Inside State Cyber Defense: Whole-of-State Security with Alabama's Daniel Urquhart and Chad Smith
Cyber Focus
State and local governments are stepping up to defend critical services against fast-evolving cyber threats. In this episode of Cyber Focus, Alabama’s top IT leaders show how they’re staying ahead of the curve. They explain how a hybrid, highly decentralized environment forces them to lean on shared standards, SLCGP funding, and whole-of-state partnerships. Along the way, they unpack a recent incident that came dangerously close to crisis and what it revealed about tools, visibility, and trust. They also look ahead to AI-enabled attacks, deepfakes, and “distortion,” and why automation...
info_outline
The Hidden Dangers in Your Supply Chain with SecurityScorecard's Aleksandr Yampolskiy
Cyber Focus
SecurityScorecard CEO Aleksandr Yampolskiy joins Cyber Focus to warn that third-party risk is now the dominant cybersecurity epidemic. With just 150 companies responsible for 90% of the global attack surface, a single compromise can ripple across sectors and continents. He and host Frank Cilluffo explore the cascading risks of software dependencies, fourth- and fifth-party exposure, and the challenges of shadow IT and shadow AI. Yampolskiy outlines where companies fall short on governance and calls for outcome-driven oversight, not just busywork. They also discuss how AI can be both a...
info_outline
CVE at a Crossroads: Global Standards, Local Failures, and What Comes Next with Nick Leiserson
Cyber Focus
Cybersecurity veteran joins Cyber Focus this week to break down critical governance gaps in the Common Vulnerabilities and Exposures (CVE) system and what’s at stake if they’re not fixed. He and host Frank Cilluffo explore the risks of global fragmentation, the lingering fallout from the F5 breach, and why policy tools like Executive Order 14028 remain stalled. Leiserson warns that the U.S. court system faces an under-the-radar cyber crisis, and shares specific, actionable funding priorities Congress should tackle now. From software supply chain failures to operational coordination gaps,...
info_outline
Code Red: Breaking Down China’s Cyber Offensive—Volt, Salt, and Flax Typhoon
Cyber Focus
What do Volt Typhoon, Salt Typhoon, and Flax Typhoon reveal about China's cyber playbook? This episode of Cyber Focus breaks down a new McCrary Institute report on China’s advanced persistent threat campaigns—and what they mean for U.S. national security. Frank Cilluffo sits down with Mark Montgomery, Brad Medairy, and Bill Evanina to explain how China is embedding itself in American infrastructure, telecom, and data systems. They warn that Beijing is laying the groundwork for future conflict and that the U.S. response has been dangerously slow. The guests call for stronger deterrence,...
info_outline
Fuel, Force, and the Frontlines: Critical Infrastructure in Conflict with Chris Cleary
Cyber Focus
What if the easiest way to disrupt U.S. military operations isn’t with missiles—but by targeting fuel logistics? In this episode, Chris Cleary explains how civilian infrastructure has become a frontline in national defense. He and Frank Cilluffo discuss how adversaries exploit cyber vulnerabilities to slow military response, and why deterrence requires more than just rhetoric. They unpack the case for a dedicated Cyber Force, the suprising way Chris thinks it should be structured, and the challenges of coordinating across government and industry. With prepositioned threats like Volt...
info_outline
Cyber Force, ROI, and the Case for Reform with Ed Cardon & Josh Stiefel
Cyber Focus
Should the U.S. have a dedicated Cyber Force? In this episode, General Ed Cardon and Josh Stiefel examine persistent gaps in the nation’s cyber posture, from undefined mission boundaries to unclear return on billions in cyber spending. They explore the organizational tradeoffs, workforce realities, and coordination challenges that have stalled progress, despite years of warnings. With host Frank Cilluffo, they unpack what it would take to move beyond patchwork solutions. Main Topics Covered The failure of past “wake-up calls” to drive meaningful cyber reform Gaps in command,...
info_outline
Inside In-Q-Tel: Investing in America’s Cyber Future with Katie Gray
Cyber Focus
Katie Gray, a senior partner at In-Q-Tel, joins host Frank Cilluffo to pull back the curtain on the venture firm’s role in advancing U.S. national security through tech innovation. As head of In-Q-Tel’s cyber investment practice, Gray offers rare insight into the organization’s dual-use investment model, its evolving priorities, and the technologies it believes will define the next 25 years. They discuss how In-Q-Tel identifies emerging threats, evaluates startups, and bridges the gap between cutting-edge technology and urgent government needs. Topics include AI, quantum,...
info_outline
How Scammers Exploit Trust and FOMO: Kicking Off Cybersecurity Awareness Month with Lisa Plaggemier
Cyber Focus
Lisa Plaggemier, Executive Director of the National Cybersecurity Alliance, joins host Frank Cilluffo to discuss how public education can combat online scams, fraud, and cyber threats. With billions of campaign impressions and only a nine-person team, the Alliance focuses on motivating behavior change through creative, jargon-free outreach. Plaggemier explains how scams like pig butchering are orchestrated by organized crime and even nation-state actors—and why the U.S. needs a coordinated national response. The episode highlights the growing need for cross-sector data sharing, targeted...
