Today’s Geopolitical Threat Environment Requires a New Security Model Artwork

Unspoken Security

Unspoken Security is a raw and gritty podcast for security professionals who are looking to understand the most important issues related to making the world a safer place, including intelligence-driven security, risks and threats in the digital and physical world, and discussions related to corporate culture, leadership, and how world events impact all of us on and off our keyboards.

In each episode, host AJ Nash engages with a range of industry experts to dissect current trends, share practical insights, and address the blunt truths surrounding all aspects of the security industry.

All Episodes

Unspoken Security

Today’s Geopolitical Threat Environment Requires a New Security Model

August 07, 2025 • AJ Nash & Mark Freedman • Season 1 • Episode 41

0:00 | 59:26

In this episode of Unspoken Security, host AJ Nash welcomes Mark Freedman, Principal and CEO of Rebel Global Security, to discuss a major shift in the global threat landscape. The primary national security concern has moved from counter-terrorism to interstate strategic competition. This change requires a new security model, especially for the private sector.

Mark explains that companies are now players on a geopolitical battlefield, facing sophisticated threats from nation-states. Yet, many organizations operate in silos. Legal teams track sanctions while cybersecurity teams react to technical threats. They often miss the strategic connection between the two, which creates significant vulnerabilities.

To close these gaps, AJ and Mark explore the need for an integrated intelligence function within businesses. They discuss how even a single empowered person, tasked with understanding the geopolitical environment, can connect various teams. This strategic view helps companies build a more resilient and proactive defense in a complex world.

Send us Fan Mail

Support the show

Unspoken Security Ep 41: Today’s Geopolitical Threat Environment Requires a New Security Model

[00:00:00] Mark Freedman: you definitely have some people coming outta the Intel community who are. analysts who like to write and sit at their desk and do, you know, that is not the right fit for this type of role because you need somebody who can go and do the relationship building.

[00:00:13] Mark Freedman: And so, you know, somebody who has interagency experience, if they come outta the Intel community, did a lot of JDAs or like, you know, and they don't need to be an Intel person. They could be, you know, one of the national security agency.

[00:01:08] AJ Nash: Hello, and welcome to another episode of Unspoken Security. I'm your host, AJ Nash. Spent about 19 years in the intelligence community, mostly at NSA, and I've been building and maturing intelligence programs in the private sector for about nine years now. I'm passionate about intelligence, security, public speaking, mentoring, and teaching.

[00:01:24] AJ Nash: I also have a master's degree in organizational leadership from Gonzaga University, go Zags and I continue to be deeply committed to servant leadership. Now, this podcast brings all of these elements together with some incredible guests to have authentic, unfiltered conversations on a wide range of challenging topics. This is not gonna be your typical, polished podcast. My dog makes occasional appearances. She is sleeping next to me right now, so we'll see how that goes. people argue and debate. we even swear sometimes here. I certainly do. and that's all. Okay. I want you to think of this podcast as a conversation you'd overhear at a bar after a long day at one of the larger cybersecurity conferences. These are the conversations we usually have when nobody's listening. Now, today I've got a really special guest, 'cause I'm joined by Mark Friedman. now Mark is principal and chief executive officer of Rebel Global Security, where he advises critical infrastructure and technology companies on issues at the nexus of national security, corporate security, geopolitics and security tech.

[00:02:14] AJ Nash: So just some lightweight stuff, you know, regular things gets us through the day. Mark previously served as, an officer at the US State Department, including Chief of Staff to the Ambassador at large for counter-terrorism. and he was responsible for management of about a billion dollars in foreign assistant funds, about 150 people.

[00:02:30] AJ Nash: And he managed the flow of information to senior US government officials, including the Secretary of State. So he knows a few things about a few things. He holds a bachelor's in international Affairs from the, the Georgetown, or the George Washington University, and a Master's, in security studies from Georgetown. and he is also Certified Protection Professional. He is a certified information security manager. He's a member of a SIS steering committee, enterprise security, risk management, and critical Infrastructure. So, you know, just a couple of things Mark does to keep himself busy. Anything you wanna add to that resume, mark?

[00:02:59] Mark Freedman: No, I think we're good.

[00:03:00] AJ Nash: Nothing more. It's a pretty, it's a pretty stout one to begin with, so that's good. so listen, it's gonna be a really interesting discussion today. You know, we have a lot of different discussions on this show. Some are very technical, some are about people and, and processes. And, and then some are about intel still, which is, you know, where I come from.

[00:03:14] AJ Nash: And, and this sort of leans back into that space as the topic today is, is today's geo-political threat environment requires a new security model. Now it's a pretty bold concept to say, Hey, everybody, you're all doing security wrong. The threat environment's changed and we need a whole new model. so I think it's a good, I, I frankly, I think it's the right time for that kind of a challenge. so I wanna jump into exactly why you think things are different and what we need to do. So what do you see as the biggest changes in the global threat landscape over, I don't know, say the last five years or so?

[00:03:42] Mark Freedman: Well, first of all, aj, let me just say thanks for having me on. Really glad to be here and looking forward to, um, to an interesting conversation. So, you know, I mean, my perspective is, informed just like everybody else is by, by my background and where I kind of come from. And so, you know, I've been in DC for going on 20 years now.

[00:04:03] Mark Freedman: I'm an international affairs person by, by kind of background, right? So I don't come from a cybersecurity or an IT background either academically or professionally. and worked the first part of my career at the State Department. And so that kind of international affairs geopolitical lens is just the way that I view the world.

[00:04:27] Mark Freedman: and so when I think about the biggest changes in the threat landscape, over the last five or so years, it's really through, you know, through that lens. and so for me, you know, I go back to the. National Defense Strategy that was published, not the most recent one, the, the one before that actually, that was published in 2018.

[00:04:49] Mark Freedman: And, and for, for those listeners who aren't, as familiar with the National Defense Strategy as you and I may be

[00:04:56] AJ Nash: Right. Sure.

[00:04:58] Mark Freedman: government time, it's the, the highest level document released by the US Department of Defense. and it's typically released. Somewhere every four to eight years, depending on kind of where the political administration is.

[00:05:13] Mark Freedman: and it's intended to lay out, a political perspective in the sense that it is, you know, it does change kind of from Republican to Democrat, but also a kind of, a Washington perspective on US defense policy.

[00:05:29] Mark Freedman: and so the, the National Defense Strategy in 2018 opened with a line about the shift from, terrorism as the primary national security concern

[00:05:42] Mark Freedman: to interstate strategic competition.

[00:05:46] Mark Freedman: and again, so that was in 2018. So that was six years ago. no, seven years. Boy. what year are we at?

[00:05:51] AJ Nash: It's 2025 now. Yeah. It goes fast,

[00:05:53] Mark Freedman: Uh, okay. Seven years ago. So that's not a recent document. Right. but I think. In the last seven years, we have really seen that play out. I mean, if we think back to 2018 and like I was at the State Department and that chief of staff to the CT ambassador role in 20, 20 20 17, 20 18, 20 19, CT really was still the flavor of the day.

[00:06:19] Mark Freedman: It's hard to remember because so much has happened, but like, you know, ISIS took over Iraq in Syria. Like that tended to be the big thing in American foreign policy and national security. but in the, you know, last seven years we've really seen a change where everything all day now, including at the cybersecurity conferences and all the other security conferences, it's China, it's Russia, it's other state adversaries that are challenging US dominance and, so.

[00:06:52] Mark Freedman: In response to the question about the biggest changes is in the threat landscape. To me that is the biggest change that shift. And if you wanna look at it from kind of an inter international relations, you know, kind of academic lens, this shift from a world where you had the United States as essentially an unchallenged hegemon, to really a, a multipolar world where you have, peer and near peer adversaries primarily in the form of China and Russia challenging us.

