Why you could fail your CMMC Level 2 C3PAO audit | Secure Talk with Logan Therrien

Why you could fail your CMMC Level 2 C3PAO audit | Secure Talk with Logan Therrien

You did your self assessment and received a perfect 110 score, congratulations! You met with your C3PAO and scored less than 0. What happened! How can two CMMC assessors examine the same defense contractor and arrive at completely different scores? A lack of rigor in assessment methodology could mean the entire certification system is measuring the assessor — not your security. Logan Therrien, Chief Strategy Officer at Kieri Solutions and one of the original C3PAO lead assessors in the U.S., joins Justin Beals to expose a critical flaw in how CMMC Level 2 assessments are conducted today: no standardized evidence sampling methodology. This episode is for DoD contractors, compliance consultants, and defense industry executives who want to understand what's at stake — and how to navigate assessments before the rules tighten further. What you'll learn: * Why NIST 800-171 was intentionally vague — and how that backfired for assessors * How one assessor might review a single evidence point while another reviews 100% * What ISO 17020 accreditation will require of C3PAOs and why it matters now * What the 48 CFR expansion means for 118,000+ contractors in the supply chain * How to prepare for an assessment so it feels like an open-book test Logan also co-authored the peer-reviewed paper "The Need for Standardized Evidence Sampling in CMMC Assessments: A Survey-Based Analysis of Assessor Practices" (with John Hastings) — one of the first data-driven studies of assessment methodology in the CMMC ecosystem. Chapters 00:00 Introduction to Secure Talk and Psychometrics 01:45 Understanding CMMC and Its Implications 05:32 Logan Therian's Background and Insights 09:16 The Challenges of Assessment Methodologies 16:10 The Scale and Impact of CMMC Assessments 20:31 Navigating Standards in Cybersecurity 23:53 Evidence Testing in CMMC Assessments 27:43 The Importance of Reliable and Accurate Assessments 36:22 Building Trust Between Industry and Defense 41:46 Future Directions in CMMC Research Resources: Therrien, Logan and Hastings, John. (2026, February 10). The need for standardized evidence sampling in CMMC assessments: A survey-based analysis of assessor practices. arXiv. https://arxiv.org/abs/2602.09905 [https://www.youtube.com/redirect?event=video_description&redir_token=QUFFLUhqblZMOGVCeWg0cXZidEw4eS1pdC1BZ1ZQNnFCZ3xBQ3Jtc0tuOGtpa09qNzhhOXVhWHdVcmMwNHFkQ0hsbVdmUGhoU0p0OHd6UXJ5UUszMDdCdWZ4bFJWVjFBcGdya3E3VjV5eFVnMG9yZFZIRnY5NGhhMk9Vek1sWHRoTGRVUkxLbk1FcnRlR3hFaTQyenBVMWk1dw&q=https%3A%2F%2Farxiv.org%2Fabs%2F2602.09905&v=RqPHxN86kWY]

Mark Zuckerberg has an AI twin. Who Is Mark Zuckerberg?

Mark Zuckerberg built an AI version of himself that attends meetings and approves budgets while he's elsewhere. That's not science fiction — it's happening now. But when an AI replica makes a consequential decision, who's legally responsible? Who owns it when you die? Dr. Candi Cann, Thanatologist and professor at Baylor University, joins SecureTalk host Justin Beals to explore the uncomfortable intersection of technology, mortality, and identity — and what it means for data governance, digital rights, and the future of enterprise accountability. In this episode: Key topics: digital identity, AI accountability, data governance, CMMC compliance, death technology, digital ethics, AI agents, enterprise security If your organization is deploying AI agents that act on behalf of humans — approving transactions, attending meetings, representing employees — this episode raises the governance questions your security and legal teams need to be asking right now. Subscribe to SecureTalk for weekly conversations at the edge of cybersecurity, compliance, and technology culture. Resources:  Book: Augmented: Life and Death as a Cyborg by Candy Cann, MIT Press, 2026. Link: https://mitpress.mit.edu/9780262051118/augmented/

CMMC Is an HR Problem, Not an Enclave Problem — Here's the Proof

The biggest cybersecurity failures in recent memory — Raytheon, Penn State, Georgia Tech — weren't caused by missing software. They were caused by the wrong people being assigned the wrong tasks, with no shared language to connect the rules to the work. This SecureTalk episode with Dorian Cougias (MoxyWolf, former Unified Compliance Framework CEO) is one of the most systems-level conversations we've had on the show. Dorian spent decades building the infrastructure that compliance programs run on — and he's now rebuilding it from scratch, in the open. What you'll hear: → Why the compliance industry is structurally fragmented across three authority domains that don't communicate → How Bloom's Taxonomy — a tool from education — maps directly to which compliance tasks belong to which roles → Why the Oxford English Dictionary doesn't have "personal data" in it, and what that tells us about regulatory language → The O*NET framework and why the Department of Labor might be the most underused tool in cybersecurity → Shannon's entropy theory, applied to compliance and cognitive load → A new open-source STIG API infrastructure that StrikeGraph is integrating as a launch partner Whether you're deep in the compliance trenches or just fascinated by how complex systems fail — and how to redesign them — this is worth your time. 🔗 strikegraph.com | stigviewer.com Chapters: 00:00 Introduction and Background 02:43 Exploring Compliance and Natural Language Processing 05:15 Military Experience and Signal Intelligence 08:01 Cognitive Load and Compliance Frameworks 10:49 The Importance of Language in Compliance 13:39 The Evolution of Dictionaries and Lexicons 16:16 Bridging Gaps in Compliance Communication 18:47 Innovations at MoxieWolf and Future Directions 22:04 Mapping Skills and Regulatory Guidelines 25:05 Job Applicability and Knowledge Requirements 28:02 The Importance of O*NET in Cybersecurity 29:21 Challenges in CMMC Compliance 33:23 The Role of Technology in Compliance 35:38 Horizontal Practices in Compliance 38:15 Building Effective Teams for Compliance 42:21 Introduction to Compliance Failures 45:19 The Human Element in Compliance 48:10 Navigating Compliance Complexity with Technology 48:57 Introduction to Cybersecurity Compliance Challenges 54:09 The Role of People in Compliance Success 56:01 Guest Introduction: Dorian Cougas 01:00:48 Exploring Bloom's Taxonomy in Compliance 01:05:48 The Importance of Shared Lexicons 01:09:32 Navigating Compliance with Technology 01:15:11 MoxieWolf's Approach to Compliance 01:20:49 The Interconnectedness of Compliance Tasks 01:27:51 Real-World Compliance Challenges 01:33:57 Building Effective Teams for Compliance #Cybersecurity #ComplianceCulture #CMMC #HumanFactors #GRC #TechPolicy #SecureTalk

