About SecureAI

SecureAI was created to address a problem I've seen repeatedly over many years in large, regulated organisations: security decisions are getting harder, while the noise around them keeps getting louder.

Frameworks, tools, reference architectures, and now AI, all promise clarity — yet many security teams feel less confident, not more. Designs look compliant on paper, but accountability is often unclear, assumptions go unstated, and difficult trade-offs are quietly deferred.

SecureAI exists to help cut through that.

Who I am

I'm an Enterprise Security Architect with a background in large-scale banking and regulated environments.

Over my career, I've worked across:

• enterprise and cloud security architecture
• regulatory and audit alignment
• identity, network, and application security
• complex transformation programmes in highly constrained environments

Much of my work has involved being the person called in to review designs, challenge assumptions, and help teams explain — clearly and defensibly — why a particular security decision makes sense.

Not in theory.
In practice.

Why I built SecureAI

I created SecureAI after noticing the same pattern appear again and again.

Security teams were:

• overloaded with frameworks and documentation
• pressured to "move faster" without reducing risk
• expected to justify complex decisions to executives and regulators
• increasingly unsure which concerns genuinely mattered

At the same time, AI tools were emerging that could summarise, generate, and analyse — but very few were grounded in the realities of regulated industries or accountable decision-making.

SecureAI is my attempt to bridge that gap.

It is designed to:

• support architectural thinking, not replace it
• surface implicit assumptions and hidden risks
• help map designs to frameworks in a meaningful way
• translate technical decisions into language executives and regulators understand

It is not an oracle.
It does not remove accountability.
And it does not promise certainty where none exists.

Initially built on my MacBook to help me make sense of this growing complexity, I soon realised this tool became such an integral part of my day. It was then I decided to share it. Initially I thought of IT Architects that don't always have a foundation in IT Security. But later I thought that it could be helpful to IT Security practitioners as well. Since not everyone is skilled in every area of security, even if our enterprises expect that of us.

What SecureAI is — and what it is not

I've always felt AI should augment us and bring insights that we may not have considered. SecureAI is exactly that, a thinking partner for security and technology professionals working in complex environments. I can share many examples of how I have been challenged by SecureAI.

It is:

• framework-aware, not framework-obsessed
• opinionated, but transparent in its reasoning
• focused on judgement, ownership, and defensibility

It is not:

• a replacement for experienced professionals
• a compliance shortcut
• a tool for avoiding difficult conversations

Good security still depends on human judgement. SecureAI is designed to support that judgement — calmly and responsibly.

The SecureAI newsletter

Alongside the platform, I publish the SecureAI newsletter.

This is where I share practical reflections on:

• why security architectures fail in the real world
• what regulators and auditors actually look for
• how AI fits into security decision-making — and where it doesn't
• lessons learned from working in complex, regulated environments

The newsletter is free, experience-driven, and intentionally low on hype.

If you value clear thinking over noise, you're welcome to subscribe.

SecureAI is shaped by one core belief:

Good security is not about perfection.
It's about making reasonable, defensible decisions — and being able to explain them when it matters.

That is the problem SecureAI is trying to help solve.