[00:07:25] Mark Freedman: and that to me. has cascading effects for everything that we do and everything that we talk about when it comes to security and intelligence and private sector and government. that strategic context has changed, and that is driving, you know, many other kind of secondary and tertiary changes in effect

[00:07:47] AJ Nash: Well, yeah, and it's, I mean, first of all, I'm with you. I, it's hard with that seven years ago already. but it's interesting, like yourself, you know, actually we probably had a little bit of overlap and it's some counter terror, you know, in my time, right? So, you know,

[00:07:58] Mark Freedman: everybody did right.

[00:07:59] AJ Nash: Well, everybody did exactly right. Yeah. If you were in the government space after nine 11, you did counter terror at some level. Right? So I, you know, prior to nine 11, I did other things and, you know, I did counter nation state, work. Obviously China and Russia were part of that and among others, and did some counterterrorism along the way. And it's not like terrorism has gone away. It's, it's not as though counter-terrorism doesn't exist or it's not an issue. but there was this shift, right? We had the, the counter-terrorism and, you know, we did it. Reasonably good job, I suppose, as much as you can against terrorism, you know, in terms of Al-Qaeda and, and isis and, you know, they still exist and terror's not going away, but it's, it was replaced as you said by this, you know, this nation state threat has risen up, which was the threat before, by the way, you know, for

[00:08:36] AJ Nash: those who remember the Cold War, obviously, things like that, you know, for a long time it was this near peer threat.

[00:08:41] AJ Nash: It's just changed. So now what you're saying is, and, and I agree, is we've reverted sort of back into that, but the times are very different, right? This isn't like the Cold War. It's, it is in a sense, in, in that, staring down to adversaries. But we have a digital shooting war going on in this case, right? The Cold War was the Cold War. We had occasional skirmishes and, proxy wars going on, but the cyber aspect wasn't really part of it. So we're in a cold war that, that feels a lot less cold if you're in the technical side, than it does, for the average person. You know, trying to figure out if bullets are being, you know, thrown.

[00:09:09] AJ Nash: And obviously we still have. Skirmish is happening around the world, you know, and then how does that relate? Listen, most of the guests, most of the audience, I should say, listeners and and viewers for this show, you know, all 12 of them, are probably not in the government space. Most of 'em are in the private sector.

[00:09:22] AJ Nash: So, how does that really matter to the private sector? For instance, you know, private sector frankly doesn't think that much about terrorism. I don't think either. Some of the physical security and exec protection, protection teams do, but the private sector really spends most of our time focused on criminals.

[00:09:36] AJ Nash: Right. It's cyber crime is, is sort of the biggest issue. So where does this shift fit for the private sector? Why should the private sector care about a na, a rise of nation state attacks versus, terrorism, for instance?

[00:09:49] Mark Freedman: Yeah. Well, I think the private sector has become, you know, has, has gotten kind of dragged into this geopolitical conflict and the,

[00:09:58] Mark Freedman: the data is certainly there, right? You look at like, I. The CrowdStrike report, threat report or any of the other threat reports. And pretty much every year they'll say, you know, China linked or China backed cyber attacks on private sector companies, including private sector, critical infrastructure are, you know, up again this year or we're seeing more of it, or they, you know, and, so that I think is, you know, when we talk about cyber, a very obvious linkage where you see the, the Chinese and other adversaries attacking private sector companies with cyber means in order to advance their geopolitical objectives, and those geopolitical objectives.

[00:10:40] Mark Freedman: Are are various. So one which we saw a lot of, going back many years was Chinese IP theft, via cyber infiltration.

[00:10:51] Mark Freedman: we also see Chinese IP theft via insider threat. that is all in an effort to take American IP and Western IP and advance China's, kind of standing in the tech race, for the most part with the United States.

[00:11:09] Mark Freedman: more recently, and this will not be kind of news to I think any of your listeners, but, volt Typhoon is really an example of where the Chinese have moved beyond this, espionage effort, IP theft effort, and toward pre-positioning for sabotage. and. know, coming out of the counter-terrorism world and more kind of on the physical side than the cyber side.

[00:11:35] Mark Freedman: what's really concerning about vol typhoon to myself and others kind of in that community is that while the mechanism is cyber right, this is the kind of living off the land cyber techniques, impact is, you know, expected to have physical implications and potentially, safety implications, potentially fatalities.

[00:11:57] Mark Freedman: and so that's where, you know, we can talk about it in a cyber context, because it is a cyber mechanism, but in effect it's not necessarily different from if the Chinese were to plant a bomb. On a pipeline or, you know, at a utility substation or something like that with the intended effect of taking down critical infrastructure.

[00:12:18] Mark Freedman: And like, you remember AJ like that, that was a big discussion after nine 11, right? is the terrorism threat to critical infrastructure and you know, is Al-Qaeda gonna take down the grid and whatever. So we're dealing with the same thing. it's just that cyber has provided another, kind of TTP if you will, in terms of how you go about causing that effect.

[00:12:38] AJ Nash: Yeah. Well, and it's a good point. You know, you talk about, you know, the specific adversaries, right? And China, Russia, you know, Iran, North Korea, you know, are all in the game among others, obviously. but understanding. Their motives. Right? Which is, it's, this is a challenge I've had, like I said, I've been in the private sector now for, I don't know, nine years or so. it's always a challenge to talk to leadership about these large strategic pieces, right? Leadership in security, physical or cyber. more cyber though seem to be very focused on this technical, tactical, you know, operate, they want actionable. Everything's, everything's actionable, right? And I get it.

[00:13:10] AJ Nash: return on investment comes off of that, and there's a lot of ways to measure value, et cetera. but it's, it's often very hard to get some leaders at least to listen to strategic pieces because they can't necessarily do anything about it. Uh, you can explain 'em how they can, you know, reposition or rethink some of their security strategies.

[00:13:25] AJ Nash: But it's a hard piece. And when you start talking about things like the China five-year plan, for instance, which, listen, I, I worked that, you know, I worked China at one point in the government space. I love the five-year plan. I, I've never enjoyed an adversary more than one that'll tell us exactly what they wanna do for the next five years and what their product, you know, what their motives are.

[00:13:41] AJ Nash: And then we'll exactly follow through on it. Like there's no. Yeah, there's no misinformation with that. I mean, it's a roadmap. You know, I remember it's a couple of four year, uh, five-year plans ago now. But there was, you know, one that they were very concerned about healthcare as they have an aging population.

[00:13:54] AJ Nash: They were concerned about understanding credit worthiness and how to measure that better. They were worried about, you know, renewable energy and you go, okay, well great, if you're in the healthcare space, if you're in the renewable energy space, if you're in the credit space, the banking space in the us you should all be prepared for Chinese cyber attacks.

[00:14:06] AJ Nash: 'cause they've just told you what they want. And then of course they followed through and and did it and they went after those things. so I mean that's easier I find when I talk to some leaders to say, this is why you have to worry about China as a nation state, because I can show you this map. And sometimes you get some from some of the other ones, but it, it gets to be a lot of 'em just gloss over.

[00:14:24] AJ Nash: 'cause they just wanna worry about the tactical and the tactical and what's happening today, not why we should care about the shift, you know, North Korea. Why do sanctions against North Korea? Affect a private sector industry company in the US and trying to explain to 'em, well, when North Korea has sanctions, you know, their primary use of cyber is to raise money. And so obviously if there's sanctions, you can expect an increase in attacks as a result. 'cause they need to generate more money, which is why we're seeing things like going after cryptocurrency and crypto, markets and things like that, you know, or explaining that, you know, when Russia and you know, Ukraine turn into a sh shooting war.

