Afleveringen
-
Most companies chase certifications to win deals — but what actually keeps customers is something no audit can measure.
In this episode, vCISO David Grazer makes the case that trust is a measurable economic asset hiding in plain sight: your customer retention rate. Drawing on 15+ years inside high-growth tech companies, David explains why compliance frameworks are customer acquisition tools, not retention strategies — and how the gap between the two is costing businesses more than they realize.
This episode is for founders, security leaders, and C-suite executives who want to connect their security and privacy programs to real business outcomes.
You'll learn:
→ Why a SOC 2 or ISO 27001 certification is only the beginning of earning customer trust
→ How customer churn functions as one of the most honest security metrics available
→ Why MFA and common security controls often fail the users who need them most
→ What "Trust by Design" looks like in product development and AI programs
→ How to translate security risk into language that resonates with your CFO
Chapters
00:00 Introduction to Secure Talk and Trust
03:42 David Grazer's Journey into Security and Privacy
08:09 Navigating Compliance and Customer Trust
12:49 The Role of Consulting in Security
18:07 Trust as a Measurable Economic Asset
23:42 Identity Management in the Entertainment Industry
26:09 The VC SO Model and Its Impact
29:13 The Evolution of Compliance Conversations
33:17 Exploring the Intersection of Technology and Society
🔔 Subscribe to SecureTalk for weekly conversations at the intersection of cybersecurity, compliance, and business strategy.
#cybersecurity #compliance #CISO #trustbydesign #vciso #informationsecurity #GRC #dataprivacy
-
You did your self assessment and received a perfect 110 score, congratulations! You met with your C3PAO and scored less than 0. What happened!
How can two CMMC assessors examine the same defense contractor and arrive at completely different scores? A lack of rigor in assessment methodology could mean the entire certification system is measuring the assessor — not your security. Logan Therrien, Chief Strategy Officer at Kieri Solutions and one of the original C3PAO lead assessors in the U.S., joins Justin Beals to expose a critical flaw in how CMMC Level 2 assessments are conducted today: no standardized evidence sampling methodology.
This episode is for DoD contractors, compliance consultants, and defense industry executives who want to understand what's at stake — and how to navigate assessments before the rules tighten further.
What you'll learn:
Why NIST 800-171 was intentionally vague — and how that backfired for assessorsHow one assessor might review a single evidence point while another reviews 100%What ISO 17020 accreditation will require of C3PAOs and why it matters nowWhat the 48 CFR expansion means for 118,000+ contractors in the supply chainHow to prepare for an assessment so it feels like an open-book testLogan also co-authored the peer-reviewed paper "The Need for Standardized Evidence Sampling in CMMC Assessments: A Survey-Based Analysis of Assessor Practices" (with John Hastings) — one of the first data-driven studies of assessment methodology in the CMMC ecosystem.
Chapters
00:00 Introduction to Secure Talk and Psychometrics
01:45 Understanding CMMC and Its Implications
05:32 Logan Therian's Background and Insights
09:16 The Challenges of Assessment Methodologies
16:10 The Scale and Impact of CMMC Assessments
20:31 Navigating Standards in Cybersecurity
23:53 Evidence Testing in CMMC Assessments
27:43 The Importance of Reliable and Accurate Assessments
36:22 Building Trust Between Industry and Defense
41:46 Future Directions in CMMC Research
Resources:
Therrien, Logan and Hastings, John. (2026, February 10). The need for standardized evidence sampling in CMMC assessments: A survey-based analysis of assessor practices. arXiv. https://arxiv.org/abs/2602.09905
-
Zijn er afleveringen die ontbreken?
-
Mark Zuckerberg built an AI version of himself that attends meetings and approves budgets while he's elsewhere. That's not science fiction — it's happening now. But when an AI replica makes a consequential decision, who's legally responsible? Who owns it when you die?
Dr. Candi Cann, Thanatologist and professor at Baylor University, joins SecureTalk host Justin Beals to explore the uncomfortable intersection of technology, mortality, and identity — and what it means for data governance, digital rights, and the future of enterprise accountability.
In this episode:
Key topics: digital identity, AI accountability, data governance, CMMC compliance, death technology, digital ethics, AI agents, enterprise security
If your organization is deploying AI agents that act on behalf of humans — approving transactions, attending meetings, representing employees — this episode raises the governance questions your security and legal teams need to be asking right now.
Subscribe to SecureTalk for weekly conversations at the edge of cybersecurity, compliance, and technology culture.
Resources:
Book: Augmented: Life and Death as a Cyborg by Candy Cann, MIT Press, 2026. Link: https://mitpress.mit.edu/9780262051118/augmented/ -
The biggest cybersecurity failures in recent memory — Raytheon, Penn State, Georgia Tech — weren't caused by missing software. They were caused by the wrong people being assigned the wrong tasks, with no shared language to connect the rules to the work.
This SecureTalk episode with Dorian Cougias (MoxyWolf, former Unified Compliance Framework CEO) is one of the most systems-level conversations we've had on the show. Dorian spent decades building the infrastructure that compliance programs run on — and he's now rebuilding it from scratch, in the open.
