Secure Talk Podcast

Hosted by Justin Beals

TechnologyInterviews guests

Website RSS feed

Episodes

254

Latest episode

Jun 2026

Language

About the show

Secure Talk reviews the latest threats, tips, and trends on security, innovation, and compliance. Host Justin Beals interviews leading privacy, security and technology executives to discuss best practices related to IT security, data protection and compliance. Based in Seattle, he previously served as the CTO of NextStep and Koru, which won the 2018 Most Impactful Startup award from Wharton People Analytics. He is the creator of the patented Training, Tracking & Placement System and the author of “Aligning curriculum and evidencing learning effectiveness using semantic mapping of learning assets,” published in the International Journal of Emerging Technologies in Learning (iJet). Justin earned a BA from Fort Lewis College.

Listen to episodes

60 recent

June 16, 2026Episode 25541 min

Considering Security, Compliance and Revenue with David Grazer

Most companies chase certifications to win deals — but what actually keeps customers is something no audit can measure.In this episode, vCISO David Grazer makes the case that trust is a measurable economic asset hiding in plain sight: your customer retention rate. Drawing on 15+ years inside high-growth tech companies, David explains why compliance frameworks are customer acquisition tools, not retention strategies — and how the gap between the two is costing businesses more than they realize.This episode is for founders, security leaders, and C-suite executives who want to connect their security and privacy programs to real business outcomes.You'll learn:→ Why a SOC 2 or ISO 27001 certification is only the beginning of earning customer trust→ How customer churn functions as one of the most honest security metrics available→ Why MFA and common security controls often fail the users who need them most→ What "Trust by Design" looks like in product development and AI programs→ How to translate security risk into language that resonates with your CFOChapters00:00 Introduction to Secure Talk and Trust03:42 David Grazer's Journey into Security and Privacy08:09 Navigating Compliance and Customer Trust12:49 The Role of Consulting in Security18:07 Trust as a Measurable Economic Asset23:42 Identity Management in the Entertainment Industry26:09 The VC SO Model and Its Impact29:13 The Evolution of Compliance Conversations33:17 Exploring the Intersection of Technology and Society🔔 Subscribe to SecureTalk for weekly conversations at the intersection of cybersecurity, compliance, and business strategy.#cybersecurity #compliance #CISO #trustbydesign #vciso #informationsecurity #GRC #dataprivacy

June 2, 2026Episode 25453 min

Why you could fail your CMMC Level 2 C3PAO audit | Secure Talk with Logan Therrien

You did your self assessment and received a perfect 110 score, congratulations! You met with your C3PAO and scored less than 0. What happened!How can two CMMC assessors examine the same defense contractor and arrive at completely different scores? A lack of rigor in assessment methodology could mean the entire certification system is measuring the assessor — not your security. Logan Therrien, Chief Strategy Officer at Kieri Solutions and one of the original C3PAO lead assessors in the U.S., joins Justin Beals to expose a critical flaw in how CMMC Level 2 assessments are conducted today: no standardized evidence sampling methodology.This episode is for DoD contractors, compliance consultants, and defense industry executives who want to understand what's at stake — and how to navigate assessments before the rules tighten further.What you'll learn:Why NIST 800-171 was intentionally vague — and how that backfired for assessorsHow one assessor might review a single evidence point while another reviews 100%What ISO 17020 accreditation will require of C3PAOs and why it matters nowWhat the 48 CFR expansion means for 118,000+ contractors in the supply chainHow to prepare for an assessment so it feels like an open-book testLogan also co-authored the peer-reviewed paper "The Need for Standardized Evidence Sampling in CMMC Assessments: A Survey-Based Analysis of Assessor Practices" (with John Hastings) — one of the first data-driven studies of assessment methodology in the CMMC ecosystem.Chapters00:00 Introduction to Secure Talk and Psychometrics01:45 Understanding CMMC and Its Implications05:32 Logan Therian's Background and Insights09:16 The Challenges of Assessment Methodologies16:10 The Scale and Impact of CMMC Assessments20:31 Navigating Standards in Cybersecurity23:53 Evidence Testing in CMMC Assessments27:43 The Importance of Reliable and Accurate Assessments36:22 Building Trust Between Industry and Defense41:46 Future Directions in CMMC ResearchResources: Therrien, Logan and Hastings, John. (2026, February 10). The need for standardized evidence sampling in CMMC assessments: A survey-based analysis of assessor practices. arXiv. https://arxiv.org/abs/2602.09905

May 19, 2026Episode 25347 min

Mark Zuckerberg has an AI twin. Who Is Mark Zuckerberg?

