About
I'm Asyraf — security professional and builder based in Singapore.
By day I work in enterprise security: IAM, cloud governance, AI risk. I help organisations figure out how to adopt new technology without getting burned — whether that's designing access controls, evaluating AI tools against frameworks like MAS TRM, or thinking through what “secure by default” actually means in practice.
Outside that, I build. EmpRoster started as a school project and became a real scheduling SaaS. I'm experimenting with AI-native tools, automation pipelines, and what it looks like to ship things as a solo builder while holding down a full-time role.
This blog is my proof-of-work. I write about AI security, enterprise governance, building in public, and what it means to operate in Singapore's tech scene with a longer horizon in mind. Not every post is polished — the logs and side quests are honest notes, sometimes messy. The essays are where I go deep.
What I'm building toward: a 1000x mindset, a perspective rooted in SEA, and eventually something big enough to matter. The blog is part of how I get there — one post, one project, one experiment at a time.
If something here resonates, I'd like to hear from you.
- ami.asyraf@gmail.com