{"version":"https://jsonfeed.org/version/1.1","title":"Cyber Academy. The Blog","home_page_url":"https://cyberacademy.net","feed_url":"https://cyberacademy.net/feed.json","description":"GRC and cybersecurity training, by Christophe Mazzola (practicing CISO).","language":"en","authors":[{"name":"Cyber Academy"}],"items":[{"id":"https://cyberacademy.net/resources/blog/can-chatgpt-draft-your-isms-policy-a-real-test","url":"https://cyberacademy.net/resources/blog/can-chatgpt-draft-your-isms-policy-a-real-test","title":"Can ChatGPT Draft Your ISMS Policy? A Real Test","summary":"Can AI write your ISMS policies? Yes ; but not the way most people think. Here’s a field-tested look at what works, what fails, and how to use AI safely in your governance program.","date_published":"2026-05-28T00:00:00.000Z","date_modified":null,"authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/building-a-compliance-dashboard-that-speaks-board-language","url":"https://cyberacademy.net/resources/blog/building-a-compliance-dashboard-that-speaks-board-language","title":"Building a Compliance Dashboard that Speaks Board Language","summary":"Most compliance dashboards overwhelm executives with noise. Here’s how to build one that speaks the Board’s language ; clear, strategic, and decision-ready.","date_published":"2026-05-25T00:00:00.000Z","date_modified":null,"authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/brussels-next-move-what-comes-after-nis2-and-dora","url":"https://cyberacademy.net/resources/blog/brussels-next-move-what-comes-after-nis2-and-dora","title":"Brussels’ Next Move: What Comes After NIS2 and DORA","summary":"NIS2 and DORA were only Phase 1. AI Act, Data Act, CRA, EUCS and new accountability rules are about to define Phase 2. Here’s the concrete roadmap GRC leaders must prepare for.","date_published":"2026-05-22T00:00:00.000Z","date_modified":null,"authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/bridging-gdpr-nis2-and-dora-for-unified-compliance","url":"https://cyberacademy.net/resources/blog/bridging-gdpr-nis2-and-dora-for-unified-compliance","title":"Bridging GDPR, NIS2, and DORA for Unified Compliance","summary":"GDPR, NIS2, and DORA overlap more than most organisations realise. Here’s how to build one unified compliance model instead of three separate nightmares.","date_published":"2026-05-19T00:00:00.000Z","date_modified":null,"authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/awareness-program-is-dead","url":"https://cyberacademy.net/resources/blog/awareness-program-is-dead","title":"Awareness Program is dead.","summary":"Awareness training reduces risk, but only when it’s designed for real humans, real incentives, and real-world context. Here’s why most programs fall flat ; and what actually works.","date_published":"2026-05-16T00:00:00.000Z","date_modified":null,"authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/iso27001-i-inherited-an-isms","url":"https://cyberacademy.net/resources/blog/iso27001-i-inherited-an-isms","title":"ISO27001: I Inherited an ISMS. It Was a SharePoint Folder with 200 Documents and a Prayer.","summary":"What nobody tells you about implementing ISO27001 — and how to stop faking it in 5 days. May 11–15, online.","date_published":"2026-03-24T21:36:41.000Z","date_modified":"2026-03-24T21:44:51.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/nis-2-is-live-your-regulator-wont-wait","url":"https://cyberacademy.net/resources/blog/nis-2-is-live-your-regulator-wont-wait","title":"NIS 2 Is Live. Your Regulator Won’t Wait.","summary":"How to go from “I’ve read the directive” to “I can implement it” in 5 days — May 4–8, online.","date_published":"2026-03-24T21:20:37.000Z","date_modified":"2026-03-24T21:20:40.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/your-bia-is-probably-a-spreadsheet-someone-filled-in-alone","url":"https://cyberacademy.net/resources/blog/your-bia-is-probably-a-spreadsheet-someone-filled-in-alone","title":"Your BIA Is Probably a Spreadsheet Someone Filled In Alone.","summary":"Free Business Impact Assessment template. Three sections. Pre-built impact matrix. Ready for ISO 22301.","date_published":"2026-03-24T18:25:49.000Z","date_modified":"2026-03-24T18:25:49.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/the-bc-dr-policy-template-that-doesnt-die-in-sharepoint","url":"https://cyberacademy.net/resources/blog/the-bc-dr-policy-template-that-doesnt-die-in-sharepoint","title":"The BC/DR Policy Template That Doesn't Die in SharePoint","summary":"Free download. Built from real projects. Not another ISO copy-paste.","date_published":"2026-02-25T07:06:37.000Z","date_modified":"2026-03-24T18:27:31.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/storytelling-for-compliance-leaders","url":"https://cyberacademy.net/resources/blog/storytelling-for-compliance-leaders","title":"Storytelling for Compliance Leaders","summary":"Because facts inform, but stories make people care about compliance.","date_published":"2026-01-01T12:00:57.000Z","date_modified":"2026-02-15T14:26:35.