Send us Fan Mail

Too many organizations still treat compliance as a one-time audit exercise: get the certification, satisfy the customer, and move on.

In this episode of Musings from the Cyber Trench, I sit down with Sarah Lynn, a seasoned IT, cybersecurity, GRC, advisory, and audit preparation leader, to discuss why that mindset breaks down fast.

We talk about what happens when compliance is treated as “paperwork,” where programs usually fail first, and why people, process, and technology all have to work together for compliance to become part of daily operations.

Sarah also shares practical insights on:

• Why undocumented processes are a major red flag
• How leaders can move from checklist compliance to security maturity
• Where organizations underinvest and overspend in compliance programs
• Why buying a tool before understanding the process usually backfires
• AI’s role in compliance, automation, meeting notes, artifact collection, and risk
• Why CMMC, SOC 2, ISO, FedRAMP, and other frameworks require continuous effort
• How trusted advisors and peer groups can help leaders avoid reinventing the wheel

The core message: compliance is not something you “get through.” Done right, it becomes a habit, a management discipline, and a foundation for stronger security.

Guest: Sarah Lynn brings 25+ years across IT, cybersecurity, GRC, audit readiness, risk, continuity, and technology operations, helping SaaS/IaaS-driven organizations turn compliance into practical, business-aligned security.

Responsible for ICAM, Zero Trust, or identity security in a federal agency, prime, or large regulated enterprise?

If you’re trying to move from strategy to execution, start with Zephon’s Zero Trust Readiness Assessment: zephon.tech/zt

Questions or guest ideas? Email defend@zephon.tech

Send us Fan Mail

Energy is the upstream of everything

In this episode we explore how energy infrastructure has become one of the most critical and vulnerable systems in the modern world

From power grid attacks to systemic risks this conversation reveals why cyber threats to energy impact entire nations

Responsible for ICAM, Zero Trust, or identity security in a federal agency, prime, or large regulated enterprise?

If you’re trying to move from strategy to execution, start with Zephon’s Zero Trust Readiness Assessment: zephon.tech/zt

Questions or guest ideas? Email defend@zephon.tech

Send us Fan Mail

This episode explores the leadership and design challenges behind modern cybersecurity failures.

Morgan Reed, CTO of Transbridge, shares how traditional approaches to security focused on controls, compliance, and restriction often ignore the most critical variable: human behavior.

The discussion reframes cybersecurity as a design and leadership problem, where usability, context, and adaptability determine effectiveness.

You’ll learn: - Why leadership decisions shape security outcomes - How excessive controls create friction and risk - The gap between security policy and real world behavior - Why human centered design is critical in cybersecurity - How AI can support adaptive, context aware systems - What leaders must change to build resilient security environments

This episode is ideal for executives, CISOs, and technology leaders focused on improving security, reducing risk, and building systems that actually work in practice.

Responsible for ICAM, Zero Trust, or identity security in a federal agency, prime, or large regulated enterprise?

If you’re trying to move from strategy to execution, start with Zephon’s Zero Trust Readiness Assessment: zephon.tech/zt

Questions or guest ideas? Email defend@zephon.tech

Send us Fan Mail

In this episode of Musings From the Cyber Trench, Vishal Masih speaks with cybersecurity expert Edwin Covert about the evolution of cyber risk management.

Edwin explains why traditional qualitative risk models fail to support business decision making and how organizations can adopt risk quantification to measure probability and financial impact.

The conversation explores how cybersecurity teams can better communicate with business leaders, align with enterprise risk management, and make more effective decisions based on data.

Responsible for ICAM, Zero Trust, or identity security in a federal agency, prime, or large regulated enterprise?

If you’re trying to move from strategy to execution, start with Zephon’s Zero Trust Readiness Assessment: zephon.tech/zt

Questions or guest ideas? Email defend@zephon.tech

Send us Fan Mail

Cybersecurity expert Robert Siciliano joins Vishal Masih on Musings from the Cyber Trench to discuss why cybersecurity is ultimately a human behavior challenge.

Robert explains why traditional compliance training often fails, how cybercriminals exploit human trust, and why organizations must focus on building a human firewall rather than relying solely on technology.

