Bob Kolasky walked the halls where CMMC was built. As founding director of CISA's National Risk Management Center, he watched this policy evolve from concept to pilot program to federal law—surviving three presidential administrations because the need never changed.
On November 10, 2025, that policy becomes mandatory reality for every defense contractor pursuing new DoD solicitations. Self-certification ends. Independent verification begins. And the defense industrial base faces its most significant security transformation in a generation.
In this conversation with Justin Beals, Bob explains what contractors need to understand about the deadline—and what recent enforcement actions reveal about gaps that have existed all along.
From Honor System to Accountability:
For years, defense contractors self-certified compliance with NIST 800-171 cybersecurity requirements. The system worked on trust. Contractors checked boxes, DoD accepted attestations, and controlled unclassified information flowed through supply chains with security gaps nobody was measuring.
Then came the settlements. Raytheon paid $8.4 million for failing basic security controls—no antivirus software on systems handling defense information, no system security plans, missing access controls. Penn State settled $1.25 million across 15 contracts. Georgia Tech paid $875,000 in the first DOJ intervention in a cybersecurity False Claims Act case.
These weren't breaches. These were preventable failures that contractors had certified didn't exist.
Katie Arrington's warning to the industry has been consistent: "If you go on LinkedIn one more time and tell me how hard CMMC is, I'm going to beat you. That ship sailed in 2014." Translation: adversaries are watching, and contractors broadcasting difficulties are revealing exactly where vulnerabilities exist.
The November 10th Framework:
After this deadline, every new contract solicitation includes CMMC requirements matched to data sensitivity:
Level 1 handles federal contract information through annual self-assessment with SPRS score reporting. Level 2 manages controlled unclassified information and requires independent C3PAO assessor validation—affecting approximately 35% of DoD's contractor base. Level 3 involves breakthrough technology or critical CUI aggregations and demands direct government audit.
The quantitative approach represents a shift. Instead of binary pass/fail, contractors receive scores reflecting actual security posture. An 88 out of 110 qualifies for Level 2 conditional status with plan of action and milestones. These numbers measure real capabilities across incident response, access control, and continuous monitoring.
The Supply Chain Ripple Effect:
Prime contractors bear new responsibility for subcontractor compliance. Before contract award, they must verify—not just accept—that subs meet requirements. Security questionnaires aren't sufficient anymore. Primes need evidence, validation, and continuous visibility.
An affirming official—typically a senior executive—personally attests to the government that the organization actively manages supply chain risk. This accountability changes relationships throughout the defense industrial base.
Practical Considerations:
Bob addresses the questions contractors are asking: How do you define system boundaries when CUI flows through your infrastructure? Why does each information system need a unique CMMC identifier? What does "current CMMC status" mean for maintaining certification? How do you schedule C3PAO assessments when capacity is limited and 35% of contractors need certification?
He also explains why technology becomes essential—automating compliance evidence collection makes continuous monitoring feasible without massive security staff increases. And he's candid about what the next two years bring: with Kirsten Davies nominated as new CIO and Katie Arrington driving implementation, expect aggressive rollout through 2026.
Why This Policy Survived:
Bob's experience spans Obama, Trump, and Biden administrations. The CMMC framework persisted through every transition because supply chain security isn't a partisan issue—it's a national defense imperative. Now at Exiger advising defense contractors, Bob bridges the gap between policy intent and practical implementation.
This conversation provides clarity on November 10th's real meaning: not just a compliance deadline, but a fundamental shift in how the defense industrial base secures the supply chain supporting national security.
Guest: Bob Kolasky, SVP Critical Infrastructure at Exiger | Former Founding Director, CISA National Risk Management Center | 15 years shaping federal cybersecurity policy
#CMMC #November10th #DefenseContracting #Cybersecurity #DFARS #CISA #SupplyChainSecurity #DIB #ComplianceDeadline #NationalSecurity
When we think about cybersecurity, images of tech giants and major financial centers come to mind—but what about the towns where most of us actually live? This SecureTalk episode with cybersecurity researcher Lars Kruse explores an often-overlooked question: how do communities of 20,000-100,000 residents protect themselves in an increasingly digital world?
Host Justin Beals and Kruse, who studies at Sweden's Defense University, discuss the practical realities of implementing cybersecurity in resource-constrained environments. Through his research on over 600 European municipalities and validation interviews with consultants and administrators, Kruse reveals fascinating insights about the gap between written policies and daily operations.
The conversation opens with a real-world incident from Germany where 72 towns simultaneously lost access to their IT systems—not through sophisticated hacking, but through preventable security oversights. This case study illustrates why understanding operational security matters just as much as regulatory compliance.
Key topics explored include:
- How mid-sized communities differ from "smart cities" in their security approach
- The balance between regulatory requirements like GDPR, NIS2, and DORA
- Why employee training consistently ranks as the most critical security investment
- Practical frameworks for managing third-party technology vendors
- The role of political leadership in prioritizing cybersecurity budgets
- How research institutions contribute to better security policies
Kruse shares optimistic findings too: many organizations already practice good security fundamentals—they just need guidance connecting their existing processes to compliance requirements. The episode emphasizes that cybersecurity isn't about expensive technology alone; it's about building resilient practices that protect community services and citizen data.
