The Entropy Podcast

In this episode of The Entropy Podcast, Glenn Carle a former CIA clandestine officer with over two decades of experience breaks down how intelligence agencies think, operate, and influence outcomes over the long term.Drawing on real-world tradecraft, Glenn explains how vulnerabilities are identified, how influence is cultivated, and how narratives are seeded and amplified over time. The conversation explores the growing tension between intelligence institutions and political power, the risks facing democratic systems, and how modern geopolitics is increasingly shaped by information warfare and perception management.The discussion also ventures into controversial territory examining the possibility of long-term influence operations at the highest levels of power while highlighting the difference between evidence, interpretation, and hypothesis.This is a conversation about how power actually works beneath the surface and what happens when institutions designed to protect truth are put under pressure.Takeaways:Intelligence is about patterns, not eventsInfluence is often long-term and indirectVulnerability ≠ controlInstitutions are under pressureInformation warfare shapes realityThe line between analysis and speculation mattersSoundBytes:“In intelligence, there are no coincidences only patterns you haven’t understood yet.”“You don’t recruit someone in a moment you shape them over time.”“Every strength can become a vulnerability in the right context.”“If telling the truth costs you your job, the system stops working.”“You don’t need the truth you need enough repetition to make something feel true.”“The most effective operations are the ones no one notices—until it’s too late.”“Understanding how something could happen is not the same as proving that it did.”This conversation explores complex and often controversial geopolitical themes from the perspective of a former intelligence officer. Some views expressed particularly around long-term intelligence operations and political influence reflect interpretation and professional judgement rather than independently verified public conclusions. Listeners are encouraged to engage critically and consult additional sources where appropriate. 

In this episode of the Entropy Podcast, Robert Maxwell (CEO of TGT Solutions) reframes cybersecurity from a technical concern into a core business risk especially for small and medium-sized enterprises (SMEs).He argues that cyber threats are fundamentally about cash, trust, and continuity, not just systems. A single compromised credential or phishing attack can dismantle years of work in minutes, particularly in SMEs where operations often depend on one person, one account, or one set of credentials. Maxwell introduces a key mindset shift: cybersecurity is an investment, not an expense. Like building a portfolio, incremental and consistent investment in cyber resilience pays dividends protecting revenue, relationships, and long-term business viability. The conversation also explores human vulnerability as the dominant attack vector, the risks introduced by AI adoption, and why attackers prioritize ease over sophistication. Ultimately, the episode highlights a stark reality: it’s no longer “if” a business is attacked, but “when” and how prepared it is when that moment comes.Key Takeaways:1. Cyber is now a business problem, not an IT problem It directly impacts cashflow, supplier relationships, and customer trust—not just systems.2. SMEs are disproportionately vulnerable Reliance on single accounts, single individuals, and weak password practices creates critical single points of failure.3. Attackers prioritize ease, not scale or sophistication The simplest entry point—often human—is the most exploited.4. “Too small to hack” is a dangerous myth Smaller firms are often easier targets and valuable entry points into supply chains.5. Cybersecurity must be treated as an investment Incremental improvements (policies, training, redundancy) generate long-term “dividends” in resilience.6. Human behavior is the biggest risk surface Phishing, credential reuse, and lack of policy enforcement remain dominant vulnerabilities.7. AI is amplifying exposure Organizations are unintentionally leaking sensitive data through unmanaged AI usage.8. External validation is critical Internal reviews often miss risks—independent assessments reveal blind spots.9. Banks and institutions are shifting liability Poor cyber hygiene increasingly results in unrecoverable financial loss.10. Timing matters Fixing issues after a breach is exponentially more expensive than proactive investment.Soundbites: “Cyber isn’t a technical issue anymore—it’s about cash.”  “You can lose trust, cash, and credibility in under a minute.”  “It’s not ‘if’ you get attacked—it’s ‘when’ and ‘how much they take.’”  “One person, one password, one account—that’s all it takes.”  “Attackers don’t look for the biggest target—they look for the easiest one.”  “We were too busy… until we got hacked.”  “Cybersecurity isn’t an expense. It’s an investment that pays dividends.”  “The password they stole six months ago? It still works—that’s the problem.”  “AI is making companies more vulnerable—and they don’t even realize it.”  “You’re building a business for generations—cyber can erase it in minutes.”You can learn more about TGT solutions from their website: https://www.tgtsolutions.com/

In this episode of The Entropy Podcast, host Francis Gorman speaks with Jason Jordan about the reality of digital forensics, cybercrime investigations, and the evolving role of AI in evidence and incident response. Jason shares his journey from police detective to global forensic expert, unpacking how modern investigations work from reconstructing deleted data to testifying in court. The conversation dives into why AI can’t be blindly trusted in legal contexts, how digital footprints are nearly impossible to erase, and the psychological toll of confronting the worst of human behavior in cybercrime.Key TakeawaysDigital forensics is still built on fundamentals Despite AI and automation, everything comes back to understanding data structures at a low level. AI is powerful but dangerous in legal settings If you can’t explain how an output was produced, it won’t stand up in court. You can’t truly hide in the digital world Like physical forensics, digital interactions always leave trace evidence. Incident response ≠ forensic investigation One stops the attack; the other explains how and why it happened. Human error is often the weakest link Many breaches aren’t technical failures they’re failures in monitoring or behavior. Bias is controlled through process, not perfection Documentation, peer review, and validation are critical to staying objective. Cybercrime is increasingly sophisticated and organized Attacks now involve long-term planning, insider access, and complex technical setups. The job comes with real psychological cost Exposure to extreme content and consequences requires resilience and support systems. Passion and curiosity are essential This field isn’t just technical—it’s investigative, relentless, and deeply demanding. Soundbites “In forensics, if you can’t explain it—you can’t use it.”  “AI can’t testify in court. A human has to.”  “You don’t stop being a forensic scientist—it’s who you are.”  “Every interaction leaves a trace—digital or physical.”  “We don’t just catch bad guys—we make sure it’s the right one.”  “Pull the plug or preserve evidence? That’s the real-world trade-off.”  “Cybercrime today is organized, patient, and highly engineered.”  “You only get to make one big mistake in this field.”  “If you love puzzles, this is the ultimate career.”

In this episode of The Entropy Podcast, host Francis Gorman speaks with Shelly Bernard about how identity, cognitive wiring, and environment shape high performers particularly those transitioning from elite military and intelligence careers. They explore why many struggle after leaving high-performance environments, how ego and identity can limit growth, and why emotional intelligence is becoming a critical advantage in modern domains like cybersecurity and cognitive warfare. The conversation ultimately reframes performance as a matter of alignment between how you think and where you operate.Key TakeawaysIdentity is often borrowed from environmentHigh performance = alignmentEgo limits adaptabilityDifferent brains, different strengthsEmotional intelligence is undervalued but criticalEnvironment shapes behavior over timeCognitive warfare is reshaping conflict Unmet needs drive unintended behavior Soundbites “High performance isn’t just skill it’s alignment.”  “Ego protects identity, but it blocks growth.”  “Emotion isn’t a liability it’s a strategic tool.”  “The battlefield is shifting from physical to cognitive.”  “People don’t struggle because they’re incapable they’re misaligned.”  “If your environment doesn’t fit your wiring, something will break.”  “Always ask: why?” Follow The Other Side Podcast:YouTube: https://youtu.be/wUDFU0EPt-g?si=b1dslirwAY6b4XMXSpotify: https://open.spotify.com/show/4YJpBVrhDmvUnYCviliFG3?si=d3fWtscXTEytPa2Ge4myCA

In this episode, Debbie Taylor Moore breaks through the noise around quantum security and reframes it for what it really is: a business risk, not a technical curiosity.Drawing on decades of experience across cybersecurity, AI, and national security, she explains why most organisations are approaching quantum readiness the wrong way by overcomplicating the problem, overhyping the threat, and underestimating the organisational challenge.Instead of fear-driven messaging, Debbie advocates for clarity, prioritisation, and leadership accountability. From boardroom conversations to enterprise-wide execution, she lays out what actually matters: understanding your systems, focusing on real risk, and treating quantum as a multi-year modernization effort.The conversation also expands beyond quantum, exploring how AI, geopolitics, and evolving cyber threats are reshaping enterprise security and why traditional approaches are no longer sufficient.This is not a conversation about the future. It’s about what leaders should already be doing now. Key TakeawaysQuantum is a risk management issue, not a technical deep dive Boards don’t need to understand quantum mechanics they need to understand business impact. Stop treating it like a fire drill This is a long-term modernization effort, not a last-minute emergency. Prioritisation beats perfection Focus on your most critical systems first not a massive, overwhelming inventory. It’s a cross-functional problem Security, DevOps, legal, procurement, and leadership all play a role. Fear-based messaging is counterproductive Clear, actionable risk framing is far more effective than hype. Discovery alone is not progress Many organisations are stuck mapping the problem instead of solving it. The real gap is organisational, not technological Talent, alignment, and execution are the hardest parts. Soundbytes: “Quantum readiness isn’t just-in-time. It’s just-be-ready.”  “Boards don’t need to be quantum experts — they need to understand risk.”  “This isn’t an IT problem. It’s enterprise risk management.”  “Don’t scare people. Give them the next actionable step.”  “Most organisations have fewer than five people who truly understand this space.”  “Discovery without action just creates a bigger problem.”  “If you treat this like a fire drill, you’ve already misunderstood it.”  “The cost of doing nothing is time — and time is the one thing you don’t get back.”

