The Bourbon & Bytes Podcast

Cybercrime has become global business, operating at scale across borders and industries. In this episode of Bourbon & Bytes, host Terry McGraw, CEO of Cape Endeavors, is joined by Rebecca Taylor, Threat Intelligence Knowledge Manager and Researcher at Sophos, for an in-depth discussion on how the dark web, AI deepfakes, and human behavior are reshaping the modern cyber threat landscape. The conversation explores how cybercrime has evolved into a mature underground economy, including ransomware-as-a-service, initial access brokers, credential marketplaces, and AI-enabled social engineering. Rebecca shares firsthand insights from human intelligence research on the dark web, revealing the community dynamics, anonymity, and moral gray areas that fuel cybercriminal activity. They also examine how AI and deepfake technology are accelerating fraud, enabling real-time impersonation attacks, and lowering the barrier to entry for cybercrime—while defenders struggle to keep pace. The episode closes with a critical discussion on mentorship, diversity in cybersecurity, and why preventing young people from turning to cybercrime is becoming a national and global priority. This episode is essential viewing for professionals in cybersecurity, threat intelligence, risk management, compliance, legal, IT leadership, and anyone seeking to understand where cyber threats are headed next. *About Rebecca* Rebecca Taylor is a Threat Intelligence Knowledge Manager and Researcher at @SophosCybersecurity, known for her work in dark web and human intelligence research. She is widely recognized for building cybersecurity communities—particularly supporting women in cyber—through initiatives such as Cyber Agony Aunts (https://cyberagonyaunts.co.uk/), mentoring, public speaking, and published work. Rebecca has been acknowledged across the industry for her contributions, most recently winning Security Woman of the Year at the Computing Security Excellence Awards 2024. Her career journey from administrative roles into threat intelligence highlights the value of non-traditional backgrounds in cybersecurity, with a strong focus on making complex cyber threats understandable and building support systems for professionals across the industry. *Chapters* 00:00 – Introduction to the Dark Web, AI, and Cybercrime 02:10 – Rebecca Taylor’s Path from Creative Writing to Cyber Threat Intelligence 05:05 – Why Non-Technical Backgrounds Matter in Cybersecurity 07:30 – Mentorship, Sponsorship, and Career Pivots in Cyber 11:45 – What Human Intelligence on the Dark Web Really Looks Like 14:30 – The Community Side of the Dark Web (and Why It’s Dangerous) 17:40 – Cybercrime as an Underground Economy 20:15 – Ransomware-as-a-Service and Initial Access Brokers 23:10 – How Threat Actors Navigate the Dark Web 26:45 – Moral Codes Inside Cybercrime Communities 29:40 – Encrypted Platforms, Telegram, and Mainstream Migration 33:20 – AI, Deepfakes, and the Next Wave of Cyber Fraud 37:00 – Why Young People Are Turning to Cybercrime 40:10 – Diversity, Mentorship, and Building the Cyber Workforce 44:15 – The Future of Cyber Threats and What Comes Next 47:10 – Final Thoughts on Resilience and Burnout in Cybersecurity #Cybersecurity #CyberThreats #DarkWeb #AIDeepfakes #CyberCrime #ThreatIntelligence #HumanIntelligence #CyberRisk #CyberDefense #Ransomware #SocialEngineering #CyberAwareness #WomenInCyber #CyberLeadership #Mentorship #CyberCareers #BourbonAndBytes #CapeEndeavors #Sophos

