Avsnitt
-
Episode 47 Summary – The Recruiter Who Wasn't
In this episode, Tabetha Baume explains how artificial intelligence has become a new type of insider threat, with AI assistants and autonomous agents operating inside trusted environments with legitimate access to sensitive systems and data.
She examines the risks posed by agentic AI, prompt injection attacks, shadow AI, deepfakes, and fraudulent remote workers to demonstrate how organizations can unknowingly introduce new vulnerabilities without a traditional cyber breach.
Her key message is that organizations must govern AI tools with the same discipline applied to human insiders by enforcing least-privilege access, human oversight, data protection policies, vendor due diligence, and continuous monitoring to safely integrate AI into security-sensitive environments.
-
Episode 46 Summary – The Academic Front
In this episode, Tabetha Baume explains how foreign adversaries exploit U.S. universities and academic research environments to acquire sensitive technologies, recruit future intelligence assets, and gain access to defense-related research.
She examines the cases of Charles Lieber, Zheng Xiaoqing, and Ji Chaoqun to demonstrate how foreign talent programs, technology theft, undisclosed foreign affiliations, and long-term recruitment efforts target both researchers and emerging professionals.
Her key message is that organizations must strengthen research security, export control compliance, data protection, and insider threat awareness while ensuring researchers and academic partners understand how to recognize, report, and defend against foreign intelligence collection efforts.
-
Saknas det avsnitt?
-
Episode 45 Summary – Elicitation Without Direct Questions
In this episode, Tabetha Baume explains how foreign intelligence services use elicitation techniques to gather sensitive information through seemingly harmless conversations rather than direct questions.
She examines the cases of Glenn Duffie Shriver, James Fondren, and Kevin Mallory to show how social interactions, professional networking, and online engagement can gradually evolve into intelligence collection and espionage.
Her key message is that cleared professionals must recognize elicitation tactics, limit sensitive disclosures, maintain strong operational security, and report suspicious contacts early to prevent foreign intelligence exploitation.
-
Episode 44 Summary – Don't Sleep on These Two
In this episode, Tabetha Baume explains how Iran and North Korea pose significant but often overlooked threats to cleared contractors through cyber operations, insider access, and unconventional intelligence tactics.
She highlights Iran’s cyber campaigns targeting critical infrastructure and defense contractors, as well as North Korea’s scheme of placing intelligence operatives inside U.S. companies through fraudulent remote IT jobs and laptop farm networks.
Her key message is that security programs must expand their focus beyond China and Russia by strengthening cyber defenses, remote hiring verification, insider threat awareness, and reporting processes to counter emerging threats from Iran and North Korea.
-
Episode 43 Summary – Gold Bars and Ghost Degrees
In this episode, Tabetha Baume examines the case of former CIA official David Rush, who allegedly used falsified credentials and abused his position of trust to steal millions of dollars in government assets, highlighting how insider threats extend far beyond traditional espionage.
She explains how failures in credential verification, continuous vetting, and organizational oversight allowed warning signs to go undetected for years, while emphasizing the importance of recognizing fraud, theft, and unexplained affluence as insider threat indicators.
Her key message is that organizations must strengthen vetting, reporting, and insider threat programs, while ensuring trained personnel remain vigilant for behavioral and financial warning signs that technology alone may not detect.
-
Episode 42 Summary – Foreign Influence in American Contracting
In this episode, Tabetha Baume explains how foreign-owned entities can access unclassified government contracts with limited ownership scrutiny, exposing major gaps in current contracting systems.
She highlights weaknesses in SAM.gov registration, recent fraud cases involving foreign-controlled companies, and the Department of Defense’s proposed DFARS rule aimed at expanding foreign ownership disclosures.
Her key message is that contractors must better vet ownership structures, teaming partners, and supply chains as the government increases focus on foreign influence and contracting transparency.
-
Episode 41 Summary – Cloud Computing & Classified Info
In this episode, Tabetha Baume explains the risks and compliance challenges of handling classified information in cloud environments, highlighting frameworks like NISPOM, FedRAMP, and CMMC.
