The Entropy Podcast

Francis Gorman

Hosted by Francis Gorman, The Entropy Podcast brings together intelligence community veterans, post-quantum cryptography pioneers, CISOs, business leaders, and frontline practitioners for unfiltered conversations on the threats, complexity, and geopolitics shaping our world. Past guests include former senior CIA officers, leading cryptographers, digital forensics experts, and security and technology leaders from across financial services, critical infrastructure, and government, voices rarely heard together in one place. Each episode goes beyond headlines to explore how cyber risk, emerging technology, and geopolitical instability are reshaping the way organisations operate, compete, and defend themselves. Expect candid insight on quantum risk, nation-state threats, AI, espionage, financial crime, business resilience, and the human dimensions of leadership. Designed for CISOs, board members, founders, technologists, policy thinkers, and the professionally curious, Entropy sits at the intersection of business, technology, and cybersecurity a space for genuine conversations with unique minds, the kind that don’t fit neatly into a press release. The name Entropy reflects the growing complexity and unpredictability of the systems we depend on, and the discipline required to lead through them. Disclaimer: The views and opinions expressed on The Entropy Podcast are those of the host and guests in their personal capacity and do not represent the views, positions, or policies of their respective employers, affiliated organisations, or any government body. Guest appearances do not constitute endorsement by the host, and the host’s commentary does not constitute endorsement of guests’ views. Content is provided for informational and educational purposes only and does not constitute professional, legal, financial, or security advice. Buy Our Swag: We now have some slick new swag you can purchase through our Esty store. https://theentropypodcast.etsy.com   Watch and Subscribe You can also watch full episodes and exclusive content on our YouTube channel:www.youtube.com/@TheEntropyPodcast Achievements The Entropy Podcast delivered strong chart performance throughout 2025, demonstrating consistent international reach and listener engagement. Regularly ranked within the Top 20 Technology podcasts in Ireland.Achieved a Top 25 placement in the United States Technology charts, holding the position for one week.Charted internationally across multiple markets, including Israel, Belgium, and the United Kingdom. This performance reflects sustained global interest and growing recognition across key podcast markets. Audio Quality Notice Some episodes may feature minor variations in audio quality due to remote recording environments and external factors. We continuously strive to deliver the highest possible audio standards and appreciate your understanding.

  1. The Comfortable Lies of Cybersecurity with Adam McElroy

    4d ago

    The Comfortable Lies of Cybersecurity with Adam McElroy

    In this episode of The Entropy Podcast, Francis Gorman speaks with Adam McElroy, CTO at Eclypses, about cybersecurity, storytelling, AI, post-quantum readiness, and the evolving role of security leadership. Adam argues that modern cyber leaders must move beyond technical reporting and learn to communicate risk in ways boards and executives can act on. The conversation explores why security decisions in large enterprises take time, how AI is accelerating existing technical debt and governance gaps, and why quantum risk is no longer something organizations can comfortably defer. Adam frames post-quantum readiness as a generational risk comparable to Y2K: manageable if organizations plan early, potentially damaging if they procrastinate. A central theme is that cybersecurity is no longer just a technology problem. It is a business resilience issue involving boards, executives, architects, regulators, CISOs, CIOs, CTOs, and risk leaders. Adam also challenges the industry’s reliance on perimeter defence, arguing that organizations need to think more seriously about making data unusable if it is exfiltrated.  Key Takeaways Storytelling is now a core cybersecurity leadership skill.Cybersecurity is business, not a separate technology function.AI has exposed existing technical debt faster than expected.Zero Trust is still valid, but there is no silver bullet. Organizations should assume breach and protect the data itself.“Harvest now, decrypt later” is a present-day risk.Quantum procrastination is becoming indefensible.The CISO cannot carry cyber risk alone. AI adoption needs policy, education, and discipline.  Soundbytes "There is no such thing as business and technology. It’s all business at the end of the day." “AI wasn’t built to be secure, it was built to be amazing.”  “The CISO cannot protect the organization by themselves.”   “The dashboard will never be green in my world.”

