The Risk Apogee

M K Palmore

The Risk Apogee is a 1:1 interview series, sponsored by Apogee Global RMS, featuring candid conversations with risk leaders serving small and mid-sized businesses and public sector organizations. Each episode explores how practitioners translate risk theory into practical action, focusing on real incidents, lessons learned, and frameworks that drive resilience in resource-constrained environments

Episodes

  1. Jun 29

    How a Public Sector CISO Prioritizes Risk When Every Dollar Has a Human Cost

    Public sector cybersecurity leaders face a resource equation that doesn't exist in the private sector: every security investment is weighed directly against public safety, housing, and essential city services. Austin Davis is the CISO for the City of San Jose, the twelfth largest city in the United States, and a veteran whose career spans military service, law enforcement, and enterprise security. In this episode of The Risk Apogee Podcast, he and MK Palmore work through why cybersecurity leaders in government operate under fundamentally different budget constraints than those in the private sector. How pension obligations and procurement rules compound the staffing challenge, and why the cybersecurity profession still lacks the kind of universally adopted career pathway that exists for physicians, attorneys, and pilots. Austin also addresses AI's rapid, often unannounced integration into legacy city systems, the governance gap it creates, and the real defensive potential he sees once the right human-machine boundaries are drawn. Things You Will Learn:Why public sector cybersecurity budgets compete against fundamentally different priorities than enterprise budgets, and how that changes every risk conversation.Why the cybersecurity profession's lack of a universally adopted career pathway is a structural driver of the talent shortage, not just a training gap.How AI is quietly being added to legacy government systems, creating new security risks that many organizations don't realize they've inherited. Tools & Frameworks Covered:Audience-Specific Risk Translation: Austin's practice of reframing cybersecurity risk in terms that match each stakeholder's operational reality: financial impact for finance teams, operational readiness for law enforcement, service continuity for department heads. The principle is that the same risk must be communicated differently depending on who needs to act on it.Professionalized Career Pathway Model: The argument that cybersecurity should adopt the kind of structured, universally recognized career progression used by medicine, law, and aviation with defined skill gates, hands-on progression, and a clear distinction between foundational certification and practitioner readiness.Legacy System AI Governance: The emerging requirement to re-review previously approved systems when vendors push AI components into existing products, since the original security review no longer reflects the system's actual risk profile. #PublicSectorCybersecurity #CyberWorkforce #AIGovernance #RiskLeadership #EnterpriseRisk 🎙️ Thanks for tuning in to The Risk Apogee Podcast! If you enjoyed this episode, don’t forget to follow/subscribe so you never miss an inspiring conversation. ✨ Connect with Apogee Global RMS for more leadership insights: LinkedIn: https://www.linkedin.com/in/mkpalmore/ Instagram: https://www.instagram.com/apogee_rms/ X/Twitter: https://x.com/apogee_rms 💼 This episode is brought to you by Apogee Global RMS – experts in risk management solutions. Check out their website to learn more about how they can support your business. Let’s keep growing and leading boldly. Until next time!

    45 min
  2. Jun 15

    Teddra Burgess on People Development, Federal Go-to-Market, and Building After Enterprise