Perfect for professionals in public administration, IT management, business operations, or anyone curious about how digital security works beyond headlines. This conversation offers practical knowledge about protecting the digital infrastructure we all depend on daily.
SecureTalk features conversations with experts shaping the future of cybersecurity and compliance, hosted by Justin Beals, CEO of Strike Graph.
#Cybersecurity #PublicSector #DigitalSecurity #CommunityResilience #SecurityEducation #DataPrivacy #TechPolicy #LocalGovernment #CyberAwareness #ITSecurity
Quantum computing represents one of the most significant advances in computer science we'll see in our lifetimes. We're watching error correction rates improve faster than predicted, with Google's Willow chip achieving benchmarks that compress development timelines dramatically.
For security professionals, this creates an exciting challenge: how do we architect systems today that remain secure as computing power evolves? What makes this particularly interesting is that blockchain and Web3 technologies are at the forefront of this transition—not because they're more vulnerable, but because they're leading the way in implementing quantum-resistant solutions.
Unlike traditional systems where encryption happens behind closed doors, blockchain's transparency means every transaction, every wallet, every cryptographic operation is visible on a public ledger. When post-quantum cryptography becomes necessary, these systems can't just patch quietly in the background. They need to migrate entire ecosystems while maintaining trust with users who can see every change on-chain.
In this episode, we sit down with James Stephens, founder and CEO of Krown Technologies and a certified cryptocurrency forensic investigator, to explore how the blockchain industry is pioneering quantum-resistant infrastructure that will inform security practices across all sectors.
What We Discuss:
James brings practical experience from both investigating cryptocurrency breaches and building quantum-resistant blockchain infrastructure. His forensic work revealed that most losses come from key mishandling and social engineering rather than cryptographic breaks—insights that shaped how he approaches designing secure systems for any environment.
This conversation covers both the technical innovation happening in quantum computing and the architectural decisions security teams need to make to prepare their organizations for this next era of computing power.
About the Guest: James Stephens is a recognized authority in blockchain security and cryptocurrency forensics with over a decade of experience at the intersection of digital assets, cybersecurity, and quantum innovation. He holds certifications including CBE, CCFI, and CORCI, and is the author of "Quantum Reckoning: Securing Blockchain and DeFi in the Post-Quantum Era."
#Cybersecurity #QuantumComputing #PostQuantumCryptography #Blockchain #Web3 #DeFi #InfoSec
Discover how strategic foresight is revolutionizing cybersecurity thinking. In this compelling SecureTalk episode, renowned futurist Heather Vescent reveals the 12 invisible paradigms that have shaped our entire approach to cybersecurity - and why breaking them could transform how we defend digital systems.
Back in 2017, Vescent applied strategic foresight methodology to cybersecurity, uncovering fundamental assumptions like "security always plays catch-up," "the user is always wrong," and "we are completely dependent on passwords." Her research, published in 2018, predicted the passwordless revolution that's now mainstream reality.
This isn't just theoretical - Vescent demonstrates how appreciative inquiry flips traditional problem-solving approaches. Instead of asking "what's broken and how do we fix it," she explores "what's working well and how do we amplify it?" This methodology helped identify paradigm shifts that seemed radical in 2018 but are now industry standard.
Key insights include:
- How to shift from reactive to proactive security postures
- Why attack surface analysis needs systematic approaches
- The role of AI as thought partner rather than replacement
- How transparency reduces insider threat attack surfaces
- Practical applications of decentralized identity technologies
- Why security teams should focus on strengths, not just vulnerabilities
Vescent also addresses the commercialization challenges facing promising technologies like self-sovereign identity, explaining how ethical innovations often get compromised during market adoption. Her work bridges the gap between cybersecurity's technical realities and its broader societal implications.
For CISOs, security leaders, and technologists seeking to influence rather than just react to the future, this conversation provides actionable frameworks for anticipating threats and building more resilient systems. Vescent's strategic foresight methodology offers a roadmap for moving beyond endless problem-solving cycles toward security that creates value rather than just preventing loss.
Resources:
Shifting Paradigms Paper: https://www.researchgate.net/publication/330542765_Shifting_Paradigms_Using_Strategic_Foresight_to_Plan_for_Security_Evolution
Threat Positioning Framework GPT: https://chatgpt.com/g/g-68100f6a8c7481919d693ec9d4d9faab-the-threat-positioning-framework-gpt-by-h-vescent
Self Sovereign Identity Book : https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP?&linkCode=sl1&tag=vescent39-20&linkId=2797fe6ea49dff79952bc866ec8e8baf&language=en_US&ref_=as_li_ss_tl
Heather's email list: https://research.cybersecurityfuturist.com/
In a converted hat factory in 1990s Boston, a group of hackers worked through the night to techno beats and Soul Coughing, driven by a simple philosophy: "smarter beats bigger." One of them, Chris Wysopal, would later stand before Congress and deliver a stark warning—a small group of dedicated hackers could bring down the entire internet in 30 minutes.
Today, that same hacker faces a new challenge. The AI revolution everyone celebrates may be creating the largest security vulnerability in computing history.
Chris and his team at Veracode just completed the most comprehensive study of AI-generated code ever conducted—testing 100 different language models across 80 coding scenarios over two years. What they discovered contradicts everything the tech industry believes about AI development tools.
