Secure Talk Podcast

Justin Beals
  • 4.8 (39)
  • TECHNOLOGY
  • UPDATED WEEKLY

Secure Talk reviews the latest threats, tips, and trends on security, innovation, and compliance. Host Justin Beals interviews leading privacy, security and technology executives to discuss best practices related to IT security, data protection and compliance. Based in Seattle, he previously served as the CTO of NextStep and Koru, which won the 2018 Most Impactful Startup award from Wharton People Analytics. He is the creator of the patented Training, Tracking & Placement System and the author of “Aligning curriculum and evidencing learning effectiveness using semantic mapping of learning assets,” published in the International Journal of Emerging Technologies in Learning (iJet). Justin earned a BA from Fort Lewis College.

  1. Shared Wisdom: Why AI Should Enhance Human Judgment, Not Replace It | Secure Talk with Alex Pentland

    JAN 27

    Shared Wisdom: Why AI Should Enhance Human Judgment, Not Replace It | Secure Talk with Alex Pentland

    Most AI discourse swings between paradise and doom—but the real question is how we architect these systems to enhance human understanding rather than replace decision-making. MIT Professor Alex "Sandy" Pentland reveals why treating AI as an information tool instead of an authority is critical for cybersecurity teams, business leaders, and anyone navigating the intersection of technology and culture. The math is stark: 90% of social media users are represented by only 3% of tweets. We're making decisions based on algorithmic extremes, not community wisdom. Pentland shows how Taiwan used the Polis platform to restore government trust from 7% to 70% by eliminating follower counts and visualizing the full spectrum of opinion—proving most people agree more than they think. For security professionals, the implications are profound: culture drives security outcomes more than controls. The stories your team shares about breaches, vulnerabilities, and response protocols create the shared wisdom that determines whether you're actually secure. AI can help synthesize context and surface patterns across distributed organizations, but cannot replace the human judgment needed when edge cases and outliers occur. Drawing parallels to the Enlightenment—when letter-writing networks sparked unprecedented collaboration among scholars—Pentland argues we stand at a similar inflection point. We have tools that let us share information at unprecedented scale, yet our digital systems amplify loud voices and create echo chambers instead of fostering collective wisdom. His book "Shared Wisdom" offers a pragmatic framework for cultural evolution in the age of AI, recognizing we'll take steps forward, make mistakes, and need to choose our direction deliberately. Key insights include understanding AI as a statistical repackaging of human stories, recognizing how four waves of AI development have each failed in predictable ways, and learning why loyal agents—systems legally bound to serve your interests like doctors and lawyers—represent the future of trustworthy AI. Pentland also explains why audit trails and liability matter more than premature regulation, and how communities need local governance that's interoperable but not uniform. Alex "Sandy" Pentland is Stanford HAI Fellow, MIT Toshiba Professor, and member of the US National Academy of Engineering. Named one of "100 People to Watch This Century" by Newsweek and one of "seven most powerful data scientists in the world" by Forbes, his work established authentication standards for digital networks and contributed to pioneering EU privacy law. Episode Resources: Pentland, Alex. (2025). Shared Wisdom: Cultural Evolution in the Age of AI. The MIT Press.  https://mitpress.mit.edu/9780262050999/shared-wisdom/

    56 min
  2. The 2026 Planning Episode: 5 key security imperatives.

    JAN 13

    The 2026 Planning Episode: 5 key security imperatives.