    Promoting someone based on what they can execute tactically tells you very little about whether they'll succeed at the next level. Teddra Burgess spent nearly three decades in enterprise technology sales and public sector strategy before founding Chasing Outcomes, an executive advisory and federal go-to-market consulting firm. Teddra sits down with MK Palmore to unpack why corporate leadership pipelines keep producing the same blind spots: heavy investment in competency assessment, almost no preparation for stakeholder complexity, cross-functional politics, or the art of understanding what motivates the person on the other side of the table. The conversation moves from there into the realities of entrepreneurship after enterprise: what it means to be the product, why scale is the question founders chronically underestimate, and how AI has rewritten the math on what a single operator can accomplish. Things You Will Learn:Where corporate leadership development consistently breaks down, and why the gap between tactical competency and senior-level influence is where organizations lose their best people.What federal go-to-market strategy actually requires, and why even the best technology won't matter without a clear procurement path.The scaling, boundary-setting, and partnership decisions that define whether an entrepreneurial leap succeeds or stalls. Tools & Frameworks Covered:Motivation Mapping for Cross-Functional Influence: Before attempting to build consensus or drive alignment, understand what is urgent and important to the stakeholder across from you. Their priorities are not your priorities — and acting as though they are is where influence breaks down.Succession Planning as Organizational Diagnostic: Not just an HR exercise. When done honestly, it forces leaders to confront gaps at every level, check their ego, and assess whether the bench is actually ready or just familiar.Complementary Partnership Model: Instead of rushing to hire, identify entrepreneurs with adjacent expertise and build capacity through partnership first. Scale through alignment before committing to headcount. #LeadershipDevelopment #EntrepreneurshipAfterEnterprise #FederalGoToMarket #PeopleDevelopment #EnterpriseRisk 🎙️ Thanks for tuning in to The Risk Apogee Podcast! If you enjoyed this episode, don’t forget to follow/subscribe so you never miss an inspiring conversation. ✨ Connect with Apogee Global RMS for more leadership insights: LinkedIn: https://www.linkedin.com/in/mkpalmore/ Instagram: https://www.instagram.com/apogee_rms/ X/Twitter: https://x.com/apogee_rms 💼 This episode is brought to you by Apogee Global RMS – experts in risk management solutions. Check out their website to learn more about how they can support your business. Let’s keep growing and leading boldly. Until next time!

    20 min
  3. Jun 1

    How Geopolitical Risk, AI Adoption, and Compliance Gaps Converge in the Enterprise

    Organizations across the defense industrial base, healthcare, and critical infrastructure are treating compliance frameworks as the ceiling of their security investment rather than the floor, and doing so while geopolitical adversaries are already inside their supply chains. Michael McLaughlin sits at the intersection of cybersecurity, law, and national security, and in this conversation he walks through how Iranian-aligned cyber actors are drawing private sector companies onto a battlefield they never expected to occupy, how North Korean IT workers are bypassing HR processes to gain admin-level access at Fortune 100 companies, and why the race to adopt AI is repeating every structural mistake cybersecurity has already made. He also digs into why the CISO still lacks a real seat at the C-suite table, why insurance has become a crutch rather than a component of risk posture, and what actual resilience looks like when an incident lasts three weeks instead of three hours. Things You Will Learn: Why treating regulatory frameworks as ceilings instead of floors leaves organizations exposed to motivated nation-state actors who operate well beyond any compliance baseline.How converged risks demand cross-functional security involvement that most CISOs still don't have the authority to execute.Why the rapid adoption of AI without applying secure-by-design principles and the CIA triad to models, training data, and infrastructure will reproduce cybersecurity's foundational failures at an exponential scale. Tools & Frameworks Covered: Frameworks as Floors, Not Ceilings: The principle that CMMC, HIPAA, and similar regulatory baselines represent the minimum acceptable security posture, not the endpoint, and that organizations must build above them based on their specific threat landscape and attack surface.The CIA Triad Applied to AI: Extending confidentiality, integrity, and availability analysis to AI models: protecting prompt data from leakage, preventing training data poisoning and model drift, and ensuring model availability and redundancy beyond single-point infrastructure dependencies.Operational Resilience Beyond Incident Response: The military-derived concept that resilience means maintaining business operations during a sustained incident, not just detecting, responding, and recovering, but practicing pen-and-paper continuity and out-of-band communications for multi-week disruptions. #EnterpriseRisk #CyberSecurity #GeopoliticalRisk #CISO #CyberResilience #BusinessContinuity #AIGovernance 🎙️ Thanks for tuning in to The Risk Apogee Podcast! If you enjoyed this episode, don’t forget to follow/subscribe so you never miss an inspiring conversation. ✨ Connect with Apogee Global RMS for more leadership insights: LinkedIn: https://www.linkedin.com/in/mkpalmore/ Instagram: https://www.instagram.com/apogee_rms/ X/Twitter: https://x.com/apogee_rms 💼 This episode is brought to you by Apogee Global RMS – experts in risk management solutions. Check out their website to learn more about how they can support your business. Let’s keep growing and leading boldly. Until next time!

