About
A little about Savva Pistolas.
I’m Savva. I spend most of my time thinking about systems — how they’re designed, what they actually do (as opposed to what they’re supposed to do), and how the people inside them navigate that gap. I write here to think things through.
My background is in cybersecurity and I’ve spent a lot of time inside organisations helping them understand their own risk. That work draws on systems thinking more than most people expect. You can’t assess an organisation’s security posture without first understanding how it actually operates — and that’s rarely how the org chart says it does.
One of the larger side projects I’ve built is iso27001.zip — an attempt to make ISO 27001 more accessible and less like reading a legal document. It’s a non-commercial project that grew out of notes I’d been keeping for years. That’s broadly the kind of thing I make: tools and writing that try to lower the barrier to things that are worth engaging with.