In this episode of Bourbon & Bytes, host Terry McGraw of Cape Endeavors is joined by Dr. Erica Lonergan, an Assistant Professor at Columbia University and a nationally recognized expert in cybersecurity, cyber warfighting, and U.S. cyber force development. She previously served at West Point, the Army Cyber Institute, and as a Senior Director on the U.S. Cyberspace Solarium Commission. Dr. Lonergan was a lead writer of the 2023 Department of Defense Cyber Strategy and co-author of _Building the Future U.S. Cyber Force: What Right Looks Like_. Drawing on her experience at West Point, U.S. Cyber Command, the Cyberspace Solarium Commission, and the Department of Defense, Dr. Lonergan explains why cyber operations rarely escalate to armed conflict—and why that doesn’t make them any less dangerous. The conversation explores how cyber espionage and intellectual property theft have reshaped great-power competition, accelerated China’s military capabilities, and quietly eroded U.S. advantage. Key topics include: ➡️ Why nuclear deterrence models fail in cyberspace ➡️ Cyber espionage as a leading indicator of U.S.–China competition ➡️ The hidden national security costs of weak DIB cybersecurity ➡️ Why CMMC-style compliance is painful—but necessary ➡️ The case for creating a dedicated U.S. Cyber Force ➡️ Culture, readiness, and retention challenges in cyber warfighting This episode is essential viewing for defense contractors, policymakers, cybersecurity leaders, and anyone concerned with how cyber power actually works—below the threshold of war, but above the threshold of neglect. Subscribe for more conversations at the intersection of cybersecurity, national defense, policy, and CMMC Compliance. #CyberSecurity #CyberWarfare #USCyberForce #CyberStrategy #NationalSecurity #CyberCommand #DoD #ChinaCyber #DefenseIndustrialBase #CyberPolicy #BourbonAndBytes #BourbonAndBytes #CyberPodcast #SecurityStudies #CMMC #CMMCCompliance

In this episode of Bourbon & Bytes, Terry McGraw sits down with Zach Terwilliger, Managing Partner of Vinson & Elkins’ Washington, D.C. office and former U.S. Attorney for the Eastern District of Virginia — one of the most cyber-heavy federal districts in the country. Zach brings rare, dual-sided insight: decades inside the Department of Justice, including senior leadership roles overseeing criminal matters, and now leading one of the nation’s top government investigations and white-collar defense practices. Together, Terry and Zach unpack one of the most misunderstood but dangerous forces bearing down on government contractors today: The False Claims Act and DOJ’s Civil Cyber-Fraud Initiative. They cover: How the False Claims Act really works — and why it creates extinction-level financial risk for unprepared contractors. The rising wave of whistleblower (qui tam) complaints targeting SPRS scores, NIST 800-171 compliance, and CMMC assertions. Why CIDs (Civil Investigative Demands) can cost millions before a case even begins — and why companies should never face one without experienced counsel. How DOJ decides whether a case stays civil or becomes criminal. The growing priority on procurement fraud, cyber misrepresentation, and compliance failures across the Defense Industrial Base. Practical steps leaders should take now to avoid FCA exposure — and the three things you must do immediately if a CID shows up. Zach also shares what DOJ’s current administration is signaling, why whistleblowers are a powerful and unstoppable pipeline for new cases, and how AI will reshape both compliance and risk. Whether you’re in the DIB, a federal contractor, counsel, CISO, or anyone navigating government cybersecurity obligations — this is required listening. Chapters / Timestamps 00:00 – Introduction 01:00 – Zach’s DOJ Background 03:10 – What the False Claims Act Really Is 06:00 – Why FCA Penalties Are Devastating 08:30 – When Civil Becomes Criminal 10:50 – Whistleblowers: The Hidden Engine Behind DOJ Cases 13:00 – The CID: The Letter That Can Bankrupt You 16:00 – Can You Just Pay the Penalty and Move On? 18:15 – How to Choose the Right Law Firm 20:40 – Is DOJ Increasing FCA Enforcement? 22:55 – The Cyber Fraud Initiative Explained 25:15 – Why CMMC & SPRS Scores Are FCA Landmines 27:45 – How to Avoid Becoming an FCA Target 29:40 – What To Do If a CID Hits Your Company 32:20 – What’s Next in White Collar & Cyber Enforcement 34:50 – The Executive Blind Spot: Cyber vs. Finance Oversight 36:15 – The Role of AI in Compliance & New Risks 37:15 – Closing Thoughts *About Cape Endeavors* Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can achieve rapid compliance with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more: www.capeendeavors.com *About Zach Terwilliger* Zachary (“Zach”) Terwilliger, a highly ranked Chambers white collar practitioner and the former Senate confirmed United States Attorney for the Eastern District of Virginia, has both extensive experience in the trenches of all manner of complex investigations at the Department of Justice as well as in the private sector. Those frontline skills combine with his mastery of strategy, problem solving, and crisis management—skills honed by prosecuting multi-national complex cases and then serving in the highest levels of the Department of Justice and leading one of the most prominent U.S. Attorney’s Offices in the country. Over the past years in private practice, Zach has rapidly advanced from a former government official to serving as go-to counsel on a series of complex and high profile representations. His matters, which involve top corporate clients as well as C suite executives and other prominent officials, have been recognized by his peers and the market, where after just four years in private practice Zach has been recognized as part of the Global Investigations Review 100, The Best Lawyers in America for False Claims Act, and as part of The 500 Leading Litigators in America and The 500 Leading Cybersecurity Lawyers in the World by Lawdragon, as well as the previously mentioned Chambers USA, where he is now ranked with those who are a decade or more his senior. Zach rounds out his extensive executive branch and private practice Washington experience by having served as Associate Deputy Attorney General and Chief of Staff to the Deputy Attorney General, whose office manages the entire Department of Justice and its various agencies, and as counsel to the Chair of the Senate Judiciary Committee. #cmmc #cmmccompliance #whistleblower #DOJwhistleblower #DOJ #cyberfraudinitiative #falseclaims #falseclaimsact #nist800171 #nist800171compliance #governmentinvestigations #DIBcybersecurity #CMMCenforcement2025 #cmmcenclave #capeendeavors #podcast

