In This Story
US intelligence is the key to maintaining national security, state welfare, and peace across the land. David Ramadan takes a deep dive into how decisions are made at the highest levels of government with Andrew McCabe, former Deputy Director at FBI, and Gregory Crabb, former CISO at USPS. They explore how their neighborhood friendship and bike rides have given birth to groundbreaking ideas on securing the nation’s mail and elections. They also share insights into their biggest intelligence policy challenges and how they handled them, the current state of our election security, and what they would do if given the chance to become US cyber czar for a day.
Listen to the podcast here
State Of US Intelligence With Andrew McCabe & Gregory Crabb
This episode brings together two experts who have shaped national security, cyber defense, and crisis response at the highest levels of government. My first guest is Andrew McCabe, former Deputy Director of the FBI, where he spent over two decades leading counter-terrorism, national security, and complex criminal investigations. He served as acting director of the FBI in 2017 and is my colleague. He teaches here at the Schar School at George Mason University, bringing frontline experience into the classroom.
Our second guest is Greg Crabb, who began his career at the Department of Energy before joining the US Postal Service. He built a specialty in cyber investigations, eventually becoming the Chief Information Security Officer for the US Postal Service. He led the response to the 2014 China breach and ensured the USPS could securely handle the massive surge in absentee ballots during the 2020 elections. He is the Founder and President of 10-8 Cyber, advising companies and investors on cyber defense, intelligence, integration, and insider threat issues. Together, we'll explore intelligence, cybersecurity, leadership, and the realities of making decisions at the highest levels of government.
Gentlemen, welcome.
David, it is great to be here with you and Greg.
Thanks for having us, David.
Greg And Andrew’s Professional Journey And Neighborhood Friendship
Thanks for joining me. All right. Let's start simple. Give us the quick versions of your professional journeys.
I'll start us off, David. I was an FBI agent for 21 years. I served in the bureau. I started as a field agent in New York City, and then had the very lucky, fortuitous opportunity to serve at every level an agent can serve in the FBI. I finished up as deputy director and did a three-month stint as acting director in 2017.
The first half of my career in New York was all criminal work. I focused on Russian organized crime. In 2006, I came down to headquarters and started doing national security work. It was mostly terrorism for the first few years that I was down here. I had a great opportunity to see both sides of the bureau, both the criminal investigative side and the national security focus side.
Greg?
Thank you for having us, David. For my journey, I started with a law enforcement organization that's associated with the United States Postal Service, and that's the US Postal Inspection Service. The Postal Inspection Service investigates mail fraud, mail theft, and bombs in the mail. My specialty was cybercrime. I began cyber investigations long before it was a buzzword in Washington.
I took that journey from investigating Eastern European organized cyber crime in the early 2000s into Washington, where I took over the US Postal Service’s Information Security Practice in 2014. That was following a China attack against the US Postal Service, where I built an intelligence-driven security program capable of protecting well over a million assets, which is this national institution, the United States Postal Service.
Thank you. Now, let's make it personal. The two of you share some history. How did you meet?
Full disclosure, we are very good friends and also neighbors. We moved into the same neighborhood that we both still live in, which I will not specifically identify because I'm not crazy. We met when Greg's wife came down to welcome us to the neighborhood and brought a plate of cookies. I thought, “If these people have this many cookies, this is a friendship that I need to develop for my survival here in the neighborhood.”
Cookies in the suburbs of Washington, DC?
That's right.
We're not in a little town away in rural America.
No, but it feels that way here sometimes. We became friends right off the bat. We were both 1811s in federal parlance, which means gun-carrying federal agents. Correct me if I'm wrong here, Greg. We were both early in our leadership careers. I'd come to headquarters that year to work down here in the head shed. Greg was making the same moves in his organization.
