What landed last week
The new regulation, guidance or judgment that matters for European GRC. Already filtered. EUR-Lex link included.
Recent example
Example: "EBA RTS on subcontracting under DORA. What to update in your ICT register before April."
The GRC Brief
The newsletter we wish we had when we started in GRC. Written by active CISOs and GRC practitioners, read in three minutes, designed to be forwarded to your team before the standup.
Zero AI summaries. Zero filler. One thing worth knowing.
Monday
every week, 8am CET
3 min
read, top to bottom
1-click
unsubscribe, no questions
0
AI-summarised filler
One email a week, every Monday at 8am Central European Time. We never sell or share emails. Mailchimp handles the delivery; you control the consent.
Latest issue
Edition 03 · 22 June 2026
03
A Checkmarx report, 86,000 Fortinet logins, a forgotten GitHub token, and a mailbox that cost 176,000 euros.
A Checkmarx report, 86,000 Fortinet logins, a forgotten GitHub token, and a mailbox that cost 176,000 euros.
Read full issueWhat lands in your inbox
Same structure every week. No surprise format, no padding to hit a word count. If you skim Mondays, you know exactly where each thing lives.
The new regulation, guidance or judgment that matters for European GRC. Already filtered. EUR-Lex link included.
Recent example
Example: "EBA RTS on subcontracting under DORA. What to update in your ICT register before April."
One real-world finding from a recent engagement, anonymised, with the fix. The kind of thing your CISO would tell you over coffee.
Recent example
Example: "Stage 2 NC on access reviews. Three line items in your evidence pack that close it cleanly."
A risk-register row, a policy paragraph, a control mapping. Built for paste-and-adapt, not for a slideshow.
Recent example
Example: "DPIA template: the three questions that always trigger CNIL follow-up."
Sixty to ninety words on one thing we are seeing in the field. Written by Christophe or a guest practitioner. No AI summary, no padding.
Recent example
Example: "NIS 2 transposition in France is now law. The board question you will get next month is..."
The newsletter is the one place we get to write the way we actually talk in the audit room. No SEO padding, no thought-leadership theatre. Three minutes of usefulness, every Monday.
Christophe Mazzola · Founder & lead editor
A new edition lands in your inbox every Monday at 8am Central European Time. Browse the full archive of past editions, or subscribe and the next one is in your inbox next Monday.
Quick answers
Once a week, every Monday at 8am Central European Time. We skip the last two weeks of December and the first week of August. No mid-week "special editions", no announcements bombs, no PR fluff.
Christophe Mazzola and the Cyber Academy trainer pool. Every link, every take, every template comes from someone running GRC for real, not from a marketing intern. Guest authors are named explicitly when they contribute.
Free. We do not run paid tiers, do not sell the audience, and do not share emails with sponsors. The newsletter is the asset; the cohorts are the business.
One click in the footer of any issue. We do not run "are you sure?" guilt screens. If you come back later, there is no re-subscription friction either.
Yes. The full archive lives at /resources/newsletter, with every published edition. New issues are added automatically as they ship.
Only the newsletter and, if you opt-in on a separate form, training programme updates. We never sell or share the list. GDPR-compliant double opt-in. Mailchimp is the processor.
See you on Monday at 8am
Free, one-click unsubscribe, no AI fluff. The newsletter that practitioners actually forward to their team.
Or browse theGRC Brief archive for past editions.