Episodes

  • Should you still trust your password manager?

    Should you still trust your password manager?
    Feb 19 2026
    In this episode, Greg explores the gap between password manager marketing claims of "Zero Knowledge Encryption" and the reality uncovered by Swiss researchers who found 25 attacks against Bitwarden, LastPass, and Dashlane. Professor Kenny Patterson joins Greg to discuss why the industry's "honest-but-curious" security model is dangerously inadequate compared to a "malicious server" threat model, diving into three critical vulnerability categories: account recovery mechanisms that allow attackers to swap encryption keys, seemingly innocent features like icon fetching that leak passwords, and "vault malleability" where individual item encryption lets attackers cut-and-paste data between vault fields. They also discuss how legacy code support and backwards compatibility create cryptographic hazards, and what non-negotiable features are needed to build a truly "provably secure" password manager from scratch.
    Show more Show less
    37 mins
  • No exceptions: How Amazon killed the password and unified security

    No exceptions: How Amazon killed the password and unified security
    Feb 12 2026
    In this episode, we sit down with Stephen Schmidt, SVP & Chief Security Officer at Amazon, to explore the engineering and leadership required to run a "no exceptions" identity program at a global scale. Most organizations suffer from the "fragmentation problem"—a mix of high-security cloud apps and vulnerable legacy systems. Stephen explains how Amazon unified its authentication standard to ensure that every internal account, from a fresh developer environment to a legacy application from 2003, meets the same rigorous bar. In our reporter chat, Greg talks with Derek Johnson on why your AI doctor does not have the same privacy protections as your real doctor. https://cyberscoop.com/radio/how-amazon-killed-the-password-and-unified-security/ Join Virtru on Feb 18th for the inaugural DCMMC at 1801 Pennsylvania Ave for a no-nonsense CMMC deep dive followed by a bourbon tasting—grab your spot here. - https://www.virtru.com/dcmmc-event Follow CyberScoop on Social Media • https://www.twitter.com/CyberScoopNews • https://www.linkedin.com/company/cyberscoop • https://www.facebook.com/cyberscoop/ • https://www.instagram.com/cyberscoopnews/ • https://www.tiktok.com/@cyberscoopnews • https://bsky.app/profile/cyberscoop.bsky.social About Safe Mode Every week we break down the most pressing issues in technology, provide you with the knowledge and tools to stay ahead of the latest threats and take you behind the scenes of the biggest stories in cyberspace. https://cyberscoop.com/show/safe-mode/
    Show more Show less
    37 mins
  • What leaders can learn from the WEF's Cybersecurity Outlook

    What leaders can learn from the WEF's Cybersecurity Outlook
    Feb 5 2026
    AI is reshaping cybersecurity faster than most organizations can govern it—and the risk no longer stops at the edge of the enterprise. In this episode, Greg speaks with Brian Dye, CEO of Corelight, about the World Economic Forum’s Global Cybersecurity Outlook 2026: why fraud and phishing are rising on the CEO agenda, why ransomware still dominates operations, and how leaders can build measurable resilience amid growing third‑party and cloud dependencies. In the reporter chat, Greg talks with Derek Johnson on the reaction at the recent NASS conference to the raid on election efforts in Fulton County, Georgia. Join Virtru on Feb 18th for the inaugural DCMMC at 1801 Pennsylvania Ave for a no-nonsense CMMC deep dive followed by a bourbon tasting—grab your spot here. https://www.virtru.com/dcmmc-event
    Show more Show less
    37 mins
  • Opportunistic by Default: How OT gets pulled into the blast radius

    Opportunistic by Default: How OT gets pulled into the blast radius
    Jan 29 2026
    In this episode of Safe Mode, we look at how opportunistic campaigns—often starting as loud disruption like DDoS—can probe for weak points and, in some cases, move closer to operational technology and industrial control systems. Using a recent Justice Department case tied to pro‑Russia hacktivist groups as a jumping-off point, we discuss what this pattern says about the OT threat landscape in 2025, from remote access and trust boundaries to engineering workflows and data integrity risk. Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, joins to explain what defenders should prioritize now to keep “noise” from becoming real-world operational impact.
    Show more Show less
    34 mins
  • How do you win a conflict most Americans can’t see?

    How do you win a conflict most Americans can’t see?
    Jan 22 2026
    Retired Lt. Gen. Charlie “Tuna” Moore, former deputy commander of U.S. Cyber Command, joins Safe Mode to break down his new paper on “dominating the digital space” and a whole-of-society strategy for defending the United States from cyber aggression. Host Greg Otto digs into why cyber deterrence often fails below the threshold of armed conflict and what a National Cyber Operations Team—integrating private-sector talent under Cyber Command oversight—could look like in practice. Plus, journalist Matt Kapko returns to unpack the messy ethics and incentives behind ransomware negotiations after new guilty pleas spotlight just how unregulated the space can be.
    Show more Show less
    36 mins
  • What's powering the 'Steroid Era' of cybercrime?

    What's powering the 'Steroid Era' of cybercrime?
    Jan 15 2026
    Greg sits down with Adam Myers, Head of Counter Adversary Operations at CrowdStrike, and Elia Zaitsev, CTO of CrowdStrike, to discuss why 2025 has been dubbed the "steroid era" for cybercrime due to AI's transformative impact on both attackers and defenders. The conversation reveals alarming statistics—a 442% increase in AI-powered voice-based phishing attacks, average adversary breakout times dropping to just 48 minutes, and 81% of intrusions now operating without any malware at all—while also exploring how adversaries are exploiting vulnerabilities faster and using AI to write exploits. However, the experts explain how AI is also empowering defenders through agentic security systems like CrowdStrike's Charlotte, which achieves 98.6% accuracy in detection triage, fundamentally shifting the economics of the defender's dilemma and offering hope that AI may ultimately benefit defenders more than attackers.
    Show more Show less
    52 mins
  • The Access‑Trust Gap: Why security can’t see what work depends on

    The Access‑Trust Gap: Why security can’t see what work depends on
    Dec 18 2025
    In our final episode of 2025, Dave Lewis, global advisory CISO for 1Password, joins Greg Otto to unpack the “access‑trust gap”: the growing mismatch between what employees (and tools like AI assistants) can access at work and what security teams can actually see, verify, and control. Dav explains how this gap shows up in everyday ways—logins that bypass intended controls, personal devices used for work, and teams adopting apps or AI tools faster than IT can govern them—and why that combination creates quiet but serious risk. You’ll hear practical advice on narrowing the gap with stronger identity checks, smarter device trust, cleaner SaaS governance, and simple guardrails for safe AI use that don’t crush productivity.
    Show more Show less
    33 mins
  • How AI has complicated enterprise mobile security

    How AI has complicated enterprise mobile security
    Dec 11 2025
    In this episode of Safe Mode, Jim Dolce, CEO of Lookout, reveals that 40% of phishing attacks now target mobile devices—yet CISOs are drastically underspending on mobile security compared to email protection. Jim demonstrates how AI-powered attacks have become devastatingly effective, showing how his team created a voice-cloning impersonation attack in 15 minutes that fooled over half their employees into surrendering credentials, bypassing even multi-factor authentication. He explains why credential theft is now the #1 attack vector, costing $4-5 million per breach, and how modern smishing attacks use scraped social media data to craft hyper-personalized messages that are nearly impossible for humans to detect. Jim's urgent message: enterprises must protect mobile devices with the same rigor as email systems, using AI-powered defenses to combat AI-powered threats.
    Show more Show less
    39 mins