The Bourbon & Bytes Podcast

In this episode of Bourbon & Bytes, Cape Endeavors CEO Terry McGraw sits down with Alexandra Rose, Director of Government Partnerships & CTU Threat Research at Sophos - formerly SecureWorks. Alex brings a rare perspective: NSA-trained linguist, Air Force veteran, federal civilian analyst, interagency team builder, and now one of the most trusted voices in commercial threat intelligence. They dig into the uncomfortable truth most organizations avoid: Ransomware is obvious. China isn’t. And the quiet stuff is the part that can break a country. What You’ll Learn - How China shifted from IP theft to infiltrating the infrastructure that determines trust - Why pre-positioning matters — and how chaos, not data theft, is the real endgame - How commercial threat intel operates without government budgets or authorities - The difference between opportunistic ransomware crews and persistent nation-state operators - Why public-private partnerships are finally working — and the mindset shift that made it possible - Why basic security (MFA, patching, monitoring) still shuts down most real-world attacks - The uncomfortable role AI plays in shaping a population’s perception of truth - Why “incremental progress” in cybersecurity beats big-bang silver bullet thinking every time About Alexandra Rose Alex has spent her career connecting dots across intelligence, geopolitics, cybercrime, and nation-state operations. Today she helps lead Sophos’ government partnerships and threat research efforts, turning global threat activity into actionable intelligence for defenders around the world. About Bourbon & Bytes Hosted by Terry McGraw, retired U.S. Army Lt. Colonel and former senior leader at NETCOM, Army Cyber Command, and the NSA — now CEO of Cape Endeavors, a CMMC compliance and secure enclave provider for the Defense Industrial Base. Every episode mixes candid conversation, real-world cyber stories, and insights from the leaders shaping national security. #ThreatIntelligence #NationStateThreats #CyberDefense #ChinaCyberThreat #Geopolitics #NationalSecurity

In this episode of *Bourbon & Bytes*, Cape Endeavors CEO Terry McGraw sits down with Justin Turner, Principal Group Manager for Microsoft Security, to explore how AI is transforming cybersecurity — and how defenders can adapt. From his early days as an Army signal officer to leading Microsoft’s Defender Experts team, Turner shares how his journey shaped his approach to modern threat defense. Together, he and McGraw unpack some of today’s most critical security topics: 🔹 Why Microsoft made security its top cultural priority 🔹 How AI is reshaping analyst workflows (and threat actor tactics) 🔹 The enduring power of “basic” attack vectors like phishing 🔹 The rise of nation-state cyber activity and data exfiltration risks 🔹 What quantum-enabled AI could mean for the future of encryption 🔹 Why curiosity — not credentials — remains the most valuable skill in cybersecurity Whether you’re a CISO, SOC analyst, or security practitioner, this conversation offers a candid look at where the industry is headed — and what it will take to stay ahead. 📺 Watch more episodes: youtube.com/@CapeEndeavors 🔔 Subscribe for expert discussions on CMMC compliance, secure enclaves, and cyber readiness. Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #Cybersecurity #AIinCyberDefense #MicrosoftSecurity #CapeEndeavors #BourbonAndBytes #CMMC #DefenderExperts #CyberThreats #QuantumSecurity #SOC #AIinSecurity

When a cyber crisis hits, the difference between chaos and recovery often comes down to preparation, leadership, and clear communication. In this episode of *Bourbon & Bytes*, Cape Endeavors CEO Terry McGraw sits down with Tony Kirtley, Global Leader of IBM’s X-Force Incident Response, to share hard-won lessons from some of the world’s largest cyber incidents. They emphasize the need for organizations to have robust incident response plans, effective communication strategies, and the role of incident commanders in managing crises. The conversation also highlights the significance of understanding business risks, especially in relation to supply chains and data breaches, and the necessity of practicing response strategies to mitigate emotional responses during incidents. *Chapters* 00:00 Introduction to Incident Response and Cybersecurity 02:35 The Evolving Threat Landscape 07:10 Common Pitfalls in Incident Response 10:36 The Importance of Preparedness and Planning 13:22 Internal and External Communication Strategies 17:29 The Financial Implications of Data Breaches 24:59 The Emotional Impact of Cyber Incidents 30:32 The Role of Incident Commanders 33:51 Maturing Incident Response Programs 39:42 Data Management and Backup Strategies 41:00 Understanding the Grief Cycle in Crisis Management 🔎 *What you’ll learn*: ✅ The top attack vectors that still dominate breaches today ✅ Why asset management and privilege access remain weak points ✅ How AI is (and isn’t) changing the threat landscape ✅ The role of incident commanders in high-stakes ransomware cases ✅ The “grief cycle” of cyber breaches and how leaders can push their teams to acceptance faster ✅ Practical steps executives should take before the worst day happens If you’re in cybersecurity, leadership, or risk management, this conversation is packed with insights that can help your organization prepare, respond, and recover. 👉 Subscribe for more expert conversations on cybersecurity, compliance, and leadership from the frontlines. Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #IncidentResponse #Cybersecurity #CMMC #DataBreach #IBM #BourbonAndBytes

