The Big Blog

Cybercrime no longer resembles a loose collection of isolated actors and ad-hoc attacks. As discussed in a recent episode of Bourbon & Bytes , it operates as a mature underground economy —complete with specialization, marketplaces, service models, and increasingly sophisticated use of artificial intelligence. In this episode, Terry McGraw, CEO of Cape Endeavors, sits down with Rebecca Taylor, Threat Intelligence Knowledge Manager and Researcher at Sophos, to unpack how cyberc

The 2025 U.S. National Security Strategy  released in November is explicit about how the United States now defines security. It rejects vague aspirations and instead focuses on “a concrete, realistic plan that explains the essential connection between ends and means.” That clarity has consequences for defense contractors, technology providers, manufacturers, and cybersecurity leaders, because the strategy repeatedly makes clear that national power depends on economic strength

Understanding Annual and Triennial Assessment Requirements The Cybersecurity Maturity Model Certification (CMMC) program establishes standardized requirements for assessing and validating the cybersecurity posture of organizations within the Defense Industrial Base (DIB). Despite the formalization of the program in regulation, confusion remains regarding when a self-assessment is sufficient and when an independent assessment conducted by a Certified Third-Party Assessment Org

Featuring insights from former U.S. Attorney Zach Terwilliger on Bourbon & Bytes CMMC Compliance has officially entered a new era—one where cybersecurity claims aren’t merely checked for accuracy, but examined with prosecutorial intensity. In a recent episode of Bourbon & Bytes , Terry McGraw sat down with Zach Terwilliger , Managing Partner of Vinson & Elkins’ Washington, D.C. office and former U.S. Attorney for the Eastern District of Virginia, to unpack a sobering reality:

Why Self-Built CMMC Enclaves Fail In the world of defense contracting, achieving compliance with the Cybersecurity Maturity Model Certification (CMMC) is essential for handling Controlled Unclassified Information (CUI). A key component in this process is the CMMC enclave—a secure, isolated environment designed to protect CUI from unauthorized access and cyber threats. However, many organizations, particularly small and medium-sized enterprises (SMEs), opt to build their own C

In our latest Bourbon & Bytes  episode, Mackenzie Eaglen laid out a reality that too few people in the Defense Industrial Base (DIB) are willing to confront: China’s real military investment isn’t just large—it likely eclipses U.S. spending, potentially reaching $1 trillion annually. And a disturbing portion of that advantage comes not from innovation… …but from us . Specifically: from stolen U.S. data, U.S. designs, U.S. R&D, and U.S. intellectual property siphoned out of

Insights from Terry McGraw (CEO, Cape Endeavors) & Clark Rahman (Associate Director, PNG Cyber) Cyber Defense isn’t just about tools and dashboards — it’s about mindset. During a recent EC-Council fireside chat, Army veterans Terry McGraw and Clark Rahman unpacked how military experience directly strengthens today’s Cyber Defense mission. No slides. No buzzword bingo. Just two veterans who’ve operated in both worlds: combat zones and corporate networks. Cyber Defense as a War

In the defense and national-security world, few compliance topics create more confusion—or more unintentional violations—than Controlled Unclassified Information (CUI) and the International Traffic in Arms Regulations (ITAR). Both involve sensitive information. Both impose strict requirements. Both can burn your organization to the ground if mishandled.