Faris got into security in 2010, and by the end of that year he was Head of Information Security at Bank of Jordan. Then he left to do a master's in cyber security in Estonia.

Most of his hands-on career happened in Ireland — eight years of it. Penetration testing at EY for two of the world's top 10 banks, then leading the red team at Integrity360, then security architect at Vhi.

In 2022 he came back to the region as a fractional CISO, running security and compliance for a portfolio of MEA fintechs. He kept seeing the same thing, and it only got heavier: more frameworks, more overlapping controls, audit prep that became a multi-week scramble — and most of that weight landing on the CISO. The platforms everyone defaulted to were built for other markets, and none of them made the job any lighter.

So he built Vamu.

On this blog he writes about GRC automation, the regional frameworks, what auditors actually look for, and what it takes for a fintech to pass its first review.