What you'll hear:
→ Why the compliance industry is structurally fragmented across three authority domains that don't communicate
→ How Bloom's Taxonomy — a tool from education — maps directly to which compliance tasks belong to which roles
→ Why the Oxford English Dictionary doesn't have "personal data" in it, and what that tells us about regulatory language
→ The O*NET framework and why the Department of Labor might be the most underused tool in cybersecurity
→ Shannon's entropy theory, applied to compliance and cognitive load
→ A new open-source STIG API infrastructure that StrikeGraph is integrating as a launch partner
Whether you're deep in the compliance trenches or just fascinated by how complex systems fail — and how to redesign them — this is worth your time.
🔗 strikegraph.com | stigviewer.com
Chapters:
00:00 Introduction and Background
02:43 Exploring Compliance and Natural Language Processing
05:15 Military Experience and Signal Intelligence
08:01 Cognitive Load and Compliance Frameworks
10:49 The Importance of Language in Compliance
13:39 The Evolution of Dictionaries and Lexicons
16:16 Bridging Gaps in Compliance Communication
18:47 Innovations at MoxieWolf and Future Directions
22:04 Mapping Skills and Regulatory Guidelines
25:05 Job Applicability and Knowledge Requirements
28:02 The Importance of O*NET in Cybersecurity
29:21 Challenges in CMMC Compliance
33:23 The Role of Technology in Compliance
35:38 Horizontal Practices in Compliance
38:15 Building Effective Teams for Compliance
42:21 Introduction to Compliance Failures
45:19 The Human Element in Compliance
48:10 Navigating Compliance Complexity with Technology
48:57 Introduction to Cybersecurity Compliance Challenges
54:09 The Role of People in Compliance Success
56:01 Guest Introduction: Dorian Cougas
01:00:48 Exploring Bloom's Taxonomy in Compliance
01:05:48 The Importance of Shared Lexicons
01:09:32 Navigating Compliance with Technology
01:15:11 MoxieWolf's Approach to Compliance
01:20:49 The Interconnectedness of Compliance Tasks
01:27:51 Real-World Compliance Challenges
01:33:57 Building Effective Teams for Compliance
#Cybersecurity #ComplianceCulture #CMMC #HumanFactors #GRC #TechPolicy #SecureTalk
-
Why do most cybersecurity investments feel impossible to justify? Because the measurement tools are broken — built on gut instinct, not research.Researchers Minh Nguyen (Florida Atlantic University) and Thi Tran (Binghamton University) set out to fix that. In this episode, they break down their landmark paper "Effects of Cybersecurity Readiness on Firm Performance: Evidence from Conference Calls" — the first study to systematically measure cybersecurity readiness at the firm level and link it directly to financial performance.
What they found will change how you think about security budgets:
→ Outsider mentions of cybersecurity in earnings calls are 100x more predictive of firm performance than insider mentions→ Even a single co-occurrence of security-related language drives measurable returns on assets the following year
→ Companies that act proactively - not reactively - earn greater market trust
This is the episode for CISOs who need real data to justify investment, security leaders tired of folklore-based decision-making, and anyone curious about how AI, NLP, and causal inference are reshaping the business case for cybersecurity.Chapters
00:00 Introduction to the Guests and Their Backgrounds
02:34 The Intersection of AI, Business, and Cybersecurity
05:32 Understanding Cybersecurity Readiness
08:31 The Importance of Measurement in Cybersecurity
11:16 Developing a Cybersecurity Dictionary
14:16 The Impact of Outsider Perspectives on Firm Performance
16:51 The Role of Transparency in Cybersecurity
19:40 Future Research Directions in Cybersecurity
22:37 Conclusion and Final Thoughts
🔗 Paper: "Effects of Cybersecurity Readiness on Firm Performance: Evidence from Conference Calls" https://scholarspace.manoa.hawaii.edu/server/api/core/bitstreams/b098c310-db83-42cc-8932-852ef7ebcc86/content#Cybersecurity #CyberROI #CISO #FirmPerformance #CybersecurityResearch #NLP #CausalInference #InfoSec #SecurityLeadership #ConferenceCall``
-
The West has been building AI like it's the apocalypse. China has been building it like it's a tool.
That one difference — rooted in centuries of philosophy, theology, and cultural storytelling — may be the most important thing nobody is talking about in the AI debate right now.
SecureTalk host Justin Beals sits down with scholars Bogna Konior (NYU Shanghai), Mi You (University of Kassel), and Vincent Garton to explore their co-edited book "Machine Decision Is Not Final: China and the History and Future of Artificial Intelligence" — and what it reveals about the hidden assumptions driving the decisions we make about AI governance, security, and society.
What this conversation unpacks:
→ Why Western AI fear traces back to Christian theology — not rational risk analysis
→ How the Chinese term for AI literally means "human-made wisdom ability" — no alien mind implied
→ The 2019 Elon Musk vs. Jack Ma exchange that exposed the cultural divide in real time
→ What DeepSeek's open-source breakthrough says about innovation, restriction, and creative problem-solving
→ Why this debate matters far beyond the US and China — and who else is watching closely
If you work in cybersecurity, tech leadership, or AI policy, the cultural lens on this technology isn't a soft question. It shapes real architectural, governance, and regulatory decisions.
