IT Risk & Controls

Things that are invisible until they're not.

Thought leadership on identity governance, cybersecurity controls, and IT audit — from someone who has spent 25 years watching the invisible become very visible.

Start Reading

Featured

April 3, 2026 · Jeff Purrington

The Ghost in the Machine: Why AI Agents Are the Next Frontier for IT Audit

The IT General Controls that have governed enterprise technology for decades weren't built for AI Agents. Here's what's breaking — and what to do about it.

agentic AIIT auditidentity governanceITGCnonhuman identities

Featured

March 30, 2026 · Jeff Purrington

Things That Are Invisible Until They're Not

An introduction to why identity, access, and controls are the silent load-bearing walls of every organization — and what happens when they crack.

identity governanceIT riskcontrols

Recent Writing

All posts →

April 3, 2026 · Jeff Purrington

The Ghost in the Machine: Why AI Agents Are the Next Frontier for IT Audit

The IT General Controls that have governed enterprise technology for decades weren't built for AI Agents. Here's what's breaking — and what to do about it.

agentic AIIT auditidentity governanceITGCnonhuman identities

March 30, 2026 · Jeff Purrington

Things That Are Invisible Until They're Not

An introduction to why identity, access, and controls are the silent load-bearing walls of every organization — and what happens when they crack.

identity governanceIT riskcontrols

About this site

Identity and access are the invisible load-bearing walls of every organization. This site exists to make them legible — through rigorous analysis, practitioner perspectives, and the occasional uncomfortable truth.

Written by an Identity Strategist with over 25 years in IT audit, cybersecurity controls, and identity governance.

About the author →