Rachid Harrando has spent twenty-five years in cybersecurity, with the last decade focused on what most CISOs still consider an invisible risk: the security of the enterprise platforms their organisations now run on.

For nine of those years, he served as Principal Security Advisor at ServiceNow, working directly with Europe's largest financial institutions, energy operators, and public sector organisations on platform security posture, identity governance, AI agent risk, and regulatory readiness. He sat on both sides of the table — inside the vendor that customers depend on, and across from the CISOs who couldn't always trust what they were being told. That dual perspective shaped everything he writes.

He left ServiceNow to found Nowisor, an independent practice with a deliberately narrow focus: helping CISOs secure ServiceNow itself, rather than implement compliance programs around it. The distinction matters. Most ServiceNow security consulting helps customers use the platform's GRC modules to manage their broader compliance obligations. Nowisor helps them recognize that the platform itself is now in scope under NIS2, DORA, the Cyber Resilience Act, and the EU AI Act — and shows them what to do about it before a regulator asks first.

Rachid is the author of Securing ServiceNow: A CISO's Field Guide, a reviewer for Black Hat Arsenal, and an active voice in the European cybersecurity community on platform security and identity governance. He writes and speaks regularly on the gap between vendor security claims and customer obligations, the security implications of AI agents inside enterprise systems, and what regulator-ready evidence actually looks like for the platforms that hold an organisation's most sensitive operational data.

He is based in France. nowisor.com