© Mapbox, © OpenStreetMap
Tudor Damian

Tudor Damian

Cybersecurity, AI & Cloud Advisor @ D3 Cyber

Cluj-Napoca, Romania

Actions

With over 20 years in the IT industry, Tudor is a Certified Ethical Hacker and Microsoft MVP who loves everything about technology. In his day-to-day role, he advises organizations on Cybersecurity, AI & Cloud Governance, helps improve their security posture, and assists them in moving past "paper tiger" compliance strategies.

Being a regular presence at local and international events, Tudor combines deep industry experience with a genuine passion for sharing knowledge. After hundreds of talks and training sessions, his goal remains the same: to help IT professionals cut through the noise and build effective strategies dealing with AI-driven threats, Post-Quantum Cryptography challenges, Zero Trust adoption, and the high-stakes transition from traditional software (SDLC) to the probabilistic world of AI development (ADLC), all of this while facing an ever-growing EU regulatory compliance landscape.

Badges

Area of Expertise

  • Business & Management
  • Information & Communications Technology
  • Law & Regulation

Topics

  • Cybersecurity
  • Cloud Strategy
  • IT Governance
  • IT Risk Management
  • Security & Compliance
  • AI and Cybersecurity
  • Managed Security Services
  • Cybersecurity Regulations and Compliance
  • vCISO
  • GDPR
  • NIS2
  • CRA
  • ISO 27001
  • DORA
  • Managed Services
  • Cloud Migration
  • Vulnerability Management
  • Business Continuity & Disaster Recovery
  • Cloud & DevOps
  • Systems & Network Administration
  • Data Protection
  • Business Process Optimization

The EU Regulation Pile-Up: One Strategy for NIS2, DORA, AI Act, CRA and Friends

The regulatory grace period is over, and it's not one law you're dealing with anymore, it's four of them stacked on top of each other. NIS2, DORA, the AI Act, CRA - each with its own deadlines, its own auditors, and its own fines, all landing on your desk at the same time.

This session maps exactly where these frameworks intersect, where they conflict, and where one control can satisfy multiple regulators at once. We'll cover how to run a single governance program instead of several parallel compliance exercises, and how to mitigate legal liability without burning resources on duplicated work.

You'll leave with a practical map of the overlaps, a shortlist of controls that pull double duty, and a governance strategy that builds actual resilience instead of just satisfying auditors.

Cognitive Surrender: Why Your Brain is Giving Up to AI

We use AI daily to write, code, and decide. That feels like a productivity win, but behavioral science calls it something else: cognitive surrender. The more we offload thinking to an AI layer, the less we exercise our own judgment. Under time pressure, we stop verifying outputs. When AI gives a confident wrong answer, most users accept it blindly - and perform worse than if they had used no AI at all.

As AI errors grow more subtle (falsified data, plausible-looking but broken code, confident hallucinations), our shrinking willingness to double-check becomes the actual vulnerability. If the machine does all the thinking, you lose the muscle memory to catch its mistakes.

This session breaks down what daily AI use does to human memory, problem-solving, and judgment - and what to do about it. Not "use AI less," but how to stay sharp enough to stay in control.

Your Encryption Has an Expiry Date: Surviving Q-Day and AI-Speed Attacks

The "future" of AI and quantum computing has arrived, and it has changed the rules of defense. We are no longer just fighting human hackers - we are fighting autonomous AI agents that attack at machine speed, while "Q-Day" (the day quantum computers break current encryption) puts a hard deadline on the way we lock up our data.

The immediate problem is "Harvest Now, Decrypt Later": attackers are stealing your encrypted data today, planning to open it when Q-Day arrives. Since the migration to Post-Quantum Cryptography takes years, not months, the clock is already running.

This session covers how to sequence your PQC migration against the new standards, how to defend against AI-driven malware moving faster than your SOC can respond, and how to build a crypto-agile architecture that survives the next generation of attacks - not just the current one.

Seeing Isn't Believing: Deepfakes and the Zero Trust Identity Crisis

Deepfakes are now cheap, fast, and good enough to fool both busy humans and corporate security controls. Voice fraud, executive impersonation, fake "leaks," and AI-generated video approvals for fraudulent wire transfers are no longer theoretical. Real attacks have already bypassed standard Zero Trust defenses by exploiting the one thing the architecture was built on: identity verification.

This session covers how modern synthetic media is made, where it hits hardest, and the tells that still matter - then goes straight into what breaks at the architecture level. When an attacker can wear a manager's face on a live call, biometrics and voice authentication stop being controls. We'll walk through what replaces them: cryptographic identity, hardware-bound authentication (FIDO2), C2PA provenance-at-capture, and behavioral verification that current AI cannot trivially fake. At least, not yet.

We'll also cover what the EU AI Act and platform disclosure requirements actually change - and what they don't. You'll leave with a practical checklist for your teams and a clear picture of how Zero Trust needs to evolve to survive the synthetic identity era.

