Perspectives on Security & Leadership

Why IAM programmes fail long before the technology does — and what experienced leaders do differently.

An unflinching look at one of the most significant cybersecurity failures — the patterns, the warnings ignored, and the lessons that organisations still refuse to learn.

The principles behind Zero Trust are not new — they are as old as every mother who ever said "I don't care who told you it was okay." A different lens on a serious framework.

The nature of conflict has changed permanently. Understanding what that means for enterprises, governments, and individuals who are already on the front line without knowing it.

Mandatory training clicks boxes. It rarely changes behaviour. A candid assessment of why most cybersecurity awareness programmes fall short and what genuine risk reduction actually requires.

As AI agents proliferate inside enterprise environments, the governance gap in identity management widens. A framework for accountability before it becomes a crisis.

Security awareness is not a campaign. It is not a quarterly module. It is either embedded into the operating culture of the business — or it is decorative.

The governing principle of identity security has not changed. What has changed is the complexity of the environments in which it must be enforced — and the consequences of getting it wrong.

When AI-driven GRC decisions go wrong, accountability does not distribute itself evenly. A sharp look at who carries the risk when the algorithm fails.

Governance, risk, and compliance programmes need AI to be a trusted actor — not just a fast one. What it takes to design trustworthy AI into operational GRC workflows.

The commoditisation of cybercrime is not a warning — it is an operational reality. A candid breakdown of the CaaS ecosystem and what it means for defenders at every level.

AI-enabled adversaries are already outpacing most security and compliance programmes. What needs to change in how organisations approach selling, buying, and prioritising cybersecurity in 2026.

Leadership during a period of AI-driven uncertainty demands more than technical fluency. It demands the ability to govern risk in environments that are fundamentally unpredictable.

The gap between what organisations say about AI and what threat actors are actually doing with it is closing fast. The question is not whether AI will be weaponised — it already has been.

Every perimeter eventually fails. Zero Trust does not ask whether to trust — it removes the question entirely. Why it is not a product but a discipline, and why the distinction matters.

Zero Trust was built for human and machine identities we understood. AI introduces a new category of actor. What the bridge between ZT principles and AI trust architecture needs to look like.

Machine learning inside the SOC is not a future state — it is an operational requirement. What genuine ML integration in cyber operations looks like versus what vendors demonstrate in demos.

GRC platforms succeed when they align to business rhythm, not the other way around. How the Archer platform, properly configured, bridges operational reality and governance intent.