📘 Interview Summary:

In this special midday broadcast of the CyberHub Podcast, James Azar welcomes back cybersecurity legend Roger Grimes to discuss his 16th book, Taming the Hacker Storm: A Framework for Defeating Hackers and Malware. The episode unfolds as a candid, insight-packed conversation that blends hard truths, technical frameworks, and bold calls to action for the future of cybersecurity.

Roger’s premise is clear: The internet is broken. Identity is the root issue. And we already have the tools to fix it—we’re just not using them.

🔑 Key Talking Points:

1. The Internet’s Crime Problem

• Over half of the internet’s traffic is malicious, with 57% of emails and two-thirds of traffic serving malicious intent.

• Cybercrime is now a $6 trillion economy, making it the third-largest global “economy” after the U.S. and China.

• Despite this, society remains oddly desensitized. “We’re still okay with the president’s chief of staff being hacked.”

"We all see the forest fire coming. We feel the heat. But no one's willing to turn around and face it." — James Azar

2. The Root of the Problem: Identity

• Grimes asserts that the lack of identity verification is what allows hackers to flourish. On the internet, anyone can pretend to be anyone.

• “On the internet, robbing a company carries less risk than robbing a bank in real life. There’s no consequence.”

• His core solution: Pervasive Selective Authentication, a framework where entities can choose what level of identity assurance they require for interaction.

  "The reason why hackers and malware are so prolific is because we can't identify who people are. Period." — Roger Grimes

3. The Real ID Model

• Roger proposes a three-tier identity model:

  • Real ID: Strongly verified, in-person identity (akin to a passport or CAC card).

  • Pseudo ID: The current internet standard (email/password).

  • Attempted Anonymity: No verified identity, but still traceable.

• The model allows entities to require specific identity types for interactions, e.g., a bank requiring Real ID for wire transfers, but not for balance checks.

4. Trusted Tech Ecosystem

• The framework includes Trusted Devices, Trusted Operating Systems, and Trusted Apps, relying on secure enclave and TPM chips already in modern devices.

• Grimes advocates for a Global Trust Assurance Service, akin to a DNS for identity reputation, marking contact points (emails, URLs, phone numbers) as Green, Yellow, or Red based on trustworthiness.

5. Why It Hasn’t Happened (Yet)

• Roger is blunt: “There’s zero appetite in business to do this—until a 9/11-scale cyber event happens.”

• He believes mass change will come only when something catastrophic forces collective will, like shutting down the stock market or Taylor Swift ticket sales.

  "Nothing we are doing today is stopping how bad it is—it's all failing. And no, it's not a money problem. It's a will problem." — Roger Grimes

6. Business Buy-In and the Role of Security Leaders

• James and Roger agree: security must align with business goals, or it gets ignored.

• Roger notes that solutions like FIDO and passkeys are great but underused; companies need a unified identity strategy to reduce complexity and risk.

• “We don't need more endpoint solutions. We need structural change.”

🔚 Final Takeaways:

• We don’t need new tech. We need global agreement. Ninety percent of Grimes’ solution already exists—it just isn’t being implemented.

• Real change requires user accountability, vendor participation, and government cooperation—and the security industry must drive the narrative.

• Security practitioners must stop playing whack-a-mole and start pushing for systemic change, even if it’s unpopular or difficult.

🔥 Action Items:

• Read Taming the Hacker Storm – Available on Amazon.

• Reassess your MFA implementation—don’t rely on SMS.

• Push vendors and identity providers toward real assurance-based models.

• Support the idea of identity-based risk governance in your organization.

• Start conversations around global identity trust frameworks—especially in finance, e-commerce, and healthcare.

🎧 Subscribe to CyberHub Podcast and follow Roger Grimes on LinkedIn for more ground-shaking insights.

Stay cyber safe.

🔔 Subscribe now for the latest insights from industry leaders, in-depth analyses, and real-world strategies to secure your digital world. https://www.youtube.com/@TheCyberHubPodcast/?sub_confirmation=1

🚨 Important Links to Follow:

👉Website:

CISO Talk by James Azar

The latest news and topics from a cybersecurity practitioners discussing Cybersecurity, Privacy, Technology & Geo-Politics. I am a two times Founder and Chief Information Security Officer. All opinions are my own

👉Listen here: https://linktr.ee/cyberhubpodcast

✅ Stay Connected With Us.

👉Facebook: https://www.facebook.com/CyberHubpodcast/

👉LinkedIn: https://www.linkedin.com/company/cyberhubpodcast/

👉Twitter (X): https://twitter.com/cyberhubpodcast

👉Instagram: https://www.instagram.com/cyberhubpodcast

🤝 For Business Inquiries: info@cyberhubpodcast.com

=============================

🚀 About The CyberHub Podcast.

The Hub of the Infosec Community.

Our mission is to provide substantive and quality content that’s more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

Tune in to our podcast Monday through Thursday at 9AM EST for the latest news.