The Cloud Hangover: Costs, Sovereignty, and Shadow AI in 2026

Everybody rushed to the Cloud. The migration phase is over, and now most companies are living with the Day 2 reality: exploding costs, scattered data, unauthorized AI use, and strict new rules about where data is allowed to live.

This session shifts the focus from migrating to governing: we'll cover how to stop the cash bleed with FinOps, how to close security gaps with Policy-as-Code instead of manual reviews, how to get Shadow AI under control before it becomes your next breach headline, and how to navigate Sovereign Cloud requirements without rebuilding everything from scratch.

You'll leave knowing where your money is going, where your data is allowed to live, and who in your company is running AI you've never heard of.

Killing the Paper Tiger: Building a Security Journey That Actually Works

Most companies treat cybersecurity like a checklist: pass the annual audit, buy the expensive tools, follow the thick book of rules - and remain one click away from total collapse. That's the Paper Tiger trap: a strategy that looks fierce on a slide deck and offers zero protection against a real-world attack.

Compliance is not security. Static policies and once-a-year checkups create a dangerous illusion of safety, leaving a massive gap between what the rules say and how the business actually operates.

This session covers how to replace the checklist with a continuous security journey: honest risk assessments, resilient architecture, and active management that holds up when the rules and reality disagree. You'll leave with a roadmap for turning your strategy from a laminated document into a battle-tested system that protects your business every single day.

MSSP 2.0: Building a Cybersecurity Practice in the AI Era

Drawing on over 20 years in the field, this two-day workshop is an in-depth exploration of how to establish and scale a successful Managed Security Service Provider now that AI has changed the rules of engagement.

One dose of market reality up front: aggressively pitching advanced AI governance to mid-market clients who still lack basic security hygiene will alienate your core demographic. We build the business case around that constraint, not despite it.

From there, we cover internal operations in an AI-augmented SOC, how to strategically expand your catalog to monetize AI Governance - securing the AI Development Life Cycle (ADLC) and defending against novel vectors like prompt injection and Shadow AI - and how to sequence advanced offerings so they land with clients who are actually ready to buy them. You'll leave with a concrete blueprint for structuring, pricing, and growing a next-generation MSSP.

Trained by You, Replacing You: AI, Work, and the Security Vacuum

The industrial revolution mechanized muscle. AI is mechanizing thought - and white-collar professionals are actively training the systems built to replace them, while general-purpose robotics means the trades are no longer a safe harbor either.

Job displacement is the immediate problem, but not the biggest one. Automated warfare and democratized cyber-attacks are already here. Governance isn't: the EU AI Act exempts military applications, and nuclear-style non-proliferation doesn't work on open-source software running on commodity hardware.

We'll cover workforce disruption as it's actually happening, the security risks of decentralized AI, and the international treaties that would be needed to manage any of it. Spoiler: they don't exist yet.

Your AI is Probably Out of Control (And You Know It)

AI governance stopped being an engineering problem. Costs are unpredictable, employees are using tools you're only vaguely aware of, and vendors are quietly bolting AI onto software you already run. Paper policies won't stop a data leak or a hallucinating model.

Relying on industry standards and best practices (e.g. ISO 42001, EU AI Act, agent governance tools), this session gives you a straightforward plan to secure the way you use AI within your organization. First, we’ll look at how to find where AI is hiding in your business and how to check those tools for risks. Next, we’ll talk about how to keep track of how your own AI is being built so you have proof of what happened if something goes wrong. Finally, we discuss how to set up "guardrails" that can step in and block an AI the second it tries to break a rule, without slowing everything down to a crawl.