    While most organizations treat security as a cost center, a select group is using it to win enterprise deals, open new markets, and outpace competitors. The difference? They've stopped asking "how much does security cost?" and started asking "how much value does security create?" This strategic edition synthesizes lessons from security leaders at Walmart, PayPal, Postman, and the defense industrial base to reveal the playbook for 2026: treating security as a business function that enables velocity, builds trust, and creates competitive moats. Five Strategic Imperatives for 2026:1. Architect for the AI Identity Explosion When AI agents access your CRM, email, and databases on behalf of humans, who's accountable? Walmart's 10,000+ developers faced this at scale. Learn how to govern probabilistic, non-deterministic systems before deployment breaks.2. Turn Supply Chain Security Into Competitive AdvantageCMMC enforcement is here—Raytheon paid $8.4M, Penn State $1.25M. But smart contractors are leading with certification to win contracts. See how quantitative security standards are reshaping business relationships between primes and subs.3. Extract Intelligence From Your Own Logs One organization prevented $3M in fraud using internal threat intelligence. Learn why focused AI models that analyze your specific environment outperform generic vendor feeds.4. Make Security Your Primary Differentiator When SOC 2 Type II certification wins you three enterprise customers worth $2M ARR, security spending looks very different to the CFO. Discover how to position security as the reason customers choose you.5. Build Culture, Not Tool Stacks The oil & gas industry made safety everyone's responsibility through culture, not technology. Apply the same principles to solve cybersecurity's 65% turnover crisis. Expert Insights From:Rishi Bhargava (Descope) | Tobias Yergin (Walmart) | Bob Kolasky (Exiger) | Chris Wysopal (Veracode) | Bill Anderson (Mattermost) | Satyam Patel (Kandji) | Sam Chehab (Postman) | Brian Wagner | Dimitry Shvartsman (PayPal)The Meta-Pattern: Organizations winning in 2026 measure security in business terms—revenue enabled, customers won, time to market reduced. They're not the "department of no" blocking progress—they're the team enabling fast, safe movement. 🎙️ SecureTalk: Strategic conversations with security leaders, hosted by Justin Beals🔔 Subscribe for insights on AI security, CMMC, threat intelligence & security ROI

    46 min
  3. Secure Talk Special Episode: "Building Secure Societies in the Age of Division: The Seven Lessons for Humanity Heading Into 2026"

    12/30/2025

    Secure Talk Special Episode: "Building Secure Societies in the Age of Division: The Seven Lessons for Humanity Heading Into 2026"

    "In 20 years, we transformed food allergy awareness from nonexistent to universal—no law required. What if we could do the same for data security and AI governance?" This special episode reveals how grassroots cultural shifts create lasting change, and why 2026 might be the year cybersecurity professionals become architects of something bigger than defenses. We've distilled 2025's conversations with experts from Harvard, MIT, NYU, Brown, and the AI development frontlines into seven actionable lessons that reframe security from technical problem to human opportunity. From understanding the 800 billion AI agents already in our systems, to recognizing why your most valuable threat intelligence is already in your logs, to building the communities that make external defenses less necessary. Here's what successful security leaders are realizing: The organizations thriving in 2026 aren't just protecting systems—they're creating conditions where humans and AI can flourish together. THE SEVEN LESSONS: • Social division is our greatest vulnerability (and connection is our strength) • Technology won't save us from ourselves (but we can) • Real change happens through grassroots cultural shifts • AI demands fundamentally different thinking (here's how) • Our values can blind us (when to trust them, when not to) • The weakest links are often invisible (where to look) • Context matters more than technology (your advantage is closer than you think) FEATURING INSIGHTS FROM: Dr. Claire Robertson (NYU) | Greg Epstein (Harvard/MIT) | Dr. De Kai | Rishi Bhargava (Descope) | Tobias Yergin (Walmart AI) | Prof. Steven Sloman (Brown) | Lars Kruse | Brian Wagner | Dr. Aram Sinnreich | Jesse Gilbert PERFECT FOR: Security leaders building resilient organizations | Professionals navigating AI transformation | Anyone ready to move beyond purely technical solutions 🔗 StrikeGraph: https://strikegraph.com Which lesson will change how you approach security in 2026?  #Cybersecurity #AIGovernance #SecurityLeadership #CyberResilience #AIEthics #CISO #ThreatIntelligence #FutureOfWork

    31 min
  4. Building a Thriving Future: AI Ethics & Security in Virtual Worlds | Dr. Paola Cecchi - Dimeglio

    12/16/2025

    Building a Thriving Future: AI Ethics & Security in Virtual Worlds | Dr. Paola Cecchi - Dimeglio