We're both big cyclists, and we started riding together. We had this riding group every Sunday morning. We'd go out with a few of our other neighbors. It seemed pretty quickly that, right off the bat, Greg and I would always gravitate to the back of the crowd where we could ride along for hours, talk to each other about work, and share experiences about challenges we were having at work. We were figuring out how to best lead people and mentor employees, deal with tough bosses, and think through problems and challenges. We were coming up with solutions to issues we had at work.
How much did you ask him to run background checks on for you, Greg?
I already had access to CJIS through the Postal Inspection Service, so I didn't have to have him do any background investigations for me. It was great. Usually, I was struggling to keep up with him on the bike, so that's
That's not true.
It's always fun to get out and go for a long ride with Andrew, that's for sure.
Expediting Background Checks Through Electronic Fingerprint Capture
David, your joke is incredibly well placed because that is a perfect example. Greg and I, after years of doing this, were talking one day on a ride about Greg's wife, who was getting certified as a public school teacher. I was asking about how that process was going. He mentioned that it had been slowed down because the criminal records check they do for all teachers was taking a long time to get back from the FBI.
In those days, we had pretty much transitioned to all electronic fingerprint capture at police stations, FBI offices, and every place else. To do this as a private citizen was still the old way. You had to go to the police station and ask to be fingerprinted. They would do it on a paper card, and the card would get mailed to the bureau. It's not a high-priority matter. We started talking about, “How could we figure out how to get an electronic capture into a place that any citizen could access so that you could take what took two weeks for the FBI to process on a paper card?” At that time, we were doing electronic processing in six seconds or less.
You’re lucky to get it done in two weeks. My wife had to wait fifteen weeks to get it back. It was a horrible customer service perspective.
It was terrible. We thought, “We have the electronic technology to do it? What would be the place that any person in the United States could walk into anywhere? What's the retail environment for that?” It's the United States Post Office.
31,000 retail locations. The passport facilities that the post office hosts allow any citizen, generally speaking, to get to a post office within fifteen minutes of their house. It's a government office that's right in your backyard. It was the perfect problem set and opportunity to bring fingerprint collection and identity services into communities around the US.
I took up the banner within the post office, and Andrew within the FBI, and did a couple of meetings of the minds out at CJIS. We took a trip out to West Virginia to see how all of the magic was done and whiteboarded out what we could do. As Andrew said, in seconds on an electronic collection, we can get back the specific criminal history for any citizen.
Is that the case now? Can citizens go to any post office and start a background check?
Yeah. It started with 2 locations, and now it's over 1,000 locations across the US where citizens can go to have their fingerprints collected. They can get their own criminal history back or it can be electronically provided to whoever requests that with the consent of the person that gets their fingerprints collected.
They walk in, they initiate it, and they'll give you information on where to send it to, whether it be to their employer or somebody else?
Yes.
That’s fantastic. I did not know that.
It’s a great resource to expedite. In our use case, it was being able for my wife to become a substitute teacher. Many other use cases have come out from a national background and identity verification purpose.
That is an exclusive United States federal and local jurisdiction background check, right?
Yeah. That's the way the III system works. NCIC, which is the system that the FBI runs out of its division in West Virginia, the CJIS division, is where every police entity and every state feeds their criminal records into one database. You can check someone's criminal history, which covers wherever they may have been arrested or encountered law enforcement around the country. That's how police have been doing it for decades. You have the ability to check your own records by walking into the post office.
Why do you need fingerprints to do that? Why couldn't it be looked up by name, social, or other ways of doing it?
It can be. That's typically the way that you do it. Let's say you're doing an investigation, and you're in an FBI office. You’d have the NCIC technician in the field office. You'd give them a name and date of birth, and they would run that person. If you're trying to find out the physical person who's in front of you, what their record is, and you want to know exactly and not run any risks of people misrepresenting themselves, you do it off their fingerprints. You can do it in other ways, too. You can identify people with all sorts of biometric indicators, but the basic system of reliable identification has been around since the early 1900s, 1920s, or something like that. The 1930s were the fingerprint identification index.
Another aspect of that is also that any of that information is knowledge-based identification, where a biometric, such as a fingerprint, is the actual human who presented themselves for the verification process. There's a lot of value to that from a Know Your Customer perspective.