[00:14:58] AJ Nash: What does that do, for you as a company? Right? Uh, do you have people there? Obviously, hopefully you care enough about your people, but how, what's the backlash gonna be for doing business with, Russia if they're seen as the aggressor or doing business with Ukraine as they're seen as being wrong in some way?

[00:15:13] AJ Nash: Right. And it, it tends to be very difficult to explain to leadership. I think, you know, are you having kind of a similar challenge with some of those discussions? Maybe I'm just not good at communicating. I need to improve.

[00:15:24] AJ Nash: Like, are you seeing some of that, or, or really in a grander question, I guess, how well are companies protecting themselves against these evolving threats?

[00:15:29] AJ Nash: You know, how, how receptive are they and what are they doing?

[00:15:32] Mark Freedman: No. Well, let me, let me answer the first question because I think you're, you're absolutely onto something. I mean, yeah, it's a constant frustration, for me and, and frankly like, for pretty much everybody that I talk to that's, that's in this space, both those by the way, who have come out of government and are maybe used to the more kind of strategic discussions that we had in government and those who don't come out of government and are just on the front lines of dealing with it all the time in the private sector, but, but are frustrated by the lack of kind of attention that it gets, from a senior level and, and through a strategic perspective.

[00:16:07] Mark Freedman: I think there are a number of reasons for that, but just to kind of, you know, kick one off using the example that you gave on North Korea, so. Let's look at that particular case sanctions on North Korea, the way that the privates that most private sector companies are going to deal with that or treat that issue.

[00:16:30] Mark Freedman: I think, and you tell me if, if you think I'm wrong, but I think they would view that through a compliance lens, and say, okay, do we have any, like, okay, so if, if you're in financial services, for example, you know that, then it would be a, you know, that would be an issue to be handled through suspicious activity reports and KYC and making sure that, you know, you've got all your A ML and CFT, kind of standards in place.

[00:16:56] Mark Freedman: So it would quickly go into that compliance kind of regulatory bin, right? And that's handled by a particular part of the business.

[00:17:04] Mark Freedman: Then what you're talking about is, okay, let's say that the United States decides to levy greater sanctions on North Korea at this point, that's basically impossible.

[00:17:14] AJ Nash: Right. What's left to, what's left to do right.

[00:17:16] Mark Freedman: You know, let's take the premise,

[00:17:18] AJ Nash: Sure.

[00:17:19] Mark Freedman: and so as a result of that, North Korea may increase, cyber attacks that have a financial motive,

[00:17:27] Mark Freedman: in order to compensate for that to achieve some sanctions relief, in

[00:17:31] AJ Nash: Yep. Sure.

[00:17:32] Mark Freedman: the part of the business that's handling sanctions compliance is gonna have no is, is really not gonna care about that.

[00:17:38] Mark Freedman: They're really not gonna think about that. That would be an issue for the CISO presumably, to think through, you know, do we need to, like to use the CISA term, like kinda shields up posture here, um, as a result of this. it might be an issue if the company has a geopolitical risk team that they might be following

[00:18:00] AJ Nash: Not many of those.

[00:18:01] Mark Freedman: but there's not, there are, there are not many of those and.

[00:18:05] Mark Freedman: Where there are those, I mean, I've seen, and, and I imagine you have too, inevitably then there's a thing of like, well, is this the role of the geopolitical team or is this the role of the cyber team? whether or not they work well together on that, depends on the organization and the relationships and whatever.

[00:18:25] Mark Freedman: but what I would say there is really not, unless this bi, unless that has been determined as a really huge strategic risk to the business, there is not gonna be a higher level conversation on that issue

[00:18:41] Mark Freedman: within the company.

[00:18:43] AJ Nash: Well, yeah. And, and so you mentioned like GRC normally gets this, right. Governments risk and compliance will get this piece and legal right, the, the sanctions piece to make sure that we're not violating sanctions, right. And they don't think about. The piece we're talking about, head North Korea is gonna ramp up operations, cyber operations, they're, they're not thinking that way 'cause they're only thinking about compliance and, and laws.

[00:19:01] AJ Nash: Meanwhile, the people that are responsible for the ramp up part probably aren't following sanctions regularly. That's the soc and, you know, security and ciso and, and a lot of those organizations don't invest time, energy, money people into looking at the larger geopolitical piece or the, the strategic piece.

[00:19:15] AJ Nash: So they don't even think of the sanctions. They may not even know they happen. Or if they do, they don't think of it in that context. So. The legal people have no reason to pass that to security 'cause they're not thinking about it. The security people don't be able to watch it. No reason to watch it. 'cause they're not thinking this is, you know, this isn't ones and zeros, this isn't what we do.

[00:19:29] AJ Nash: Right. And so there's this disconnect. And while it'll be self-serving, I'm gonna say it, I know it'll come up again as we talk further, but this again leans into a topic I've had for a few years about having a chief intelligence officer, uh, because that would be where this would go. That's the organization, the person and, and the role and then the organization that would follow all of these things.

[00:19:47] AJ Nash: And would be the translator, the person who could say, Hey, listen, sanctions results in sanctions on North Korea. Korea results in these things. And this needs to be fielded off to legal and compliance to make sure that we're not gonna break the law and get in trouble for export. Not that there's anything North Korea we'd send to anyway.

[00:20:01] AJ Nash: Now, and this needs to go over to physical security because these could be some concerns. And this needs to go over to cyber, you know, to CISO and, and the so, 'cause these could be concerns. Right. And nobody, to my knowledge, no company has that. Traffic, you know, has, has that traffic, cop has that, that informational traffic cop, that intelligence person coming in that oversees all of these things and could look at it and, you know, putting North Korea aside, it could be, it could be somebody else.

[00:20:24] AJ Nash: It could be, you know, the, again, the Russia, Ukraine war for instance. You know, was there somebody to, to advise the sea level. here's the likely impacts of this across your business from a legal compliance standpoint, from a physical security standpoint, from a cybersecurity standpoint, from a, from a.

[00:20:38] AJ Nash: Production standpoint and, and delivery, you know, from a marketing standpoint, all these different things, right? There really isn't, to my knowledge, any one person in a position to sit over all of those things and make those kind of assessments. And so you get these haphazard approaches and all experts in fragments that are all coming together with ideas and doing things and there's stuff falling between the cracks.

[00:20:58] AJ Nash: And there isn't a unified approach that I happen to be a big believer in the idea of a chief intelligence officer would solve for that. So anyway, that's a tangent a little bit, uh, drives us a little away from the question, but, which I wanna get back to, but just for anybody listening, this is why I talk so much about trying to unify those things.

[00:21:12] AJ Nash: 'cause you just made a good point that legal and compliance will look at this. Soc probably won't think about this. And so there isn't that connection until these attacks start coming. And for CISOs who want to be proactive, and everyone tells me they do. Then they don't wanna spend the time or money or energy and resources on the strategic piece, which is how you get proactive.

[00:21:31] AJ Nash: How do you know when North Korea is gonna ramp up their operations? We all know that they do financial. That's, that's their primary motive, uh, for cyber. But how do we know, or how, how can we, we don't know, but how can we project, how can we assess the likelihood that they're going to increase operations and who it might be against, if not for knowing all these big strategic pieces, you can say the same about China and the five-year plan, for instance.

[00:21:51] AJ Nash: So, you know, what are you seeing in that space again? what are companies doing well or not well when it comes to this stuff right now?

