Amsterdam · Governance, code, and evidence

I build proof of work at the intersection of governance, code, and evidence.

My background is in GRC, audit, and risk. Today, I am extending that foundation into technical security, implementation, and evidence-led work that can hold up in practice.

Current focus: Governance -> Code -> EvidenceNext arc: AI Governance -> Code -> Evidence

View Proof of Work Explore CRA Labs

Working premise

Governance and engineering are no longer separate worlds.

I am interested in the kind of work where governance is not a reporting layer added at the end, but something that can be traced through systems, controls, decisions, and evidence.

10+

Years across audit, risk, product, and delivery

Current market focus

GRC

Methodological foundation

CRA

Flagship proof-of-work lens

Thesis

Governance is moving closer to systems, pipelines, and evidence.

My work starts from a simple belief: GRC is becoming more full stack. It is no longer enough to understand controls, risk, and regulation at a distance.

My background in GRC gave me a method: define the scope, examine the evidence, test the claim, and make accountability visible. My technical work is an extension of that method.

This is the profile I am building in the Netherlands: governance that can move closer to code, and technical work that can still stand up to governance, audit, and regulatory scrutiny.

How I work

Three connected lenses shape the work.

I do not separate governance thinking from implementation reality. I use each one to strengthen the other.

Governance

I work on accountability, traceability, control design, and how regulatory expectations become operational.

Code

I am moving closer to systems, implementation, and security controls rather than staying only at the policy layer.

Evidence

I care about proof of work that makes the logic visible through investigations, artifacts, and structured communication.

Flagship work

CRA Labs is my flagship proof-of-work project.

CRA Labs is where I turn governance, security, and regulatory questions into structured investigations, evidence, and implementation-facing outputs.

It is built on a simple model: 12 requirements, 6 pillars, 30 investigations to make the work traceable.

The CRA Labs website is still being refined. For now, the GitHub repo is the best place to follow the work as it develops.

View CRA Labs repo

Open to

Roles, conversations, and collaboration.

I'm open to roles and conversations across three areas:

Security governance and cyber GRC

Control, evidence, accountability, and governance work that moves closer to systems and implementation.

Product security and regulatory readiness

Work that connects product, security, and regulatory expectations in a practical way.

Solutions, customer-facing technical, and product-adjacent roles

Roles where communication, trust, and technical translation matter.

I'm also open to short freelance and advisory projects where I can help teams design and build digital systems that are clearer, more usable, and easier to defend in practice. Alongside that, I keep building proof of work through investigations, small tools, and practical experiments that let me apply governance, UX, and technical implementation to real problems.

Based in Amsterdam, the Netherlands.

Connect on LinkedIn