    27 min
  4. May 18

    How Behavioral Security Is Rewriting the Human Risk Equation

    Most organizations still manage human risk by training employees and hoping the behavior changes. That approach has never been grounded in evidence, and AI is making it dangerously obsolete. Oz Alashe is the founder and CEO of CybSafe, a behavioral AI security company that treats human risk as a measurable, data-driven variable rather than a compliance checkbox. A former lieutenant colonel in the British Army with a Special Forces and intelligence background, Oz brings an operator's discipline to a problem the industry has largely hand-waved. In this conversation, he and MK Palmore work through the tension between the speed of AI-driven transformation and the slower, harder work of establishing trust. Oz explains why predictive behavioral analytics are now possible at scale, why scaling the shortcuts of your best salespeople through AI agents is a compounding risk, and why the security behavior ontology his team is building may finally connect human behavior to actual risk outcomes. Things You Will Learn: Why treating human risk as a training problem produces no measurable risk reduction, and what an evidence-based behavioral approach looks like instead.How AI agents trained on human behavior are scaling organizational shortcuts at machine speed, creating compounding risk most enterprises haven't accounted for.Why the erosion of trust between humans, between humans and machines, and across authentication models, is the defining risk challenge of the next 18 months. Tools & Frameworks Covered: Security Behavior Ontology: CybSafe's mapping of every security behavior through to every risk outcome and control, designed to move organizations beyond training-and-hope toward measurable behavioral risk management.OODA Loop as AI Tempo Accelerator: The application of John Boyd's Observe-Orient-Decide-Act framework to AI-enabled security operations, where the real advantage isn't scale or capacity but the speed of the decision loop itself.Behavioral Vulnerability as Risk Variable: The framework of treating human behavior as a measurable component of the vulnerability side of the risk equation, rather than treating awareness as a proxy for security. #HumanRisk #BehavioralSecurity #EnterpriseRisk #AIAgents #RiskApogee 🎙️ Thanks for tuning in to The Risk Apogee Podcast! If you enjoyed this episode, don’t forget to follow/subscribe so you never miss an inspiring conversation. ✨ Connect with Apogee Global RMS for more leadership insights: LinkedIn: https://www.linkedin.com/in/mkpalmore/ Instagram: https://www.instagram.com/apogee_rms/ X/Twitter: https://x.com/apogee_rms 💼 This episode is brought to you by Apogee Global RMS – experts in risk management solutions. Check out their website to learn more about how they can support your business. Let’s keep growing and leading boldly. Until next time!

    24 min
  5. May 4

    How Enterprise Leaders Should Think About AI, Quantum, and Crown Jewel Protection

    The market rewards speed over security, and most executive teams are making resource decisions accordingly, but that trade-off becomes existential when adversaries are stockpiling encrypted data and quantum computing is approaching viability. Kathryn Wang is the Principal Public Sector Lead at SandboxAQ, CEO of CTRL+Alt+Defeat,io, and a board advisor whose career spans cybersecurity partnerships, defense technology, and national security. In this conversation, she and MK Palmore work through why AI's biggest enterprise impact so far has been workforce reduction rather than workforce amplification, how counterfeit and trojanized hardware exposes the limits of compliance frameworks like the software bill of materials, and why post-quantum cryptography should be treated as an urgent priority rather than a future concern. Kathryn shares her framework for cutting through the noise: identify your existential threat, lock down your crown jewels, and stop distributing limited security resources across a perimeter you cannot fully defend. Things You Will Learn: Why identifying and securing your organization's crown jewels is the highest-leverage move when you're outgunned and under-resourced.How the gap between compliance requirements and actual security effectiveness is widening, and why compliance theater remains a structural problem even at the federal level.What post-quantum cryptography means for enterprise data protection and why the "harvest now, decrypt later" threat model demands action today. Tools & Frameworks Covered: Crown Jewel Prioritization: Identify what will shut the company down, determine what adversaries actually want, and concentrate protection there rather than spreading resources across the full perimeter.Measured Optimism on AI Adoption: A decision lens for evaluating AI use: what is the job to be done, how does the tool help, and what are the ways you can injure yourself with it — versus treating AI as a hammer and looking for glass to break.Post-Quantum Cryptography Readiness: The strategic imperative to ensure crown jewel data cannot be ransomed or decrypted when quantum computing reaches viability, given that adversaries are already harvesting encrypted data for future decryption. #EnterpriseRisk #PostQuantumCryptography #AIAdoption #CriticalInfrastructure #RiskApogee 🎙️ Thanks for tuning in to The Risk Apogee Podcast! If you enjoyed this episode, don’t forget to follow/subscribe so you never miss an inspiring conversation. ✨ Connect with Apogee Global RMS for more leadership insights: LinkedIn: https://www.linkedin.com/in/mkpalmore/ Instagram: https://www.instagram.com/apogee_rms/ X/Twitter: https://x.com/apogee_rms 💼 This episode is brought to you by Apogee Global RMS – experts in risk management solutions. Check out their website to learn more about how they can support your business. Let’s keep growing and leading boldly. Until next time!