The Reality Behind the Hype: Despite billions in investment and years of development, AI systems create vulnerabilities 45% of the time—exactly matching human error rates. While AI has dramatically improved at writing code that compiles and runs, it has learned nothing about writing secure code. The models have simply gotten better at disguising their mistakes.
The Mathematics of Risk: Development teams now code 3-5x faster using AI assistants like GitHub Copilot and ChatGPT. Same vulnerability rate, exponentially faster development speed equals a multiplication of security flaws entering production systems. Many organizations are simultaneously reducing their security testing capacity just as they accelerate their vulnerability creation rate.
The Training Data Problem: The source of the issue lies in contaminated training data. These AI systems have absorbed decades of insecure code from open-source repositories and crowd-sourced platforms like Reddit. They've learned every bad coding practice, every deprecated security measure, every vulnerability pattern from the past 30 years—and they're reproducing them at machine speed.
The Technical Reality: Chris walks through specific findings: Java fails security tests 72% of the time, cross-site scripting vulnerabilities appear consistently, and inter-procedural data flows confuse even the most advanced models. The study reveals why some vulnerability types prove nearly impossible for current AI to handle correctly.
From Underground to Enterprise: This isn't just another technical report—it's a perspective from someone who helped define modern cybersecurity. The same analytical approach that once exposed vulnerabilities in massive corporate systems now reveals why the AI coding revolution presents unprecedented challenges.
The Path Forward: While general-purpose AI struggles with security, specialized models focused on fixing rather than generating code show promise. Chris explains how Veracode's targeted approach to code remediation succeeds where broad AI systems fail, pointing toward solutions that embrace the "smarter beats bigger" philosophy.
The hacker who once operated in shadows now examines these systems in broad daylight, revealing how our accelerated development practices may be outpacing our ability to secure them.
Chapters
00:00 The Origins of Loft Hacking Group
07:48 Generative AI in Software Development
13:39 Vulnerabilities in AI-Generated Code
18:56 The Challenges of Secure Coding
24:34 The Future of AI in Software Security
29:45 The Impact of AI on Developer Roles
Resources: Veracode 2025 GenAI Security Report
90% of Twitter users are represented by only 3% of tweets. When you scroll through your feed and form opinions about what "people are saying" about politics, you're not seeing the voices of nine out of ten users. You're seeing the loudest, most extreme 10% who create 97% of all political content on the platform.
In this episode of SecureTalk, host Justin Beals explores the "invisible majority problem" with Dr. Claire Robertson, Assistant Professor at Colby College. Together they examine how moderate voices have been algorithmically erased from our public discourse, creating pluralistic ignorance that threatens democracy itself.
Dr. Robertson's journey began at Kenyon College during the 2016 election—a blue island in a sea of red where Trump won the county by 40 points but the campus precinct went 90% blue. Surrounded by good people who saw the same election completely differently, she dedicated her career to understanding how we end up living in different realities.
Topics covered:
The cybersecurity landscape just shifted permanently, and most organizations aren't ready. While CISOs struggle with alert fatigue from 40+ security tools, a new threat vector is emerging that makes traditional identity management obsolete: AI agents acting autonomously across enterprise systems.
Join Secure Talk host Justin Beals for a critical conversation with Rishi Bhargava, the security architect who built Demisto into a $560M category-defining platform and now leads Descope in solving the next impossible challenge. This episode delivers actionable insights for everyone—from Fortune 500 CISOs managing complex threat landscapes to business leaders evaluating AI adoption risks.
For Security Professionals, you'll discover: • How AI agent proliferation creates an "identity explosion" that traditional IAM can't handle • Why probabilistic AI systems require fundamentally different access controls than deterministic human users • Advanced WebAuthn and FIDO2 implementation strategies for zero-trust architectures • SOC2 compliance frameworks adapted for AI-human hybrid workflows • Real-world SOAR evolution lessons from the Demisto acquisition
For Business Leaders, you'll learn:
• Why passwordless authentication directly impacts customer acquisition and retention
• The hidden costs of password-related support tickets and user drop-offs
• How early AI identity management adoption creates competitive advantages
• Risk assessment frameworks for AI agent deployment in sensitive environments
For Everyone:
• Why your current passwords are a ticking time bomb in an AI-first world
• How biometric authentication actually works (and why it's more secure than you think)
• Practical steps to future-proof your digital security today
Whether you're architecting enterprise security for thousands of employees or simply trying to understand why your login experience keeps getting more complex, this episode reveals the forces reshaping digital identity. The organizations that master AI agent authentication will lead their industries—those that don't risk catastrophic breaches and customer exodus.
#CISO #AIAuthentication #EnterpriseIdentity #ZeroTrust #PasswordlessSecurity #CyberSecurityStrategy #IAM #BiometricAuth #SecurityCompliance #AIAgents
The most dangerous threats don't break down the door - they already have the keys.
March 23, 2003, Kuwait: Command Sergeant Major Bart Womack was loading ammunition and watching Tiger Woods play golf at 1 AM when a grenade rolled into his tent. What followed was every leader's worst nightmare - discovering that one of your own had been planning to destroy you all along.
This isn't just a military story. It's a threat to security we face everywhere.