Responding To 9/11 Attacks And Bolstering Counterterrorism Efforts
Thank you. That's very interesting. Let's learn further and in the bigger picture from your experiences. You both worked at the top of your organizations during high-pressure moments. Let's talk about the biggest policy challenges you faced. What was it? Andy, do you want to go first on this one?
Yeah, sure. For me, there's probably no bigger national security challenge than what we went through after 9/11. I say we, meaning the FBI, but the entire country. We were trying to reposition our national security structure to protect against this new and particularly dangerous threat that time posed by Al-Qaeda. Now, we have other actors like ISIS and others that fill in that spot.
I was an agent in New York City. I was a street agent working on the Russian organized crime squad. I was also on the SWAT team. Like every agent in New York City, of which there were about 1,100 at that time, which is the largest field office in the country, we were all working 9/11 as soon as the planes hit the towers. We continued doing that for months, and some people for the rest of their careers, being at ground zero, watching, and participating in the response to that crisis.
Over the next few years, I was gravitating towards terrorism and joining that fight in what we call the Counterterrorism Division in the FBI. It was an opportunity to see that massive battleship of a US agency, the FBI and DOJ, trying to adapt to a new reality, new demands, and new threats that required a different way of doing business.
Tweet: The counterterrorism efforts of the US government adapted to new reality, demands, and threats after 9/11. The FBI matured as an intelligence-driven organization.
We matured as an intelligence-gathering and intelligence-driven organization. It was time that we stepped up to our responsibilities as members of the United States Intelligence community. We had to develop new working relationships with foreign partners and with partners right here at home who are Intel partners, not criminal investigative partners. There's a difference in DNA there and an approach to things that was a bit rocky at first, but in seeing that evolution take place over decades, it's remarkable to look back and see how far the organization has come.
There are a lot of lessons to be learned from that on the leadership side, like how you could change course so dramatically, what the impact of leadership is, and what is the most effective way for leaders to try to move an organization that's steeped in its own culture and traditions. Getting to see how Director Mueller handled that situation, not just in the days, weeks, and months after it happened, but for years, and shifting his own perspective and the organization with it. The way he communicated that message so insistently to the workforce. It was a remarkable time to be certainly in law enforcement, but more specifically in the national security fight.
Those moments define leadership. I'm glad you brought it up to that. You talked about Director Mueller's leadership during that time. We all remember President Bush's moment when he went down to ground zero and said, “The entire world will hear you soon.” I remember those times clearly. As you know well, Andy, my background is Middle Eastern. I'm an immigrant from Lebanon. Those were tough times for my family and all of us immigrants, specifically those who came from that part of the world.
Simultaneously Overseeing Teams In DC And The Middle East
I remember President Bush went down to the mosque in DC the day after as well, and made sure to say that that wasn't an attack by Islam, but an attack by individuals against this country. All of those are important in big leadership moments. I want to digress for a second, Andy. You and I met when you were in charge of the DC office.
That's right.
Part of that area, which wasn't just the DC region, included the Middle East. Talk to us a little bit about that dynamic. How does the Director of the DC office, and I apologize if I'm not getting the title correctly at that point, be in charge of the DC region and the Middle East, and why?
As a little bit of background, there were, at that time, 56 FBI field offices in the United States. It's down to 55 now because some moves were made in the offices in Tennessee. Nevertheless, there were 56 field offices then. Of those 56, each 1 of those is run by a special agent in charge, except for the 3 largest field offices, which are New York, Washington, DC, and Los Angeles. Three offices were run by assistant directors in charge because they're so much bigger with the volume, the number, and the amount of leadership you have there.
In the counterterrorism world, there are what we refer to as CONUS cases. Those are cases in which the subjects are located here in the Continental United States. There are what we call OCONUS cases or extraterritorial cases. Those are FBI cases in which the subject of investigation is located in a foreign country. It's not practical to have all 56 field offices working foreign cases, so we made a decision early on in the counterterrorism division to divide the world into four parts and assign the three biggest field offices, which were New York, LA, and DC. Miami was added to that group.
