Notes on building.
Occasional writing on compliance, estimation, sourcing, and the craft of shipping focused products.
Sourcing suppliers without the chaos: a practical procurement workflow
Supplier sourcing usually lives in scattered emails and one-off spreadsheets. Here's a repeatable way to run it — from finding vendors to a decision you can actually defend.
How to price a job: a repeatable way to estimate and quote
Most estimates lose money in the same few places. Here's a repeatable workflow to go from takeoff to a client-ready quote — accurately, and without the spreadsheet sprawl.
How to build a reusable rate library for faster, consistent estimates
If every estimate starts from a blank spreadsheet, you're re-guessing your own costs each time. A rate library fixes that — here's how to build one.
How to write an RFQ that gets you comparable quotes
A vague request for quote produces answers you can't compare. Here's how to write an RFQ that gets you clean, apples-to-apples responses.
The EU Cyber Resilience Act, in plain terms — and how to get ready
The Cyber Resilience Act puts real security obligations on almost any product with digital elements sold in the EU. Here's what it actually requires — and a practical path to readiness.
What is an SBOM, and why every software team now needs one
A Software Bill of Materials is an ingredient list for your product. Here's what it is, why regulators and customers now expect one, and how to generate it without the busywork.
Why your quotes lose — and how to win more without slashing prices
Losing quotes usually isn't about price. Here are the real reasons clients pick someone else — and how to win more work without racing to the bottom.
Total cost of ownership: why the cheapest supplier rarely is
The lowest quote and the lowest cost are two different things. Here's how total cost of ownership changes which supplier you should actually pick.
The CRA timeline: key dates and how to prepare for each
The Cyber Resilience Act phases in over roughly three years. Here's the shape of the timeline and what to do in each window so the deadlines don't arrive as a surprise.
Estimate, quote, or proposal: what to send and when
Estimate, quote, and proposal aren't synonyms — and sending the wrong one can cost you the job or the margin. Here's when to use each.
Vendor qualification: the checks to run before you commit
Shortlisting on price gets you a cheap quote. Qualification gets you a supplier who can actually deliver. Here are the checks worth running first.
VEX explained: telling customers which vulnerabilities actually matter
An SBOM will surface hundreds of CVEs in your dependencies — and most won't be exploitable in your product. VEX is how you say so, clearly and at scale.
Job costing 101: did your estimate actually make money?
An estimate is a guess until you compare it to what the job really cost. Job costing closes that loop — and makes every future estimate sharper.
Single vs multi-sourcing: choosing a supplier strategy
One supplier or several? It's a trade-off between simplicity and resilience. Here's how to choose — and why dual-sourcing is often the sweet spot.
Building an audit-ready evidence trail for software compliance
Compliance isn't a document you write once — it's a signal you maintain. Here's what a defensible, audit-ready evidence trail actually contains.