The Entropy Podcast

This episode focuses on what real cyber strategy looks like versus the outdated “framework + gap analysis” approach. Leonard McAuliffe PWC explains that most organizations confuse activity with strategy focusing on compliance, maturity scores, and annual plans instead of aligning cybersecurity to actual business risk.
The conversation reframes cyber strategy as a business-aligned, risk-driven, continuously evolving discipline. It emphasizes understanding stakeholder priorities, mapping real threats to controls, and treating strategy as a living system that adapts to AI, geopolitics, and changing attack surfaces.
Takeaways:
1. Most “Cyber Strategies” Aren’t Strategies
 They’re annual roadmaps or compliance exercises 
 Built around frameworks (NIST, ISO) instead of business risk 
 Improve maturity—but don’t necessarily reduce real risk 
2. Strategy Must Start With the Business
 Engage CEO, CFO, CIO, CRO—not just security teams 
 Understand risk appetite and critical processes 
 Align to IT, digital, and AI strategies 
3. Focus on Risk → Threats → Controls (Not Maturity Scores)
 Define key cyber risks (e.g., business disruption) 
 Map threat scenarios (e.g., ransomware via phishing) 
 Link to controls and measure effectiveness 
4. Strategy is a Living System
 Must evolve with:  AI 
 Threat intelligence 
 Regulatory changes 
 Business shifts 

5. Prioritization = Risk + Cost Trade-Off
 You can’t do everything 
 Decisions must be explicit:  What risk are we accepting? 
 What exposure remains? 

6. Regulation Shouldn’t Drive Strategy
 Constantly reacting to new regs derails focus 
 Instead:  Build a strong master control framework 
 Map regulations onto it 

Soundbites: 
 “Most cyber strategies look good on paper but don’t manage real risk.” 
 “You’re improving maturity, not reducing risk.” 
 “Cyber can’t operate in a bubble it has to enable the business.” 
 “If you don’t fund it, you’re accepting the risk. It’s that simple.” 
 “Boards don’t care about maturity levels they care about real threats.”

In this episode of The Entropy Podcast, Glenn Carle a former CIA clandestine officer with over two decades of experience breaks down how intelligence agencies think, operate, and influence outcomes over the long term.
Drawing on real-world tradecraft, Glenn explains how vulnerabilities are identified, how influence is cultivated, and how narratives are seeded and amplified over time. The conversation explores the growing tension between intelligence institutions and political power, the risks facing democratic systems, and how modern geopolitics is increasingly shaped by information warfare and perception management.
The discussion also ventures into controversial territory examining the possibility of long-term influence operations at the highest levels of power while highlighting the difference between evidence, interpretation, and hypothesis.
This is a conversation about how power actually works beneath the surface and what happens when institutions designed to protect truth are put under pressure.
Takeaways:
Intelligence is about patterns, not events
Influence is often long-term and indirect
Vulnerability ≠ control
Institutions are under pressure
Information warfare shapes reality
The line between analysis and speculation matters
SoundBytes:
“In intelligence, there are no coincidences only patterns you haven’t understood yet.”
“You don’t recruit someone in a moment you shape them over time.”
“Every strength can become a vulnerability in the right context.”
“If telling the truth costs you your job, the system stops working.”
“You don’t need the truth you need enough repetition to make something feel true.”
“The most effective operations are the ones no one notices—until it’s too late.”
“Understanding how something could happen is not the same as proving that it did.”
This conversation explores complex and often controversial geopolitical themes from the perspective of a former intelligence officer. Some views expressed particularly around long-term intelligence operations and political influence reflect interpretation and professional judgement rather than independently verified public conclusions. Listeners are encouraged to engage critically and consult additional sources where appropriate.