[00:21:59] Mark Freedman: Well, I think that. Companies increasingly are doing something in the geopolitical realm. So there was a, there was a Chamber of Commerce foundation report that came out just within the last couple of months where they, did some AI, natural language processing analysis of, it was either Fortune two 50 or Fortune 500, like 10 Ks, eight Ks, like kind of, you know, the, the SEC filings and disclosures, to analyze how much companies are talking about geopolitics or geopolitical issues.

[00:22:37] Mark Freedman: I don't have the numbers in front of me, but, suffice it to say that the, the study found that there was a marked increase in how much companies were talking in their disclosures about geopolitical issues over the last, I think they had dated it from 2019. So that's interesting, right? We were just talking about 2018,

[00:22:56] AJ Nash: Yeah. Right.

[00:22:57] Mark Freedman: and so, you know, very similar time period where they, they saw a real increase, in companies talking about that.

[00:23:05] Mark Freedman: Now, again, just to kind of take it back a minute to the, to the fee, the, the theoretical picture, right, of what's going on in the global environment and that shift to Multipolarity and whatever, there's a reason I, in my opinion, that companies are talking about that more because, and they, they may not know it because these companies, like, certainly the people who are writing 10 Ks, they're not, they're not like IR people, you know what I mean?

[00:23:30] AJ Nash: Mm, exactly.

[00:23:31] Mark Freedman: there's all this geopolitical stuff is going on. I don't know, why or what, whatever. But, but that's why, right? I mean, that, that's why the companies are experiencing all of these geopolitical challenges because the geopolitical environment is fundamentally more unstable over the last several years than it had been in the decades prior.

[00:23:50] Mark Freedman: so to answer your question, I do think that companies are finding different ways to address that geopolitical issue, whether that's hiring a geopolitical person or creating a geopolitical there was, Jamie Diamond just came out and JP Morgan is standing up a new geopolitical center that's gonna release some reports to advise JP Morgan clients on geopolitical.

[00:24:16] Mark Freedman: So I think that is. Really good and a sign of progress. I think though we're really in the wild West days of that, there's no professionalization or standardization to how companies do this.

[00:24:30] Mark Freedman: I think when you talk about a chief intelligence officer, whether you wanna call it intelligence or geopolitical or national security or what, you know, insert whatever.

[00:24:40] Mark Freedman: and I know, and not to dismiss your point, I know that

[00:24:42] AJ Nash: No, no, no. You're fine. You're

[00:24:43] Mark Freedman: Something particular about intelligence too. but I think actually the operative word there is chief.

[00:24:48] Mark Freedman: And so, you know, because, because a lot of times you'll have these units or that are stood up or individuals who are tasked with these responsibilities, but if they're buried somewhere within the bureaucracy, they're like three levels down from the chief security officer or, you know, maybe they're in the government relations team, but, you know, the government relations folks are like, what?

[00:25:08] Mark Freedman: Who are, what do you do? that's the challenge I think is that, mental model where companies are in terms of, Hey, we're a business, we're Fortune 500, say business.

[00:25:20] Mark Freedman: and all of a sudden we're dealing with all these geopolitical things. China's a major risk all of a sudden, you know, and I say, all of a sudden I'm being flipped.

[00:25:27] Mark Freedman: But you

[00:25:28] AJ Nash: Sure, sure, sure. They're just catching up.

[00:25:30] Mark Freedman: they're kind of catching up. They're trying to figure out what to do about it. but the best practices on how a company should do that in order to operate. As, you know, I often use this term of like actor on a geopolitical battlefield, that these private companies are now actors.

[00:25:48] Mark Freedman: And again, that's kind of a term borrowed from like IR theory. They're like, in the same way that states are actors on the chess board, companies are too. And they, that is not something that you can navigate by having like two geopolitical analysts that are like, you know, junior to mid-level people reporting somewhere in the security function.

[00:26:11] Mark Freedman: Right?

[00:26:12] Mark Freedman: That's something that you're only gonna be able to navigate when you have somebody who's speaking to those issues at the board level. or at the, you know, the executive team, the C-suite. Level. And to just take it one step further, I think that those conversations increasingly are happening at the board level.

[00:26:33] Mark Freedman: I think most of the time they're happening at the board level where somebody comes in, like some of the folks that we've got on our team, you know, former ambassadors or CIA Chiefs of station, and they'll come in and they'll do a board briefing and the board will sit en raptured because there's, whatever they've been discussing all day is far less interesting than like China and geopolitics and the Russia, the Ukraine war and whatever.

[00:27:04] Mark Freedman: But the follow through on like, okay, and so what does the company then do? What processes are put in place? What is implemented on a day-to-day basis, which I. part of the business is going to lead that effort and operate a whole of organization plan to address associated risks and opportunities that I think gets lost.

[00:27:28] Mark Freedman: So, so I think there's conversation at the high levels. I think there's some investment within companies. butI, think the implementation is really challenging.

[00:27:39] AJ Nash: Well, yeah. And so while you were talking, I pulled up this, this report you mentioned, so the, chamber of Commerce piece. 'cause I have

[00:27:44] AJ Nash: the advantage while you're talking. I have a little time on my hands over here to listen to you, but also I have the computer and, and keyboard

[00:27:49] Mark Freedman: You need, you need a guy like the, like Joe Rogan's guy. What's the, you know,

[00:27:54] AJ Nash: I, uh, I I do not listen to Joe Rogan, so I could tell you the guy, but,

[00:27:58] Mark Freedman: he has a guy,

[00:27:58] AJ Nash: everybody's got a guy, right? Everybody's got somebody, right.

[00:28:01] AJ Nash: So,

[00:28:01] Mark Freedman: stuff up while we're

[00:28:03] AJ Nash: exactly. Yeah. I'm, I'm, I get to be both. As it turns out, in this case, I was able to, and it is an interesting report, and I looked at the 10 K filing, so I. it goes back to 2009, in fact.

[00:28:13] AJ Nash: So 2009. And what they did is they did an assessment as, as you mentioned, of the totality of all the words in these 10 Ks, and did an assessment to just see how much was related to geopolitics, basically. So, uh, about a half of, 1% of all sentences in the 10 Ks, it was, uh, fortune two 50, by the way they used for this, about a half of 1% in 2009. it's up now to, I don't know, 1.7%, something like that. so it's, you know, it's significant for sure. but the interesting thing, and I, I'm gonna question you on this one. So it, there was obviously a big spike after COVID, not surprisingly. So between 2009 and 2019, it roughly doubled, from half a percent to a full percent. You know, just 1% of all conversation was geopolitics. It shot up. obviously with COVID, shot up almost doubled yet again, and it's kind of fluctuated since then, relatively high. So I don't know. How much of this is gonna be sustained versus I, I worry about some regression. Certainly there was a pattern again from 2009, 2019, it doubled.

[00:29:06] AJ Nash: So there was a pattern, but 1% of the totality of sentences in a 10 K isn't what I would call a really significant number. which makes me wonder, I mean, they're taking it more seriously, but how much more seriously and how long will that be sustained? Which by the way, our questions, you certainly can't answer.

[00:29:21] AJ Nash: I mean, they're just there, there's data here. So it's interesting to see, and I don't think it should dominate a 10 K for anybody who knows what a 10 K is. Most of that is just the financials of the company and stuff. it's always gonna be a relatively small percentage. That's not what a 10 K is designed to do. But it is designed to talk a bit about the company's, you know, focus and future and, and some of the impact they expect to see economic and otherwise, and the geopolitics, I still think probably is more impactful than what's showing up in these, in these 10 cases right now. But, I mean, what are you thinking on that in terms of, you know, do we think this is sustainable?