Mark Zuckerberg built an AI version of himself that attends meetings and approves budgets while he's elsewhere. That's not science fiction — it's happening now. But when an AI replica makes a consequential decision, who's legally responsible? Who owns it when you die?Dr. Candi Cann, Thanatologist and professor at Baylor University, joins SecureTalk host Justin Beals to explore the uncomfortable intersection of technology, mortality, and identity — and what it means for data governance, digital rights, and the future of enterprise accountability.In this episode:Key topics: digital identity, AI accountability, data governance, CMMC compliance, death technology, digital ethics, AI agents, enterprise securityIf your organization is deploying AI agents that act on behalf of humans — approving transactions, attending meetings, representing employees — this episode raises the governance questions your security and legal teams need to be asking right now.Subscribe to SecureTalk for weekly conversations at the edge of cybersecurity, compliance, and technology culture.Resources: Book: Augmented: Life and Death as a Cyborg by Candy Cann, MIT Press, 2026. Link: https://mitpress.mit.edu/9780262051118/augmented/

May 5, 2026Episode 25251 min

CMMC Is an HR Problem, Not an Enclave Problem — Here's the Proof

The biggest cybersecurity failures in recent memory — Raytheon, Penn State, Georgia Tech — weren't caused by missing software. They were caused by the wrong people being assigned the wrong tasks, with no shared language to connect the rules to the work.This SecureTalk episode with Dorian Cougias (MoxyWolf, former Unified Compliance Framework CEO) is one of the most systems-level conversations we've had on the show. Dorian spent decades building the infrastructure that compliance programs run on — and he's now rebuilding it from scratch, in the open.What you'll hear:→ Why the compliance industry is structurally fragmented across three authority domains that don't communicate→ How Bloom's Taxonomy — a tool from education — maps directly to which compliance tasks belong to which roles→ Why the Oxford English Dictionary doesn't have "personal data" in it, and what that tells us about regulatory language→ The O*NET framework and why the Department of Labor might be the most underused tool in cybersecurity→ Shannon's entropy theory, applied to compliance and cognitive load→ A new open-source STIG API infrastructure that StrikeGraph is integrating as a launch partnerWhether you're deep in the compliance trenches or just fascinated by how complex systems fail — and how to redesign them — this is worth your time.🔗 strikegraph.com | stigviewer.comChapters:00:00 Introduction and Background02:43 Exploring Compliance and Natural Language Processing05:15 Military Experience and Signal Intelligence08:01 Cognitive Load and Compliance Frameworks10:49 The Importance of Language in Compliance13:39 The Evolution of Dictionaries and Lexicons16:16 Bridging Gaps in Compliance Communication18:47 Innovations at MoxieWolf and Future Directions22:04 Mapping Skills and Regulatory Guidelines25:05 Job Applicability and Knowledge Requirements28:02 The Importance of O*NET in Cybersecurity29:21 Challenges in CMMC Compliance33:23 The Role of Technology in Compliance35:38 Horizontal Practices in Compliance38:15 Building Effective Teams for Compliance42:21 Introduction to Compliance Failures45:19 The Human Element in Compliance48:10 Navigating Compliance Complexity with Technology48:57 Introduction to Cybersecurity Compliance Challenges54:09 The Role of People in Compliance Success56:01 Guest Introduction: Dorian Cougas01:00:48 Exploring Bloom's Taxonomy in Compliance01:05:48 The Importance of Shared Lexicons01:09:32 Navigating Compliance with Technology01:15:11 MoxieWolf's Approach to Compliance01:20:49 The Interconnectedness of Compliance Tasks01:27:51 Real-World Compliance Challenges01:33:57 Building Effective Teams for Compliance#Cybersecurity #ComplianceCulture #CMMC #HumanFactors #GRC #TechPolicy #SecureTalk