    39 min
  6. Apr 30

    How State Leaders Balance AI Adoption, Cyber Resilience, and Workforce Equity

    State governments are under pressure to adopt AI, strengthen cyber resilience, and build workforce pipelines, all at the same time, and without leaving communities behind. In this conversation recorded live at the RSAC Conference in San Francisco, MK Palmore sits down with Maryland Lieutenant Governor Aruna Miller, Secretary of Labor Portia Wu, and Secretary of Commerce Harry Coker. They discuss why Maryland has made cybersecurity, AI, and computational health lighthouse priorities under Governor Moore's administration, how the state is standing up AI subcabinets and cyber clinics to close the gap between graduating talent and evolving entry-level roles, and why cyber resilience now means operating through compromise rather than preventing it entirely. Things You Will Learn: Why cyber resilience requires organizations to plan for operating through compromise and how state-level leaders are reframing that conversation.How Maryland is using cyber and AI clinics, train-the-trainer models, and cross-institutional mandates to rebuild the entry-level cybersecurity talent pipeline as AI reshapes junior roles.Why bringing the workforce into AI adoption decisions before deployment is both an equity imperative and a practical requirement for successful technology implementation. Tools & Frameworks Covered: Lighthouse Sector Strategy: Maryland's approach to focusing state investment and ecosystem-building around specific sectors, including cybersecurity, AI, life sciences, quantum, and aerospace, creating intentional corridors for startup growth and talent development.Cyber Resilience as Operational Continuity: Secretary Coker's framing that the adversary is already inside the house, and that resilience means continuing to operate through compromise rather than treating prevention as the sole objective.Regional Cyber and AI Clinics: A state-funded model requiring cross-institutional collaboration to give current students and new graduates hands-on cybersecurity and AI experience, addressing the gap created by AI's displacement of traditional entry-level SOC and compliance roles. #CyberResilience #AIGovernance #CyberWorkforce #EquityInTech #RiskApogee 🎙️ Thanks for tuning in to The Risk Apogee Podcast! If you enjoyed this episode, don’t forget to follow/subscribe so you never miss an inspiring conversation. ✨ Connect with Apogee Global RMS for more leadership insights: LinkedIn: https://www.linkedin.com/in/mkpalmore/ Instagram: https://www.instagram.com/apogee_rms/ X/Twitter: https://x.com/apogee_rms 💼 This episode is brought to you by Apogee Global RMS – experts in risk management solutions. Check out their website to learn more about how they can support your business. Let’s keep growing and leading boldly. Until next time!