Each office had a particular region in which they were responsible for all of the extraterritorial cases. The field office, which we call Washington Field, was responsible for the Middle East. They had all of the cases coming out of Iraq, Afghanistan, Syria, all over the Arabian Peninsula, and Turkey. I'm trying to think of all the rest of the countries that were in that scope. It changes periodically.
New York had Western Europe, Russia, and also Africa. Los Angeles had Asia and all the CT cases that were taking place at that time in places like Indonesia, the Philippines, and other places. Miami took care of South and Central America. That's how you ended up, as in my case, the head of the Washington Field office, day-to-day running and overseeing cases that were focused on subjects who were killing people in Afghanistan or what have you.
To clarify for our readers, I said we met when Andrew was in charge of the Washington field office in the Middle East. I was not a subject of his investigation. I was in an office in Virginia. We had a local issue with the Indian-American community in the area. I reached out then to who's in charge of the FBI. Sure enough, he happened to be a constituent. We started our professional relationships there. I am glad and honored to call him a friend over the years.
That's the much more common side of the head of the field office's responsibility. You have a territory or an AOR, as we call it, because we have to have some sort of impenetrable letters for everything. Your Area Of Responsibility in Washington was DC and Northern Virginia. In addition to overseeing those cases, you have to interact with the community.
You've got to build relationships with all the stakeholders across that community, whether it's the faith-based community, the environmental activist community, or whoever that might be. You've got to be out there, meeting people, so that you're in a position to respond when citizens, their representatives, or their imams, rabbis, priests, or preachers call up to talk to you about something and bring something to your attention. It's an incredible job. You get to know the area in a distinct way.
You did it phenomenally. Thank you for those times and for the service.
Thank you.
Creating A New Physical And Screening Security Protocol
Greg, let's go back to you on the biggest policy challenge. What was yours?
My two biggest policy challenges both involved Andrew. I won't talk a lot about the 2014 postal service breach from China, but that was a huge challenge that I faced. There were a lot of policy issues related to that. The first of my challenges was when one day, Andrew and I were riding along, and he said, “Greg, we need to brief you on something. We've got a situation. It'd be a good idea for you to come into our offices.”
He sat me down and talked about some planes that were stopped in Europe, 1 at Heathrow and 1 at Frankfurt. On those planes, there had been parcel bombs placed that had originated from AQAP in Yemen. At the time, I was the Inspector in Charge of Global Security for the US Postal Service. The US Postal Service does business with 192 countries in order to be able to exchange mail and parcels around the world.
These two particular packages were of significant concern. It was late 2010, and AQAP had developed a plastic explosive. That is why you, as citizens, can't carry water bottles through airport security. As a result of what Andy shared with me in the findings and the fact that TSA had stopped parcels from being loaded into commercial aircraft, which created a bunch of mail being piled up by the tonnage around airports around the world, I spent the next several years working on the issues of how to get those parcels cleared from a security perspective to come into the United States.
Tweet: The more you increase security and preventive measures, the more adverse impact you have on the ability of airlines to fill up their planes and conduct their business.
Over the next couple of years, I worked through a United Nations specialized agency that supports the US Postal Service called the Universal Postal Union. We got all 192 countries to agree to a new physical screening security protocol that allowed for more robust screening so that parcels could come from the least developed country in Africa or the most industrialized nation in Europe into the United States. We worked extensively with the Bureau, TSA, FAA, IAD, the Transportation Association, and others to be able to leverage these new protocols. Now, we don't have any problems getting safely around the world. That was one of the biggest policy challenges that I faced in my career, thanks to my friend Andy and our bike riding.
Interesting. A lot can happen while bike riding.