April 21, 2026Episode 25147 min

The ROI of Security Tested: What a new paper reveals about security value | Secure Talk with Minh Nguyen and Thi Tran

Why do most cybersecurity investments feel impossible to justify? Because the measurement tools are broken — built on gut instinct, not research.Researchers Minh Nguyen (Florida Atlantic University) and Thi Tran (Binghamton University) set out to fix that. In this episode, they break down their landmark paper "Effects of Cybersecurity Readiness on Firm Performance: Evidence from Conference Calls" — the first study to systematically measure cybersecurity readiness at the firm level and link it directly to financial performance.What they found will change how you think about security budgets:→ Outsider mentions of cybersecurity in earnings calls are 100x more predictive of firm performance than insider mentions→ Even a single co-occurrence of security-related language drives measurable returns on assets the following year→ Companies that act proactively - not reactively - earn greater market trustThis is the episode for CISOs who need real data to justify investment, security leaders tired of folklore-based decision-making, and anyone curious about how AI, NLP, and causal inference are reshaping the business case for cybersecurity.Chapters00:00 Introduction to the Guests and Their Backgrounds02:34 The Intersection of AI, Business, and Cybersecurity05:32 Understanding Cybersecurity Readiness08:31 The Importance of Measurement in Cybersecurity11:16 Developing a Cybersecurity Dictionary14:16 The Impact of Outsider Perspectives on Firm Performance16:51 The Role of Transparency in Cybersecurity19:40 Future Research Directions in Cybersecurity22:37 Conclusion and Final Thoughts🔗 Paper: "Effects of Cybersecurity Readiness on Firm Performance: Evidence from Conference Calls" https://scholarspace.manoa.hawaii.edu/server/api/core/bitstreams/b098c310-db83-42cc-8932-852ef7ebcc86/content#Cybersecurity #CyberROI #CISO #FirmPerformance #CybersecurityResearch #NLP #CausalInference #InfoSec #SecurityLeadership #ConferenceCall``

April 7, 2026Episode 25053 min

They Sold AI to Play God. China Never Got That Memo.

The West has been building AI like it's the apocalypse. China has been building it like it's a tool.That one difference — rooted in centuries of philosophy, theology, and cultural storytelling — may be the most important thing nobody is talking about in the AI debate right now.SecureTalk host Justin Beals sits down with scholars Bogna Konior (NYU Shanghai), Mi You (University of Kassel), and Vincent Garton to explore their co-edited book "Machine Decision Is Not Final: China and the History and Future of Artificial Intelligence" — and what it reveals about the hidden assumptions driving the decisions we make about AI governance, security, and society.What this conversation unpacks:→ Why Western AI fear traces back to Christian theology — not rational risk analysis→ How the Chinese term for AI literally means "human-made wisdom ability" — no alien mind implied→ The 2019 Elon Musk vs. Jack Ma exchange that exposed the cultural divide in real time→ What DeepSeek's open-source breakthrough says about innovation, restriction, and creative problem-solving→ Why this debate matters far beyond the US and China — and who else is watching closelyIf you work in cybersecurity, tech leadership, or AI policy, the cultural lens on this technology isn't a soft question. It shapes real architectural, governance, and regulatory decisions.Chapters00:00 Introduction and Perspectives on AI in China02:41 The Meaning Behind the Claw Machine Image05:33 The Book's Creation and Collaborative Efforts08:32 Cultural Perspectives on AI: East vs. West11:06 The Impact of Open Source AI Models13:45 Innovation in a Controlled Environment16:20 Human-Made vs. Artificial Intelligence19:23 The Philosophical Underpinnings of AI22:06 The Role of Human Agency in AI Decisions24:54 Exploring the Future of AI and Society27:26 The Synthesis of Technology and Society30:22 Conclusion and Final Thoughts44:17 Understanding Artificial Intelligence: A Cultural Perspective47:08 Machine Decision: The Chinese Perspective on AI49:59 Innovation and Openness in AI Development50:27 Global Implications of AI Beyond Superpowers50:37 Introduction and Context of AI Governance01:00:53 The Role of Computers in Decision Making01:08:26 Transparency in AI and Governance01:17:58 Cultural Perspectives on AI: East vs. West01:23:46 The Singularity and Its Philosophical Implications01:27:15 Simulation and Reality in AI Discourse01:35:14 Social Implications of Large Language Models🎙️ SecureTalk is hosted by Justin Beals, CEO of Strike Graph.🔔 Subscribe for weekly conversations at the intersection of cybersecurity, technology, and leadership.#ArtificialIntelligence #AIPolicy #ChinaAI #DeepSeek #Cybersecurity #AIGovernance #TechLeadership #OpenSourceAI```