    32 min
  2. Quantum Readiness: The Risk No One Owns with Louise Davey

    May 19

    Quantum Readiness: The Risk No One Owns with Louise Davey

    In this episode of Entropy, Francis Gorman speaks with Louise Davey, executive leader, transformation architect, and author of Quantum How, about why quantum readiness has to move beyond the technology function and into the boardroom. Louise argues that post-quantum cryptography is no longer just a cryptography, standards, or cybersecurity discussion. It is an enterprise governance and transformation challenge that affects digital trust, operational resilience, fiduciary duty, regulatory exposure, insurance, systemic financial risk, and long-term business viability. The conversation explores why boards and executive leaders often struggle to act on quantum risk, not because the threat is unclear, but because it is poorly communicated. Louise explains how quantum risk breaks traditional risk models: it is time-shifted, has unclear ownership, spans the entire digital infrastructure layer, and reaches far beyond any single technology team. The episode also covers the real-world consequences of unreadiness, from harvest-now-decrypt-later exposure to operational technology, financial services, elevators, pacemakers, insurance risk, liquidity impact, and corporate survival. But the conversation is not only about risk. Louise also makes the case that quantum readiness can be used as a once-in-a-generation transformation opportunity to reduce technical debt, strengthen governance, improve enterprise intelligence, and create lasting organisational value. Takeaways: 1. Quantum readiness is now a boardroom issue. Louise makes the case that post-quantum security has moved beyond the technical layer. It now belongs in enterprise governance, risk management, transformation strategy, and board oversight. 2. The communication gap is one of the biggest blockers. The people who understand the quantum threat are often technologists, while the people who control funding, risk appetite, and enterprise priorities are boards and executives. The challenge is translating the issue into language decision-makers can act on. 3. Traditional risk models do not handle quantum risk well. Quantum risk does not fit neatly into standard operational risk taxonomies. It is time-shifted, systemic, infrastructure-level, and difficult to assign to a single owner. 4. Digital trust may be the real asset at risk. The episode repeatedly comes back to trust. Cryptography underpins authentication, authorisation, privacy, financial transactions, customer confidence, and the resilience of modern digital business. 5. Harvest-now-decrypt-later is already a live issue. Louise stresses that quantum risk is not purely future-facing. Sensitive data may already be exposed if adversaries are collecting encrypted information today to decrypt later. 6. Boards need to understand their fiduciary exposure. If boards are made aware of the scale of the risk and still fail to act, the issue becomes one of governance failure and fiduciary responsibility. 7. This is bigger than IT and cybersecurity. Quantum risk affects financial services, insurance, operational technology, manufacturing, logistics, public safety, and the physical systems connected to digital infrastructure. and many more.... SoundBytes: “The people who understand the problem often are not the people who own the decision.” “Quantum risk challenges the way organisations think about ownership, accountability, and authority.” “Digital trust does not belong to one function. It belongs to the organisation as a whole.” “The board is the only place high enough to own a risk of this scale.” “This is not just about avoiding risk. Done properly, quantum readiness can create long-term enterprise value.”

    42 min
  3. Smarter Cyber Strategy with Leonard McAuliffe

    May 11

    Smarter Cyber Strategy with Leonard McAuliffe

    This episode focuses on what real cyber strategy looks like versus the outdated “framework + gap analysis” approach. Leonard McAuliffe PWC explains that most organizations confuse activity with strategy focusing on compliance, maturity scores, and annual plans instead of aligning cybersecurity to actual business risk. The conversation reframes cyber strategy as a business-aligned, risk-driven, continuously evolving discipline. It emphasizes understanding stakeholder priorities, mapping real threats to controls, and treating strategy as a living system that adapts to AI, geopolitics, and changing attack surfaces. Takeaways: 1. Most “Cyber Strategies” Aren’t Strategies  They’re annual roadmaps or compliance exercises  Built around frameworks (NIST, ISO) instead of business risk  Improve maturity—but don’t necessarily reduce real risk 2. Strategy Must Start With the Business  Engage CEO, CFO, CIO, CRO—not just security teams  Understand risk appetite and critical processes  Align to IT, digital, and AI strategies 3. Focus on Risk → Threats → Controls (Not Maturity Scores)  Define key cyber risks (e.g., business disruption)  Map threat scenarios (e.g., ransomware via phishing)  Link to controls and measure effectiveness 4. Strategy is a Living System  Must evolve with:  AI  Threat intelligence  Regulatory changes  Business shifts 5. Prioritization = Risk + Cost Trade-Off  You can’t do everything  Decisions must be explicit:  What risk are we accepting?  What exposure remains? 6. Regulation Shouldn’t Drive Strategy  Constantly reacting to new regs derails focus  Instead:  Build a strong master control framework  Map regulations onto it Soundbites:   “Most cyber strategies look good on paper but don’t manage real risk.”  “You’re improving maturity, not reducing risk.”  “Cyber can’t operate in a bubble it has to enable the business.”  “If you don’t fund it, you’re accepting the risk. It’s that simple.”  “Boards don’t care about maturity levels they care about real threats.”