That's a great example. When you think about counterterrorism work, you think about the dramatic part, finding the bomb maker, finding the operative, and mitigating the threat in real-time. That’s what makes your heart pound. There's another part of this on the policy side. When you've identified a threat stream or identified a new instrumentality that the terrorists are using, in this case, to drop bombs in the mail and send them right here to the homeland, you have to figure out, “How do we improve our ability to detect and deter that threat? Who do we work with?”
Building these coalitions across stakeholder groups and figuring out what the new policy should be, what you can take on a plane, and what you can't take on a plane, it's not a sliding scale in one direction. The more you increase security and preventative measures, the more adverse impact you have on the airline’s ability to fill up their planes and conduct business, and people's ability to get where they need to go at a reasonable cost. There are a lot of factors here. That's the long, hard, everyday work of making the country more safe.
Working Across Different Organizations For National Security
What you're talking about here is looking at the down-the-stream reaction that will take place when you make such a decision and the change management that has to be implemented, not just across the organization you are in charge of, but all the other affected organizations. How do you deal with that?
That's right. I remember another instance. I'll have to be a little bit vague about this one. At the beginning of 2017, there was another airliner-based threat utilizing a technological approach that we hadn't seen before. There were discussions at the absolute highest levels of the administration and of the agencies involved as to whether or not we should advise our carriers not to service particular countries and particular airports.
That was the overabundance of caution approach. The other end of the spectrum was people were like, “This will bring airline service to these countries or these locations to a halt. It’ll do colossal damage to the airlines that rely on this business.” Once the federal government comes out and says, “We don't think it's safe to fly into this airport,” the airlines, even if they disagree with you, are not in a position to say, “The heck with you. We're going to do it anyway.” If something bad happened after that, they'd be on the hook for it.
You have to look at these real-world impacts and make some very hard balancing decisions about how far you can go. In the meantime, can we push harder to find our own technical advance to increase our screening and scanning ability so that this new technique isn't going to slip past our security folks on the ground?
Tweet: Intelligence is driven by absolute, most recent, and most cutting-edge information collection and professionals making the right calls.
We were fortunate in that case. We were pushing in all these directions at once. Our technical side folks came up with some fixes that the group was in agreement on that were adequate for the protection that we needed. That's the direction we went. These conversations are not pretty. It’s very charged. I don't want to say emotional, but people have very strong opinions and are well-grounded in fact. There are different perspectives.
There are some countries that we don't fly into. American Airlines does not fly into Lebanon, my old country, for example, nor are Lebanese Airlines allowed to fly into the United States. Lebanon survived. Other airliners fly in instead, and they'll have to connect through Europe to come to the United States. Do you assess certain threat levels for these and then give them to the politicals to decide?
Sure. As many national security decisions do, it comes down to intelligence. How good is your collection? Are you collecting what you need to satisfy your intelligence requirements? How are you thinking about and analyzing that data and that information that you are collecting? In a situation like this, it's not just a, “We think this group could possibly do something.” It's more, “We think this group could possibly do something. If they did, they're likely to do it at these three places.” You try to use that sort of logic to narrow the scope of the steps that you're going to have to take.
Every location or every country is different. Many times, different regions within countries can be different and present different security pictures. It's a specific conversation. It's driven by the absolute most recent, most cutting-edge intelligence, the exquisite intelligence collection that intelligence professionals rely upon to make the right calls.
US Government’s Decision To Work With Ahmed al-Sharaa
I do want to ask Greg as well about what his experience taught him from working with intelligence, but I'm going to digress for a second. As we are recording this episode, it is November 26th, 2025. This will play live in a couple of weeks. I got a text message from a dear friend, who is a member of Congress. He sent me an article about him and the US delegation meeting with President al-Sharaa of Syria.
For somebody who comes from the intelligence world and somebody who spent all these years on intelligence and counterterrorism, it's got to be fascinating. We can have a whole hour on that, but I want a quick tidbit from you. It's got to be fascinating to see al-Sharaa move from an absolute on the terrorist top list to, “Welcome to the White House,” and we're flying into Syria within a period of less than 6 months or 1 year. It was not long ago that his taking over of Damascus happened in twelve days, which was amazing by itself as well. He took over the country in twelve days. In less than a year, he was welcomed with open arms in the White House.
