News

Ioannis (Yan) Jumpaengjan

Yan Jumpaengjan

1 min read
Share

Cyber security analyst, consultant, and builder focused on secure infrastructure, compliance engineering, and intelligent systems.

Currently working across defensive security, governance, AI-assisted tooling, and modern security operations.

Short Intro

I work at the intersection of cyber security, infrastructure, governance, and emerging technology.

My experience spans Microsoft security ecosystems, endpoint management, security assurance, compliance readiness, and secure-by-design consulting across multi-client environments.

Outside of consulting, I build tools and systems designed to make security operations more practical, scalable, and human-centred.

Current Focus

Cyber InfoSec Core

An offline-first modular security and compliance platform designed for consultancy, risk reporting, framework assessments, and executive security visibility.

Current areas:

  • Framework-driven assessments
  • Cyber Essentials Plus readiness
  • Executive and technical reporting
  • Modular architecture
  • Local-first secure deployment

Athena AI Agent

An AI-assisted operational platform focused on intelligent automation, research assistance, workflow augmentation, and human-guided system interaction.

Current areas:

  • AI orchestration
  • Autonomous workflows
  • Secure system integration
  • Operational tooling
  • Human-in-the-loop design

CISSP Journey

Deepening expertise across security architecture, governance, risk management, and enterprise security leadership.

Current focus:

  • Security engineering
  • Risk management
  • Identity and access management
  • Security operations
  • Executive security thinking

Defensive Security Research

Ongoing exploration into modern defensive security practices, operational maturity, and practical security implementation for organisations of all sizes.

Research areas:

  • Microsoft Defender ecosystem
  • Intune and device management
  • Conditional Access architecture
  • Detection engineering
  • Security operations maturity
  • Governance and assurance

Areas of Interest

  • Cyber Security
  • Secure Infrastructure
  • Governance, Risk & Compliance
  • AI Systems
  • Endpoint Security
  • Cloud Architecture
  • Detection Engineering
  • Defensive Operations
  • Automation
  • Operational Intelligence
  • Modern Identity Security
  • Secure-by-Design Engineering

Recent Notes

Why most SME security fails at process, not tooling

Security products rarely fail because of capability. Most failures happen through operational drift, inconsistent ownership, and poor implementation maturity.

Defender Secure Score is not security maturity

A high score can improve posture, but security maturity comes from operational consistency, visibility, governance, and response capability.

Offline-first security platforms still matter

Cloud-native tooling is powerful, but local-first architectures still provide major advantages in resilience, control, portability, and sensitive environments.

Compliance should support operations, not fight them

The strongest security programmes integrate naturally into business workflows instead of becoming isolated checkbox exercises.