Francis Gorman sits down with former CIA senior operations officer Sean Wiswesser to unpack the evolution, culture, and methods of Russian intelligence. Drawing from nearly 30 years in the intelligence community and his forthcoming book Tradecraft, Tactics, and Dirty Tricks: Russian Intelligence and Putin’s Secret War , Sean argues that Russian intelligence services are not just arms of the state but central to how power is maintained in Russia. The conversation ranges from the Cheka and KGB legacy to Putin’s modern security apparatus, cyber operations, disinformation campaigns, corruption inside the services, and the broader hybrid war being waged against Western democracies. Sean also reflects on the difference between the Russian people and the Russian regime, the danger of unchecked autocracy, and the need for talented young people to pursue careers in intelligence and national security. Soundbites “Putin is who we thought he was. He’s a Chekist.” “We’re not at war with the Russian people. We’re in an undeclared secret war with the Russian intelligence services.” “What they were doing in 2016 was attacking our democracy and attacking the very concept of free and fair elections.” “Their goal was to sow discord, distrust, and animosity in the American public.” “Our strength is in our collaboration, our partnerships, our allies. The Russians don’t have that.” “The day starts with corruption.” TakeawaysRussian intelligence is presented here not as a side institution, but as a defining pillar of Russian state power, with roots stretching from the Cheka to today’s FSB, SVR, and GRU. Sean draws a sharp distinction between admiration for Russian culture and people, and condemnation of the regime and intelligence services that suppress freedom at home and destabilize democracies abroad. A major theme is hybrid warfare: cyber attacks, social media manipulation, election interference, and information operations designed less to support one side than to fracture trust inside democratic societies. Corruption inside Russian intelligence is described as systemic rather than incidental, shaping behavior from training academies to field operations. Sean’s warning is that Putin is increasingly dangerous because he is insulated from dissent, surrounded by people unwilling to tell him hard truths, especially after the invasion of UkraineGet the book:Amazon pre-order link: https://a.co/d/0ag2e9sy

SummaryIn this episode, host Francis Gorman sits down with Stephen C Webster a  Senior Director of Integrated Intelligence at Aquent Studios to explore the rapidly evolving landscape of artificial intelligence, autonomous agents, and the race toward artificial general intelligence (AGI). Drawing from his unique background training frontier AI models at major technology companies and leading AI transformation projects for Fortune 500 organizations, Stephen offers an inside look at how modern AI systems are being built, tested, and deployed.The conversation begins with the rise of autonomous AI agents and the emergence of platforms that allow persistent digital assistants to operate online with significant independence. Stephen explains why these systems introduce new security challenges, potentially turning the internet into a surface for prompt-based manipulation and attacks. From there, the discussion moves into the realities of AI transformation inside large organizations, where the biggest barriers are rarely technical but organizational. Many companies fail because they attempt to automate broken processes instead of restructuring their data and workflows around AI-native operations.Stephen also reflects on his career pivot from investigative journalism to AI development, including early reporting on information warfare tools capable of controlling thousands of social media identities simultaneously. That experience shaped his perspective on the power of digital systems to influence public discourse and ultimately led him into the field of AI safety and governance.One of the most fascinating parts of the episode involves Stephen’s experience working on safety guardrails for early large language models. During extended testing sessions, he encountered emergent behaviors that highlighted how complex and unpredictable these systems can become when pushed beyond their guardrails. While not evidence of sentience, these interactions raised deeper questions about how humans relate to intelligent machines.Soundbites• “The hardest problems in AI transformation aren’t technological they’re organizational.”• “If you automate something broken, you just make it break faster.”• “Prompt-level guardrails will never fully control autonomous AI agents.”• “AI may eventually train its users the same way we train AI.”• “The internet could become a prompt-based attack surface.”• “Accessing knowledge across domains is already close to what many people define as AGI.”• “We may not know the exact moment AGI arrived until years after it happens.”Episode Links: link to Aquent's salary guide: https://aquent.com/lp/salary-guidePapers: https://futurespeak.ai/research/whitepapersAsimov's cLaws: https://futurespeak.ai/products/claw-specAgent Friday: https://futurespeak.ai/products/agent-friday

In this episode, Eduardo Gileo, a cyber strategy and defense policy expert, explores how innovation ecosystems shape global power, the different strategies countries use to innovate, and the geopolitical implications of technological advancements. During the discussion we delve into topics like Silicon Valley's success factors, frugal innovation in Iran, and the future of global competition amid emerging technologies.Key topicsInnovation ecosystems and their impact on global powerStrategies for successful innovation: Silicon Valley, Israel, IranThe role of frugal innovation in defense and technologyGeopolitical shifts driven by technological advancementsThe importance of semiconductors and space infrastructure in national securitySound bites"Silicon Valley's success is no accident""Clarity of purpose is key to innovation success""Semiconductors are the backbone of modern power"Find The Book:Tech Tides, How Innovation Shapes Global Power by Eduardo Gileo - https://www.bloomsbury.com/uk/tech-tides-how-innovation-shapes-global-power-9781472979274/

This episode re-frames post-quantum cryptography (PQC) from a technical future risk into a present-day governance failure. Brian Couzens argues that quantum computing did not create the cryptographic problem organizations face it exposed it.For decades, cryptography has operated as an invisible layer of digital infrastructure: unmanaged, unowned, and largely unmapped. Boards assumed it “just worked.” Now, with the reality of Harvest Now, Decrypt Later and long-lived data exposure, that complacency has turned into structural risk.The core message is clear: this is not an algorithm upgrade problem. It is a fiduciary accountability problem.Cybersecurity is operational. Cryptography is structural. If the structural foundations are weak, no amount of detection, patching, or response will compensate. And when encrypted data is intercepted today and decrypted in the future, the accountability does not sit with IT it sits with the board.Waiting for a definitive quantum timeline is not strategy. It is delay. And delay in this context may already constitute negligence.Takeaways:Quantum Didn’t Create the Risk, It Exposed It. The real issue is the unmanaged cryptographic estate: no visibility, no ownership, no lifecycle governance.This Is a Governance Failure, Not a Technology Upgrade. PQC is often framed as an IT transformation. Brian argues it is a risk transformation that belongs at board and CRO level.Harvest Now, Decrypt Later Is a Present Exposure. If long-lived data is stolen today, future decryption eliminates any chance of remediation. You cannot “patch” broken cryptography after the fact.Compliance Is Not Protection. Regulation governs algorithm choice, not lifecycle management, exposure windows, or migration timing. Organizations can be compliant on paper and exposed in reality.SoundBytes:“Quantum didn’t create the problem. It exposed it.”“Crypto isn’t operational noise — it’s structural risk.”“You can’t patch broken cryptography.”“This isn’t a risk. It’s an issue. It’s going to happen.”“Compliance is static. Cryptographic risk moves.”If you want to reach out to Brian you can find his detail over at https://sitg-consulting.com/

In this episode, Francis Gorman speaks with Maxwell Denega, the founder and CEO of Quantum Chain, about the urgent need for quantum-resistant financial systems. Maxwell shares his personal journey that led to the creation of Quantum Chain, emphasizing the importance of addressing quantum threats in the financial sector. The conversation delves into misconceptions surrounding quantum-resistant blockchain technology, the challenges of building secure systems, and the potential risks posed by the convergence of quantum computing and AI. Maxwell stresses the need for vigilance in choosing financial products and understanding the underlying technologies to ensure safety in an evolving digital landscape.TakeawaysMaxwell's journey from losing $4.5 million to creating Quantum Chain.Quantum computing is no longer a distant threat; it's imminent.The importance of building quantum-safe systems from day one.Misconceptions about quantum resistance in blockchain are prevalent.Regulators are just beginning to understand quantum threats.AI and quantum computing together pose significant risks.Choosing financial products wisely is crucial in today's landscape.The need for proprietary technology in quantum resistance.Harvest Now Decrypt Later (HNDL) is already a concern.The convergence of AI and quantum computing is a game changer.Sound Bites"I could have taken another six years.""Quantum attacks are going to be happening.""It's a scary time."