It's stunning. There's no other way to describe it. Having spent years working on one of the most complex knots of multiple problems I've ever seen was Syria and Iraq, the whole region. To see that process where it is with al-Sharaa assuming control of the country, with the background that he has personally and what he was able to accomplish as a Military leader. I should add the way that he's approached his leadership responsibilities.
This is not easy for a lot of people to get their heads around, but decisions about international relations, responses to crises in different regions and different countries, getting involved in, to some extent, hostilities or Military approaches to problem-solving, and and then evolving to a place where you're re-establishing relations with a new government that's led by a guy who used to be one of your enemies, this is sometimes how it works out.
In order to maximize the benefits to your own country, to reduce US national security exposure, to encourage the development of a nation that could go from a security problem to one that presents at least some security solutions for some very tough issues that still persist in that area, it requires a certain amount of flexibility and focusing forward instead of backward.
I know that can be very frustrating for people, particularly for people whose family members were victimized by terrorist groups in Syria, or some folks whose family members disappeared in that region and have never seen or heard from them again, and have not been granted any sort of legitimate accountability for those crimes. Those are all things that our national leadership weighs out when they're thinking, “How are we going to proceed forward with this new setup?” Ultimately, they have to look at the biggest possible benefit for the United States writ large, US national security, and the greater global stability. That's how you get to this somewhat stunning and unimaginable resolution of where we are. I don't think we're in a bad place, to be perfectly honest, with Syria.
I agree.
This is a positive development for the long-term. There's a lot of work left to be done, but the administration is doing the right thing on it.
We probably need another year or so to get some of that material declassified, but at that point, you and I should probably teach a course on Syria and what happened there. It'll be a fascinating course.
Treating Intelligence As A Leadership Discipline
Sorry for that, Greg. We went on a tangent there.
That's the typical tangent that I go off on with Andrew all the time. That's why CNN has him as a commentator and an advisor.
They're lucky to have him.
You got a sense of what I learn day in and day out, being able to ride the bicycle when we used to ride into Washington, DC, once a week on our bicycles from our homes. Press the play button, and you're going to learn something significant from Andrew. The thing that I learned the most about this topic from Andrew is that threat intelligence is a leadership discipline. Many organizations treat intelligence as news. When you look at intelligence and make it part of your decision-making process, that's when it becomes extremely valuable.
Andrew taught me how the FBI created an operating system for Director Mueller's daily brief and made intelligence a cycle that led them to make better decisions. As a result, it enabled me in my government role and as an advisor to businesses on how to leverage the intelligence cycle that the government uses to make better decisions for whatever the outcome is.
I am preparing for an off-site for a brand-new portfolio company under the venture capital firm that I advise, Ballistic Ventures. One of the key things that we're going to talk about that I added to the agenda is the threat model that we're going to be addressing, and why every executive that we're going to make this product for needs to have it, because they're facing very specific threats in their homes that need to be addressed.
It's important to understand the threat model that is associated with any product that's going to be entering the marketplace, so that you can build appropriate mitigating controls in order to be able to address those risks. That's the beauty and wisdom that you get from listening to Andrew for years, and the value of integrating intelligence into government and business operations.
Working As A US Cyber Czar For A Day
That's fascinating. I wrote down something you said there, Greg, which is very interesting. I want to make sure to repeat it for our readers. You said threat intelligence is a leadership principle, not news. That was a capture that I wrote down because it is important for people to understand. We have less than ten minutes left. I can talk to you guys for another two hours, but I know Andrew has to cut out, and we don't want our readers to drop us after a certain period of time. I'm going to take it big-picture for a minute before we end with a couple of shorter questions. If you were a US cyber czar for one day, understanding the environment and understanding where we are, which policies would you put in place? Greg, in a minute.
