Security practitioner, risk thinker, and occasional builder. Writing about the systems that break â and the people trying to fix them.
I work at the intersection of cybersecurity, third-party risk, and supply chain integrity â domains where the weakest link is rarely the one you're watching. Over the years I've helped organisations map their exposure, stress-test their vendor relationships, and build programs that hold up when things go sideways.
This site is where I think out loud. You'll find long-form writing on risk management, notes on tools I'm building, and the occasional essay on topics that don't fit neatly into a slide deck.
When I'm not hunting for attack surface, I'm probably working on a side project, reading about complex systems, or figuring out why something broke in a way nobody anticipated.
Most TPRM programs are built to pass audits, not to manage actual risk. Here's what changes when you treat it as an intelligence function instead.
Open-source dependencies, build pipelines, and the uncomfortable truth about software you didn't write but fully own.
When three vendors underpin half your critical processes, you don't have a vendor programme â you have a single point of failure with good documentation.
A walkthrough of a tool I built to aggregate threat intel, news, and breach data for a watchlist of third-party vendors â under 300 lines of Python.
Lightweight vendor intelligence aggregator. Pulls breach news, OSINT signals, and threat feeds for a custom watchlist. Built for small risk teams with no budget for enterprise tools.
A terminal tool for scoring and comparing vendor risk across a configurable framework. Outputs to CSV, JSON, or a printable HTML report.
Experimental visualisation of n-tier supplier relationships. Maps dependency chains and highlights concentration risk nodes in an interactive graph view.
A fast domain availability checker built as an artifact. Uses Cloudflare DNS-over-HTTPS to check registration status across multiple TLDs in real time.
Working on something in the risk space?
Let's talk.
Join the Conversation
Comments are powered by Giscus â backed by GitHub Discussions. You'll need a free GitHub account to post. Your comments live in this site's repository, not on a third-party ad platform.
Comments coming soon
This is where Giscus will load once configured. Follow the 3 steps below, then replace this block with the script tag from giscus.app.
<!-- REPLACE THIS BLOCK WITH YOUR GISCUS SCRIPT --><script src="https://giscus.app/client.js"
data-repo="gabrielhasik/gabrielhasik.github.io"
data-repo-id="YOUR_REPO_ID"
data-category="General"
data-category-id="YOUR_CATEGORY_ID"
data-mapping="pathname"
data-theme="dark"
crossorigin="anonymous" async>
</script>
Go to your GitHub repository â Settings â scroll to Features â tick Discussions. Takes 5 seconds.
Visit giscus.app, enter your repo name, choose the Dark theme to match this site, and copy the generated <script> tag.
In your index.html, find the comment that says REPLACE THIS BLOCK and swap the entire <div class="giscus-wrap"> block with your script tag. Push to GitHub â done.