The Brief on Cybersecurity, Compliance, Risk, AI

Charles Denyer

The Brief with Charles Denyer is your guide to cybersecurity, AI, compliance, risk, and data privacy. Each week, Charles brings sharp insights and practical strategies to help you reduce risk, cut costs, and protect what matters most. From regulatory chaos to AI uncertainty, Charles breaks down the issues leaders face today — with real answers and real solutions. Listen on Apple, Spotify & more. Learn more: charlesdenyer.com Contact: info@charlesdenyer.com

  1. Jun 4

    CMMC Section 3: The CUI Processing & Transformation Workbook — What Happens to CUI AFTER It Enters Your Environment | EP 28

    In this episode of The Brief, Charles Denyer continues his 8-part CMMC series with Step 3: CUI Processing and Transformation — what actually happens to Controlled Unclassified Information after it enters your environment, and why this is where risk concentrates and assessors probe hardest. Building on the ingestion framework established in Episode 27, Charles explains that CUI rarely stays static after arrival. It gets viewed, edited, analyzed, exported, annotated, and transformed through the normal course of engineering, proposals, testing, and program execution — and every one of those activities creates artifacts. Drafts, working files, autosave copies, intermediate outputs, cached downloads, and derivative reports are where CUI quietly spreads, where scope silently expands, and where compliance programs that looked solid on paper begin to break down under real assessment conditions. He walks through a structured, workbook-driven methodology covering three matrices and two supporting logs designed to make CUI processing visible, mapped, and defensible The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at charlesdenyer.com | Instagram: @denyer.charles | Facebook: @charles.denyer Questions/Topics/Advertising: info@charlesdenyer.com Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

    14 min
  2. Apr 6

    CMMC Section 1: The CUI Definition Workbook — A Detailed Analysis for Defense Contractors | EP 26

    In this episode of The Brief, Charles Denyer shifts from foundational concepts to real-world execution by breaking down the most critical step in any CMMC program: defining and identifying Controlled Unclassified Information (CUI) with precision and authority. Drawing directly from his CUI Definition Workbook, Charles walks through a structured, contract-driven methodology for determining what actually qualifies as CUI within your environment—and just as importantly, why. This is not a theoretical discussion. It is a step-by-step operational approach that forces organizations to move beyond assumptions and establish traceability between contract requirements, CUI categories, and the actual data flowing through their systems. He explains how CUI enters and is created within an organization, how derivative data expands risk, and why failing to properly define CUI leads to uncontrolled scope, misaligned controls, and failed assessments. The episode also highlights the importance of documenting what is not CUI, preventing scope creep that can significantly increase compliance cost and complexity. If your CUI cannot be mapped, categorized, and defended with evidence, then your compliance program is already unstable. This episode establishes the foundation required to build a truly controlled, defensible, and audit-ready CMMC environment. The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at: • charlesdenyer.com • Instagram: @denyer.charles • Facebook: @charles.denyer Questions/Topics/Advertising: Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

    16 min
  3. Apr 3

    Understanding the Relationship Between Controlled Unclassified Information (CUI) and CMMC for DoD Contractors | EP 25

    In this episode of The Brief, Charles Denyer takes a deep dive into one of the most critical—and most consistently misunderstood—foundations of CMMC compliance: the relationship between Controlled Unclassified Information (CUI) and your true audit scope. Most defense contractors believe they understand where their CUI resides and how it’s controlled. But when that assumption is tested under real assessment conditions, it almost always breaks down. What appears to be progress on paper often reveals gaps in definition, visibility, and control that expand risk in ways organizations don’t fully recognize. In this episode, Charles introduces the first two steps of his structured 8-step framework for building a defensible CMMC program: precisely defining CUI and controlling how it enters your environment. He explains why scope is not defined by policy or intent—but by where CUI actually exists—and how uncontrolled data flows silently and continuously expand that scope. This is not theoretical compliance. This is operational reality. If you cannot clearly define CUI, trace it, and prove how it is controlled, then you are not prepared for a CMMC assessment—you are exposed. This episode sets the foundation for everything that follows. The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at: • charlesdenyer.com • Instagram: @denyer.charles • Facebook: @charles.denyer Questions/Topics/Advertising: Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