[00:29:49] AJ Nash: is this more related to COVID and, and maybe the current, you know, war say the Russia, Ukraine War. Are people gonna stick with this and understand this is a continual thing. 'cause this has been a problem before COVID, before the war. It's always been a thing, it just became something that companies seem to be taking more seriously.

[00:30:03] AJ Nash: But do, do you think we're gonna see regression once, you know, pandemics pass away, assuming they do, and, and, you know, wars subside, or, or is this gonna become the new normal? Do you think people are gonna internalize this as this is how it's always gotta be? or is it gonna go back to just being like, you know, guns, gates, guards, you know it, and, not worry about what's going on beyond the horizon?

[00:30:22] Mark Freedman: I do think it's the new normal, and I say that as somebody who has plenty of reason to be pessimistic about it because. We kind of come out of this world, you know, in the government world, national security world, and then you talk to a bunch of folks in private sector. And, it has been a process for me of being like, okay, we're really not there in private sector in terms of our understanding of this.

[00:30:45] Mark Freedman: And so I have reason, I think, to be pessimistic. That being said, I think that the, you know, there's this quote, which is like so trite at this point that I hate to use it. but it just came to mind. but it's, and I don't remember who said it, so I

[00:31:02] AJ Nash: That's okay. I'll find it. You just gimme the quote. I'll probably find it for you.

[00:31:05] Mark Freedman: that, you may not care about geopolitics, but geopolitics cares about you.

[00:31:09] AJ Nash: Mm-hmm.

[00:31:10] Mark Freedman: to that effect. And I think that that phenomenon is going to force companies to just deal with it, more and to factor it in more and to probably build more. professionalized processes around how to manage it. And it goes back to like, how do you predict the future, right? If, if you talk to anybody who's in futures and stuff like that, you look at underlying trends, drivers, and if you look at the underlying trends and drivers around this, nothing is gonna, nothing would point to this regressive in terms of the threat and risk faced by companies when it comes to geopolitical issues.

[00:31:49] Mark Freedman: Most companies that are dominant today, were built in an era of sort of like unabated us, globalization, US elect globalization.

[00:31:58] AJ Nash: Mm-hmm.

[00:31:59] Mark Freedman: and so it had been taken for granted for many years that to the extent you needed to worry about political risk. And you remember now everybody talks about geopolitical risk for a long time.

[00:32:10] Mark Freedman: People talk about political risk and the reason they talked about political risk. As opposed to geopolitical risk, I would say is that when they were talking about political risk, they were talking about, okay, we've got, you know, oil equities in Venezuela and that might be nationalized. as opposed to, so, so in, in other words, it was highly, geographically bound, right?

[00:32:32] Mark Freedman: If you were gonna invest in a certain country, you might have political risk associated with that,

[00:32:38] AJ Nash: Yep. Sure.

[00:32:39] Mark Freedman: um, typically from expropriation. Um, and then obviously there was, terrorism was considered a form of political risk after nine 11. but that was pretty capably handled, I think, by the physical security and corporate security department because it was a.

[00:32:54] Mark Freedman: It's a physical security issue, right? Like, you know, get, get your bollards in place and, you know, figure out how to kind of do business in Iraq or whatever you needed to do. But that's very different from what we're dealing with now. This geopolitical risk is all encompassing. It's this global contest for power between the United States and China that, I am not an expert in predicting the length of bipolar contests, but I don't think anybody in Washington thinks that that dynamic is gonna go away for.

[00:33:32] Mark Freedman: Potentially a decade or decades. So, you know, you're looking at a, you're looking at a 10, 20, 30 year time horizon of this being the new normal. So, yeah, I mean, I think they're, you know, of course you could have regression in the way that companies invest in it and treat it, but I think that they will ultimately lose for that because I don't think the threats are gonna recede.

[00:33:56] AJ Nash: Yeah. Well, I think, I mean, that's true. I think one of the challenges we have is, is we're shortsighted, as a just our culture, right? It's just how we're set up. It's how our, certainly our economic culture, but in general, we're, we're shortsighted. Nation, you know, we think, you know, quarter to quarter, you know, businesswise, you know, people, something sometimes have to think, you know, month to month, day to day.

[00:34:14] AJ Nash: We, we, how it might be. We live very much closer to the moment. China's China thinks in generations, that's their cultural setup, right? They think in generations, they think centuries, they don't think about doing things so they can improve their own lives today necessarily, generally speaking.

[00:34:28] AJ Nash: Obviously there's exceptions to this, don't get me wrong, but, it's more about generational, you know, where do we want to be in 500 years as a nation, then broken all the way back down to these five year planes, of course, but it's all for that longer purpose. and those diametrically opposed thought processes, make for some interesting, you know, discussions on where things are gonna go. if you look at what China's done, you know, in the South China Sea for instance, it's a very slow and steady march, you know, to building fake islands basically, and dredging up, you know, ground to create islands to then claim it as territory to suddenly claim more, you know, territory in the water as a result, right?

[00:35:00] AJ Nash: That's a long plan. if somebody had to sit down and go, Hey, what's the ROI gonna be on that in the next quarter? You know, how much are you gonna spend to that? What are we gonna get back on it? it would never happen. we have a tough time with some of these, I think, and it's even crept more into the government space, into, you know, how much are we spending?

[00:35:14] AJ Nash: How, what's the ROI gonna be, what's the value long term? by the way, just as a side note, the quote you were looking for, from empirically is actually, originally it's been paraphrased a lot, but, it's just because you do not take an interest in politics doesn't mean politics won't take an interest in you. and does apply now to geopolitics and, and many people have, have. Applied this thing. So it's a great quote. it's good to note that just 'cause you don't care about something doesn't mean you shouldn't, or it doesn't mean it, it won't continue to work. You can't put your head in the sand and pretend these things aren't real and, and hope they go away.

[00:35:39] AJ Nash: And it's a good example when you talk about, you know, companies and geopolitics, those who choose to ignore this are doing it at their own peril. It's not as though China won't take an interest in you as a company because you just go, ah, we're not worried about China. if you have ip, they want, you're a target.

[00:35:52] AJ Nash: If you know it, it's a problem, right? if you have, you know, financial interests that can help North Korea, they're gonna go after you. If you're, you know, tied to something that's got the geopolitical risk, like you were talking about, you know, in, in different areas of the world of conflict. Pretending it doesn't exist or just being ignorant to it won't keep you protected. on the flip side, if you have really bad security, maybe you won't know when you're attacked either. You know, companies tell us, you know, if you ever hear a company that says, we've never been breached, I would suggest that their security team should probably have somebody do an audit.

[00:36:17] AJ Nash: There's a good chance that they have been and they don't know. it's not a great brag point to say you've never experienced a breach. but, so, alright, we've talked about this is the new norm. what's the answer going forward then? What do companies need to do to continue to improve upon this, to grow their knowledge, to, to get more proactive to, you know, obviously I'm gonna throw out Chief Intelligence Officer 'cause that's what I always do at this point.

[00:36:38] AJ Nash: but what, putting that one aside for a minute, or actually adding to it. 'cause you're smarter than I'm and don't have better ideas. What should companies be doing? What are we doing to prepare for this next 20, 30 year new normal that you're talking about? You know, to stay competitive and ahead before you lose all your IP and all your access and all your everything and, and sync as a company and as a country.

[00:36:57] Mark Freedman: Yeah, I mean, I think that to. Start small, and I think it's important to start small. and I, I just wanna comment on what you said about businesses needing to show ROI on this. it's easy for you and I to sit here as individuals who are not employed by large corporations, and don't need to be the ones who are going to the board and making the case at least directly.

[00:37:27] Mark Freedman: Maybe

[00:37:27] AJ Nash: Mm-hmm.

