Hacking Back, Legal Limits, and the Future of Cybersecurity Regulation

Hacking Back, Legal Limits, and the Future of Cybersecurity Regulation

From Trust vs. by HITRUST Alliance

November 20, 2025 · 40 min · Season 3 · Episode 9

About this episode

Cristin Flynn Goodwin discusses the complexities of cybersecurity law and the implications of emerging technologies.

In this episode of Trust vs., cybersecurity law expert Cristin Flynn Goodwin joins the show to break down some of the most nuanced (and misunderstood) topics in cyber: active defense, regulation, and the legal implications of emerging tech like agentic AI. With over 17 years at Microsoft leading incident response and threat intel, Cristin shares what it really takes to disrupt nation-state actors, why “hacking back” is more emotional than practical, and how regulations like the EU Cyber Resilience Act are reshaping third-party risk. She also looks ahead to what may be the most complex challenge yet: governing AI agents in an identity-driven world.  Meet Ryan: https://www.linkedin.com/in/ryan-patrick-3699117a/ Meet Jeremy: https://www.linkedin.com/in/jeremyhuval Meet Cristin: linkedin.com/in/cristin-flynn-goodwin-24359b4 Cristin’s Podcast "Advancing Cyber": https://advancingcyber.com/

People in this episode

Hosts: Ryan Patrick, Jeremy Huval

Guest: Cristin Flynn Goodwin

Topics covered

  • cybersecurity
  • active defense
  • regulation
  • AI governance
  • third-party risk

Keywords

  • cybersecurity
  • hacking back
  • regulation
  • AI
  • third-party risk
  • active defense

Mentioned in this episode

Organizations: Microsoft, EU Cyber Resilience Act

Books & works: Advancing Cyber

More episodes of Trust vs.

Explore listener stats, chart rankings, contacts and more on the Trust vs. podcast page.