cb chevauxenboisHarsh Kahate

About

Practical security, governance, privacy, and language work.

I am Harsh Kahate. I work in Information Security, GRC engineering, AI security and governance, and data privacy. This is my owned home for writing, open-source tools, security experiments, DPDPA work, and language notes.

What I do

I turn messy security, privacy, and governance problems into systems people can actually use.

I build and write about practical security products, DPDPA readiness, privacy engineering, AI governance, GRC workflows, open-source tooling, and the operational details that make controls real.

My work sits between product, engineering, risk, audit, and legal: translating requirements into evidence, controls, workflows, and decisions that survive real review.

Outside the professional lane, I teach French at Alliance Française and study languages as a long-term discipline.

Security and GRC

Evidence over theatre.

I care about controls that can be inspected: source files, owners, tickets, logs, vendor records, risk decisions, and artifacts that engineers and auditors can both understand.

Privacy and AI

Governance needs engineering.

DPDPA, privacy operations, consent, AI risk, and data governance become useful only when they connect to product surfaces, code paths, cloud systems, and release workflows.

Open source

Build in public, with proof.

Projects like Svikruti are my way of exploring India-first privacy tooling, practical automation, and transparent systems that others can inspect, fork, and improve.

Writing

Field notes, not fluff.

The blog collects security explainers, GRC engineering notes, AI security writing, cloud security posts, and migration of my older Medium work into a home I control.

Languages

French as craft.

Teaching and studying French gives me a second discipline: structure, memory, nuance, repetition, and the patience to keep improving without shortcuts.

Why Chevauxenbois

An owned place.

Platforms are useful for distribution, but this site is the permanent base: projects, blog posts, language notes, experiments, and a public record of what I am building.