The Entropy Podcast
Hosted by Francis Gorman, The Entropy Podcast brings together intelligence community veterans, post-quantum cryptography pioneers, CISOs, business leaders, and frontline practitioners for unfiltered conversations on the threats, complexity, and geopolitics shaping our world.
Past guests include former senior CIA officers, leading cryptographers, digital forensics experts, and security and technology leaders from across financial services, critical infrastructure, and government, voices rarely heard together in one place.
Each episode goes beyond headlines to explore how cyber risk, emerging technology, and geopolitical instability are reshaping the way organisations operate, compete, and defend themselves. Expect candid insight on quantum risk, nation-state threats, AI, espionage, financial crime, business resilience, and the human dimensions of leadership.
Designed for CISOs, board members, founders, technologists, policy thinkers, and the professionally curious, Entropy sits at the intersection of business, technology, and cybersecurity a space for genuine conversations with unique minds, the kind that don’t fit neatly into a press release.
The name Entropy reflects the growing complexity and unpredictability of the systems we depend on, and the discipline required to lead through them.
Disclaimer: The views and opinions expressed on The Entropy Podcast are those of the host and guests in their personal capacity and do not represent the views, positions, or policies of their respective employers, affiliated organisations, or any government body. Guest appearances do not constitute endorsement by the host, and the host’s commentary does not constitute endorsement of guests’ views. Content is provided for informational and educational purposes only and does not constitute professional, legal, financial, or security advice.
One of the topics I cover a lot on this show is post quantum readiness, I believe awareness of this emerging technology is key for a safer world into the future. To support this awareness I have built a free resource to help you explore the world of quantum and learn as you go. You can find it here: www.postquantumready.com
Buy Our Swag:
We now have some slick new swag you can purchase through our Esty store.
https://theentropypodcast.etsy.com
Watch and Subscribe
You can also watch full episodes and exclusive content on our YouTube channel:
www.youtube.com/@TheEntropyPodcast
Achievements
The Entropy Podcast delivered strong chart performance throughout 2025, demonstrating consistent international reach and listener engagement.
- Regularly ranked within the Top 20 Technology podcasts in Ireland.
- Achieved a Top 25 placement in the United States Technology charts, holding the position for one week.
- Charted internationally across multiple markets, including Israel, Belgium, and the United Kingdom.
This performance reflects sustained global interest and growing recognition across key podcast markets.
Audio Quality Notice
Some episodes may feature minor variations in audio quality due to remote recording environments and external factors. We continuously strive to deliver the highest possible audio standards and appreciate your understanding.
The Entropy Podcast
Is Your Cyber Recovery Plan Just Fiction? with Francesco Chiarini
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In this episode of the Entropy Podcast, Francis Gorman speaks with Francesco Chiarini about why cyber resilience must go far beyond traditional cybersecurity, backups, and compliance checklists.
Francesco breaks down the uncomfortable reality that many organisations are not as recoverable as they think. From ransomware spreading at scale to compromised identity systems, encrypted tooling, failed assumptions, and board-level misunderstandings, this conversation explores what really happens when the worst-case cyber scenario becomes real.
The discussion covers cyber resilience versus cybersecurity, APT-grade attacks, out-of-band communications, crisis operating models, data vaulting, DORA, recovery planning, minimum viable organisations, and why resilience has to be designed before disaster strikes.
This is a direct, practical conversation about building organisations that can continue operating when the normal playbook no longer works.
Key Takeaways
Cyber resilience is not the same as cybersecurity. Cybersecurity focuses heavily on prevention and protection; cyber resilience asks whether the organisation can still operate, recover, and adapt when prevention fails.
Backups alone do not equal resilience. Francesco warns that recovery depends on architecture, governance, people, tooling, identity, sequencing, and validated operating models not just stored copies of data.
Organisations need to stress-test their assumptions of recoverability. If Active Directory, communications, patching tools, or recovery platforms are compromised, the real question is: what still works?
Boards often misunderstand resilience as a technology problem. Francesco argues that technology matters, but cyber resilience also requires clear accountability, capability maturity, skilled teams, and rehearsed decision-making.
Cyber recovery investment is often too low. Many organisations spend heavily on prevention, detection, and protection, while underinvesting in recovery capabilities and last-resort operating models.
Data vaulting and isolated recovery are essential, but incomplete on their own. They must sit inside a wider cyber resilience strategy that includes threat modelling, minimum viable operations, interoperability, deception, and recovery sequencing.
Soundbytes
“Your cyber recovery plan is only real if it still works when everything around it has failed.”
“Backups are not resilience. They are only one piece of the survival plan.”
“The worst time to design recovery is during the incident.”
“Cyber resilience starts where cybersecurity assumptions break.”
“If your identity stack, tooling, and communications are gone, what still works?”
“Being compliant does not mean being resilient.”
“Recovery is not just a technology problem. It is an organisational capability.”
“Most companies know how to prevent. Far fewer know how to restart.”