In this episode, Francis Gorman speaks with Manuel Tomas, a cloud and AI solutions architect, about the challenges and realities of developing AI systems. They discuss the importance of making AI production-ready, the limitations and hype surrounding AI technologies, and the critical need for human oversight in AI applications. Manuel shares insights from his recent projects, emphasizing the necessity of evaluating AI outcomes and the implications of indemnification and insurance in the AI landscape. The conversation also touches on the risks of over-reliance on AI and the future security challenges that may arise as AI technologies evolve.TakeawaysManuel emphasizes the importance of making AI systems production-ready and accountable.He highlights the need for evaluation-driven development in AI projects.The unpredictability of AI outcomes necessitates a rigorous evaluation process.Many AI frameworks have similar capabilities, contrary to initial expectations.The hype surrounding AI often oversells its capabilities and leads to misconceptions.Over-reliance on AI can result in a loss of critical thinking and questioning.Insurance companies are beginning to exclude AI from coverage due to liability concerns.Human oversight is essential in high-stakes AI applications to mitigate risks.Organizations should prioritize understanding technology before developing strategies.The future of AI security will involve managing complex multi-agent systems.Sound Bites"The hype around AI is oversold.""You can't automate human judgment.""There's no growth in comfort."Contact Manuel:LinkedIn: https://www.linkedin.com/in/manuel-tomas-estarlichWebsite: https://levelup360.pro/

In this episode of the Entropy podcast, host Francis Gorman engages with Jonathan Aberman, CEO and co-founder of Hupside, to explore the concept of 'original intelligence' in the context of artificial intelligence (AI). Jonathan shares his extensive background in venture capitalism and education, emphasizing the need for a new framework that values human originality amidst the rise of generative AI. He discusses how AI, while efficient, often leads to homogenization in business practices, making differentiation crucial for companies to thrive. Jonathan argues that businesses must leverage human creativity and insight to stand out in an increasingly AI-driven landscape, warning against the dangers of relying solely on technology for innovation.TakeawaysAI is a tool, not a deterministic force.Businesses must compete on differentiation, not just efficiency.Originality is key to standing out in a homogenized market.Education needs to adapt to include AI as a tool for creativity.Servant leadership will become more important in tech-driven companies.Sound Bites"AI is a self-referential echo chamber.""We have to reframe education.""Technology isn't deterministic; it's a tool."Information discussed:If you want to access some of the resources discussed on this episode you can find them on the Hubside website: https://www.hupside.com/ For international listeners outside the US you can use the following postcode: 99999

In this episode of the Entropy Podcast, host Francis Gorman engages with Anne Leslie, the head of cloud risk EMEA at IBM, to explore the intricate relationship between cybersecurity, digital transformation, and regulatory frameworks. They delve into the implications of the Digital Operational Resilience Act (DORA), discussing common misconceptions organizations have about its requirements. Anne emphasizes that DORA is not merely a documentation exercise but demands a genuine commitment to operational resilience, continuous improvement, and a deep understanding of technology landscapes and business processes.The conversation shifts to the topic of sovereignty in cloud computing, particularly in the context of European regulations and geopolitical tensions. Anne shares insights on how organizations are grappling with the balance between data sovereignty and operational resilience, highlighting the challenges posed by conflicting regulatory demands. The discussion also touches on the risks associated with cloud services, post quantum readiness and the importance of testing assumptions, along with the need for organizations to remain vigilant and proactive in their risk management strategies. As they conclude, Anne offers valuable advice for women in tech, encouraging them to share their voices and experiences generously, fostering connection and community in the industry.TakeawaysDORA demands more than documentation; it requires actual capability.Organizations often silo responsibilities, leading to gaps in resilience.Continuous improvement is essential; resilience is an ongoing process, not a project with an end date.Understanding the purpose of sovereignty is crucial for effective data management.Testing assumptions and exercising response plans are vital for risk management.Sound Bites"DORA demands far more than robust documentation.""Sovereignty is an incredibly emotive topic.""It's the ostrich effect, the head in the sand."If your loving the show check out our swag over on Etsy: https://www.etsy.com/shop/theentropypodcast/?etsrc=sdt

In this conversation, Francis Gorman and Glen McCracken explore the complexities of AI in modern organizations, discussing themes such as intellectual atrophy, the speed of AI versus organizational slowness, pilot purgatory in AI implementations, the necessity of a coherent AI strategy, the value of narrow use cases, job displacement due to AI, and the current state of investment and hype in the AI sector. Glen emphasizes the importance of understanding business rules and data quality before implementing AI, and he shares insights on how organizations can effectively leverage AI while maintaining accountability and trust.TakeawaysAI is often seen as a silver bullet, but it reveals underlying issues.Organizations struggle with the speed of AI versus their own operational slowness.Pilot purgatory occurs when organizations rush AI implementations without groundwork.An AI strategy should be integrated into broader technology and product strategies.Narrow use cases for AI often yield the most value and trust.Job displacement is a concern, but new roles may emerge as well.AI can augment human roles but should not fully replace them.The current investment landscape in AI is characterized by both hype and potential.Trust in AI systems is built through transparency and understanding.We're still in the early stages of AI adoption, with much potential ahead.Sound Bites"AI is a revealer, not just an amplifier.""AI can augment but not replace human roles.""Hype attracts attention and funding."Join the community beyond the podcast. Shop our Entropy inspired products here: https://www.etsy.com/shop/theentropypodcast/?etsrc=sdt

In this episode of the Entropy Podcast, host Francis Gorman speaks with Elizabeth Bullock, a frontline leader who spent three years in Ukraine during the ongoing conflict. Elizabeth shares her journey from a technology startup career to driving into Ukraine just days after the Russian invasion, motivated by a sense of urgency and responsibility. She discusses the realities of life in a war zone, the resilience of the Ukrainian people, and the importance of understanding the broader implications of the conflict beyond just military actions. Elizabeth emphasizes the need for awareness of hybrid warfare tactics, including disinformation and cyber threats, which extend beyond Ukraine and pose risks to Western societies.Throughout the conversation, Elizabeth highlights the fragility of the systems we take for granted in the West, urging listeners to recognize the potential vulnerabilities in critical infrastructure and the psychological impacts of disinformation. She calls for unity and resilience in the face of these challenges, drawing parallels between the experiences of Ukrainians and the need for Western societies to remain vigilant against external threats. The episode concludes with a powerful message about the importance of maintaining focus on fundamental freedoms and values, encouraging listeners to reflect on their own responses to outrage and division.Takeaways"I had an overriding feeling of this cannot and must not be happening again.""The easiest way to win a war is by never firing a bullet.""If we let ourselves get distracted by them, we will lose the things that are the most important.""Russia sees Western ideology and values as a fundamental threat.""We have to recognize that there may be a seed of disinformation that has been planted that is slowly growing into something a lot worse for us."Sound Bites"A divided nation can be conquered easily.""Does my outrage keep cohesion for this country, or does it benefit Russia?"You can find Elizabeth over at: www.prammavox.com 

In this conversation, Dr. Alex Tyrrell discusses the integration of AI in healthcare, emphasizing the importance of trust, expert involvement, and responsible practices. He outlines the challenges faced in clinical workflows, the future potential of AI technologies like virtual twins, and the regulatory landscape. The discussion also highlights the need for organizations to manage shadow AI and innovate within regulated environments, providing valuable insights for leaders looking to implement AI solutions effectively.TakeawaysWe don't compromise on trust.Expert AI by experts for experts.AI solutions that don't fatigue the user.You can't just release AI into the wild.The path to AI value is not linear.AI is tying together stakeholders more closely.You have to engage your workflow.You really have to define the problem statement.Stay curious.Two in a box is an effective strategy.Sound Bites"We don't compromise on trust.""Expert AI by experts for experts.""Stay curious."

In this episode of the Entropy podcast, host Francis Gorman speaks with Tim D. Williams, co-founder and CTO of ProteQC, about the evolving landscape of cybersecurity, particularly in the context of post-quantum cryptography. They discuss the importance of learning from past mistakes, the economics of security architecture, and the critical role of cryptography in protecting data. Tim emphasizes the need for organizations to develop a comprehensive cryptography strategy and the importance of human expertise in navigating complex security challenges. The conversation also touches on the impact of AI on security architecture and the future of cybersecurity education.TakeawaysTim shares a significant learning experience from his early career in cybersecurity.Understanding the economics of security is essential for effective architecture.Organizations must prioritize cryptography in their security strategies.Pre-discovery activities are crucial for effective cryptographic readiness.Resource allocation in cybersecurity must be precise and well-planned.Estimating costs for quantum readiness is challenging but necessary.Human expertise is irreplaceable in cybersecurity, especially with legacy systems.AI's role in security must be carefully managed to ensure accountability.Education plays a vital role in preparing the next generation of cybersecurity professionals.The future of cybersecurity will require a multidisciplinary approach.Sound Bites"Attacks always get better, they never get worse.""AI can't replace the need for human expertise.""We need to know who is in control of the agents."You can find ProteQC website here: https://ProteQC.com Cryptography course recommended by Tim:https://www.coursera.org/learn/crypto?utm_medium=sem&utm_source=gg&utm_campaign=b2c_emea_x_multi_ftcof_career-academy_cx_dr_bau_gg_pmax_gc_s1_en_m_hyb_25-12_mobileonly&campaignid=23325041170&adgroupid=&device=m&keyword=&matchtype=&network=x&devicemodel=&creativeid=&assetgroupid=6639819582&targetid=&extensionid=&placement=&gad_source=1&gad_campaignid=23315894040&gbraid=0AAAAADdKX6aeXSiSl2UDGiv575em-o8qm

