.