Attention, governance community. Your certification does not meet business needs.
When a veteran cybersecurity leader and co-chair of the FAIR Institute’s Atlanta chapter publicly says she failed an exam—and that you probably should too—it’s bound to raise eyebrows.
In her recent blog post “Why I Failed the AIGP Exam and You Should Too” and a companion whitepaper, Donna Gallaher, CISSP, C|CISO, CIPP/E, CIPM — a respected voice in risk quantification and governance — delivers a wake-up call to the AI governance community. Her argument? That the profession’s leading certification rewards “utopian” answers disconnected from real-world business risk.
And the consequences, she warns, aren’t theoretical — they’re already showing up in boardrooms and AI programs worldwide. “I regularly sit in C-suite meetings where self-proclaimed ‘AI experts’ make critical deployment decisions with alarming lack of risk expertise.”
“Yet our primary AI governance certification still teaches qualitative risk frameworks that lack the precision” that business leaders and regulators now demand.
Analyzing risk from an AI vendor with SAFE
The Solution: Quantative Cyber Risk Management
“The Factor Analysis of Information Risk (FAIR) methodology provides exactly what AI governance needs: objective, quantifiable risk assessment that enables informed decision-making rather than paralysis-inducing subjectivity,” Donna wrote.
Donna concluded with a plea to fellow risk management professionals to urge the IAPP ”to practice what they preach: “Update their curriculum to reflect modern risk assessment methodologies and implement the transparency and accountability principles they teach.”
Read Donna’s white paper now on certification for AI risk — and her recommendations for upgrading cyber risk management in general with CRQ.
At SAFE, we’re all in with Donna’s statement of the problem and the way forward in risk management and risk governance for AI and the rest of the cyber domain.
We offer a solution for AI risk that is:
- The industry’s only autonomous cyber risk quantification solution powered by Agentic AI
- Transparent, defensible, and purpose-built on open standards such as FAIR
- Automated risk aggregation with 100+ integrations out of the box
- Named a leader in third-party risk management and CRQ by Liminal and Forrester.
Learn more about FAIR-based cyber risk quantification with SAFE
SUBSCRIBE TO WEEKLY BLOG NEWSLETTER
SHARE THE PAGE
