Most mid-career professionals are asking similar questions as AI changes how work is done:
- What remains valuable?
- What still compounds?
- What gets automated away?
Lines of Defence is a personal writing space that explores those questions through the lens of careers, judgement, and learning over time.
This page is not a curriculum or a recommended sequence. It simply shows how different ideas on the site relate to one another, so you can follow what interests you.
Ways in
People arrive here from different starting points. The writing tends to cluster around a few recurring themes.
If you work with technology or cybersecurity
These pieces explore how technical work connects to judgement, accountability, and decision-making as systems become more automated.
-
AI Governance and the Three Lines of Defence
How AI oversight maps to first, second and third line responsibilities.
→ read here -
Cyber Resilience Frameworks
How organisations use frameworks to structure defence, recovery, and board reporting.
→ read here -
Technology Governance explained
What governance really means in day-to-day technology leadership.
→ read here
These pages help you move from technical execution to organisational control, which is where long-term relevance now sits.
If you work in risk, audit, compliance, or controls
These pieces explore how complex technical issues are framed, challenged, and communicated, especially when systems are opaque.
-
What is AI Governance? The skills you need
A skills-first explanation of how AI is governed in practice.
→ read here -
Cyber resilience as a board discipline
How boards and regulators think about cyber recovery and resilience.
→ read here -
HKMA C-RAF 2.0 (Hong Kong)
An example framework, being the Cyber Resilience Assessment Framework relevant to banks in Hong Kong.
→ read here
These pages help you translate technical risk into governance language, which is a critical relevance skill as AI systems become less transparent.
If you are moving into management or leadership
These pieces explore how responsibility changes when you move from specialist work to accountability for outcomes.
-
AI Governance career path
How people actually move into AI governance roles.
→ read here -
From specialist to accountable owner
How decision-making changes when you become the person on the hook.
→ read here -
Briefing boards on technology and cyber risk
How to communicate without drowning people in detail.
→ read here
This path is for people stepping from expert to leader, where relevance depends more on communication and judgement, than on technical depth alone.
If you support boards or senior executives
These pieces explore oversight, judgement, and accountability when technology shapes outcomes but humans remain responsible.
-
What boards actually need from technology governance
→ /note/board-technology-governance/ -
Reasonable steps in cyber and technology risk
What “reasonable” looks like in practice after an incident.
→ /note/reasonable-steps-cyber/ -
Three Lines of Defence in real organisations
How it works beyond theory.
→ /note/three-lines-of-defence-practice/
These pages focus on the oversight skills that remain human-critical even as execution becomes automated.
How to use this site
- Pages are written as stand-alone notes.
- There is no correct order.
- Ideas often repeat from different angles.
- New material is added irregularly, based on what is being learned in practice.
If something resonates, follow the links.
If it does not, ignore it.
How to go deeper
If you find value here, the best way to continue is simply to:
- Follow the internal links on each page, and
- Revisit occasionally as new material is added