Practitioner — strategy, risk, and the parts of compliance worth keeping.
I work in GRC, security and data security, and I lead the team that delivers it. Day to day I think about how strategy, risk management and smart compliance meet the technology decisions teams actually have to make — and how to keep a program defensible without burying it in paperwork.
I'm increasingly interested in two shifts: putting real numbers on risk instead of red/amber/green, and how AI changes both sides of the equation — the threat surface, and the way GRC programs themselves are built and run. This site is where I write about what works and keep notes worth re-reading.
Currently
Based in Aarhus, Denmark. Building and leading a data security, risk and compliance practice — and working out how GRC teams can manage risk and prove compliance better by leaning on data and the right technology.
What I think about
- GRC strategy and the parts of ISO 27001 / CIS18 that earn their keep
- Risk management as a decision-support discipline, not a paperwork one
- Cyber risk quantification — moving risk from colors to numbers leaders can act on
- Data security and how to protect data in the age of AI
- Governing agentic AI — frameworks that hold up in regulated environments
- How AI changes the GRC practitioner's day and the threat surface
Contact
The fastest way to reach me is email: petertrierpublic@outlook.com. I read everything — especially happy to hear from people working on GRC, data security, risk quantification or AI policy in the real world.
Elsewhere: LinkedIn ↗ · GitHub ↗ · CV (PDF) ↓