BTR: Tabletop Theater and the "Skeleton Key" Scare
Robb Boyd goes behind the scenes of WWT's Cyber Resilience show. Featuring former NSA Director Rob Joyce and WWT’s Madison Horn, the episode explores why organizations are "resilient on paper, but fragile in practice" and the looming threat of the Quantum "Skeleton Key".
There is a specific kind of adrenaline that hits when you’re mid-session with a former Director of the NSA and a National Security Advisor and the conversation gets so good you decide to throw away the outline entirely.
That was the vibe behind our latest research episode on Cyber Resilience. I was joined by Rob Joyce, who recently retired after 34 years at the NSA, and Madison Horn. When you have guests who can pivot from discussing the geopolitical pre-positioning of nation-state actors to the "absurd" computer-controlled Christmas light show in their own front yard, you just get out of the way and let them cook.
From "Moats" to "Muscles"
The core of this discussion—and what I’m still chewing on—is the distinction between Security and Resilience.
As Madison noted, resilience is a mind shift. It is the move from the myth of "I won't get breached" to the reality of "When I get breached, how do I make it the least destructive event possible?". Rob backed this up with a blunt reality check: most organizations are "resilient on paper, but fragile in practice".
We spent a lot of time talking about "Tabletop Theater"—those security exercises where everyone wins and the good guys always catch the bad guys by lunchtime. Rob’s take? You have to practice failure. You have to ask the uncomfortable 2:00 AM questions:
- Who has the authority to shut us down?
- Do we pay the ransom?
- Will leadership back me when I pull the plug?
The Quantum "Skeleton Key"
The part that actually gave me a chill was the discussion on Quantum Computing.
Most people think Quantum is just about someone reading your old emails a decade from now. But Rob clarified the stakes: it’s about Identity. Quantum computers can act as a "skeleton key" into the authentication systems that underpin the entire internet. If an attacker can authenticate as anyone, your walls don't matter—they already have the keys to the kingdom.
Behind the Glass
On the production side, this one was a nail-biter. I’m editing a bit differently now—leaning into a tighter, more documentary-style focus—which means I’m hunting for those raw, unscripted stories.
We actually had a moment during the recording where I thought we lost the audio files entirely. Madison’s "Upload Complete" notification was the most beautiful thing I’d heard all day.
The big takeaway? Attackers are lazy. They don't need "Red Bull and exotic hacks" anymore; they just need AI agents to jiggle every doorknob until one clicks. If you aren't sweating the details of your identity inventory today, you’re just waiting for a very "brutal" after-action report of your own.
If you want to move past the "Tabletop Theater" and start building a strategy that survives a real-world 2:00 AM crisis, I highly recommend watching the full conversation. We dive much deeper into the Cyber Resilience Maturity Model and the specific steps organizations are taking to bridge the gap between being resilient on paper and being resilient in practice. You can catch the complete episode, "Cyber Resilience: Why Security Fails When It Matters Most," over at WWT.com: https://www.wwt.com/video/cyber-resilience-why-security-fails-when-it-matters-most.
Thanks for watching!
