THE DLegendDigital BLOG

Field notes on digital risk,
AI governance, and compliance.

Practitioner guides from the team that builds DLegendDigital toolkits — deeper than a checklist, shorter than a certification course, and always written for people who have to actually get the work done.

A spool of tangled, branching cables stretching off into the distance, suggesting a software dependency tree too large to inventory by hand.

CybersecurityCybersecurity

Your Real Vendor List Has 50,000 Names — and April 2026 Proved It

Three open-source supply-chain compromises landed inside thirty days in April 2026 — Axios, SAP's CAP-JS packages, and PyTorch Lightning. Your vendor risk register doesn't list any of them. Here's what that costs, and what to do Monday.

#supply-chain#oss#sbom

May 15, 202614 min read

A US map with state borders fading in and out, evoking a regulatory patchwork in motion

LegislationLegislation

The State AI Law Patchwork Just Cracked — And Your Compliance Plan Has to Work Anyway

A federal court paused Colorado's AI Act, Texas's TRAIGA just turned on, California's training-data rule is live, and a White House executive order is hunting state AI laws in court. Here's what's actually enforceable on your AI this quarter — and what to do Monday.

#ai-governance#state-ai-laws#compliance

May 12, 202615 min read

A single weathered steel chain link on a concrete surface, broken cleanly at one point — an editorial illustration of shared-fate risk in cloud infrastructure.

CloudTechnology Leadership

The Outage You Can't Fail Over From

2025 was the year the cloud giants stumbled. AWS, Azure, Cloudflare, and Google Cloud each had a day where "outage" stopped being theoretical. An honest read on what failed, what held, and what leaders at every size should actually do differently.

#cloud#resilience#dns

Apr 15, 202615 min read

AITechnology Leadership

AI Governance for Enterprise Leaders: Building a Framework That Satisfies Boards, Auditors, and Regulators

AI governance isn't optional anymore. Boards are asking about AI risk. Auditors are adding AI to their scope. Regulators are moving from guidelines to enforcement. Here's how to build an AI governance framework that addresses all three audiences — without creating a bureaucracy that kills innovation.

#AI Governance#Risk Management#Compliance

Apr 1, 202615 min read

AIAI & Automation

How AI Is Transforming Internal Audit: A Practitioner's Perspective on What's Working in 2026

AI isn't replacing auditors — it's amplifying them. From risk assessment to evidence review, AI tools are changing how audit teams work.

#AI#Internal Audit#Automation

Mar 25, 202614 min read

CybersecurityCompliance

Getting Started with NIST CSF 2.0: What Changed, Why It Matters, and How to Begin Your Assessment

The NIST Cybersecurity Framework 2.0 is the most significant update since the framework's inception. With the new Govern function, expanded scope, and updated implementation guidance, organizations of all sizes now need to reassess their cybersecurity posture. Here's a practitioner's guide to getting started.

#NIST CSF#Compliance#Risk Management

Mar 15, 202612 min read

The Current

One practical brief — twice a month.

The 1st and 15th of every month. New legislation, AI policy shifts, framework updates, and the tooling we build around them — distilled into the five things you actually need to act on. No fluff, no unsubscribe guilt.

Free. ~5 min read. Unsubscribe any time.

Field notes on digital risk, AI governance, and compliance.