Chapters
00:00 Introduction and Perspectives on AI in China
02:41 The Meaning Behind the Claw Machine Image
05:33 The Book's Creation and Collaborative Efforts
08:32 Cultural Perspectives on AI: East vs. West
11:06 The Impact of Open Source AI Models
13:45 Innovation in a Controlled Environment
16:20 Human-Made vs. Artificial Intelligence
19:23 The Philosophical Underpinnings of AI
22:06 The Role of Human Agency in AI Decisions
24:54 Exploring the Future of AI and Society
27:26 The Synthesis of Technology and Society
30:22 Conclusion and Final Thoughts
44:17 Understanding Artificial Intelligence: A Cultural Perspective
47:08 Machine Decision: The Chinese Perspective on AI
49:59 Innovation and Openness in AI Development
50:27 Global Implications of AI Beyond Superpowers
50:37 Introduction and Context of AI Governance
01:00:53 The Role of Computers in Decision Making
01:08:26 Transparency in AI and Governance
01:17:58 Cultural Perspectives on AI: East vs. West
01:23:46 The Singularity and Its Philosophical Implications
01:27:15 Simulation and Reality in AI Discourse
01:35:14 Social Implications of Large Language Models🎙️ SecureTalk is hosted by Justin Beals, CEO of Strike Graph.
🔔 Subscribe for weekly conversations at the intersection of cybersecurity, technology, and leadership.
#ArtificialIntelligence #AIPolicy #ChinaAI #DeepSeek #Cybersecurity #AIGovernance #TechLeadership #OpenSourceAI
```
-
Every American has a Social Security number. Most assume it's protected. Chuck Borges was the person responsible for that protection at the SSA — and what he discovered from the inside is something every American deserves to know.
Chuck is a combat veteran, MIT graduate, and the Social Security Administration's first dedicated Chief Data Officer. He arrived two weeks before the 2025 administration change, watched data governance requests get denied and sensitive work get siloed away from the officials responsible for protecting it, and when the risk became too great to ignore, he spoke up. It cost him his job.
In this episode of SecureTalk, Chuck and host Justin Beals cover:
- Why NUMIDENT data breach goes far beyond a typical data breach
- How shadow IT and unchecked access created a governance nightmare inside the SSA
- The national security implications of 550 million identity records at risk
- What it actually takes to blow the whistle when the stakes are this highThis is one of the most important cybersecurity conversations of 2025, not because of the technology involved, but because of what it reveals about the systems we trust to protect us.
Chapters
00:00 From Dreams to Data: A Unique Journey
02:47 Navigating the Data Landscape: Challenges and Innovations
05:41 The Role of Governance in Data Management
08:20 Civil Service and the Mission Mindset
11:16 Chaos and Change: The Impact of Administration Shifts
13:52 Empathy in Leadership: The Human Element
16:51 Life Experience and Effective Governance
21:16 Siloing and Data Manipulation in Government
23:30 The Risks of Shadow IT and Data Security
27:39 The Dangers of Numident Data
30:08 The Nightmare of Data Exfiltration
31:52 The Courage to Blow the Whistle
36:19 Transitioning to Political Service
38:24 Challenges of Running for Office
41:36 Building Community Through Problem Solving
43:05 Introduction to Data Sensitivity and Governance
44:33 The Risks of Data Exposure
45:55 Chuck Borges: A Profile in Data Leadership
46:46 Introduction to SecureTalk and Data Security
47:37 The Role of the Social Security Administration
48:35 Chuck Borges: A Journey Through Data Governance
50:28 The Impact of Administration Changes on Governance
56:14 Challenges in Data Management and Governance
01:00:58 The Risks of Data Exposure and Mismanagement
01:05:37 Whistleblowing and Ethical Responsibilities
01:14:56 Running for Office: A New Chapter in Public ServiceResources:
Chuck Borges Website - https://chuck4md.com
Twitter - https://twitter.com/Chuck4MD
🔔 Subscribe to SecureTalk for weekly conversations on cybersecurity, leadership, and the technology shaping our world.
#SocialSecurity #DataGovernance #Cybersecurity #DataBreach #NationalSecurity #Whistleblower #FederalCybersecurity #IdentityTheft #SecureTalk #CDO -
On the morning of September 11th, 2001, John Ackerly was briefing White House officials on federal privacy legislation. Hours later, everything changed — and those two realities, data that wasn't shared when it should have been, and data that was exposed when it shouldn't have been, became the founding idea behind Virtru.
In this episode of SecureTalk, host Justin Beals sits down with John Ackerly, CEO and co-founder of Virtru and former White House technology policy adviser, to explore why perimeter security alone is broken — and what data-centric, cryptographic control means for the future of cybersecurity.
They cover:00:00 Introduction to SecureTalk and Data Security
02:28 John Ackerly's Experience and Insights on Privacy Legislation
05:05 The Dichotomy of Privacy and Security
09:12 Public-Private Partnerships in National Security
12:24 Navigating Compliance and Security in Business
15:26 The Role of Technology in Security Solutions
18:40 Family Ties and Military Background in Cybersecurity
20:41 Insider Threats and Data Security Innovations
23:29 The Importance of Data Management and Audits
26:12 Cultural Impact on Security Practices
29:19 Future Challenges: Quantum Computing and Security
32:52 The Evolution of AI and Data Science in SecurityWhether you work in cybersecurity, government, or technology policy, this conversation connects the policy decisions of the past 25 years to the architectural challenges we face today.