The ROI of Security Tested: What a new paper reveals about security value | Secure Talk with Minh Nguyen and Thi Tran

Why do most cybersecurity investments feel impossible to justify? Because the measurement tools are broken — built on gut instinct, not research. Researchers Minh Nguyen (Florida Atlantic University) and Thi Tran (Binghamton University) set out to fix that. In this episode, they break down their landmark paper "Effects of Cybersecurity Readiness on Firm Performance: Evidence from Conference Calls" — the first study to systematically measure cybersecurity readiness at the firm level and link it directly to financial performance. What they found will change how you think about security budgets: → Outsider mentions of cybersecurity in earnings calls are 100x more predictive of firm performance than insider mentions → Even a single co-occurrence of security-related language drives measurable returns on assets the following year → Companies that act proactively - not reactively - earn greater market trust This is the episode for CISOs who need real data to justify investment, security leaders tired of folklore-based decision-making, and anyone curious about how AI, NLP, and causal inference are reshaping the business case for cybersecurity. Chapters 00:00 Introduction to the Guests and Their Backgrounds 02:34 The Intersection of AI, Business, and Cybersecurity 05:32 Understanding Cybersecurity Readiness 08:31 The Importance of Measurement in Cybersecurity 11:16 Developing a Cybersecurity Dictionary 14:16 The Impact of Outsider Perspectives on Firm Performance 16:51 The Role of Transparency in Cybersecurity 19:40 Future Research Directions in Cybersecurity 22:37 Conclusion and Final Thoughts 🔗 Paper: "Effects of Cybersecurity Readiness on Firm Performance: Evidence from Conference Calls"  https://scholarspace.manoa.hawaii.edu/server/api/core/bitstreams/b098c310-db83-42cc-8932-852ef7ebcc86/content #Cybersecurity #CyberROI #CISO #FirmPerformance #CybersecurityResearch #NLP #CausalInference #InfoSec #SecurityLeadership #ConferenceCall``

They Sold AI to Play God. China Never Got That Memo.

The West has been building AI like it's the apocalypse. China has been building it like it's a tool. That one difference — rooted in centuries of philosophy, theology, and cultural storytelling — may be the most important thing nobody is talking about in the AI debate right now. SecureTalk host Justin Beals sits down with scholars Bogna Konior (NYU Shanghai), Mi You (University of Kassel), and Vincent Garton to explore their co-edited book "Machine Decision Is Not Final: China and the History and Future of Artificial Intelligence" — and what it reveals about the hidden assumptions driving the decisions we make about AI governance, security, and society. What this conversation unpacks: → Why Western AI fear traces back to Christian theology — not rational risk analysis → How the Chinese term for AI literally means "human-made wisdom ability" — no alien mind implied → The 2019 Elon Musk vs. Jack Ma exchange that exposed the cultural divide in real time → What DeepSeek's open-source breakthrough says about innovation, restriction, and creative problem-solving → Why this debate matters far beyond the US and China — and who else is watching closely If you work in cybersecurity, tech leadership, or AI policy, the cultural lens on this technology isn't a soft question. It shapes real architectural, governance, and regulatory decisions. Chapters 00:00 Introduction and Perspectives on AI in China 02:41 The Meaning Behind the Claw Machine Image 05:33 The Book's Creation and Collaborative Efforts 08:32 Cultural Perspectives on AI: East vs. West 11:06 The Impact of Open Source AI Models 13:45 Innovation in a Controlled Environment 16:20 Human-Made vs. Artificial Intelligence 19:23 The Philosophical Underpinnings of AI 22:06 The Role of Human Agency in AI Decisions 24:54 Exploring the Future of AI and Society 27:26 The Synthesis of Technology and Society 30:22 Conclusion and Final Thoughts 44:17 Understanding Artificial Intelligence: A Cultural Perspective 47:08 Machine Decision: The Chinese Perspective on AI 49:59 Innovation and Openness in AI Development 50:27 Global Implications of AI Beyond Superpowers 50:37 Introduction and Context of AI Governance 01:00:53 The Role of Computers in Decision Making 01:08:26 Transparency in AI and Governance 01:17:58 Cultural Perspectives on AI: East vs. West 01:23:46 The Singularity and Its Philosophical Implications 01:27:15 Simulation and Reality in AI Discourse 01:35:14 Social Implications of Large Language Models 🎙️ SecureTalk is hosted by Justin Beals, CEO of Strike Graph. 🔔 Subscribe for weekly conversations at the intersection of cybersecurity, technology, and leadership. #ArtificialIntelligence #AIPolicy #ChinaAI #DeepSeek #Cybersecurity #AIGovernance #TechLeadership #OpenSourceAI ```