The Virtual CISO
Episodes
ISO 27001: The Management System Behind the Controls
21 Mar 2026
Contributed by Lukas
ISO 27001 is often approached as a control framework.In reality, it is something far more foundational.In Episode 5 of Season 3 of The Virtual CISO (...
Understanding SOC 2 Type I and Type II: Design and Operational Maturity
13 Mar 2026
Contributed by Lukas
SOC 2 readiness is often measured by a single milestone which is "obtaining the report".Seasoned security leaders know the real story lies i...
SOC 2 Boundaries : Subservice Organizations and User Entity Controls
07 Mar 2026
Contributed by Lukas
One of the most misunderstood areas of SOC 2 lies in defining the system boundary.Modern organizations rarely operate in isolation. Infrastructure pro...
SOC 2 Fundamentals: Understanding the Trust Services Criteria
28 Feb 2026
Contributed by Lukas
SOC 2 is one of the most requested attestations in modern business. Yet many organizations pursue it without fully understanding its foundation.In Epi...
Why Compliance Frameworks Exist and How Seasoned Security Leaders Use Them
21 Feb 2026
Contributed by Lukas
Compliance frameworks were never meant to be paperwork.They exist because trust must be structured.Because risk must be governed.Because growth withou...
Season 3 Launch : Compliance, Controls & Confidence
16 Feb 2026
Contributed by Lukas
Season 3 of The Virtual CISO is hereThis season goes beyond checklists and certifications. We unpack the frameworks that define modern enterprise sec...
Beyond Compliance : How Do You Build Trustworthy AI as a Strategic Advantage
20 Dec 2025
Contributed by Lukas
AI compliance is table stakes.Trust is the differentiator.As regulators, customers, and boards scrutinize how AI systems are designed and deployed, se...
AI-Washing & Hidden Integrations : The New Compliance Blindspot
12 Dec 2025
Contributed by Lukas
In this episode of Securing AI. We breaks down one of the fastest-growing risks facing modern organizations: AI-washing, which is when companies ov...
AI in the Boardroom: Translating Risks for Non-Technical Leaders
05 Dec 2025
Contributed by Lukas
AI has officially become a board-level conversation, but the language of AI risk still isn’t one most executives speak.Security leaders are now expe...
Incident Response in an AI-Driven World
28 Nov 2025
Contributed by Lukas
AI is accelerating how threats emerge, evolve, and spread. Our traditional incident response models were never designed for systems that learn, automa...
Operational Resilience with AI: Friend or Foe?
22 Nov 2025
Contributed by Lukas
AI is transforming how organisations operate, but it’s also reshaping how they fail.In this episode, we examine a question every leadership team sho...
AI and Bias : When Compliance Meets Ethics
14 Nov 2025
Contributed by Lukas
AI bias isn’t a theoretical concern, it’s already shaping decisions in hiring, lending, healthcare, and everyday digital interactions. And while m...
The AI Supply Chain: Risks Beyond Your Organization
08 Nov 2025
Contributed by Lukas
Your AI system is only as secure as the ecosystem it depends on.From third-party APIs to pretrained models, most organizations are now relying on exte...
Governance in the Age of AI: Who Owns the Risk?
01 Nov 2025
Contributed by Lukas
CISOs, boards, and product teams are all racing to embrace AI, but when something goes wrong, who takes responsibility?In this episode of Securely Sp...
AI and Data Privacy: When Sensitive Data Trains the Algorithm
25 Oct 2025
Contributed by Lukas
AI systems are only as ethical and secure as the data that trains them. But what happens when that data includes sensitive or regulated information?In...
Securing AI Models: Protecting the Brain of the Machine
18 Oct 2025
Contributed by Lukas
In SaaS, data was the crown jewel. In AI, the model is the brain. If you can’t secure it, you can’t secure your product.In this episode of Securin...
SOC 2 for AI : Can Traditional Frameworks Keep Up?
10 Oct 2025
Contributed by Lukas
SOC 2 wasn’t written for AI. But customers still demand proof of trust. The question is: are we adapting our frameworks, or just checking boxes that...
Shadow AI: The Unseen Expansion of Your Attack Surface
04 Oct 2025
Contributed by Lukas
The tools your team loves most may also be the ones putting you at greatest risk. Shadow AI isn’t a future problem, it’s already here, expanding y...
Season 2 Is Here: Securing AI
26 Sep 2025
Contributed by Lukas
Artificial Intelligence is reshaping industries, but with innovation comes new risks. In this season of The Virtual CISO, we cut through the AI hype a...
Incident Response 101: How to Contain, Control, and Come Back Strong
09 Aug 2025
Contributed by Lukas
When a cyber incident strikes, every second counts.In this episode of Securely Speaking, we break down the critical steps for effective incident mana...
Protecting the Crown Jewels : Why Data Security Really Matters
01 Aug 2025
Contributed by Lukas
Your data is the target , attackers know it, do you?In this episode of Securely Speaking, we unpack the critical importance of data security and w...
Give Me 5 Minutes to End Your Bad Coding Habits: Why Secure Development Matters
25 Jul 2025
Contributed by Lukas
In this episode of Securely Speaking, we dive into one of the most overlooked areas of cybersecurity: secure development.Why does it matter? Because...
