The newsletter where an InfoSec Manager shares what actually happens behind the scenes

I'm Andries, a working InfoSec Manager. This newsletter is how I learn -- by writing about what I encounter on the job and sharing it with others in similar roles. No technical deep dives. No vendor pitches. Just real stories, honest mistakes, and practical lessons from someone sitting in the same chair as you. Published when there's something worth saying.

The Accountability Gap

Mar 27, 2026

•

6 min read

The Accountability Gap

You cannot own a risk that you do not understand

Andries Bredenkamp

Risk Management

+1

How I Became The Shadow IT Problem!

Mar 20, 2026

•

9 min read

How I Became The Shadow IT Problem!

How process automation became the governance risk nobody is looking for

Andries Bredenkamp

The Most Important Question in InfoSec

Mar 9, 2026

•

4 min read

The Most Important Question in InfoSec

You should be able to answer this question for everything you do and every decision you take.

Andries Bredenkamp

Risk Management

The Model That Fixes the Blame Game

Mar 3, 2026

•

5 min read

The Model That Fixes the Blame Game

Understanding the 3 Lines of Defence model, and how InfoSec fits into it

Andries Bredenkamp

PII

+1

My "Credit Cards in The Trash" Story

Mar 1, 2026

•

4 min read

My "Credit Cards in The Trash" Story

The biggest data breach I found didn’t involve hacking. It involved a filing cabinet.

Andries Bredenkamp

ISO 27001

My Vendor Lied To Me

Feb 28, 2026

•

4 min read

My Vendor Lied To Me

How I knew their ISO 27001 certificate was fake

Andries Bredenkamp