In this episode of *Bourbon & Bytes*, Terry McGraw sits down with one of the sharpest minds in American defense policy: Mackenzie Eaglen, senior fellow at the American Enterprise Institute and chair of the National Commission on the Future of the U.S. Navy. This is a blunt, unvarnished conversation about the hard truths shaping America’s national security posture — and the uncomfortable vulnerabilities the public rarely hears about. Chapters 00:00 – Intro 01:00 – Mackenzie’s path into defense policy 05:00 – The “managed decline” of the U.S. defense industrial base 12:00 – Why America keeps running out of munitions 18:00 – China as a true strategic competitor 24:00 – China’s real military budget — and why it dwarfs ours 29:00 – Critical minerals, supply chains, and global influence 31:00 – Defense affordability, audits, and personnel issues 36:00 – Advice for young professionals entering national security 39:30 – ClosingChapters *Mackenzie pulls back the curtain on:* *The 30-year decline of the U.S. defense industrial base* Why America’s “peace dividend” mindset hollowed out production lines, shrank surge capacity, and left the U.S. dangerously thin on munitions — even in short conflicts. *How the U.S. ran out of key munitions in multiple recent operations* And why rebuilding depth isn’t a 6-month sprint… it’s a multi-year climb. *China’s trillion-dollar military machine* How China quietly surpasses U.S. spending when you include espionage, subsidies, market-manipulation, and global resource control — and why the era of calling China a “near-peer” is over. *Strategic insolvency, fragile supply chains, and the consequences of outsourcing* From critical minerals to microelectronics, Mackenzie explains how the West traded resiliency for efficiency — and how Beijing exploited every inch of that mistake. *A message to the next generation* Mackenzie shares candid advice for young professionals — especially women — who want to build careers in national security, and why fresh thinking is desperately needed. This isn’t a doom-and-gloom session — it’s a sober assessment from one of the most respected defense strategists in the U.S. paired with a pragmatic discussion about where the U.S. must go next. If you care about America’s security, the defense industrial base, or the geopolitical knife-fight with China, this is an episode you do not want to miss. Chapters 00:00 – Intro 01:00 – Mackenzie’s path into defense policy 05:00 – The “managed decline” of the U.S. defense industrial base 12:00 – Why America keeps running out of munitions 18:00 – China as a true strategic competitor 24:00 – China’s real military budget — and why it dwarfs ours 29:00 – Critical minerals, supply chains, and global influence 31:00 – Defense affordability, audits, and personnel issues 36:00 – Advice for young professionals entering national security 39:30 – Closing *About Mackenzie Eaglen* Mackenzie Eaglen is a senior fellow at the American Enterprise Institute (AEI), where she works on defense strategy, defense budgets, and military readiness. She is also a regular guest lecturer at universities, a member of the board of advisers of the Alexander Hamilton Society, and a member of the steering committee of the Leadership Council for Women in National Security. *Mackenzie's Highlighted Work:* Keeping Up with the Pacing Threat: Unveiling the True Size of Beijing’s Military Spending https://www.aei.org/research-products/report/keeping-up-with-the-pacing-threat-unveiling-the-true-size-of-beijings-military-spending/ *Beyond Monopsony: Pentagon Reform in the Information Age* https://www.aei.org/research-products/report/beyond-monopsony-pentagon-reform-in-the-information-age/ *The Paradox of Scarcity in a Defense Budget of Largesse* https://www.aei.org/research-products/report/the-paradox-of-scarcity-in-a-defense-budget-of-largesse/ #NationalSecurity #DefenseIndustrialBase #ChinaThreat #USMilitary #DefensePolicy #MilitaryReadiness #DefenseBudget #AEI #Geopolitic #MilitaryStrategy #AmericanDefense #DefenseTechnology #SupplyChainSecurity #ForeignPolicy