🔒 Learn more about Virtru: https://www.virtru.com 🎙️ Subscribe to SecureTalk for weekly conversations at the intersection of technology, security, and society. -
You consider yourself pretty tech-savvy. You know not to click suspicious links. You've heard the warnings. So why are more people losing more money to online scams than ever before?
Robert Siciliano has spent 30 years as a private investigator, appearing on CNN, The Today Show, and Fox News to explain exactly how con artists and cybercriminals think — and why your brain is actually working against you.
In this eye-opening conversation with SecureTalk host Justin Beals, Robert reveals:
- The psychological reason almost everyone falls for scams eventually
- How criminals use loneliness to build fake relationships and drain bank accounts
- Why your parents are the #1 target for the $124 trillion wealth transfer underway
- What a deepfake video call cost one company $25 million — in a single afternoon
- The one habit that would protect 80% of people — and almost nobody does it
This isn't a tech talk. It's a human talk. And it might be the most important conversation you have about your money, your family, and your identity this year.
Chapters
00:00 Introduction to Cybersecurity Challenges
02:44 The Human Blind Spot in Cybersecurity
05:30 Engaging Employees in Security Practices
08:44 Understanding Cybercrime Trends
11:30 The Psychological Aspects of Trust and Security
14:03 Personalizing Security Awareness Training
17:01 The Role of AI in Cybersecurity Threats
23:46 The Dark Reality of Human Trafficking and Cyber Crime
25:55 The Evolution of Cyber Crime Tactics
27:37 Understanding Human Behavior in Cybersecurity
29:54 The Impact of Loneliness on Cyber Vulnerability
31:58 The Kitchen Table Effect in Security Training
34:20 The Importance of Human Connection in Security Awareness
37:40 Empathy and Responsibility in Cybersecurity
39:47 Personal Stories Shaping a Security Perspective🔔 Subscribe to SecureTalk — new episodes every week.
#ScamAlert #OnlineScams #IdentityTheft #CyberSafety #DeepFake #FinancialSecurity #PersonalFinance #TechForEveryone #StayProtected #CyberAware
-
What happens when federal law enforcement refuses to follow court orders? In Minneapolis, ICE agents denied state investigators access to crime scenes despite court-issued warrants—a breakdown that national security experts had been warning about for months.
Dr. Claire Finkelstein, Professor of Law at University of Pennsylvania and Director of the Center for Ethics and the Rule of Law, saw this coming. In October 2024, she ran a tabletop exercise with over 30 retired military leaders simulating exactly this scenario: federal forces confronting state National Guard during civil unrest. The simulation escalated to violence faster than anyone expected, with few off-ramps once momentum built.
Now that simulation is playing out in real time.
Dr. Finkelstein has been on the legal front lines, representing 155 members of Congress before the Supreme Court. When the Court ruled the administration couldn't use National Guard troops as they intended, ICE agents surged instead—creating the confrontation we're seeing today.
The questions are urgent: Can states prosecute federal agents who commit crimes in their jurisdiction? What happens when federal authorities claim immunity? How do soldiers follow orders when they can't trust those orders are lawful? The Supreme Court's immunity decision has made these questions harder to answer.
This conversation explores what happens when rule of law meets political will, and what remains when the institutions designed to protect democracy face their greatest test.
#CyberSecurity #NationalSecurity #Democracy #RuleOfLaw #Minnesota #Minneapolis
Resources:
Finkelstein, Claire. (2026, January 21). We ran high-level US civil war simulations. Minessota is exactly how they start. The Guardian. https://www.theguardian.com/commentisfree/2026/jan/21/ice-minnesota-trump -
Most AI discourse swings between paradise and doom—but the real question is how we architect these systems to enhance human understanding rather than replace decision-making. MIT Professor Alex "Sandy" Pentland reveals why treating AI as an information tool instead of an authority is critical for cybersecurity teams, business leaders, and anyone navigating the intersection of technology and culture.
The math is stark: 90% of social media users are represented by only 3% of tweets. We're making decisions based on algorithmic extremes, not community wisdom. Pentland shows how Taiwan used the Polis platform to restore government trust from 7% to 70% by eliminating follower counts and visualizing the full spectrum of opinion—proving most people agree more than they think.
For security professionals, the implications are profound: culture drives security outcomes more than controls. The stories your team shares about breaches, vulnerabilities, and response protocols create the shared wisdom that determines whether you're actually secure. AI can help synthesize context and surface patterns across distributed organizations, but cannot replace the human judgment needed when edge cases and outliers occur.
Drawing parallels to the Enlightenment—when letter-writing networks sparked unprecedented collaboration among scholars—Pentland argues we stand at a similar inflection point. We have tools that let us share information at unprecedented scale, yet our digital systems amplify loud voices and create echo chambers instead of fostering collective wisdom. His book "Shared Wisdom" offers a pragmatic framework for cultural evolution in the age of AI, recognizing we'll take steps forward, make mistakes, and need to choose our direction deliberately.
