Tudor Damian
Cybersecurity, AI & Cloud Advisor @ D3 Cyber
Cluj-Napoca, Romania
Actions
With over 20 years in the IT industry, Tudor is a Certified Ethical Hacker and Microsoft MVP who loves everything about technology. In his day-to-day role, he advises organizations on Cybersecurity, AI & Cloud Governance, helps improve their security posture, and assists them in moving past "paper tiger" compliance strategies.
Being a regular presence at local and international events, Tudor combines deep industry experience with a genuine passion for sharing knowledge. After hundreds of talks and training sessions, his goal remains the same: to help IT professionals cut through the noise and build effective strategies dealing with AI-driven threats, Post-Quantum Cryptography challenges, Zero Trust adoption, and the high-stakes transition from traditional software (SDLC) to the probabilistic world of AI development (ADLC), all of this while facing an ever-growing EU regulatory compliance landscape.
Badges
Area of Expertise
Topics
Automating Humanity: How AI is Rewiring Work and Global Security
The industrial revolution mechanized human muscle; today, AI is mechanizing human thought. White-collar professionals are actively training the systems poised to displace them, while rapid advancements in general-purpose robotics mean physical trades are no longer a guaranteed safe harbor.
Economic displacement is the immediate reality, but the trajectory of increasingly autonomous AI presents a wider spectrum of global risks. While the complete loss of human agency to an unaligned superintelligence remains a contested speculation, immediate threats like automated warfare and democratized cyber-attacks are established facts.
Current global governance is failing to keep pace. The EU AI Act explicitly exempts military applications, and traditional nuclear non-proliferation strategies fail when applied to open-source software and commercially available hardware. This session explores the reality of global workforce disruption, the immediate security vulnerabilities of decentralized AI, and the unprecedented international treaties that would required to manage this technological shift. Because those don't exist yet.
Your AI is Probably Out of Control (And You Know It)
AI governance isn’t just an engineering headache anymore; it’s a mess that affects the whole company. Usage and costs are hard to keep in check, employees are using AI tools you are only vaguely aware of, and vendors are sneaking AI into the software you use every day. Writing safety rules on paper is easy, but those rules won't stop a data leak or a model that makes things up. If you want to keep your company safe, you have to move past "policy" and start using tools that actually watch what the AI is doing.
This session gives you a straightforward plan to secure the way you use AI. First, we’ll look at how to find where AI is hiding in your business and how to check those tools for risks. Next, we’ll talk about how to keep track of how your own AI is being built so you have proof of what happened if something goes wrong. Finally, we discuss how to set up "guardrails" that can step in and block an AI the second it tries to break a rule, without slowing everything down to a crawl.
Beyond Paperwork: Navigating the EU's Interconnected Cyber Laws
Today, the regulatory "grace period" for a number of EU regulations and directives is officially over. The digital landscape is no longer governed by isolated rules, but by an interconnected web of enforcement: NIS2 and DORA secure the infrastructure, the EU AI Act governs the algorithms, DSA polices the digital environment and content, and CRA is coming online to lock down the security of the software supply chain.
This session moves past the theoretical text of the laws to address the operational reality of multi-framework enforcement. We will map exactly where these directives intersect, and more importantly, we address the risk of compliance theater: proving adherence on paper does not guarantee actual infrastructure security against evolving threats.
By the end of this talk, you will learn how to streamline your governance strategy and mitigate legal liability without wasting resources on conflicting compliance exercises, ensuring your organization builds functional resilience rather than simply checking boxes for auditors.
Cognitive Surrender: Why Your Brain is Giving Up to AI
We use AI daily to write, code, and decide. That might feel like a productivity win, yet behavioral science calls it something else: cognitive surrender. The more we offload thinking to an AI layer, the less we exercise our own judgment. Under time pressure, we stop verifying outputs. When AI gives a confident wrong answer, most users accept it blindly, and perform worse than if they had used no AI at all.
This matters now, more than ever. As AI errors grow more subtle (falsified data, plausible-looking but broken code, confident hallucinations), our shrinking willingness to double-check becomes the actual vulnerability. If the machine does all the thinking, you lose the muscle memory to catch its mistakes.
This session breaks down what daily AI use does to human memory, problem-solving, and judgment - and what to do about it. Not "use AI less," but how to stay sharp enough to stay in control.
Machines vs. Math: Securing the Future Against AI and Quantum
The "future" of AI and Quantum Computing has arrived, and it has changed the rules of defense. We are no longer just fighting human hackers, we are fighting autonomous AI agents that attack at machine speed, while the looming threat of "Q-Day" (the day quantum computers break current encryption) forces us to rethink how we lock up our data.
