Скачать или смотреть Rethinking Software Security Compliance in the Age of AI with Nick Selby

Why do so many organizations treat software security compliance as a checklist, and what does it cost them? In this episode of Nerding Out with Viktor, host Viktor Petersson sits down with Nick Selby, a security leader and advocate for practical security culture, to unpack how compliance frameworks are shaping and sometimes stifling real security outcomes.

Together, they explore what happens when teams adopt AI tools faster than they can secure them, why "SOC 2-compliant" doesn’t always mean "secure," and how leaders can build security maturity without drowning in frameworks.

In this conversation:
*The hidden risks of treating compliance as a substitute for security
*How AI adoption exposes cultural gaps in risk management
*Why most security failures are organizational, not technical
*The role of the Cyber Resilience Act (CRA) and SBOMs in modern software supply chains
*Lessons from real-world breaches and vendor accountability
*How to align compliance, transparency, and genuine resilience

Software security compliance should be a byproduct of good security, not the other way around. The teams that win treat compliance as a tool, not a target.

Timestamps:
00:00 - Introduction and why compliance doesn’t equal security
04:20 - Nick Selby’s background and security leadership journey
08:10 - The cultural challenges of AI adoption in secure environments
13:30 - Why "SOC 2" can give a false sense of confidence
18:40 - The value and limits of frameworks like ISO 27001 and SOC 2
24:50 - The Cyber Resilience Act and the future of vendor accountability
31:20 - Building security maturity beyond compliance checklists
38:10 - Final reflections on leading with transparency and trust

Helpful Links:
Safety Co-Option and Compromised National Security: The Self-Fulfilling Prophecy of Weakened AI Risk Thresholds - https://arxiv.org/abs/2504.15088
EU Cyber Resilience Act - https://digital-strategy.ec.europa.eu...