[00:37:28] Mark Freedman: with that, but, it's easy for us to kind of sit here and shout into our collective void about everybody needs to be

[00:37:37] AJ Nash: better.

[00:37:38] Mark Freedman: right, but, let's meet folks, let's meet companies kind of where they are. That is how it's, right. They do think short term. And so then in, in companies where, you know, you have to show.

[00:37:50] Mark Freedman: Return on investment on a quarterly basis or something like that. How do you justify something like this? So I think, and, and what is it? Right? So I would say start small. I would say if, you know, who are we talking to here? Who are your listeners? CISOs maybe, or, you know,

[00:38:09] AJ Nash: Yeah, I would think so. Ciso, C levels, you know, you know, any a practitioner's all the way to the top hopefully. But yeah, I would think for this conversation we're probably dealing with more senior people and probably senior Intel folks too. People running Intel teams or trying to build out their intel teams.

[00:38:22] Mark Freedman: So, you know, I would say for those individuals I would establish, kind of national security or geopolitical line of effort within the business. And this is a recommendation that also came out of a benchmarking report that we did with the Interstate Natural Gas Association of America. It was released in in April.

[00:38:46] Mark Freedman: And when I say line of effort, that that's kind of chosen intentionally because that could be one person full-time responsibility. That could be a team full-time responsibility. It could be somebody who takes it on as essentially another duty as assigned, right?

[00:39:03] Mark Freedman: But somebody or people within the company should be tasked with, Hey, you are the guy or the girl to track national security geopolitical, what is going on in this big picture environment relative to our company?

[00:39:24] Mark Freedman: And start to advise others in the company about it, right?

[00:39:30] Mark Freedman: And at the, at the outset, there may be no formal processes associated with that. There may not be a formal title associated with that. There may not be a Chief Intel officer or chief geopolitical officer. Anything like that. but there's somebody, there's somebody who says, you know, either I've taken it on myself or I've been tasked by leadership to take a broader view

[00:39:54] Mark Freedman: of these issues.

[00:39:55] Mark Freedman: So we go back to the North Korea example, we were talking about in that example, this person would be responsible for tracking what's going on north with North Korea, politically geopolitically, security wise, for engaging across the organization on that so that they are talking both to the legal and compliance folks and to the cyber folks, and they can kind of step back and have that broader view.

[00:40:24] Mark Freedman: there are a lot of, kind of analogies, I think in the US government system for that kind of role,

[00:40:31] Mark Freedman: right. So. It's why we could debate. I'm sure you and I could debate for a couple hours, probably, CIA and OD and I and reform after nine 11 of the intelligence community. But let's, let's put put to the side for a second, at least my personal views on OD and I.

[00:40:50] Mark Freedman: and the idea was that, you can't have 1670, however many, there are now intelligence agencies who are not effectively coordinated, because things will slip through the cracks.

[00:41:04] Mark Freedman: they'll miss things. One hand isn't talking to the other, and that creates a much higher risk environment. So you create OD and I right,

[00:41:14] Mark Freedman: at a similar level, uh, or, or kind of a sim similar structure.

[00:41:18] Mark Freedman: And of course it predates 9/11, but you have the National Security Council system led by the White House, and the intent there is to ensure coordination across the agency. So not the, not just the intelligence agencies, but the policymaking agencies in the form of the State Department and the DOD, et cetera.

[00:41:35] Mark Freedman: those bodies OD and I and NSC playing that kind of coordination role. and then staffing that information up to senior decision makers, whether it's the director of National Intelligence or the President,

[00:41:48] AJ Nash: Mm-hmm.

[00:41:49] Mark Freedman: enables a holistic view of issues that may seem unrelated. But in fact are related. and so, you know, we could go through a number of examples on the national security side where that's really important.

[00:42:09] Mark Freedman: Right. One of the reasons that Odie and I was stood up in the first place, nine 11 obviously. So you have on the one hand the Central Intelligence Agency, which is responsible for overseas intelligence, for example, monitoring, Al-Qaeda overseas, and then you have the Federal Bureau of Investigation responsible for, law enforcement domestically.

[00:42:34] Mark Freedman: Right. And so when nine 11 happened, and I'm saying this not for you, but for the benefit,

[00:42:40] AJ Nash: Right. I'm sure. Yeah.

[00:42:41] Mark Freedman: familiar with it, when nine 11 happened, there were concerns, you know, as articulated in the nine 11 commission report. That CIA and FBI were not communicating

[00:42:52] AJ Nash: Mm-hmm. Mm-hmm.

[00:42:53] Mark Freedman: part of the reason that nine 11 occurred and was not prevented.

[00:42:58] Mark Freedman: and so there you have an example where, you know, you've got two different agencies, two different sets of roles and responsibilities, unless they are forced to talk to one another, and the barriers for talking to each other are reduced. Bad things happen, right? And so you can see, and, and by the way, now that applies to all other national security things too, right?

[00:43:20] Mark Freedman: Like China, okay? So, so China is using cyber, they're using insider threat, they're using foreign interference. All those things might be handled by different parts of the US government, unless there is a convener to bring that together, track it as a holistic picture and staff information up for decision making, you're not gonna be able to address that issue or that risk effectively.

[00:43:41] Mark Freedman: Right?

[00:43:42] Mark Freedman: So it's the, it's applying that model. To companies and companies already have, their own version of this, which is essentially, you know, board committees and subcommittees, right? That there, there are governance processes for a number of issues across companies to bring in the various stakeholders and staff information and decisions up.

[00:44:06] Mark Freedman: The problem is, again, going back to that lack of professionalization, lack of standardization when it comes to navigating these geopolitical, national security, big picture, security, whatever you wanna call it, issues. the governance processes are really, really immature on the whole across businesses.

[00:44:21] Mark Freedman: And I'm sure you know, there are outliers and there are some businesses that are well ahead of the pack on this, but generally speaking, the private sector is fairly immature when it comes to that. so. A long-winded way of answering the, the question that, you know, I would say in the, in the first instance, identify somebody who, they might not be the, you know, they're not the national Security Council of the whole company yet,

[00:44:48] AJ Nash: Right?

[00:44:48] Mark Freedman: but when it's very difficult to justify resources and identify somebody who can be like the kernel, the like proto, like, like single cell organism of that thing within the business.

[00:45:05] Mark Freedman: And if they are, I was gonna say competent, but really to, to do it right, they would need to be exemplary. It would need to be an exemplary individual

[00:45:14] Mark Freedman: who can take that unstructured problem set and drive it forward. And if they are successful, the company in the form of the business units and the relevant stakeholders who are consulted and the C-suite and the board will start to see value.

[00:45:31] Mark Freedman: And as that value is demonstrated, you can justify the resources to grow it.

[00:45:36] AJ Nash: Yeah. And I agree. You know, like I said, I, you know, I, I've banging the drum for years about this chief intelligence officer position. I certainly agree with the concept of, you know, plant the seed, you know, germinate, you know, let it grow. No, it's very unlikely anybody's gonna go, okay, we're gonna make a big change.

[00:45:48] AJ Nash: We're gonna hire a sea level and we're gonna, you know, make this huge organizational shift. They're probably not going to, if they've had nothing to begin with. Right. But I will say two pieces, uh, that would concern me with this concept. I think they're, they're a good idea. You just gotta make sure people are aware is one, as you said, you're gonna have to find a pretty special talent for this.