Key insights include understanding AI as a statistical repackaging of human stories, recognizing how four waves of AI development have each failed in predictable ways, and learning why loyal agents—systems legally bound to serve your interests like doctors and lawyers—represent the future of trustworthy AI. Pentland also explains why audit trails and liability matter more than premature regulation, and how communities need local governance that's interoperable but not uniform.
Alex "Sandy" Pentland is Stanford HAI Fellow, MIT Toshiba Professor, and member of the US National Academy of Engineering. Named one of "100 People to Watch This Century" by Newsweek and one of "seven most powerful data scientists in the world" by Forbes, his work established authentication standards for digital networks and contributed to pioneering EU privacy law.Episode Resources:
Pentland, Alex. (2025). Shared Wisdom: Cultural Evolution in the Age of AI. The MIT Press. https://mitpress.mit.edu/9780262050999/shared-wisdom/ -
While most organizations treat security as a cost center, a select group is using it to win enterprise deals, open new markets, and outpace competitors. The difference? They've stopped asking "how much does security cost?" and started asking "how much value does security create?"
This strategic edition synthesizes lessons from security leaders at Walmart, PayPal, Postman, and the defense industrial base to reveal the playbook for 2026: treating security as a business function that enables velocity, builds trust, and creates competitive moats.
Five Strategic Imperatives for 2026:
1. Architect for the AI Identity Explosion
When AI agents access your CRM, email, and databases on behalf of humans, who's accountable? Walmart's 10,000+ developers faced this at scale. Learn how to govern probabilistic, non-deterministic systems before deployment breaks.
2. Turn Supply Chain Security Into Competitive Advantage
CMMC enforcement is here—Raytheon paid $8.4M, Penn State $1.25M. But smart contractors are leading with certification to win contracts. See how quantitative security standards are reshaping business relationships between primes and subs.
3. Extract Intelligence From Your Own Logs
One organization prevented $3M in fraud using internal threat intelligence. Learn why focused AI models that analyze your specific environment outperform generic vendor feeds.
4. Make Security Your Primary Differentiator
When SOC 2 Type II certification wins you three enterprise customers worth $2M ARR, security spending looks very different to the CFO. Discover how to position security as the reason customers choose you.
5. Build Culture, Not Tool Stacks
The oil & gas industry made safety everyone's responsibility through culture, not technology. Apply the same principles to solve cybersecurity's 65% turnover crisis.Expert Insights From:
Rishi Bhargava (Descope) | Tobias Yergin (Walmart) | Bob Kolasky (Exiger) | Chris Wysopal (Veracode) | Bill Anderson (Mattermost) | Satyam Patel (Kandji) | Sam Chehab (Postman) | Brian Wagner | Dimitry Shvartsman (PayPal)
The Meta-Pattern: Organizations winning in 2026 measure security in business terms—revenue enabled, customers won, time to market reduced. They're not the "department of no" blocking progress—they're the team enabling fast, safe movement.🎙️ SecureTalk: Strategic conversations with security leaders, hosted by Justin Beals
🔔 Subscribe for insights on AI security, CMMC, threat intelligence & security ROI -
"In 20 years, we transformed food allergy awareness from nonexistent to universal—no law required. What if we could do the same for data security and AI governance?"
This special episode reveals how grassroots cultural shifts create lasting change, and why 2026 might be the year cybersecurity professionals become architects of something bigger than defenses.
We've distilled 2025's conversations with experts from Harvard, MIT, NYU, Brown, and the AI development frontlines into seven actionable lessons that reframe security from technical problem to human opportunity. From understanding the 800 billion AI agents already in our systems, to recognizing why your most valuable threat intelligence is already in your logs, to building the communities that make external defenses less necessary.
Here's what successful security leaders are realizing: The organizations thriving in 2026 aren't just protecting systems—they're creating conditions where humans and AI can flourish together.
THE SEVEN LESSONS:
• Social division is our greatest vulnerability (and connection is our strength)
• Technology won't save us from ourselves (but we can)
• Real change happens through grassroots cultural shifts
• AI demands fundamentally different thinking (here's how)
• Our values can blind us (when to trust them, when not to)
• The weakest links are often invisible (where to look)
• Context matters more than technology (your advantage is closer than you think)
FEATURING INSIGHTS FROM: Dr. Claire Robertson (NYU) | Greg Epstein (Harvard/MIT) | Dr. De Kai | Rishi Bhargava (Descope) | Tobias Yergin (Walmart AI) | Prof. Steven Sloman (Brown) | Lars Kruse | Brian Wagner | Dr. Aram Sinnreich | Jesse Gilbert
PERFECT FOR: Security leaders building resilient organizations | Professionals navigating AI transformation | Anyone ready to move beyond purely technical solutions
🔗 StrikeGraph: https://strikegraph.com
Which lesson will change how you approach security in 2026?
#Cybersecurity #AIGovernance #SecurityLeadership #CyberResilience #AIEthics #CISO #ThreatIntelligence #FutureOfWork -
The mistakes we made building the internet don't have to be repeated in the metaverse—if we act now.
Join SecureTalk host Justin Beals for an essential conversation with Dr. Paola Cecchi-Dimeglio about building secure, ethical virtual worlds. Dr. Cecchi-Dimeglio brings 25 years of experience advising governments, Fortune 500 companies, and global institutions on AI ethics and technology governance.
