Bourbon & Bytes

Cape Endeavors
  • 0.0 (0)
  • TECHNOLOGY
  • UPDATED WEEKLY

Spirited conversation and sharp insights, exploring cybersecurity, national security, AI threats, and personal journeys—all over a glass of bourbon.

Episodes

  1. China’s Quiet Cyber Takeover: Pre-Positioning, Chaos & Taiwan Scenarios

    11/24/2025

    China’s Quiet Cyber Takeover: Pre-Positioning, Chaos & Taiwan Scenarios

    In this episode of Bourbon & Bytes, Cape Endeavors CEO Terry McGraw sits down with Alexandra Rose, Director of Government Partnerships & CTU Threat Research at Sophos - formerly SecureWorks. Alex brings a rare perspective: NSA-trained linguist, Air Force veteran, federal civilian analyst, interagency team builder, and now one of the most trusted voices in commercial threat intelligence. They dig into the uncomfortable truth most organizations avoid: Ransomware is obvious. China isn’t. And the quiet stuff is the part that can break a country. What You’ll Learn: How China shifted from IP theft to infiltrating the infrastructure that determines trust Why pre-positioning matters — and how chaos, not data theft, is the real endgame How commercial threat intel operates without government budgets or authorities The difference between opportunistic ransomware crews and persistent nation-state operators Why public-private partnerships are finally working — and the mindset shift that made it possible Why basic security (MFA, patching, monitoring) still shuts down most real-world attacks The uncomfortable role AI plays in shaping a population’s perception of truth Why “incremental progress” in cybersecurity beats big-bang silver bullet thinking every time About Alexandra RoseAlex has spent her career connecting dots across intelligence, geopolitics, cybercrime, and nation-state operations. Today she helps lead Sophos’ government partnerships and threat research efforts, turning global threat activity into actionable intelligence for defenders around the world. About Bourbon & BytesHosted by Terry McGraw, retired U.S. Army Lt. Colonel and former senior leader at NETCOM, Army Cyber Command, and the NSA — now CEO of Cape Endeavors, a CMMC compliance and secure enclave provider for the Defense Industrial Base.Every episode mixes candid conversation, real-world cyber stories, and insights from the leaders shaping national security.⁠ #ThreatIntelligence⁠ ⁠#NationStateThreats⁠ ⁠#CyberDefense⁠ ⁠#ChinaCyberThreat⁠ ⁠#Geopolitics⁠ ⁠#NationalSecurity

    51 min
  2. AI, Adversaries, and Adaptation: Microsoft’s Justin Turner on the Future of Cyber Defense

    10/28/2025

    AI, Adversaries, and Adaptation: Microsoft’s Justin Turner on the Future of Cyber Defense

    In this episode of Bourbon & Bytes, Cape Endeavors CEO Terry McGraw sits down with Justin Turner, Principal Group Manager for Microsoft Security, to explore how AI is transforming cybersecurity — and how defenders can adapt. From his early days as an Army signal officer to leading Microsoft’s Defender Experts team, Turner shares how his journey shaped his approach to modern threat defense. Together, he and McGraw unpack some of today’s most critical security topics: 🔹 Why Microsoft made security its top cultural priority 🔹 How AI is reshaping analyst workflows (and threat actor tactics) 🔹 The enduring power of “basic” attack vectors like phishing 🔹 The rise of nation-state cyber activity and data exfiltration risks 🔹 What quantum-enabled AI could mean for the future of encryption 🔹 Why curiosity — not credentials — remains the most valuable skill in cybersecurity Whether you’re a CISO, SOC analyst, or security practitioner, this conversation offers a candid look at where the industry is headed — and what it will take to stay ahead. 📺 Watch more episodes: youtube.com/@CapeEndeavors 🔔 Subscribe for expert discussions on CMMC compliance, secure enclaves, and cyber readiness. Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #Cybersecurity #AIinCyberDefense #MicrosoftSecurity #CapeEndeavors #BourbonAndBytes #CMMC #DefenderExperts #CyberThreats #QuantumSecurity #SOC #AIinSecurity

    1h 6m
  3. From Chaos to Command: Tony Kirtley of IBM’s X-Force on Leading Cyber Incident Response