This session cuts through the hype to focus on survival in 2026. You will learn how to protect your data from the "Harvest Now, Decrypt Later" threat - where attackers steal encrypted data today to open it when Q-Day arrives - and how to start your migration to the new Post-Quantum Cryptography standards. We will also cover how to fight back against AI-driven malware and build a "Crypto-Agile" defense that is ready for the next generation of attacks.
Seeing Isn't Believing: Deepfakes and the Zero Trust Identity Crisis
Deepfakes are now cheap, fast, and good enough to fool both busy humans and corporate security controls. Voice fraud, executive impersonation, fake "leaks," and AI-generated video approvals for fraudulent wire transfers are no longer theoretical. Real attacks have already bypassed standard Zero Trust defenses by exploiting the one thing the architecture was built on: identity verification.
This session covers how modern synthetic media is made, where it hits hardest, and the tells that still matter, then goes straight into what breaks and what doesn't at the architecture level. When an attacker can wear a manager's face on a live call, biometrics and voice authentication stop being controls. We'll walk through what replaces them: cryptographic identity, hardware-bound authentication (FIDO2), C2PA provenance-at-capture, and behavioral verification that current AI cannot trivially fake. At least, not yet.
We'll also cover what the EU AI Act and platform disclosure requirements actually change - and what they don't. You'll leave with a practical checklist for your teams and a clear picture of how Zero Trust needs to evolve to survive the synthetic identity era.
The "Day 2" Cloud Reality: AI, FinOps, Sovereignty, and Security
For years, everybody rushed to the Cloud - but the "Digital Transformation" and "Cloud migration" phase is over. Now, most companies are dealing with the messy reality of 2026: exploding costs, scattered data, and strict new rules. This session helps you clean up the chaos.
This session shifts the focus from "migrating" to governing; discover how to stop the cash bleed using FinOps (financial operations) and how to fix your security holes using Policy-as-Code. You will also learn to handle "Shadow AI" (unauthorized AI use) and navigate Sovereign Cloud laws that dictate where your data must live.
Join this session to turn your messy Cloud into a disciplined, safe environment.
Killing the Paper Tiger: Building a Security Journey That Actually Works
Most companies treat cybersecurity like a giant checklist. They pass their annual audits, buy expensive tools, and follow a thick book of rules, yet they remain one click away from a total system collapse. This is the "Paper Tiger" trap: a security strategy that looks fierce on a slide deck but offers zero protection against a real-world attack. The problem is that being compliant is not the same thing as being secure. Relying on static policies and once-a-year checkups creates a dangerous illusion of safety, leaving a massive gap between what the rules say and how the business actually operates.
To survive in today’s threat landscape, organizations must stop fighting fires and start a continuous security journey. This session outlines how to move past the audit and build a defense that actually works in the real world. We will explore how to transition from theoretical rulebooks to a practical roadmap that focuses on honest risk assessments, resilient architecture, and active management. You will learn how to bridge the gap between "looking secure" and "being secure," turning your strategy from a useless piece of paper into a battle-tested system that protects your business every single day.
MSSP 2.0: Building a Cybersecurity Business in the AI Era
Drawing on over 20 years of experience in the field, this two-days workshop offers an in-depth exploration of how to establish and scale a successful Managed Security Service Provider (MSSP) business, in a world where AI is fundamentally altering the rules of engagement. Beyond internal operations, we detail how to strategically expand your catalog to monetize AI Governance, focusing on securing the AI Development Life Cycle (ADLC) and defending against novel vectors like prompt injection and Shadow AI use.
However, we ground this expansion in strict market reality: aggressively pitching advanced AI governance to mid-market clients who still lack basic security hygiene will alienate your core demographic. You will leave with a concrete blueprint on how to structure, price, and grow a next-generation MSSP.
NDC Security 2026 Sessionize Event
DefCamp 2025 Sessionize Event
NDC Security 2025 Sessionize Event
DefCamp 2024 Sessionize Event
SecureWorld in the era of Artificial Intelligence Sessionize Event
DefCamp Cluj-Napoca Sessionize Event
NDC Security 2024 Sessionize Event
Techorama 2021 Spring Edition Sessionize Event
Global Security and Compliance Community Conference Sessionize Event
EuropeClouds Summit Sessionize Event
Collabdays Lisbon 2020 Sessionize Event
Cloud & Datacenter Conference Germany 2020 Sessionize Event
Experts Live Europe 2019 Sessionize Event
KulenDayz 2019 Sessionize Event
ITCamp 2019 Sessionize Event
Cloud & Datacenter Conference Germany 2019 Sessionize Event
Hyper-V and Hybrid Cloud Community Day Sessionize Event
Experts Live Europe 2018 Sessionize Event
ITCamp 2018 Sessionize Event
Tudor Damian
Cybersecurity, AI & Cloud Advisor @ D3 Cyber
Cluj-Napoca, Romania
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top