Inside State Cyber Defense: Whole-of-State Security with Alabama's Daniel Urquhart and Chad Smith
Cyber Focus
State and local governments are stepping up to defend critical services against fast-evolving cyber threats. In this episode of Cyber Focus, Alabama’s top IT leaders show how they’re staying ahead of the curve. They explain how a hybrid, highly decentralized environment forces them to lean on shared standards, SLCGP funding, and whole-of-state partnerships. Along the way, they unpack a recent incident that came dangerously close to crisis and what it revealed about tools, visibility, and trust. They also look ahead to AI-enabled attacks, deepfakes, and “distortion,” and why automation...
info_outline
The Hidden Dangers in Your Supply Chain with SecurityScorecard's Aleksandr Yampolskiy
Cyber Focus
SecurityScorecard CEO Aleksandr Yampolskiy joins Cyber Focus to warn that third-party risk is now the dominant cybersecurity epidemic. With just 150 companies responsible for 90% of the global attack surface, a single compromise can ripple across sectors and continents. He and host Frank Cilluffo explore the cascading risks of software dependencies, fourth- and fifth-party exposure, and the challenges of shadow IT and shadow AI. Yampolskiy outlines where companies fall short on governance and calls for outcome-driven oversight, not just busywork. They also discuss how AI can be both a...
info_outline
CVE at a Crossroads: Global Standards, Local Failures, and What Comes Next with Nick Leiserson
Cyber Focus
Cybersecurity veteran joins Cyber Focus this week to break down critical governance gaps in the Common Vulnerabilities and Exposures (CVE) system and what’s at stake if they’re not fixed. He and host Frank Cilluffo explore the risks of global fragmentation, the lingering fallout from the F5 breach, and why policy tools like Executive Order 14028 remain stalled. Leiserson warns that the U.S. court system faces an under-the-radar cyber crisis, and shares specific, actionable funding priorities Congress should tackle now. From software supply chain failures to operational coordination gaps,...
info_outline
Code Red: Breaking Down China’s Cyber Offensive—Volt, Salt, and Flax Typhoon
Cyber Focus
What do Volt Typhoon, Salt Typhoon, and Flax Typhoon reveal about China's cyber playbook? This episode of Cyber Focus breaks down a new McCrary Institute report on China’s advanced persistent threat campaigns—and what they mean for U.S. national security. Frank Cilluffo sits down with Mark Montgomery, Brad Medairy, and Bill Evanina to explain how China is embedding itself in American infrastructure, telecom, and data systems. They warn that Beijing is laying the groundwork for future conflict and that the U.S. response has been dangerously slow. The guests call for stronger deterrence,...
info_outline
Fuel, Force, and the Frontlines: Critical Infrastructure in Conflict with Chris Cleary
Cyber Focus
What if the easiest way to disrupt U.S. military operations isn’t with missiles—but by targeting fuel logistics? In this episode, Chris Cleary explains how civilian infrastructure has become a frontline in national defense. He and Frank Cilluffo discuss how adversaries exploit cyber vulnerabilities to slow military response, and why deterrence requires more than just rhetoric. They unpack the case for a dedicated Cyber Force, the suprising way Chris thinks it should be structured, and the challenges of coordinating across government and industry. With prepositioned threats like Volt...
info_outline
Cyber Force, ROI, and the Case for Reform with Ed Cardon & Josh Stiefel
Cyber Focus
Should the U.S. have a dedicated Cyber Force? In this episode, General Ed Cardon and Josh Stiefel examine persistent gaps in the nation’s cyber posture, from undefined mission boundaries to unclear return on billions in cyber spending. They explore the organizational tradeoffs, workforce realities, and coordination challenges that have stalled progress, despite years of warnings. With host Frank Cilluffo, they unpack what it would take to move beyond patchwork solutions. Main Topics Covered The failure of past “wake-up calls” to drive meaningful cyber reform Gaps in command,...
info_outline
Inside In-Q-Tel: Investing in America’s Cyber Future with Katie Gray
Cyber Focus
Katie Gray, a senior partner at In-Q-Tel, joins host Frank Cilluffo to pull back the curtain on the venture firm’s role in advancing U.S. national security through tech innovation. As head of In-Q-Tel’s cyber investment practice, Gray offers rare insight into the organization’s dual-use investment model, its evolving priorities, and the technologies it believes will define the next 25 years. They discuss how In-Q-Tel identifies emerging threats, evaluates startups, and bridges the gap between cutting-edge technology and urgent government needs. Topics include AI, quantum,...
