This episode explores the transformative impact of the NIS2 Directive, which mandates robust cybersecurity risk management and strict "24-72-30" incident reporting timelines for essential and important entities across the EU. We break down the critical distinctions in supervisory regimes and the expanded scope that now includes sectors ranging from energy and health to digital infrastructure and food production. Finally, we discuss the elevated stakes for corporate leadership, detailing how new governance rules hold management bodies personally liable for compliance failures.
www.compliancehub.wiki/germany-completes-nis2-implementation-a-watershed-moment-for-european-cybersecurity
 
Sponsors:
www.cisomarketplace.com
www.compliancehub.wiki
 

As the tech world races through an "AI gold rush," the gap between rapid innovation and safety standards has created massive risks for organizations deploying Generative AI. This episode breaks down the new OWASP AI Maturity Assessment (AIMA), a comprehensive blueprint that acts as a "building code" to ensure AI systems are secure, reliable, and aligned with human values. We also explore critical threats from the OWASP Top 10 for LLMs, such as prompt injection and model poisoning, and discuss how to transition from reactive patching to proactive, architectural security.
https://www.hackernoob.tips/owasp-ai-testing-guide-v1-the-industrys-first-open-standard-for-ai-trustworthiness-testing
 
Sponsors:
www.cisomarketplace.com
https://airiskassess.com
https://vibehack.dev

This episode explores the challenges financial institutions face in translating the complex legal requirements of the EU’s Digital Operational Resilience Act (DORA) into practical, daily operations. We dive into the "DORA in Control" framework developed by NOREA, which consolidates the regulation into 95 actionable controls across eight domains to simplify compliance and gap assessments. Finally, we discuss how adopting an engineering perspective allows organizations to move beyond a "tick-the-box" mentality and solve the actual root causes of ICT risks.
www.compliancehub.wiki/strategic-implementation-plan-for-the-digital-operational-resilience-act-dora
 
Sponsors:
www.compliancehub.wiki
www.cisomarketplace.com

This episode explores how the widespread deployment of agentic AI is fundamentally redefining enterprise security by creating fully autonomous, adaptive, and scalable threats that act with growing authority to execute multi-step operations and interact with real systems. We analyze how this shift has industrialized cybercrime, allowing automated operations to orchestrate ransomware and launch hyper-personalized social engineering campaigns that blend malicious actions with normal business workflows. The discussion focuses on the urgent need for organizations to move from reactive defense to anticipatory resilience, securing the AI supply chain, implementing AI workflow guardrails, and treating autonomous agents as accountable identities to survive this rapidly escalating threat landscape.
https://cisomarketplace.com/blog/ai-agent-identity-market-landscape-fastest-growing-cybersecurity-sector
 
Sponsor:
https://vibehack.dev
www.breached.company
www.cisomarketplace.com 
 

The cybersecurity market is saturated with "AI washing," forcing CISOs to rigorously vet vendors promising "autonomous" capabilities that often lack genuine intelligence. This episode provides a battle-tested framework for demanding proof over promises, revealing critical technical red flags like claims of zero hallucinations or a lack of essential data residency guarantees. Learn how to avoid creating new liability and instead achieve measurable ROI, such as an average 80% reduction in false positive alert volume, by focusing on analyst augmentation over replacement.
https://cisomarketplace.com/blog/cisos-guide-ai-security-vendor-evaluation
 
Sponsors: 
www.cisomarketplace.com
www.cisomarketplace.services
 

This episode explores the alarming trend of catastrophic, back-to-back outages in late 2025, including the AWS DNS failure, Microsoft’s Azure Front Door configuration cascade, and the Cloudflare collapse, all caused by configuration errors in highly concentrated edge services. We analyze how a single error in one cloud region can create a dependency avalanche that paralyzes thousands of third-party services across finance, healthcare, education, and transportation globally. Finally, we discuss why cloud providers must be classified and regulated as critical infrastructure and detail the urgent steps security leaders must take to implement multi-cloud resilience and manage systemic risk.
https://breached.company/when-markets-overheat-the-suspiciously-timed-cme-cooling-failure-that-halted-silvers-historic-breakout
https://www.securitycareers.help/the-cisos-nightmare-trifecta-when-data-centers-vendor-risk-management-and-insider-threats-collide
https://www.securitycareers.help/the-ai-data-center-gold-rush-when-1-trillion-in-investments-meets-community-resistance/?ref=breached.compan
https://breached.company/when-the-cloud-falls-third-party-dependencies-and-the-new-definition-of-critical-infrastructure
https://breached.company/microsofts-azure-front-door-outage-how-a-configuration-error-cascaded-into-global-service-disruption
https://breached.company/when-cloudflare-sneezes-half-the-internet-catches-a-cold-the-november-2025-outage-and-the-critical-need-for-third-party-risk-management
Sponsors:www.breached.company
www.compliancehub.wiki
www.cisomarketplace.com
 

Australia is implementing the world's first nationwide age restriction—commonly called a "ban"—on social media access for users under 16, with full enforcement beginning on December 10, 2025. This controversial law is facing a constitutional challenge in the High Court, led by teenagers who argue the restriction violates the implied freedom of political communication and forces platforms to deploy invasive, inaccurate age verification technologies that threaten the privacy of all Australians. We explore the government's rationale regarding mental health protection against warnings from critics that the rushed ban isolates vulnerable youth, drives them toward less regulated corners of the internet, and serves as a blueprint for global surveillance infrastructure.
https://www.myprivacy.blog/breaking-high-court-challenge-threatens-australias-world-first-social-media-ban
https://www.compliancehub.wiki/eu-chat-control-passes-committee-on-november-26-2025-voluntary-surveillance-mandatory-age-verification-and-the-political-deception-that-got-it-through
https://www.compliancehub.wiki/european-parliament-votes-for-age-limits-on-social-media-the-push-for-real-age-verification-through-digital-wallets
 
Sponsorswww.compliancehub.wiki
www.myprivacy.blog 

The cybersecurity landscape continues to evolve, demonstrating worrying trends as rapidly advancing Generative AI capabilities enable sophisticated attacker tactics, making phishing attempts much more targeted and customized. This episode explores how pervasive digital dark patterns leverage consumer cognitive biases, tricking users into sharing personal information and navigating manipulative interfaces, like pre-selected consent checkboxes, for corporate gain. Ultimately, this manipulation sustains the "consumer privacy paradox," where individuals who intellectually value security readily compromise their data for immediate convenience or functionality.
 
Sponsors:
www.cisomarketplace.com
www.scamwatchhq.com
 
Merch - 25% off Black Friday
securitybydesignshop.etsy.com