In this Bourbon & Bytes conversation, Terry McGraw of Cape Endeavors sits down with Koren Wise, founder of Wise Technical Innovations and a C3PAO with hands-on experience guiding defense contractors through CMMC. Koren shares how she got started in IT, why she became an early believer in CMMC, and the hard truths she sees every day when companies think they’re ready for an assessment but aren’t. From scoping mistakes to relying on the wrong MSP, she explains why so many defense contractors stumble — and what separates those who pass from those who don’t. If your business handles Controlled Unclassified Information (CUI) and you’re aiming for CMMC Level 2 compliance, this episode is packed with practical lessons you won’t want to miss. *Practical Guidance for CMMC Readiness* *Boundaries are Essential* CMMC is highly technical. You need real network and systems engineering expertise to build proper boundaries around CUI. Thinking “cloud replaces boundaries” is a major misconception. *Scoping Mistakes are Common* Many contractors don’t understand how scoping really works. If a laptop is used to view CUI, it’s in scope unless protected by an authorized VDI. Failing to scope properly pulls in devices and networks you may not expect. *Training Matters* Companies often show up for assessments without anyone who has been through training. Without someone who understands the 110 controls and 320 objectives, it’s challenging to be truly ready. *Endpoints Can Sink Compliance* Some vendors claim their solutions make CMMC compliance easy while leaving endpoints in scope. If endpoints aren’t properly managed, attackers can harvest credentials and compromise CUI, no matter how strong your enclave is. *Empty Enclaves = False Claims Risk* Building a compliant enclave but leaving CUI scattered across old systems is not just a mistake — it could be seen as a false claim if you attest to compliance. *CMMC is Both Protection and Advantage* Beyond DoD requirements, following NIST 800-171 and CMMC protects your business from ransomware and gives you a competitive edge in winning contracts. *Continuous Compliance is Necessary* Compliance doesn’t end at assessment. Without ongoing monitoring and updating, companies risk slipping out of compliance and losing contract eligibility. *Choose Compliance Partners Carefully* An MSP or RPO that downplays CMMC or says “it will go away” is a red flag. Look for providers with CCP/CCA credentials and a record of helping companies pass. Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #CMMC #CMMCCompliance #DefenseContractors #Cybersecurity #CUI #DFARS #NIST800171 #CMMCLevel2 #SecureEnclaves #DoD #dib #CyberAB #c3pao

Join host Terry McGraw, CEO of Cape Endeavors, for a compelling episode of Bourbon & Bytes featuring the Global Chief Information Security Officer (CISO) at Werfen and author of CyberBulleys: A CISO's Guide to Doing Cybersecurity. This episode dives into the journey from a 21-year U.S. Army career to leading cybersecurity for global multi-billion dollar companies. Explore the challenges of managing cyber threats, navigating compliance frameworks like NIST, ISO 27001, and SEC guidelines, and communicating risks to non-technical board members. Discover what keeps CISOs awake at night, from identity management to supply chain risks, and get practical advice for aspiring cybersecurity professionals, especially military veterans transitioning to civilian roles. Learn strategies for building high-performing teams, handling ransomware crises with a "bulldog mentality," and aligning security with business objectives. This episode is packed with insights on crisis management, professional reinvention, and thriving in the dynamic world of cybersecurity. 🔑 Key Topics Covered: ➡️ Transitioning from military service to cybersecurity leadership ➡️ Managing global compliance and supply chain vulnerabilities ➡️ Communicating cyber risks to executives effectively ➡️ Building and leading high-performing cybersecurity teams ➡️ Crisis management strategies for ransomware and data breaches ➡️ Career tips for aspiring CISOs and those reinventing themselves Be sure to check out Jody's book - https://www.amazon.com/CyberBulleys-CISOs-Guide-Doing-Cybersecurity/dp/B0DT7J63F6 👉 **Like and subscribe to Bourbon & Bytes for more expert insights from cybersecurity leaders!** Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #Cybersecurity #CISO #CyberBulleys #BourbonAndBytes #CyberDefense #MilitaryToCyber #CyberRisk #Leadership #SupplyChainSecurity #Ransomware #veterans #hireveterans

