Secure Talk Podcast

CMMC Is an HR Problem, Not an Enclave Problem — Here's the Proof

The biggest cybersecurity failures in recent memory — Raytheon, Penn State, Georgia Tech — weren't caused by missing software. They were caused by the wrong people being assigned the wrong tasks, with no shared language to connect the rules to the work. This SecureTalk episode with Dorian Cougias (MoxyWolf, former Unified Compliance Framework CEO) is one of the most systems-level conversations we've had on the show. Dorian spent decades building the infrastructure that compliance programs run on — and he's now rebuilding it from scratch, in the open. What you'll hear: → Why the compliance industry is structurally fragmented across three authority domains that don't communicate → How Bloom's Taxonomy — a tool from education — maps directly to which compliance tasks belong to which roles → Why the Oxford English Dictionary doesn't have "personal data" in it, and what that tells us about regulatory language → The O*NET framework and why the Department of Labor might be the most underused tool in cybersecurity → Shannon's entropy theory, applied to compliance and cognitive load → A new open-source STIG API infrastructure that StrikeGraph is integrating as a launch partner Whether you're deep in the compliance trenches or just fascinated by how complex systems fail — and how to redesign them — this is worth your time. 🔗 strikegraph.com | stigviewer.com Chapters: 00:00 Introduction and Background 02:43 Exploring Compliance and Natural Language Processing 05:15 Military Experience and Signal Intelligence 08:01 Cognitive Load and Compliance Frameworks 10:49 The Importance of Language in Compliance 13:39 The Evolution of Dictionaries and Lexicons 16:16 Bridging Gaps in Compliance Communication 18:47 Innovations at MoxieWolf and Future Directions 22:04 Mapping Skills and Regulatory Guidelines 25:05 Job Applicability and Knowledge Requirements 28:02 The Importance of O*NET in Cybersecurity 29:21 Challenges in CMMC Compliance 33:23 The Role of Technology in Compliance 35:38 Horizontal Practices in Compliance 38:15 Building Effective Teams for Compliance 42:21 Introduction to Compliance Failures 45:19 The Human Element in Compliance 48:10 Navigating Compliance Complexity with Technology 48:57 Introduction to Cybersecurity Compliance Challenges 54:09 The Role of People in Compliance Success 56:01 Guest Introduction: Dorian Cougas 01:00:48 Exploring Bloom's Taxonomy in Compliance 01:05:48 The Importance of Shared Lexicons 01:09:32 Navigating Compliance with Technology 01:15:11 MoxieWolf's Approach to Compliance 01:20:49 The Interconnectedness of Compliance Tasks 01:27:51 Real-World Compliance Challenges 01:33:57 Building Effective Teams for Compliance #Cybersecurity #ComplianceCulture #CMMC #HumanFactors #GRC #TechPolicy #SecureTalk

The ROI of Security Tested: What a new paper reveals about security value | Secure Talk with Minh Nguyen and Thi Tran

Why do most cybersecurity investments feel impossible to justify? Because the measurement tools are broken — built on gut instinct, not research. Researchers Minh Nguyen (Florida Atlantic University) and Thi Tran (Binghamton University) set out to fix that. In this episode, they break down their landmark paper "Effects of Cybersecurity Readiness on Firm Performance: Evidence from Conference Calls" — the first study to systematically measure cybersecurity readiness at the firm level and link it directly to financial performance. What they found will change how you think about security budgets: → Outsider mentions of cybersecurity in earnings calls are 100x more predictive of firm performance than insider mentions → Even a single co-occurrence of security-related language drives measurable returns on assets the following year → Companies that act proactively - not reactively - earn greater market trust This is the episode for CISOs who need real data to justify investment, security leaders tired of folklore-based decision-making, and anyone curious about how AI, NLP, and causal inference are reshaping the business case for cybersecurity. Chapters 00:00 Introduction to the Guests and Their Backgrounds 02:34 The Intersection of AI, Business, and Cybersecurity 05:32 Understanding Cybersecurity Readiness 08:31 The Importance of Measurement in Cybersecurity 11:16 Developing a Cybersecurity Dictionary 14:16 The Impact of Outsider Perspectives on Firm Performance 16:51 The Role of Transparency in Cybersecurity 19:40 Future Research Directions in Cybersecurity 22:37 Conclusion and Final Thoughts 🔗 Paper: "Effects of Cybersecurity Readiness on Firm Performance: Evidence from Conference Calls"  https://scholarspace.manoa.hawaii.edu/server/api/core/bitstreams/b098c310-db83-42cc-8932-852ef7ebcc86/content #Cybersecurity #CyberROI #CISO #FirmPerformance #CybersecurityResearch #NLP #CausalInference #InfoSec #SecurityLeadership #ConferenceCall``

