Notes from the work, written down honestly.
Long-form essays on enterprise architecture, platform engineering, DevSecOps, data modernisation and applied GenAI inside regulated environments. Companion to The 4‑Discipline Stack, the six diagnostics, the four reference architectures, the practitioner glossary, and the annual State of Enterprise Tech 2026. RSS feed.
The encoded enterprise architect.
Why TOGAF is your operating manual, not your job. Architecture principles that aren’t encoded in platform defaults or policy-as-code don’t exist — the 2026 EA function is small, federated and mostly invisible because the platform enforces what it decided.
Enterprise ArchitectureGenAI in regulated environments: the nine controls.
The nine controls between a demo and something a customer — and a regulator — can use. Mapped to NIST AI RMF, EU AI Act, ISO/IEC 42001 and OWASP LLM Top 10.
Applied GenAIDevSecOps stopped being about Sec. It’s about supply chain.
Post‑XZ Utils, post‑Snowflake, post‑Polyfill: the highest-leverage security work in 2026 is provenance, workload identity, SBOM-to-owner alerting and signed build pipelines.
DevSecOpsPlatform engineering is the AI delivery moat.
The orgs that will ship GenAI features safely in 2026 are the ones whose paved paths already encode identity, observability and policy. Everyone else will retrofit AI controls into legacy estates — slowly and visibly.
Platform EngineeringThe 4‑Discipline Stack: why your four functions don’t compound.
EA, platform, data and AI as four budgets, four roadmaps, four reports — and no compound. The substrate is what makes them multiply. The full thesis behind the framework.
SynthesisAustralia’s AI Safety Standard, decoded.
The DISR Voluntary AI Safety Standard translated into what the engineer being asked the question actually does this quarter. Ten guardrails, mapped to the work.
Regulation · Australia