Tudor Damian
Cybersecurity, AI & Cloud Advisor @ D3 Cyber
Cluj-Napoca, Romania
Actions
With over 20 years in the IT industry, Tudor is a Certified Ethical Hacker and Microsoft MVP who loves everything about technology. In his day-to-day role, he advises organizations on Cybersecurity, AI & Cloud Governance, helps improve their security posture, and assists them in moving past "paper tiger" compliance strategies.
Being a regular presence at local and international events, Tudor combines deep industry experience with a genuine passion for sharing knowledge. After hundreds of talks and training sessions, his goal remains the same: to help IT professionals cut through the noise and build effective strategies dealing with AI-driven threats, Post-Quantum Cryptography challenges, Zero Trust adoption, and the high-stakes transition from traditional software (SDLC) to the probabilistic world of AI development (ADLC), all of this while facing an ever-growing EU regulatory compliance landscape.
Area of Expertise
Topics
The EU Regulation Pile-Up: One Strategy for NIS2, DORA, AI Act, CRA and Friends
The regulatory grace period is over, and it's not one law you're dealing with anymore, it's four of them stacked on top of each other. NIS2, DORA, the AI Act, CRA - each with its own deadlines, its own auditors, and its own fines, all landing on your desk at the same time.
This session maps exactly where these frameworks intersect, where they conflict, and where one control can satisfy multiple regulators at once. We'll cover how to run a single governance program instead of several parallel compliance exercises, and how to mitigate legal liability without burning resources on duplicated work.
You'll leave with a practical map of the overlaps, a shortlist of controls that pull double duty, and a governance strategy that builds actual resilience instead of just satisfying auditors.
Cognitive Surrender: Why Your Brain is Giving Up to AI
We use AI daily to write, code, and decide. That feels like a productivity win, but behavioral science calls it something else: cognitive surrender. The more we offload thinking to an AI layer, the less we exercise our own judgment. Under time pressure, we stop verifying outputs. When AI gives a confident wrong answer, most users accept it blindly - and perform worse than if they had used no AI at all.
As AI errors grow more subtle (falsified data, plausible-looking but broken code, confident hallucinations), our shrinking willingness to double-check becomes the actual vulnerability. If the machine does all the thinking, you lose the muscle memory to catch its mistakes.
This session breaks down what daily AI use does to human memory, problem-solving, and judgment - and what to do about it. Not "use AI less," but how to stay sharp enough to stay in control.
Your Encryption Has an Expiry Date: Surviving Q-Day and AI-Speed Attacks
The "future" of AI and quantum computing has arrived, and it has changed the rules of defense. We are no longer just fighting human hackers - we are fighting autonomous AI agents that attack at machine speed, while "Q-Day" (the day quantum computers break current encryption) puts a hard deadline on the way we lock up our data.
The immediate problem is "Harvest Now, Decrypt Later": attackers are stealing your encrypted data today, planning to open it when Q-Day arrives. Since the migration to Post-Quantum Cryptography takes years, not months, the clock is already running.
This session covers how to sequence your PQC migration against the new standards, how to defend against AI-driven malware moving faster than your SOC can respond, and how to build a crypto-agile architecture that survives the next generation of attacks - not just the current one.
Seeing Isn't Believing: Deepfakes and the Zero Trust Identity Crisis
Deepfakes are now cheap, fast, and good enough to fool both busy humans and corporate security controls. Voice fraud, executive impersonation, fake "leaks," and AI-generated video approvals for fraudulent wire transfers are no longer theoretical. Real attacks have already bypassed standard Zero Trust defenses by exploiting the one thing the architecture was built on: identity verification.
This session covers how modern synthetic media is made, where it hits hardest, and the tells that still matter - then goes straight into what breaks at the architecture level. When an attacker can wear a manager's face on a live call, biometrics and voice authentication stop being controls. We'll walk through what replaces them: cryptographic identity, hardware-bound authentication (FIDO2), C2PA provenance-at-capture, and behavioral verification that current AI cannot trivially fake. At least, not yet.
We'll also cover what the EU AI Act and platform disclosure requirements actually change - and what they don't. You'll leave with a practical checklist for your teams and a clear picture of how Zero Trust needs to evolve to survive the synthetic identity era.
The Cloud Hangover: Costs, Sovereignty, and Shadow AI in 2026
Everybody rushed to the Cloud. The migration phase is over, and now most companies are living with the Day 2 reality: exploding costs, scattered data, unauthorized AI use, and strict new rules about where data is allowed to live.
