About

Practitioner — strategy, risk, and the parts of compliance worth keeping.

I work in GRC, security and data security, and I lead the team that delivers it. Day to day I think about how strategy, risk management and smart compliance meet the technology decisions teams actually have to make — and how to keep a program defensible without burying it in paperwork.

I'm increasingly interested in two shifts: putting real numbers on risk instead of red/amber/green, and how AI changes both sides of the equation — the threat surface, and the way GRC programs themselves are built and run. This site is where I write about what works and keep notes worth re-reading.

Currently

Based in Aarhus, Denmark. Building and leading a data security, risk and compliance practice — and working out how GRC teams can manage risk and prove compliance better by leaning on data and the right technology.

What I think about

  • GRC strategy and the parts of ISO 27001 / CIS18 that earn their keep
  • Risk management as a decision-support discipline, not a paperwork one
  • Cyber risk quantification — moving risk from colors to numbers leaders can act on
  • Data security and how to protect data in the age of AI
  • Governing agentic AI — frameworks that hold up in regulated environments
  • How AI changes the GRC practitioner's day and the threat surface

Contact

The fastest way to reach me is email: petertrierpublic@outlook.com. I read everything — especially happy to hear from people working on GRC, data security, risk quantification or AI policy in the real world.

Elsewhere: LinkedIn ↗ · GitHub ↗ · CV (PDF) ↓