Defense-X

June 2026 Sibiu, Romania

The Developers

June 2026 Cluj-Napoca, Romania

Digital Identity - meetup

Women in Tech & Women4Cyber

June 2026 Cluj-Napoca, Romania

news.ro Leaders Lounge - Cybersecurity

May 2026 Bucharest, Romania

PoliHack v19

April 2026 Cluj-Napoca, Romania

PeakIT #008

April 2026 Braşov, Romania

Microsoft MVP Summit 2026

March 2026 Redmond, Washington, United States

NDC Security 2026 Sessionize Event

March 2026 Oslo, Norway

Winter ELSA Law School 2026

February 2026 Trento, Italy

Hek.si 2026

February 2026 Ljubljana, Slovenia

Defcon Cluj meetup

December 2025 Cluj-Napoca, Romania

DefCamp 2025 Sessionize Event

November 2025 Bucharest, Romania

IT Days 2025

November 2025 Cluj-Napoca, Romania

Timisoara Cyber Forum 2025

October 2025 Timişoara, Romania

Infosek 2025

September 2025 Nova Gorica, Slovenia

CyberSea Festival 2025

July 2025 Constanţa, Romania

Qubit Conference 2025

May 2025 Prague, Czechia

CIO Summit 2025

April 2025 Ljubljana, Slovenia

PeakIT #007

April 2025 Braşov, Romania

Microsoft MVP Summit 2025

March 2025 Redmond, Washington, United States

Hek.si 2025

February 2025 Ljubljana, Slovenia

NDC Security 2025 Sessionize Event

January 2025 Oslo, Norway

DefCamp 2024 Sessionize Event

November 2024 Bucharest, Romania

IT Days 2024

November 2024 Cluj-Napoca, Romania

SecureWorld in the era of Artificial Intelligence Sessionize Event

October 2024

Transylvania Insurance Days

October 2024 Cluj-Napoca, Romania

DEFCON Cluj Meetup

September 2024 Cluj-Napoca, Romania

DefCamp Cluj-Napoca Sessionize Event

May 2024 Cluj-Napoca, Romania

Microsoft MVP Summit 2024

March 2024 Redmond, Washington, United States

Hek.si 2024

February 2024

NDC Security 2024 Sessionize Event

January 2024 Oslo, Norway

DefCamp 2023

November 2023 Bucharest, Romania

IT Days 2023

November 2023 Cluj-Napoca, Romania

Experts Live Europe 2023

September 2023 Prague, Czechia

The Developers

June 2023 Cluj-Napoca, Romania

Microsoft MVP Summit 2023

April 2023 Redmond, Washington, United States

Limitl3ss - IT Summit of Transylvania

March 2023 Târgu Mureş, Romania

Defcamp 2022

November 2022 Bucharest, Romania

IT Days 2022

November 2022 Cluj-Napoca, Romania

Infosek 2022

September 2022 Nova Gorica, Slovenia

IT Days 2021

November 2021 Cluj-Napoca, Romania

DefCamp 2021

November 2021 Bucharest, Romania

PeakIT #004

October 2021 Braşov, Romania

Techorama 2021 Spring Edition Sessionize Event

May 2021 Antwerpen, Belgium

Hek.si 2021

February 2021 Ljubljana, Slovenia

EuropeClouds Summit Sessionize Event

October 2020

Collabdays Lisbon 2020 Sessionize Event

October 2020 Lisbon, Portugal

Cloud & Datacenter Conference Germany 2020 Sessionize Event

May 2020 Hanau am Main, Germany

Experts Live Europe 2019 Sessionize Event

November 2019 Prague, Czechia

DefCamp 2019

November 2019 Bucharest, Romania

KulenDayz 2019 Sessionize Event

September 2019 Osijek, Croatia

Microsoft Inspire 2019

July 2019 Las Vegas, Nevada, United States

ITCamp 2019 Sessionize Event

June 2019 Cluj-Napoca, Romania

Cloud & Datacenter Conference Germany 2019 Sessionize Event

May 2019 Hanau am Main, Germany

Hyper-V and Hybrid Cloud Community Day Sessionize Event

May 2019 Hanau am Main, Germany

Microsoft MVP Summit 2019

March 2019 Redmond, Washington, United States

Experts Live Europe 2018 Sessionize Event

October 2018 Prague, Czechia

Microsoft Inspire 2018

July 2018 Las Vegas, Nevada, United States

ITCamp 2018 Sessionize Event

June 2018 Cluj-Napoca, Romania

Microsoft Cloud & Datacenter Conference Germany 2018

March 2018 Hanau am Main, Germany

Microsoft MVP Summit 2018

March 2018 Redmond, Washington, United States

Defcamp 2017

November 2017 Bucharest, Romania

Experts Live 2017

August 2017 Berlin, Germany

Microsoft Inspire 2017

July 2017 Washington, District of Columbia, United States

ITCamp 2017

May 2017 Cluj-Napoca, Romania

Future Decoded 2016

October 2016 London, United Kingdom

Microsoft Ignite 2016

September 2016 Atlanta, Georgia, United States

ITCamp 2016

May 2016 Cluj-Napoca, Romania

Defcamp 2015

November 2015 Bucharest, Romania

Future Decoded 2015

November 2015 London, United Kingdom

ITCamp 2015

May 2015 Cluj-Napoca, Romania

Microsoft Ignite 2015

May 2015 Chicago, Illinois, United States

DefCamp 2014

November 2014 Bucharest, Romania

Microsoft TechEd Europe 2014

October 2014 Barcelona, Spain

ITCamp 2014

May 2014 Cluj-Napoca, Romania

Microsoft TechEd Europe 2013

June 2013 Madrid, Spain

ITCamp 2013

May 2013 Cluj-Napoca, Romania

ITCamp 2012

May 2012 Cluj-Napoca, Romania

ITCamp 2011

May 2011 Cluj-Napoca, Romania

Tudor Damian

Cybersecurity, AI & Cloud Advisor @ D3 Cyber

Cluj-Napoca, Romania

Actions

Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.

Jump to top