In this episode of Bourbon & Bytes, Cape Endeavors CEO Terry McGraw sits down with Alexandra Rose, Director of Government Partnerships & CTU Threat Research at Sophos - formerly SecureWorks. Alex brings a rare perspective: NSA-trained linguist, Air Force veteran, federal civilian analyst, interagency team builder, and now one of the most trusted voices in commercial threat intelligence. They dig into the uncomfortable truth most organizations avoid: Ransomware is obvious. China isn’t. And the quiet stuff is the part that can break a country. What You’ll Learn - How China shifted from IP theft to infiltrating the infrastructure that determines trust - Why pre-positioning matters — and how chaos, not data theft, is the real endgame - How commercial threat intel operates without government budgets or authorities - The difference between opportunistic ransomware crews and persistent nation-state operators - Why public-private partnerships are finally working — and the mindset shift that made it possible - Why basic security (MFA, patching, monitoring) still shuts down most real-world attacks - The uncomfortable role AI plays in shaping a population’s perception of truth - Why “incremental progress” in cybersecurity beats big-bang silver bullet thinking every time About Alexandra Rose Alex has spent her career connecting dots across intelligence, geopolitics, cybercrime, and nation-state operations. Today she helps lead Sophos’ government partnerships and threat research efforts, turning global threat activity into actionable intelligence for defenders around the world. About Bourbon & Bytes Hosted by Terry McGraw, retired U.S. Army Lt. Colonel and former senior leader at NETCOM, Army Cyber Command, and the NSA — now CEO of Cape Endeavors, a CMMC compliance and secure enclave provider for the Defense Industrial Base. Every episode mixes candid conversation, real-world cyber stories, and insights from the leaders shaping national security. #ThreatIntelligence #NationStateThreats #CyberDefense #ChinaCyberThreat #Geopolitics #NationalSecurity

In this episode of *Bourbon & Bytes*, Cape Endeavors CEO Terry McGraw sits down with Justin Turner, Principal Group Manager for Microsoft Security, to explore how AI is transforming cybersecurity — and how defenders can adapt. From his early days as an Army signal officer to leading Microsoft’s Defender Experts team, Turner shares how his journey shaped his approach to modern threat defense. Together, he and McGraw unpack some of today’s most critical security topics: 🔹 Why Microsoft made security its top cultural priority 🔹 How AI is reshaping analyst workflows (and threat actor tactics) 🔹 The enduring power of “basic” attack vectors like phishing 🔹 The rise of nation-state cyber activity and data exfiltration risks 🔹 What quantum-enabled AI could mean for the future of encryption 🔹 Why curiosity — not credentials — remains the most valuable skill in cybersecurity Whether you’re a CISO, SOC analyst, or security practitioner, this conversation offers a candid look at where the industry is headed — and what it will take to stay ahead. 📺 Watch more episodes: youtube.com/@CapeEndeavors 🔔 Subscribe for expert discussions on CMMC compliance, secure enclaves, and cyber readiness. Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #Cybersecurity #AIinCyberDefense #MicrosoftSecurity #CapeEndeavors #BourbonAndBytes #CMMC #DefenderExperts #CyberThreats #QuantumSecurity #SOC #AIinSecurity

