Reimagining Cyber - real world perspectives on cybersecurity

One year after the Digital Operational Resilience Act (DORA) came into force, what has actually changed?
In this follow-up episode of Reimagining Cyber, Rob Aragao welcomes back Dominic Brown of Graveslight Consulting to assess the reality of DORA in practice. Last time, the regulation was looming. Now, firms across the EU — and global financial institutions operating within it — have been living with it.
The conversation explores:
Why DORA was designed as a systemic risk regulation — not just a compliance exercise
Where firms struggled during year one, from immature ICT governance to gaps between policy and practice
How regulators have responded — and why patience may be running out
The impact of Level 2 Technical Standards, including threat-led penetration testing under the TIBER-EU methodology
What ICT third-party risk management really means for cloud providers and subcontracting chains
Why resilience is becoming both a supervisory priority and a competitive differentiator
Why DORA may set a precedent for future resilience regulation worldwide
The impact on organisations with a global footprint
With enforcement expectations rising and supervisory scrutiny intensifying, year two marks the shift from preparation to proof. Boards, CISOs, and technology providers alike will need to demonstrate that operational resilience works in practice — not just on paper.
If year one was about Europe adapting to DORA, year two is about the world responding to it.
As featured on Million Podcasts'
Best 100 Cybersecurity Podcasts
Top 50 Chief Information Security Officer CISO Podcasts
Top 70 Security Hacking Podcasts
This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best!
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Agentic AI is moving fast — and it’s changing how risk shows up inside modern organizations.
Autonomous AI agents are no longer just answering questions. They’re wired into cloud consoles, internal tools, ticketing systems, and finance platforms, acting on our behalf with real permissions and real consequences. And in the rush to automate, many teams are quietly centralizing access in ways security models were never designed to handle.
In this episode, Ben sits down with Tyler Moffitt to break down what’s actually happening with agentic AI, why security teams are raising red flags, and how incentives around speed, automation, and scale are reshaping risk. They explore over-permissioned agents, token hygiene failures, broken separation of duties, and why AI agents are becoming the new security choke point.
The conversation also looks at how attackers are already using agentic AI to operate at machine speed — and what defenders can do now to design systems that assume compromise rather than perfection.
If you’re building, deploying, or securing AI agents, this is a conversation you can’t afford to miss.
As featured on Million Podcasts'
Best 100 Cybersecurity Podcasts
Top 50 Chief Information Security Officer CISO Podcasts
Top 70 Security Hacking Podcasts
This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best!
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

AI has officially moved from experimentation to execution—and regulation is racing to catch up.
In this episode of Reimagining Cyber, Tyler Moffitt is joined by Matt Aldridge to unpack what the rapidly evolving AI regulatory landscape means for security teams, businesses, and managed service providers heading into 2026.
From the EU AI Act and GDPR to California’s CPRA and emerging rules around automated decision-making, they explore how governments are trying to balance innovation with safety, privacy, and accountability. The conversation dives into the real-world security implications of agentic AI, autonomous decision-making, biased training data, and the growing risks of AI systems operating with minimal oversight.
Whether you’re an enterprise security leader, an SMB, or an MSP supporting multiple customers, this episode breaks down why AI regulation is no longer a future concern—and what practical steps organizations should be taking now to reduce risk, protect data, and responsibly govern AI adoption.
As featured on Million Podcasts'
Best 100 Cybersecurity Podcasts
Top 50 Chief Information Security Officer CISO Podcasts
Top 70 Security Hacking Podcasts
This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best!
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

Microsoft Defender is often treated as “good enough” security—built in, always on, and quietly doing its job. But what happens when malware convinces Windows to turn it off without triggering alarms?
In this episode, cybersecurity expert Tyler Mofitt breaks down a real-world Windows malware campaign that disables Defender before anything else happens. No zero-days. No flashy exploits. Just a quiet abuse of built-in trust that causes Windows to step aside its own protection.
He walks through how shortcut files, PowerShell, and legitimate cloud services are used to blend into normal activity, why Defender doesn’t fail so much as follow the rules, and what defenders should be watching for when “installed” doesn’t always mean “active.”
A conversation about assumptions, visibility, and why the most dangerous attacks don’t look dangerous at all.
Link mentioned in the episode -  threat intel hub with all the latest trends and stories going on with threat intelligence.
https://community.opentextcybersecurity.com/
As featured on Million Podcasts'
Best 100 Cybersecurity Podcasts
Top 50 Chief Information Security Officer CISO Podcasts
Top 70 Security Hacking Podcasts
This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best!
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]

In this episode, Rob Aragao sits down with Theresa Lanowitz for a deep dive into the evolving meaning of cyber resilience and why it has become a true business imperative. Moving beyond traditional cybersecurity, the conversation explores how organizations must unite leadership, technology, and operations to withstand and recover from today’s most disruptive cyber events.
Theresa shares insights on the defining attacks of 2025, including the rise of AI-driven social engineering, software supply chain compromises, and credential-based intrusions from new-generation threat groups. The discussion also looks ahead to 2026, examining emerging risks around data misuse, non-human identities, insider threats, and the long-term impact of breached data.
Together, Rob and Theresa unpack why cyber resilience must be owned at the board and C-suite level, how software supply chain complexity has become a critical weakness, and what organizations can do to better govern, protect, and use their most sensitive data. This episode offers a strategic perspective for leaders looking to align cyber resilience with business outcomes in an increasingly connected and unpredictable digital world.
As featured on Million Podcasts'
Best 100 Cybersecurity Podcasts
Top 50 Chief Information Security Officer CISO Podcasts
Top 70 Security Hacking Podcasts
This list is the most comprehensive ranking of Cyber Security Podcasts online and we are honoured to feature amongst the best!
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]