You Forgot to Revoke It: The Real Risk of Access Gone Wrong
19 Jul 2025
Contributed by Lukas
User Access Management isn’t just an IT task, it’s a frontline security control.In this episode of Securely Speaking, we explore why access creep...
Secure Authentication: What Most Startups Get Wrong (and How to Fix It)
11 Jul 2025
Contributed by Lukas
Authentication is your first line of defense, but most teams are still getting it wrong. In this episode of Securely Speaking, we dive deep into what ...
Logging & Monitoring: The Quiet Pillars of Real Security
04 Jul 2025
Contributed by Lukas
If you’re not logging it, you’re not securing it.In this episode of Securely Speaking, we unpack why logging and monitoring are some of the mos...
Vulnerability Management: Finding the Cracks Before They Break You
27 Jun 2025
Contributed by Lukas
In this episode of Securely Speaking, we dive into the reality behind vulnerability management, because finding issues is only half the battle. The r...
Is Your Change Management Just a Rubber Stamp?
20 Jun 2025
Contributed by Lukas
In this episode of Securely Speaking, we’re talking about change management—what it actually means for modern SaaS teams, and why security and c...
Third-Party Risk: The Silent Threat to Your Security Program
14 Jun 2025
Contributed by Lukas
Is your biggest security risk hiding in plain sight?In this episode of The Virtual CISO – Securely Speaking, we dive into the often-overlooked world...
Security Without Governance? Here is why it fails #Securely Speaking
07 Jun 2025
Contributed by Lukas
No Governance, No Security.Kicking off Securely Speaking: Season 1 of The Virtual CISO with a truth most teams ignore: real security starts with gover...
Officially Introducing The Virtual CISO - The Cybersecurity Advice You’ve Been Missing Starts Here
31 May 2025
Contributed by Lukas
Welcome to The Virtual CISO. Your new source for real, actionable cybersecurity guidance. Whether you're aiming for ISO 27001, SOC 2, or just need...
What is Third Party/Vendor Risk Management all about?
14 Nov 2022
Contributed by Lukas
Welcome to the Virtual CISO where we explain different compliance frameworks to enable your business processes. On today's episode we talked about Thi...
Data Privacy Series: Everything you need to know about GDPR and how it affects your organization.
31 Oct 2022
Contributed by Lukas
Welcome to the Virtual CISO where we explain different compliance framework to enable your business processes. On today's episode, we talked about the...
Does your organization require FSMA or FEDRAMP Compliance. Here is what you need to know about NIST 800-53 as it relates to these certifications.
24 Oct 2022
Contributed by Lukas
Welcome to the Virtual CISO where we explain different compliance frameworks to enable your business processes. On today's episode we talked about NIS...
Is your organization complying to the right level of PCI DSS? What is changing with the new PCI DSS version 4.0?
17 Oct 2022
Contributed by Lukas
Welcome to the Virtual CISO where we explain different compliance framework to enable your business processes. On today's episode we talked about the ...
How can NIST Cybersecurity framework improves your organization's business processes?
03 Oct 2022
Contributed by Lukas
Welcome to the Virtual CISO where we explain different compliance framework to enable your business processes. On today's episode we talked about how ...
All you need to know about Cybersecurity Maturity Model Certification (CMMC) Version 2.0
03 Oct 2022
Contributed by Lukas
Welcome to the Virtual CISO where we explain different compliance framework to enable your business processes. On today's episode we talked about the ...
Data Privacy Series: What is California Privacy Right Act (CPRA) and how does it differ from the California Consumer Privacy Act (CCPA)
26 Sep 2022
Contributed by Lukas
Welcome to the Virtual CISO where we explain different compliance framework to enable your business processes. On today's episode the California Priva...
Data Privacy Series: What is California Consumer Privacy Act (CCPA) and does it apply to your organization?
25 Sep 2022
Contributed by Lukas
Welcome to the Virtual CISO where we explain different compliance framework to enable your business processes. On today's episode, we talked abo...
Data Privacy Series: What is HIPAA?
18 Sep 2022
Contributed by Lukas
Welcome to the Virtual CISO where we explain different compliance framework to enable your business processes. On today's episode, we talked about HIP...
Data Privacy Series: What you need to know about ISO 27701
18 Sep 2022
Contributed by Lukas
The ISO 27701 standard is a Privacy Information Management System (PIMS) standard that lays out a detailed set of operational checklists that can be a...
Everything you need to know about ISO27001:2022
18 Sep 2022
Contributed by Lukas
Welcome to the Virtual CISO where we explain different compliance framework to enable your business processes. ISO 27001 “ISO/IEC 27001 sets o...
What are CIS Controls v8 (CIS 18)
28 Jul 2022
Contributed by Lukas
The Center for Internet Security (CIS) officially launched version 8 of the CIS Controls In May 2021. This release represents a comprehensive revision...
SOCIT2ME: Introduction to SOC 2
18 Jul 2022
Contributed by Lukas
Most startups find SOC 2 requirements daunting. Our aim on this podcast is to provide guidance on helping your company simplify your SOC 2 compliance ...