About
Strategy. Leadership. Architecture. Code.
I've never been comfortable abandoning the layer below. When I moved into architecture, I kept writing code. When leadership came, I kept designing, only now it was organizations and operating models, not systems. Turns out structuring a regional security function looks a lot like structuring software. Twenty-five years of that and it stopped being a habit and became the actual method.
Every time a big shift arrived, cloud, containers, infrastructure as code, AI, I went deep enough to work with it from board paper to production. None of these layers were disposable. Each one made the next one more useful.
The hardest problems I get called into don't sit in one of these boxes. A corporate spin-off isn't just a technology project. A security organization build isn't just a hiring exercise. I'm useful in those situations because I don't hand off between disciplines. I think in all of them at the same time. That's also how things like dethernety get built, or the cloud infrastructure underneath it gets designed.
Where this comes from
I've spent years fighting for technology budgets in front of C-levels. Transformation programs, M&A due diligence, commercial strategy, all from the side that has to justify the spend. If I can't explain why something matters commercially, I don't consider it ready.
I've reported to CEOs and led teams across multiple countries. But the part I got good at was building the organization itself. The structure, the targets, the right people into the right roles. The test I hold myself to: does it keep working after I leave?
Security is a topology problem: who can reach what, and what happens when a node is compromised. But it's equally an economics problem: where does the next unit of resources reduce the most risk relative to revenue impact. Most of the industry sells tools for the first and spreadsheets for the second. I built my own threat modeling platform because the commercial options weren't solving the right problem.
I still build production systems. Full-stack, cloud-native, increasingly AI-native. The point is that when I challenge an architecture or a timeline, there's current experience behind it, not memory from five years ago.
Selected Work
dethernety
Open-source, graph-native, AI-powered threat modeling platform on MITRE ATT&CK and D3FEND frameworks. The tooling that powers the security work I deliver.
dether.net →CETIN Corporate Spin-off
I led the security stream of a multi-country corporate spin-off from Telenor CEE. I had to figure out how security would work across technology separation, org restructuring, and financial modeling, all while keeping business-as-usual running.
Regional Security Organization
I built a regional security organization at Telenor Common Operation from nothing. Org structure, strategy, targets, motivation frameworks, hiring, then delivery across multiple countries.
Guiding Principles
Technology serves business outcomes
Elegant architecture means nothing if you can't trace it back to revenue, cost, or risk.
Leaders build organizations that outlast them
The goal is to leave behind capability, not dependency.
Regulation is an input, not a strategy
NIS2, DORA, and the rest are serious external drivers that should shape security decisions. But they're not the decisions themselves.
Beyond Work
Outside of technology, I play drums and saxophone, practice street photography, and study history, particularly how complex systems and organizations have succeeded or failed across different eras.
If you're facing a challenge that spans strategy, technology, and organizational complexity, let's talk.