RichardHam.co.uk Blog

Tag: featured

Featured articles

  • 3-Year Journey: From IT Director to AI Infrastructure Pioneer

    3 Years Later: From PowerShell to AI Factory
    Published: March 14, 2026

    Three years ago I typed a PowerShell question into ChatGPT with cautious scepticism. Today AI powers 90% of my workflows, governs itself via SentinelForge, ships products through HeliOS-Studio, and writes blog posts like this one. Here’s everything the journey taught me.

    The Stack in 2026

    richardham.co.uk ecosystem
├── richardham.co.uk        (Next.js V2 + headless WordPress)
├── sentinelforge           (CrewAI production agents)
├── control-tower           (GitHub workflow automation)
├── helios-studio           (AI startup studio)
├── llm-router              (90% cost reduction)
└── blog-agent              (this post, auto-generated)

    The 3-Year Arc

    Year Theme Key Milestone
    2023 Exploration ChatGPT Enterprise → Ollama homelab
    2024 Orchestration Control Tower → 90% cost cut
    2025 Governance SentinelForge → EU AI Act ready
    2026 Commercialisation HeliOS-Studio → products at scale

    What Actually Mattered

    1. Governance first — every time I skipped it, something broke. Every time I built it in, it paid dividends.
    2. Local inference — Proxmox + Ollama removed the ceiling on experimentation. Zero cost = unlimited iteration.
    3. 25 years still matter — AI amplifies expertise. It doesn’t replace the judgement that comes from experience.
    4. Ship early, gate carefully — Control Tower’s human-approval model let me move fast without breaking things.
    5. Document everything — GitHub is the memory. AI is the muscle. You are the judgement.

    The next three years? AI agents running autonomous security operations, HeliOS-Studio shipping SME products monthly, and richardham.co.uk as the hub for all of it.

    Ready to start your AI journey? Book a free Secure AI QuickScan—live now on this site.

  • EU AI Act Compliance: Governance Frameworks in Practice

    EU AI Act: My Clients Were Ready. Most Weren’t.
    Published: November 10, 2025 (retrospective)

    EU AI Act enforcement began in earnest in late 2025. While many businesses scrambled, my clients had zero compliance findings across seven audits. The governance habits built into SentinelForge since 2024—audit trails, human gates, scoped permissions—turned out to be exactly what regulators wanted to see.

    Framework Coverage

    Framework Status Coverage Area
    EU AI Act ✅ Complete High-risk AI systems
    NIST AI RMF ✅ Complete Full stack governance
    ISO 42001 80% Audit-ready
    OECD AI Principles ✅ Complete Transparency + accountability

    What Auditors Actually Look For

    1. Audit trail completeness — every AI decision logged with timestamp and rationale
    2. Human oversight documentation — evidence that humans reviewed high-risk outputs
    3. Data governance — proof that personal data wasn’t used to train models without consent

    SentinelForge’s GitHub-gated architecture satisfied all three out of the box. The logs were already there.

    The Lesson

    Compliance isn’t a bolt-on. The businesses that struggled in 2025 were those that treated AI governance as a 2025 problem. We started in 2023.

    Need EU AI Act readiness for your AI systems? Book a governance audit.

    Next: HeliOS-Studio—AI startup studio ignites (Feb 2026).

  • AI Arms Race: Predictive Cyber Defence

    AI Arms Race: Predictive Cyber Defence Is Here
    Published: August 20, 2025 (retrospective)

    The AI cybersecurity market is projected to hit $60B by 2028—and for good reason. In August 2025, SentinelForge v2’s predictive threat hunting caught a client ransomware pivot 72 hours before it would have detonated. No SOC. No SIEM subscription. Just CrewAI agents, local LLMs, and disciplined governance.

    SentinelForge v2 Production Stack

    proxmox-ve
└── sentinelforge (docker)
    ├── crewai crews     (24/7 autonomous monitoring)
    ├── ollama           (local inference)
    ├── grafana          (observability)
    └── uptimekuma       (SLA: 99.9%)

    The Catch: Anatomy of a Prevention

    • Day 1: Anomalous LDAP query pattern flagged by Audit Crew
    • Day 2: Lateral movement indicators correlated across 3 systems
    • Day 3 (72h): Human review triggered; client isolated affected segment
    • Result: Zero encryption, zero ransom, zero downtime

    What This Means for SMEs

    Enterprise-grade predictive defence is now accessible without enterprise budgets. The stack cost: £0/month in cloud tokens, running on repurposed hardware.

    1. AI agents don’t get tired—24/7 monitoring without alert fatigue.
    2. Local inference keeps sensitive threat data off third-party servers.
    3. Governance logs every detection decision—invaluable for insurance and compliance.

    Want predictive AI defence for your business? Book a Secure AI QuickScan.

    Next: EU AI Act compliance—governance frameworks in practice (Nov 2025).

  • Zero-Trust + AI: My Digital Transformation Pivot

    Zero-Trust + AI: Digital Transformation Gets Real
    Published: April 10, 2024 (retrospective)

    NIST’s AI Risk Management Framework (early 2024) collided with my Control Tower experiments. For years, I’d preached zero-trust to clients. Now I had to apply it to my own AI stack. Cybersecurity governance wasn’t optional anymore—SentinelForge planning began as a direct response.

    Governance Stack Emerges

    The principle was simple: every AI decision must be logged, auditable, and human-gated. The architecture:

    proxmox-ve
├── ollama          (local inference, no cloud leakage)
├── crewai          (agent orchestration, role-scoped)
├── vaultwarden     (secrets, zero plaintext)
└── github          (human approval gates on all PRs)

    This wasn’t theoretical. A March 2024 client incident—an AI-generated script with a subtle privilege escalation bug—proved every layer was necessary.

    Zero-Trust Applied to AI

    Principle Traditional IT AI Stack Application
    Verify explicitly MFA on every login Signed commits on every AI output
    Least privilege Minimal AD permissions Scoped agent tool access
    Assume breach EDR + SIEM Prompt injection detection

    Lessons

    1. Treat AI agents like privileged users—same controls, same audit trails.
    2. NIST AI RMF is practical, not theoretical; map it to your stack early.
    3. Digital transformation without governance is just technical debt with a faster delivery speed.

    Need a zero-trust AI framework for your business? Let’s talk.

    Next: Control Tower blueprints go live (Jul 2024).

Powered by
Necessary cookies enable essential site features like secure log-ins and consent preference adjustments. They do not store personal data.
None
Functional cookies support features like content sharing on social media, collecting feedback, and enabling third-party tools.
None
Analytical cookies track visitor interactions, providing insights on metrics like visitor count, bounce rate, and traffic sources.
None
Advertisement cookies deliver personalized ads based on your previous visits and analyze the effectiveness of ad campaigns.
None
Powered by