In this episode of Bourbon & Bytes, Cape Endeavors CEO Terry McGraw sits down with Jenna Wells, CEO of @supplywisdom to explore the evolving landscape of business risk management in an increasingly volatile world. From her early career as a Marine Corps officer and NSA-trained intelligence officer to leading a cutting-edge risk intelligence platform, Jenna shares insights on: ➡️ Identifying and managing location risk in global supply chains ➡️ Navigating regulatory requirements like DORA, GDPR, and forced labor prevention acts ➡️ Mitigating upstream and downstream vulnerabilities in today’s interconnected economy ➡️ Preparing for the next wave of AI regulations and responsible AI adoption Whether you’re a defense contractor, a supply chain leader, or an executive looking to strengthen your organization’s resilience, this conversation delivers actionable strategies to turn risk management from reactive to proactive. 📌 Learn how to protect your business from disruptions, avoid costly compliance failures, and make informed decisions in a complex global environment. Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #RiskManagement #SupplyChainResilience #supplychainrisk #ContinuousMonitoring #Cybersecurity #RegulatoryCompliance #BusinessResilience #RiskIntelligence #BourbonAndBytes #TPRM #CapeEndeavors #SupplyWisdom

In this episode of Bourbon & Bytes, host Terry McGraw sits down with Dewayne Alford (COO) and Andy Paul (CTO & Lead CMMC Assessor) of Cape Endeavors to pour a glass of Blanton’s and break down what really matters when it comes to CMMC compliance. Forget the framework fluff—this is an unfiltered conversation packed with real-world insights from a team that’s successfully brought 23 companies through CMMC assessment with a perfect score of 110. 🧠 What you'll learn: Why “CUI is everywhere” is a myth that’s costing contractors time and money How skipping scoping leads to failed assessments—and what to do instead The three practical paths to CMMC compliance (hint: not everyone needs to lift their whole environment) What most “CMMC-ready” tools and vendors won’t tell you Why enclaves are often the fastest, cheapest, and most secure solution How false claims, overscoping, and poor tooling increase risk and burn budgets What to ask any RPO or assessor before you sign anything 💡 Plus: A deep dive into Teramis, a purpose-built CUI discovery tool born from real-world experience with post-breach response and assessment prep. Whether you’re just getting started with CMMC, already on the journey, or cleaning up someone else’s mess—this episode is a must-watch. 📥 Explore Teramis CUI discovery at https://www.teramis.us 👉 Like, subscribe, and drop a comment to let us know what CMMC topics you'd like to see in future episodes. Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #CMMC #cmmcassessment #cmmccompliance #cmmclevel2 #nist800171 #cui #cui #dfars #c3pao #cybersecurity #cmmc2 #capeendeavors #DIB #CMMC2.0 #cmmcpractices

In this episode of Bourbon & Bytes, host Terry McGraw (CEO of Cape Endeavors) welcomes Chris Perry, Head of Cybersecurity Product Management at Google Cloud AI Compute Infrastructure. The conversation spans critical cybersecurity and infrastructure issues facing both cloud providers and regulated industries. Topics include: ➡️ Cybersecurity in Cloud Computing ➡️ AI’s Impact and Opportunities ➡️ Software Supply Chain Security ➡️ Quantum Computing and Encryption ➡️ Ransomware-as-a-Service and the Cyber Threat Landscape Perry also shares practical guidance for CFOs, CISOs, and technology leaders on where to focus now and what to demand from vendors as quantum and AI capabilities evolve. If you work in cybersecurity, cloud infrastructure, national defense, or critical infrastructure, this episode is packed with insight you won’t want to miss. Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #Cybersecurity #CloudSecurity #AIInfrastructure #QuantumComputing #GoogleCloud #CMMC #ThreatIntelligence #SharedResponsibilityModel #Ransomware #Compliance #NationalSecurity #CapeEndeavors #BourbonAndBytes #CloudSovereignty #AIandSecurity #PostQuantumEncryption

