Why “risk acceptance” is usually a documentation problem
Most accepted risks are not decisions — they are unfinished conversations. A cleaner way to make the tradeoff explicit.
Read essayPractical AI for Cybersecurity + GRC
Cybersecurity is
complicated enough.
Explaining it should not be.
I’m Jeremy, a CISO exploring how AI, automation, and better operating judgment can make security and GRC clearer, faster, and more useful to the business.
01 / Point of view
A position, not a mission statement.
Security is not a binary choice between yes and no. GRC is not evidence collection. AI is not a substitute for judgment. The work becomes useful when risk, technology, people, and business decisions are treated as one connected system.
02 / Topics
Three ways into the same system.
Each pathway looks at security from a different altitude: the workflow, the business, and the career.
P/01
AI-Native
Security + GRC Practical workflows, automation decisions, safeguards, and operating models: where AI genuinely earns a place in the control set, and where it does not. P/02 The Business
of Security Risk, tradeoffs, engineering trust, leadership, and business-aligned controls: the decisions that make security an operating advantage instead of a tax. P/03 The AI-First
Security Career How roles, skills, and professional value change when AI absorbs more routine work and what stays unmistakably human.
Security + GRC Practical workflows, automation decisions, safeguards, and operating models: where AI genuinely earns a place in the control set, and where it does not. P/02 The Business
of Security Risk, tradeoffs, engineering trust, leadership, and business-aligned controls: the decisions that make security an operating advantage instead of a tax. P/03 The AI-First
Security Career How roles, skills, and professional value change when AI absorbs more routine work and what stays unmistakably human.
03 / Featured thinking
Selected writing & talks.
Building an AI-native control library, live
Walking through a working setup where evidence, mapping, and review assistance are automated — and where a human still signs.
Watch on YouTubeThe one audit question that tells you everything
Ask a team to explain a control to someone outside security. What happens next is the real maturity assessment.
Read note
Jeremy J. Turner — Kaizen
04 / About
Translating complexity into decisions people can act on.
Jeremy is currently working as a Chief Information Security Officer with over 20 years experience spanning military service, Big 4, Fortune 100, and startups.
He is known for translating complexity into decisions that engineers, executives, auditors, and regulators can act on, turning a system of systems into something a business can actually operate.
US VETERAN
BIG 4
Technology leadership
FORTUNE 100
Regulated & international
05 / Consulting
Let's talk security, GRC, and AI.
I work with organizations navigating practical AI, GRC, and resilience. Let's explore if we're a fit.