The Six Core Skill Domains of AI Governance

Context For the mid-career professional, the field of AI governance can appear opaque, often obscured by technical jargon and rapid regulatory changes. However, when viewed through the lens of traditional risk management, the requirements become clear. This article deconstructs the vague concept of ā€˜governance’ into six tangible skill domains. Whether you are looking to pivot your career into AI oversight or are building a team to manage these risks, understanding this breadth of necessary skills is the first step toward competence. ...

December 6, 2025 Ā· 5 min

How to Use the NICE Framework to Plan Cybersecurity Careers and Teams

A Compass for Navigating Cyber Careers When someone says they work in cybersecurity, it could mean anything from cloud engineering to incident response, from red teams to risk governance. The field is vast and only getting more complex. Despite all the frameworks we use to secure systems, most organisations still lack a shared language for describing the people who do the work. That’s what the NICE Framework offers: a way to map roles, skills, and development pathways across the full cyber landscape. ...

June 1, 2025 Ā· 3 min

Can You Trust AI in a Regulated Business? Meet RAG.

How Retrieval-Augmented Generation helps organisations protect sensitive information while harnessing AI’s full potential. When you ask ChatGPT or another AI tool a question, it answers based on what it knows from its training data — typically a massive blend of public information from the internet and available literature up to a certain point in time. While this is powerful, it misses something vital: your own institutional knowledge. Your company’s proprietary policies, control frameworks, audit reports and lessons learned — they aren’t part of the public training set (and you don’t want them to be). But imagine if you could blend the vast ā€œhive mindā€ of general AI with the unique knowledge sitting inside your own documents - all the while keeping it private, local and secure. That’s exactly what RAG — Retrieval-Augmented Generation — allows you to do. ...

April 19, 2025 Ā· 4 min Ā· Graeme

Can AI really get to know you? (New Substack Post)

As AI systems increasingly claim to ā€œknowā€ their users, the risks around trust, manipulation, and decision-making are growing just as fast. In this post, I explore whether AI truly understands individuals—or whether we are mistaking prediction for insight. For anyone working in governance, risk, or cybersecurity, the distinction isn’t just academic; it’s a critical emerging threat. Link to Substack post Can AI really get to know you? How well could an AI ever really know you? This week, I’ve been experimenting with using AI as a kind of coach — a patient, curious thought partner — and exploring what it seems to understand about me ...

April 18, 2025 Ā· 1 min Ā· Graeme

UK Government Release their AI Playbook - Key Principles for Responsible AI Use Across the UK's Public Sector

What the playbook covers The UK Government published their Artificial Intelligence (AI) Playbook on 10 February 2025, setting out 10 Principles for using AI in government organisations. The playbook updates previous UK government publications, providing an expanded guide designed to help public sector organisations harness AI technologies safely, effectively, and responsibly. It is a must-read for risk managers, cyber-security professionals, and compliance experts working with or within the UK public sector. The playbook provides guidance and principles to navigate the unique challenges and opportunities presented by AI. ...

February 12, 2025 Ā· 2 min Ā· Graeme