    The mistakes we made building the internet don't have to be repeated in the metaverse—if we act now. Join SecureTalk host Justin Beals for an essential conversation with Dr. Paola Cecchi-Dimeglio about building secure, ethical virtual worlds. Dr. Cecchi-Dimeglio brings 25 years of experience advising governments, Fortune 500 companies, and global institutions on AI ethics and technology governance. Her new book "Building a Thriving Future: Metaverse and Multiverse" (MIT Press, 2025) provides frameworks for building virtual spaces that serve humanity rather than exploit it. CORE THEMES: • Security by design vs. security bolted on after problems emerge • How biases get encoded into AI systems—and prevention strategies • The critical role of "human in the loop" for AI oversight • Why good regulation creates business stability • Digital identity systems for global inclusion • Authentication and verification in virtual spaces • Cross-border legal frameworks for technology governance REAL-WORLD IMPACT: Over 1 billion people globally lack legal identification—virtual worlds could solve this through blockchain-based digital identity, or create new exclusions if built poorly. The standards we set now for authentication, verification, and identity control will determine whether these spaces become tools for human flourishing or mechanisms for surveillance. WHY THIS MATTERS NOW: Virtual worlds already exist—gaming platforms host billions of usersAI is accelerating everything, including security vulnerabilitiesDeepfake technology is improving faster than detection methodsThe decisions made today will shape digital society for decades SURPRISING INSIGHTS: → Children currently detect deepfakes better than adults (but not for long) → Major consulting firms have sold governments expensive reports full of AI errors → Voice recognition systems historically failed on non-Western accents due to training data bias→ Email autocorrect defaults "Paola" to "Paolo" because datasets contained more men than women ABOUT THE GUEST: Dr. Paola Cecchi-Dimeglio is a globally recognized expert in AI, big data, and behavioral science. She holds dual appointments at Harvard Law School and Kennedy School of Government, co-chairs the UN ITU Global Initiative on AI and Virtual Worlds, and has authored 70+ peer-reviewed publications. Her work advises the World Bank, European Commission, and Fortune 500 executives on ethical AI implementation. THE OPTIMISTIC VISION: Virtual worlds can tap talent anywhere, breaking geographic barriers. They can connect separated families, provide legal identity to excluded populations, and create opportunities we can't yet imagine—but only if we build them with security, ethics, and human values as foundational requirements. ABOUT SECURETALK: SecureTalk ranks in the top 2.5% of podcasts globally, making cybersecurity and compliance topics accessible to business leaders. Hosted by Justin Beals, CEO of Strike Graph and former network security engineer. Perfect for: Security professionals, technology leaders, business executives, policy makers, anyone concerned about building ethical AI systems and secure virtual worlds. 📚 "Building a Thriving Future: Metaverse and Multiverse" by Dr. Paola Cecchi-Dimeglio (MIT Press, 2025) #AIEthics #Cybersecurity #VirtualWorlds #TechnologyGovernance #MetaverseSecurity #DigitalEthics #AIRegulation #SecureByDesign

    56 min

  5. 12/02/2025

    Why Security Leaders Struggle With Security Culture | Steven Sloman on Secure Talk

    Brown University cognitive scientist Steven Sloman reveals the hidden mechanism driving cultural division—and why it matters for security leadership. In this wide-ranging conversation, Sloman explains the fundamental tension between sacred values and consequentialist thinking, and how understanding this dynamic transforms how leaders communicate risk and build organizational culture. Justin Beals opens with a personal story about leaving a religious environment defined by absolute values, setting the stage for an exploration of how cognitive science explains why extremists control discourse, why outrage dominates social media, and why having strong values might actually be essential for good decision-making. KEY TOPICS: • The two systems humans use for decision-making and why both matter • Why simplified positions dominate complex policy debates • How humor breaks through absolutist thinking • The critical difference between AI association and human deliberation • Why communities radicalize when they become too insular • Practical frameworks for leadership teams navigating value conflicts Sloman, author of "The Cost of Conviction: How Our Deepest Values Lead Us Astray," shares insights from decades of research on cognition, reasoning, and collective thinking. The conversation moves from abstract cognitive science to immediate applications for security professionals operating in organizations where tribal loyalties threaten evidence-based decision-making. Whether you're presenting risk assessments to boards, building security culture, or helping organizations function during divisive times, this episode offers frameworks for understanding when values serve us and when consequentialist analysis becomes essential. Resources: Sloman, S. (2025). The cost of conviction: How our deepest values lead us astray. MIT Press. (https://mitpress.mit.edu/9780262049825/the-cost-of-conviction/)

