Security Considerations for a Connected, Highly Volatile World: Expert Insights from Joel Thayer

Gizel Gomes, October 3, 2025 | 7 min read

Security mechanisms: This series emphasizes that in today’s increasingly connected business landscape, it is essential to assess the scale and scope of any software or tool —ensuring it is secure, resilient, and free from vulnerabilities.

Regardless of an organization’s size, before implementing any software, it is crucial to understand both its security implications and its underlying nature. Software often handles sensitive information – hence, any unchecked vulnerabilities or hidden threats can lead to data leaks, operational disruptions, or regulatory penalties. Reviewing the software’s development and origin helps uncover potential geopolitical or vendor-related risks and ensures it aligns with compliance standards and the organization’s IT roadmap. Moreover, a thorough evaluation process enhances cybersecurity, fosters trust among stakeholders/consumers, and ensures uninterrupted business operations.

To shed light on this topic, we spoke with Joel Thayer, President of Digital Progress, who offered deep insights into software security. During our conversation, Joel underscored the far-reaching impact of everyday software choices on organizational security and outlined the critical factors tech leaders should consider when evaluating or standardizing third-party software. He also discussed recent high-profile cases, such as the U.S. government’s ban on Foxit, highlighting the real-world implications of geopolitical and vendor-related risks.

With his insights, let’s explore how organizations should think about the tools they use every day – especially document management and collaboration platforms – and the implications they may have for protecting sensitive information.

Q. Before we dive in, would you give our readers an overview of your experience and responsibilities? Can you walk us through your professional path and how it led you to your current position?

Thayer: My name is Joel Thayer, and I am the president of the Digital Progress Institute, a think tank based in Washington, D.C. focused on advancing bipartisan policies in the tech and telecom space. I’ve founded my own law firm, Thayer PLLC, and was previously an associate at Phillips Lytle. Before that, I served as Policy Counsel for ACT | The App Association, where I advised on legal and policy issues related to antitrust, telecommunications, privacy, cybersecurity and intellectual property.

Q. What are your top priorities right now as a leader, especially when it comes to security and protecting sensitive information?

Thayer: At the Digital Progress Institute, we believe strongly in establishing universal privacy rules that protect consumer data across the Internet and ensure those decisions are in the hands of consumers, not companies.

A recent Pew Study shows that 73% of Americans feel they have limited to no control over how companies use their personal information. And the reality is they don’t. We sign privacy policies that are filled with so much legal jargon that it may as well be unintelligible to the average person, and presto! Our data is now their data. The problem is not just that they sell our data to third-party advertisers, but also to those who use our data to create fake images, curate biased news feeds, conduct elaborate scams, and even engage in espionage.

Q. From your perspective, how critical are document management and PDF tools to an organization’s operational level?

Thayer: In industries like finance, real estate, and healthcare, PDFs remain the backbone of everyday business workflows. Globally, 98% of businesses use PDF as their default file type for external communication (Mobiqode, 2025). Over 2.5 trillion PDFs exist worldwide, with 290+ billion new PDFs created annually, growing 12% YoY. PDF is the web’s second-most-served file type, behind only JPEG.

Q. What factors do you consider when approving or standardizing third-party software in your workforce or work portfolio?

Thayer: When evaluating third-party apps or software, companies must assume that software from certain jurisdictions serves dual purposes: legitimate business functionality and potential intelligence collection for state sponsors who view American companies as strategic assets to be leveraged.

Q. Recently, the U.S. government just blacklisted Foxit—Chinese PDF software that’s been embedded across America’s most sensitive defense agencies. What is your take on this? Moreover, Foxit has development operations in China. How might this pose risks to sensitive government information?

Thayer: Foxit’s playbook is not new – it reflects the systematic nature of modern espionage campaigns that target comprehensive data collection across all aspects of technology infrastructure. In 2021, President Donald Trump banned Chinese apps like Alipay, CamScanner, QQ Wallet, SHAREit, Tencent QQ, VMate, WeChat Pay, WPS Office and their subsidiaries due to concerns over China’s “bulk data collection” to advance its economic and national security agenda. What we see here with Foxit is similar to the examples mentioned above.

What makes this particularly concerning is that PDF software processes exactly the type of sensitive information biometrics, R&D data, and government contracts that provides invaluable intelligence to foreign powers as they build their own military and technological capabilities.

Q. How should government agencies evaluate the national security implications of using software with foreign development ties?

Thayer: Agencies must recognize they’re dealing with adversaries who maintain direct relationships with foreign governments, regardless of corporate structure or public statements. The evaluation framework needs to account for the reality that certain countries use all available diplomatic, economic, and technological levers to advance their strategic interests.