info_outline
How Scammers Exploit Trust and FOMO: Kicking Off Cybersecurity Awareness Month with Lisa Plaggemier
Cyber Focus
Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance, joins host Frank Cilluffo to discuss how public education can combat online scams, fraud, and cyber threats. With billions of campaign impressions and only a nine-person team, the Alliance focuses on motivating behavior change through creative, jargon-free outreach. Plaggemier explains how scams like pig butchering are orchestrated by organized crime and even nation-state actors—and why the U.S. needs a coordinated national response. The episode highlights the growing need for cross-sector data sharing, targeted...
info_outline
To the Point: The Under the Radar Risk of Letting Counter-Drone Authorities Expire with Matt Hayden
Cyber Focus
In this episode of Cyber Focus: To the Point, Frank Cilluffo sits down with Matt Hayden, former DHS official and current GDIT executive, to unpack the looming expiration of the Preventing Emerging Threats Act. Together, they explore the growing dangers posed by drones—from hobbyist disruptions to nation-state threats—and what’s at stake if Congress fails to reauthorize key counter-UAS authorities by October 1. Hayden explains why current authorities are essential for protecting the homeland and how they fall short when it comes to local law enforcement, airports, and evolving drone...
info_outline
Inside CISA Cuts, ODNI Shifts, and Spyware Threats with Federal News Network's Justin Doubleday
Cyber Focus
What happens when the federal cyber workforce shrinks just as threats are multiplying? In this episode, Federal News Network’s Justin Doubleday joins host Frank Cilluffo to unpack the turbulence facing government agencies. They examine the mass departures at CISA, the controversial firings under DHS’s Cyber Talent Management System, and the looming risks of dismantling ODNI’s cyber intelligence hub. Doubleday also shares a chilling story of how El Chapo’s cartel used spyware and hacked city cameras to compromise FBI operations in Mexico—underscoring the new reality of ubiquitous...
info_outlineIn this episode of Cyber Focus, Frank Cilluffo is joined by Brad Medairy, Executive Vice President at Booz Allen Hamilton, and Dave Forbes, who leads Cyber Physical Defense for the firm. Together, they unpack their joint report with the McCrary Institute, Anchored in Zero Trust, examining the cybersecurity vulnerabilities of U.S. ports. The conversation explores China’s cyber activities, the significance of Volt Typhoon, and the risks posed by Chinese-made cranes operating at American ports. They highlight how economic and national security intersect at ports, the unique challenges of operational technology (OT), and why zero trust must become more than a buzzword. The discussion also looks ahead at how critical infrastructure sectors can harden defenses, reduce tech debt, and build resilience against persistent adversaries.
Main Topics Covered
- China-linked cyber threats to U.S. ports.
- Risks from Chinese-made cranes; ports as a “one connected battle space.”
- OT basics: know your assets, segment networks, lock down vendor access.
- Zero Trust for OT: assume breach, pilot fast, scale what works.
- Why port disruptions matter: major economic ripple effects; plan and drill.
- What’s next: adversarial AI and stronger public-private collaboration.
Key Quotes
“Our adversary doesn't see the United States infrastructure environment as a Department of Defense, [or] as a global economy, [or] as a Department of Transportation. They see one connected battle space with a great number of… seams that they want to exploit.” – Dave Forbes
“There's no real intelligence value in terms of what [China was] doing [with Volt Typhoon]. They were pre-staging capabilities in the US critical infrastructure. And the only real explanation is to achieve some sort of potential future kinetic effect.” – Brad Medairy
“It doesn't need to be a devastating attack. It needs to be a disruption. It needs to be a distraction. It needs to be something that we're worried about… throwing things off balance on our economy and national security posture. – Dave Forbes
“Our adversaries don't look at our nation in isolation… They look at our nation as one holistic battle space... So if we flip that… I'm not sure any of us can solve this problem alone, but together we're stronger. – Brad Medairy
“[W]e’ve been able to remediate [Volt Typhoon] in certain cases… That was just step one. This is going to be forever… it’s going to be a game of cat and mouse for years to come.” – Brad Medairy
Relevant Links and Resources
- Booz Allen Hamilton Cybersecurity
- Anchored in Zero Trust: Report 'Fast Facts'
- Anchored in Zero Trust: Full Report
Guest Bios
Brad Medairy is an Executive Vice President at Booz Allen, where he leads the firm’s cyber practice. He is also a Senior Fellow at the McCrary Institute for Cyber and Critical Infrastructure Security, co-leading research efforts on China and cyber threats.
Dave Forbes leads Cyber Physical Defense at Booz Allen and was a primary contributor to the Anchored in Zero Trust report. His work focuses on bridging physical and cyber domains to strengthen critical infrastructure protection.