Episodios

  • Rethinking resilience with WatchTowr CEO Benjamin Harris

    Rethinking resilience with WatchTowr CEO Benjamin Harris
    Oct 16 2025
    This episode of Safe Mode features a nuanced conversation with Ben Harris, CEO of Watchtower, who delves into the complexities of vulnerability management in today’s threat landscape. Harris discusses why traditional patching is no longer a guarantee of security, revealing how sophisticated attackers are staying persistent even after organizations update and remediate systems—particularly in the challenging context of edge devices and black-box appliances. Drawing on real-world research and recent incidents involving vendors like Oracle, Cisco, and Avanti, the interview highlights the urgent need for resilience, increased transparency from companies, and a cultural shift toward proactive detection.
    Más Menos
    36 m
  • What's it like to go through the FedRAMP process?

    What's it like to go through the FedRAMP process?
    Oct 9 2025
    This week on Safe Mode, we talk with Scott Montgomery, VP of Federal at Island, about the realities of achieving FedRAMP authorization. Scott demystifies the often daunting FedRAMP process, shares lessons learned from real-world experience, and reveals the biggest pitfalls organizations face. From data sensitivity requirements to the growing importance of automation in security compliance, this episode is essential listening for anyone navigating federal cloud standards or considering a move into the government tech space. In our reporter chat, Greg talks with Matt Kapko about a whirlwind week around Clop's targeting of Oracle.
    Más Menos
    31 m
  • Andesite's Brian Carbaugh on how lessons from the CIA can power an AI-powered SOC

    Andesite's Brian Carbaugh on how lessons from the CIA can power an AI-powered SOC
    Oct 2 2025
    In this week's episode of Safe Mode, Greg Otto talks with Brian Carbaugh, CEO of Andesite, who reveals how lessons learned in the CIA are transforming Andesite’s unique, human-first approach to AI-driven cybersecurity. Carbaugh shares behind-the-scenes stories about building a “bionic SOC,” where cutting-edge artificial intelligence works seamlessly with analysts, amplifying their skills, streamlining investigations, and making security operations not just more efficient but genuinely exciting. In our reporter chat, Greg and Matt Kapko dive into a week's worth of critical vulnerabilities and government emergency directives, and how enterprises have responded in kind.
    Más Menos
    27 m
  • Censys’ Silas Cutler on how adversaries chain vulns together for big attacks

    Censys’ Silas Cutler on how adversaries chain vulns together for big attacks
    Sep 25 2025
    In this episode of Safe Mode, Greg talks with Silas Cutler, principal security researcher at Census, how ransomware attackers chain together overlooked vulnerabilities, especially in platforms like SharePoint, and why patch fatigue leaves defenders at risk. Silas breaks down advanced ways criminals maintain access even after patches, and explains what makes government and critical sectors prime targets. We discuss the real challenges of incident response, threat intelligence, and preventing long-term damage—especially in complex cloud and hybrid environments. In our reporter chat, Greg talks with Tim Starks about two marquee stories this week: a look at how the government information sharing law renewal has sputtered, and a new China-linked espionage campaign has researchers sounding the alarms. https://cyberscoop.com/cyber-threat-information-law-hurtles-toward-expiration-with-poor-prospects-for-renewal/
    Más Menos
    27 m
  • Veracode’s Chris Wysopal on the security issues with AI code development

    Veracode’s Chris Wysopal on the security issues with AI code development
    Sep 18 2025
    On this episode of Safe Mode, we’re joined by a renowned cybersecurity expert and CyberScoop 50 winner, Veracode co-founder and CTO Chris Wysopal, to discuss the fast-evolving landscape of AI-assisted software development. Chris shares insights from a recent study examining over 100 large language models and their tendency to introduce security vulnerabilities in generated code. The conversation delves into why a staggering 45% of AI-generated code samples contained vulnerabilities and why improvements in AI reasoning haven’t translated to more secure outputs. Chris emphasizes the critical need for enhanced security testing and better quality training data, discussing both the challenges and opportunities ahead as AI adoption accelerates. Tune in for a thoughtful exploration of the intersection between AI, secure coding, and what the future holds for developers and enterprises alike. In our reporter chat, Greg talks with Derek Johnson about work that OpenAI and Anthropic have done with the U.S. and U.K. government to secure their models.
    Más Menos
    32 m
  • Phosphorus’ Sonu Shankar on IoT Vulnerabilities and Salt Typhoon Tactics

    Phosphorus’ Sonu Shankar on IoT Vulnerabilities and Salt Typhoon Tactics
    Sep 11 2025
    In this episode, Greg Otto talks with Sonu Shankar, President at Phosphorus, to discuss the unique security challenges facing today’s rapidly expanding Internet of Things landscape, where traditional endpoint protections are ineffective. The episode explores how everyday devices with default passwords and outdated firmware open organizations up to significant risk. Shankar highlights the tactics of groups like Salt Typhoon, who exploit these weak spots to infiltrate and persist within networks. The conversation underscores the pressing need for deeper asset inventory and active discovery in critical environments. In our reporter chat, Greg talks with Matt Kapko about a supply-chain attack on npm that turned out to be pretty close to a false alarm.
    Más Menos
    24 m
  • Halcyon’s Cynthia Kaiser on the state of ransomware

    Halcyon’s Cynthia Kaiser on the state of ransomware
    Sep 4 2025
    In this episode, Greg Otto talks with Cynthia Kaiser Sr. Vice President of Halcyon’s Ransomware Research Center, discussing the latest ransomware operations and exploring the latest shifts in the cyber threat landscape. Greg and Cynthia discuss the rise of new groups like DragonForce, SafePay, and Fog, and the decline of once-dominant names such as LockBit and BlackBasta. They also discuss unique tactics and tools employed by emerging players, discuss the impact of law enforcement and internal group dynamics, and examine why certain industries are now prime targets. Learn how attackers choose their victims, the early warning signs organizations should watch for, and the most frequent pitfalls in ransomware defense. In our reporter chat, Greg talks with Matt Kapko about the deep drive into an accused ransomware affiliate that has been given a long leash by law enforcement while he awaits trial.
    Más Menos
    29 m
  • What happens if CISA 2015 lapses?

    What happens if CISA 2015 lapses?
    Aug 28 2025
    In this episode of Safe Mode, host Greg Otto talks with Tim Starks about what would happen if the nation’s information sharing law – known as CISA 2015 – expires at the end of September. In our interview segment, Greg talks with Kevin Hanes, CEO of Reveal Security, exploring the critical and often overlooked world of machine identity security. From the blind spots in privileged access management that focus too heavily on human users while machines hold increasingly sensitive roles, to the operational challenges of securing identities in cloud-native, containerized, and AI-powered environments, Kevin shares practical insights on scaling visibility and maintaining accountability across fragmented teams.
    Más Menos
    25 m