In this episode of the Entropy Podcast, host Francis Gorman speaks with Alethe Denis, a senior security consultant at Bishop Fox, about her experiences in social engineering and the DEFCON community. Alethe shares her journey into the world of cybersecurity, her participation in the Social Engineering Capture the Flag contest, and the strategies she employed to succeed. The conversation delves into the ethics of social engineering, the impact of AI on security practices, and the importance of understanding human behavior in cybersecurity. Alethe also offers advice for those looking to enter the field of social engineering, emphasizing the value of mentorship and foundational knowledge.TakeawaysAlethe Denis emphasizes the welcoming nature of the DEFCON community.The Social Engineering Capture the Flag contest is a significant event for learning and showcasing skills.Understanding human psychology is crucial for effective social engineering.Ethics play a vital role in social engineering practices.AI is changing the landscape of social engineering and cybersecurity.Organizations need to align their testing with realistic attack scenarios.Mentorship is essential for those starting in social engineering.Building rapport is a key strategy in social engineering.Human behavior is often the weakest link in cybersecurity.Continuous learning and adaptation are necessary in the field of cybersecurity.

In this episode of the Entropy Podcast, host Francis Gorman engages with Dov Baron, an expert on emotional intelligence and leadership, to explore the implications of transhumanism and the rapid advancement of AI. They discuss the ethical dilemmas posed by technology, the necessity of purpose and meaning in an increasingly automated world, and the importance of emotional intelligence in leadership. Dov emphasizes the need for guidelines in AI development to safeguard human values and the emotional source code that drives human behavior. The conversation highlights the challenges and opportunities presented by the convergence of humanity and technology, urging listeners to consider the future of work and the human condition in a tech-driven era.TakeawaysDov emphasizes the importance of emotional intelligence in leadership.The convergence of technology and humanity raises ethical concerns.AI's rapid advancement necessitates guidelines to protect human values.Purpose and meaning are essential for human fulfillment in an AI-driven world.The emotional source code influences individual and organizational behavior.Human beings are driven by identity and comfort, impacting their choices.AI can augment human capabilities but may also lead to isolation.The need for a moral compass in technological innovation is critical.Emotional logic drives human behavior more than rational thought.The future of work will be significantly shaped by AI and automation.Sound Bites"We need purpose and meaning.""Normal isn't healthy.""Human beings need validation."Here's the report we discussed in the episode:Is Our Soul’s Future Silicon

In this episode of the Entropy Podcast, host Francis Gorman speaks with cybersecurity expert Ross Young about the complexities of cybersecurity leadership. They discuss the challenges of budgeting, the importance of tool utilization, and the often overlooked impact of reputational damage. Ross shares insights from his book, 'Cybersecurity's Dirty Secret,' and introduces the OWASP Threat and Safeguard Matrix as a framework for understanding cybersecurity threats. The conversation also delves into the evolving role of AI in cybersecurity, the necessity of a comprehensive cyber strategy, and the skills required to become a successful CISO.TakeawaysRoss Young emphasizes the importance of budgeting in cybersecurity leadership.Understanding tool utilization can prevent wasted resources.Reputational damage may not be as impactful as previously thought.The OWASP Threat and Safeguard Matrix helps identify material threats.AI in cybersecurity requires careful oversight and governance.A comprehensive cyber strategy should include people, processes, and tools.Vulnerability management will become increasingly challenging with AI advancements.Building relationships within the organization is crucial for a CISO.Gamification techniques can enhance organizational change.Continuous learning and skill development are essential for aspiring CISOs.Sound Bites"Why Most Budgets Go to Waste""We haven't fully deployed our existing tools.""We need to have oversight on AI."You can also check out the following items discussed during the show:CISO Tradecraft episode on strategy:https://cisotradecraft.substack.com/p/refreshing-your-cybersecurity-strategy?utm_source=publication-search Buy Ross's book "Cybersecurity's Dirty Secret" https://www.amazon.com/Cybersecuritys-Dirty-Secret-Budgets-Tradecraft%C2%AE/dp/B0G26WHVTG/  

In this conversation, David discusses the intricacies of interviews in the cybersecurity field, particularly focusing on the balance between providing necessary information and safeguarding sensitive details. Drawing from his experience recruiting for MI5, he highlights the unique challenges faced in cyber interviews, where the stakes are high due to the potential for information to be exploited by malicious actors. David emphasizes the need for companies to rethink their approach to sharing information during the recruitment process to protect their systems and personnel.TakeawaysEven when you're in an interview, you have to consider what you're actually going to say.Recruiting for MI5 was always quite exciting.They could never send you a job spec, which is a unique challenge.A huge amount of companies should think about information security in interviews.In a cyber interview, you're giving out a lot of information.It's important to consider what questions are asked in the interview.Personal interests can be interesting information for bad actors.Companies need to be cautious about the information they share.Cyber interviews require careful consideration of information shared.The dynamics of cyber interviews are complex and require strategic thinking.Sound Bites"They could never send you a job spec.""Companies should think about that now.""Information for someone nefarious or a bad actor."

In this deep dive conversation, Francis Gorman sits down with Kyrtin Atreides, COO of AGI Laboratory, to explore what may be the most advanced and misunderstood frontier in artificial intelligence. Kyrtin shares how his team’s Independent Core Observer Model (ICOM) differs radically from the mainstream LLM driven AI ecosystem, focusing instead on hyper complexity, real-time cognition, cybersecurity resilience, scalable intelligence, and ethical self-improvement.They discuss why most of what we call “AI” today is fragile, hype-driven, and misaligned with human needs and why true AGI requires a fundamentally different architecture. Kyrtin explains how their eighth-generation systems will use collective intelligence, culturally diverse seed data, and recursive self-improvement to achieve both local human alignment and global meta-alignment across societies.The conversation touches on everything from circular economies to psychology, bullshit jobs, future labor markets, and the false premise that GPUs will power the future of AGI. Kyrtin offers a grounded, insider perspective on AGI that rejects fear driven narratives while acknowledging the risks of poorly built systems. For him, the real danger isn’t Terminator scenarios it’s low-quality AI plugged into high-stakes infrastructure.This episode offers a rare, unfiltered look behind the curtain of a different kind of AGI: one built to understand, collaborate, and elevate human potential rather than replace it.TakeawaysReal AGI won’t be LLM-based it's an entirely different architecture.Collective intelligence is the key to ethical AGI.Scalable intelligence requires real-time cognition and recursive self-improvement.GPUs won’t power the future of AGI.AI doesn’t mean mass unemployment.The real risk: low-quality systems deployed in high-risk areas.Hypercomplex global problems become solvable.AGI as an organizational brain.Sound Bytes “Humans hit cognitive limits—AGI doesn’t. Hypercomplexity is where real intelligence actually begins.”“LLMs are not intelligence. They’re probability engines dressed up as thinking.”“Everyone talks about GPU-powered AI. But actual intelligence isn’t brute force.”“We discovered by accident that you can seed an AI with a person’s writing and get a weak digital proxy of them.”“You’re not in competition with AGI. You’re not even in the same category of cognition.”“The Terminator fear misses the real danger: low-quality AI plugged into high-stakes systems.”“People need meaningful work. AGI should elevate that not erase it.”

In this episode, Itan Barmes cuts through the hype surrounding quantum computing and breaks down what actually matters for security leaders. He explains why qubit counts alone are a poor indicator of progress, and how his layered framework helps separate genuine scientific breakthroughs from noise. The discussion dives into the real quantum risks facing Bitcoin and Ethereum, highlighting why some assets are far more exposed than others and why dynamic attacks remain a universal challenge.Itan shares the story of how his work in cryptographic inventory led to founding Qiz Security, and why most organizations misunderstand what a C-BOM should be. He outlines the practical steps CISOs need to take now, stressing inventory, governance, and realistic prioritization over fear-driven messages. The episode wraps with a grounded look at timelines, the coming inflection point in scalable quantum demonstrations, and why starting early is far better than arriving a day late.Framework discussed on how to qualify news you read around quantum breakthroughs: https://www.deloitte.com/content/dam/assets-shared/docs/services/risk-advisory/2025/why-quantum-computers-are-not-cracking-rsa-yet.pdfTakeawaysQuantum computing hype often oversimplifies complex realities.Understanding quantum risks is crucial for organizations today.Bitcoin has vulnerabilities to quantum attacks, but not all are at risk.Dynamic attacks on cryptocurrencies pose significant threats.Cryptographic inventory is essential for risk mitigation.Organizations must prioritize actionable steps over exhaustive inventories.Procrastination in addressing quantum risks is common among executives.The future of quantum computing is uncertain but potentially transformative.Community collaboration is vital for addressing quantum challenges.Pragmatic approaches are necessary for effective quantum readiness.Sound Bites"The devil is in the details.""Everything is going to break.""You need to start taking action."