info_outline
To the Point: The Under the Radar Risk of Letting Counter-Drone Authorities Expire with Matt Hayden
Cyber Focus
In this episode of Cyber Focus: To the Point, Frank Cilluffo sits down with Matt Hayden, former DHS official and current GDIT executive, to unpack the looming expiration of the Preventing Emerging Threats Act. Together, they explore the growing dangers posed by drones—from hobbyist disruptions to nation-state threats—and what’s at stake if Congress fails to reauthorize key counter-UAS authorities by October 1. Hayden explains why current authorities are essential for protecting the homeland and how they fall short when it comes to local law enforcement, airports, and evolving drone...
info_outline
Inside CISA Cuts, ODNI Shifts, and Spyware Threats with Federal News Network's Justin Doubleday
Cyber Focus
What happens when the federal cyber workforce shrinks just as threats are multiplying? In this episode, Federal News Network’s Justin Doubleday joins host Frank Cilluffo to unpack the turbulence facing government agencies. They examine the mass departures at CISA, the controversial firings under DHS’s Cyber Talent Management System, and the looming risks of dismantling ODNI’s cyber intelligence hub. Doubleday also shares a chilling story of how El Chapo’s cartel used spyware and hacked city cameras to compromise FBI operations in Mexico—underscoring the new reality of ubiquitous...
info_outlineWhat do Volt Typhoon, Salt Typhoon, and Flax Typhoon reveal about China's cyber playbook? This episode of Cyber Focus breaks down a new McCrary Institute report on China’s advanced persistent threat campaigns—and what they mean for U.S. national security. Frank Cilluffo sits down with Mark Montgomery, Brad Medairy, and Bill Evanina to explain how China is embedding itself in American infrastructure, telecom, and data systems. They warn that Beijing is laying the groundwork for future conflict and that the U.S. response has been dangerously slow. The guests call for stronger deterrence, better public awareness, and a renewed focus on the economic toll of cyber theft.
Main Topics Covered
- China’s long-term cyber threat strategy
- Volt Typhoon and infrastructure targeting
- Salt Typhoon and telecom espionage
- Flax Typhoon and persistent access
- Gaps in U.S. cyber deterrence
- Economic costs of IP theft
Relevant Links and Resources
McCrary Institute Typhoon Report
Booz Allen October 2025 China report
Key Quotes:
"Each year we can say the threat has grown. And I would say the leading driver of that growth in the cyber threat environment in the United States is China." — Mark Montgomery
"China is using cyberspace to project power. And as a nation, I think that we need to recognize this threat." — Brad Medairy (~05:50)
"Until people believe that [China’s cyber actions] matters to them, we're not going to get the kind of actions we need." — Mark Montgomery
“China[‘s] … offensive cyber tradecraft is going to be AI enabled. They're going to be able to deliver effects and capabilities at pace that we never imagined. — Brad Medairy
“I think the Chinese want not only us, but they want the world to know that they're inside… Xi wants… the world to know that he can do this.” — Bill Evanina
“We have to expeditiously get into place where we could harden ourselves so the railroad could work, the ports work, the electricity grids work. We're not ready. We're nowhere near ready.” — Bill Evanina
Guest Bios:
RADM Mark Montgomery (Ret.) is Senior Director of the Center on Cyber and Technology Innovation and a Senior Fellow at the Foundation for Defense of Democracies. He also serves as Executive Director of Cybersolarium.org, a nonprofit advancing the recommendations of the Cyberspace Solarium Commission, which he led from 2019 to 2021. Previously, he was Policy Director for the Senate Armed Services Committee under Senator John McCain, following a 32-year career as a nuclear-trained surface warfare officer in the U.S. Navy, retiring as a Rear Admiral in 2017.
Bill Evanina is the Founder and CEO of the Evanina Group, where he advises corporate boards and CEOs on strategic risk, counterintelligence, and national security threats. He served as the first Senate-confirmed Director of the National Counterintelligence and Security Center (NCSC), leading U.S. government efforts to defend against espionage and foreign influence. A 24-year FBI veteran, Evanina held senior roles in both counterintelligence and counterterrorism and previously led the CIA’s Counterespionage Group. He also chairs national and international security boards and is an instructor at the University of Chicago.
Brad Medairy is an Executive Vice President at Booz Allen Hamilton, where he leads the firm’s cybersecurity business and supports national-level clients including the FBI, DHS, DOD, U.S. Cyber Command, and the Intelligence Community. He focuses on protecting critical infrastructure, securing emerging technologies, and defending against advanced cyber threats. Medairy leads multidisciplinary teams that integrate AI, cloud, and cyber operations to deliver full-spectrum solutions. He has been recognized as a Top 50 Cybersecurity Leader and Cyber Executive of the Year, and holds degrees from UMBC and Johns Hopkins University.