Risk Management

Architecture reviews that approve instead of challenge

Architecture reviews exist to catch problems before they become expensive. In practice, most reviews catch a different set of problems from the ones they were designed to find, and miss a different set from the ones that will eventually cause trouble. This is not because the reviewers lack competence. It is because most architecture reviews are not designed to produce understanding. They are designed to produce alignment and distribute accountability. Once that is the function, the outcome is predictable. ...

April 2, 2026 · 5 min
A massive, exhausted turtle trudging through a surreal European city, carrying a towering heap of audit checklists, sticky notes, and cybersecurity manuals on its shell. Tiny overworked auditors run around frantically.

NIS2 compliance: The Kafkaesque burden on Europe’s companies

Europe mandates hundreds of thousands of companies to meet stringent cybersecurity standards, yet the auditor pool is woefully small.

November 26, 2025 · 4 min