The Risk Apogee

The market rewards speed over security, and most executive teams are making resource decisions accordingly, but that trade-off becomes existential when adversaries are stockpiling encrypted data and quantum computing is approaching viability.Kathryn Wang is the Principal Public Sector Lead at SandboxAQ, CEO of CTRL+Alt+Defeat,io, and a board advisor whose career spans cybersecurity partnerships, defense technology, and national security. In this conversation, she and MK Palmore work through why AI's biggest enterprise impact so far has been workforce reduction rather than workforce amplification, how counterfeit and trojanized hardware exposes the limits of compliance frameworks like the software bill of materials, and why post-quantum cryptography should be treated as an urgent priority rather than a future concern.Kathryn shares her framework for cutting through the noise: identify your existential threat, lock down your crown jewels, and stop distributing limited security resources across a perimeter you cannot fully defend.Things You Will Learn:Why identifying and securing your organization's crown jewels is the highest-leverage move when you're outgunned and under-resourced.How the gap between compliance requirements and actual security effectiveness is widening, and why compliance theater remains a structural problem even at the federal level.What post-quantum cryptography means for enterprise data protection and why the "harvest now, decrypt later" threat model demands action today.Tools & Frameworks Covered:Crown Jewel Prioritization: Identify what will shut the company down, determine what adversaries actually want, and concentrate protection there rather than spreading resources across the full perimeter.Measured Optimism on AI Adoption: A decision lens for evaluating AI use: what is the job to be done, how does the tool help, and what are the ways you can injure yourself with it — versus treating AI as a hammer and looking for glass to break.Post-Quantum Cryptography Readiness: The strategic imperative to ensure crown jewel data cannot be ransomed or decrypted when quantum computing reaches viability, given that adversaries are already harvesting encrypted data for future decryption.#EnterpriseRisk #PostQuantumCryptography #AIAdoption #CriticalInfrastructure #RiskApogee🎙️ Thanks for tuning in to The Risk Apogee Podcast!If you enjoyed this episode, don’t forget to follow/subscribe so you never miss an inspiring conversation.✨ Connect with Apogee Global RMS for more leadership insights:LinkedIn: https://www.linkedin.com/in/mkpalmore/Instagram: https://www.instagram.com/apogee_rms/X/Twitter: https://x.com/apogee_rms💼 This episode is brought to you by Apogee Global RMS – experts in risk management solutions. Check out their website to learn more about how they can support your business.Let’s keep growing and leading boldly. Until next time!

State governments are under pressure to adopt AI, strengthen cyber resilience, and build workforce pipelines, all at the same time, and without leaving communities behind. In this conversation recorded live at the RSAC Conference in San Francisco, MK Palmore sits down with Maryland Lieutenant Governor Aruna Miller, Secretary of Labor Portia Wu, and Secretary of Commerce Harry Coker.They discuss why Maryland has made cybersecurity, AI, and computational health lighthouse priorities under Governor Moore's administration, how the state is standing up AI subcabinets and cyber clinics to close the gap between graduating talent and evolving entry-level roles, and why cyber resilience now means operating through compromise rather than preventing it entirely.Things You Will Learn:Why cyber resilience requires organizations to plan for operating through compromise and how state-level leaders are reframing that conversation.How Maryland is using cyber and AI clinics, train-the-trainer models, and cross-institutional mandates to rebuild the entry-level cybersecurity talent pipeline as AI reshapes junior roles.Why bringing the workforce into AI adoption decisions before deployment is both an equity imperative and a practical requirement for successful technology implementation.Tools & Frameworks Covered:Lighthouse Sector Strategy: Maryland's approach to focusing state investment and ecosystem-building around specific sectors, including cybersecurity, AI, life sciences, quantum, and aerospace, creating intentional corridors for startup growth and talent development.Cyber Resilience as Operational Continuity: Secretary Coker's framing that the adversary is already inside the house, and that resilience means continuing to operate through compromise rather than treating prevention as the sole objective.Regional Cyber and AI Clinics: A state-funded model requiring cross-institutional collaboration to give current students and new graduates hands-on cybersecurity and AI experience, addressing the gap created by AI's displacement of traditional entry-level SOC and compliance roles.#CyberResilience #AIGovernance #CyberWorkforce #EquityInTech #RiskApogee🎙️ Thanks for tuning in to The Risk Apogee Podcast!If you enjoyed this episode, don’t forget to follow/subscribe so you never miss an inspiring conversation.✨ Connect with Apogee Global RMS for more leadership insights:LinkedIn: https://www.linkedin.com/in/mkpalmore/Instagram: https://www.instagram.com/apogee_rms/X/Twitter: https://x.com/apogee_rms💼 This episode is brought to you by Apogee Global RMS – experts in risk management solutions. Check out their website to learn more about how they can support your business.Let’s keep growing and leading boldly. Until next time!