    09/30/2025

    From Chaos to Command: Tony Kirtley of IBM’s X-Force on Leading Cyber Incident Response

    When a cyber crisis hits, the difference between chaos and recovery often comes down to preparation, leadership, and clear communication. In this episode of *Bourbon & Bytes*, Cape Endeavors CEO Terry McGraw sits down with Tony Kirtley, Global Leader of IBM’s X-Force Incident Response, to share hard-won lessons from some of the world’s largest cyber incidents. They emphasize the need for organizations to have robust incident response plans, effective communication strategies, and the role of incident commanders in managing crises. The conversation also highlights the significance of understanding business risks, especially in relation to supply chains and data breaches, and the necessity of practicing response strategies to mitigate emotional responses during incidents. 🔎 *What you’ll learn: ✅ The top attack vectors that still dominate breaches today ✅ Why asset management and privilege access remain weak points ✅ How AI is (and isn’t) changing the threat landscape ✅ The role of incident commanders in high-stakes ransomware cases ✅ The “grief cycle” of cyber breaches and how leaders can push their teams to acceptance faster ✅ Practical steps executives should take before the worst day happens If you’re in cybersecurity, leadership, or risk management, this conversation is packed with insights that can help your organization prepare, respond, and recover. 👉 Subscribe for more expert conversations on cybersecurity, compliance, and leadership from the frontlines. #IncidentResponse #Cybersecurity #CMMC #DataBreach #IBM #BourbonAndBytes

    47 min
  4. Why Your Business Isn’t CMMC Ready (And How to Fix It Fast)

    09/10/2025

    Why Your Business Isn’t CMMC Ready (And How to Fix It Fast)

    In this Bourbon & Bytes conversation, Terry McGraw of Cape Endeavors sits down with Koren Wise, founder of Wise Technical Innovations and a C3PAO with hands-on experience guiding defense contractors through CMMC. Koren shares how she got started in IT, why she became an early believer in CMMC, and the hard truths she sees every day when companies think they’re ready for an assessment but aren’t. From scoping mistakes to relying on the wrong MSP, she explains why so many defense contractors stumble — and what separates those who pass from those who don’t.If your business handles Controlled Unclassified Information (CUI) and you’re aiming for CMMC Level 2 compliance, this episode is packed with practical lessons you won’t want to miss. Practical Guidance for CMMC ReadinessBoundaries are EssentialCMMC is highly technical. You need real network and systems engineering expertise to build proper boundaries around CUI. Thinking “cloud replaces boundaries” is a major misconception. Scoping Mistakes are Common - Many contractors don’t understand how scoping really works. If a laptop is used to view CUI, it’s in scope unless protected by an authorized VDI. Failing to scope properly pulls in devices and networks you may not expect. Training Matters - Companies often show up for assessments without anyone who has been through training. Without someone who understands the 110 controls and 320 objectives, it’s challenging to be truly ready. Endpoints Can Sink Compliance - Some vendors claim their solutions make CMMC compliance easy while leaving endpoints in scope. If endpoints aren’t properly managed, attackers can harvest credentials and compromise CUI, no matter how strong your enclave is. Empty Enclaves = False Claims Risk - Building a compliant enclave but leaving CUI scattered across old systems is not just a mistake — it could be seen as a false claim if you attest to compliance. CMMC is Both Protection and Advantage - Beyond DoD requirements, following NIST 800-171 and CMMC protects your business from ransomware and gives you a competitive edge in winning contracts. Continuous Compliance is Necessary - Compliance doesn’t end at assessment. Without ongoing monitoring and updating, companies risk slipping out of compliance and losing contract eligibility. Choose Compliance Partners Carefully - An MSP or RPO that downplays CMMC or says “it will go away” is a red flag. Look for providers with CCP/CCA credentials and a record of helping companies pass. Like, comment, and follow: https://www.youtube.com/@CapeEndeavors

