About

I have spent twenty years on the enterprise side of security across Southeast Asia. In the briefing room with C-suites and CISOs. In the deployment reality of Zero Trust, identity threat detection, and the controls that look fine on a slide and break in production. And in the aftermath, when something that "shouldn't have happened" did.

Clear Signal is where I write down what I actually think.

Most security writing is one of two things. A breach headline with no judgment attached. Or a vendor pitch wearing a blog's clothing. Neither helps the person who has to make the call on Monday morning, with an incomplete picture and a business that wants the project shipped yesterday.

So I write for that person. The CISO weighing whether to slow a rollout. The practitioner who already knows the basics and wants a defensible stance. The executive who needs a technical risk explained in a way that survives a board meeting.

I take positions. I name the tradeoffs I have not solved. And I keep it grounded in what I have seen work and fail in this region — because advice that ignores how a regulated bank in Singapore or Jakarta actually operates is just theory with a confident tone.

If that is useful to you, you are in the right place.