Written for the people doing the work.
Practical, opinionated writing on IT, security, and AI leadership for growing Nordic companies.
- Security LeadershipSecurity Operating Model
Your Head of IT is doing five security jobs. Don't hire a CISO for all of them.
Does your company need a CISO? Your Head of IT is doing five security jobs. Here is the operating model that splits them, so you rent senior judgment, not a hire.
11 min read - EU AI ActAI Governance
Name a person before the regulator does: the AI ownership decision
Who owns AI in your company? It is a liability question. A named owner with a one-page mandate, not a Chief AI Officer, is how you answer it under the EU AI Act.
14 min read - EU AI ActAI Literacy
The AI Act deadline you missed because you heard it was delayed
Article 4 of the EU AI Act wasn’t delayed. Enforcement starts August 2, 2026. Here is what AI literacy compliance actually requires for growing companies.
9 min read - NIS2Supply Chain Security
When your customer is NIS2-regulated, their auditor is now yours
NIS2 does not apply to you, but it applies to your customers. Article 21(2)(d) makes their auditor your auditor, by contract. Here’s the evidence pack to build.
9 min read - AI ReadinessAI Governance
AI readiness is not data readiness: where growing companies actually stand
A practical 2026 guide to what AI readiness actually requires for growing companies, why being cloud-native and data-mature is not enough, and what 90 days of focused governance work covers.
19 min read - Cloud Cost OptimizationFinOps
Cloud cost drift: how a doubled Azure bill tells a governance story
A practical 2026 guide for B2B SaaS leaders on why cloud cost drift is a governance problem, not a finance one, and what minimum viable FinOps actually looks like for a growing B2B SaaS.
18 min read - DORAFintech
DORA for Nordic Fintech: What It Actually Requires, and What To Do in the Next 90 Days
A working CTO guide to the Digital Operational Resilience Act for Nordic fintech and financial services: scope, the five pillars, ICT third-party risk, testing, and a realistic 90-day plan.
14 min read - NIS2Compliance
NIS2 Readiness for Danish SaaS: A Practical CTO Guide
A working CTO guide to NIS2 for Danish and Nordic SaaS: scope, the 10 measures, incident reporting, costs, and what to do in the next 90 days.
18 min read - ISO 27001Compliance
ISO 27001 for Growing SaaS: What It Actually Takes
A practical guide to ISO 27001:2022 for Nordic B2B SaaS. Realistic timelines, costs, traps, and a decision framework from someone who has done it.
16 min read - FractionalSecurity Leadership
The Fractional Security Leader: When It Works and When It Doesn't
An honest look at when the fractional CISO or CTO model fits a growing Nordic company -- and when you should hire full-time or do something else entirely.
14 min read - EU AI ActAI Governance
EU AI Act Readiness for Growing Companies: A Practical 2026 Guide
A measured 2026 guide to the EU AI Act for Danish and Nordic SaaS leaders: timelines, obligations that actually apply, and what 90 days of work looks like.
20 min read
Let's work out what you actually need.
30-minute scoping call. Free and non-binding. If it's not a fit I'll tell you, and point you somewhere that is.
Typically responds within 24 hours