Robert Siciliano is a private investigator, Certified Speaking Professional (CSP), CEO of Protect Now, LLC, and creator of The Strategic Human Firewall™. He is widely recognized as one of the leading experts on cybercrime and identity theft, with more than 500 television appearances, 1,000 radio contributions, and 3,000+ media features.

The conversation explores how companies can build stronger cybersecurity cultures by helping employees understand that protecting company data also protects their own identity and security.

Responsible for ICAM, Zero Trust, or identity security in a federal agency, prime, or large regulated enterprise?

If you’re trying to move from strategy to execution, start with Zephon’s Zero Trust Readiness Assessment: zephon.tech/zt

Questions or guest ideas? Email defend@zephon.tech

Send us Fan Mail

Vishal Masih and Craig Taylor explore why cybersecurity awareness programs fail despite mandatory compliance requirements.

This episode focuses on phishing threats, behavioral psychology, gamification, and how organizations can build real cyber literacy instead of checkbox training.

Responsible for ICAM, Zero Trust, or identity security in a federal agency, prime, or large regulated enterprise?

If you’re trying to move from strategy to execution, start with Zephon’s Zero Trust Readiness Assessment: zephon.tech/zt

Questions or guest ideas? Email defend@zephon.tech

Send us Fan Mail

CMMC is not new. It is enforcement.

In this full episode of Musings from the Cyber Trench, we break down the real operational impact of CMMC inside the Defense Industrial Base.

Our guest brings over 25 years of experience across enterprise GRC, defense programs, and federal cybersecurity.

We discuss:

• Why CMMC was long overdue • Level 1 vs Level 2 and what “basic hygiene” really means • Reactive vs predictive risk culture • The true cost drivers behind CMMC assessments • CCA scarcity and pricing pressure • Tech stack decisions: AWS vs Microsoft vs Google • Why veterans thrive in cybersecurity missions

If you operate inside the DoD ecosystem, this conversation gives you clarity on what matters and what does not.

Responsible for ICAM, Zero Trust, or identity security in a federal agency, prime, or large regulated enterprise?

If you’re trying to move from strategy to execution, start with Zephon’s Zero Trust Readiness Assessment: zephon.tech/zt

Questions or guest ideas? Email defend@zephon.tech

Send us Fan Mail

Welcome to Musings from the Cyber Trench, the podcast that goes beyond surface-level conversations to explore the real-world challenges shaping public sector cybersecurity.

In this episode, host Vishal Masih is joined by Vishal Goyal, Vice President of Enterprise Architecture, for a deep dive into enterprise architecture, Zero Trust, and the realities of securing complex public-sector environments. With nearly two decades of international experience across consulting, engineering, and operations, Vishal Goyal shares how architecture decisions directly impact resilience, scalability, and security outcomes.

The conversation explores how cybersecurity strategy has evolved, why Zero Trust must be practical rather than theoretical, and how organizations can better align cloud, network, and security architectures. This episode also touches on stakeholder alignment, decision-making at scale, and what it takes to modernize legacy systems while maintaining trust and continuity. If you work in cybersecurity, enterprise architecture, or public-sector technology — or you’re navigating complex security transformations — this episode offers grounded insights from the front lines.

⏱️ Timestamps

00:00 – Welcome to Musings from the Cyber Trench

00:25 – Podcast mission and focus on public sector cybersecurity

00:41 – Introducing today’s guest, Vishal Goyal

01:28 – Vishal’s role and scope in enterprise architecture

02:43 – Career journey and international consulting experience

05:12 – Evolution of enterprise architecture in cybersecurity

08:34 – Why Zero Trust matters in public sector environments

12:06 – Practical challenges implementing Zero Trust

16:18 – Cloud, network, and security architecture alignment

20:47 – Managing legacy systems in modern environments

25:31 – Stakeholder communication and architectural consensus

30:02 – Balancing innovation with operational stability

34:18 – Lessons learned from large-scale transformations

38:56 – Advice for architects and security leaders

42:10 – Closing thoughts on resilience and future readiness

👉 Subscribe for more conversations with leaders shaping cybersecurity strategy.

🔗 Share this episode with your architecture or security team.

Responsible for ICAM, Zero Trust, or identity security in a federal agency, prime, or large regulated enterprise?

If you’re trying to move from strategy to execution, start with Zephon’s Zero Trust Readiness Assessment: zephon.tech/zt

Questions or guest ideas? Email defend@zephon.tech