In this episode of the Entropy Podcast, Robert Maxwell (CEO of TGT Solutions) reframes cybersecurity from a technical concern into a core business risk especially for small and medium-sized enterprises (SMEs).
He argues that cyber threats are fundamentally about cash, trust, and continuity, not just systems. A single compromised credential or phishing attack can dismantle years of work in minutes, particularly in SMEs where operations often depend on one person, one account, or one set of credentials. 
Maxwell introduces a key mindset shift: cybersecurity is an investment, not an expense. Like building a portfolio, incremental and consistent investment in cyber resilience pays dividends protecting revenue, relationships, and long-term business viability. 
The conversation also explores human vulnerability as the dominant attack vector, the risks introduced by AI adoption, and why attackers prioritize ease over sophistication. Ultimately, the episode highlights a stark reality: it’s no longer “if” a business is attacked, but “when” and how prepared it is when that moment comes.
Key Takeaways:
1. Cyber is now a business problem, not an IT problem
It directly impacts cashflow, supplier relationships, and customer trust—not just systems.
2. SMEs are disproportionately vulnerable
Reliance on single accounts, single individuals, and weak password practices creates critical single points of failure.
3. Attackers prioritize ease, not scale or sophistication
The simplest entry point—often human—is the most exploited.
4. “Too small to hack” is a dangerous myth
Smaller firms are often easier targets and valuable entry points into supply chains.
5. Cybersecurity must be treated as an investment
Incremental improvements (policies, training, redundancy) generate long-term “dividends” in resilience.
6. Human behavior is the biggest risk surface
Phishing, credential reuse, and lack of policy enforcement remain dominant vulnerabilities.
7. AI is amplifying exposure
Organizations are unintentionally leaking sensitive data through unmanaged AI usage.
8. External validation is critical
Internal reviews often miss risks—independent assessments reveal blind spots.
9. Banks and institutions are shifting liability
Poor cyber hygiene increasingly results in unrecoverable financial loss.
10. Timing matters
Fixing issues after a breach is exponentially more expensive than proactive investment.
Soundbites:
 “Cyber isn’t a technical issue anymore—it’s about cash.” 
 “You can lose trust, cash, and credibility in under a minute.” 
 “It’s not ‘if’ you get attacked—it’s ‘when’ and ‘how much they take.’” 
 “One person, one password, one account—that’s all it takes.” 
 “Attackers don’t look for the biggest target—they look for the easiest one.” 
 “We were too busy… until we got hacked.” 
 “Cybersecurity isn’t an expense. It’s an investment that pays dividends.” 
 “The password they stole six months ago? It still works—that’s the problem.” 
 “AI is making companies more vulnerable—and they don’t even realize it.” 
 “You’re building a business for generations—cyber can erase it in minutes.”
You can learn more about TGT solutions from their website: https://www.tgtsolutions.com/

In this episode of The Entropy Podcast, host Francis Gorman speaks with Jason Jordan about the reality of digital forensics, cybercrime investigations, and the evolving role of AI in evidence and incident response. 
Jason shares his journey from police detective to global forensic expert, unpacking how modern investigations work from reconstructing deleted data to testifying in court. The conversation dives into why AI can’t be blindly trusted in legal contexts, how digital footprints are nearly impossible to erase, and the psychological toll of confronting the worst of human behavior in cybercrime.
Key Takeaways
Digital forensics is still built on fundamentals
Despite AI and automation, everything comes back to understanding data structures at a low level. 
AI is powerful but dangerous in legal settings
If you can’t explain how an output was produced, it won’t stand up in court. 
You can’t truly hide in the digital world
Like physical forensics, digital interactions always leave trace evidence. 
Incident response ≠ forensic investigation
One stops the attack; the other explains how and why it happened. 
Human error is often the weakest link
Many breaches aren’t technical failures they’re failures in monitoring or behavior. 
Bias is controlled through process, not perfection
Documentation, peer review, and validation are critical to staying objective. 
Cybercrime is increasingly sophisticated and organized
Attacks now involve long-term planning, insider access, and complex technical setups. 
The job comes with real psychological cost
Exposure to extreme content and consequences requires resilience and support systems. 
Passion and curiosity are essential
This field isn’t just technical—it’s investigative, relentless, and deeply demanding. 
Soundbites
 “In forensics, if you can’t explain it—you can’t use it.” 
 “AI can’t testify in court. A human has to.” 
 “You don’t stop being a forensic scientist—it’s who you are.” 
 “Every interaction leaves a trace—digital or physical.” 
 “We don’t just catch bad guys—we make sure it’s the right one.” 
 “Pull the plug or preserve evidence? That’s the real-world trade-off.” 
 “Cybercrime today is organized, patient, and highly engineered.” 
 “You only get to make one big mistake in this field.” 
 “If you love puzzles, this is the ultimate career.”

In this episode of The Entropy Podcast, host Francis Gorman speaks with Shelly Bernard about how identity, cognitive wiring, and environment shape high performers particularly those transitioning from elite military and intelligence careers. 
They explore why many struggle after leaving high-performance environments, how ego and identity can limit growth, and why emotional intelligence is becoming a critical advantage in modern domains like cybersecurity and cognitive warfare. The conversation ultimately reframes performance as a matter of alignment between how you think and where you operate.
Key Takeaways
Identity is often borrowed from environment
High performance = alignment
Ego limits adaptability
Different brains, different strengths
Emotional intelligence is undervalued but critical
Environment shapes behavior over time
Cognitive warfare is reshaping conflict 
Unmet needs drive unintended behavior
 
Soundbites
 “High performance isn’t just skill it’s alignment.” 
 “Ego protects identity, but it blocks growth.” 
 “Emotion isn’t a liability it’s a strategic tool.” 
 “The battlefield is shifting from physical to cognitive.” 
 “People don’t struggle because they’re incapable they’re misaligned.” 
 “If your environment doesn’t fit your wiring, something will break.” 
 “Always ask: why?” 
Follow The Other Side Podcast:
YouTube: https://youtu.be/wUDFU0EPt-g?si=b1dslirwAY6b4XMX

Spotify: https://open.spotify.com/show/4YJpBVrhDmvUnYCviliFG3?si=d3fWtscXTEytPa2Ge4myCA