    56 min
  6. From Punk Rock Anarchist to Bank Security Leader: An Unlikely Journey in Threat Intelligence | SecureTalk with Joe Rossi

    11/18/2025

    From Punk Rock Anarchist to Bank Security Leader: An Unlikely Journey in Threat Intelligence | SecureTalk with Joe Rossi

    Most threat intelligence programs can't prove their value. Joe Rossi's team at Zions Bank did the opposite—preventing $3 million in fraud annually while actually attracting new customers to the bank. In this episode, former punk rock kid turned threat intelligence leader Joe Rossi reveals why your most valuable security intelligence isn't from expensive vendor feeds—it's sitting in your own logs right now. He shares the hard lessons learned building CTI programs from scratch, why most organizations focus on the wrong threats, and how to make security a competitive advantage instead of just a cost center. Key insights: • Why your firewall logs are more valuable than threat intelligence feeds • The cultural mindset required before you invest in CTI • How to quantify security program ROI in terms leadership actually cares about • Dark web monitoring: reality vs. Hollywood expectations • When your organization is actually ready for threat intelligence Whether you're a CISO considering a CTI program or a security professional trying to prove value, this conversation offers practical frameworks for building security capabilities that directly impact the bottom line.

    51 min
  7. Inside CMMC Implementation: What November 10th Means for Defense Contractors | Secure Talk with Bob Kolasky

    11/04/2025

    Inside CMMC Implementation: What November 10th Means for Defense Contractors | Secure Talk with Bob Kolasky

    Bob Kolasky walked the halls where CMMC was built. As founding director of CISA's National Risk Management Center, he watched this policy evolve from concept to pilot program to federal law—surviving three presidential administrations because the need never changed. On November 10, 2025, that policy becomes mandatory reality for every defense contractor pursuing new DoD solicitations. Self-certification ends. Independent verification begins. And the defense industrial base faces its most significant security transformation in a generation. In this conversation with Justin Beals, Bob explains what contractors need to understand about the deadline—and what recent enforcement actions reveal about gaps that have existed all along. From Honor System to Accountability: For years, defense contractors self-certified compliance with NIST 800-171 cybersecurity requirements. The system worked on trust. Contractors checked boxes, DoD accepted attestations, and controlled unclassified information flowed through supply chains with security gaps nobody was measuring. Then came the settlements. Raytheon paid $8.4 million for failing basic security controls—no antivirus software on systems handling defense information, no system security plans, missing access controls. Penn State settled $1.25 million across 15 contracts. Georgia Tech paid $875,000 in the first DOJ intervention in a cybersecurity False Claims Act case. These weren't breaches. These were preventable failures that contractors had certified didn't exist. Katie Arrington's warning to the industry has been consistent: "If you go on LinkedIn one more time and tell me how hard CMMC is, I'm going to beat you. That ship sailed in 2014." Translation: adversaries are watching, and contractors broadcasting difficulties are revealing exactly where vulnerabilities exist. The November 10th Framework: After this deadline, every new contract solicitation includes CMMC requirements matched to data sensitivity: Level 1 handles federal contract information through annual self-assessment with SPRS score reporting. Level 2 manages controlled unclassified information and requires independent C3PAO assessor validation—affecting approximately 35% of DoD's contractor base. Level 3 involves breakthrough technology or critical CUI aggregations and demands direct government audit. The quantitative approach represents a shift. Instead of binary pass/fail, contractors receive scores reflecting actual security posture. An 88 out of 110 qualifies for Level 2 conditional status with plan of action and milestones. These numbers measure real capabilities across incident response, access control, and continuous monitoring. The Supply Chain Ripple Effect: Prime contractors bear new responsibility for subcontractor compliance. Before contract award, they must verify—not just accept—that subs meet requirements. Security questionnaires aren't sufficient anymore. Primes need evidence, validation, and continuous visibility. An affirming official—typically a senior executive—personally attests to the government that the organization actively manages supply chain risk. This accountability changes relationships throughout the defense industrial base. Practical Considerations: Bob addresses the questions contractors are asking: How do you define system boundaries when CUI flows through your infrastructure? Why does each information system need a unique CMMC identifier? What does "current CMMC status" mean for maintaining certification? How do you schedule C3PAO assessments when capacity is limited and 35% of contractors need certification? He also explains why technology becomes essential—automating compliance evidence collection makes continuous monitoring feasible without massive security staff increases. And he's candid about what the next two years bring: with Kirsten Davies nominated as new CIO and Katie Arrington driving implementation, expect aggressive rollout through 2026. Why This Policy Survived: Bob's experience spans Obama, Trump, and Biden administrations. The CMMC framework persisted through every transition because supply chain security isn't a partisan issue—it's a national defense imperative. Now at Exiger advising defense contractors, Bob bridges the gap between policy intent and practical implementation. This conversation provides clarity on November 10th's real meaning: not just a compliance deadline, but a fundamental shift in how the defense industrial base secures the supply chain supporting national security. Guest: Bob Kolasky, SVP Critical Infrastructure at Exiger | Former Founding Director, CISA National Risk Management Center | 15 years shaping federal cybersecurity policy #CMMC #November10th #DefenseContracting #Cybersecurity #DFARS #CISA #SupplyChainSecurity #DIB #ComplianceDeadline #NationalSecurity