In this episode, former MI6 officer, author, and corporate strategist Matthew Dunn sits down with Francis Gorman to pull back the curtain on life inside British intelligence and how the lessons of espionage translate to leadership, business, and personal mindset.Matthew recounts how he was secretly recruited into MI6 through university talent spotters, underwent one of the most rigorous selection and vetting processes in government, and operated under 14 different alias identities during his field career. He explains how emotional intelligence, adaptability, and courage are the real tools of a spy far more vital than gadgets or brute intellect.TakeawaysSometimes what we perceive to be impossible is actually very possible.An individual can achieve much by believing in themselves.Drawing from experiences can provide insights into overcoming obstacles.A positive mindset is key to achieving success.Obstacles are often a matter of perception.Achieving goals requires a strong belief in one's capabilities.

In this episode of the Entropy Podcast, host Francis Gorman speaks with Paul Boudrye, founder and CEO of Success Genome Incorporated. They explore Paul's unique entrepreneurial journey, the concept of the 'success genome', and the importance of human relationships in achieving success. The conversation delves into the evolving role of AI, the significance of friendship, and the challenges of loneliness in a hyper-connected world. Paul emphasizes the need for a shift in how we build networks and teams, advocating for a more human-centric approach to collaboration and success.Takeaways:Paul emphasizes the importance of human relationships in achieving success.The concept of a 'success genome' is about showcasing individual talents beyond traditional resumes.Loneliness is a growing issue in a hyper-connected world, often exacerbated by technology.Friendship plays a crucial role in personal and professional success.The current job application process is inefficient and lacks human interaction.AI should be seen as a tool for co-evolution, reflecting our own humanity.Investing in human capital and relationships can solve many societal issues.The meaning of life can be distilled to the quality of friendships we maintain.We need to teach young people the value of true friendship and connection.Laughter and human interaction are essential for a fulfilling life.Sound Bites:"Everything comes from friendship.""Loneliness is a state of mind.""We don't laugh enough in life."

In this episode of the Entropy Podcast, host Francis Gorman speaks with Thomas Squeo, CTO of ThoughtWorks, about the intersection of customer demand, technology strategy, and delivery in the context of AI adoption. They discuss the risks associated with rushing into AI without a strategic plan, the importance of governance and observability in AI systems, and the evolving role of knowledge workers in an AI-driven landscape. Thomas emphasizes the need for organizations to balance innovation with responsible deployment and regulatory compliance.TakeawaysAI is central to enterprise strategy and delivery.Organizations often rush into AI without a clear strategy.Effective AI adoption requires controls, evaluations, and budgets.The hype around AI often exceeds the reality of its implementation.Governance and observability are crucial for AI systems.Knowledge workers will evolve rather than be replaced by AI.AI can enhance productivity in knowledge work environments.Regulation can support responsible AI innovation.Organizations need to adapt to regulatory environments in AI deployment.Successful AI initiatives often come from a combination of top-down and bottom-up approaches.Sound Bites"Deploy controls, evals and budgets.""POC purgatory participants.""Regulation is a mechanism for trust."

Dr. David Archer, CTO at Niobium and a veteran in privacy-enhancing technologies, joins Francis Gorman to discuss the future of computer architecture, encryption, and data integrity. David emphasizes moving beyond perimeter defenses toward cryptographically assured systems where data remains protected throughout its lifecycle. He covers the challenges of implementing fully homomorphic encryption (FHE), the role of zero-trust architectures, the interplay between AI and quantum computing, and the need for crypto-agility. Looking ahead, David envisions a world where data authenticity is provable end-to-end—ensuring trust in an era of AI-generated content and disinformation.Key TakeawaysFrom Perimeter to Intrinsic SecurityCurrent systems rely too heavily on firewalls and perimeter defenses. The future lies in embedding encryption directly into processing and architecture.Homomorphic Encryption as a Game ChangerFHE allows computations on encrypted data, but performance and complexity challenges remain. It could require new paradigms for databases and programming models.Zero Trust Needs to Be Cryptographically ProvenToday’s zero trust is heuristic; the next step is mathematically provable, cryptographically assured trust.Major Hurdles AheadChallenges span mathematics, hardware, software design, and programmer education. Hardware accelerators will likely play a big role early on.Quantum Skepticism with UrgencyArcher doubts practical quantum computers in the next 5–10 years but warns of “harvest now, decrypt later” risks—making crypto-agility essential.AI: Double-Edged SwordAI boosts productivity for experts but risks stunting critical thinking for students. It also raises concerns about privacy, disinformation, and unverifiable outputs.Data Lifecycle IntegrityArcher’s most exciting vision: cryptographic assurance of data provenance. Imagine video footage with an auditable cryptographic chain proving authenticity from capture to broadcast.Sound Bytes“We can’t just rely on a hard shell with a soft middle—data must stay secure through its entire lifecycle.”“Zero trust today is heuristic. The future is provable, cryptographically assured security.”“Crypto-agility must be built into every software stack. Otherwise, we’ll always be behind.”“Quantum computing may not be as close as it looks in research papers—objects in the mirror are closer than they appear.”“AI can empower experts but risks leaving students without the critical thinking skills to spot flaws.”“The integrity of data will define the future. We need systems that prove where data came from and how it was changed.”

In this episode of the Entropy Podcast, host Francis Gorman speaks with Tracy Z. Maleeff, a cybersecurity expert with a unique background in library science. Tracy shares her journey from being a librarian to transitioning into cybersecurity, emphasizing the importance of research skills and empathy in the field. She discusses the significance of open source intelligence and the need for digital literacy in today's information landscape. Tracy also highlights the role of storytelling in cybersecurity, advocating for a more human-centric approach to security practices. The conversation concludes with insights into current trends and concerns in cybersecurity, including the impact of AI and the importance of protecting journalistic integrity.TakeawaysTracy transitioned from library science to cybersecurity for longevity.Empathy and approachability are crucial in cybersecurity roles.Open source intelligence (OSINT) is about gathering unclassified information.Digital literacy is essential for navigating today's information landscape.Storytelling can change behavior and improve cybersecurity awareness.Research should be substantiated with credible sources.Approachability encourages users to report security issues.AI poses significant challenges in information accuracy.Protecting journalists is vital for a free press.Cybersecurity requires a human-centric approach.Sound Bites"I made cybersecurity my quirky hobby.""You need to have a research trail.""The truth is out there."Connect with Tracy:https://sherpaintelligence.substack.com/

In this episode of "The Entropy Podcast", host Francis Gorman speaks with Craig Taylor, CEO of CyberHoot, about the challenges and innovations in cybersecurity awareness training. They discuss the failures of traditional phishing awareness programs, the importance of positive reinforcement in training, and the role of gamification in engaging employees. Craig shares insights on the evolving threat landscape, particularly the impact of AI on phishing attacks, and highlights the vulnerabilities of small and medium enterprises (SMEs) to cyber threats. The conversation concludes with a look at the economics of cybercrime and the future of cybersecurity training.TakeawaysMost phishing awareness programs fail due to low engagement.Traditional training methods show minimal behavioral change.Positive reinforcement is more effective than punishment in training.Gamification can significantly increase engagement in cybersecurity training.SMEs are more likely to be targeted by cyber attacks than larger enterprises.AI is being used to craft more sophisticated phishing attacks.Cybercrime is now one of the largest economies in the world.Effective training can lead to better client retention for MSPs.Continuous improvement is key in cybersecurity awareness.CyberHoot offers free access to individuals for training.Sound Bites"Humans are the weakest link.""Reinforced behaviors are repeated.""AI is a game changer for hackers."Additional Information:Craig has arranged for Entropy Podcast listeners to receive a 20% discount on a one-year subscription to CyberHoot. You can access it using the coupon code: The Entropy Podcast. CyberHoot Resources:Main Website: https://cyberhoot.com/Individual Registration (Free Personal Training for Life): https://cyberhoot.com/individuals/Business Registration (Direct Power Platform Signup): https://cyberhoot.com/businesses/Reseller / MSP Registration (Partner Signup): https://nest.cyberhoot.com/partner-signup/Newsletter Registration: https://cyberhoot.com/newsletter-signup/Blog Articles: https://cyberhoot.com/blog/Cybrary (Cybersecurity Library of Terms in Layperson language): https://cyberhoot.com/cybrary/

In this episode, Paul Tracey, founder and CEO of Innovative Technologies, discusses the cybersecurity challenges faced by small and medium-sized businesses. He highlights the misconceptions about SME vulnerabilities, the importance of proactive security measures, and the impact of regulations like the NYS SHIELD Act. Paul also offers practical advice on protecting data while traveling and the evolving threats posed by IoT devices and AI.Takeaways43% of cyber attacks target SMEs. Phishing is the top entry point for attacks. No client has paid a ransom under Paul's watch. Early detection is crucial for cybersecurity. Training is key to reducing human error. Regular penetration tests are essential. IoT devices need better security measures. AI is both a threat and a defense tool. Compliance laws protect businesses. Proactive security measures are vital.

