AI is everywhere. It’s in the tools we use at work, the products we secure, and the policies we’re being asked to write. As someone working in cybersecurity, I’ve watched AI move from a background technology to a boardroom conversation – and I want to make sure I’m equipped to be part of that conversation.

That’s why I’ve decided to study for the Certified AI Governance Professional (AIGP) from IAPP.

What Is the AIGP?

The AIGP is a certification from the International Association of Privacy Professionals (IAPP) focused on the governance of artificial intelligence. It covers the responsible development, deployment, and oversight of AI systems – things like risk management, ethical considerations, regulatory frameworks, and organisational accountability.

It’s not a technical AI certification. You don’t need to know how to build a neural network. Instead, it’s aimed at professionals who need to understand how AI should be governed within organisations – the policies, the risks, the compliance requirements, and the human impact.

For someone with a background in information security and governance, it feels like a natural next step.

Why AI Governance?

A few things pushed me in this direction.

AI is becoming a security issue. From adversarial attacks on machine learning models to the data protection implications of large language models, AI introduces risks that traditional security frameworks weren’t designed to handle. Understanding those risks at a governance level feels increasingly important.

Regulation is coming – fast. The EU AI Act is already here, and other jurisdictions are following. Organisations are going to need people who understand what these regulations mean in practice and how to build compliance into their AI programmes. That intersection of policy, risk, and technology is exactly where I want to be.

It complements what I already know. The CISSP gave me a broad foundation in security management. The AIGP builds on that by adding a layer of AI-specific governance knowledge. I see them as complementary rather than competing qualifications.

My Study Plan

I’m still in the early stages, but here’s my approach so far:

• The IAPP AIGP Body of Knowledge is my starting point. It outlines the domains covered in the exam and gives a clear picture of what I need to learn.
• Reading broadly around AI ethics and regulation. There’s no shortage of material out there – the challenge is filtering signal from noise. I’m focusing on primary sources like the EU AI Act text, the NIST AI Risk Management Framework, and OECD AI Principles.
• Connecting it to real-world examples. Every time I read about an AI incident in the news – a biased hiring algorithm, a chatbot producing harmful content, a data breach involving training data – I’m trying to map it back to the governance frameworks I’m studying.

I’ll share more about specific resources and study strategies as I get further in.

Why This Matters for Security Professionals

If you’re in cybersecurity and you’re not paying attention to AI governance, I’d gently suggest it’s time to start. AI systems process sensitive data, make decisions that affect people’s lives, and introduce novel attack surfaces. The security implications are significant, and organisations need people who can bridge the gap between technical AI teams and governance functions.

You don’t need to become an AI engineer. But understanding how AI systems work at a high level, what risks they introduce, and how to govern them responsibly – that’s becoming a core competency for security professionals.

What’s Next

I’ll be documenting my study journey as I go, much like I did with the CISSP. Expect posts on specific AIGP domains, useful resources, and lessons learned along the way.

If you’re considering the AIGP or have already taken it, I’d love to hear about your experience. Find me on LinkedIn – I’m always up for a conversation.