Risto Kasepuu
Twenty-five years in technology — as a founder, CTO, and business leader, with security running through all of it. Today, CISO and DPO at Apollo Group.
Sherlock.ee is where I write about what I actually see in practice — without the vendor pitch. If you're interested in cybersecurity as it's actually practised, you're in the right place.
Pictured: Mõmm, the household cat. Entirely unconcerned about security theater.
Areas of expertise
Cybersecurity management
Security strategy, risk management, compliance and audit programmes
ISO 27001 & compliance
Information security management systems
SOC & monitoring
Security operations, threat detection, SIEM, log management
Incident response
IR processes, recovery from attacks, crisis management
Network security
Network architecture, firewalls, segmentation, VPN, zero trust
GDPR expertise
Implementing data protection requirements, DPO services, data protection advisory
Cybersecurity training
Employee awareness programmes, security training for organisations
Surveillance camera expertise
GDPR-compliant video surveillance, technical audits, data protection advisory
What I write about
Articles are grounded in practice — not sales presentations or academic handbooks. Topics I cover:
- Data protection & GDPR — what actually applies in the EU, how requirements work in practice
- Cybersecurity management — how to build a security culture without security theater
- SOC & detection — what is realistic for small and medium organisations
- Incidents — real-life cases and lessons that don't get discussed at conferences
- Compliance — ISO 27001 and other frameworks without the bureaucracy glorification
Why Sherlock?
Sherlock Holmes was famous for cutting through noise — where others saw chaos, he found the pattern.
Cybersecurity has exactly the same problem. The market is full of tools, services, and frameworks. Everyone promises protection. Nobody tells you honestly what actually works and what is just security theater.
Sherlock.ee is where I ask the questions that don't get asked in sales meetings.
(A small footnote: the domain was originally bought for a financial services idea — a tool to find the best offers on the market. That project never moved forward. But the name turned out to be right after all.)