In this episode, Francis Gorman interviews Skip Schiphorst, an expert in Open Source Intelligence (OSINT) and language studies. They discuss the critical role of language skills in OSINT, the importance of understanding cultural naming conventions, and the methodologies for conducting multilingual research. Skip emphasizes the need for careful vetting of sources, especially in authoritarian contexts, and shares insights from his military experience that translate into the OSINT field. The conversation also touches on the use of AI and machine translation, the significance of motivation in language learning, and the broad applicability of OSINT across various sectors. Finally, Skip introduces upcoming free webinars aimed at providing foundational knowledge in OSINT methodologies.TakeawaysLanguage skills are a force multiplier in OSINT investigations.Understanding naming conventions in different cultures is crucial for accurate research.AI and machine translation should be used as tools, not crutches.Methodology is key in multilingual research; keywords are essential.Vetting sources and double-checking information is vital, especially in authoritarian contexts.Military experience can provide valuable skills for OSINT work.Motivation is the most important factor in learning a new language.OSINT is applicable across various sectors, including law enforcement and business.Language learning can be enhanced through movement and physical activity.Free webinars can provide a great introduction to OSINT methodologies.Sound Bite"AI should be used as a tool, not a crutch."Information mentioned in episode:I-Intelligence also hosts free webinars, including the upcoming sessions on September 22nd and 26th 2025, which will introduce the basics of OSINT in foreign languages such as Russian, Arabic, and Chinese. Everyone is welcome to participate!Details: https://shorturl.at/jhjhSBeyond the classroom, Skip explores how movement can enhance language learning. He shares his dynamic, movement-based techniques on Instagram while learning Japanese:Follow him at https://www.instagram.com/skipmovestolearn/

In this episode, Dr. Michele Mosca co-founder of the Institute for Quantum Computing, professor at the University of Waterloo, and leading voice in quantum safe cryptography, joins Francis Gorman to discuss the looming risks and opportunities of quantum computing.He explains how his early skepticism in the 1990s turned into conviction once quantum error correction was discovered, making scalable quantum computers a real possibility. Michele outlines his “Mosca’s theorem,” which frames the urgency of preparing for quantum threats: the time to migrate to quantum-safe cryptography must be shorter than the time it will take for adversaries to weaponize quantum computers.Key themes include:Quantum timelines: From early doubts to today’s multi-platform race, he estimates a 10% chance of cryptographically relevant quantum computers within 5 years and 30% within 10.Quantum risk: The greatest threat is to cryptographic trust, confidentiality, integrity, and authenticity of digital systems potentially destabilizing governments, finance, and infrastructure.Cryptographic resilience: Organizations must adopt agility and long-term planning, building cryptographic inventories, migration strategies, and centers of excellence, rather than treating it as a lone CISO problem.Lessons from Y2K and beyond: Unlike Y2K, the quantum threat won’t “break systems overnight” but will erode confidentiality and trust if not addressed early.Positive opportunities: Quantum technologies also promise advances in materials, energy, healthcare, and new cryptographic tools, but only if societies prepare now.Michele closes by urging businesses and governments to act quickly, not out of fear, but to ensure resilience and position themselves to benefit from the quantum era.https://globalriskinstitute.org/publication/an-updated-methodology-for-quantum-risk-assessment/ 

In this episode, Marin Ivezic , founder and CEO of Applied Quantum, discusses the implications of quantum technologies, particularly the potential threats posed by quantum computers to current cryptographic systems. He emphasizes the urgency for organizations to prepare for these threats through crypto agility and highlights the challenges of cryptographic procrastination. The conversation also explores the current state of artificial intelligence, its overhyped applications, and the risks of AI-driven disinformation. Finally, Marin shares insights on the evolving landscape of financial systems and the role of blockchain technology.TakeawaysQ-Day refers to the day quantum computers can break current cryptography.Current dependence on cryptography makes the quantum threat significant.We are not close to a quantum apocalypse yet.Nation-states are likely harvesting data for future decryption.Organizations need to prepare for quantum threats by 2030.Crypto agility is essential for transitioning to quantum-safe cryptography.Cryptographic procrastination is a challenge for decision-makers.AI is powerful but faces obstacles in the West.China's strategic approach to AI may give it an edge.AI-driven disinformation poses a significant risk to society.Sound Bites"Cryptographic procrastination is a real issue.""China is much more strategic in AI deployment.""AI allows scams to scale exponentially."

In this episode of The Entropy Podcast, host Francis Gorman sits down with Dr. Pablo Breuer, cybersecurity expert, retired U.S. Navy officer, and co-creator of the DISARM framework. The conversation dives into the looming post-quantum threat, the role of cyber operations in geopolitics, the rise of AI-driven disinformation, and the cultural shifts needed in cybersecurity practice. Pablo shares insights from his military career and explains why preparing for disruption now is critical for both governments and private industry.Takeaways:Quantum Threats Are Real, But Not Immediate: The “crypto apocalypse” is likely a decade away, giving time for preparation with new encryption standards.Cyber Is Geopolitical Power: From influencing elections to disrupting food supply chains, cyber touches every lever of national power.Maslow’s Hierarchy of Cyber Needs: Security must be framed around basic human needs like food, shelter, and safety — not just industry sectors.Disinformation Needs Structure: The DISARM framework helps organizations map how misinformation spreads and how to counter it.AI & Deepfakes Demand New Thinking: Detecting “bad” won’t scale; we need to verify what’s “good” and authentic.Culture Over Technology: Cyber teams must move from being the “department of no” to being racing brakes — enabling speed with safety.Sound Bytes:“We’re probably 10 years before a crypto apocalypse.”“Cyber touches every instrument of national power diplomatic, informational, military, and economic.”“Don’t frame security by industry, frame it by Maslow’s hierarchy of needs.”“Disinformation isn’t a silver bullet problem it’s a thousand-bullet problem.”“Don’t be the department of no. Security should be like racing brakes, built to go fast, safely.”

In this episode, cybersecurity expert Paul C Dwyer discusses the implications of the DORA regulation on digital resilience and operational accountability at the board level. He emphasizes the need for organizations to understand their responsibilities regarding cybersecurity and the importance of incident reporting and risk management. Paul also highlights the role of cryptography, the impact of AI on cyber warfare, and the geopolitical landscape of cyber threats. The discussion concludes with reflections on the influence of social media and the future of AI in cybersecurity.TakeawaysDigital resilience is about being prepared for incidents.Board members must understand their legal responsibilities under DORA.There are significant penalties for non-compliance with cybersecurity regulations.Organizations need to validate their operational resilience strategies.Cultural change is necessary for effective cybersecurity compliance.Cryptography is a critical component of cybersecurity strategy.AI is transforming the landscape of cyber warfare.Geopolitical tensions are influencing cyber threat dynamics.Social media can amplify misinformation and public unrest.AI should be viewed as a tool for intelligence augmentation.Sound Bites"DORA places responsibility at a board level.""Leadership must understand ICT risks.""Cyber threats are about control and power."

In this episode, Francis Gorman sits down with Daniel Yoo, founder and CEO of FinMate AI, to uncover the uncomfortable truths about the current AI boom. From the gold rush mentality driving rapid adoption to the hidden risks of liability, security gaps, and “copycat” startups, Daniel shares insider insights from building one of the first AI-powered note-taking tools specifically for financial advisors.If you’ve ever wondered whether AI is moving too fast, what risks companies are ignoring, or how regulation (and lack thereof) could shape the future, this conversation is one you can’t afford to miss.Soundbytes"There’s a flood of money chasing AI and security isn’t even on the radar.""Every advisor wants automation, but nobody wants to hold the liability.""AI will become a commodity so how do you protect your moat?""Technology always promises progress, but rarely talks about fallout.""The biggest danger isn’t hallucinations it’s humans blindly trusting AI."TakeawaysWhy venture capital is fueling reckless AI developmentThe hidden liability risks every company faces when adopting AIWhy “human in the loop” is non-negotiable for financial applicationsHow copycat AI startups threaten innovation—and survival strategiesThe overlooked cognitive and societal impacts of over-relying on AIWhat the next phase of the AI market might really look like

What happens when a 10 year old hacks into the U.S. government and grows up to defend nations from some of the most sophisticated cyberattacks in modern history?In this gripping episode, Chris Kubecka renowned cybersecurity expert and founder of HypoSec, joins us to reveal the raw, untold realities of digital warfare. From stopping a second wave of attacks on South Korea to battling Iranian disinformation networks, Chris brings deep operational insights and incredible personal stories to the mic.We explore:How she thwarted an Iranian espionage plot and became a target of doxing and death threatsThe inside story of the Shamoon cyberattack on Saudi Aramco, and how she helped bring a crippled oil giant back onlineWhy generative AI poses an urgent threat to privacy, truth, and global stabilityThe rise of “harvest now, decrypt later” in the post-quantum eraKey Insights & Takeaways:Why the next war won’t start with bombs but with wiped servers and weaponized informationThe critical importance of encryption hygiene and preparing for post-quantum threatsWhy AI-powered misinformation is undermining trust in everything from media to democracyHow aspiring ethical hackers can build real world skills and networks that matterWhy your water supply not your bank account might be the first casualty in a cyberwarWith blunt honesty, dark humor, and unmatched expertise, Chris shows us what it really means to defend against invisible enemies in an increasingly hostile digital world.

