I'm a cybersecurity professional and entrepreneur based in Istanbul, Türkiye, with 15+ years of hands-on experience across information security, governance, risk, and compliance.

My work sits at the intersection of technical security and business risk management — designing security programs, running third-party risk assessments, aligning organizations with international standards, and building tools that make security operations more efficient.

I believe great security programs are measurable, framework-aligned, and tightly coupled with business outcomes.

• Governance, Risk & Compliance (GRC) — program design, policy, audit readiness
• Third-Party / Supply-Chain Risk Management (TPRM) — vendor security assessments, ongoing monitoring
• ISO/IEC 27001 — implementation, internal audit, lead auditor engagements
• T.C. Dijital Dönüşüm Ofisi — Bilgi ve İletişim Güvenliği Rehberi (D1–D2) — lead auditor
• Cloud Security — AWS security architecture and controls
• Security Management — security strategy, risk treatment, KPI-driven oversight
• Offensive Security Awareness — ethical hacking mindset applied to defensive design
• Regulatory Alignment — KVKK, GDPR, NIS2, DORA readiness

An Electron-based desktop application that automates vendor and supplier security assessments and generates professional DOCX risk reports aligned with ISO 27001, NIST SP 800-161, SIG, and CAIQ.

Built for GRC teams who need consistent, audit-ready vendor evaluations without the manual overhead.

• Building practical, framework-aligned tools for GRC and TPRM practitioners
• Helping organizations achieve ISO 27001 and T.C. DDO D1–D2 compliance
• Advising on third-party and supply-chain security programs
• Sharing knowledge from 15+ years in the field

If you're working on cybersecurity, GRC, TPRM, or compliance initiatives and think we could collaborate, I'd love to hear from you.

"Security is not a product, but a process." — Bruce Schneier