Portfolio Security · GRC · Engineering

Ahad Mehdi Khan

ISO 27001 Lead Auditor Cybersecurity/GRC Practitioner Consultant Builder of FANG

I work at the intersection of information security, governance, risk, compliance, and software engineering. I build practical systems that help organizations assess, structure, and improve their security and ISO 27001 readiness.

01 About

Engineering discipline meets governance thinking.

I am an ISO 27001 Lead Auditor and cybersecurity/GRC practitioner with a software engineering background, focused on ISMS implementation, audit readiness, and security automation.

My work combines technical engineering with governance and compliance thinking. I am currently building FANG, an ISO 27001 ISMS accelerating engine designed to support assessment, implementation, and auditing workflows.

Evidence-led

Security decisions grounded in verifiable controls and documentation.

Practical

Systems designed for real workflows, not compliance theatre.

Structured

Clear analysis, traceable reasoning, and usable outputs.

02 Flagship project

FANG — Focused Assessment and Narrative Generator

ISO 27001 ISMS Accelerating Engine

FANG is a proof-of-work platform exploring how structured control logic, evidence processing, and language models can support ISO 27001 work across three connected stages.

Evolving prototype / MVP
01 / Assess

Assessment

  • Intake forms
  • Gap assessment
  • Control scoring
  • Current-state analysis
  • Report generation
02 / Implement

Implementation

  • Structuring ISO 27001 implementation work
  • Mapping evidence to controls
  • Identifying missing policies, documents, and evidence
  • Supporting ISMS readiness
03 / Audit

Auditing

  • Accepting policies, files, spreadsheets, and evidence
  • Evaluating evidence against ISO 27001 controls
  • Supporting evidence-based reporting
  • Using LLMs for extraction, summarization, and narrative generation while keeping structured control logic

03 Capabilities

A cross-functional security toolkit.

Governance, technical foundations, and engineering skills brought together around practical security outcomes.

GRC / ISO 27001

  • ISO 27001
  • ISMS
  • Gap Assessment
  • Risk Management
  • Control Evaluation
  • Audit Readiness
  • Policy & Evidence Review

Cybersecurity

  • Web Security
  • WordPress Security
  • Vulnerability Assessment Basics
  • Security Hardening
  • OWASP Awareness
  • Security Reporting

Engineering

  • Python
  • JavaScript
  • HTML/CSS
  • Backend Logic
  • PDF Report Generation
  • Data Processing
  • LLM Workflow Integration
  • Automation Prototyping

Professional

  • Client Communication
  • Report Writing
  • Research
  • Problem Solving
  • Consulting Mindset
  • Founder Mindset

04 Credentials

Certifications & education.

Certification

ISO 27001 Lead Auditor

Exemplar Global · 2026 — information security management systems, audit principles, evidence evaluation, and conformity assessment.

Professional training

GRC Mastery Course

Abed Hamdan (Unix Guy) · 2026 — practical work across ISO 27001, policy writing, risk assessment, and security auditing.

Security training

Ethical Hacking & Penetration Testing

Cisco Networking Academy Ethical Hacker · 2025, and TryHackMe Jr. Penetration Tester · 2025.

Education

BS Software Engineering

Virtual University · 2024–2028 · In progress — software design, systems thinking, programming, and engineering practice.

05 Proof of work

Projects, practice, and public learning.

A grounded view of what I am building and where I am developing hands-on experience.

Personal brandActive

TCW Security / TCW Partners

A developing cybersecurity and GRC-focused personal brand for sharing practical guidance and building consulting capability.

Visit TCW
Security practiceHands-on

WordPress Security Work

Experience with basic security assessment, configuration review, hardening, audit observations, and actionable security reporting.

Knowledge sharingOngoing

Security / GRC Content

LinkedIn and educational content around ISO 27001, GRC, cybersecurity, IT risk, and responsible automation.

View LinkedIn

06 Resume

Download My CV

For a concise overview of my education, certifications, skills, and experience, view the three-page PDF in your browser or download a copy when you choose.

07 Contact

Let’s discuss useful security work.

Open to cybersecurity, GRC, ISO 27001, IT audit, and security automation opportunities.

Emailahad@tcwsec.com LinkedInConnect professionally GitHubView code and projects
LocationIslamabad / Rawalpindi, Pakistan