In this episode of "Nerding Out with Viktor," host Viktor Petersson sits down with Nick Selby, a security leader and advocate for practical security culture, to explore the reality behind software security compliance and why so many teams treat it as a checkbox rather than a mindset.

The discussion unpacks how frameworks like SOC 2 and ISO 27001 often provide structure but not necessarily safety, and why real resilience depends on culture, not compliance. Viktor and Nick dig into the challenges of adopting AI tools faster than they can be secured, the limits of certification-driven trust, and how modern legislation such as the Cyber Resilience Act and SBOMs can reshape accountability across the software supply chain.

Nick shares insights from his extensive experience in security leadership, revealing the gap between compliance theater and genuine security practices. The conversation explores how organizations can build security cultures that make compliance a natural outcome rather than a forced exercise, and why understanding the "why" behind security measures is more valuable than simply following checklists.

The episode also delves into the practical challenges facing modern development teams as they navigate the rapid adoption of AI tools while maintaining security standards. Viktor and Nick examine how traditional compliance frameworks struggle to keep pace with emerging technologies, and what this means for organizations trying to balance innovation with risk management.

For founders, engineers, and leaders navigating the balance between innovation and security, this episode offers a grounded look at how to make compliance a natural outcome of good security practices, not its substitute.

• Safety Co-Option and Compromised National Security: The Self-Fulfilling Prophecy of Weakened AI Risk Thresholds
• EU Cyber Resilience Act