I'm going to start with modernizing the ISAC infrastructure under DHS. Sean Plankey, who is the nominee for the role of CISA, has yet to be confirmed, but I believe that that's one of the most important things that we have from a national infrastructure perspective to focus on. How do we require appropriate threat modeling for all of our critical infrastructure sectors to be able to understand what they're facing and how to mitigate those risks, whether those risks are China, destructive attacks enabled by AI or automation, or the complex third-party risks that the cyber domain contends with?
Cyber czar for a day, Andrew McCabe.
Assuming that as cyber czar, I also have a magic wand to do things that can happen?
Of course.
If I could, with that magic wand, make bipartisan solutions on the hill, we need comprehensive bipartisan legislation that's going to address every aspect of election security. There's a huge piece of that that would address specific election-related cyber risk, but also the other risks that come with election security, like access to systems and the requirement for paper ballots.
We have that, which is a good thing, but that continues to be one of the most divisive issues in our country. People have very wildly different ideas about how we do it or how we should do it, or whether we do it well enough or not. A little bit of both sides of the House and leadership from Congress are saying, “These are the standards. This is what we expect from our cybersecurity professionals and election security professionals.” It would be helpful to not only get it done but also get past it as a constant source of political divide.
No US Elections Were Ever Stolen
You brought up election security, so I can't not ask you this. You opened up the door. In 2016, 2020, and 2024, despite minor things here and there, our elections were secure, and they were not stolen, correct?
Correct.
Thank you.
In 2016, there was a strong effort by the Russians to meddle in different ways. No proven impact on the vote counts, right? We know they looked. We know they probed systems in multiple states. We know they went to some places and took screenshots of election workers’ computers on the evening of the vote, but we have no evidence that they were able to manipulate vote counts. They did everything they could to try to manipulate perspectives, people's views of the candidates, issues, and those sorts of things. That's a different problem.
In 2020, it was a fairly quiet and very safe and secure election, thanks, in large part, to my friend Greg over here. He was running the postal services’ adoption to this massive wave of mail-in ballots that we'd never seen before because of the pandemic. In 2024, we saw a broader array of adversaries weighing in and trying to play in the influence game, but all in all, a very safe and secure election. No reason to challenge or be worried about the certified results in any of those three elections.
No election was stolen. There is always fraud, but regardless of the quantities, whether there were 500, 700, or 1,000 cases of fraud across the nation, those do not affect the results of the elections. They are mathematically negligible because of the number of ballots cast, correct?
That's correct.
In 2020, I secured, through the digital systems that I protected, 45% of the ballot. That's nearly 80 million ballots. The numbers that you were talking about are insignificant.
That's right.
Do Greg And Andrew Miss The Private Sector?
Thank you. This is the question that people always wonder about for those of you who leave government service. You have completed such long, distinguished careers in government at the higher levels and in power. It’s got to be good when you are in a position of power. It feels good because you're doing well, and then you move to the private sector. Do you miss it?
I do. I miss it every day. I miss the people. I miss the friendships and the glory of being able to work with people who are there for the same reason you are every day, because they love the mission. They want to run to the sound of the guns. They want to be where the crisis is to help in any way they can. That produces such an amazing collection of wonderful human beings. I miss the mission. It's fascinating. I still try to keep my hand in it with the work that I do on television and at the Schar School with my class on the framework of national security law. I miss it. It was the thrill of a lifetime.
Tweet: People in the private sector want to be where the crisis is to help in any way they can. It produces such an amazing collection of wonderful human beings.
Greg, you're not missing Andrew because you're biking together. You're not missing Andrew because you still see him all the time. Do you miss the job?
I do miss the job a bit. It's an amazing feeling every morning to get up. For me, I could substantively sense my role was to protect the mailboxes of 250 million Americans every day. The actions that I took were to ensure that the digital environment that we provided for the post office allowed carriers to deliver their missions securely.
