CEO and CTO who has done this - not a theorist.
Personal ChatGPT accounts. No guardrails. No visibility.
Licenses bought. Nobody uses them. Vendor blames your team. Team blames the vendor.
Leadership wants numbers. You've got anecdotes. That's it.
Most companies are stuck at stage 1 or 2. Here's the full picture.
Shadow AI on personal accounts
Managed AI with proper logins and audit trails
From "I use my own ChatGPT" to everyone on one secure system
Typing prompts at 40 WPM
Voice input at 150+ WPM with structure baked in
From hunt-and-peck typing to just talking
Saving prompts in Word docs
AI asks YOU the right questions
From prompt libraries to AI that knows what to ask
Copy-pasting between AI and your apps
AI acts inside your apps directly
From tab-switching hell to AI that just does it
AI knows zilch about your business
AI loaded with your actual data and rules
From generic slop to answers that know your world
AI only runs when someone remembers to ask
AI fires on its own when things happen
From "oh I forgot to run that" to automatic
Three phases. No fluff. Just the work that gets AI running.
Real testimonials from colleagues and clients on LinkedIn
"Amit is a whirlwind of ideas. And what is better, he is usually sharing them with others. Every idea, even the ones that will not make it into a project in the end, is bound to contain some inspiring nugget that will eventually get you thinking about scenarios and possibilities for days.
"
Alessandro Morandi
Staff Backend Engineer at Deliveroo
"There really is only one Amit. With a unique blend of strong technical capabilities, entrepreneurial spirit and deep understanding of user behaviour, Amit has the enviable ability to sniff out problems and then (seemingly) effortlessly create innovative business solutions with infectious enthusiasm and relentless follow through. Equally as important, Amit is absolutely lovely to work with. He's got an unflappable positive outlook, loads of energy and is not afraid to ask the tough questions.
"
Jodi Schneck
Head Teacher at Jodanno Learning
"Amit is a fantastic, lateral thinker. His entrepreneurial spirit is matched by his kindness, presence and ability to generate great enthusiasm. Amit can teeter between the logical and the dreamy with an envious ease.
"
Jessica Wittebort
VP, Design at Aruliden
"Amit and I had a lot of fun working on some really interesting web projects. With lots of hurdles and challenges, I often found Amit to rise to the challenge with creative technical solutions that complimented business requirements. There simply is only one Amit.
"
Jay Khan
Delivery Manager at V&A Museum
"Amit has the right attitude for the new way of creating business solutions so the technology is not in the way of the experience. Amit is a one-off diamond.
"
Andrew Woolfson
Head of Knowledge Management
"Amit is a great guy both professionally and personally. Working with Amit was always an eye-opener because of the incredible knowledge and skill he brings to the table. I have worked with Amit on various occasions where I was lucky enough to witness some of the innovative skill and thinking that comes from combining a thorough sense for business and incredible skill in Programming and Architecting.
"
Niels van der Zeyst
Director at Microsoft
"Amit is an excellent technical thinker who always manages to keep an eye on the human nature of what is being built; he can be relied on for sharp, relevant insights into both user centred process/design and technical decisions, and it is always a pleasure working with him, as well as spending time together socially away from the office.
"
Felix Cohen
Digital Lead at The Chancery Lane Project
"Amit is technical capabilities are combined with a strong business insight and understanding of user behaviours which makes him a great project collaborator. His focus is on getting the work done and problems solved. I always enjoyed working with Amit on development projects both for his ideas and his helpful positive attitude.
"
Anne-Mette Jensen
Co-Founder & CEO at Clouz
"Amit has a fabulous attitude and is a very capable technologist. I have always enjoyed working with Amit and watching him solve the world's problems one entrepreneurial idea at a time.
"
Amy Wagner
Delivery Partner at Hippo
"Amit offers an impressive background of technological and creative knowledge. I was introduced to Amit through a networked link and his recommendation proceeded his entrepreneurial-ship and effective working practice. His ideas are sharp and original, and provide clear insight for what will be the next big thing. I very much look forward to working with Amit and anticipate his success for the future.
"
Mariann Hardey
Professor at Durham University Business School
"Amit has great vision and knowledge of web design and web usability. He has a real intuition and passion for usability in web applications.
"
Steve Millidge
Founder at Payara
"I recommend Amit highly. He is a very smart and dedicated person who is also a pleasure to work with.
"
Oualid Gharach
Programme Manager at MultiChoice Group
"Amit is a truly unique and colourful person who will bring light into any group of people he encounters. His commitment to anything he turns his mind to amazed me and he is not only willing but loves to put himself in the firing line for any new challenges or experiences he can find.
"
Dave H
Advocate/Advisor at DIGTL Markets
"Amit is an open minded and very creative entrepreneur. He has very good communication skills and has always a pragmatic approach in getting things done.
"
Kostas Didaskalou
Partner at IBM
"Amit worked with me on a paper researching Multi-Agent Systems. I found him very knowledgeable, reliable and committed. I regularly see Amit contributing to forum discussions and is always willing to help anyone above and beyond the call of duty.