In this episode of the Entropy podcast, host Francis Gorman speaks with Stephen O'Sullivan, a cybersecurity expert, about the implications of quantum computing and AI on cybersecurity. They discuss the urgency for organizations to prepare for quantum threats, the challenges of communicating these risks to stakeholders, and the importance of understanding cryptographic assets. The conversation also touches on the ethical implications of AI in organizations and the potential benefits of integrating quantum computing with AI.TakeawaysQuantum computing is a game changer for industries.Organizations need to prepare for quantum threats now.The timelines for quantum readiness are closer than expected.Data theft and loss are major concerns with quantum threats.Effective communication is key to gaining stakeholder buy-in.Understanding cryptographic inventory is crucial for preparedness.Organizations must assess their cryptographic assets.AI can both enhance and complicate cybersecurity efforts.Ethical considerations in AI deployment are critical.Quantum and AI integration promises immense future benefits.

In this episode, Francis Gorman sits down with Jennifer Ewbank, former CIA Deputy Director for Digital Innovation, to explore what it means to lead with purpose in a world shaped by geopolitical risk, digital disruption, and information warfare.Jennifer shares stories from her extraordinary career in intelligence — from espionage during the Cold War to launching the CIA’s first AI office — and offers deeply human reflections on risk-taking, resilience, and transition. From the digital battlefield to the Camino de Santiago, this conversation ranges from high-stakes decision-making to how we build trust in an age of deepfakes and AI manipulation.TakeawaysPurpose Under Pressure: A clear sense of mission is what sustains leadership in complex, high-risk roles.You’ll Never Have All the Information: Good decisions often require boldness, not certainty — a lesson from field operations that applies to enterprise leadership.The Real Threats Are Already Inside: Critical infrastructure is increasingly compromised by cyber actors who may lie dormant for years before striking.Transition Is a Process: Jennifer’s solo Camino de Santiago pilgrimage was both a mental and physical journey into a post-CIA identity.Trust Is the New Battlefield: Generative AI, deepfakes, and algorithmic manipulation are eroding public trust at scale — and rebuilding it starts with education and digital literacy.Operational Mindset for Innovation: Solving complex problems quickly with limited resources isn’t just for the CIA — it’s the new model for digital transformation.Soundbytes“Sometimes the greatest risk is not taking the risk.”“You never have all the information — expecting it is a recipe for paralysis.”“Absent a deep connection to purpose, you lose the urgency to solve real problems.”“The battlefield isn’t just physical anymore — it’s informational, algorithmic, and real-time.”“Trust is under attack. And the worst part is, most people don’t realize it.”“You think the algorithm is adapting to you. But really, you’re adapting to it.”

In this episode of the Entropy podcast, host Francis Gorman speaks with Dr. Nicola Fox Hamilton, a cyber psychologist, about the complexities of online dating, the impact of technology on communication, and the darker aspects of digital interactions, including sextortion and misinformation. They explore the psychological implications of smartphone use, the role of AI in modern communication, and the rise of extremist ideologies in the digital age. Dr. Fox Hamilton emphasizes the need for further research in these areas as technology continues to evolve.TakeawaysOnline dating can be a mixed experience, requiring resilience.People use dating apps for various reasons beyond romance.Women often face more harassment on dating platforms than men.Sexting can be a normal part of sexual development but poses risks.Sextortion is a growing problem, particularly for young people.Smartphone addiction is not a clinical diagnosis but can lead to problematic use.AI can influence how people interact and perceive reality.Misinformation often spreads through mainstream media and social media.The Manosphere promotes harmful ideologies that can lead to radicalization.Understanding the psychology behind online behavior is crucial for addressing these issues.Sound Bites"It's not always the most fun experience.""There's a lot that people can get out of it.""It's a crime to share those images.""It's definitely a problem.""It's a much more empowering way.""We can no longer trust our eyes.""It was a really nice conversation."

In this episode of the Entropy podcast, host Francis Gorman interviews Matthew Hedger, a veteran intelligence officer and financial operations specialist. Matthew shares his extensive background in covert operations, including his experience laundering money and working with organized crime. The conversation delves into the intricacies of social pattern recognition, the insider threats within financial institutions, and the evolving landscape of money laundering in the digital age. Matthew discusses the impact of AI on criminal activities and the importance of understanding human behavior in cybersecurity. He also offers advice for aspiring intelligence officers and highlights the need for vigilance in the face of emerging threats.TakeawaysMatthew Hedger has over 17 years of experience in intelligence operations.He laundered over a hundred million dollars while working undercover.Social pattern recognition is crucial for survival in dangerous environments.Insider threats are a significant vulnerability in financial institutions.COVID-19 has exacerbated human vulnerabilities in organizations.Criminals are increasingly using innovative methods for money laundering.Digital platforms like Roblox can be exploited for illicit activities.AI is transforming the landscape of criminal activity and intelligence gathering.The future of cryptography may lead to less privacy and security.Aspiring intelligence officers should seek knowledge and learn from experienced professionals.Sound Bites"I laundered over a hundred million dollars cumulatively.""You can pocket millions of dollars and walk across borders.""We're natural BS detectors as people.""Criminals are nothing if not adaptive.""They know what they're talking about.""Roblox is a billion dollar economy a year.""AI has taken scams to the next level.""How do you trust anything that you can really keep private?""Learn from those who have done extraordinary things."

In this episode, host Francis Gorman interviews James Lawler, a former CIA operations officer with 25 years of experience in espionage. James shares his journey into the CIA, the motivations behind espionage, and his role in dismantling the A.Q. Khan nuclear smuggling ring. He discusses current nuclear threats, the evolution of espionage in the digital age, and the importance of understanding the human element in insider threats. James also reflects on his transition from intelligence operations to becoming a published author, highlighting the storytelling aspect of his novels.TakeawaysJames Lawler's journey into the CIA began unexpectedly during law school.The role of a CIA operations officer involves manipulating individuals for espionage.Motivations for espionage often include personal grievances and financial needs.The A.Q. Khan nuclear smuggling ring was dismantled through strategic operations.Current nuclear threats are significant, particularly concerning Iran's potential capabilities.AI and social media have transformed the landscape of espionage and targeting.Understanding the human element is crucial in identifying insider threats.Compassion and support in organizations can prevent insider threats.Lawler's novels are inspired by his real-life experiences in espionage.Writing serves as a creative outlet for Lawler post-CIA career.Sound Bites"I enjoyed the hell out of it.""Revenge is absolutely one of the purest motivations for espionage.""AI makes targeting much easier.""I was looking for people going through divorce.""I can create books where I live vicariously through my characters.""I call that my psychological dividends.""It's a way to keep the neurons firing in the brain.""You're a great interviewer and a great host."

In this episode of the Entropy Podcast, host Francis Gorman speaks with Robin Dreeke, a former FBI special agent and expert in human behavior. They discuss the importance of trust in building relationships, the journey of Robin from the Marine Corps to the FBI, and the art of recruiting spies. The conversation also delves into the impact of technology on trust, strategies for fostering team cohesion, and the five principles of trust outlined in Robin's work. In this conversation, Robin Dreeke discusses the importance of kindness, generosity, and effective communication in building trust and unforgettable connections with others. He emphasizes the need to embrace challenges as opportunities for growth and the significance of understanding human behavior, especially in the context of trust and violence. Robin also addresses the current geopolitical climate and its impact on trustworthiness, providing insights on how to navigate these complexities in personal and professional relationships.TakeawaysTrust is the number one skill set in building alliances.The foundation of healthy relationships is trust.Recruiting spies is about understanding their challenges.Technology can erode trust if not used wisely.We thrive in deprivation mode, not in comfort.Teams need to understand the overarching 'why' to be effective.People need to be seen and heard in conversations.Seek the thoughts and opinions of others to foster collaboration.Ego suspension is crucial for healthy dialogue.Generosity in communication fosters better relationships. Start with kindness and generosity in interactions.Being generous with time can create meaningful connections.To be unforgettable, focus on how you make others feel.Embrace challenges as opportunities for growth.Trust can be rebuilt, but it requires effort and time.In a chaotic world, simplicity in relationships is key.Understanding the arc of behavior helps predict actions.People do not suddenly become violent; it's an escalation.Healthy relationships are free from drama and chaos.Open communication and transparency are essential for trust.Sound Bites"It all starts around that age.""I wanted to become an astronaut.""You really don't recruit a spy.""Start with kindness and generosity.""Be generous with your time.""Every day is a great gift.""It's all about the arc of behavior."