She uses the Microsoft Storm-0558 breach to show how cloud misconfigurations and poor coordination between IT and security teams can expose sensitive government data. She also warns about growing risks from generative AI and shadow IT tools.
Her key message is that strong cloud security requires close collaboration between FSOs and IT teams, continuous monitoring, and proactive security practices to protect sensitive information.
-
Episode 40 Summary – CFD Podcast: Russia's SVR, FSB, and GRU
In this episode, Tabetha Baume explains how Russia’s intelligence services target cleared U.S. personnel and defense contractors through espionage, cyber attacks, insider recruitment, and AI-driven information operations.
She highlights cases like Robert Hanssen, the Russian illegals network, and Peter Debbins to show how Russian intelligence patiently cultivates insiders and exploits digital platforms, ransomware, and online communities to gather intelligence.
Her key message is that cleared organizations must strengthen cybersecurity, insider threat awareness, and reporting processes to defend against increasingly sophisticated Russian intelligence operations.
-
Episode 39 Summary – CFD Podcast: The World's Most Active Espionage Machine
In this episode, Tabetha Baume explains how Chinese intelligence agencies actively target the U.S. defense industrial base through cyber operations, LinkedIn recruitment, university partnerships, and insider threats.
She highlights real-world espionage cases like Chi Mak and Kevin Mallory to show how cleared professionals can be exploited through long-term intelligence operations and coercion tactics.
Her key message is that cleared organizations must strengthen counterintelligence awareness, insider threat programs, and reporting processes to better protect personnel, programs, and classified information from ongoing Chinese intelligence collection efforts.
-
Episode 38 Summary – CFD Podcast: An Effective Security Team
In this episode, Tabetha Baume explains how to build an effective security team for cleared organizations, emphasizing key roles like the Facility Security Officer (FSO), Senior Management Official (SMO), and Insider Threat Program Senior Official (ITPSO), along with the need to meet regulatory requirements such as NISPOM.
She highlights essential skills, certifications, and team structures, noting the importance of communication, technical expertise, and choosing between centralized, decentralized, or hybrid models.
Her key message is that strong security teams go beyond compliance by investing in the right people, structure, and training to protect classified information while supporting business success.
-
Episode 37 Summary – CFD Podcast: OPSEC in the Digital Age
In this episode, Tabetha Baume explains how the digital age has transformed operational security, shifting the focus to managing the vast amount of data we unknowingly share.
She highlights key risks such as metadata, data aggregation, cloud storage, mobile devices, and IoT systems, showing how these can reveal sensitive patterns even without direct communication.
Her key message is that while technology increases exposure, strong OPSEC comes down to awareness, disciplined habits, and actively managing your digital footprint.
-
Episode 36 Summary – CFD Podcast: Foreign Financial Interests
In this episode, Tabetha Baume explains how foreign financial interests, such as bank accounts, investments, or property abroad, can create potential security risks if not properly managed.
She emphasizes the importance of reporting these interests during applications, reinvestigations, and when new assets are acquired, noting that transparency and compliance are critical. Her key message is that while foreign financial interests are not disqualifying, they must be fully disclosed and responsibly managed to maintain clearance eligibility.
-
Episode 35 Summary – CFD Podcast: AI in Federal Contracting
In this episode, Tabetha Baume warns about the reckless use of AI meeting assistants and transcription tools in federal contracting, explaining how these platforms can expose sensitive operational data to third-party systems.
She highlights that even unclassified information, when aggregated, can create serious OPSEC risks, including exposure of facilities, personnel, and supply chains. She also notes potential violations of regulations like DFARS, NIST 800-171, CMMC, and SCIF security requirements.
Her key message is that while AI is powerful, it must be used securely. Organizations need to audit their tools, enforce strict policies, and prioritize national security over convenience.
-
Episode 34 Summary – CFD Podcast: Navigating Security Violations
In this episode, Tabetha Baume explains what security violations are, how they occur, and the proper steps to respond when they happen. She defines a security violation as any failure to follow security procedures that could result in the compromise of classified information, covering examples across physical, information, personnel, and cybersecurity domains.