When a cyber crisis hits, the difference between chaos and recovery often comes down to preparation, leadership, and clear communication. In this episode of *Bourbon & Bytes*, Cape Endeavors CEO Terry McGraw sits down with Tony Kirtley, Global Leader of IBM’s X-Force Incident Response, to share hard-won lessons from some of the world’s largest cyber incidents. They emphasize the need for organizations to have robust incident response plans, effective communication strategies, and the role of incident commanders in managing crises. The conversation also highlights the significance of understanding business risks, especially in relation to supply chains and data breaches, and the necessity of practicing response strategies to mitigate emotional responses during incidents. *Chapters* 00:00 Introduction to Incident Response and Cybersecurity 02:35 The Evolving Threat Landscape 07:10 Common Pitfalls in Incident Response 10:36 The Importance of Preparedness and Planning 13:22 Internal and External Communication Strategies 17:29 The Financial Implications of Data Breaches 24:59 The Emotional Impact of Cyber Incidents 30:32 The Role of Incident Commanders 33:51 Maturing Incident Response Programs 39:42 Data Management and Backup Strategies 41:00 Understanding the Grief Cycle in Crisis Management 🔎 *What you’ll learn*: ✅ The top attack vectors that still dominate breaches today ✅ Why asset management and privilege access remain weak points ✅ How AI is (and isn’t) changing the threat landscape ✅ The role of incident commanders in high-stakes ransomware cases ✅ The “grief cycle” of cyber breaches and how leaders can push their teams to acceptance faster ✅ Practical steps executives should take before the worst day happens If you’re in cybersecurity, leadership, or risk management, this conversation is packed with insights that can help your organization prepare, respond, and recover. 👉 Subscribe for more expert conversations on cybersecurity, compliance, and leadership from the frontlines. Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #IncidentResponse #Cybersecurity #CMMC #DataBreach #IBM #BourbonAndBytes

In this Bourbon & Bytes conversation, Terry McGraw of Cape Endeavors sits down with Koren Wise, founder of Wise Technical Innovations and a C3PAO with hands-on experience guiding defense contractors through CMMC. Koren shares how she got started in IT, why she became an early believer in CMMC, and the hard truths she sees every day when companies think they’re ready for an assessment but aren’t. From scoping mistakes to relying on the wrong MSP, she explains why so many defense contractors stumble — and what separates those who pass from those who don’t. If your business handles Controlled Unclassified Information (CUI) and you’re aiming for CMMC Level 2 compliance, this episode is packed with practical lessons you won’t want to miss. *Practical Guidance for CMMC Readiness* *Boundaries are Essential* CMMC is highly technical. You need real network and systems engineering expertise to build proper boundaries around CUI. Thinking “cloud replaces boundaries” is a major misconception. *Scoping Mistakes are Common* Many contractors don’t understand how scoping really works. If a laptop is used to view CUI, it’s in scope unless protected by an authorized VDI. Failing to scope properly pulls in devices and networks you may not expect. *Training Matters* Companies often show up for assessments without anyone who has been through training. Without someone who understands the 110 controls and 320 objectives, it’s challenging to be truly ready. *Endpoints Can Sink Compliance* Some vendors claim their solutions make CMMC compliance easy while leaving endpoints in scope. If endpoints aren’t properly managed, attackers can harvest credentials and compromise CUI, no matter how strong your enclave is. *Empty Enclaves = False Claims Risk* Building a compliant enclave but leaving CUI scattered across old systems is not just a mistake — it could be seen as a false claim if you attest to compliance. *CMMC is Both Protection and Advantage* Beyond DoD requirements, following NIST 800-171 and CMMC protects your business from ransomware and gives you a competitive edge in winning contracts. *Continuous Compliance is Necessary* Compliance doesn’t end at assessment. Without ongoing monitoring and updating, companies risk slipping out of compliance and losing contract eligibility. *Choose Compliance Partners Carefully* An MSP or RPO that downplays CMMC or says “it will go away” is a red flag. Look for providers with CCP/CCA credentials and a record of helping companies pass. Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #CMMC #CMMCCompliance #DefenseContractors #Cybersecurity #CUI #DFARS #NIST800171 #CMMCLevel2 #SecureEnclaves #DoD #dib #CyberAB #c3pao

