Episode Summary
The ISM has been updated again, and this time AI is front and centre. In this episode of Secured, Cole Cornford is joined by returning guest Toby Amodio, Practice Lead at Fujitsu Cybersecurity Services, for another instalment of Policy Wonks and Gronks, cutting through the vendor noise to talk about what the March 2026 update actually means in practice.
They explore where AI is genuinely delivering value for cyber professionals, from automating compliance mapping and vendor assessments to streamlining pen test reporting and SOC triage. But they are equally candid about the risks: the erosion of foundational skills as junior roles get outsourced to AI, the creeping fatigue of reviewing outputs at scale, and the danger of skipping straight to full automation without the expertise to validate what the machine is doing.
The conversation also tackles bigger picture concerns unique to Australia, sovereign AI capability, the risk of a brain drain to the US, and whether a small country can afford to decentralise its AI infrastructure. Toby closes with a sharp reminder for government CISOs: AI is just another system, and how people use it matters far more than the certifications attached to it.
Presented By
Chapters:
00:00 Episode Trailer
01:01 Chainguard ad
01:28 Intro and the March 2026 ISM update
03:00 AI hype vs real world utility
05:00 Governance and compliance use cases
08:00 Vendor assessments and knowledge base automation
11:00 Skill erosion and the junior roles question
14:00 AI in pen testing: reporting, scoping and customer experience
17:30 The maturity model for AI adoption
21:00 Vibe coding, slop assurance and fatigue at scale
25:00 Agents watching agents and the bot vs bot future
28:30 Australian AI sovereignty and the brain drain risk
32:00 Top tip for government CISOs on AI risk
35:00 Shadow AI and DNS log visibility
37:00 Closing remarks
Related Posts
Let's work together
We help founders scale their voice
Discover how we can help you build a media engine for your startup