Her new book "Building a Thriving Future: Metaverse and Multiverse" (MIT Press, 2025) provides frameworks for building virtual spaces that serve humanity rather than exploit it.
CORE THEMES:
• Security by design vs. security bolted on after problems emerge
• How biases get encoded into AI systems—and prevention strategies
• The critical role of "human in the loop" for AI oversight
• Why good regulation creates business stability
• Digital identity systems for global inclusion
• Authentication and verification in virtual spaces
• Cross-border legal frameworks for technology governance
REAL-WORLD IMPACT: Over 1 billion people globally lack legal identification—virtual worlds could solve this through blockchain-based digital identity, or create new exclusions if built poorly. The standards we set now for authentication, verification, and identity control will determine whether these spaces become tools for human flourishing or mechanisms for surveillance.
Virtual worlds already exist—gaming platforms host billions of usersAI is accelerating everything, including security vulnerabilitiesDeepfake technology is improving faster than detection methodsThe decisions made today will shape digital society for decades
WHY THIS MATTERS NOW:
SURPRISING INSIGHTS:
→ Children currently detect deepfakes better than adults (but not for long)
→ Major consulting firms have sold governments expensive reports full of AI errors
→ Voice recognition systems historically failed on non-Western accents due to training data bias
→ Email autocorrect defaults "Paola" to "Paolo" because datasets contained more men than women
ABOUT THE GUEST: Dr. Paola Cecchi-Dimeglio is a globally recognized expert in AI, big data, and behavioral science. She holds dual appointments at Harvard Law School and Kennedy School of Government, co-chairs the UN ITU Global Initiative on AI and Virtual Worlds, and has authored 70+ peer-reviewed publications. Her work advises the World Bank, European Commission, and Fortune 500 executives on ethical AI implementation.
THE OPTIMISTIC VISION: Virtual worlds can tap talent anywhere, breaking geographic barriers. They can connect separated families, provide legal identity to excluded populations, and create opportunities we can't yet imagine—but only if we build them with security, ethics, and human values as foundational requirements.
ABOUT SECURETALK: SecureTalk ranks in the top 2.5% of podcasts globally, making cybersecurity and compliance topics accessible to business leaders. Hosted by Justin Beals, CEO of Strike Graph and former network security engineer.
Perfect for: Security professionals, technology leaders, business executives, policy makers, anyone concerned about building ethical AI systems and secure virtual worlds.
📚 "Building a Thriving Future: Metaverse and Multiverse" by Dr. Paola Cecchi-Dimeglio (MIT Press, 2025)
#AIEthics #Cybersecurity #VirtualWorlds #TechnologyGovernance #MetaverseSecurity #DigitalEthics #AIRegulation #SecureByDesign -
Brown University cognitive scientist Steven Sloman reveals the hidden mechanism driving cultural division—and why it matters for security leadership. In this wide-ranging conversation, Sloman explains the fundamental tension between sacred values and consequentialist thinking, and how understanding this dynamic transforms how leaders communicate risk and build organizational culture.
Justin Beals opens with a personal story about leaving a religious environment defined by absolute values, setting the stage for an exploration of how cognitive science explains why extremists control discourse, why outrage dominates social media, and why having strong values might actually be essential for good decision-making.
KEY TOPICS: • The two systems humans use for decision-making and why both matter • Why simplified positions dominate complex policy debates • How humor breaks through absolutist thinking • The critical difference between AI association and human deliberation • Why communities radicalize when they become too insular • Practical frameworks for leadership teams navigating value conflicts
Sloman, author of "The Cost of Conviction: How Our Deepest Values Lead Us Astray," shares insights from decades of research on cognition, reasoning, and collective thinking. The conversation moves from abstract cognitive science to immediate applications for security professionals operating in organizations where tribal loyalties threaten evidence-based decision-making.
Whether you're presenting risk assessments to boards, building security culture, or helping organizations function during divisive times, this episode offers frameworks for understanding when values serve us and when consequentialist analysis becomes essential.Resources: Sloman, S. (2025). The cost of conviction: How our deepest values lead us astray. MIT Press. (https://mitpress.mit.edu/9780262049825/the-cost-of-conviction/)
-
Most threat intelligence programs can't prove their value. Joe Rossi's team at Zions Bank did the opposite—preventing $3 million in fraud annually while actually attracting new customers to the bank.
In this episode, former punk rock kid turned threat intelligence leader Joe Rossi reveals why your most valuable security intelligence isn't from expensive vendor feeds—it's sitting in your own logs right now. He shares the hard lessons learned building CTI programs from scratch, why most organizations focus on the wrong threats, and how to make security a competitive advantage instead of just a cost center.
Key insights:
• Why your firewall logs are more valuable than threat intelligence feeds
• The cultural mindset required before you invest in CTI
• How to quantify security program ROI in terms leadership actually cares about
• Dark web monitoring: reality vs. Hollywood expectations
• When your organization is actually ready for threat intelligence
Whether you're a CISO considering a CTI program or a security professional trying to prove value, this conversation offers practical frameworks for building security capabilities that directly impact the bottom line.