[00:46:03] AJ Nash: 'cause you need to find somebody who can speak basically all the languages, can speak physical security, can speak cybersecurity, can speak the legal and compliance issues, you know, can speak executive protection. that's not an, and national security and geopolitics and all those things. That's not an easy person to come by. Then you're going to have to, frankly, sadly, that's the easier part I think of the two parts here. 'cause the second part is, yeah, you're waiting for this, right? Okay, so first we gotta find the unicorn. Let's go look for that. That, and that's the easy part. The second part is you gotta empower them. So, you know, making people listen is a challenge.

[00:46:34] AJ Nash: So if you hire somebody, and you know, this is why I've, I've advocated for this chief intelligence officer role, because if you hire somebody at such a low role, let's say, as you said, you know what, if this is just a secondary job, we add to, Hey, we've got an Intel analyst. They're really smart, that came outta the government space.

[00:46:48] AJ Nash: They, you know, they know a bunch of these things. they're an analyst in the soc, you know, an Intel analyst on the team. We're gonna give 'em this as a, as their, okay, you're geopolitics now. It's gonna be incredibly difficult to get that person. So for that person to get the people they need to listen to actually listen, you

[00:47:01] AJ Nash: know, the c the ciso, maybe you don't even get that far, you know, just some directors, senior directors.

[00:47:05] AJ Nash: But you got the ciso, you got, you know, getting the C level to listen, getting the, the board to listen. It's just gonna be very hard. because, you know, that's just the culture. Unfortunately, there aren't a lot of, you know, c levels that care about this junior intel analysts position in the SOC who they've never met before.

[00:47:19] AJ Nash: And that's wrong and it shouldn't be that way, but it is. it was one of the nice things in the intel space when I was in the government, at least specifically in the Air Force, you could have two stripes on your arm and be very junior, but if you knew the right answer, the leadership was going to listen because, we had different motives and objectives.

[00:47:33] AJ Nash: First of all, you know, bombs on targets, it's different than business. saving lives is different than business. The other aspect that went along with it that we didn't have to worry about was fiscal responsibility, I suppose, or, or you know, profit, right? So I. You know that, I think that becomes the other, uh, big challenge in this is, you know, you talk about, you know, the need for OD and I and I, and I believe the concept, good concept, you know, whether it's applied properly, different discussion.

[00:47:57] AJ Nash: But yes, we had things falling through the cracks. Somebody's not gotta be able to translate all that stuff and, and make it work. But the government also can just reorganize and decide to do that and add a whole nother layer and add a whole bunch more cost because it's the government and they print money. companies are loathed to do anything that costs money, that doesn't, you know, track directly to, to ROI, which. Brings us back to your point, which is start really small. And that brings us back to the other point of how do you get people to listen? How do you find the unicorn? Like it, it seems to be this, this endless cycle of small would be great if you had the unicorn and people would listen.

[00:48:25] AJ Nash: So that person's gotta be very heavily empowered and that normally comes with a title, which then makes it bigger by definition, you know? So I don't know how to thread that needle. I think you're right. I think starting small can work and will work as long as that person is the right person, which there are few of those and is empowered. That people will actually listen to that person, you know? So whether it's a, you know, an advisor to the CISO for instance, or advisor to the chief security officer, something like that. Uh, you know, so it's gotta be something that people will actually listen and take note. otherwise you're just whistling, you know, in, in the graveyard basically.

[00:49:00] AJ Nash: And nothing's changing. and I feel like that's where we're at in a lot of these cases. Even teams I've seen, when they have geopolitical, it's like, oh, that's nice to know. You know, that shows up in a brief someplace and somebody, well, that's interesting. But it seems like it's still the less important thing for a lot of folks, and I get it.

[00:49:15] AJ Nash: Everything can't be done in one priority. There's, you know, there's an endless supply of very important things. For anybody out there listening for any CISOs specifically, but anybody listening who says, I wanna be proactive. If your next answer when I ask the question, what are you doing in terms of intelligence, is, is less than stellar.

[00:49:29] AJ Nash: You don't wanna be proactive like you were wishing for it, but you're not planning for it. And that I get a lot of those conversations. You wish you were proactive, but you certainly don't wanna invest in being proactive. You're just hoping it'll happen magically. And then blaming whatever vendors you're hiring for, not achieving it because you didn't, you didn't really invest in this at all.

[00:49:45] AJ Nash: Proactivity takes time. The reason the government is the best in the world, that proactive is because they spend an absolute ton of money and time and resources on trying to be proactive because their motive isn't about trying to get the next quarterly report to look goods. They can make more money and their stock will go up.

[00:49:58] AJ Nash: Their motive is let's make people not make, make our people die less sometimes make the adversaries die more. and continue our national power. It's a different objective and therefore a different set of investments on strategy. And until you can invest strategically like that, it's very, I find it to be incredibly difficult, to make this work so. Again, I think you're right for what it's worth as far as the

[00:50:20] AJ Nash: path forward, I just don't know where to find those people and get them empowered.

[00:50:23] Mark Freedman: yeah, I mean, so first of all, I totally agree with you, right? if I were.

[00:50:27] AJ Nash: the clip I'm taking outta the show, by the way, that's gonna be the headline of the show that goes, I totally agree with you. All right, cool. We're, that's the clip?

[00:50:34] Mark Freedman: if we were sitting with, you know, a ciso, or, you know, head of external affairs or the chief security officer or whoever right now, and the question was, okay, well do I start small? Do I bring in somebody at a senior level? bring in somebody at a senior level, right? I, I only make the start small recommendation because I don't think I've ever had that conversation.

[00:51:00] Mark Freedman: if the choice is not between a junior person and a senior person, but the choices between. Tasking it to somebody on your existing staff versus doing absolutely nothing at all.

[00:51:10] Mark Freedman: Then I would say task it to somebody junior on your staff. The point being that anything is better than nothing, because at least you may end up with somebody who can take the ball and run with it.

[00:51:24] Mark Freedman: and for that, I would say, look, you have a lot of people coming outta Washington, a lot of people coming outta government. a lot of people with degrees in national security who would love to go and do something like this at a private company

[00:51:40] AJ Nash: True.

[00:51:41] Mark Freedman: love.

[00:51:41] AJ Nash: it's a great time for it.

[00:51:43] Mark Freedman: I, and, and those people for the most part, if they have the right background, they're not gonna be experts in.

[00:51:50] Mark Freedman: Cyber EP compliance, whatever, but they may be the right kind of person to be able to navigate that multidisciplinary work.

[00:52:01] AJ Nash: well, yeah, especially if they've got briefing experience. Like for anybody who's looking at

[00:52:04] AJ Nash: resumes or whatever you want great intel folks. Look for anybody who's done a lot of heavy briefing, especially at high levels

[00:52:09] AJ Nash: because they've had to learn to polish their language, they've had to learn to communicate, they've had to learn on the fly, some other things that are outside of their depth because you have to, in those communications because you have to trust that that SES or that, you know, four star or whatever, they're gonna ask you a sniper question, you better be prepared for all the possibilities. so I would say for, you're right, there's a lot of great talent coming outta the government right now, specifically look for people with Intel experience who've done briefings and communications, specifically for this kind of a role. They may be great writers, but if they can't leave their desk and tell people you're still gonna have a really hard time.

[00:52:41] AJ Nash: 'cause flat language on paper, digital or otherwise, is just not as convincing as somebody who can stand in a room and take the fire and convince somebody they know what they're talking about. Because that person that's listening to that analyst has to decide. I'm gonna invest my decision making power in that person's opinion. and that doesn't happen on paper.

[00:53:00] Mark Freedman: Yeah, and, and I would say, you know, de definitely agree with you. you definitely have some people coming outta the Intel community who are. You know, analysts who like to write and sit at their desk and do, you know, that is not the right fit for this type of role because you need somebody who can go and do the relationship building.

