Today, I’m joined by Chris Hughes, the CEO & Co-Founder of Aquia, a cybersecurity consulting firm supporting secure digital transformation for U.S. federal, state, and defense agencies. He previously served as a Cyber Innovation Fellow at CISA.Chris is also the co-author of Software Transparency and Effective Vulnerability Management (Wiley) books, and hosts the Resilient Cyber podcast and Substack. He's also a frequent speaker and commentator on AppSec, software supply chain security, and DevSecOps.In this episode, we unpack why compliance doesn’t equal security- but in its absence, the state of cybersecurity would be worse. We explore how federal cybersecurity policy shapes startup innovation, and whether the future of security will be defined more by lawyers than by security practitioners.

We also reflect on how the skillset in cybersecurity has evolved - from deep technical expertise to a growing emphasis on soft skills and communication. Dive right in! Connect with Chris: https://www.linkedin.com/in/resilientcyber/Connect with Alexandra: https://www.linkedin.com/in/alexandra-charikova/This podcast is brought to you byEscape: https://escape.tech — Modern DAST built to test for business logic MentionedCybersecurity's Delusion Problem : https://www.resilientcyber.io/p/cybersecuritys-delusion-problemSoftware Transparency: Supply Chain Security in an Era of a Software-Driven Societyhttps://www.amazon.com/Software-Transparency-Security-Software-Driven-Society/dp/1394158483Effective Vulnerability Management: Managing Risk in the Vulnerable Digital Ecosystemhttps://www.amazon.com/Effective-Vulnerability-Management-Vulnerable-Ecosystem/dp/1394221207Resilient cyber: https://www.resilientcyber.io/Cyber for Builders by Ross Haleliuk → https://www.cyberforbuilders.com