March 24, 2026Episode 24948 min

The DOGE data breach at the Social Security Administration with Whistleblower Chuck Borges

Every American has a Social Security number. Most assume it's protected. Chuck Borges was the person responsible for that protection at the SSA — and what he discovered from the inside is something every American deserves to know.Chuck is a combat veteran, MIT graduate, and the Social Security Administration's first dedicated Chief Data Officer. He arrived two weeks before the 2025 administration change, watched data governance requests get denied and sensitive work get siloed away from the officials responsible for protecting it, and when the risk became too great to ignore, he spoke up. It cost him his job.In this episode of SecureTalk, Chuck and host Justin Beals cover:- Why NUMIDENT data breach goes far beyond a typical data breach- How shadow IT and unchecked access created a governance nightmare inside the SSA- The national security implications of 550 million identity records at risk- What it actually takes to blow the whistle when the stakes are this highThis is one of the most important cybersecurity conversations of 2025, not because of the technology involved, but because of what it reveals about the systems we trust to protect us.Chapters00:00 From Dreams to Data: A Unique Journey02:47 Navigating the Data Landscape: Challenges and Innovations05:41 The Role of Governance in Data Management08:20 Civil Service and the Mission Mindset11:16 Chaos and Change: The Impact of Administration Shifts13:52 Empathy in Leadership: The Human Element16:51 Life Experience and Effective Governance21:16 Siloing and Data Manipulation in Government23:30 The Risks of Shadow IT and Data Security27:39 The Dangers of Numident Data30:08 The Nightmare of Data Exfiltration31:52 The Courage to Blow the Whistle36:19 Transitioning to Political Service38:24 Challenges of Running for Office41:36 Building Community Through Problem Solving43:05 Introduction to Data Sensitivity and Governance44:33 The Risks of Data Exposure45:55 Chuck Borges: A Profile in Data Leadership46:46 Introduction to SecureTalk and Data Security47:37 The Role of the Social Security Administration48:35 Chuck Borges: A Journey Through Data Governance50:28 The Impact of Administration Changes on Governance56:14 Challenges in Data Management and Governance01:00:58 The Risks of Data Exposure and Mismanagement01:05:37 Whistleblowing and Ethical Responsibilities01:14:56 Running for Office: A New Chapter in Public ServiceResources: Chuck Borges Website - https://chuck4md.comTwitter - https://twitter.com/Chuck4MD🔔 Subscribe to SecureTalk for weekly conversations on cybersecurity, leadership, and the technology shaping our world.#SocialSecurity #DataGovernance #Cybersecurity #DataBreach #NationalSecurity #Whistleblower #FederalCybersecurity #IdentityTheft #SecureTalk #CDO

March 10, 2026Episode 24840 min

From 9/11 to Salt Typhoon: Why Backdoors Always Betray Us | Secure Talk with John Ackerly

On the morning of September 11th, 2001, John Ackerly was briefing White House officials on federal privacy legislation. Hours later, everything changed — and those two realities, data that wasn't shared when it should have been, and data that was exposed when it shouldn't have been, became the founding idea behind Virtru.In this episode of SecureTalk, host Justin Beals sits down with John Ackerly, CEO and co-founder of Virtru and former White House technology policy adviser, to explore why perimeter security alone is broken — and what data-centric, cryptographic control means for the future of cybersecurity.They cover:00:00 Introduction to SecureTalk and Data Security02:28 John Ackerly's Experience and Insights on Privacy Legislation05:05 The Dichotomy of Privacy and Security09:12 Public-Private Partnerships in National Security12:24 Navigating Compliance and Security in Business15:26 The Role of Technology in Security Solutions18:40 Family Ties and Military Background in Cybersecurity20:41 Insider Threats and Data Security Innovations23:29 The Importance of Data Management and Audits26:12 Cultural Impact on Security Practices29:19 Future Challenges: Quantum Computing and Security32:52 The Evolution of AI and Data Science in SecurityWhether you work in cybersecurity, government, or technology policy, this conversation connects the policy decisions of the past 25 years to the architectural challenges we face today.🔒 Learn more about Virtru: https://www.virtru.com 🎙️ Subscribe to SecureTalk for weekly conversations at the intersection of technology, security, and society.