    56 min
  8. Beyond Big Cities: Understanding Cybersecurity in Mid-Sized Communities | with Lars Kruse

    10/21/2025

    Beyond Big Cities: Understanding Cybersecurity in Mid-Sized Communities | with Lars Kruse

    When we think about cybersecurity, images of tech giants and major financial centers come to mind—but what about the towns where most of us actually live? This SecureTalk episode with cybersecurity researcher Lars Kruse explores an often-overlooked question: how do communities of 20,000-100,000 residents protect themselves in an increasingly digital world? Host Justin Beals and Kruse, who studies at Sweden's Defense University, discuss the practical realities of implementing cybersecurity in resource-constrained environments. Through his research on over 600 European municipalities and validation interviews with consultants and administrators, Kruse reveals fascinating insights about the gap between written policies and daily operations. The conversation opens with a real-world incident from Germany where 72 towns simultaneously lost access to their IT systems—not through sophisticated hacking, but through preventable security oversights. This case study illustrates why understanding operational security matters just as much as regulatory compliance. Key topics explored include: - How mid-sized communities differ from "smart cities" in their security approach - The balance between regulatory requirements like GDPR, NIS2, and DORA - Why employee training consistently ranks as the most critical security investment - Practical frameworks for managing third-party technology vendors - The role of political leadership in prioritizing cybersecurity budgets - How research institutions contribute to better security policies Kruse shares optimistic findings too: many organizations already practice good security fundamentals—they just need guidance connecting their existing processes to compliance requirements. The episode emphasizes that cybersecurity isn't about expensive technology alone; it's about building resilient practices that protect community services and citizen data. Perfect for professionals in public administration, IT management, business operations, or anyone curious about how digital security works beyond headlines. This conversation offers practical knowledge about protecting the digital infrastructure we all depend on daily. SecureTalk features conversations with experts shaping the future of cybersecurity and compliance, hosted by Justin Beals, CEO of Strike Graph. #Cybersecurity #PublicSector #DigitalSecurity #CommunityResilience #SecurityEducation #DataPrivacy #TechPolicy #LocalGovernment #CyberAwareness #ITSecurity

    52 min
See All (245)

4.8
out of 5
39 Ratings

About

Secure Talk reviews the latest threats, tips, and trends on security, innovation, and compliance. Host Justin Beals interviews leading privacy, security and technology executives to discuss best practices related to IT security, data protection and compliance. Based in Seattle, he previously served as the CTO of NextStep and Koru, which won the 2018 Most Impactful Startup award from Wharton People Analytics. He is the creator of the patented Training, Tracking & Placement System and the author of “Aligning curriculum and evidencing learning effectiveness using semantic mapping of learning assets,” published in the International Journal of Emerging Technologies in Learning (iJet). Justin earned a BA from Fort Lewis College.

Information

  • Creator
    Justin Beals
  • Years Active
    2018 - 2026
  • Episodes
    245
  • Rating
    Clean
  • Copyright
    © All rights reserved
  • Show Website
    Secure Talk Podcast

You Might Also Like