[00:53:19] Mark Freedman: And so, you know, somebody who has interagency experience, you know, who did a lot of j if they come outta the Intel community, did a lot of JDAs or like, you know, and they don't need to be an Intel person. They could be, you know, one of the national security agency. But that kind of experience working, you know, look like I was a state department per, I wasn't a foreign service officer, but, you know, a state department person, but needed to work with a lot of different cultures.

[00:53:42] Mark Freedman: You know, worked with the agency on a regular basis, work with the bureau on a regular basis. A lot of different cultures, very different backgrounds of people. but you know, that, that kind of ability to bring that together because that's the same thing you would be doing in a company, right? The, the, the folks who work in the GCs office are a different breed than the folks who work for the ciso.

[00:54:00] Mark Freedman: And you gotta

[00:54:00] Mark Freedman: be able, you gotta be able to talk to 'em both and get 'em both bought in.

[00:54:04] AJ Nash: Yep. Well, yeah, and the physical security executive protection team, assuming it's not a CSO, that's a whole different group, trigger pullers, you know, going back to like military days, government trigger pulls, you know, uh, people who wear guns are not the same as desk analysts. they just, it's different cultures and you gotta be able to speak across both because otherwise you'll lose respect for whichever side you can't speak to. they'll lose respect for you, I should say. And then you're out, like, all these people have to come together. You gotta get the tech people together. You gotta get the trigger pullers together. You gotta get the policy people together, the lawyers together. You gotta have somebody who's got some persuasive skills. and they're just, you know, there aren't a lot in the Intel community. Intel's full of introverts, but there are some, certainly there are people who did a lot of briefing working. Like I said, interagency, you said JDAs. It's joint duty assignments for anybody who doesn't know that, people who've been around like they, and. Talk to people at different levels in different focus areas. You know, there's 17 agencies in the intelligence community. We don't all speak the same language. We don't all see things the same way. but if you've worked in a handful of them or some joint operations, you have a chance to understand them a little bit better. so yeah, I think it's a great idea. I do, for the way forward, it's good to see that there's this much focus on geopolitics. It is growing. I hope it continues to, because as you said, as Peral said, right, you don't have, if you're not interested in politics, it still may be interested in you.

[00:55:13] AJ Nash: So, listen, we gotta. Get to the end here. I mean, I could do this all day and I would, but, we should get into the, to the closer of the show, right? So, for anybody who wants more information, by the way, on, on this, you can reach out to Mark Friedman. I'm sure we can get you contact information.

[00:55:26] AJ Nash: You can reach out to me if you need as well. You know, if you're looking for, for more opportunities to understand this better or work with his organization, understand how to protect yourselves better and, your company better, or build better solutions, you know, better services or get services from him. I can certainly hook you up. I, I highly recommend Mark, you heard his resume at the front end. You've heard him talk the whole episode. he knows what he's talking about. And these things aren't going away like this. Geopolitics is not going to disappear, and it does affect all of us, all the time, whether we believe it or not. but anyway, so to move into the, the closing of the show though. So the name of the show is Unspoken Security. with that in mind, you get the same question everybody gets. Nobody gets to duck it. Nobody has so far at least ducked it. tell me something you never told anyone before. Something unspoken.

[00:56:04] Mark Freedman: Yeah, so I had to think about this one. and we'll see how, how you

[00:56:07] AJ Nash: Well, it can't be classified, so it's a little tougher when you, when I'm dealing with

[00:56:10] Mark Freedman: no, this,

[00:56:11] Mark Freedman: yeah,

[00:56:12] AJ Nash: yeah, don't tell me that.

[00:56:13] Mark Freedman: this is firmly, firmly outside of the realm of work. So I've got an almost 2-year-old son and, when he was like a really young infant, like, you know, still kind of in, in an our bedroom before he had moved into his own room, I was often the one who was in there getting him to sleep,

[00:56:31] AJ Nash: Hmm mm-hmm.

[00:56:32] Mark Freedman: before he went to sleep at night because I, I had developed this really good reputation for getting in there and, you know, rocking him to sleep and whatever.

[00:56:39] Mark Freedman: and the secret,

[00:56:40] AJ Nash: a minute. You're the baby whisper of the family is

[00:56:42] Mark Freedman: yeah, here's, here's, here's the

[00:56:43] AJ Nash: you're gonna tell me the secret.

[00:56:44] AJ Nash: Now everybody should pay attention 'cause everybody needs this. All right, go for it.

[00:56:47] Mark Freedman: uh, I don't think my wife listens to my security focus podcast, but if she does, she'll

[00:56:51] AJ Nash: I'm gonna find her and send her this.

[00:56:53] Mark Freedman: I was so bored rocking him to sleep for like an indefinite period of time. That I would listen to podcasts and I found that, when I would listen to Pivot, which, for your tech listeners may, may know Scott Galloway and Kara Swisher,

[00:57:06] Mark Freedman: when I would listen to Pivot, he would, it would like knock him out.

[00:57:10] Mark Freedman: So I ended up just like listening to Pivot every night, as I rocked him to sleep. And there was something about like Scott Galloway's like screaming,

[00:57:19] AJ Nash: Oh my God.

[00:57:20] Mark Freedman: I.

[00:57:24] AJ Nash: This is, an interesting, I don't know if I were Scott and Kara, I don't know if I'd, I'd be like, I mean, on the one hand like, Hey, I got a listener. I got a subscriber, a follower. That's great. On the other hand, I'm not sure this is the review I'm going for. Yep. We are so interesting. The baby falls asleep while we talk. I mean, I'll tell you, me personally, I'll take all the listeners and subscribers possible. If you're all just using it to put your baby to sleep with my voice, I'm fine with it. I won't be insulted. But, it would be interesting, if Scott, Scott or Kara ever heard this, which seems unlikely, I'd love to get their reaction on how they feel about being the podcast to put babies to sleep.

[00:57:53] AJ Nash: Now, is this something you've passed on to others? Is this work beyond your child or just, is it, is your kid the one

[00:57:58] Mark Freedman: no, I, this, this was my unspoken thing, but now it's out in the public, so maybe, maybe your listeners will, try it out and you'll get some feedback about

[00:58:05] AJ Nash: All right. Everybody's find the Pivot podcast. It's Tuesdays and Fridays. New York Magazine actually, is this the provider, by the way? Kara Swisher and Scott Galloway. I have no connection to them or anything, but I guess for those of you with small children, you have a hard time putting asleep at night.

[00:58:17] AJ Nash: I guess. Check out, pivot and see if that also works on yours. maybe this ends up being a new trend. Good for them. They'll end up with more, more listeners putting babies to

[00:58:26] Mark Freedman: I enjoyed it. I, I enjoyed it.

[00:58:29] AJ Nash: It's a good podcast. Yeah, it's not just for the babies. It is a good one. Alright, man. Well that's a good one. I appreciate it.

[00:58:35] AJ Nash: That's, I've not heard it before, so that's a new one. and now we'll see what, what people do with that information. But listen, Matt, we gotta, close it out here. I, I wanna thank you for taking the time to come on. We could have talked about this obviously all day, all night. it's interesting to see how things have pivoted and changed in security and where the future is, you know, in terms of nation states rising up and being a bigger concern, you know, in national security than terrorism, at least for the moment and what it means from the private sector.

[00:58:58] AJ Nash: So, any last words from you before we, uh, before we let everybody leave for the day?

[00:59:02] Mark Freedman: No, just really appreciate it and thanks for having me on aj.

[00:59:06] AJ Nash: All right, well thanks again, mark. I appreciate it. And with that, that has been another episode of Unspoken Security.

[00:59:12] 