Episode
What the ISM AI Update Actually Means for Cyber Teams
- Podcast
- Day One®
- Published
- Apr 1, 2026
- Duration seconds
- 2024
- Processing state
not_requested- Canonical source
- https://galahcyber.com.au/podcasts
Actions
POST https://stenobird.com/v1/public/podcasts/day-one-7096683/episodes/what-the-ism-ai-update-actually-means-for-cyber-teams/transcription-requests
Idempotently request low-priority transcript generation for this episode.GET https://stenobird.com/podcast/day-one-7096683/what-the-ism-ai-update-actually-means-for-cyber-teams.md
Read the agent-friendly Markdown representation of this episode resource.
Summary
Episode Summary The ISM has been updated again, and this time AI is front and centre. In this episode of Secured, Cole Cornford is joined by returning guest Toby Amodio, Practice Lead at Fujitsu Cybersecurity Services, for another instalment of Policy Wonks and Gronks, cutting through the vendor noise to talk about what the March 2026 update actually means in practice. They explore where AI is genuinely delivering value for cyber professionals, from automating compliance mapping and vendor assessments to streamlining pen test reporting and SOC triage. But they are equally candid about the risks: the erosion of foundational skills as junior roles get outsourced to AI, the creeping fatigue of reviewing outputs at scale, and the danger of skipping straight to full automation without the expertise to validate what the machine is doing. The conversation also tackles bigger picture concerns unique to Australia, sovereign AI capability, the risk of a brain drain to the US, and whether a small country can afford to decentralise its AI infrastructure. Toby closes with a sharp reminder for government CISOs: AI is just another system, and how people use it matters far more than the certifications attached to it. Timestamps 00:00 Episode Trailer 01:01 Chainguard ad 01:28 Intro and the March 2026 ISM update 03:00 AI hype vs real world utility 05:00 Governance and compliance use cases 08:00 Vendor assessments and knowledge base automation 11:00 Skill erosion and the junior roles question 14:00 AI in pen testing: reporting, scoping and customer experience 17:30 The maturity model for AI adoption 21:00 Vibe coding, slop assurance and fatigue at scale 25:00 Agents watching agents and the bot vs bot future 28:30 Australian AI sovereignty and the brain drain risk 32:00 Top tip for govern…