Artwork for podcast Secured by Galah Cyber with Cole Cornford

What the ISM AI Update Actually Means for Cyber Teams

Episode 62 • 2nd April 2026 • Secured by Galah Cyber with Cole Cornford • Galah Cyber

Episode Summary

The ISM has been updated again, and this time AI is front and centre. In this episode of Secured, Cole Cornford is joined by returning guest Toby Amodio, Practice Lead at Fujitsu Cybersecurity Services, for another instalment of Policy Wonks and Gronks, cutting through the vendor noise to talk about what the March 2026 update actually means in practice.

They explore where AI is genuinely delivering value for cyber professionals, from automating compliance mapping and vendor assessments to streamlining pen test reporting and SOC triage. But they are equally candid about the risks: the erosion of foundational skills as junior roles get outsourced to AI, the creeping fatigue of reviewing outputs at scale, and the danger of skipping straight to full automation without the expertise to validate what the machine is doing.

The conversation also tackles bigger picture concerns unique to Australia, sovereign AI capability, the risk of a brain drain to the US, and whether a small country can afford to decentralise its AI infrastructure. Toby closes with a sharp reminder for government CISOs: AI is just another system, and how people use it matters far more than the certifications attached to it.

Timestamps

00:00 Episode Trailer

01:01 Chainguard ad

01:28 Intro and the March 2026 ISM update

03:00 AI hype vs real world utility

05:00 Governance and compliance use cases

08:00 Vendor assessments and knowledge base automation

11:00 Skill erosion and the junior roles question

14:00 AI in pen testing: reporting, scoping and customer experience

17:30 The maturity model for AI adoption

21:00 Vibe coding, slop assurance and fatigue at scale

25:00 Agents watching agents and the bot vs bot future

28:30 Australian AI sovereignty and the brain drain risk

32:00 Top tip for government CISOs on AI risk

35:00 Shadow AI and DNS log visibility

37:00 Closing remarks

🐙 Secured is grateful to be sponsored and supported by Chainguard.

Chainguard is the trusted source for open source. Get hardened, secure, production-ready builds so your team can ship faster, stay compliant, and reduce risk. Download your free CVE Reduction Assessment at https://dayone.fm/chainguard

Secured is part of Day One.

Day One helps founders and startup operators make better business decisions more often.

To learn more, join our newsletter to be notified of new First Cheque episodes and upcoming shows.

This podcast uses the following third-party services for analysis:

Podtrac - https://analytics.podtrac.com/privacy-policy-gdrp
Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/

More Episodes

62. What the ISM AI Update Actually Means for Cyber Teams

00:33:44

61. (Replay Ep) Leading Change in Cybersecurity: Tara Whitehead’s Approach to Security Engagement