She emphasizes that immediate action is critical, including stopping the activity, securing any exposed information, notifying the Facility Security Officer (FSO), preserving evidence, and documenting the incident. The episode outlines how violations are assessed, investigated, and categorized as minor or major, with responses ranging from additional training to formal investigations, disciplinary action, or even criminal consequences depending on severity and intent.
Her key message is that while security violations can be serious, they are often preventable and should be treated as learning opportunities. Prompt reporting, honesty, cooperation, and a strong security culture are essential to protecting classified information and maintaining trust within cleared environments.
-
Episode 33 Summary – CFD Podcast: See Something, Say Something
In this episode, Tabetha Baume explains that national security is a shared responsibility and emphasizes the importance of “See Something, Say Something.” She outlines how individuals should recognize and report suspicious behavior, stressing that reporting is based on actions, not assumptions.
She also details the legal obligations for cleared contractors under 32 CFR Part 117, including reporting insider threats, suspicious contacts, and any potential security risks. Her key message is that hesitation and silence create risk, and that proactive awareness and reporting are essential to protecting both organizations and national security.
-
Episode 32 Summary – CFD Podcast: Cleared to Operate
In this episode, Tabetha Baume explains the process companies must follow to obtain a Facility Security Clearance (FCL) in order to work on classified government contracts. She outlines key requirements such as clearing senior management personnel, appointing a Facility Security Officer (FSO), demonstrating financial stability, and preparing facilities that meet government security standards under the National Industrial Security Program (32 CFR Part 117).
She emphasizes that the process can take 12–18 months and requires ongoing compliance and a strong security culture. Her key message is that while obtaining a facility clearance is complex and resource-intensive, it is essential for companies seeking to compete for classified contracts in the federal marketplace.
-
Episode 31 Summary – CFD Podcast: False Patriots
In this episode, Tabitha Baume explains that unauthorized disclosure of classified information can lead to criminal charges and permanent loss of a security clearance.
She emphasizes that sharing classified information with the media or the public violates federal law and undermines national security. Her key message is that cleared professionals must use official whistleblower channels, such as reporting concerns to an Inspector General, rather than releasing classified information outside authorized processes.
-
Episode 30 Summary – CFD Podcast: Cleared and Criminally Compromised
In this episode, Tabetha Baume explains that criminal conduct, especially obstruction of federal officers, can permanently disqualify cleared professionals. Under Guideline J, arrests, admissions, or credible evidence of criminal activity can jeopardize a clearance.
She emphasizes that resisting or interfering with federal authority demonstrates divided loyalty and is incompatible with holding a clearance. Her key message: beliefs are protected, but criminal actions against the government can cost you your clearance and your career.
-
Episode 29 Summary – CFD Podcast: Subversion 101
In this episode, Tabetha Baume explains that subversion, defined as actions intended to undermine the United States government, can come from within the country and not just from foreign actors. Participation in extremist groups or organized efforts to delegitimize or overthrow the government is incompatible with holding a security clearance.
She links these activities to Guideline A, along with Guideline E and Guideline J, emphasizing that association, sympathy, or criminal conduct related to subversion can be disqualifying. Her key message: political beliefs are protected, but actions that undermine federal authority can cost you your clearance and your career.
-
Episode 28 Summary – CFD Podcast: Guideline M
In this episode, Tabetha Baume explains Guideline M: Use of Information Technology, which focuses on how a person’s behavior with computers, networks, mobile devices, and social media reflects their judgment, reliability, and willingness to follow rules. Technology misuse can create direct security vulnerabilities and often reveals broader patterns of poor decision making.
Using real-world examples, she shows that issues such as installing unauthorized software, illegal downloading, weak password practices, phishing mistakes, improper social media behavior, or connecting personal devices to secure systems can trigger serious concerns. However, many incidents can be mitigated through immediate reporting, honest disclosure, training, and a sustained record of improved behavior. Her key takeaway: follow policies, think before you click, and if mistakes happen, report them right away and demonstrate you have learned from them.
- Visa fler