-
Bob Kolasky walked the halls where CMMC was built. As founding director of CISA's National Risk Management Center, he watched this policy evolve from concept to pilot program to federal law—surviving three presidential administrations because the need never changed.
On November 10, 2025, that policy becomes mandatory reality for every defense contractor pursuing new DoD solicitations. Self-certification ends. Independent verification begins. And the defense industrial base faces its most significant security transformation in a generation.
In this conversation with Justin Beals, Bob explains what contractors need to understand about the deadline—and what recent enforcement actions reveal about gaps that have existed all along.
From Honor System to Accountability:
For years, defense contractors self-certified compliance with NIST 800-171 cybersecurity requirements. The system worked on trust. Contractors checked boxes, DoD accepted attestations, and controlled unclassified information flowed through supply chains with security gaps nobody was measuring.
Then came the settlements. Raytheon paid $8.4 million for failing basic security controls—no antivirus software on systems handling defense information, no system security plans, missing access controls. Penn State settled $1.25 million across 15 contracts. Georgia Tech paid $875,000 in the first DOJ intervention in a cybersecurity False Claims Act case.
These weren't breaches. These were preventable failures that contractors had certified didn't exist.
Katie Arrington's warning to the industry has been consistent: "If you go on LinkedIn one more time and tell me how hard CMMC is, I'm going to beat you. That ship sailed in 2014." Translation: adversaries are watching, and contractors broadcasting difficulties are revealing exactly where vulnerabilities exist.
The November 10th Framework:
After this deadline, every new contract solicitation includes CMMC requirements matched to data sensitivity:
Level 1 handles federal contract information through annual self-assessment with SPRS score reporting. Level 2 manages controlled unclassified information and requires independent C3PAO assessor validation—affecting approximately 35% of DoD's contractor base. Level 3 involves breakthrough technology or critical CUI aggregations and demands direct government audit.
The quantitative approach represents a shift. Instead of binary pass/fail, contractors receive scores reflecting actual security posture. An 88 out of 110 qualifies for Level 2 conditional status with plan of action and milestones. These numbers measure real capabilities across incident response, access control, and continuous monitoring.
The Supply Chain Ripple Effect:
Prime contractors bear new responsibility for subcontractor compliance. Before contract award, they must verify—not just accept—that subs meet requirements. Security questionnaires aren't sufficient anymore. Primes need evidence, validation, and continuous visibility.
An affirming official—typically a senior executive—personally attests to the government that the organization actively manages supply chain risk. This accountability changes relationships throughout the defense industrial base.
Practical Considerations:
Bob addresses the questions contractors are asking: How do you define system boundaries when CUI flows through your infrastructure? Why does each information system need a unique CMMC identifier? What does "current CMMC status" mean for maintaining certification? How do you schedule C3PAO assessments when capacity is limited and 35% of contractors need certification?
He also explains why technology becomes essential—automating compliance evidence collection makes continuous monitoring feasible without massive security staff increases. And he's candid about what the next two years bring: with Kirsten Davies nominated as new CIO and Katie Arrington driving implementation, expect aggressive rollout through 2026.
Why This Policy Survived:
Bob's experience spans Obama, Trump, and Biden administrations. The CMMC framework persisted through every transition because supply chain security isn't a partisan issue—it's a national defense imperative. Now at Exiger advising defense contractors, Bob bridges the gap between policy intent and practical implementation.
This conversation provides clarity on November 10th's real meaning: not just a compliance deadline, but a fundamental shift in how the defense industrial base secures the supply chain supporting national security.
Guest: Bob Kolasky, SVP Critical Infrastructure at Exiger | Former Founding Director, CISA National Risk Management Center | 15 years shaping federal cybersecurity policy
#CMMC #November10th #DefenseContracting #Cybersecurity #DFARS #CISA #SupplyChainSecurity #DIB #ComplianceDeadline #NationalSecurity
-
When we think about cybersecurity, images of tech giants and major financial centers come to mind—but what about the towns where most of us actually live? This SecureTalk episode with cybersecurity researcher Lars Kruse explores an often-overlooked question: how do communities of 20,000-100,000 residents protect themselves in an increasingly digital world?
Host Justin Beals and Kruse, who studies at Sweden's Defense University, discuss the practical realities of implementing cybersecurity in resource-constrained environments. Through his research on over 600 European municipalities and validation interviews with consultants and administrators, Kruse reveals fascinating insights about the gap between written policies and daily operations.
The conversation opens with a real-world incident from Germany where 72 towns simultaneously lost access to their IT systems—not through sophisticated hacking, but through preventable security oversights. This case study illustrates why understanding operational security matters just as much as regulatory compliance.
Key topics explored include:
- How mid-sized communities differ from "smart cities" in their security approach
- The balance between regulatory requirements like GDPR, NIS2, and DORA
- Why employee training consistently ranks as the most critical security investment
- Practical frameworks for managing third-party technology vendors
- The role of political leadership in prioritizing cybersecurity budgets
- How research institutions contribute to better security policies
Kruse shares optimistic findings too: many organizations already practice good security fundamentals—they just need guidance connecting their existing processes to compliance requirements. The episode emphasizes that cybersecurity isn't about expensive technology alone; it's about building resilient practices that protect community services and citizen data.
