Alejandro Rivas Vazquez spent two decades running Digital Forensics and Incident Response at two Big Four firms, and now teaches cybersecurity law at IE Law School in Madrid. He's sat in boardrooms, testified as an expert witness, and been on the phone at 1am when OFAC changed the rules mid-ransomware negotiation.

In this episode, Alejandro breaks down why the EU and US approach cyber incidents from fundamentally different starting points, and what happens when those worlds collide inside a real investigation.

He explains:

1. Why lawyers belong in the room (and exactly when they don't)
2. How the EU's hyper-regulation actively hinders incident response
3. Why business email compromise costs more than ransomware — and gets less attention
4. What preparation actually means before an incident hits
5. How DFIR is professionalizing, and where AI fits into its future

Timestamps

1. (00:00) Alejandro's path from Big Four IT risk to DFIR
2. (07:45) How Operation Night Dragon changed the industry
3. (16:20) Boardrooms, expert witnesses, and CISO liability
4. (25:35) EU vs. US: regulation-first vs national security-first
5. (32:15) When Europe's privacy laws block your own investigation
6. (41:48) CISO personal liability: insurance, risk acceptance, and burnout
7. (54:18) War story: business email compromise and the board member who went rogue
8. (01:01:45) The single decision that separates contained from catastrophic
9. (01:09:26) Midnight OFAC call during an active ransomware response
10. (01:14:00) Why DFIR merged and where the profession is heading
11. (01:20:09) AI as force multiplier: threat, opportunity, and the hallucination danger zone
12. (01:33:53) Practical advice: what EU and North American CISOs should do this quarter