This is about my professional identity: lawyer, auditor, lecturer, and public speaker.
I have a law degree with a major in telecommunications law and spent over 15 years leading court trials and practicing law (this was in the 2000s, and yes, I am that old - do not be deceived by my pictures, I am a Siberian elf).
Then I became what some people nervously call “the auditor.”
I’m a lead auditor in 15 different ISO standards, and I’ve audited companies whose products you probably have in your house right now. I’m not a simple senior lead auditor - I’m the auditor who trains other auditors so they can become auditors and obtain their auditor certifications. Try to read again 😂 I did
Alongside auditing, I teach companies how to implement quality, security, environmental, business continuity, data privacy, data security, cloud privacy, cloud security, and other certifications.
My recent specialty- and a major topic I speak about at conferences -
is AI and security
But here’s where it gets interesting: I help multisite companies take 5–10 different international standards and weave them into one infrastructure instead of running parallel compliance nightmares. This saves companies billions. Literally. I also have a rather unique niche - getting AI governance and compliance right, all the way through successful AI certification.
Here the practical guide on the topic: https://bobkova.online/the-answer-is-42-extended-version/
And here how you can integrate one or more management systems: https://bobkova.online/iso-certification-what-you-need-to-know-4-important-facts/
Turns out, “we’re using AI responsibly” sounds much better when you can actually prove it - with third-party validation.
My expertise is working with top management in some of the largest enterprises in the world - the kind with budgets bigger than some countries, where strategic decisions affect 500 sites, 7,000 employees and their families, plus suppliers and vendors across 200 countries. When I am saying that I audited Ford Motors or Ericsson or Stellantis some people think that I audited just one plant or their local service center. Aim a bit higher - I lead team of auditors for those global projects. At the same time I KNOW what is the supplier chain policy and requiremnts those companies have and WILL HAVE in the future and how to work with them or for them. Here one of the examples: https://bobkova.online/untitled-6/
I truly believe government agencies have a lot to learn from those companies.
Oh, by the way, I’ve personally consulted the Canadian trade minister and a U.S. ambassador, but the most challenging and interesting cases were working with the largest research and development facility in the world by budget, and with a nonprofit religious organization on a data privacy project.
I speak at places like BlackHat, AI Summit, RVA Tech, ISACA, FedEx, and many others. When people ask about CISSP or CISM security certifications, I TEACH for those certifications... again, aim a bit higher. I also teaching ISO lead auditors and the NIST framework experts who want to be certified.
I consult and occasionally make top leadership and stakeholders laugh, trust my judgement and follow me for years, which some consider my greatest achievement.
However, the most interesting part of my life is not my work and not public speaking - it’s my farm. But it's my different personality and therefore in the different post.
This is where all that knowledge about process optimization, research and development, risk management, and operational efficiency actually gets tested in real life - with over 60 animals who don’t care about my credentials and definitely won’t wait for a formal corrective action plan when they want breakfast.
Everything I’ve learned from courtrooms, boardrooms, and audit rooms, I apply to building coops, rotating pastures, and figuring out why one particular barn cat thinks he runs the place (he actually does).
On this website, you’ll find posts about all of it—standards, AI, security, chickens, and everything in between. But right here, I’m sharing downloadable that might actually be useful to you, for example:
- The AI regulation landscape on Jan 2026: https://bobkova.online/ai-regulations/
- With the AI compliance decision tree and step by step compliance assessment instructions at the end of the post:
- Guide to check companies strategic objectives and KPIs (based on 500 audits case studies):
- If you an app developer or app user and worried about your personal data (you actually should!) here is the checklist to check your data is secure:
- AI risk assessment (I do full day workshops on that topic for the NIST certified risk management teams): https://bobkova.online/ai-risk-assessment-process/
Consider it a thank you for stopping by ❤️
And maybe subscribing.