They Sold AI to Play God. China Never Got That Memo.

The West has been building AI like it's the apocalypse. China has been building it like it's a tool. That one difference — rooted in centuries of philosophy, theology, and cultural storytelling — may be the most important thing nobody is talking about in the AI debate right now. SecureTalk host Justin Beals sits down with scholars Bogna Konior (NYU Shanghai), Mi You (University of Kassel), and Vincent Garton to explore their co-edited book "Machine Decision Is Not Final: China and the History and Future of Artificial Intelligence" — and what it reveals about the hidden assumptions driving the decisions we make about AI governance, security, and society. What this conversation unpacks: → Why Western AI fear traces back to Christian theology — not rational risk analysis → How the Chinese term for AI literally means "human-made wisdom ability" — no alien mind implied → The 2019 Elon Musk vs. Jack Ma exchange that exposed the cultural divide in real time → What DeepSeek's open-source breakthrough says about innovation, restriction, and creative problem-solving → Why this debate matters far beyond the US and China — and who else is watching closely If you work in cybersecurity, tech leadership, or AI policy, the cultural lens on this technology isn't a soft question. It shapes real architectural, governance, and regulatory decisions. Chapters 00:00 Introduction and Perspectives on AI in China 02:41 The Meaning Behind the Claw Machine Image 05:33 The Book's Creation and Collaborative Efforts 08:32 Cultural Perspectives on AI: East vs. West 11:06 The Impact of Open Source AI Models 13:45 Innovation in a Controlled Environment 16:20 Human-Made vs. Artificial Intelligence 19:23 The Philosophical Underpinnings of AI 22:06 The Role of Human Agency in AI Decisions 24:54 Exploring the Future of AI and Society 27:26 The Synthesis of Technology and Society 30:22 Conclusion and Final Thoughts 44:17 Understanding Artificial Intelligence: A Cultural Perspective 47:08 Machine Decision: The Chinese Perspective on AI 49:59 Innovation and Openness in AI Development 50:27 Global Implications of AI Beyond Superpowers 50:37 Introduction and Context of AI Governance 01:00:53 The Role of Computers in Decision Making 01:08:26 Transparency in AI and Governance 01:17:58 Cultural Perspectives on AI: East vs. West 01:23:46 The Singularity and Its Philosophical Implications 01:27:15 Simulation and Reality in AI Discourse 01:35:14 Social Implications of Large Language Models 🎙️ SecureTalk is hosted by Justin Beals, CEO of Strike Graph. 🔔 Subscribe for weekly conversations at the intersection of cybersecurity, technology, and leadership. #ArtificialIntelligence #AIPolicy #ChinaAI #DeepSeek #Cybersecurity #AIGovernance #TechLeadership #OpenSourceAI ```

The DOGE data breach at the Social Security Administration with Whistleblower Chuck Borges

