Tudor Damian
Cybersecurity, AI & Cloud Advisor @ D3 Cyber
Cluj-Napoca, Romania
Actions
With over 20 years in the IT industry, Tudor is a Certified Ethical Hacker and Microsoft MVP who loves everything about technology. In his day-to-day role, he advises organizations on Cybersecurity, AI & Cloud Governance, helps improve their security posture, and assists them in moving past "paper tiger" compliance strategies.
Being a regular presence at local and international events, Tudor combines deep industry experience with a genuine passion for sharing knowledge. After hundreds of talks and training sessions, his goal remains the same: to help IT professionals cut through the noise and build effective strategies dealing with AI-driven threats, Post-Quantum Cryptography challenges, Zero Trust adoption, and the high-stakes transition from traditional software (SDLC) to the probabilistic world of AI development (ADLC), all of this while facing an ever-growing EU regulatory compliance landscape.
Badges
Area of Expertise
Topics
Automating Humanity: How AI is Rewiring Work and Global Security
The industrial revolution mechanized human muscle; today, AI is mechanizing human thought. White-collar professionals are actively training the systems poised to displace them, while rapid advancements in general-purpose robotics mean physical trades are no longer a guaranteed safe harbor.
Economic displacement is the immediate reality, but the trajectory of increasingly autonomous AI presents a wider spectrum of global risks. While the complete loss of human agency to an unaligned superintelligence remains a contested speculation, immediate threats like automated warfare and democratized cyber-attacks are established facts.
Current global governance is failing to keep pace. The EU AI Act explicitly exempts military applications, and traditional nuclear non-proliferation strategies fail when applied to open-source software and commercially available hardware. This session explores the reality of global workforce disruption, the immediate security vulnerabilities of decentralized AI, and the unprecedented international treaties that would required to manage this technological shift. Because those don't exist yet.
Your AI is Probably Out of Control (And You Know It)
AI governance isn’t just an engineering headache anymore; it’s a mess that affects the whole company. Usage and costs are hard to keep in check, employees are using AI tools you are only vaguely aware of, and vendors are sneaking AI into the software you use every day. Writing safety rules on paper is easy, but those rules won't stop a data leak or a model that makes things up. If you want to keep your company safe, you have to move past "policy" and start using tools that actually watch what the AI is doing.
This session gives you a straightforward plan to secure the way you use AI. First, we’ll look at how to find where AI is hiding in your business and how to check those tools for risks. Next, we’ll talk about how to keep track of how your own AI is being built so you have proof of what happened if something goes wrong. Finally, we discuss how to set up "guardrails" that can step in and block an AI the second it tries to break a rule, without slowing everything down to a crawl.
Beyond Paperwork: Navigating the EU's Interconnected Cyber Laws
Today, the regulatory "grace period" for a number of EU regulations and directives is officially over. The digital landscape is no longer governed by isolated rules, but by an interconnected web of enforcement: NIS2 and DORA secure the infrastructure, the EU AI Act governs the algorithms, DSA polices the digital environment and content, and CRA is coming online to lock down the security of the software supply chain.
This session moves past the theoretical text of the laws to address the operational reality of multi-framework enforcement. We will map exactly where these directives intersect, and more importantly, we address the risk of compliance theater: proving adherence on paper does not guarantee actual infrastructure security against evolving threats.
By the end of this talk, you will learn how to streamline your governance strategy and mitigate legal liability without wasting resources on conflicting compliance exercises, ensuring your organization builds functional resilience rather than simply checking boxes for auditors.
Cognitive Surrender: Why Your Brain is Giving Up to AI
We use AI tools every day to write emails, fix code, and answer questions. While this feels like a massive productivity boost, behavioral science points to a growing risk: "cognitive surrender." As we increasingly offload our thinking to an artificial layer, we start to bypass our own intuition and critical analysis. When forced to work quickly, we stop verifying outputs. When an AI provides a highly confident but incorrect answer, an overwhelming majority of users will accept it blindly, leading to performance drops that are actually worse than if they had used no AI at all. Paradoxically, user confidence in these flawed answers remains dangerously high.
This rapid cognitive offloading poses a direct threat to enterprise security and daily decision-making. As AI errors evolve into complex hallucinations (such as falsified data or subtly flawed code) our diminishing willingness to double-check becomes our biggest vulnerability. If you let the machine do all the thinking, you lose the muscle memory required to spot its mistakes. This session explores what daily AI use really does to human memory, problem-solving skills, and judgment. We will break down practical strategies to maintain your cognitive endurance, ensuring you control the technology rather than passively surrendering your expertise to a flawed system.
Machines vs. Math: Securing the Future Against AI and Quantum
The "future" of AI and Quantum Computing has arrived, and it has changed the rules of defense. We are no longer just fighting human hackers, we are fighting autonomous AI agents that attack at machine speed, while the looming threat of "Q-Day" (the day quantum computers break current encryption) forces us to rethink how we lock up our data.