Assuming that software with foreign development ties could serve intelligence collection purposes for powers that view imported American technology as a means of building their own advanced systems, including military AI capabilities, is the only way to safeguard critical government information.

Q. Do you think organizations underestimate the national security implications of everyday software choices?

Thayer: Organizations consistently underestimate these risks because they focus on immediate operational needs while adversaries focus on long-term strategic intelligence value. There’s a fundamental disconnect between how procurement teams evaluate software and how foreign intelligence services evaluate the same tools.

Q. What technical safeguards can reduce the risks of using Foxit (e.g., disabling cloud features, sandboxing)?

Thayer: If organizations are truly concerned about the sensitive information and proprietary data ending up in the wrong hands, then they should not trust software companies or third-party apps that have ties to foreign adversaries.

The foreign regulatory landscape continues to change rapidly, and the only safeguard is not to utilize questionable software.

Q. Should Foxit be restricted to non-classified environments only? Why or why not?

Thayer: Restricting compromised software to non-classified environments still exposes high-value information that foreign intelligence services actively seek. Government contractor data, personnel information, and operational details provide significant strategic intelligence regardless of formal classification levels.

Given that adversaries systematically overcollect information to build comprehensive intelligence pictures, any level of exposure contributes to their understanding of American capabilities, decision-making processes, and strategic priorities.

Q. If you were advising a Chief Technical Officer, what would be your policy/ security recommendation regarding Foxit?

Thayer: My recommendation would be to replace it immediately with an alternative not owned by foreign adversaries.

Q. Finally, what advice would you give other technology leaders navigating the tension between productivity and security?

Thayer: Technology leaders need to understand the origins of third-party apps and technologies. Continuous due diligence is necessary to safeguard company data in an ever-changing landscape.

Key takeaway for CTOs

As businesses continue to embrace digital transformation, the importance of software security will only grow. CTOs who prioritize secure software practices, assess risks carefully, and implement proactive controls will be better positioned to navigate threats and maintain operational resilience.

In an era where technology drives business success, security is no longer just an IT concern—it is a strategic imperative.

About the Speaker: Joel Thayer is the President of the Digital Progress Institute. He has founded his own law firm, Thayer PLLC, and was previously an associate at Phillips Lytle. Before that, he served as Policy Counsel for ACT | The App Association, where he advised on legal and policy issues related to antitrust, telecommunications, privacy, cybersecurity and intellectual property in Washington, DC. His experience also includes working as legal clerk for FCC Chairman Ajit Pai and FTC Commissioner Maureen Ohlhausen and as a congressional staffer for the Hon. Lee Terry and the Hon. Mary Bono.

Gizel Gomes

Gizel Gomes is a professional technical writer with a bachelor's degree in computer science. With a unique blend of technical acumen, industry insights, and writing prowess, she produces informative and engaging content for the B2B leadership tech domain.

Security Considerations for a Connected, Highly Volatile World: Expert Insights from Joel Thayer

Q. Before we dive in, would you give our readers an overview of your experience and responsibilities? Can you walk us through your professional path and how it led you to your current position?

Q. What are your top priorities right now as a leader, especially when it comes to security and protecting sensitive information?

Q. From your perspective, how critical are document management and PDF tools to an organization’s operational level?

Q. What factors do you consider when approving or standardizing third-party software in your workforce or work portfolio?

Q. Recently, the U.S. government just blacklisted Foxit—Chinese PDF software that’s been embedded across America’s most sensitive defense agencies. What is your take on this? Moreover, Foxit has development operations in China. How might this pose risks to sensitive government information?

Q. How should government agencies evaluate the national security implications of using software with foreign development ties?

Q. Do you think organizations underestimate the national security implications of everyday software choices?

Q. What technical safeguards can reduce the risks of using Foxit (e.g., disabling cloud features, sandboxing)?

Q. Should Foxit be restricted to non-classified environments only? Why or why not?

Q. If you were advising a Chief Technical Officer, what would be your policy/ security recommendation regarding Foxit?

Q. Finally, what advice would you give other technology leaders navigating the tension between productivity and security?

Key takeaway for CTOs

Related

Gizel Gomes

Related posts

Chris Gibson on the Skills of Leaders Who Turn Adversity into Advantage

From the CIA to the Boardroom: Andrew Bustamante on Leadership Style That Endures

The Human Factor in Cybersecurity: Dewayne Hart on What CTOs Overlook

AI-Powered ETFs: Exploring the Next Evolution in Investing with Jack Fu, CEO of Draco Evolution

AI and Sustainability: Insights from Futurism Speaker Birju Shah

AI and E-Commerce: Indranil Guha on What’s Next for Marketing Innovation

Edge AI and Everyday Trust: A Conversation with Dr. Rajesh Natarajan,CTO of Gorilla Technology