    49 min
  5. Navigating Supply Chain Risks in a World of Constant Disruption

    08/19/2025

    Navigating Supply Chain Risks in a World of Constant Disruption

    In this episode of Bourbon & Bytes, Cape Endeavors CEO Terry McGraw sits down with Jenna Wells, CEO of Supply Wisdom‬ to explore the evolving landscape of business risk management in an increasingly volatile world. From her early career as a Marine Corps officer and NSA-trained intelligence officer to leading a cutting-edge risk intelligence platform, Jenna shares insights on: ➡️ Identifying and managing location risk in global supply chains ➡️ Navigating regulatory requirements like DORA, GDPR, and forced labor prevention acts ➡️ Mitigating upstream and downstream vulnerabilities in today’s interconnected economy ➡️ Preparing for the next wave of AI regulations and responsible AI adoption Whether you’re a defense contractor, a supply chain leader, or an executive looking to strengthen your organization’s resilience, this conversation delivers actionable strategies to turn risk management from reactive to proactive. 📌 Learn how to protect your business from disruptions, avoid costly compliance failures, and make informed decisions in a complex global environment.

    53 min
  6. CMMC Compliance Without the BS – Real Talk from 3 Experts Who've Been There

    08/11/2025

    CMMC Compliance Without the BS – Real Talk from 3 Experts Who've Been There

    In this episode of Bourbon & Bytes, host Terry McGraw sits down with Dewayne Alford (COO) and Andy Paul (CTO & Lead CMMC Assessor) of Cape Endeavors to pour a glass of Blanton’s and break down what really matters when it comes to CMMC compliance. Forget the framework fluff—this is an unfiltered conversation packed with real-world insights from a team that’s successfully brought 23 companies through CMMC assessment with a perfect score of 110. 🧠 What you'll learn: Why “CUI is everywhere” is a myth that’s costing contractors time and money How skipping scoping leads to failed assessments—and what to do instead The three practical paths to CMMC compliance (hint: not everyone needs to lift their whole environment) What most “CMMC-ready” tools and vendors won’t tell you Why enclaves are often the fastest, cheapest, and most secure solution How false claims, overscoping, and poor tooling increase risk and burn budgets What to ask any RPO or assessor before you sign anything 💡 Plus: A deep dive into Teramis, a purpose-built CUI discovery tool born from real-world experience with post-breach response and assessment prep. Whether you’re just getting started with CMMC, already on the journey, or cleaning up someone else’s mess—this episode is a must-watch. 🔗 Learn more at https://www.capeendeavors.com 📥 Explore Teramis CUI discovery at https://www.teramis.us 👉 Like, subscribe, and drop a comment to let us know what CMMC topics you'd like to see in future episodes.

    1h 8m
  7. Cybersecurity in the Cloud: Navigating AI, Quantum Threats, and Supply Chain Risks

    08/05/2025

    Cybersecurity in the Cloud: Navigating AI, Quantum Threats, and Supply Chain Risks

    In this episode of Bourbon & Bytes, host Terry McGraw (CEO of Cape Endeavors) welcomes Chris Perry, Head of Cybersecurity Product Management at Google Cloud AI Compute Infrastructure. The conversation spans critical cybersecurity and infrastructure issues facing both cloud providers and regulated industries. Topics include: ➡️ Cybersecurity in Cloud Computing ➡️ AI’s Impact and Opportunities ➡️ Software Supply Chain Security ➡️ Quantum Computing and Encryption ➡️ Ransomware-as-a-Service and the Cyber Threat Landscape Perry also shares practical guidance for CFOs, CISOs, and technology leaders on where to focus now and what to demand from vendors as quantum and AI capabilities evolve. If you work in cybersecurity, cloud infrastructure, national defense, or critical infrastructure, this episode is packed with insight you won’t want to miss. #Cybersecurity #CloudSecurity #AIInfrastructure #QuantumComputing #GoogleCloud #CMMC #ThreatIntelligence #SharedResponsibilityModel #Ransomware #Compliance #NationalSecurity #CapeEndeavors #BourbonAndBytes #CloudSovereignty #AIandSecurity #PostQuantumEncryption

    41 min
  8. AI Meets the Battlefield: Mike Weigand on the Future of AI, Cybersecurity and Defense Innovation

    07/28/2025

    AI Meets the Battlefield: Mike Weigand on the Future of AI, Cybersecurity and Defense Innovation