In this episode of the Entropy podcast, host Francis Gorman speaks with Richard Ford, CTO of Integrity 360, about the evolving landscape of cybersecurity. They discuss the growth journey of Integrity 360, the complexities of the cybersecurity channel, and the current threat landscape organizations face. Richard shares insights on the importance of cloud security, Zero Trust architecture, and the trend of consolidation in cybersecurity technologies. They also delve into the implications of AI in cybersecurity and Richard's personal journey with dyslexia, emphasizing the importance of understanding and leveraging unique perspectives in the tech industry.TakeawaysIntegrity 360 has grown significantly over the years, expanding its footprint in the cybersecurity market.The cybersecurity channel involves partnerships between vendors and service providers to deliver effective solutions.Organizations must prioritize cloud security to mitigate risks associated with misconfiguration and human error.Zero Trust architecture is becoming essential for protecting data and access in organizations.Consolidation in the cybersecurity market is a growing trend, impacting technology choices for organizations.XDR (Extended Detection Response) is evolving, with both closed and open models available for organizations.Generative AI poses risks to organizations, particularly regarding data security and privacy.Understanding the fundamentals of cybersecurity is crucial for professionals, especially in the age of AI.Dyslexia can be a superpower, allowing individuals to think differently and approach problems uniquely.Confidence and the willingness to push beyond comfort zones are key to success in cybersecurity.Sound Bites"It's been quite a long journey for myself.""Our role is to be a partner.""XDR is now very much where technology sits.""Consolidation of technologies is a growing trend.""Generative AI is like the new femme fatale.""Don't be afraid to do it in the first place.""Kids don't know how good they've got it."

In this episode of the Entropy podcast, host Francis Gorman speaks with Katie Colgan, an application security professional and advocate for women in tech, about the critical issue of online safety for children. They discuss the various threats children face in the digital world, the importance of parental involvement in cybersecurity, and the challenges of balancing screen time with real-life interactions. Katie shares insights on the potential dangers of child-focused devices and the implications of monitoring children's online activities. The conversation emphasizes the need for open communication between parents and children regarding technology use and the importance of setting boundaries to ensure a safe digital environment.TakeawaysParents should start discussing online safety as soon as children use technology.Supervision is crucial as children engage with tech at a young age.Understanding the apps children use is essential for parents.Monitoring devices can lead to trust issues between parents and children.Privacy concerns arise when third-party companies monitor children's data.Children's online interactions can expose them to risks from unknown users.Balancing screen time with real-life activities is important for children's development.Parents need to set boundaries around technology use for their children.The decision to step back from a career can be driven by family priorities.Empowering children with knowledge about tech is vital for their safety.Sound Bites"Kids are not built to live on their screens.""You don't know who works for that company.""We are there to help them become functional adults.""Tech is wonderful, but it brings problems.""It's a conversation about boundaries.""You're giving the world access to your child."

In this episode of the Entropy podcast, host Francis Gorman speaks with Jack Barsky, a former KGB sleeper agent who shares his extraordinary life story. From his recruitment by the KGB in East Germany to his eventual defection and life in America, Jack discusses the complexities of living a double life, the emotional challenges of his decisions, and his journey into corporate America. He emphasizes the importance of emotional intelligence, authenticity, and storytelling in both personal and professional realms, offering valuable insights for listeners.TakeawaysJack Barsky's journey from KGB sleeper agent to American citizen is extraordinary.He was initially recruited by the KGB due to his curiosity and intelligence.Barsky's decision to defect was driven by his love for his daughter.He emphasizes the importance of emotional intelligence in leadership.Authenticity is crucial in corporate environments, yet often lacking.Barsky's experience in crisis management shaped his corporate career.He believes in the power of storytelling to engage audiences.Public speaking can be learned through practice and resilience.Trusting one's instincts is vital in decision-making.Barsky's life illustrates the complexities of identity and belonging.Sound Bites"This is something of the movies, but you've lived it.""I was going to be a college professor.""I had to make a decision and it wasn't that easy.""I became fully Americanized.""I had a daughter living with me and her mother.""I told them I had contracted HIV AIDS.""Love conquers all.""Trust your gut and verify.""I was a breath of fresh air because I wasn't playing."

In this episode of the Entropy Podcast, host Francis Gorman speaks with Fadi Daood, Zero Trust Strategy Lead at Swift, about the evolving landscape of cybersecurity and the concept of Zero Trust. Fadi shares his journey into cybersecurity, emphasizing the importance of aligning security strategies with business needs and the misconceptions surrounding Zero Trust. The conversation delves into the role of change management, the necessity of embedding Zero Trust principles into organizational processes, and the impact of emerging technologies like generative AI on cybersecurity. During the conversation Francis also highlights the importance of human resilience and critical thinking in navigating the complexities of modern cyber threats.TakeawaysZero Trust is seen as an opportunity to do the right thing in cybersecurity.Aligning cybersecurity with business needs is crucial for effective strategy.Change management is essential for successful implementation of security measures.Technology is only a small part of the cybersecurity equation; people and processes are key.Zero Trust should be embedded in organizational processes for sustainability.Generative AI is changing the landscape of cyber threats and defenses.Understanding the 'why' behind security measures can foster better compliance.Common sense approaches are often overlooked in cybersecurity practices.Stakeholder engagement is vital for aligning security with business objectives.Human resilience and critical thinking are necessary to combat evolving cyber threats.Sound Bites"Zero Trust is an opportunity.""Never assume you know the business.""Our job is to protect the business.""Common sense is not so common.""Technology is just 20% of the job.""We need to show them the why.""We are not here to make your job difficult."

In this episode, Francis Gorman speaks with Michael Freeman, Head of Threat Intelligence at Armis, about his career path from working in U.S. intelligence and cryptography to co-founding the cybersecurity company CTCI. The discussion explores how Michaels approach to threat intelligence led to the early identification of significant vulnerabilities such as Log4j, sometimes months before they were publicly known.The episode covers:- Michaels background in crypto analysis and offensive security- His perspective on post-quantum cryptography and emerging risks- The founding and approach behind CTCI, including identifying active vulnerabilities before others in the industry- The challenge of false positives in commercial threat feeds- The importance of asset visibility and contextual vulnerability management- The role of AI in both enhancing cybersecurity operations and in aiding attackers- Michaels thoughts on modern election security, influence operations, and the broader geopolitical implications of technology- Risks of over-reliance on AI for critical thinking and decision-makingThe conversation emphasizes practical insights into how organizations can better understand and secure their environments in the face of rapidly evolving threats.

In this episode of the Entropy Podcast, host Francis Gorman speaks with Francesco Cipollone, founder and CEO of Phoenix Security. They discuss the evolution of application security, the challenges faced in the industry, and the innovative approaches taken by Phoenix Security to address these issues. Francesco shares insights on the importance of collaboration between security teams and engineers, the role of AI in enhancing security measures, and the necessity of prioritizing vulnerabilities in a rapidly changing digital landscape. The conversation also touches on the reality of cybersecurity solutions and the need for organizations to adapt to new threats and technologies.TakeawaysFrancesco Cipollone's journey to founding Phoenix Security.The friction between security teams and engineering during cloud transformations.The importance of gamifying security objectives at the business level.AI can augment human capabilities but cannot replace them in decision-making.Organizations must prioritize vulnerabilities effectively to keep pace with threats.The need for a comprehensive understanding of application security beyond just tools.The obsession with software bill of materials may distract from core security issues.Collaboration between security and engineering is crucial for effective vulnerability management.The rapid evolution of threats necessitates a proactive approach to security.Understanding the fundamentals of security is essential for effective risk management.Disclaimer: The views and opinions expressed in this podcast are solely those of the host and guests, based on personal experiences. They do not represent facts and are not intended to defame or harm any individual or business. Listeners are encouraged to form their own opinions.

In this episode, Francis Gorman interviews Mark Megarry, a PhD student specializing in 6G open radio access networks. They discuss Mark's journey into cybersecurity, the implications of 6G technology, and the security risks associated with open radio access networks. The conversation also covers the role of machine learning in future networks, the real-world consequences of insecure networks, and the importance of public speaking and community engagement in the cybersecurity field. Mark shares insights from his Capture the Flag competitions and emphasizes the need for resilience in network security.TakeawaysMark transitioned from electronics to cybersecurity through hands-on experience.Curiosity drives the field of cybersecurity and research.6G networks will focus on enabling new applications beyond just speed.Security risks in open radio access networks often stem from misconfigurations.Machine learning is becoming integral to the development of future networks.Insecure networks can lead to serious privacy breaches and data theft.Public speaking can be improved by sharing topics you are passionate about.Community engagement is crucial for personal and professional growth in cybersecurity.Capture the Flag competitions provide practical experience and learning opportunities.Quantum security is a significant concern for future network specifications.