    40 min
  4. How to Recruit a President with Glenn Carle

    May 4

    How to Recruit a President with Glenn Carle

    In this episode of The Entropy Podcast, Glenn Carle a former CIA clandestine officer with over two decades of experience breaks down how intelligence agencies think, operate, and influence outcomes over the long term. Drawing on real-world tradecraft, Glenn explains how vulnerabilities are identified, how influence is cultivated, and how narratives are seeded and amplified over time. The conversation explores the growing tension between intelligence institutions and political power, the risks facing democratic systems, and how modern geopolitics is increasingly shaped by information warfare and perception management. The discussion also ventures into controversial territory examining the possibility of long-term influence operations at the highest levels of power while highlighting the difference between evidence, interpretation, and hypothesis. This is a conversation about how power actually works beneath the surface and what happens when institutions designed to protect truth are put under pressure. Takeaways: Intelligence is about patterns, not eventsInfluence is often long-term and indirectVulnerability ≠ controlInstitutions are under pressureInformation warfare shapes realityThe line between analysis and speculation mattersSoundBytes: “In intelligence, there are no coincidences only patterns you haven’t understood yet.” “You don’t recruit someone in a moment you shape them over time.” “Every strength can become a vulnerability in the right context.” “If telling the truth costs you your job, the system stops working.” “You don’t need the truth you need enough repetition to make something feel true.” “The most effective operations are the ones no one notices—until it’s too late.” “Understanding how something could happen is not the same as proving that it did.” This conversation explores complex and often controversial geopolitical themes from the perspective of a former intelligence officer. Some views expressed particularly around long-term intelligence operations and political influence reflect interpretation and professional judgement rather than independently verified public conclusions. Listeners are encouraged to engage critically and consult additional sources where appropriate.

    50 min
  5. One Click to Collapse: The SME Risk with Robert Maxwell

    Apr 27

    One Click to Collapse: The SME Risk with Robert Maxwell

    In this episode of the Entropy Podcast, Robert Maxwell (CEO of TGT Solutions) reframes cybersecurity from a technical concern into a core business risk especially for small and medium-sized enterprises (SMEs). He argues that cyber threats are fundamentally about cash, trust, and continuity, not just systems. A single compromised credential or phishing attack can dismantle years of work in minutes, particularly in SMEs where operations often depend on one person, one account, or one set of credentials.  Maxwell introduces a key mindset shift: cybersecurity is an investment, not an expense. Like building a portfolio, incremental and consistent investment in cyber resilience pays dividends protecting revenue, relationships, and long-term business viability.  The conversation also explores human vulnerability as the dominant attack vector, the risks introduced by AI adoption, and why attackers prioritize ease over sophistication. Ultimately, the episode highlights a stark reality: it’s no longer “if” a business is attacked, but “when” and how prepared it is when that moment comes. Key Takeaways: 1. Cyber is now a business problem, not an IT problem It directly impacts cashflow, supplier relationships, and customer trust—not just systems. 2. SMEs are disproportionately vulnerable Reliance on single accounts, single individuals, and weak password practices creates critical single points of failure. 3. Attackers prioritize ease, not scale or sophistication The simplest entry point—often human—is the most exploited. 4. “Too small to hack” is a dangerous myth Smaller firms are often easier targets and valuable entry points into supply chains. 5. Cybersecurity must be treated as an investment Incremental improvements (policies, training, redundancy) generate long-term “dividends” in resilience. 6. Human behavior is the biggest risk surface Phishing, credential reuse, and lack of policy enforcement remain dominant vulnerabilities. 7. AI is amplifying exposure Organizations are unintentionally leaking sensitive data through unmanaged AI usage. 8. External validation is critical Internal reviews often miss risks—independent assessments reveal blind spots. 9. Banks and institutions are shifting liability Poor cyber hygiene increasingly results in unrecoverable financial loss. 10. Timing matters Fixing issues after a breach is exponentially more expensive than proactive investment. Soundbites:  “Cyber isn’t a technical issue anymore—it’s about cash.”  “You can lose trust, cash, and credibility in under a minute.”  “It’s not ‘if’ you get attacked—it’s ‘when’ and ‘how much they take.’”  “One person, one password, one account—that’s all it takes.”  “Attackers don’t look for the biggest target—they look for the easiest one.”  “We were too busy… until we got hacked.”  “Cybersecurity isn’t an expense. It’s an investment that pays dividends.”  “The password they stole six months ago? It still works—that’s the problem.”  “AI is making companies more vulnerable—and they don’t even realize it.”  “You’re building a business for generations—cyber can erase it in minutes.”You can learn more about TGT solutions from their website: https://www.tgtsolutions.com/