00:35:33

60. AI in AppSec: Hype, Layoffs and What's Actually Real

00:18:51

59. How AI Pen Testing Actually Works (and Where It Breaks)

00:42:04

58. AI, Hiring, and Trust: Why Shortcuts Break Interviews

00:34:21

57. PSPF Changes Explained for Security Leaders

00:33:13

56. The Architect’s Dilemma: Why Security Design Keeps Failing (and How to Fix It)

00:34:45

54. Fix the Flag: Rethinking Secure Code Training with Pedram Hayati

00:39:20

53. ISM 2025 Explained: What CISOs, Devs and Security Leads Need to Know - with Toby Amodio

00:28:48

52. Securing the Gaps: M Brennan on Integration, Context and Developer Experience

00:39:36

51. From Cryptography to AppSec: Scott Contini on Building Practical Security

00:42:16

50. Engineering Security: Bridging DevOps and AppSec with Jon-Anthoney de Boer

00:43:12

49. Scaling Cyber at Fujitsu: Laura O'Neill on Strategy, Risk and Growth

00:44:14

48. Balancing Compliance and Risk: Kat McCrabb on Cybersecurity for Mission-Driven Organisations

00:33:20

47. Breaking into Cyber: Kiera Farrell on Growth, Networking & Early-Career Lessons

00:35:23

46. The Story So Far: Inside Secured’s Growth and What’s Coming Next

00:24:01

45. Gaming Her Way to the Top: Madhuri Nandi on Security & Diversity

00:37:03

44. Empowering Developers, Elevating Security: Neha Malik on Building an AppSec Culture

00:36:26

43. The Secured Christmas Special | Your Questions Answered

01:34:11

42. Leading the Digital Front: Military Lessons in Cybersecurity with Elizabeth Stephens

00:42:18

41. Navigating the PSPF 2024 Updates: Expert Insights with Kat McCrabb and Toby Amodio

00:21:58

40. Securing the API Frontier: Insights from Anand Rai on Modern Cybersecurity Challenges

00:40:41

39. Secure Robotics: Exploring Safety, Trust, and Cybersecurity with Prof. Damith Herath and Adam Haskard

00:46:38

38. Open-Source Software: Balancing Innovation and Security with Ilkka Turunen, CTO of Sonatype

00:46:56

37. Building Cybersecurity Culture: Marketing, Awareness, and Diversity with Daisy Wong

00:47:21

36. From Physics to Cybersecurity: Antonio Deliseo’s Journey from Goldmines to Telstra

00:46:17

35. Security Done Right: Ben Gittins on the Case for Generalists and Long-Term Solutions

00:47:09

34. AI-Driven AppSec: Shan Kulkarni on Nullify, Hiring Challenges, and the Future of Cybersecurity in Australia

00:38:08

33. Cryptography & Startups: Insights from CipherStash's Dan Draper

00:50:51

31. Behind Elttam: Matt Jones Discusses Infosec Innovations and Australia's Cybersecurity Landscape

00:55:37

29. Bruce Large discusses the importance of threat modelling in operational technology security

00:49:07

28. Australia's Cybersecurity Evolution: A Veteran's Perspective with Paul McCarty

00:35:29

27. Are You Speaking the Same Cybersecurity Language as Your CEO with Jay Hira?

00:36:16

26. Leading Change in Cybersecurity: Tara Whitehead’s Approach to Security Engagement

00:36:16

25. Cracking Cybersecurity Myths: A Candid Chat with Daniel Grzelak

00:25:39

24. Breaking the Code: Jacqui Loustau on Diversifying Australia's Cybersecurity

00:29:18

23. From Australia Post to Cynch Security: Susie Jones's Journey to Safeguard Small Businesses

00:29:08

22. Powering Resilience: Nathan Morelli on Securing South Australia's Electricity Grid

00:46:36

21. Building a Cybersecurity Team with a Difference with Mat Franklin

00:42:10

20. Systems Thinking in Cybersecurity: A Conversation with Michael Collins

00:48:58

19. Exploring AI's Impact on App Security with Seth Law

00:49:21

18. Bridging the Divide: How Communication Can Unite Developers and AppSec with Jeanette Gill

01:00:53

17. The Evolution of Cyber Defence: Edward Farrell's Journey from IT Ops to InfoSec

00:46:24

16. Tables Turned: Cole Cornford on the Hot Seat with Abhijeth Dugginapeddi

00:54:41

15. Podcasting and Cybersecurity: Karissa Breen's Insights and Advice

00:51:23

14. Whisky to Firewalls: Jason Murrell's Unconventional Path to Cybersecurity

00:53:09

13. How Sam Fariborz Navigated the Aussie Cybersecurity Landscape

00:38:11

12. From Mary Poppins of Security to Startup Founder: Laura Bell-Main's Journey

00:41:31

11. An Agnostic Approach to AppSec: Ken Johnson on Navigating the Future with AI

00:48:25

10. ComfyCon, Risk-Based Cybersecurity, and Reconsidering Breach Penalties with Iain Dickson

01:05:20

9. Unleashing the Power of Sales: A Must-Have Skill for Cybersecurity Pros

00:48:31

8. From Code to Cybersecurity: A Deep Dive into Open Source, Encryption, and Leadership with Edwin Kwan

00:40:06

7. bonus BONUS: 2023 Review of the Cyber Bible - The Australian Cyber Security Centre's (ACSC) Information Security Manual (ISM)

00:42:25

6. Balancing Act: Merging Cybersecurity and Business Strategies with Sheena Peeters

00:50:20

5. Hacking the Game of Life: From Gaming Exploits to Cybersecurity Giant with Shubham Shah of Assetnote

00:54:15

4. Decoding Cybersecurity Hiring: Riki Blok on Industry Trends, Key Skills, and the Future of Remote Work

00:47:02

3. Trevor Hancock on Bridging the Gap between Protection and Progress

00:42:55

2. From Software Developer to Cybersecurity Expert: Nina Juliadotter on the Importance of Application Security and Continuous Learning

00:33:41

1. The Human Side of Cybersecurity: Toby's Journey and Insight on Collaboration, Communication and Auditing

00:46:02

trailer It's time to get Secured by Galah Cyber

00:01:48