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/grc-kpis-that-matter-how-to-prove-compliance-with-numbers","url":"https://cyberacademy.net/resources/blog/grc-kpis-that-matter-how-to-prove-compliance-with-numbers","title":"GRC KPIs That Matter: How to Prove Compliance with Numbers","summary":"Most GRC KPIs are useless. Here are the ones that actually prove compliance ; and drive decisions.","date_published":"2026-01-01T12:00:40.000Z","date_modified":"2026-02-15T14:23:48.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/how-to-get-executives-to-care-about-risk","url":"https://cyberacademy.net/resources/blog/how-to-get-executives-to-care-about-risk","title":"How to Get Executives to Care About Risk","summary":"How to make executives genuinely care about risk ; and act on it.","date_published":"2026-01-01T12:00:40.000Z","date_modified":"2026-02-15T14:22:55.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/grc-dashboards-executives-actually-read","url":"https://cyberacademy.net/resources/blog/grc-dashboards-executives-actually-read","title":"GRC Dashboards Executives Actually Read","summary":"If you want executives to pay attention, you must stop reporting like a compliance officer and start reporting like a business partner.","date_published":"2026-01-01T12:00:38.000Z","date_modified":"2026-02-15T14:22:24.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/how-to-run-a-risk-assessment-that-doesnt-bore-the-board","url":"https://cyberacademy.net/resources/blog/how-to-run-a-risk-assessment-that-doesnt-bore-the-board","title":"How to Run a Risk Assessment that Doesn’t Bore the Board","summary":"If you want your board to actually care, not just endure your slides, you need to turn risk assessment from a reporting ritual into a decision conversation.\nHere’s how.","date_published":"2026-01-01T12:00:35.000Z","date_modified":"2026-02-15T14:21:14.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/how-to-talk-compliance-to-non-grc-people-and-make-them-care","url":"https://cyberacademy.net/resources/blog/how-to-talk-compliance-to-non-grc-people-and-make-them-care","title":"How to Talk Compliance to Non-GRC People (and Make Them Care)","summary":"How to Talk GRC to Non-GRC People (and Make Them Care)","date_published":"2026-01-01T12:00:34.000Z","date_modified":"2026-02-15T14:19:43.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/5-mistakes-in-risk-registers-and-how-to-fix-them","url":"https://cyberacademy.net/resources/blog/5-mistakes-in-risk-registers-and-how-to-fix-them","title":"5 Mistakes in Risk Registers (and How to Fix Them)","summary":"Because most risk registers are just expensive spreadsheets of wishful thinking.","date_published":"2026-01-01T12:00:30.000Z","date_modified":"2026-02-15T14:18:07.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/top-10-gaps-auditors-will-look-for-under-nis2","url":"https://cyberacademy.net/resources/blog/top-10-gaps-auditors-will-look-for-under-nis2","title":"Top 10 Gaps Auditors Will Look for Under NIS2","summary":"And why “we have a policy for that” won’t be enough this time with NIS2","date_published":"2026-01-01T12:00:28.000Z","date_modified":"2026-02-15T14:15:21.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/from-checkbox-to-strategy-the-death-of-fake-compliance","url":"https://cyberacademy.net/resources/blog/from-checkbox-to-strategy-the-death-of-fake-compliance","title":"From Checkbox to Strategy: The Death of Fake Compliance","summary":"Compliance built on checklists is dying. Here's how organisations move from fake maturity to real strategic security.","date_published":"2026-01-01T12:00:25.000Z","date_modified":"2026-02-15T14:13:20.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/ai-governance-vs-ai-compliance-whats-the-difference","url":"https://cyberacademy.net/resources/blog/ai-governance-vs-ai-compliance-whats-the-difference","title":"AI Governance vs. AI Compliance: What’s the Difference?","summary":"And why confusing AI Governance and AI Compliance will get you in trouble.","date_published":"2026-01-01T12:00:24.000Z","date_modified":"2026-02-15T14:09:37.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/the-ultimate-guide-to-iso-certifications-for-grc-pros","url":"https://cyberacademy.net/resources/blog/the-ultimate-guide-to-iso-certifications-for-grc-pros","title":"The Ultimate Guide to ISO Certifications for GRC Pros","summary":"A practical, field-tested guide to ISO certifications every GRC professional should understand ; and why they matter in real life.","date_published":"2026-01-01T12:00:24.000Z","date_modified":"2026-02-15T14:12:37.