No Trust Podcast – From Special Ops to Cybersecurity: A New Perspective

From the Battlefield to the Boardroom

Cunningham, a retired Navy cryptologic chief, set the stage by clarifying what “special operations” really means. While most people picture Rangers or SEALs, his work was in signals intelligence and cryptologic support—helping find the bad guys so front-line operators could do their job. That background, he explained, built a mindset of situational awareness, adaptability, and resilience that carries directly into cyber defense.

“The value of situational awareness and deterrence is huge. I tell my kids it’s okay to put off a vibe of ‘don’t mess with me.’ I’d rather people think twice than catch me off guard.” — Dr. Zero Trust

Stress, Planning, and the Uncomfortable Truth

The conversation drew sharp parallels between military training and corporate cybersecurity:

• No plan survives first contact. Like in combat, an organization’s response plan rarely plays out as written once a ransomware attack hits.

• Get comfortable being uncomfortable. Cunningham pointed to SEAL training as an example of preparing for chaos. Companies need to simulate that stress in red-team scenarios rather than checking a compliance box.

• Leadership under fire matters. Too often, corporate leaders freeze or squabble during a crisis. “You need a single throat to choke,” Cunningham argued. “If you don’t know who’s in charge, chaos takes over.”

The Human Side of Zero Trust

Beyond technology, the episode dove into people and teams:

• Houseplants vs. growers. Some employees are content doing one thing well—like a houseplant in the sun. Others crave growth and learning. Both can play a role, but leaders must know the difference.

• Trust and rotation. Cunningham recalled moving every 3–4 years in the Navy, constantly adapting to new teams. The key, he said, is a shared mission and clarity of roles—something many corporate orgs still lack.

• After-action reviews. In the military, daily debriefs are standard. In cyber, Cunningham says they’re rare but essential: “Everyone should know what worked, what didn’t, and how we’ll do better next time.”

A Ransomware Walkthrough

In one of the episode’s highlights, John pressed Cunningham to walk through a fictional ransomware crisis. His response echoed a field mission plan:

1. Identify command. Who’s in charge?

2. Isolate and contain. Even if it means “cutting cables with an axe.”

3. Keep the business running. Decide what can stay operational.

4. Recover and learn. Share the full story with the entire organization.

“You’re going to triage anyway. Better to be decisive, isolate the infection, and move forward than to chase endpoints while the enemy advances.” — Dr. Zero Trust

A Lighter Side: Tacos, Golf, and StratCon Dreams

Of course, no No Trust episode ends without a few fun detours. The group laughed about John missing dinner together at China Poblano in Vegas after Black Hat 2025, swapped golf stories (St. Andrews, Pinehurst, and the bucket-list dream of Pebble Beach), and even floated the idea of hosting a StratCon security conference at Pebble—if only a sponsor steps up.

Why Listen

This episode with Dr. Zero Trust is a masterclass in blending military discipline with corporate cybersecurity realities. From situational awareness to leadership under fire, Cunningham offers both humor and hard-earned truths that every security leader should hear.

👉 Listen to the full episode on the No Trust Podcast

Full Transcript (Edited for Clarity)

Jaye

Welcome back to another episode of No Trust. Today we’re joined by a good friend of the show, Chase Cunningham—better known as Dr. Zero Trust. We’ve talked Zero Trust with him before, but this time we’re diving into his military background in special operations and how that mindset translates to cybersecurity.

Dr. Zero Trust

Thanks for having me. I’m Chase Cunningham, retired Navy cryptologic chief. I was a cryptologic collections operator, which basically means we gathered signals and intelligence, packaged it, and passed it along for targeting. I wasn’t a SEAL or Delta operator—people sometimes assume that—but special operations includes a wide range of roles. My work was in the intel and cryptologic side, supporting those frontline teams.

Jaye

So, you were finding the bad guys.

Dr. Zero Trust

Exactly. We collected from classified and unclassified sources—social media, news, technical signals—and put that together for missions. The interesting part is we weren’t tied to one service. Even though I was Navy, I supported Army, Air Force, Coast Guard. We were kind of the “redheaded stepchildren” of the military—nobody claimed us, but we were always at the table.

John

Before we dive into cyber, I have to call you out. You two went to my favorite Vegas restaurant, China Poblano, without me.

Jaye

For the record, it wasn’t planned! Chase was already there. I just showed up.

Dr. Zero Trust

(Laughs) True story.

