 |
Secure Talk PodcastSecure Talk reviews the latest threats, tips, and trends on security, innovation, and compliance. Author: Justin Beals
Secure Talk reviews the latest threats, tips, and trends on security, innovation, and compliance. Host Justin Beals interviews leading privacy, security and technology executives to discuss best practices related to IT security, data protection and compliance. Based in Seattle, he previously served as the CTO of NextStep and Koru, which won the 2018 Most Impactful Startup award from Wharton People Analytics. He is the creator of the patented Training, Tracking & Placement System and the author of Aligning curriculum and evidencing learning effectiveness using semantic mapping of learning assets, published in the International Journal of Emerging Technologies in Learning (iJet). Justin earned a BA from Fort Lewis College. Language: en Genres: News, Tech News, Technology Contact email: Get it Feed URL: Get it iTunes ID: Get it |
Listen Now...
CMMC Is an HR Problem, Not an Enclave Problem — Here's the Proof
Episode 252
Tuesday, 5 May, 2026
The biggest cybersecurity failures in recent memory — Raytheon, Penn State, Georgia Tech — weren't caused by missing software. They were caused by the wrong people being assigned the wrong tasks, with no shared language to connect the rules to the work.This SecureTalk episode with Dorian Cougias (MoxyWolf, former Unified Compliance Framework CEO) is one of the most systems-level conversations we've had on the show. Dorian spent decades building the infrastructure that compliance programs run on — and he's now rebuilding it from scratch, in the open.What you'll hear:→ Why the compliance industry is structurally fragmented across three authority domains that don't communicate→ How Bloom's Taxonomy — a tool from education — maps directly to which compliance tasks belong to which roles→ Why the Oxford English Dictionary doesn't have "personal data" in it, and what that tells us about regulatory language→ The O*NET framework and why the Department of Labor might be the most underused tool in cybersecurity→ Shannon's entropy theory, applied to compliance and cognitive load→ A new open-source STIG API infrastructure that StrikeGraph is integrating as a launch partnerWhether you're deep in the compliance trenches or just fascinated by how complex systems fail — and how to redesign them — this is worth your time.🔗 strikegraph.com | stigviewer.comChapters:00:00 Introduction and Background02:43 Exploring Compliance and Natural Language Processing05:15 Military Experience and Signal Intelligence08:01 Cognitive Load and Compliance Frameworks10:49 The Importance of Language in Compliance13:39 The Evolution of Dictionaries and Lexicons16:16 Bridging Gaps in Compliance Communication18:47 Innovations at MoxieWolf and Future Directions22:04 Mapping Skills and Regulatory Guidelines25:05 Job Applicability and Knowledge Requirements28:02 The Importance of O*NET in Cybersecurity29:21 Challenges in CMMC Compliance33:23 The Role of Technology in Compliance35:38 Horizontal Practices in Compliance38:15 Building Effective Teams for Compliance42:21 Introduction to Compliance Failures45:19 The Human Element in Compliance48:10 Navigating Compliance Complexity with Technology48:57 Introduction to Cybersecurity Compliance Challenges54:09 The Role of People in Compliance Success56:01 Guest Introduction: Dorian Cougas01:00:48 Exploring Bloom's Taxonomy in Compliance01:05:48 The Importance of Shared Lexicons01:09:32 Navigating Compliance with Technology01:15:11 MoxieWolf's Approach to Compliance01:20:49 The Interconnectedness of Compliance Tasks01:27:51 Real-World Compliance Challenges01:33:57 Building Effective Teams for Compliance#Cybersecurity #ComplianceCulture #CMMC #HumanFactors #GRC #TechPolicy #SecureTalk