    Join Terry McGraw on Bourbon and Bytes as he sits down with Mike Weigand, a former Army Ranger, cyber officer, and defense-tech entrepreneur. In this compelling episode, Mike shares his journey from securing military systems at Shift5 to founding Aventra, a defense-tech startup tackling the future of long-range precision systems. Weigand shares how his military roots as a West Point grad, Ranger, and cyber officer shaped his entrepreneurial approach to defense innovation. He discusses how today's battlefield is defined not by mass but by speed, autonomy, and software-driven advantage—and how tools like AI are shrinking OODA loops, enabling rapid prototyping, and completely changing what’s possible in modern conflict. ▶️ Topics covered in this episode: Securing operational technology (OT) systems AI's Transformative Impact on Defense Innovation The Reindustrialization Imperative Speed as the New Competitive Advantage Whether you care about AI, defense innovation, or American industrial resilience, this is a conversation that connects dots few others can. 👉 Subscribe to Bourbon & Bytes for more conversations with top tech leaders—diving into cybersecurity, national security, AI threats, and the personal journeys behind the innovation. #DefenseTech #Cybersecurity #AI #IndustrialBase #OODAloop #AutonomousWeapons #AmericanManufacturing #CapeEndeavors #BourbonAndBytes

    46 min
  9. Breaking Barriers and Battling Cybercrime: Wendy Thomas on Galvanizing Leadership and the Future of Security

    07/18/2025

    Breaking Barriers and Battling Cybercrime: Wendy Thomas on Galvanizing Leadership and the Future of Security

    In this powerful episode of Bourbon & Bytes, host Terry McGraw, CEO of Cape Endeavors, sits down with Wendy Thomas—former CEO of Secureworks and current board director at Marketta and IonQ—for a wide-ranging conversation that explores the shifting frontlines of cybersecurity, artificial intelligence, and leadership. Wendy unpacks how quantum and AI are reshaping the cyber landscape, including the opportunities (like democratized security and new AI forensics roles) and risks (from model drift to deepfakes). The two dive into the explosive growth of cybercrime—now topping $10.5 trillion—and discuss the need for new public-private accountability models, secure software mandates, and a "lifestyle approach" to legislation. Beyond tech, Wendy reflects on the evolution of diversity in leadership, the limitations of traditional higher education, and what it really takes to lead a company through IPOs, acquisitions, and cultural change. Insightful, strategic, and deeply human—this is a conversation you don’t want to miss. Learn more about Cape Endeavors: https://www.capeendeavors.com #Cybersecurity #AI #QuantumComputing #Deepfakes #AICybersecurity #CyberRisk #ThreatLandscape #SecureSoftware #SecureWorks #WomenInTech #BoardLeadership #TechLeadership #Marqeta #IONQ #BourbonAndBytes #CapeEndeavors

    56 min
  10. Mapping the Cyber Battlefield: Jason Kaplan on Attack Surfaces, CMMC, and the Startup Grin

    07/16/2025

    Mapping the Cyber Battlefield: Jason Kaplan on Attack Surfaces, CMMC, and the Startup Grin

    In this episode of Bourbon & Bytes, host Terry McGraw sits down with Jason Kaplan, CEO of SixMap, for a spirited conversation that cuts across startup life, cybersecurity mandates, and the rapidly evolving threat landscape. Kaplan shares his unconventional journey from finance to fitness tech to cybersecurity, offering a founder’s-eye view of how SixMap is redefining External Attack Surface Management (EASM). The two dive deep into the cost-benefit debate around CMMC 2.0, the importance of secure-by-design infrastructure, and why "waiting" is the most expensive strategy of all. They also explore how SixMap uses AI to provide high-fidelity scans of enterprise exposure—mapping vulnerabilities across IPv4/IPv6, ports, and corporate hierarchies. From ransomware fallout to deepfake dangers, and from bourbon reviews to rapid-fire startup advice, this episode blends strategic insight with real-world urgency.

    41 min
  • 10 Episodes

About

Spirited conversation and sharp insights, exploring cybersecurity, national security, AI threats, and personal journeys—all over a glass of bourbon.

Information

  • Creator
    Cape Endeavors
  • Years Active
    2K
  • Episodes
    10
  • Rating
    Clean
  • Copyright
    © Cape Endeavors
  • Show Website
    Bourbon & Bytes