• What the post-quantum executive order means for CISOs
    Jul 9 2026
    In this week’s episode, Greg speaks with Ellen Boehm, SVP of Strategy and AI Operations at Keyfactor, about what the administration’s post-quantum cryptography executive order means for CISOs and enterprise leaders. Boehm argues that preparing for post-quantum cryptography is not just a technical cryptography challenge, but a leadership and business-risk problem. The conversation covers why compliance deadlines are pushing organizations to act, how CISOs should frame quantum risk for boards and executives, and why cryptographic inventories are a critical first step for any serious migration plan. The discussion also explores how organizations can build cross-functional teams across security, IT, legal, procurement, engineering and product groups; why visibility into cryptographic assets remains so difficult; and how AI, machine identities and crypto agility are converging with the post-quantum transition. Boehm also lays out the key questions enterprises should be asking now as they prepare for deadlines that are quickly moving from future concern to present-day planning reality.
    Show More Show Less
    26 mins
  • How security investigators can get the right info out of AI security tools
    Jul 2 2026
    This week on Safe Mode, Greg sits down with Dov Yoran, CEO and co-founder of Command Zero, to talk about one of the most persistent problems in enterprise security: the investigation gap. Alert volumes keep climbing, SOC teams are drowning in triage, and the tools meant to help are aggregating data without actually reasoning through it. Dov breaks down how the real bottleneck in security operations comes down to expertise — knowing what questions to ask, where to find the data, and how to build a narrative around it. He explains how Command Zero has codified years of SecOps and incident handling experience into a knowledge base shared by both human analysts and AI agents, creating a structured and fully auditable approach to autonomous investigation, one where every question asked and every conclusion drawn is visible and replayable. The conversation gets into how AI is fundamentally changing the shape of the SOC. The tiered escalation model is giving way to something new, where agents handle the repetitive work of collection, timelining, and report writing and analysts operate more like coordinators than ticket processors. Whether that shift is gradual or sudden, and exactly where the human stays in the loop, is a question Dov and Greg wrestle with. In our reporter chat, Greg talks with Tim Starks about the Supreme Court's decision in Chatrie v. The United States
    Show More Show Less
    33 mins
  • Inside Operation Disruption Week: Taking Down Southeast Asia's Scam Machine
    Jun 25 2026
    What does it actually take to dismantle an industrial-scale scam operation running bulletproof hosting, distributed ASNs, and crypto laundering across multiple countries? Mike Sweeney of Silent Push was in the room during Operation Disruption Week and tells us exactly how it went down — the intelligence, the coordination, and why this public-private model could be a blueprint for future cyber disruption efforts. Plus, reporter Tim Starks on the open source supply chain crisis: the volunteer maintainers holding up the internet, the threat groups coming after them, and the policy vacuum left behind after the Biden administration's momentum stalled.
    Show More Show Less
    36 mins
  • Zero days, zero order: The chaos reshaping vulnerability disclosure
    Jun 18 2026
    The rules of responsible disclosure were written for a different era — one where humans found bugs, humans reported them, and 90 days felt like plenty of time to patch. That era is over. In this episode, Greg sits down with Gal Elbaz, co-founder and CTO of Oligo Security, to unpack how AI-assisted vulnerability research is breaking the frameworks the security industry has relied on for decades. From MITRE admitting it can no longer keep up with the volume of CVE reports, to Linus Torvalds saying the same about the Linux kernel, the cracks in the system are impossible to ignore. Gal draws on his years as a hands-on researcher at Check Point — and his current work leading Oligo's research team — to offer perspective from both sides of the disclosure table. He and Greg dig into the Microsoft controversy, the tension between researcher leverage and community responsibility, and why the Spider-Man rule applies more than ever to the security research community right now. They also tackle the big questions: Should disclosure timelines be based on exploitability rather than a fixed number of days? Who owns the decision to accelerate a disclosure? And is it time to throw out CVSS scores and build something new? Gal's bottom line: the noise needs to be cut, the critical bugs need better definition, and both vendors and researchers need to get back to the table — as humans. For our reporter chat, Greg talked with Derek Johnson about the reaction to the Trump administration's fight with Anthropic.
    Show More Show Less
    40 mins
  • Why the autonomous SOC Is the wrong goal
    Jun 11 2026
    On this week's episode, we're joined by Mike Nichols, General Manager of Security at Elastic, fresh off the Gartner Security and Risk Summit in the D.C. area, where AI dominated every conversation on the conference floor. Mike walks us through what CISOs are actually asking about, what a real agentic SOC looks like in practice, and why keeping humans on the loop is the key philosophical distinction that separates a thoughtful AI implementation from a reckless one. The conversation covers "tribal knowledge," shadow AI, prompt injection, model sovereignty, and the exploding attack surface that AI agents themselves create, with Mike making the case that AI adoption is a dial and not a switch, and that transparency, explainability, and a healthy dose of skepticism are the foundation of building trust that actually sticks.
    Show More Show Less
    34 mins
  • The last layer standing
    Jun 4 2026
    What happens when an "assume breach" scenario turns into a total corporate wipeout? In this episode of Safe Mode, host Greg welcomes Brandon Willitts, Director of Cyber Resilience at Everpure, to pull back the curtain on a devastating "malwareless" attack that deleted over 80,000 endpoints at a Fortune 100 company. When adversaries exploit valid credentials to compromise the entire identity plane, your own endpoint management tools can be weaponized against you. Brandon breaks down how separating the storage layer from the identity blast radius—and leveraging immutable snapshot technology—allowed a non-technical engineer to jumpstart a full recovery in just days rather than months. In our reporter chat, Greg talks with Derek Johnson about all the AI security news that has happened over the past week.
    Show More Show Less
    36 mins
  • From Two Weeks to Three Days: The KEV Deadline Debate
    May 29 2026
    Drawing on his experience from his time in government working directly on CISA’s Known Exploited Vulnerabilities (KEV) catalog, Todd Beardsley, VP of Security Research at runZero, explains what it actually took behind the scenes to get a vulnerability added: verifying that real exploitation occurred, confirming the incident mattered to federal interests (including state/local governments, critical infrastructure, or allied nations), and ensuring there was a concrete remediation option before publishing. He walks Greg through how those judgments tied back to Binding Operational Directive 22-01 and how deadlines were set and adjusted from the two-week baseline—context that frames the recent trend toward three-day turnaround requirements. From that insider perspective, Beardsley outlines the practical risks of compressing timelines (especially around testing and change-control realities across 100+ civilian agencies) and why ultra-short deadlines can dilute KEV’s value as an “urgency signal,” even as they may push agencies to modernize staffing, automation, and patch processes to respond faster.
    Show More Show Less
    37 mins
  • Can specialized security survive Daybreak and Mythos?
    May 21 2026
    In this episode, we sit down with Lior Div, CEO of 7AI, at a moment when the ground is shifting under the entire security industry. With AI lowering the barrier to entry for attackers, supply chain compromises spreading at worm speed, and OpenAI and Anthropic racing to plant their flags in enterprise cyber defense, the pressure on defenders has never been more acute. We push Div on the hard stuff — whether agentic defense actually closes the asymmetry gap or just keeps pace with it, what Mini Shai-Hulud exposes about the blind spots in how we trust software, how the arrival of Daybreak and Glasswing changes the competitive landscape for pure-play security companies, and whether the industry is building toward genuine resilience or just faster reactions to inevitable breaches. Speaking in Mini Shai-Hulud, Greg talks about a whirlwind week of reporting that covered all the security incidents tied to the malware.
    Show More Show Less
    38 mins