    32 min
  6. You Can’t Delete This: Inside Digital Forensics with Jason Jordaan

    Apr 21

    You Can’t Delete This: Inside Digital Forensics with Jason Jordaan

    In this episode of The Entropy Podcast, host Francis Gorman speaks with Jason Jordan about the reality of digital forensics, cybercrime investigations, and the evolving role of AI in evidence and incident response.  Jason shares his journey from police detective to global forensic expert, unpacking how modern investigations work from reconstructing deleted data to testifying in court. The conversation dives into why AI can’t be blindly trusted in legal contexts, how digital footprints are nearly impossible to erase, and the psychological toll of confronting the worst of human behavior in cybercrime. Key Takeaways Digital forensics is still built on fundamentals Despite AI and automation, everything comes back to understanding data structures at a low level. AI is powerful but dangerous in legal settings If you can’t explain how an output was produced, it won’t stand up in court. You can’t truly hide in the digital world Like physical forensics, digital interactions always leave trace evidence. Incident response ≠ forensic investigation One stops the attack; the other explains how and why it happened. Human error is often the weakest link Many breaches aren’t technical failures they’re failures in monitoring or behavior. Bias is controlled through process, not perfection Documentation, peer review, and validation are critical to staying objective. Cybercrime is increasingly sophisticated and organized Attacks now involve long-term planning, insider access, and complex technical setups. The job comes with real psychological cost Exposure to extreme content and consequences requires resilience and support systems. Passion and curiosity are essential This field isn’t just technical—it’s investigative, relentless, and deeply demanding. Soundbites  “In forensics, if you can’t explain it—you can’t use it.”  “AI can’t testify in court. A human has to.”  “You don’t stop being a forensic scientist—it’s who you are.”  “Every interaction leaves a trace—digital or physical.”  “We don’t just catch bad guys—we make sure it’s the right one.”  “Pull the plug or preserve evidence? That’s the real-world trade-off.”  “Cybercrime today is organized, patient, and highly engineered.”  “You only get to make one big mistake in this field.”  “If you love puzzles, this is the ultimate career.”

    46 min
  7. The Identity Trap with Shelly Bernard

    Apr 14

    The Identity Trap with Shelly Bernard

    In this episode of The Entropy Podcast, host Francis Gorman speaks with Shelly Bernard about how identity, cognitive wiring, and environment shape high performers particularly those transitioning from elite military and intelligence careers.  They explore why many struggle after leaving high-performance environments, how ego and identity can limit growth, and why emotional intelligence is becoming a critical advantage in modern domains like cybersecurity and cognitive warfare. The conversation ultimately reframes performance as a matter of alignment between how you think and where you operate. Key Takeaways Identity is often borrowed from environmentHigh performance = alignmentEgo limits adaptabilityDifferent brains, different strengthsEmotional intelligence is undervalued but criticalEnvironment shapes behavior over timeCognitive warfare is reshaping conflict Unmet needs drive unintended behavior  Soundbites  “High performance isn’t just skill it’s alignment.”  “Ego protects identity, but it blocks growth.”  “Emotion isn’t a liability it’s a strategic tool.”  “The battlefield is shifting from physical to cognitive.”  “People don’t struggle because they’re incapable they’re misaligned.”  “If your environment doesn’t fit your wiring, something will break.”  “Always ask: why?” Follow The Other Side Podcast: YouTube: https://youtu.be/wUDFU0EPt-g?si=b1dslirwAY6b4XMX Spotify: https://open.spotify.com/show/4YJpBVrhDmvUnYCviliFG3?si=d3fWtscXTEytPa2Ge4myCA

