The newsletter where an InfoSec Manager shares what actually happens behind the scenes

I'm Andries, a working InfoSec Manager. This newsletter is how I learn -- by writing about what I encounter on the job and sharing it with others in similar roles. No technical deep dives. No vendor pitches. Just real stories, honest mistakes, and practical lessons from someone sitting in the same chair as you.

Published every Friday - 8 a.m. (GMT).

ISO 27001

How D.MA.I.C Exposed The Shocking Flaws of My ISMS

May 15, 2026

•

4 min read

How D.MA.I.C Exposed The Shocking Flaws of My ISMS

Andries Bredenkamp

Risk Management

One lucky phone call away from a very bad day

May 8, 2026

•

3 min read

One lucky phone call away from a very bad day

Andries Bredenkamp

ISO 27001

The Big Fight With The Auditor

Apr 24, 2026

•

4 min read

The Big Fight With The Auditor

Andries Bredenkamp

I Thought My Security Reports Were Kinda Good. I Was Wrong :\

Apr 17, 2026

•

6 min read

I Thought My Security Reports Were Kinda Good. I Was Wrong :\

What the viewing stats revealed, and how the CARE model fixed it

Andries Bredenkamp

Risk Management

+1

The Million Dollar Sticky Note

Apr 10, 2026

•

6 min read

The Million Dollar Sticky Note

Complex P@$$w0rds are a liability - not a control

Andries Bredenkamp

Risk Management

The Accountability Gap

Mar 27, 2026

•

6 min read

The Accountability Gap

You cannot own a risk that you do not understand

Andries Bredenkamp