Hacking Back, Legal Limits, and the Future of Cybersecurity Regulation

Cybercrime Has Gone Cartel

Cybercrime isn’t just evolving, it’s industrializing. In this explosive season finale, Trust vs. is joined by one of cybersecurity’s most respected voices: Tom Kellermann, HITRUST’s new VP of Cyber Risk. Drawing on decades of experience advising the Secret Service, the World Bank, and the White House, Tom unpacks how today’s cyber cartels have outgrown narco-trafficking empires, how AI is transforming attacker tactics, and what the “axis of evil” looks like in cyberspace. From ransomware with backdoors to island-hopping attacks and the myth of hackers simply walking away, Tom explains why security needs to be dynamic, threat-informed, and elevated to the C-suite now. Meet Ryan: https://www.linkedin.com/in/ryan-patrick-3699117a/ [https://www.linkedin.com/in/ryan-patrick-3699117a/] Meet Jeremy: https://www.linkedin.com/in/jeremyhuval [https://www.linkedin.com/in/jeremyhuval] Meet Tom: https://www.linkedin.com/in/tomkellermann/ [https://www.linkedin.com/in/tomkellermann/]

Hacking Back, Legal Limits, and the Future of Cybersecurity Regulation

In this episode of Trust vs., cybersecurity law expert Cristin Flynn Goodwin joins the show to break down some of the most nuanced (and misunderstood) topics in cyber: active defense, regulation, and the legal implications of emerging tech like agentic AI. With over 17 years at Microsoft leading incident response and threat intel, Cristin shares what it really takes to disrupt nation-state actors, why “hacking back” is more emotional than practical, and how regulations like the EU Cyber Resilience Act are reshaping third-party risk. She also looks ahead to what may be the most complex challenge yet: governing AI agents in an identity-driven world.  Meet Ryan: https://www.linkedin.com/in/ryan-patrick-3699117a/ [https://www.linkedin.com/in/ryan-patrick-3699117a/] Meet Jeremy: https://www.linkedin.com/in/jeremyhuval [https://www.linkedin.com/in/jeremyhuval] Meet Cristin: linkedin.com/in/cristin-flynn-goodwin-24359b4 [http://linkedin.com/in/cristin-flynn-goodwin-24359b4] Cristin’s Podcast "Advancing Cyber": https://advancingcyber.com/ [https://advancingcyber.com/]

When Your AI Has a Login and a Mind of Its Own

Autonomous AI agents are no longer science fiction, they’re already reshaping how we work, build, and protect digital systems. In this episode, Jeremy Huval and Ryan Patrick are joined again by Richard Diver, Security and Identity Strategist at Microsoft, to break down what "agentic AI" really means and why it matters now. Richard unpacks the core building blocks of agent behavior (like entitlements, autonomy, and memory) and shares where the biggest risks lie as organizations rush to adopt agent-based systems. From identity sprawl to memory poisoning and the need for lifecycle management, this episode gives insights for security and GRC leaders who want to get ahead of the next wave of AI-driven innovation. Meet Ryan: https://www.linkedin.com/in/ryan-patrick-3699117a/ [https://www.linkedin.com/in/ryan-patrick-3699117a/] Meet Jeremy: https://www.linkedin.com/in/jeremyhuval [https://www.linkedin.com/in/jeremyhuval] Meet Richard Diver: https://www.linkedin.com/in/rdiver/ [https://www.linkedin.com/in/rdiver/]

Why Compliance Fatigue Is a National Security Risk

Compliance shouldn’t come at the cost of security. In this episode, Leah McGrath (Executive Director, GovRAMP) and Brian Conrad (Director of Global Strategic Compliance Initiatives at Zscaler, formerly of FedRAMP) join the Trust vs. team to talk about multi-framework fatigue, the future of recognition and reciprocity, and why real cybersecurity progress depends on collaboration—not just more certifications. Hosted by HITRUST’s Ryan Patrick and Jeremy Huval, this episode dives deep into how public and private sectors can work together to reduce redundancy and get back to the real work: protecting critical systems and data. Meet Ryan: https://www.linkedin.com/in/ryan-patrick-3699117a/ [https://www.linkedin.com/in/ryan-patrick-3699117a/] Meet Jeremy: https://www.linkedin.com/in/jeremyhuval [https://www.linkedin.com/in/jeremyhuval] Meet Leah: https://www.linkedin.com/in/leah-mcgrath-in/ [https://www.linkedin.com/in/leah-mcgrath-in/] Meet Brian: https://www.linkedin.com/in/brianhconrad/ [https://www.linkedin.com/in/brianhconrad/]

Why SOC 2 May Not Prove Security Anymore

SOC 2 might be everywhere, but is it actually working? In this episode, the Trust vs. team welcomes cybersecurity leader, author, and GRC engineer AJ Yawn to break down the state of SOC 2 today and why its greatest strength may also be its biggest weakness. AJ brings years of hands-on experience in auditing, engineering, and startup leadership to explain how SOC 2 shifted from a signal of security to a sales checkbox and what that means for TPRM. We talk about flexibility vs. consistency, outdated frameworks, why some SOC 2s are nearly useless, and how organizations can move toward better assurance by asking better questions. Meet Ryan: https://www.linkedin.com/in/ryan-patrick-3699117a/ [https://www.linkedin.com/in/ryan-patrick-3699117a/] Meet Jeremy: https://www.linkedin.com/in/jeremyhuval [https://www.linkedin.com/in/jeremyhuval] Meet AJ: https://www.linkedin.com/in/ajyawn/ [https://www.linkedin.com/in/ajyawn/] Read AJ’s Book: https://www.amazon.com/GRC-ENGINEERING-AWS-Hands-Engineering/dp/B0FDLZX4BP [https://www.amazon.com/GRC-ENGINEERING-AWS-Hands-Engineering/dp/B0FDLZX4BP]