This session cuts through the hype to focus on survival in 2026. You will learn how to protect your data from the "Harvest Now, Decrypt Later" threat - where attackers steal encrypted data today to open it when Q-Day arrives - and how to start your migration to the new Post-Quantum Cryptography standards. We will also cover how to fight back against AI-driven malware and build a "Crypto-Agile" defense that is ready for the next generation of attacks.
The Identity Crisis: How Deepfakes Are Breaking Zero Trust
Zero Trust security relies on a simple mantra: never trust, always verify. But what happens when the verification itself is a lie? We have built our corporate defenses around biometrics, voice authentication, and live video approvals. Today, AI-generated deepfakes can clone a CEO’s voice in seconds or perfectly synthesize a live video feed, collapsing the entire foundation of Zero Trust. When an attacker can digitally wear a manager's face on a live call, traditional identity verification becomes completely useless.
This session explores how Zero Trust must evolve to survive the deepfake era. We will break down real-world attacks where synthetic media successfully bypassed standard corporate defenses to authorize fraudulent transactions. More importantly, we will detail how to harden the "verify explicitly" pillar of your Zero Trust architecture. You will learn how to transition away from easily spoofed visual and audio checks, looking at things like cryptographic identity, hardware-bound authentication (like FIDO2), and continuous behavioral verification systems that cannot be faked by AI. At least, not yet.
The "Day 2" Cloud Reality: AI, FinOps, Sovereignty, and Security
For years, everybody rushed to the Cloud - but the "Digital Transformation" and "Cloud migration" phase is over. Now, most companies are dealing with the messy reality of 2026: exploding costs, scattered data, and strict new rules. This session helps you clean up the chaos.
This session shifts the focus from "migrating" to governing; discover how to stop the cash bleed using FinOps (financial operations) and how to fix your security holes using Policy-as-Code. You will also learn to handle "Shadow AI" (unauthorized AI use) and navigate Sovereign Cloud laws that dictate where your data must live.
Join this session to turn your messy Cloud into a disciplined, safe environment.
Killing the Paper Tiger: Building a Security Journey That Actually Works
Most companies treat cybersecurity like a giant checklist. They pass their annual audits, buy expensive tools, and follow a thick book of rules, yet they remain one click away from a total system collapse. This is the "Paper Tiger" trap: a security strategy that looks fierce on a slide deck but offers zero protection against a real-world attack. The problem is that being compliant is not the same thing as being secure. Relying on static policies and once-a-year checkups creates a dangerous illusion of safety, leaving a massive gap between what the rules say and how the business actually operates.
To survive in today’s threat landscape, organizations must stop fighting fires and start a continuous security journey. This session outlines how to move past the audit and build a defense that actually works in the real world. We will explore how to transition from theoretical rulebooks to a practical roadmap that focuses on honest risk assessments, resilient architecture, and active management. You will learn how to bridge the gap between "looking secure" and "being secure," turning your strategy from a useless piece of paper into a battle-tested system that protects your business every single day.
MSSP 2.0: Building a Cybersecurity Business in the AI Era
Drawing on over 20 years of experience in the field, this two-days workshop offers an in-depth exploration of how to establish and scale a successful Managed Security Service Provider (MSSP) business, in a world where AI is fundamentally altering the rules of engagement. Beyond internal operations, we detail how to strategically expand your catalog to monetize AI Governance, focusing on securing the AI Development Life Cycle (ADLC) and defending against novel vectors like prompt injection and Shadow AI use.
However, we ground this expansion in strict market reality: aggressively pitching advanced AI governance to mid-market clients who still lack basic security hygiene will alienate your core demographic. You will leave with a concrete blueprint on how to structure, price, and grow a next-generation MSSP.
IT Arena Warsaw Upcoming
NDC Security 2026 Sessionize Event
DefCamp 2025 Sessionize Event
NDC Security 2025 Sessionize Event
DefCamp 2024 Sessionize Event
SecureWorld in the era of Artificial Intelligence Sessionize Event
DefCamp Cluj-Napoca Sessionize Event
NDC Security 2024 Sessionize Event
Techorama 2021 Spring Edition Sessionize Event
Global Security and Compliance Community Conference Sessionize Event
EuropeClouds Summit Sessionize Event
Collabdays Lisbon 2020 Sessionize Event
Cloud & Datacenter Conference Germany 2020 Sessionize Event
Experts Live Europe 2019 Sessionize Event
KulenDayz 2019 Sessionize Event
ITCamp 2019 Sessionize Event
Cloud & Datacenter Conference Germany 2019 Sessionize Event
Hyper-V and Hybrid Cloud Community Day Sessionize Event
Experts Live Europe 2018 Sessionize Event
ITCamp 2018 Sessionize Event
Tudor Damian
Cybersecurity, AI & Cloud Advisor @ D3 Cyber
Cluj-Napoca, Romania
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top