Musings from the Cyber Trench

Compliance, GRC, cybersecurity maturity, audit readiness, AI, CMMC, and continuous security

Send us Fan Mail [https://www.buzzsprout.com/2610364/fan_mail/new] Too many organizations still treat compliance as a one-time audit exercise: get the certification, satisfy the customer, and move on. In this episode of Musings from the Cyber Trench, I sit down with Sarah Lynn, a seasoned IT, cybersecurity, GRC, advisory, and audit preparation leader, to discuss why that mindset breaks down fast. We talk about what happens when compliance is treated as “paperwork,” where programs usually fail first, and why people, process, and technology all have to work together for compliance to become part of daily operations. Sarah also shares practical insights on: *  Why undocumented processes are a major red flag  *  How leaders can move from checklist compliance to security maturity  *  Where organizations underinvest and overspend in compliance programs  *  Why buying a tool before understanding the process usually backfires  *  AI’s role in compliance, automation, meeting notes, artifact collection, and risk  *  Why CMMC, SOC 2, ISO, FedRAMP, and other frameworks require continuous effort  *  How trusted advisors and peer groups can help leaders avoid reinventing the wheel  The core message: compliance is not something you “get through.” Done right, it becomes a habit, a management discipline, and a foundation for stronger security. Guest: Sarah Lynn brings 25+ years across IT, cybersecurity, GRC, audit readiness, risk, continuity, and technology operations, helping SaaS/IaaS-driven organizations turn compliance into practical, business-aligned security. Responsible for ICAM, Zero Trust, or identity security in a federal agency, prime, or large regulated enterprise? If you’re trying to move from strategy to execution, start with Zephon’s Zero Trust Readiness Assessment: zephon.tech/zt [https://zephon.tech/zt?utm_source=podcast&utm_medium=buzzsprout&utm_campaign=zt_readiness] Questions or guest ideas? Email defend@zephon.tech [defend@zephon.tech]

Energy Is the Upstream Cyber Risk in Power Infrastructure | Bethun Bhowmik | EP 112

Send us Fan Mail [https://www.buzzsprout.com/2610364/fan_mail/new] Energy is the upstream of everything In this episode we explore how energy infrastructure has become one of the most critical and vulnerable systems in the modern world From power grid attacks to systemic risks this conversation reveals why cyber threats to energy impact entire nations Responsible for ICAM, Zero Trust, or identity security in a federal agency, prime, or large regulated enterprise? If you’re trying to move from strategy to execution, start with Zephon’s Zero Trust Readiness Assessment: zephon.tech/zt [https://zephon.tech/zt?utm_source=podcast&utm_medium=buzzsprout&utm_campaign=zt_readiness] Questions or guest ideas? Email defend@zephon.tech [defend@zephon.tech]

The Leadership Mistake That Breaks Security Systems | Morgan Reed | EP 111

Send us Fan Mail [https://www.buzzsprout.com/2610364/fan_mail/new] This episode explores the leadership and design challenges behind modern cybersecurity failures. Morgan Reed, CTO of Transbridge, shares how traditional approaches to security focused on controls, compliance, and restriction often ignore the most critical variable: human behavior. The discussion reframes cybersecurity as a design and leadership problem, where usability, context, and adaptability determine effectiveness. You’ll learn: - Why leadership decisions shape security outcomes - How excessive controls create friction and risk - The gap between security policy and real world behavior - Why human centered design is critical in cybersecurity - How AI can support adaptive, context aware systems - What leaders must change to build resilient security environments This episode is ideal for executives, CISOs, and technology leaders focused on improving security, reducing risk, and building systems that actually work in practice. Responsible for ICAM, Zero Trust, or identity security in a federal agency, prime, or large regulated enterprise? If you’re trying to move from strategy to execution, start with Zephon’s Zero Trust Readiness Assessment: zephon.tech/zt [https://zephon.tech/zt?utm_source=podcast&utm_medium=buzzsprout&utm_campaign=zt_readiness] Questions or guest ideas? Email defend@zephon.tech [defend@zephon.tech]

Cyber Risk Quantification Explained: How to Turn Security into Business Decisions | Edwin Covert | EP 110

Send us Fan Mail [https://www.buzzsprout.com/2610364/fan_mail/new]  In this episode of Musings From the Cyber Trench, Vishal Masih speaks with cybersecurity expert Edwin Covert about the evolution of cyber risk management. Edwin explains why traditional qualitative risk models fail to support business decision making and how organizations can adopt risk quantification to measure probability and financial impact. The conversation explores how cybersecurity teams can better communicate with business leaders, align with enterprise risk management, and make more effective decisions based on data. Responsible for ICAM, Zero Trust, or identity security in a federal agency, prime, or large regulated enterprise? If you’re trying to move from strategy to execution, start with Zephon’s Zero Trust Readiness Assessment: zephon.tech/zt [https://zephon.tech/zt?utm_source=podcast&utm_medium=buzzsprout&utm_campaign=zt_readiness] Questions or guest ideas? Email defend@zephon.tech [defend@zephon.tech]

The Mindset Shift That Makes Cybersecurity Personal | Robert Siciliano | EP 109

Send us Fan Mail [https://www.buzzsprout.com/2610364/fan_mail/new] Cybersecurity expert Robert Siciliano joins Vishal Masih on Musings from the Cyber Trench to discuss why cybersecurity is ultimately a human behavior challenge. Robert explains why traditional compliance training often fails, how cybercriminals exploit human trust, and why organizations must focus on building a human firewall rather than relying solely on technology. Robert Siciliano is a private investigator, Certified Speaking Professional (CSP), CEO of Protect Now, LLC, and creator of The Strategic Human Firewall™. He is widely recognized as one of the leading experts on cybercrime and identity theft, with more than 500 television appearances, 1,000 radio contributions, and 3,000+ media features. The conversation explores how companies can build stronger cybersecurity cultures by helping employees understand that protecting company data also protects their own identity and security. Responsible for ICAM, Zero Trust, or identity security in a federal agency, prime, or large regulated enterprise? If you’re trying to move from strategy to execution, start with Zephon’s Zero Trust Readiness Assessment: zephon.tech/zt [https://zephon.tech/zt?utm_source=podcast&utm_medium=buzzsprout&utm_campaign=zt_readiness] Questions or guest ideas? Email defend@zephon.tech [defend@zephon.tech]