The CISO role is caught between rising personal liability, tactical overload, and a business landscape that still treats security as a technology function rather than an enterprise risk discipline. Aaron Wurthmann is a fractional security leader with nearly 30 years of experience spanning IT operations, DevOps, and security leadership across Silicon Valley startups and maturing organizations.In this episode of The Risk Apogee Podcast, Aaron joins host M. K. Palmore to work through the tension between chasing titles and finding the right role, why early-stage companies consistently delay security investment until external forces demand it, and how agentic AI is creating an observability crisis most security teams haven't even begun to address.Aaron shares how he evaluates talent, why he believes the CISO title should evolve toward a Chief Information Risk Officer model, and what it actually looks like when security leaders align risk registers to budget realities. Things You Will Learn:Why aligning your risk register to your actual budget is the single most revealing test of whether an organization is serious about security.How to evaluate when a practitioner is ready for the next level of leadership and why giving titles prematurely does more harm than good.What agentic AI and bot-driven tool adoption mean for enterprise observability, and why most security teams are already behind.Tools & Frameworks Covered:People, Process, Things: Aaron's prioritization hierarchy for building security programs: get people bought into the mission first, then establish process, then select technology. Reversal of this order is where most programs break.Risk-to-Budget Alignment: The practice of holding organizations accountable by comparing stated security ambitions against actual budget allocation and risk register priorities.Least Privilege as an AI Governance Principle: Applying the decades-old principle of least privilege to agentic AI and bot permissions, using the HAL 9000 example as a reference point for over-permissioned autonomous systems.#CISO #SecurityLeadership #EnterpriseRisk #CyberSecurity #RiskApogee🎙️ Thanks for tuning in to The Risk Apogee Podcast!If you enjoyed this episode, don’t forget to follow/subscribe so you never miss an inspiring conversation.✨ Connect with Apogee Global RMS for more leadership insights:LinkedIn: https://www.linkedin.com/in/mkpalmore/Instagram: https://www.instagram.com/apogee_rms/X/Twitter: https://x.com/apogee_rms💼 This episode is brought to you by Apogee Global RMS – experts in risk management solutions. Check out their website to learn more about how they can support your business.Let’s keep growing and leading boldly. Until next time!

Most enterprise security spending goes toward bolting defensive tools onto software that was never built to be safe in the first place, and board conversations rarely question whether that's the right fight. Bob Lord has spent his career at the center of that question, serving as the first security hire at Twitter, Chief Information Security Officer at Yahoo, CISO at the Democratic National Committee after the 2016 hacks, and, most recently, helping launch the Secure by Design initiative at CISA.In this episode of The Risk Apogee Podcast with M.K. Palmore, Bob argues that the industry's language itself has allowed vendors to offload risk onto customers, while the C-suite continues to approve budgets for tools that treat symptoms. He walks through what other regulated sectors did to dramatically reduce harm, why AI is a chance to finally apply lessons the industry has ignored for thirty years, and how leaders can use AI to do things humans never could like continuous threat modeling and prioritizing the scariest fraction of a code base.Things You Will Learn:Why reframing "cybersecurity" as "software safety" changes how executives allocate budget and evaluate vendor accountability.How to apply lessons from aviation, automotive, and medical safety regulation to the way enterprises buy and deploy software.How AI can shift risk management from periodic threat modeling to continuous prioritization of the most dangerous parts of a code base.Tools & Frameworks Covered:The Four V's: Bob's framework for reframing the security narrative: shift focus from Villains (the attackers we celebrate) and Victims (the organizations we shame) toward Vendors (who ship unsafe software) and Visionaries (who have been telling us how to fix it for decades).Secure by Design: The principle that the burden of staying safe should shift from software operators back to software manufacturers, modeled on regulated transformations in automotive, aviation, and medical safety.Continuous Threat Modeling with AI: Using AI agents to compare every code change against the threat model continuously, rather than treating threat modeling as a one-time design-phase exercise.The Security Vitamin: A proposed 15-minute weekly concept delivery model for building executive mental models around security risk over time, rather than attempting one-shot training sessions.#SoftwareSafety #SecureByDesign #CISO #EnterpriseRisk #RiskApogee🎙️ Thanks for tuning in to The Risk Apogee Podcast!If you enjoyed this episode, don’t forget to follow/subscribe so you never miss an inspiring conversation.✨ Connect with Apogee Global RMS for more leadership insights:LinkedIn: https://www.linkedin.com/in/mkpalmore/Instagram: https://www.instagram.com/apogee_rms/X/Twitter: https://x.com/apogee_rms💼 This episode is brought to you by Apogee Global RMS – experts in risk management solutions. Check out their website to learn more about how they can support your business.Let’s keep growing and leading boldly. Until next time!