Join Terry McGraw on Bourbon and Bytes as he sits down with Mike Weigand, a former Army Ranger, cyber officer, and defense-tech entrepreneur. In this compelling episode, Mike shares his journey from securing military systems at Shift5 to founding Aventra, a defense-tech startup tackling the future of long-range precision systems. Weigand shares how his military roots as a West Point grad, Ranger, and cyber officer shaped his entrepreneurial approach to defense innovation. He discusses how today's battlefield is defined not by mass but by speed, autonomy, and software-driven advantage—and how tools like AI are shrinking OODA loops, enabling rapid prototyping, and completely changing what’s possible in modern conflict. ▶️ Topics covered in this episode: Securing operational technology (OT) systems AI's Transformative Impact on Defense Innovation The Reindustrialization Imperative Speed as the New Competitive Advantage Whether you care about AI, defense innovation, or American industrial resilience, this is a conversation that connects dots few others can. 👉 Subscribe to Bourbon & Bytes for more conversations with top tech leaders—diving into cybersecurity, national security, AI threats, and the personal journeys behind the innovation. Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #DefenseTech #Cybersecurity #AI #IndustrialBase #OODAloop #AutonomousWeapons #AmericanManufacturing #CapeEndeavors #BourbonAndBytes

In this powerful episode of Bourbon & Bytes, host Terry McGraw, CEO of Cape Endeavors, sits down with Wendy Thomas—former CEO of Secureworks —for a wide-ranging conversation that explores the shifting frontlines of cybersecurity, artificial intelligence, and leadership. Wendy unpacks how quantum and AI are reshaping the cyber landscape, including the opportunities (like democratized security and new AI forensics roles) and risks (from model drift to deepfakes). The two dive into the explosive growth of cybercrime—now topping $10.5 trillion—and discuss the need for new public-private accountability models, secure software mandates, and a "lifestyle approach" to legislation. Beyond tech, Wendy reflects on the evolution of diversity in leadership, the limitations of traditional higher education, and what it really takes to lead a company through IPOs, acquisitions, and cultural change. Insightful, strategic, and deeply human—this is a conversation you don’t want to miss. Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #Cybersecurity #AI #QuantumComputing #Deepfakes #AICybersecurity #CyberRisk #ThreatLandscape #SecureSoftware #SecureWorks #WomenInTech #BoardLeadership #TechLeadership #Marqeta #IONQ #BourbonAndBytes #CapeEndeavors

In this episode of Bourbon & Bytes, host Terry McGraw sits down with Jason Kaplan, CEO of SixMap, for a spirited conversation that cuts across startup life, cybersecurity mandates, and the rapidly evolving threat landscape. Kaplan shares his unconventional journey from finance to fitness tech to cybersecurity, offering a founder’s-eye view of how SixMap is redefining External Attack Surface Management (EASM). The two dive deep into the cost-benefit debate around CMMC 2.0, the importance of secure-by-design infrastructure, and why "waiting" is the most expensive strategy of all. They also explore how SixMap uses AI to provide high-fidelity scans of enterprise exposure—mapping vulnerabilities across IPv4/IPv6, ports, and corporate hierarchies. From ransomware fallout to deepfake dangers, and from bourbon reviews to rapid-fire startup advice, this episode blends strategic insight with real-world urgency. Cape Endeavors is dedicated to providing top-tier Managed CMMC Secure Enclave services tailored to the defense industrial base. Our team of experts ensures that you can rapidly become compliant with NIST 800-171/CMMC 2.0 Lvl2 while focusing on your existing business with little interruptions to existing operations. Learn more https://www.capeendeavors.com #cybersecurity #cmmc #deepfake #startup #EASM #attacksurfacemanagement #sixmap #capeendeavors #techleadership #cyberresilience