Situational Awareness

Jaye

Let’s talk mindset. Does that training stick with you day-to-day?

Dr. Zero Trust

Absolutely. Situational awareness is constant. For example, walking to Black Hat, I kept my head up, hands out of my pockets, sunglasses on, and pace deliberate. That way, even when someone acting erratic came at me, he ignored me and targeted someone less aware. Deterrence matters.

John

How does that apply to cyber?

Dr. Zero Trust

In engagements, I push for red-team ops. Day one, I’ll drop a ransomware scenario on the table and watch how they respond. Stress reveals weaknesses. Plans fall apart fast, and it’s important to practice that chaos before it happens for real.

Planning, Pressure, and Leadership

Jaye

But you can’t prepare for every scenario. How do you train people for the unknown?

Dr. Zero Trust

It’s about mindset and muscle memory. Like SEALs say: get comfortable being uncomfortable. Train for stress so your response becomes second nature. When the helicopter crashed during the Bin Laden raid, they executed without panic. In cyber, it’s the same: things will go wrong. You need leaders who don’t fold.

John

Have you seen overplanning hurt organizations?

Dr. Zero Trust

Yes. Too many cooks in the kitchen. The key question: who’s in charge? If that’s unclear, chaos follows. And sometimes it’s not the C-suite. Junior staff often step up better than executives under stress. Leaders should accept that and let capable people lead.

Teams and Trust

Jaye

In corporate life, turnover is high. How do you build trust in teams that haven’t worked together long?

Dr. Zero Trust

In the military, we rotated every 3–4 years. New teams, new units. What kept us aligned was mission clarity. In corporate, too many orgs lack a clear mission. Without that, alignment is tough. Also, in the military, if someone was incompetent, you could remove them. That accountability doesn’t exist as cleanly in corporate life.

John

So, for a security leader, what’s the takeaway?

Dr. Zero Trust

Three things:

1. Make sure your “alphabet soup” staff can actually do the job.

2. Align everyone on the mission of the organization.

3. Empower decision-making during crises. No debates when the house is on fire.

People and Growth

Jaye

What about hiring? CISOs often haven’t done every job under them.

Dr. Zero Trust

That’s fine—but today, with tools like ChatGPT, there’s no excuse not to at least understand the basics. Leaders who refuse to learn beyond their silo are a risk. I call it the houseplant theory: some people are happy just converting CO₂ to oxygen in their sunny spot. That’s fine, but you invest in the people hungry to grow.

Jaye

But sometimes you do need both. Diversity of drive and temperament can balance a team.

John

True—though you don’t want a houseplant in your incident response war room.

After-Action Reviews

Jaye

The military does hot washes and debriefs. Should we be doing more of that in cyber?

Dr. Zero Trust

Yes—regular cadence, not just post-mortems after big incidents. In my last SOC, we did two debriefs daily. Everyone shared what they saw, so no surprises hit from left field. In cyber, we should be excellent at this. Too often, we aren’t.

John

But what about blame culture?

Dr. Zero Trust

Leaders need to take accountability. “The buck stops here.” If staff fear punishment, they’ll hide information. Leaders must shield them, own the fallout, and drive learning.

Crisis Walkthrough

John

Walk us through a ransomware attack—special ops style.

Dr. Zero Trust

Step one: appoint a commander. Step two: isolate the infection—pull cables, shut systems down, whatever it takes. Step three: decide what stays online to keep the business running. Step four: recover, learn, and share the full story with the entire organization.

Jaye

But companies hate disruption.

Dr. Zero Trust

Disruption will happen anyway. Better to triage decisively than chase the problem while it spreads.

Closing and Fun Questions

Jaye

One lesson from the military that applies directly to cyber?

Dr. Zero Trust

Two is one, one is none. Always plan for failure, build redundancy, and assume things will go wrong.

John

On the lighter side—what’s your favorite dish at China Poblano?

Dr. Zero Trust

The birria tacos. Done right, they’re unbeatable.

Jaye

Best golf course you’ve played? And your bucket-list course?

Dr. Zero Trust

St. Andrews for the experience. Pebble Beach is still on the list.

John

We’ll make StratCon at Pebble happen someday… with the right sponsor.

Dr. Zero Trust

(Laughs) If anyone wants to sponsor us, let’s talk. And if you’re listening, please consider donating to a veterans charity—I’ll connect you directly.

Link here - Vets

End of Transcript