Perfect for professionals in public administration, IT management, business operations, or anyone curious about how digital security works beyond headlines. This conversation offers practical knowledge about protecting the digital infrastructure we all depend on daily.
SecureTalk features conversations with experts shaping the future of cybersecurity and compliance, hosted by Justin Beals, CEO of Strike Graph.
#Cybersecurity #PublicSector #DigitalSecurity #CommunityResilience #SecurityEducation #DataPrivacy #TechPolicy #LocalGovernment #CyberAwareness #ITSecurity
-
Quantum computing represents one of the most significant advances in computer science we'll see in our lifetimes. We're watching error correction rates improve faster than predicted, with Google's Willow chip achieving benchmarks that compress development timelines dramatically.
For security professionals, this creates an exciting challenge: how do we architect systems today that remain secure as computing power evolves? What makes this particularly interesting is that blockchain and Web3 technologies are at the forefront of this transition—not because they're more vulnerable, but because they're leading the way in implementing quantum-resistant solutions.
Unlike traditional systems where encryption happens behind closed doors, blockchain's transparency means every transaction, every wallet, every cryptographic operation is visible on a public ledger. When post-quantum cryptography becomes necessary, these systems can't just patch quietly in the background. They need to migrate entire ecosystems while maintaining trust with users who can see every change on-chain.
In this episode, we sit down with James Stephens, founder and CEO of Krown Technologies and a certified cryptocurrency forensic investigator, to explore how the blockchain industry is pioneering quantum-resistant infrastructure that will inform security practices across all sectors.
What We Discuss:
Why blockchain and DeFi are leading quantum-resistance innovationHow transparent, public ledgers change the security equationThe practical steps security leaders can take now to prepareWhy true randomness requires physics, not just algorithmsLessons from a decade of cryptocurrency forensic investigationsHow to build quantum-resistant infrastructure without sacrificing user experienceAssessing vendor roadmaps for quantum readiness across any industry
James brings practical experience from both investigating cryptocurrency breaches and building quantum-resistant blockchain infrastructure. His forensic work revealed that most losses come from key mishandling and social engineering rather than cryptographic breaks—insights that shaped how he approaches designing secure systems for any environment.
This conversation covers both the technical innovation happening in quantum computing and the architectural decisions security teams need to make to prepare their organizations for this next era of computing power.
About the Guest: James Stephens is a recognized authority in blockchain security and cryptocurrency forensics with over a decade of experience at the intersection of digital assets, cybersecurity, and quantum innovation. He holds certifications including CBE, CCFI, and CORCI, and is the author of "Quantum Reckoning: Securing Blockchain and DeFi in the Post-Quantum Era."
#Cybersecurity #QuantumComputing #PostQuantumCryptography #Blockchain #Web3 #DeFi #InfoSec -
Discover how strategic foresight is revolutionizing cybersecurity thinking. In this compelling SecureTalk episode, renowned futurist Heather Vescent reveals the 12 invisible paradigms that have shaped our entire approach to cybersecurity - and why breaking them could transform how we defend digital systems.
Back in 2017, Vescent applied strategic foresight methodology to cybersecurity, uncovering fundamental assumptions like "security always plays catch-up," "the user is always wrong," and "we are completely dependent on passwords." Her research, published in 2018, predicted the passwordless revolution that's now mainstream reality.
This isn't just theoretical - Vescent demonstrates how appreciative inquiry flips traditional problem-solving approaches. Instead of asking "what's broken and how do we fix it," she explores "what's working well and how do we amplify it?" This methodology helped identify paradigm shifts that seemed radical in 2018 but are now industry standard.
Key insights include:
- How to shift from reactive to proactive security postures
- Why attack surface analysis needs systematic approaches
- The role of AI as thought partner rather than replacement
- How transparency reduces insider threat attack surfaces
- Practical applications of decentralized identity technologies
- Why security teams should focus on strengths, not just vulnerabilities
Vescent also addresses the commercialization challenges facing promising technologies like self-sovereign identity, explaining how ethical innovations often get compromised during market adoption. Her work bridges the gap between cybersecurity's technical realities and its broader societal implications.
For CISOs, security leaders, and technologists seeking to influence rather than just react to the future, this conversation provides actionable frameworks for anticipating threats and building more resilient systems. Vescent's strategic foresight methodology offers a roadmap for moving beyond endless problem-solving cycles toward security that creates value rather than just preventing loss.
Resources:
Shifting Paradigms Paper: https://www.researchgate.net/publication/330542765_Shifting_Paradigms_Using_Strategic_Foresight_to_Plan_for_Security_EvolutionThreat Positioning Framework GPT: https://chatgpt.com/g/g-68100f6a8c7481919d693ec9d4d9faab-the-threat-positioning-framework-gpt-by-h-vescent
Self Sovereign Identity Book : https://www.amazon.com/Comprehensive-Guide-Self-Sovereign-Identity-ebook/dp/B07Q3TXLDP?&linkCode=sl1&tag=vescent39-20&linkId=2797fe6ea49dff79952bc866ec8e8baf&language=en_US&ref_=as_li_ss_tl
Heather's email list: https://research.cybersecurityfuturist.com/
- Laat meer zien