    35 min
  7. Apr 20

    How a 30-Year Practitioner Sees the Future of Security Leadership

    The CISO role is caught between rising personal liability, tactical overload, and a business landscape that still treats security as a technology function rather than an enterprise risk discipline. Aaron Wurthmann is a fractional security leader with nearly 30 years of experience spanning IT operations, DevOps, and security leadership across Silicon Valley startups and maturing organizations. In this episode of The Risk Apogee Podcast, Aaron joins host M. K. Palmore to work through the tension between chasing titles and finding the right role, why early-stage companies consistently delay security investment until external forces demand it, and how agentic AI is creating an observability crisis most security teams haven't even begun to address. Aaron shares how he evaluates talent, why he believes the CISO title should evolve toward a Chief Information Risk Officer model, and what it actually looks like when security leaders align risk registers to budget realities.   Things You Will Learn: Why aligning your risk register to your actual budget is the single most revealing test of whether an organization is serious about security.How to evaluate when a practitioner is ready for the next level of leadership and why giving titles prematurely does more harm than good.What agentic AI and bot-driven tool adoption mean for enterprise observability, and why most security teams are already behind. Tools & Frameworks Covered: People, Process, Things: Aaron's prioritization hierarchy for building security programs: get people bought into the mission first, then establish process, then select technology. Reversal of this order is where most programs break.Risk-to-Budget Alignment: The practice of holding organizations accountable by comparing stated security ambitions against actual budget allocation and risk register priorities.Least Privilege as an AI Governance Principle: Applying the decades-old principle of least privilege to agentic AI and bot permissions, using the HAL 9000 example as a reference point for over-permissioned autonomous systems. #CISO #SecurityLeadership #EnterpriseRisk #CyberSecurity #RiskApogee 🎙️ Thanks for tuning in to The Risk Apogee Podcast! If you enjoyed this episode, don’t forget to follow/subscribe so you never miss an inspiring conversation. ✨ Connect with Apogee Global RMS for more leadership insights: LinkedIn: https://www.linkedin.com/in/mkpalmore/ Instagram: https://www.instagram.com/apogee_rms/ X/Twitter: https://x.com/apogee_rms 💼 This episode is brought to you by Apogee Global RMS – experts in risk management solutions. Check out their website to learn more about how they can support your business. Let’s keep growing and leading boldly. Until next time!

    41 min
  8. Apr 13

    How Bob Lord Reframes Cybersecurity as a Software Safety Problem

    Most enterprise security spending goes toward bolting defensive tools onto software that was never built to be safe in the first place, and board conversations rarely question whether that's the right fight. Bob Lord has spent his career at the center of that question, serving as the first security hire at Twitter, Chief Information Security Officer at Yahoo, CISO at the Democratic National Committee after the 2016 hacks, and, most recently, helping launch the Secure by Design initiative at CISA. In this episode of The Risk Apogee Podcast with M.K. Palmore, Bob argues that the industry's language itself has allowed vendors to offload risk onto customers, while the C-suite continues to approve budgets for tools that treat symptoms. He walks through what other regulated sectors did to dramatically reduce harm, why AI is a chance to finally apply lessons the industry has ignored for thirty years, and how leaders can use AI to do things humans never could like continuous threat modeling and prioritizing the scariest fraction of a code base. Things You Will Learn: Why reframing "cybersecurity" as "software safety" changes how executives allocate budget and evaluate vendor accountability.How to apply lessons from aviation, automotive, and medical safety regulation to the way enterprises buy and deploy software.How AI can shift risk management from periodic threat modeling to continuous prioritization of the most dangerous parts of a code base. Tools & Frameworks Covered: The Four V's: Bob's framework for reframing the security narrative: shift focus from Villains (the attackers we celebrate) and Victims (the organizations we shame) toward Vendors (who ship unsafe software) and Visionaries (who have been telling us how to fix it for decades).Secure by Design: The principle that the burden of staying safe should shift from software operators back to software manufacturers, modeled on regulated transformations in automotive, aviation, and medical safety.Continuous Threat Modeling with AI: Using AI agents to compare every code change against the threat model continuously, rather than treating threat modeling as a one-time design-phase exercise.The Security Vitamin: A proposed 15-minute weekly concept delivery model for building executive mental models around security risk over time, rather than attempting one-shot training sessions. #SoftwareSafety #SecureByDesign #CISO #EnterpriseRisk #RiskApogee 🎙️ Thanks for tuning in to The Risk Apogee Podcast! If you enjoyed this episode, don’t forget to follow/subscribe so you never miss an inspiring conversation. ✨ Connect with Apogee Global RMS for more leadership insights: LinkedIn: https://www.linkedin.com/in/mkpalmore/ Instagram: https://www.instagram.com/apogee_rms/ X/Twitter: https://x.com/apogee_rms 💼 This episode is brought to you by Apogee Global RMS – experts in risk management solutions. Check out their website to learn more about how they can support your business. Let’s keep growing and leading boldly. Until next time!

    43 min

About

The Risk Apogee is a 1:1 interview series, sponsored by Apogee Global RMS, featuring candid conversations with risk leaders serving small and mid-sized businesses and public sector organizations. Each episode explores how practitioners translate risk theory into practical action, focusing on real incidents, lessons learned, and frameworks that drive resilience in resource-constrained environments