    10 min
  4. Mar 31

    Controlled Unclassified Information (CUI): What It Is and Why It Matters for DoD Compliance for Contractors | EP 24

    In this episode of The Brief, Charles Denyer breaks down Controlled Unclassified Information (CUI)—one of the most critical and misunderstood requirements facing today’s defense contractors. Using real-world examples from machining firms, aerospace suppliers, and IT service providers, Denyer explains how CUI actually shows up in everyday operations and why many organizations are handling it without realizing the compliance obligations it triggers. He walks through how CUI flows across the defense supply chain, why it activates requirements under NIST 800-171 and CMMC, and how seemingly small operational decisions—like sharing files or granting access—can create serious risk. This episode makes it clear that CUI is not just a labeling requirement, but a fundamental shift in accountability. For organizations working with the Department of Defense, understanding where CUI exists and proving it is protected is no longer optional—it is essential to maintaining contracts, passing audits, and staying competitive. The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at: • charlesdenyer.com • Instagram: @denyer.charles • Facebook: @charles.denyer Questions/Topics/Advertising: Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

    10 min
  5. Mar 27

    Beyond the Binder: How to Keep Your Information Security Policies and Procedures Relevant and Real | EP 23

    In this episode of The Brief, Charles Denyer explores why most information security policies fail—not because organizations lack documentation, but because that documentation becomes static, outdated, and disconnected from reality. What starts as a structured, well-intentioned effort—complete with approved policies across access control, incident response, and vendor risk—often fades into irrelevance when it’s not actively maintained. Denyer explains how rapid shifts in technology, from cloud adoption to AI integration, outpace traditional governance models, creating hidden gaps and “risk debt.” He emphasizes that policies alone don’t protect organizations—people do, and only when those policies are clear, actionable, and embedded into daily operations. Through a practical “living policy” framework, he outlines how organizations can create accountability, integrate policies into workflows, and continuously refine them through real-world feedback. The core message: security is not a one-time exercise—it’s a dynamic, ongoing discipline.. The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at: • charlesdenyer.com • Instagram: @denyer.charles • Facebook: @charles.denyer Questions/Topics/Advertising: Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

    16 min
  6. 11/10/2025

    Information Security Policies vs. Procedures: The Missing Link in Real Security and Compliance | EP 22

    In episode 22 of The Brief with Charles Denyer, we tackle one of the most misunderstood — and dangerous — gaps in cybersecurity and compliance: the difference between policies and procedures. Charles exposes why so many companies think they’re secure because they have documentation — when in reality, most of it is just “shelfware.” He breaks down how policies define the what, while procedures define the how, and why both are essential for surviving audits, breaches, and today’s evolving threat landscape. Through real-world stories, hard-hitting examples, and field-tested advice, you’ll learn how to transform your documentation from static PDFs into living, operational tools that actually protect your business. From backups to access control, Charles shows how small details — like who verifies, when, and how — make the difference between passing an audit and failing a crisis. If you’ve ever wondered why your compliance program feels like paperwork instead of protection, this episode will change how you think about documentation forever. The Brief is a Charles Denyer Productions podcast hosted by Charles Denyer. Learn more at: • charlesdenyer.com • Instagram: @denyer.charles • Facebook: @charles.denyer Questions/Topics/Advertising: Have a topic you'd like Charles to cover on the podcast? Interested in advertising opportunities or something else? Reach out anytime at info@charlesdenyer.com Disclaimer: The Brief is a podcast produced by Charles Denyer Productions. The views and opinions expressed by the host and any guests are their own and do not constitute legal advice.

    12 min

Ratings & Reviews

5
out of 5
2 Ratings

About

The Brief with Charles Denyer is your guide to cybersecurity, AI, compliance, risk, and data privacy. Each week, Charles brings sharp insights and practical strategies to help you reduce risk, cut costs, and protect what matters most. From regulatory chaos to AI uncertainty, Charles breaks down the issues leaders face today — with real answers and real solutions. Listen on Apple, Spotify & more. Learn more: charlesdenyer.com Contact: info@charlesdenyer.com