Join host Terry McGraw, CEO of Cape Endeavors, for a compelling episode of Bourbon & Bytes featuring the Global Chief Information Security Officer (CISO) at Werfen and author of CyberBulleys: A CISO's Guide to Doing Cybersecurity. This episode dives into the journey from a 21-year U.S. Army career to leading cybersecurity for global multi-billion dollar companies. Explore the challenges of managing cyber threats, navigating compliance frameworks like NIST, ISO 27001, and SEC guidelines, and communicating risks to non-technical board members. Discover what keeps CISOs awake at night, from identity management to supply chain risks, and get practical advice for aspiring cybersecurity professionals, especially military veterans transitioning to civilian roles. Learn strategies for building high-performing teams, handling ransomware crises with a "bulldog mentality," and aligning security with business objectives. This episode is packed with insights on crisis management, professional reinvention, and thriving in the dynamic world of cybersecurity. 🔑 Key Topics Covered: ➡️ Transitioning from military service to cybersecurity leadership ➡️ Managing global compliance and supply chain vulnerabilities ➡️ Communicating cyber risks to executives effectively ➡️ Building and leading high-performing cybersecurity teams ➡️ Crisis management strategies for ransomware and data breaches ➡️ Career tips for aspiring CISOs and those reinventing themselves Be sure to check out Jody's book - https://www.amazon.com/CyberBulleys-CISOs-Guide-Doing-Cybersecurity/dp/B0DT7J63F6 👉 **Like and subscribe to Bourbon & Bytes for more expert insights from cybersecurity leaders!** Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #Cybersecurity #CISO #CyberBulleys #BourbonAndBytes #CyberDefense #MilitaryToCyber #CyberRisk #Leadership #SupplyChainSecurity #Ransomware #veterans #hireveterans

In this episode of Bourbon & Bytes, Cape Endeavors CEO Terry McGraw sits down with Jenna Wells, CEO of @supplywisdom to explore the evolving landscape of business risk management in an increasingly volatile world. From her early career as a Marine Corps officer and NSA-trained intelligence officer to leading a cutting-edge risk intelligence platform, Jenna shares insights on: ➡️ Identifying and managing location risk in global supply chains ➡️ Navigating regulatory requirements like DORA, GDPR, and forced labor prevention acts ➡️ Mitigating upstream and downstream vulnerabilities in today’s interconnected economy ➡️ Preparing for the next wave of AI regulations and responsible AI adoption Whether you’re a defense contractor, a supply chain leader, or an executive looking to strengthen your organization’s resilience, this conversation delivers actionable strategies to turn risk management from reactive to proactive. 📌 Learn how to protect your business from disruptions, avoid costly compliance failures, and make informed decisions in a complex global environment. Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #RiskManagement #SupplyChainResilience #supplychainrisk #ContinuousMonitoring #Cybersecurity #RegulatoryCompliance #BusinessResilience #RiskIntelligence #BourbonAndBytes #TPRM #CapeEndeavors #SupplyWisdom

In this episode of Bourbon & Bytes, host Terry McGraw sits down with Dewayne Alford (COO) and Andy Paul (CTO & Lead CMMC Assessor) of Cape Endeavors to pour a glass of Blanton’s and break down what really matters when it comes to CMMC compliance. Forget the framework fluff—this is an unfiltered conversation packed with real-world insights from a team that’s successfully brought 23 companies through CMMC assessment with a perfect score of 110. 🧠 What you'll learn: Why “CUI is everywhere” is a myth that’s costing contractors time and money How skipping scoping leads to failed assessments—and what to do instead The three practical paths to CMMC compliance (hint: not everyone needs to lift their whole environment) What most “CMMC-ready” tools and vendors won’t tell you Why enclaves are often the fastest, cheapest, and most secure solution How false claims, overscoping, and poor tooling increase risk and burn budgets What to ask any RPO or assessor before you sign anything 💡 Plus: A deep dive into Teramis, a purpose-built CUI discovery tool born from real-world experience with post-breach response and assessment prep. Whether you’re just getting started with CMMC, already on the journey, or cleaning up someone else’s mess—this episode is a must-watch. 📥 Explore Teramis CUI discovery at https://www.teramis.us 👉 Like, subscribe, and drop a comment to let us know what CMMC topics you'd like to see in future episodes. Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #CMMC #cmmcassessment #cmmccompliance #cmmclevel2 #nist800171 #cui #cui #dfars #c3pao #cybersecurity #cmmc2 #capeendeavors #DIB #CMMC2.0 #cmmcpractices