Shows
STATUS: SECURE – The Cyber Threat Briefing017 The CMMC Briefing Part 1: Everything DoD Contractors Need to Know in 2026If you lose comms, you lose the mission. If you lose your CMMC certification window, you lose your eligibility to bid on the next decade of defense contracts.In this episode we are analyzing the single most important compliance program in the Defense Industrial Base — the Cybersecurity Maturity Model Certification.80,000 contractors need CMMC Level 2 certification before Phase 2 begins on November 10, 2026. As of March of this year, fewer than 2 percent had completed it. This transmission is Part 1 of a two-part series — the foundational briefing for every DoD contractor, subcontractor, and supplier who need...
2026-06-0218 minSTATUS: SECURE – The Cyber Threat Briefing016 PE and VC Funds Are Now Liable for Portfolio Cyber Breaches: The PowerSchool Case StudyIf you lose comms, you lose the mission. If you write the check without verifying what is in the codebase, you lose the fund.In this episode we are analyzing the federal court ruling that rewired cybersecurity due diligence for the entire investment community.On March 18, 2026, a California federal judge allowed class action claims against Bain Capital to proceed for a data breach at PowerSchool that occurred before Bain acquired the company. The acquirer is now legally on the hook for the seller's pre-close cybersecurity failures. Every PE partner, VC general...
2026-05-2621 minSTATUS: SECURE – The Cyber Threat Briefing015 Inheriting Control Drift: Briefing for New Leaders, CMMC Annual Affirmations & Phase 2 DeadlineIf you lose comms, you lose the mission. If you inherit a control library you cannot operationally vouch for, you lose the contract — and possibly your name.In this episode we are analyzing the longest, quietest failure inside the Defense Industrial Base: control drift. There is no breach. No threat actor. No alarm. Just a slow, silent erosion of operational reality — a control library certified clean in 2021 that has decayed by 2026 through cleared workforce attrition, vendor migrations, and "vision-first" leadership making changes before they understand what they inherited.With Phase 2 of the...
2026-05-1924 minSTATUS: SECURE – The Cyber Threat Briefing014 The Transparency Trap: When Hackers Weaponize the SEC Against BanksIf you lose comms, you lose the mission. If you lose your compliance timeline, you lose the company.In this episode, we are analyzing the collision between the SEC's new 96-hour breach disclosure mandate and the extortion tactics of modern ransomware cartels.Many financial executives believe the SEC rule is just an administrative burden. The reality? Threat actors are actively weaponizing this mandate, using the threat of federal whistleblower complaints to force ransom payments while your incident response team is still trying to stop the bleeding....
2026-05-1219 minSTATUS: SECURE – The Cyber Threat Briefing013 The Dispersed Hospital: Securing Telehealth & Remote Patient Monitoring RisksIf you lose comms, you lose the mission. If you lose data integrity, you risk patient lives.In this episode, we are analyzing the rapid disappearance of the traditional hospital perimeter. Through the massive expansion of "Hospital-at-Home" programs, clinical care is now being delivered over highly vulnerable residential Wi-Fi networks.Many healthcare executives assume that deploying a clinical tablet into a home is secure simply because the hospital owns the hardware. The reality? Operating a telehealth kit over an unpatched, default-password consumer router turns a life-saving telemetry device into an open...
2026-05-0513 minSTATUS: SECURE – The Cyber Threat Briefing012 The New Insider Threat: Securing Autonomous AI Agents & The BYOD LessonIf you lose control of your algorithm, you lose control of your company.In this episode of Status: Secure, we are analyzing the sudden, largely unregulated integration of internal AI agents within the Tech Sector. For 20 years, we built our security around the "human firewall," relying on human intuition to catch anomalies. But what happens when you strip the human out of the loop?We break down the recent Meta internal AI misconfiguration, why granting non-human identities read/write access is a ticking time bomb, and why the current AI landscape...
2026-04-2812 minSTATUS: SECURE – The Cyber Threat Briefing011 The Compliance Trap: CMMC, The False Claims Act, and the DoD Supply ChainIf you lose your operational integrity, you lose your contracts. If you lose your data, you lose the company.In this episode we are analyzing the soft underbelly of the Defense Industrial Base and the sudden weaponization of cybersecurity compliance.Many GovCon executives believe that uploading a perfect score to SPRS or sticking a System Security Plan in a drawer means their perimeter is secure. The reality? The Department of Justice is actively using the False Claims Act to hunt down contractors who lie about their controls. Treating NIST 800-171 as...
2026-04-2120 minSTATUS: SECURE – The Cyber Threat Briefing010 Securing the Assembly Line: 4 CI/CD Tools Every InfoSec Team NeedsIf you lose comms, you lose the mission. If your software assembly line is compromised, you lose your customers.In this episode, we are analyzing the high-stakes friction between rapid software development and infrastructure integrity. In the Tech Sector, developers are paid to ship code at breakneck speed, but if InfoSec remains a manual "gate" at the end of the line, the mission fails before it even launches.The reality? The perimeter is no longer your firewall—it’s your CI/CD pipeline. Today, we declassify the "Shift Left" doctrine and the...
2026-04-1414 minSTATUS: SECURE – The Cyber Threat Briefing009 Trust No Inbox: The Surging Epidemic of B2B Financial Email FraudIf you lose comms, you lose the mission. If you trust the inbox blindly, you lose the capital.In this episode we are analyzing the new face of financial theft: Business Email Compromise (BEC).Many finance executives assume an email from a known vendor is safe. The reality? High-fidelity phishing attacks have turned convenience into your greatest vulnerability. Adversaries are no longer trying to hack your firewalls; they are hijacking your supply chain communications and becoming the "man-in-the-middle" to reroute hundreds of thousands of dollars before you even realize you've been breached.