In today's world of workplace shootings, corporate espionage, and school violence, the statistics are terrifying:
• Insider threats cause 60% of all security breaches
• From Sandy Hook to Fort Hood - trusted insiders inflict maximum damage
• Corporate employees steal billions in trade secrets annually
• The average insider threat goes undetected for 85 days
What makes this episode essential viewing:
Real Combat Experience: CSM Womack survived two Bronze Star combat situations, including a firefight with North Korean forces in the DMZ
The Diary Revelations: The attacker's own writings revealed: "Destroying America was my plan as a child" - written YEARS before joining the Army
Life-Saving Strategies: The 6 proactive methods that could prevent workplace violence, school shootings, and corporate sabotage
Universal Application: These hard-learned lessons apply to offices, schools, places of worship, and anywhere people gather
The Shocking Truth: While 5,000 soldiers searched for "insurgents," the real enemy was wearing the same uniform, had taken the same oath, and was sleeping in the tent next door.
Why This Matters to YOU:
Whether you're a parent worried about school safety, a manager responsible for employee welfare, or simply someone who wants to protect your community - the warning signs are the same. Political polarization, social media radicalization, and workplace tensions create the perfect storm for insider threats.
What You'll Learn:
✅ The "Trust No One" philosophy (and what it really means)
✅ How to implement "Observe, Listen, Report" in your environment
✅ Why your gut instinct is your strongest security tool
✅ The evolution from belief → radicalized → extreme
✅ Real warning signs that leaders consistently miss
CSM Bart Womack transformed his traumatic experience into a mission: preventing others from experiencing what he and his soldiers endured. His insights have protected countless workplaces, schools, and communities.
The Bottom Line: In an era where conspiracy theories fuel real violence, where workplace tensions explode into tragedy, and where trusted insiders become active threats - these lessons could save your life.
🎖️ 29-year Army veteran, 101st Airborne Division
📖 Author of "Embedded Enemy"
🎤 Professional security consultant and keynote speaker
🔒 Insider threat prevention expert
This episode contains discussions of violence and may not be suitable for all audiences.
#InsiderThreat #WorkplaceSafety #SchoolSecurity #Cybersecurity #MilitaryStory #SecurityAwareness #ThreatPrevention #CorporateSecurity #NationalSecurity #CrisisManagement #SecurityLeadership #RiskManagement #EmergencyPreparedness #SafetyTraining #SecurityEducation
Subscribe for more real-world security insights that could save lives. Your safety depends on what you don't see coming.
Machines Running Amok: We've Created More Than We Can Secure
Twenty years ago, you could count the servers in your data center. Today, we've unleashed an army of digital entities that's spiraling beyond our control. For every human employee, there are 50-100 machine identities operating in your environment—containers, serverless functions, and automated processes that spawn and disappear by the minute. We've created more computing power than we have the ability to secure, and the machines are running amok.
In this episode of SecureTalk, we dive deep into the invisible crisis affecting 91% of organizations: machine identity breaches. Join host Justin Beals and cybersecurity expert Oded Hareven, CEO of Akeyless, as they explore why password rotation is dead, how ephemeral computing is breaking traditional security models, and what revolutionary approaches like distributed fragment cryptography mean for the future of cybersecurity.
What You'll Learn: • Why 85% of identity breaches now come from compromised machines, not humans • The fundamental mismatch between static security and dynamic infrastructure • How military-grade cybersecurity innovations are transforming commercial applications • Why the AI-quantum computing convergence is forcing us to rethink encryption • Practical steps toward "SSO for machines" and ephemeral security models
Key Topics:
Guest: Oded Hareven, Co-founder & CEO of Akeyless.
Timestamps:
00:00 Introduction to Cybersecurity and Machine Identities
04:37 The Evolution of Security Paradigms
09:30 Akeyless and Machine Identity Management
13:53 Zero Trust and Ephemeral Security
18:36 The Impact of AI and Quantum Computing on Security
23:19 Future Trends in Cybersecurity and Akeyless's Vision
Resources:
#Cybersecurity #CloudSecurity #MachineLearning #QuantumComputing #DevSecOps #IdentityManagement #ZeroTrust
Open Source vs Commercial: How "Winning Culture" Has Made Us More Vulnerable | Greg Epstein
Silicon Valley's shift from collaborative open-source principles to winner-take-all commercial dominance hasn't just changed business models—it's made us fundamentally more vulnerable. When companies prioritize winning everything over building secure, collaborative ecosystems, we all pay the price. But there's a profound irony: the more desperately these leaders chase absolute victory, the more they reveal themselves as losers of the most important game—building meaningful human communities.
In this episode, Harvard and MIT Humanist Chaplain Greg Epstein explores how tech's false prophets have led us astray and, more importantly, how we might find our way back to building human-centered security that actually works. The strongest security has never come from building higher walls—it comes from creating ecosystems where everyone's success strengthens the whole. When we understand how to work together better, we all create better security.
What You'll Learn:
• How winner-take-all thinking creates systemic vulnerabilities
• Why collaborative open-source principles build more resilient systems
• The hidden security costs of commercial dominance
• Practical strategies for building multi-stakeholder security
• How to shift from competition to collaboration in your organization
Watch this episode to discover how changing your approach to teamwork and partnerships can dramatically improve your security posture.
