Episodes

  • Why the autonomous SOC Is the wrong goal

    Why the autonomous SOC Is the wrong goal
    Jun 11 2026
    On this week's episode, we're joined by Mike Nichols, General Manager of Security at Elastic, fresh off the Gartner Security and Risk Summit in the D.C. area, where AI dominated every conversation on the conference floor. Mike walks us through what CISOs are actually asking about, what a real agentic SOC looks like in practice, and why keeping humans on the loop is the key philosophical distinction that separates a thoughtful AI implementation from a reckless one. The conversation covers "tribal knowledge," shadow AI, prompt injection, model sovereignty, and the exploding attack surface that AI agents themselves create, with Mike making the case that AI adoption is a dial and not a switch, and that transparency, explainability, and a healthy dose of skepticism are the foundation of building trust that actually sticks.
    Show More Show Less
    34 mins
  • The last layer standing

    The last layer standing
    Jun 4 2026
    What happens when an "assume breach" scenario turns into a total corporate wipeout? In this episode of Safe Mode, host Greg welcomes Brandon Willitts, Director of Cyber Resilience at Everpure, to pull back the curtain on a devastating "malwareless" attack that deleted over 80,000 endpoints at a Fortune 100 company. When adversaries exploit valid credentials to compromise the entire identity plane, your own endpoint management tools can be weaponized against you. Brandon breaks down how separating the storage layer from the identity blast radius—and leveraging immutable snapshot technology—allowed a non-technical engineer to jumpstart a full recovery in just days rather than months. In our reporter chat, Greg talks with Derek Johnson about all the AI security news that has happened over the past week.
    Show More Show Less
    36 mins
  • From Two Weeks to Three Days: The KEV Deadline Debate

    From Two Weeks to Three Days: The KEV Deadline Debate
    May 29 2026
    Drawing on his experience from his time in government working directly on CISA’s Known Exploited Vulnerabilities (KEV) catalog, Todd Beardsley, VP of Security Research at runZero, explains what it actually took behind the scenes to get a vulnerability added: verifying that real exploitation occurred, confirming the incident mattered to federal interests (including state/local governments, critical infrastructure, or allied nations), and ensuring there was a concrete remediation option before publishing. He walks Greg through how those judgments tied back to Binding Operational Directive 22-01 and how deadlines were set and adjusted from the two-week baseline—context that frames the recent trend toward three-day turnaround requirements. From that insider perspective, Beardsley outlines the practical risks of compressing timelines (especially around testing and change-control realities across 100+ civilian agencies) and why ultra-short deadlines can dilute KEV’s value as an “urgency signal,” even as they may push agencies to modernize staffing, automation, and patch processes to respond faster.
    Show More Show Less
    37 mins
  • Can specialized security survive Daybreak and Mythos?

    Can specialized security survive Daybreak and Mythos?
    May 21 2026
    In this episode, we sit down with Lior Div, CEO of 7AI, at a moment when the ground is shifting under the entire security industry. With AI lowering the barrier to entry for attackers, supply chain compromises spreading at worm speed, and OpenAI and Anthropic racing to plant their flags in enterprise cyber defense, the pressure on defenders has never been more acute. We push Div on the hard stuff — whether agentic defense actually closes the asymmetry gap or just keeps pace with it, what Mini Shai-Hulud exposes about the blind spots in how we trust software, how the arrival of Daybreak and Glasswing changes the competitive landscape for pure-play security companies, and whether the industry is building toward genuine resilience or just faster reactions to inevitable breaches. Speaking in Mini Shai-Hulud, Greg talks about a whirlwind week of reporting that covered all the security incidents tied to the malware.
    Show More Show Less
    38 mins
  • Why access brokers have stubbornly remained successful

    Why access brokers have stubbornly remained successful
    May 14 2026
    Anna Pham of Huntress joins Safe Mode to discuss the current landscape of initial access brokers and how their tactics continue to support ransomware operations. She explains that attackers are still finding success with drive-by downloads, Trojanized installers, fake browser updates, click-fix attacks, exposed RDP, VPN weaknesses, and vulnerable edge devices. The conversation also covers how access is monetized, what defenders can look for before ransomware deployment, and why limited endpoint visibility often leaves organizations exposed. Fam emphasizes that basic cyber hygiene still matters: close exposed ports, enforce MFA, use complex passwords, apply least privilege, patch systems, and maintain broad visibility across the environment. In our reporter chat, Greg talks with Matt Kapko about the security incident that impacted Canvas.
    Show More Show Less
    32 mins
  • Can you prove which agent did what?

    Can you prove which agent did what?
    May 7 2026
    In this week's episode, Greg Otto talks with Howard Ting, CEO of Opal Security, about the growing security challenges created by AI agents inside the enterprise, especially around identity governance, access control, and runtime authorization. As organizations adopt coding agents, workplace assistants, and other AI tools, traditional approaches to managing human access are being pushed beyond their limits by the speed, scale, and context required for agent-driven decisions. The conversation explores the risks of shadow AI, overprivileged agents, unintended data exposure, and the difficulty of enforcing least privilege when agents act on behalf of employees across sensitive systems. It also looks at what CISOs and security teams need to prioritize now, from gaining visibility into agent activity to building policy-aware controls that can make real-time access decisions and safely support AI adoption. In our reporter chat, Greg talks with Derek Johnson about a lawsuit where a dating app stole an influencer's TikTok videos to use in targeted ads to people she knew, all without her consent.
    Show More Show Less
    28 mins
  • How government and Industry can raise the cost of cybercrime

    How government and Industry can raise the cost of cybercrime
    Apr 30 2026
    Sophos CEO Joe Levy and Director of Government Partnerships Alex Rose join Safe Mode from Washington, D.C. to discuss what meaningful public-private cybersecurity partnership looks like right now—moving beyond “window dressing” to real operational collaboration with agencies like CISA and the FBI. They break down the shift from Secure by Design to Secure by Demand, arguing that procurement and market forces must pressure software vendors to ship safer defaults, while AI simultaneously accelerates both vulnerability discovery and attacker capability. The conversation also spotlights why small and midsize businesses are disproportionately exposed yet often underserved, and previews Sophos’s upcoming CISO Advantage concept to help close the massive cybersecurity leadership gap. Finally, they examine rising open-source software risk—including maintainers being overwhelmed by low-quality AI-generated vulnerability reports—and why addressing OSS security will require coordinated action across government and industry. In our reporter chat, Greg talks with Tim Starks about the oral arguments held at the Supreme Court in relation to a case that deals with the future of geofence warrants.
    Show More Show Less
    43 mins
  • Proving Identity in the age of agents

    Proving Identity in the age of agents
    Apr 23 2026
    As AI makes deepfakes and voice cloning more convincing, attackers are shifting away from traditional vulnerabilities and focusing on identity as the easiest path to account takeover and fraud. In this conversation, Eran Haggiag of Glide Identity discusses what it will take to protect identity in an agentic world—how to prove a real user approved an action, how to establish accountability when software acts on someone’s behalf, and why cryptographic, hardware-rooted signals may be the clearest way out of the cat-and-mouse cycle. In our reporter chat, Greg talks with Matt Kapko about what led to the Vercel breach that dominated this week's headlines.
    Show More Show Less
    27 mins