Most companies think they've got security covered. They've bought the tools, checked some boxes, maybe even signed up for cyber insurance. Daniel Zborovski, a fractional CISO with 25 years in the trenches, would politely disagree.

In this episode, we get into what security actually looks like when you pull back the curtain. Not the product stack. The governance, the risk, the stuff that keeps a real CISO up at night.

We talk third-party breaches — which are, quietly, the biggest threat most organizations aren't prepared for. If your vendor gets hit and they're holding your data, that's still your problem. Legally, financially, reputationally. All yours.

We dig into SOC 2, why more companies are being forced into it whether they want to be or not, and what it actually takes to get there (spoiler: it's more than a checklist). We also get into cyber insurance - specifically, the reality that having a policy doesn't mean your claim gets paid.

Then there's AI. Daniel's been rewriting AI governance policies for clients for the past couple of years, and the pace of change is, let's say, brisk. From locking down which platforms employees can use, to the surprisingly thorny question of who controls the data when an AI note-taker shows up to your board meeting uninvited.

Good conversation with someone who's seen a lot of breaches and has the scar tissue to prove it.

--

You can reach Daniel at dzborovski@hudsontechnology.ca or on LinkedIn

Check out our The Jason's Industry Insight newsletter at https://jasonsindustryinsights.com/