Welcome to The Lock & Key Lounge, the official podcast from ArmorText, the leader in secure out-of-band communications. Each episode brings you into the conversation with the sharpest minds in cybersecurity, law, critical infrastructure, intelligence, and government. We go beyond the headlines and vendor buzzwords to unpack real-world challenges—from incident response and cybercrime innovation to legal landmines, boardroom decisions, and threat intelligence at scale.
How Grid Exercises Shape Real-World Resilience
May 21, 2025
The reliability of the electricity sector is increasingly tested by both physical and cyber threats. Large-scale exercises like GridEx have played a critical role in shaping how industry leaders, asset owners, and operators respond to crises. In this episode, we sit down with Jesse Sythe, Program Manager for GridEx at E-ISAC, to discuss the role of these exercises in enhancing industry-wide resilience.
We’ll explore how GridEx has evolved over the years, the thought leadership that has emerged from key coordinating bodies like the ESCC, and what it takes to ensure executive-level engagement in response and remediation. With GridEx VIII on the horizon, Jesse will share insights into the most pressing threats facing the sector and how lessons learned from these exercises can be applied beyond the grid to other critical infrastructure sectors.
We’ll also address the recent policy changes affecting the ESCC and what that means for industry coordination going forward.
Navigating Threat Intelligence Sharing in Uncertain Times
May 08, 2025
First, we’re joined again by Joe Slowik, formerly a Principal Critical Infrastructure Threat Intelligence Engineer at MITRE and now Director for cybersecurity alerting at Dataminr. Joe’s career spans the U.S. Navy, national labs, and private sector security teams—where he’s led efforts to track adversary behavior and build resilient cyber defense programs.
He recently joined us for a previous episode of The Lock & Key Lounge, and today’s conversation picks up where that one left off—so if you haven’t already, be sure to check it out for added context.
We’re also joined by Tim Chase, Program Director at GRF, who leads the Manufacturing-ISAC and the Energy Analytic Security Exchange. Tim has built some of the most effective threat-sharing communities in the country—connecting private sector operators with government partners in real time.
We’ll talk about how those communities are built, what trust looks like in practice, and why threat sharing is no longer just a best practice—it’s a business imperative.
What Happens When Government Steps Back
May 06, 2025
Now, on this episode, we’ll be exploring a question that has been on a lot of people’s minds — What happens when the federal agencies tasked with cybersecurity begin to pull back? As workforce reductions hit CISA and the Cyber Safety Review Board is disbanded, many are left wondering how critical infrastructure and national cybersecurity posture will adapt. In this episode, we speak with Joe Slowik about the real-world consequences of these decisions, what gaps they leave behind, and whether the private sector can step in effectively.
We’ll also explore how threat actors like Salt Typhoon and Volt Typhoon fit into this new landscape, and hear Joe’s reflections on transitioning between the public and private sectors during a time of instability.
Signal-gate Unlocked: Striking the Balance Between Secure Communications and Legal Oversight in Government
May 01, 2025
While this episode of The Lock & Key Lounge was initially slated to continue our discussion with Marisa on the advisability of using consumer E2EE apps like Signal for government communications, recent developments from ‘Signal-gate’ compel us to focus sharply on the serious legal and operational pitfalls exposed by such guidance. Today, we’ll delve into how these recommendations, aimed at bolstering operational security, clash with the intricate requirements of laws like the Presidential Records Act and broader operational security concerns that extend beyond mere encryption.
Why Enterprises Simply Can’t Take CISA and the FBI’s Guidance at Face Value.
April 30, 2025
After the Salt Typhoon breaches in telecom, both the FBI and CISA urged Americans—especially businesses—to use consumer end-to-end encrypted messaging apps for greater data security. However, other federal regulators (e.g., DOJ, SEC, FTC) have made it clear that ephemeral messaging can land corporations in hot water if key data is lost or destroyed. In other words, enterprises could unknowingly violate recordkeeping, discovery, and compliance obligations if they adopt ephemeral messengers (Signal, WhatsApp, iMessage, etc.) without implementing robust retention or governance. We’ll explore these conflicting signals and ask how companies can protect themselves.