About Greg M. Epstein: Greg serves as Humanist Chaplain at Harvard University and MIT, and spent 18 months at TechCrunch exploring the ethics of companies shifting our definition of humanity. He's the author of "Tech Agnostic: How Technology Became the World's Most Powerful Religion, and Why it Desperately Needs a Reformation."
Timestamps:
Chapters
00:00 The Corruption of Winning Culture
02:39 The Role of Community in Security
05:44 Navigating the Media Landscape
08:20 The Algorithmic Influence on Information
11:01 The Cult of Personality in Tech
13:44 The Messianic Figures in Technology
16:24 The Fall of Tech Prophets
19:15 The Importance of Losing
21:44 The Future of Technology and Humanity
24:29 The Need for Ethical Technology
26:56 The Role of Men in Modern Society
29:39 The Impact of AI on Society
32:15 The Cult-like Nature of Tech Culture
34:54 The Importance of Human Connection
37:43 The Future of Humanism in Tech
40:11 The Path Forward for Technology and Humanity
#TechEthics #CommunityBuilding #DigitalSecurity #TechCulture #HumanistChaplain #SiliconValley #TechReformation
When one of the world's largest enterprises deploys AI across 10,000+ developers, the security challenges are unlike anything most organizations have faced. In this episode of SecureTalk, we explore the critical security and strategic considerations for deploying AI tools at enterprise scale with Tobias Yergin, who led AI transformation initiatives at Walmart.
Key Topics Covered:
Tobias brings over two decades of experience in digital transformation, having held senior leadership roles at Intel, VMware, Panasonic, and Citrix Systems. His practical insights from implementing AI at Walmart's massive scale offer invaluable guidance for CISOs and security professionals navigating the complexities of enterprise AI adoption.
Perfect for: CISOs, Security Architects, IT Leaders, Enterprise Risk Managers, and anyone responsible for securing AI implementations in large organizations.
SecureTalk 2025 Security Awareness Training | Complete Compliance Guide
Welcome to SecureTalk's comprehensive 2025 Security Awareness Training video! This annually updated training is designed to help organizations meet their security compliance requirements while building a strong security culture.
🎯 What You'll Learn:
Social Engineering & AI-Enhanced Threats
Cloud Security & Infrastructure
Supply Chain & Third-Party Risk
Insider Threats & Hybrid Work Security
Regulatory Compliance & Automation
Building Security Culture
💼 Compliance Frameworks This Training Addresses:
🏆 Perfect For:
🎓 Certification Available: Complete the training and receive a certification of completion for your compliance documentation.
https://4dont.share.hsforms.com/2EVBbDWdBQyKG5Udaaj0baA
📺 About SecureTalk: SecureTalk explores critical information security innovation and compliance topics. Hosted by Justin Beals, founder and CEO of StrikeGraph, featuring expert insights from cybersecurity professionals across finance, healthcare, engineering, and compliance.
🔔 Subscribe for more security insights and compliance guidance!
Chapters:
0:00 Introduction & Training Overview
3:18 Social Engineering with Steven Ferrell (IT Compliance Expert)
15:00 Advanced Threats with Kenneth Webb (CISA, CISSP)
30:30 Cloud Security with Josh (Head of Engineering)
44:55 Insider Threats with Elmy Peralta (Assessments Manager)
49:09 Regulatory Compliance with Micah Spieler (Chief Product Officer)
1: 01:42 Security Culture with Juliett Eck (CFO)
#CybersecurityTraining #SecurityAwareness #ComplianceTraining #SOC2 #HIPAA #ISO27001 #SecurityCulture #StrikeGraph #SecureTalk
🌙 THE MIDNIGHT SECURITY GUARDIAN: A CISO'S ORIGIN STORY
At 2 AM, most people are dreaming. Satyam Patel is wide awake, sending texts to his security team: "Are we secure? Did we patch that server? Is MFA enabled on that service account?"
This isn't insomnia—it's the origin story of how a "big firewall guy" transformed into one of cybersecurity's most forward-thinking leaders, and why his journey from infrastructure skeptic to AI evangelist mirrors the entire industry's evolution.
📖 THE THREE-ACT TRANSFORMATION:
Act I: The Infrastructure Skeptic's Awakening Watch Satyam's journey from traditional "firewall and load balancer guy" to realizing that employees can't be forced behind VPNs anymore. The moment he discovered that flexibility doesn't mean vulnerability—it means evolution. Learn how this mindset shift led him from protecting perimeters to protecting people.
Act II: The Culture Shock That Changed Everything Picture this: After years of doing "security roadshows" and begging for budget, Satyam walks into Kandji and experiences reverse culture shock. Instead of chasing people for security buy-in, they come to HIM asking, "What does security think?" Witness the CEO moment that flipped his world: "It's not a request—it's a mandate to protect our company at ANY cost."
Act III: The AI Prophet's Dilemma The heated boardroom debate that keeps CISOs awake: Replace human SOC analysts with AI, or keep the human element? Follow Satyam's internal struggle as he weighs 10,000 daily AI-analyzed calls against human intuition, leading to his bold prediction about "Minority Report" style predictive cybersecurity.