This session shifts the focus from migrating to governing: we'll cover how to stop the cash bleed with FinOps, how to close security gaps with Policy-as-Code instead of manual reviews, how to get Shadow AI under control before it becomes your next breach headline, and how to navigate Sovereign Cloud requirements without rebuilding everything from scratch.
You'll leave knowing where your money is going, where your data is allowed to live, and who in your company is running AI you've never heard of.
Killing the Paper Tiger: Building a Security Journey That Actually Works
Most companies treat cybersecurity like a checklist: pass the annual audit, buy the expensive tools, follow the thick book of rules - and remain one click away from total collapse. That's the Paper Tiger trap: a strategy that looks fierce on a slide deck and offers zero protection against a real-world attack.
Compliance is not security. Static policies and once-a-year checkups create a dangerous illusion of safety, leaving a massive gap between what the rules say and how the business actually operates.
This session covers how to replace the checklist with a continuous security journey: honest risk assessments, resilient architecture, and active management that holds up when the rules and reality disagree. You'll leave with a roadmap for turning your strategy from a laminated document into a battle-tested system that protects your business every single day.
MSSP 2.0: Building a Cybersecurity Practice in the AI Era
Drawing on over 20 years in the field, this two-day workshop is an in-depth exploration of how to establish and scale a successful Managed Security Service Provider now that AI has changed the rules of engagement.
One dose of market reality up front: aggressively pitching advanced AI governance to mid-market clients who still lack basic security hygiene will alienate your core demographic. We build the business case around that constraint, not despite it.
From there, we cover internal operations in an AI-augmented SOC, how to strategically expand your catalog to monetize AI Governance - securing the AI Development Life Cycle (ADLC) and defending against novel vectors like prompt injection and Shadow AI - and how to sequence advanced offerings so they land with clients who are actually ready to buy them. You'll leave with a concrete blueprint for structuring, pricing, and growing a next-generation MSSP.
Trained by You, Replacing You: AI, Work, and the Security Vacuum
The industrial revolution mechanized muscle. AI is mechanizing thought - and white-collar professionals are actively training the systems built to replace them, while general-purpose robotics means the trades are no longer a safe harbor either.
Job displacement is the immediate problem, but not the biggest one. Automated warfare and democratized cyber-attacks are already here. Governance isn't: the EU AI Act exempts military applications, and nuclear-style non-proliferation doesn't work on open-source software running on commodity hardware.
We'll cover workforce disruption as it's actually happening, the security risks of decentralized AI, and the international treaties that would be needed to manage any of it. Spoiler: they don't exist yet.
Your AI is Probably Out of Control (And You Know It)
AI governance stopped being an engineering problem. Costs are unpredictable, employees are using tools you're only vaguely aware of, and vendors are quietly bolting AI onto software you already run. Paper policies won't stop a data leak or a hallucinating model.
Relying on industry standards and best practices (e.g. ISO 42001, EU AI Act, agent governance tools), this session gives you a straightforward plan to secure the way you use AI within your organization. First, we’ll look at how to find where AI is hiding in your business and how to check those tools for risks. Next, we’ll talk about how to keep track of how your own AI is being built so you have proof of what happened if something goes wrong. Finally, we discuss how to set up "guardrails" that can step in and block an AI the second it tries to break a rule, without slowing everything down to a crawl.
Digital Identity - meetup
Women in Tech & Women4Cyber
NDC Security 2026 Sessionize Event
DefCamp 2025 Sessionize Event
NDC Security 2025 Sessionize Event
DefCamp 2024 Sessionize Event
SecureWorld in the era of Artificial Intelligence Sessionize Event
DefCamp Cluj-Napoca Sessionize Event
NDC Security 2024 Sessionize Event
Techorama 2021 Spring Edition Sessionize Event
Global Security and Compliance Community Conference Sessionize Event
EuropeClouds Summit Sessionize Event
Collabdays Lisbon 2020 Sessionize Event
Cloud & Datacenter Conference Germany 2020 Sessionize Event
Experts Live Europe 2019 Sessionize Event
KulenDayz 2019 Sessionize Event
ITCamp 2019 Sessionize Event
Cloud & Datacenter Conference Germany 2019 Sessionize Event
Hyper-V and Hybrid Cloud Community Day Sessionize Event
Experts Live Europe 2018 Sessionize Event
ITCamp 2018 Sessionize Event
Tudor Damian
Cybersecurity, AI & Cloud Advisor @ D3 Cyber
Cluj-Napoca, Romania
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top