2026-04-0715 minSTATUS: SECURE – The Cyber Threat Briefing008 Autopsy of the Stryker Cyber Attack: Wiping 200,000 Endpoints via IntuneIf you lose your comms, you lose the mission. If your supply chain loses its endpoints, you lose your patients. In this episode we are analyzing the new standard of mortality risk in the healthcare ecosystem. The recent cyber attack on Stryker—a global medical device giant—didn't rely on zero-day malware. Instead, threat actors weaponized Stryker's own Microsoft Intune administrative controls to remotely wipe 200,000 devices.When a hospital's supply chain collapses, digital negligence translates directly to physical harm. We break down the mechanics of the attack and how healthcare providers must...
2026-03-3117 minSTATUS: SECURE – The Cyber Threat Briefing007 Are You Putting Revenue Before National Security?For years, the GovCon supply chain lived on the honor system. Ticking compliance boxes (NIST 800-171) was just a "revenue gate"—a criteria needed to win the contract while promising to fix security gaps later through Plans of Action and Milestones (POA&Ms).That era of "Trust" is over. Welcome to Accountability 2.0, where the "Verify" standard of defensive security is now enforced by the DoJ.In this transmission of Status: Secure, we analyze the uncomfortable truth fiduciaries must face: Treating cybersecurity merely as technical debt is now considered fraud against the Un...
2026-03-2412 minSTATUS: SECURE – The Cyber Threat Briefing006 Slow is Smooth & Smooth is Fast - Security in the Agentic EcosystemThe perimeter hasn't just moved; it has dissolved. You are only as secure as the weakest link in your digital supply chain.In this episode we are analyzing the "Trojan Agent"—how supply chain poisoning has evolved from simple software updates to the hijacking of your autonomous ecosystem.Most modern tech startups consist of 20% original code and 80% third-party integrations. What happens when your AIsupport agent is manipulated into exfiltrating your database because you gave it the keys to the kingdom? "Ease of use" is the new vulnerability....
2026-03-1724 minSTATUS: SECURE – The Cyber Threat Briefing005 Triaging the Invisible Risks in Your Clinical Supply ChainWhen the doctor’s hand is networked, the doctor’s responsibility is networked.In this episode, we are triaging the "invisible risks" buried within the clinical supply chain.Fifteen years ago, an IV pump or a pacemaker was a standalone machine. Today, it is a computer node on your network—capable of pulling data, receiving remote instructions, and, if compromised, delivering lethal doses. As the Internet of Medical Things (IoMT) scales, the perimeter of healthcare has shifted from the server room to the patient’s bedside.Intel De...
2026-03-1025 min
VIB Reveille PodcastBoots on the Ground: Episode 4At the 2025 National VIB Conference - Corey chats with Tim Swaney, Navy Veteran and CEO of WatchUr6, a cybersecurity company that specializes in disaster recovery and readiness. For more on WatchUr6 - https://watchur6.com/Tim Swaney - tim.swaney@watchur6.com
2026-03-0406 minSTATUS: SECURE – The Cyber Threat Briefing004 Weaponized AI - How Deepfake Phone Calls are Draining Bank AccountsIf you can’t verify the identity of the person on the other end of the line, you don't have security—you have an open vault.In this episode, we are analyzing a bank heist where no one wears a mask and no one holds a weapon. Instead, the thief uses the exact voice of your most loyal customer.In 2026, AI isn't just writing code; it's cloning identities. We break down how threat actors use as little as three seconds of audio from social media to bypass call center security and why...
2026-03-0312 minSTATUS: SECURE – The Cyber Threat Briefing003 Velocity vs Security: Is "Move Fast and Break Things" Costing You Enterprise Deals?In the tech sector, speed is life. But if you’re a startup trying to land Fortune 500 clients, shipping code without security isn't "moving fast"—it's building catastrophic security debt.In this episode, we are talking to the disruptors, the coders, and the startup founders who need to balance development velocity with enterprise-grade security. We break down why the old "Wild West" era of coding is dead, how AI is changing the game, and why waiting until an enterprise client asks for a SOC 2 report is a $50,000 mistake.Intel Declassified in t...
2026-02-2414 minSTATUS: SECURE – The Cyber Threat Briefing002 Technical Debt: The High Cost of Legacy SystemsIn this briefing, we strip away the "If it ain't broke, don't fix it" mentality that plagues the GovCon sector. We analyze the collision between aging government infrastructure and modern adversary capabilities.Many contractors believe they can hide their legacy tech behind a firewall and pass a CMMC assessment. The reality? If you can’t patch it, you can’t certify it.Intel Declassified in this Briefing:[00:46] The Patching Gap: Why End-of-Life (EOL) software is the ultimate playground for hackers.[02:23] The Compliance Wall: Why lega...
2026-02-1716 minSTATUS: SECURE – The Cyber Threat Briefing001 HIPAA Compliance vs Dark Web EconomicsWelcome to the first transmission of Status: Secure. Today, we are analyzing the collision between regulatory compliance and the profit models of the Dark Web.Many healthcare executives believe passing a HIPAA audit means their perimeter is secure. The reality? A compliance certificate is just a driver’s license—it doesn’t mean you know how to drive defensively when a threat actor runs you off the road.Intel Declassified in this Briefing:[00:00] The Valuation Gap: Why hackers pay 200x more for patient data than credit cards.[01:53] The Compliance Fallac...
2026-02-1415 min