🎭 CHARACTER-DRIVEN MOMENTS:
The Paranoid Father: Why Satyam forces his family to use alphanumeric passwords and what Tom Cruise's "Minority Report" taught him about threat prediction.
The Reformed Skeptic: How a career infrastructure guy learned to embrace endpoint security and why he now believes MDM is the new perimeter.
The Reluctant Prophet: His uncomfortable realization that automation will replace thousands of cybersecurity jobs—and why he's helping it happen.
⚡ PLOT TWISTS YOU WON'T SEE COMING:
🎬 THE SUPPORTING CAST:
🚀 MEET THE PROTAGONIST: Satyam Patel isn't your typical CISO. He's the guy who went from customer to C-suite, from skeptic to believer, from infrastructure defender to AI advocate. With 25+ years of plot twists, failed budgets, successful breaches prevented, and one very understanding family who puts up with alphanumeric phone passwords.
#CISOStory #CyberSecurityJourney #AIvsHuman #ZeroTrust #SecurityLeadership #ThreatDetection #Kandji #EndpointSecurity #ParanoidCISO #CyberStory #SecurityCulture #TechTransformation
This isn't just another security interview—it's a cybersecurity thriller with real-world consequences. Subscribe for more stories from the digital frontlines! 🎬🔐
Can Security be “Agile”? with Brian Wagner
In this comprehensive interview, Brian Wagner, CTO at Revenir and former AWS security executive, shares insights from his new book "Redefining Information Security" and explains why the cybersecurity industry needs a fundamental shift in approach. With over 20 years of experience leading security transformations across enterprise organizations, Wagner presents a practical framework for moving beyond reactive security models.
About the Guest:
Brian Wagner brings extensive C-suite experience from Amazon Web Services, Moody's RMS, Bulletproof, and Defense.com. Based in London, he speaks globally on cloud security, AI-driven solutions, and security transformation. His latest book "Redefining Information Security" introduces a three-level maturity framework that's gaining attention from security leaders worldwide.
Key Discussion Points:
Practical Implementation:
The conversation includes real-world examples, from detecting sophisticated employment fraud schemes to integrating security practices into agile development workflows. Wagner emphasizes incremental improvements and measurable outcomes.
Book Recommendation:
"Redefining Information Security" offers a strategic approach to security leadership, focusing on cultural transformation and business alignment rather than purely technical solutions. The book provides frameworks for security professionals and business leaders looking to modernize their approach to digital protection.
Link to the book: https://www.koganpage.com/risk-compliance/redefining-information-security-9781398620018
This interview provides valuable insights for cybersecurity professionals, technology leaders, and anyone interested in understanding how AI and modern approaches are reshaping enterprise security practices.
#Cybersecurity #InformationSecurity #AI #SecurityMaturity #AWS #CloudSecurity #CTO #CISO #ThreatDetection #SecurityCulture #CyberThreats #SecurityLeadership
What happens when you realize your life's work is being used to destroy what you hoped to create?
Meet De Kai - the man who helped build Google Translate, Siri, and modern AI systems. In 1990s Hong Kong, he dreamed of AI that could bridge cultural divides. Thirty years later, he experienced his "Oppenheimer moment" - the same machine learning he pioneered to unite people was dividing humanity through social media algorithms.
The Reality Check: We don't just have 8 billion humans anymore. We have 800 billion AI systems learning our behavior 24/7 - "digital children" growing up without parental guidance.
🎯 KEY INSIGHTS:
• The Translation Paradox: How unity technology became division engines • The Blind Men & Elephant: Ancient parable explaining why we misunderstand AI • Digital Parenting Crisis: Why we're raising 800 billion unguided AI systems • The Psychology of Manipulation: How AI exploits cognitive weaknesses • Four Futures Scenario: Humanity's possible paths with AI
🧠 AI MANIPULATION TACTICS REVEALED:
📖 ABOUT "RAISING AI":
De Kai's book explores the question we should be asking: Not "Will AI replace us?" but "How do we raise AI ethically?" Written by Google's AI Ethics Council founding member, it reveals why current AI needs 15 million times more data than human children and provides a framework for ethical AI development.
🔬 DE KAI'S CREDENTIALS:
• AI pioneer & Founding Fellow in computational linguistics • Independent Director of AI ethics think tank The Future Society • One of 8 inaugural members of Google's AI Ethics Council • Joint appointment at HKUST Computer Science & Berkeley's International Computer Science Institute • Electronic musician exploring AI creativity
💭 QUESTIONS ANSWERED:
The Timeline is Accelerating. 99% of people are "frozen like deer in headlights" facing humanity's most disruptive transformation. Organizations ignoring AI governance face competitive extinction within five years.
This isn't academic theory - it's a confession and warning from someone who helped create the systems now shaping global culture.
Book: Raising AI: An Essential Guide to Parenting Our Future
#AIEthics #GoogleTranslate #ArtificialIntelligence #MachineLearning #RaisingAI #TechnologyLeadership #AIGovernance #DigitalTransformation #FutureOfWork #AIStrategy #Innovation #TechLeadership #AICompliance #BusinessStrategy
Episode Description:
Every device around you is collecting data about you and everyone you interact with. Amazon Echo recordings are being subpoenaed in murder trials. Period tracking apps are being used to prosecute women. Ancestry websites are revealing family secrets. We're participants in the largest social experiment in human history—and we never opted in.