Unfortunately, bad things happen to carriers. We've had carriers who are murdered. My role was to make sure that that didn't happen or that the investigations could be facilitated through digital means. It was a massive sense of purpose to be able to get up and think about that every day. However, when you do leave government service, there's a different new way of being able to support the mission. That's what I try to do every day by being able to help critical infrastructure companies, investors, and startups be agile. I can be much more agile in the private sector than I could ever be in the face of the bureaucracy that we had to deal with in government service.
For the record, my dogs were always kind to the carrier. A final question to you, Greg. Our wonderful, newly elected, record-breaking, history-making Governor-Elect Abigail Spanberger worked for the US Postal Inspector Service for a while. Have you guys crossed paths?
Admittedly, we never. I'm a huge supporter of hers. I’m excited to see what she does here in Virginia, but we did not cross paths. I was involved in making an app that runs on the mobile delivery devices for the carriers. It allows the carriers to report when they've encountered dog attacks so that the carrier can be warned that there was a hostile dog on the delivery route. It helped the safety and security of our carriers out there on the streets.
You can run my background check, or Andy can run it for you. I am not on that list. Andrew and Greg, thank you both for an insightful, candid, and genuinely enjoyable conversation. For the readers who want to learn more about Greg's work can visit 10-8 Cyber at TenEightcyber.com. You can read more about Andrew McCabe's work, including his teaching, at the Schar School's website. All episodes of policy and governance perspectives are available at Schar.gmu.edu/podcast and on all major platforms. We are syndicated. Until next time, stay informed and stay engaged.
Important Links
About Andrew McCabe
Andrew G. McCabe is the author of the New York Times bestselling book, The Threat: How the FBI Protects America in the Age of Terror and Trump. He is currently a senior law enforcement analyst for CNN, a distinguished visiting professor at George Mason University Schar School of Policy and Government, a consultant and advisor to cyber companies, and the co-host of the podcast “Unjustified” about the policies and actions of the Department of Justice.
Mr. McCabe began his 21-year FBI career in 1996 as a special agent assigned to the New York City Field Office, where he investigated Russian organized crime cases. In 2006, Mr. McCabe shifted his focus to national security when he was promoted to FBI Headquarters in the Counterterrorism Division. He went on to serve in numerous high level leadership positions in the FBI including, assistant director of the Counterterrorism Division, executive assistant director of the National Security Branch, assistant director in charge of the Washington Field Office, and Deputy Director of the FBI. In 2017, Mr. McCabe served as the acting FBI director after the firing of James Comey. He retired from the FBI in 2018.
Before entering the FBI, Mr. McCabe worked as a lawyer in private practice. He received a BA from Duke University in 1990 and JD from Washington University in St. Louis School of Law in 1993. Mr. McCabe is a certified senior intelligence officer, and he was awarded the FBI Director’s Award and the Presidential Rank Award for Meritorious Service. Mr. McCabe is married, has two children, and lives in northern Virginia.
About Gregory Crabb
Gregory S. Crabb is a nationally recognized leader in cyber intelligence, insider-threat deterrence, and large-scale security transformation. Over a 30-year career spanning federal law enforcement, national security, and enterprise cybersecurity, Greg has built and led high-impact programs that protect critical infrastructure and safeguard national operations.
As the Chief Information Security Officer for the U.S. Postal Service, Greg oversaw the defense of more than one million technology assets, led the response to the 2014 China breach, and built an intelligence-driven cyber program that prevented major disruptions—including the EternalBlue exploit behind WannaCry. He partnered with the FBI to expand in-person identity proofing and fingerprinting at post offices nationwide and later ensured the Postal Service could securely support the unprecedented surge in mail-in ballots during the 2020 election.
Today, Greg is the Founder and President of TenEight Cyber, advising Fortune 500 companies, critical infrastructure operators, and venture-backed startups on threat intelligence integration, insider-risk strategy, and AI-driven cyber governance. His Six-Step Threat Intelligence methodology, derived from intelligence-community tradecraft, continues to help organizations anticipate emerging threats, strengthen decision-making, and build lasting resilience.