Every American has a Social Security number. Most assume it's protected. Chuck Borges was the person responsible for that protection at the SSA — and what he discovered from the inside is something every American deserves to know. Chuck is a combat veteran, MIT graduate, and the Social Security Administration's first dedicated Chief Data Officer. He arrived two weeks before the 2025 administration change, watched data governance requests get denied and sensitive work get siloed away from the officials responsible for protecting it,  and when the risk became too great to ignore, he spoke up. It cost him his job. In this episode of SecureTalk, Chuck and host Justin Beals cover: - Why NUMIDENT data breach goes far beyond a typical data breach - How shadow IT and unchecked access created a governance nightmare inside the SSA - The national security implications of 550 million identity records at risk - What it actually takes to blow the whistle when the stakes are this high This is one of the most important cybersecurity conversations of 2025, not because of the technology involved, but because of what it reveals about the systems we trust to protect us. Chapters 00:00 From Dreams to Data: A Unique Journey 02:47 Navigating the Data Landscape: Challenges and Innovations 05:41 The Role of Governance in Data Management 08:20 Civil Service and the Mission Mindset 11:16 Chaos and Change: The Impact of Administration Shifts 13:52 Empathy in Leadership: The Human Element 16:51 Life Experience and Effective Governance 21:16 Siloing and Data Manipulation in Government 23:30 The Risks of Shadow IT and Data Security 27:39 The Dangers of Numident Data 30:08 The Nightmare of Data Exfiltration 31:52 The Courage to Blow the Whistle 36:19 Transitioning to Political Service 38:24 Challenges of Running for Office 41:36 Building Community Through Problem Solving 43:05 Introduction to Data Sensitivity and Governance 44:33 The Risks of Data Exposure 45:55 Chuck Borges: A Profile in Data Leadership 46:46 Introduction to SecureTalk and Data Security 47:37 The Role of the Social Security Administration 48:35 Chuck Borges: A Journey Through Data Governance 50:28 The Impact of Administration Changes on Governance 56:14 Challenges in Data Management and Governance 01:00:58 The Risks of Data Exposure and Mismanagement 01:05:37 Whistleblowing and Ethical Responsibilities 01:14:56 Running for Office: A New Chapter in Public Service Resources:    Chuck Borges Website - https://chuck4md.com Twitter - https://twitter.com/Chuck4MD 🔔 Subscribe to SecureTalk for weekly conversations on cybersecurity, leadership, and the technology shaping our world. #SocialSecurity #DataGovernance #Cybersecurity #DataBreach #NationalSecurity #Whistleblower #FederalCybersecurity #IdentityTheft #SecureTalk #CDO

From 9/11 to Salt Typhoon: Why Backdoors Always Betray Us | Secure Talk with John Ackerly

On the morning of September 11th, 2001, John Ackerly was briefing White House officials on federal privacy legislation. Hours later, everything changed — and those two realities, data that wasn't shared when it should have been, and data that was exposed when it shouldn't have been, became the founding idea behind Virtru. In this episode of SecureTalk, host Justin Beals sits down with John Ackerly, CEO and co-founder of Virtru and former White House technology policy adviser, to explore why perimeter security alone is broken — and what data-centric, cryptographic control means for the future of cybersecurity. They cover: 00:00 Introduction to SecureTalk and Data Security 02:28 John Ackerly's Experience and Insights on Privacy Legislation 05:05 The Dichotomy of Privacy and Security 09:12 Public-Private Partnerships in National Security 12:24 Navigating Compliance and Security in Business 15:26 The Role of Technology in Security Solutions 18:40 Family Ties and Military Background in Cybersecurity 20:41 Insider Threats and Data Security Innovations 23:29 The Importance of Data Management and Audits 26:12 Cultural Impact on Security Practices 29:19 Future Challenges: Quantum Computing and Security 32:52 The Evolution of AI and Data Science in Security Whether you work in cybersecurity, government, or technology policy, this conversation connects the policy decisions of the past 25 years to the architectural challenges we face today. 🔒 Learn more about Virtru: https://www.virtru.com 🎙️ Subscribe to SecureTalk for weekly conversations at the intersection of technology, security, and society.