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/how-to-write-policies-people-actually-follow","url":"https://cyberacademy.net/resources/blog/how-to-write-policies-people-actually-follow","title":"How to Write Policies People Actually Follow","summary":"Because “In accordance with applicable legal requirements…” is not how humans talk. Therefore, not your policies should not include this.","date_published":"2026-01-01T12:00:23.000Z","date_modified":"2026-02-15T14:07:08.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/data-classification-policies-that-actually-work","url":"https://cyberacademy.net/resources/blog/data-classification-policies-that-actually-work","title":"Data Classification Policies that Actually Work","summary":"Because most “Confidential / Internal / Public” labels are just data decorative.","date_published":"2026-01-01T12:00:20.000Z","date_modified":"2026-02-15T14:04:00.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/from-intern-to-ciso-how-to-build-a-grc-career-that-scales","url":"https://cyberacademy.net/resources/blog/from-intern-to-ciso-how-to-build-a-grc-career-that-scales","title":"From intern to CISO: How to Build a GRC Career That Scales","summary":"A field-tested roadmap for your career from junior GRC analyst to CISO ; without getting lost in templates, audits, or corporate confusion.","date_published":"2026-01-01T12:00:20.000Z","date_modified":"2026-02-15T14:05:37.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/lessons-from-failed-audits-what-every-organization-should-learn","url":"https://cyberacademy.net/resources/blog/lessons-from-failed-audits-what-every-organization-should-learn","title":"Lessons from Failed Audits: What Every Organization Should Learn","summary":"Why audits fail, what it really means, and the lessons every organization must learn to avoid repeating the same mistakes.","date_published":"2026-01-01T12:00:17.000Z","date_modified":"2026-02-15T14:03:20.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/lead-auditor-vs-lead-implementer-which-certification-fits-you","url":"https://cyberacademy.net/resources/blog/lead-auditor-vs-lead-implementer-which-certification-fits-you","title":"Lead Auditor vs. Lead Implementer: Which Certification Fits You?","summary":"How to Talk GRC to Non-GRC People (and Make Them Care)","date_published":"2026-01-01T12:00:13.000Z","date_modified":"2026-02-15T14:02:42.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/top-10-audit-findings-in-2025-the-real-ones","url":"https://cyberacademy.net/resources/blog/top-10-audit-findings-in-2025-the-real-ones","title":"Top 10 Audit Findings in 2025: The Real Ones","summary":"Field notes from actual gap assessments across Europe, not from textbooks.","date_published":"2026-01-01T12:00:11.000Z","date_modified":"2026-02-15T14:02:04.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/how-to-build-a-compliance-culture-beyond-checklists","url":"https://cyberacademy.net/resources/blog/how-to-build-a-compliance-culture-beyond-checklists","title":"How to Build a Compliance Culture Beyond Checklists","summary":"Compliance culture is not built with policies or checklists  ; it’s built with behaviours, ownership, and clarity.","date_published":"2026-01-01T12:00:10.000Z","date_modified":"2026-02-15T14:25:17.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/how-to-stand-out-as-a-vciso","url":"https://cyberacademy.net/resources/blog/how-to-stand-out-as-a-vciso","title":"How to Stand Out as a vCISO","summary":"How a vCISO can truly stand out in a crowded market by being practical, human, and relentlessly useful.","date_published":"2026-01-01T12:00:10.000Z","date_modified":"2026-02-15T14:01:07.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/why-2026-is-the-year-of-compliance-convergence","url":"https://cyberacademy.net/resources/blog/why-2026-is-the-year-of-compliance-convergence","title":"Why 2026 Is the Year of Compliance Convergence","summary":"How to Talk GRC to Non-GRC People (and Make Them Care)\n\nBy 2026, the companies that survive the regulatory storm, NIS2, DORA, the AI Act, The CRA Act, The DATA Act, ESG, privacy, you name it, will be the ones that finally stop managing frameworks in isolation.\nWe’re entering the era of GRC convergen","date_published":"2026-01-01T12:00:10.000Z","date_modified":"2026-02-15T13:59:31.000Z","authors":[{"name":"Christophe Mazzola"}]},{"id":"https://cyberacademy.net/resources/blog/when-excel-is-enough-and-when-you-need-a-real-grc-platform","url":"https://cyberacademy.net/resources/blog/when-excel-is-enough-and-when-you-need-a-real-grc-platform","title":"When Excel Is Enough and When You Need a Real GRC Platform","summary":"Excel works… until it doesn’t. Here’s the pragmatic line between “good enough” spreadsheets and when your organisation truly needs a GRC platform.","date_published":"2026-01-01T12:00:09.000Z","date_modified":"2026-01-05T10:26:43.000Z","authors":[{"name":"Christophe Mazzola"}]}]}