About ComplyIT

ComplyIT exists because I couldn’t find what I needed.

After 15+ years in cybersecurity — leading security programs at banks, fintechs, and industrial companies, running PCI-DSS audits, building GRC frameworks from scratch, and reporting to boards — I kept hitting the same wall. Every time I started a new role or a new project, I’d spend weeks hunting for templates, reference materials, and practical starting points. They were either locked behind expensive consulting engagements, buried in 300-page NIST documents, or scattered across dozens of blog posts written for a technical audience that wasn’t mine.

ComplyIT is what I wish existed when I took my first CISO role.

Who this is for

Security managers. GRC leads. CISOs who just inherited a department of one. Compliance officers staring at a regulation they need to implement by next quarter. People who care about doing security right and want a head start — not another vendor pitch.

This is not a site for penetration testers, bug bounty hunters, or red team operators. There are excellent resources for those communities. This one is for the people who have to build the program, manage the risk, and explain it to the board.

What you’ll find here

A growing knowledge base of practical guides, daily threat intelligence, and curated vulnerability tracking — all free. In the future, ready-made templates, policy frameworks, and toolkits that save you weeks of work. The kind of documents I’ve built and rebuilt across every role, now available so you don’t have to start from zero.

How I think about trust

I won’t recommend a product I wouldn’t use. The affiliate links on this site point to well-known, established tools — they help keep the lights on but they’ll never influence the content. When we sell templates and materials, they’ll be built from real-world experience and reviewed by practitioners, not generated and forgotten.

Some content on this site is AI-assisted. The daily news summaries are automated. Blog posts are drafted with AI and reviewed for quality. The templates and frameworks coming soon? Those are based on years of actual work — the kind of documents that got me through audits, board meetings, and regulatory deadlines.

Where this is going

I’m not trying to build the next big media company. ComplyIT is a library — a place where a security manager anywhere in the world can find what they need, learn something useful, and get back to work. If it grows into something bigger, great. For now, the goal is simple: be genuinely useful.

One day I’ll probably put my name on this. For now, the work speaks for itself.