In this episode of Secure by Design, host Daniel sits down with Sandamali to explore the rapidly evolving intersection of AI, cybersecurity, and governance. From AI's role in risk amplification to the evolving responsibilities of the CISO, they dive into the challenges and opportunities of governing AI in today's digital landscape.

Sandamali shares insights into how Governance, Risk, and Compliance (GRC) is adapting to handle AI, along with real-world use cases and pitfalls that companies should watch out for. Plus, learn how organizations can build an AI-ready, security-first culture and prepare for the future of AI governance. Don’t miss this engaging conversation on navigating AI’s sharp edges while securing the digital future.

In this episode of Secure by Design, we dive deep into the shadowy world of vulnerability discovery and exploitation. From zero-days to n-days, bug bounty programs to advanced persistent threats, we unpack how security researchers, red teamers, and adversaries find flaws in software—and how those flaws are weaponized.

You’ll learn:

Whether you're a security professional, developer, or tech enthusiast, this episode offers a front-row seat to the high-stakes hunt for vulnerabilities that shape our digital security landscape.

Software supply chain attacks are on the rise — from dependency hijacking to CI/CD compromise. In this session, we dive into how the SLSA (Supply-chain Levels for Software Artifacts) framework helps you secure the integrity of your builds, detect tampering, and implement end-to-end trust in your development pipeline.What you'll learn:The anatomy of modern software supply chain attacksAn overview of the SLSA framework and its levels (1–4)How to integrate SLSA into your CI/CD workflowsReal-world breaches and how they could’ve been preventedPractical steps for developers, DevOps, and security teamsWhether you're an engineer, CISO, or DevSecOps practitioner, this session will give you a clear roadmap for hardening your software delivery process.📌 Subscribe for more content on secure development, DevSecOps, and emerging threats in the software ecosystem.