February 24, 2026Episode 24746 min

A Con Artist Expert Explains Why Smart People Still Get Scammed | Secure Talk with Robert Siciliano

You consider yourself pretty tech-savvy. You know not to click suspicious links. You've heard the warnings. So why are more people losing more money to online scams than ever before?Robert Siciliano has spent 30 years as a private investigator, appearing on CNN, The Today Show, and Fox News to explain exactly how con artists and cybercriminals think — and why your brain is actually working against you.In this eye-opening conversation with SecureTalk host Justin Beals, Robert reveals:- The psychological reason almost everyone falls for scams eventually- How criminals use loneliness to build fake relationships and drain bank accounts- Why your parents are the #1 target for the $124 trillion wealth transfer underway- What a deepfake video call cost one company $25 million — in a single afternoon- The one habit that would protect 80% of people — and almost nobody does itThis isn't a tech talk. It's a human talk. And it might be the most important conversation you have about your money, your family, and your identity this year.Chapters00:00 Introduction to Cybersecurity Challenges02:44 The Human Blind Spot in Cybersecurity05:30 Engaging Employees in Security Practices08:44 Understanding Cybercrime Trends11:30 The Psychological Aspects of Trust and Security14:03 Personalizing Security Awareness Training17:01 The Role of AI in Cybersecurity Threats23:46 The Dark Reality of Human Trafficking and Cyber Crime25:55 The Evolution of Cyber Crime Tactics27:37 Understanding Human Behavior in Cybersecurity29:54 The Impact of Loneliness on Cyber Vulnerability31:58 The Kitchen Table Effect in Security Training34:20 The Importance of Human Connection in Security Awareness37:40 Empathy and Responsibility in Cybersecurity39:47 Personal Stories Shaping a Security Perspective🔔 Subscribe to SecureTalk — new episodes every week.#ScamAlert #OnlineScams #IdentityTheft #CyberSafety #DeepFake #FinancialSecurity #PersonalFinance #TechForEveryone #StayProtected #CyberAware

February 10, 2026Episode 24644 min

When Federal Agents Ignore Court Orders: What Happens to Democracy? | Secure Talk with Claire Finkelstein

What happens when federal law enforcement refuses to follow court orders? In Minneapolis, ICE agents denied state investigators access to crime scenes despite court-issued warrants—a breakdown that national security experts had been warning about for months.Dr. Claire Finkelstein, Professor of Law at University of Pennsylvania and Director of the Center for Ethics and the Rule of Law, saw this coming. In October 2024, she ran a tabletop exercise with over 30 retired military leaders simulating exactly this scenario: federal forces confronting state National Guard during civil unrest. The simulation escalated to violence faster than anyone expected, with few off-ramps once momentum built.Now that simulation is playing out in real time.Dr. Finkelstein has been on the legal front lines, representing 155 members of Congress before the Supreme Court. When the Court ruled the administration couldn't use National Guard troops as they intended, ICE agents surged instead—creating the confrontation we're seeing today.The questions are urgent: Can states prosecute federal agents who commit crimes in their jurisdiction? What happens when federal authorities claim immunity? How do soldiers follow orders when they can't trust those orders are lawful? The Supreme Court's immunity decision has made these questions harder to answer.This conversation explores what happens when rule of law meets political will, and what remains when the institutions designed to protect democracy face their greatest test.#CyberSecurity #NationalSecurity #Democracy #RuleOfLaw #Minnesota #MinneapolisResources: Finkelstein, Claire. (2026, January 21). We ran high-level US civil war simulations. Minessota is exactly how they start. The Guardian. https://www.theguardian.com/commentisfree/2026/jan/21/ice-minnesota-trump