Geospatial Intelligence, Reinvented: Spexi CTO Peter Szymczak on AI’s Next Frontier

AI in Marketing Has a Trust Problem — Karla Wentworth Explains Why

Consumer Tech and Vertical SaaS: Inside Carle Stenmark’s Investment Playbook

From Strategy to Impact: Chris Whitaker’s Vision for Leadership and Innovation at Comcast

Automated Health Systems: 10 apps every healthcare leader should know

Cybersecurity Leadership with Jadee Hanson, CISO at Vanta

The Unbossing Revolution with Shane Elahi, Co-Founder and COO of Software Finder

Blending Search and Chat: Vikas Jha on the Next Era of Conversational Commerce

AI in Retail Ecommerce, with Benoit Jacquemont, CTO and co-founder of Akeneo

Smart ChatGPT Prompt Tips: A CTO’s Guide to Better Results

A Massive Security Blunder hit McDonald’s AI-powered Hiring Platform

5 Medical Robots Making a Difference in Healthcare

Innovative Leader Spotlight: Chris Soukup’s Vision for Communication Equity

Humanoid Robots: CTO Jarad Cannon Reveals the Big Breakthroughs

AI Conferences and the Road Ahead: Marcus Jecklin on the Trends to Watch

AI Leadership with Kieran Gilmurray: Navigating the Tech-Driven Future

Trent Gillespie on AI Acceleration and Empowering Innovation at Every Level

DEI Rollback Leaves Women Leaders Facing New Career Barriers

Sorin Hilgen, EG America’s CIO & CDO on Convenience Store Digital Transformation

AI Implementation in Business: In Conversation with Mr. Sanjay Varnwal, Co-Founder & CEO, Spyne

Customer Engagement 2.0: Textdrip’s CTO Dhaval Gajjar on What’s Next

Azure vs AWS: Biggest Cloud Rivalry and Future of Enterprise AI

Leadership in the Age of AI: Insights from Dr. Rogayeh Tabrizi

Cloud Cost Optimization: In Conversation with Deepak Mittal, CEO of CloudKeeper

Collaboration Tools for Remote Teams That Actually Improve Workflows

The Real ROI of AI CRM Software: Top Enterprise Picks That Work

Women in Leadership: A Candid Conversation with Amber Foucault, Global VP of Product Applications

Open-Source AI and Enterprise Tech’s Evolution: A Conversation with Praveen Akkiraju

Inside Tech Leadership with GoTrust CEO Himanshu Gautam

Tech Debt vs. Feature Velocity: How to Find the Right Balance

Unpacking Enterprise AI with Conor Twomey, CEO of AI One

In Conversation: Exploring AI in Medical Affairs with Sarah Snyder

Women Leadership in Healthcare: In Conversation with Cerys Goodall, Chief Operating Officer, Vetster

Prioritize Technical Debt for Long-Term Wins: A CTO’s Tactical Framework

AI Myths vs Reality: Debunking 8 Common Misconceptions

Beyond the Debug: Burak Özdemir’s Take on Sustainable Technical Debt Solutions

Redefining Ethical AI in Business: Garrett Yamasaki’s Vision for Responsible Innovation

Is Technical Debt Holding You Back? Here’s How to Spot and Fix It

Thriving in Cybersecurity Landscape: In Conversation with Cybersecurity Expert Zoya Schaller

AI in DevOps: Taking Business Transformation to The Next Level

In Conversation: Rachel Weston Rowell on Scaling Startups, Regulation, and Building Global Teams

Key DevOps Trends for 2025 and Beyond: What Tech Leaders Must Prepare For

The CTO’s Guide to AI Driven Innovation: Lessons from Pearl Lemon AI CEO Deepak Shukla

In Conversation: Andrew Lokenauth on the Role of AI in Transforming CTO Functions

Custom or Off-the-Shelf? A Strategic Guide for CTOs

The CTO Playbook for Tech Infrastructure Resilience: 10 Disruption-Ready Tools

In Conversation: Gen Z vs. Millennials Shifting Career Aspirations

Women in Cybersecurity: In Conversation with Cybersecurity Expert Michelle Drolet

In conversation: Talking Tech and Artificial Intelligence with John Fitzpatrick, CTO of Nitro

How CTOs Can Drive Innovation Through Open-source Software

CTO’s Guide to Building a Scalable Tech Stacks

In conversation: Unlocking AI’s Role with Patrina Pellett, PhD Medical Affairs Expert

In conversation: Nikhil Agarwal on Digital Twins

In Conversation: Sanju Zachariah on Generational DEI

In Conversation: Berns Lim on AI and Automation

Sandro Lonardi, CMO at SOAX, on the Future of AI and Business Strategy

How Google’s Quantum Computing Chip Willow is Pushing Boundaries