    36 min
  8. Reframing Quantum Risk at the Board Level With Debbie Taylor Moore

    Apr 7

    Reframing Quantum Risk at the Board Level With Debbie Taylor Moore

    In this episode, Debbie Taylor Moore breaks through the noise around quantum security and reframes it for what it really is: a business risk, not a technical curiosity. Drawing on decades of experience across cybersecurity, AI, and national security, she explains why most organisations are approaching quantum readiness the wrong way by overcomplicating the problem, overhyping the threat, and underestimating the organisational challenge. Instead of fear-driven messaging, Debbie advocates for clarity, prioritisation, and leadership accountability. From boardroom conversations to enterprise-wide execution, she lays out what actually matters: understanding your systems, focusing on real risk, and treating quantum as a multi-year modernization effort. The conversation also expands beyond quantum, exploring how AI, geopolitics, and evolving cyber threats are reshaping enterprise security and why traditional approaches are no longer sufficient. This is not a conversation about the future. It’s about what leaders should already be doing now.  Key Takeaways Quantum is a risk management issue, not a technical deep dive Boards don’t need to understand quantum mechanics they need to understand business impact. Stop treating it like a fire drill This is a long-term modernization effort, not a last-minute emergency. Prioritisation beats perfection Focus on your most critical systems first not a massive, overwhelming inventory. It’s a cross-functional problem Security, DevOps, legal, procurement, and leadership all play a role. Fear-based messaging is counterproductive Clear, actionable risk framing is far more effective than hype. Discovery alone is not progress Many organisations are stuck mapping the problem instead of solving it. The real gap is organisational, not technological Talent, alignment, and execution are the hardest parts. Soundbytes:  “Quantum readiness isn’t just-in-time. It’s just-be-ready.”  “Boards don’t need to be quantum experts — they need to understand risk.”  “This isn’t an IT problem. It’s enterprise risk management.”  “Don’t scare people. Give them the next actionable step.”  “Most organisations have fewer than five people who truly understand this space.”  “Discovery without action just creates a bigger problem.”  “If you treat this like a fire drill, you’ve already misunderstood it.”  “The cost of doing nothing is time — and time is the one thing you don’t get back.”

    43 min
See All (58)

About

Hosted by Francis Gorman, The Entropy Podcast brings together intelligence community veterans, post-quantum cryptography pioneers, CISOs, business leaders, and frontline practitioners for unfiltered conversations on the threats, complexity, and geopolitics shaping our world. Past guests include former senior CIA officers, leading cryptographers, digital forensics experts, and security and technology leaders from across financial services, critical infrastructure, and government, voices rarely heard together in one place. Each episode goes beyond headlines to explore how cyber risk, emerging technology, and geopolitical instability are reshaping the way organisations operate, compete, and defend themselves. Expect candid insight on quantum risk, nation-state threats, AI, espionage, financial crime, business resilience, and the human dimensions of leadership. Designed for CISOs, board members, founders, technologists, policy thinkers, and the professionally curious, Entropy sits at the intersection of business, technology, and cybersecurity a space for genuine conversations with unique minds, the kind that don’t fit neatly into a press release. The name Entropy reflects the growing complexity and unpredictability of the systems we depend on, and the discipline required to lead through them. Disclaimer: The views and opinions expressed on The Entropy Podcast are those of the host and guests in their personal capacity and do not represent the views, positions, or policies of their respective employers, affiliated organisations, or any government body. Guest appearances do not constitute endorsement by the host, and the host’s commentary does not constitute endorsement of guests’ views. Content is provided for informational and educational purposes only and does not constitute professional, legal, financial, or security advice. Buy Our Swag: We now have some slick new swag you can purchase through our Esty store. https://theentropypodcast.etsy.com   Watch and Subscribe You can also watch full episodes and exclusive content on our YouTube channel:www.youtube.com/@TheEntropyPodcast Achievements The Entropy Podcast delivered strong chart performance throughout 2025, demonstrating consistent international reach and listener engagement. Regularly ranked within the Top 20 Technology podcasts in Ireland.Achieved a Top 25 placement in the United States Technology charts, holding the position for one week.Charted internationally across multiple markets, including Israel, Belgium, and the United Kingdom. This performance reflects sustained global interest and growing recognition across key podcast markets. Audio Quality Notice Some episodes may feature minor variations in audio quality due to remote recording environments and external factors. We continuously strive to deliver the highest possible audio standards and appreciate your understanding.

Information

  • Creator
    Francis Gorman
  • Years Active
    2025 - 2026
  • Episodes
    58
  • Rating
    Explicit
  • Copyright
    © 2026 Francis Gorman
  • Show Website
    The Entropy Podcast

You Might Also Like