"
Alison Booth
Freelance Copywriter at The Word Booth
Co-Founder & CEO
Tallyfy
2014 - Present
I built Tallyfy from scratch - it's a workflow automation product anyone can use. Invented Workflow Made Easy®. Right now I'm running most of our ops with AI, except customer service. I've baked AI into the product itself. I know where it broke and why.
Partner
BrightKite.ai
2025 - Present
Helping schools in St. Louis with AI. Initially aiming to help English teachers combine all the benefits of handwriting, Google Docs and AI in a single product - without the pains and problems of each one.
Consultant, Advisor and Educator on AI & Ops
Independent
2025 - Present
Everything I've learned building, growing and investing in businesses - I now teach. I consult, advise, and help companies actually change.
Entrepreneur in Residence
Skandalaris Faculty - Washington University in St. Louis
2025 - Present
Helping deep-tech and all kinds of entrepreneurs with AI, tech and operations.
Entrepreneur in Residence and Faculty
OneDay
2025 - Present
Teaching MBA cohorts about lean ops, automation, and using AI for real. Also teaching creativity and innovation. OneDay helps founders launch a business while earning an accredited MBA.
Consultant, Advisor, Leader
Various
2004 - 2014
Details on my LinkedIn. Hundreds of engagements, several ventures, lots of lessons.
University of Bath
Computer Science (Bachelors)
2004
25 minutes. No pitch. Just an honest discussion about where AI fits for you.
Fully automated evidence collection sounds great until you try it. Half the items need human judgment. Here is how a three-phase guided workflow collected 99 evidence items across 4 sessions in 4 days, with AI handling orchestration and a human handling the judgment calls.
GRC platforms solved the organization problem for compliance teams. But AI solves that same problem and does the actual compliance work too. The value proposition for platforms costing tens of thousands annually is eroding fast when the tedious work they helped you manage can now be done automatically.
Your compliance repository is where the real work happens. Google Drive is the read-only mirror where auditors browse evidence, policies, and navigation documents without touching your source of truth.
SOC 2 is not a certification. It is an attestation report issued by a licensed CPA firm expressing a professional opinion about your controls. Calling it a certification on your website or in sales materials is not just wrong, it can create real legal exposure for your company.
SOC 2 is not a certification. It is an attestation report issued by a licensed CPA firm expressing an opinion about your controls. Most vendor websites, sales decks, and even compliance platforms get this basic fact wrong, and the confusion costs companies real time and money.
SOC 2 controls do not map one-to-one with evidence items. A single control might need three pieces of evidence, and one evidence item might satisfy four controls. Managing these many-to-many relationships in spreadsheets is how compliance programs break down.
Evidence collection is the real bottleneck in SOC 2 Type 2 audits. Here is how we built an AI-assisted process that collected 99 evidence items across 4 sessions, using consistent naming conventions, typed evidence categories, and browser automation instead of expensive compliance platforms.
If you already have SOC 2 Type 2, you have done roughly 60-70% of the work needed for HIPAA compliance. The overlap in access controls, encryption, audit logging, and incident response is substantial. Here is where the frameworks share ground and what HIPAA adds that SOC 2 does not address.
Most companies pay five figures annually for penetration testing they could run themselves. Open-source scanners like Nuclei, testssl.sh, and nmap cover the OWASP Top 10, generate auditor-ready reports, and run monthly on a cron job for zero cost.
Word documents fail at compliance. We manage 31 SOC 2 policies as markdown files in a Git repository with YAML frontmatter, automated version bumps, and WeasyPrint PDF generation. The auditors get professional PDFs. We get a sane workflow.
A SOC 2 report follows a standard five-section structure defined by the AICPA. Knowing what belongs in each section helps you catch errors before sharing the report with customers and gives you the vocabulary to push back on your auditor when something looks wrong.
A functioning risk register has an ID, description, category, likelihood, impact, treatment plan, and mitigating controls for every single risk. Most companies track this in sprawling spreadsheets. We use structured YAML and AI to maintain 42 risks across three categories.
Feeding the right background data into prompts so AI isn't guessing.
Making sure AI can grab what it needs, even when data's scattered.
Small model for grunt work, big model for thinking. Match the tool to the job.
Splitting big problems into tiny prompts. One thing at a time.
Building things that actually run in production, not slide decks.
When one prompt won't cut it - chaining dozens together.
When AI should just click buttons and move the mouse for you.
Baking in checks so AI doesn't go off the rails.
Prompts and instructions that improve themselves automatically.
Most AI fails because the problem was badly defined. I've spent decades on this.
Sometimes a simple script beats a fancy prompt. Knowing when matters.
Running many prompts at once without them stepping on each other.
Tech changes are easy. Getting people on board is the hard part.
When should AI fire? On a schedule? On an event? On a hunch?
I work with everyone from college students to C-suite execs.