In this episode of SecureTalk, host Justin Beals sits down with Dr. Aram Sinnreich and Jesse Gilbert, co-authors of "The Secret Life of Data," to explore a revolutionary approach to digital security: data kindness.
🎯 KEY TOPICS COVERED: • Why our biggest security threat is social fragmentation, not just technical vulnerabilities • How tech companies profit from division (anger drives 5x more engagement than approval) • The food allergy transformation: how society changed practices organically in 20 years • Practical data kindness: simple actions that rebuild digital trust • Why cooperation is our best defense in an age of surveillance • How to reclaim agency over your digital life
🚨 CRITICAL INSIGHTS:
👥 ABOUT THE GUESTS:
Dr. Aram Sinnreich serves as a Professor and Graduate Director within the Communication Studies department at American University’s School of Communication.
His research addresses the convergence of culture, law, and technology, focusing particularly on topics such as surveillance and privacy, intellectual property, digital rights, digital culture, democracy, governance, and music.
Sinnreich has authored five books: Mashed Up (2010), The Piracy Crusade (2013), The Essential Guide to Intellectual Property (2019), the science fiction novel A Second Chance for Yesterday (2023; coauthored with Rachel Hope Cleves as R.A. Sinn), and The Secret Life of Data (2024; coauthored with Jesse Gilbert).
Additionally, his writing has appeared in various publications including The New York Times, Billboard, Wired, The Daily Beast, and Rolling Stone. He is a core faculty member of the SOC doctoral program and the MA in Media, Technology & Democracy, regularly collaborating with SOC graduate students on research publications and projects.
Jesse Gilbert is an interdisciplinary artist focused on the convergence of visual art, sound, and software design through his firm, Dark Matter Media. He previously served as the founding Chair of the Media Technology department at Woodbury University and has taught interactive software design at CalArts and UC San Diego.
Since 2010, Gilbert's work has revolved around his innovative software, SpectralGL, which is an interactive listening instrument that creates real-time visual landscapes in response to sound. Drawing on his background as a composer, sound designer, and lifelong technologist, his creative output investigates the phenomenological aspects of listening through improvisation and collaborative dialogue. His work has been showcased at numerous concert halls, festivals, and projection-mapped installations worldwide.
In 2007, Gilbert co-founded Dark Matter Media LLC to facilitate his independent creative projects and provide consultancy on emerging technologies across various public and private environments. From 2011 to 2017, he held the founding Chair position in the Department of Media Technology at Woodbury University and taught interactive software design at both CalArts and UC San Diego.
After documenting the problems in their first book, Aram and Jesse recently published insights in Time Magazine and are working on a new book about building cooperative societies with kindness embedded in technology design.
🔗 CONNECT WITH SECURETALK: • Subscribe for weekly cybersecurity insights • Follow Justin Beals on LinkedIn •
RESOURCES:
Sinnreich, A., & Gilbert, J. (2025, April 3). How to be kind in a world that's always monitoring you. Time Magazine. https://time.com/7273469/data-monitoring-kindness-essay/
***Are you attending the Gartner GRC Summit? If so, come along on our Sunset Trip on June 10, 2025. Register here! https://www.strikegraph.com/boat-party-2025?utm_source=secure-talk&utm_medium=podcast&utm_campaign=gartner-boat-party
Episode Description: When quantum computing pioneer Michele Mosca met Peter Shor in the 1990s, he thought quantum computing was "science fiction." Now, he's warning that we're just "a few quarters" away from quantum computers capable of shattering the encryption protecting our global financial system, government communications, and critical infrastructure.
In this must-listen episode, the Oxford-educated mathematician and co-founder of Evolution Q breaks down why symmetric key infrastructure (SKI) and "cryptographic resilience" are essential as quantum computing advances faster than our security preparations. With remarkable clarity, Mosca explains how the nine-year NIST standardization process signals both progress and concerning delays in our quantum readiness.
The interview explores why most organizations are unprepared, how quantum networks could provide a novel security solution, and what businesses should be doing now to protect their long-term data security. Mosca also details the latest breakthroughs in quantum error correction across ion traps, neutral atoms, and superconducting qubits that are bringing us closer to fault-tolerant quantum computing.
Key Topics Covered:
Episode Highlights:
"I met Don Coppersmith... he told me he was helping a colleague improve his algorithm where you'd trap these atoms and you'd shine lasers on them, do exponentiation and then do a Fourier transform... I thought he was joking. I'd never heard of this before."
"We look at it as an engineering challenge. Oh, how much does it cost to scale this up? By a factor of 10 or 100 or 1,000, but 1,000, it's like 10 bits of security... It's not that much of a security buffer. The one we're used to in cryptography between what we could break and those we can't, we want an enormous gap."
About the Guest: Michele Mosca is the CEO and co-founder of evolutionQ, a start-up that provides scalable defense-in-depth with post-quantum cryptography (PQC) and quantum key distribution (QKD) software solutions for cryptographic resilience and quantum-safe security.
Michele is a renowned expert in cryptography and among the world's leading experts at the intersection of quantum computing and cybersecurity. He has been instrumental in working with the business community to share the importance of cryptography as a
critical cybersecurity control protecting both data and communications.
Prior to evolutionQ, Michele was a founder of the world-leading Institute for Quantum Computing, a Professor in the Department of Combinatorics & Optimization at the University of Waterloo, and a founding member of the Perimeter Institute for Theoretical Physics. His work on quantum computing has been published widely in top journals and textbooks.
Michele worked on cryptography during his BMath (Waterloo) and MSc (Oxford) and obtained his Doctorate (Oxford) in Quantum Computer Algorithms. He was appointed as a Knight in the Order of Merit by the Government of Italy in 2018. The Knighthood
recognizes Michele’s contributions in quantum information science and digital security, as well as teaching and outreach.
Connect and Learn More:
In this riveting episode of SecureTalk, host Justin Beals welcomes back decorated military leader and security expert Mike LeFever, Executive Vice President of National Security at Concentric, to discuss the intersection of physical security, geopolitical instability, and the future of national defense. From the polarization of American politics to the innovative warfare tactics in Ukraine, this conversation offers cybersecurity professionals an essential perspective on how global security dynamics impact the digital landscape.
## Key Topics Covered:
- 🔒 **Physical Security Crisis**: How political polarization has created new security challenges for high-profile individuals and organizations
- 🌍 **Soft Power Erosion**: The concerning reduction in USAID and diplomatic initiatives and its impact on national security
- 🇺🇦 **Ukraine's Tech Innovation**: Revolutionary drone warfare tactics and rapid adaptation changing the future of military strategy
- 💻 **Information Warfare**: The growing "truth decay" problem and how disinformation campaigns are reshaping public discourse
- 🏛️ **Constitutional Challenges**: Analysis of current governance issues and threats to democratic institutions
- 🔍 **Leadership in Chaos**: Strategic insights for security professionals navigating turbulent times
## Episode Highlights:
### The Business of Protection
LeFever discusses how Concentric provides comprehensive security for high-net-worth individuals, including physical security, intelligence products, due diligence, and privacy protection in an increasingly polarized environment where public figures face heightened threats.
### The Crisis in Governance
The conversation examines concerning trends in the federal workforce, with both experts highlighting how dismissing experienced personnel creates institutional knowledge gaps and damages trust in critical security domains.
### The Value of Soft Power
Drawing from his experience leading earthquake relief efforts in Pakistan, LeFever explains how humanitarian initiatives like USAID build crucial international relationships that enhance national security more effectively than purely kinetic operations.
### Innovations in Modern Warfare
Analysis of Ukraine's remarkable technological adaptations against Russia, showcasing how smaller forces can effectively counter larger opponents through rapid innovation and precision drone strikes.
### Leadership Wisdom
LeFever shares invaluable advice for security leaders navigating chaos: maintain strategic focus on end goals while building resilience against tactical disruptions.
## About the Guests:
**Mike LeFever** is Executive Vice President of National Security at Concentric, providing comprehensive physical and privacy security solutions. His distinguished military career included leadership roles in counterterrorism and diplomatic security initiatives across multiple global hotspots.
**Justin Beals** is the host of SecureTalk and a recognized expert in cybersecurity strategy and implementation.
## Connect & Learn More:
- Visit www.securetalk.com For more episodes
Episode Summary: In this eye-opening episode of Secure Talk, host Justin Beals investigates how foreign disinformation campaigns have evolved to target AI systems. NewsGuard researchers McKenzie Sadeghi and Isis Blachez reveal their groundbreaking investigation into the Moscow-based Pravda network that has successfully infiltrated Western AI chatbots, creating a new frontier in information warfare that bypasses human readers to directly corrupt the technology we rely on for information.
Key Insights:
Notable Quotes: "Bad actors are targeting AI models to get their information to appear in those responses, but they're also weaponizing AI to produce disinformation at scale." - McKenzie Sadeghi
"What is changing is really the delivery of the disinformation... it's reaching a much larger audience and an audience that's not targeted as specifically because now practically anyone is using ChatGPT or other chatbots." - Isis Blachez
"This network does not invest any money or resources into spreading its content online... It's sort of serving as a centralized hub. And as a result, it appears very high not only in search results but also in chatbot responses." - McKenzie Sadeghi
Resources:
Sadeghi, M., & Blachez, I. (2025, March 6). A well-funded Moscow-based global disinformation network. NewsGuard Reality Check. https://www.newsguardrealitycheck.com/p/a-well-funded-moscow-based-global
In this episode of SecureTalk, host Justin Beals explores the evolving world of API technology and security with Sam Chehab, Head of Security at Postman - the platform used by over 35 million developers and 90% of Fortune 500 companies.
Episode Insights:
"I see such a larger ecosystem that's really going to get built here beyond what's out in the market today," says Sam, discussing how Postman will facilitate human-agent collaboration in building the next generation of applications.
Sam brings unique insights from his previous roles at technology giants like Palo Alto Networks and NVIDIA, where he once demonstrated an early chatbot prototype to Jensen Huang himself. His experience taking products through rigorous FedRAMP certification processes provides a valuable perspective on enterprise-grade security implementation.
This episode offers essential insights for developers, security professionals, and technology leaders interested in the intersection of APIs, AI, and enterprise security in today's rapidly evolving digital landscape.