Episodes

  • Google’s John Hultquist on how APTs are using generative AI

    Google’s John Hultquist on how APTs are using generative AI
    Feb 6 2025
    Greg Otto talks with John Hultquist, Chief Analyst for Google Threat Intelligence Group. They explore the qualitative differences between AI-generated and human-crafted social engineering tactics, and discuss the technical limitations of AI when used by less sophisticated threat actors like those in North Korea. Additionally, the episode addresses the challenges posed by AI in cybersecurity, including how it accelerates attacks, the need for enhanced defense systems beyond current SOAR/XDR models, and a proposed roadmap for maturing autonomous AI frameworks in the coming years. In our reporter chat, Greg talks to Derek B. Johnson on the ongoing friction between Elon Musk, DOGE, and the federal government. . LINK: https://cyberscoop.com/musk-doge-opm-treasury-breach/
    Show more Show less
    27 mins
  • Hugh Thompson on what the SEC got right (and wrong) with its cyber incident reporting mandate

    Hugh Thompson on what the SEC got right (and wrong) with its cyber incident reporting mandate
    Jan 29 2025
    Greg Otto talks with Hugh Thompson, Executive Chairman for RSAC Conference. Greg and Hugh discuss how the SEC's cyber disclosure regulations have fallen short of their intended purpose, failing to provide investors with enhanced transparency due to ongoing debates about materiality and insufficient market consequences. Additionally, they discuss the evolving regulatory landscape for 2025 and recent efforts to strengthen border gateway protocol (BGP) security. In our reporter chat, Greg talks to Derek B. Johnson on DeepSeek’s newfound fame and its time in the security spotlight.
    Show more Show less
    43 mins
  • Gabrielle Hempel on AI regulation on the federal and state level

    Gabrielle Hempel on AI regulation on the federal and state level
    Jan 23 2025
    Greg Otto talks with Exabeam’s Gabrielle Hempel about the complex terrain of AI regulation at both the federal and state levels, offering a deep dive into the legislative challenges, and the balancing act of fostering innovation while protecting public interests. They also reflect on how public interaction with AI systems is shaping legislative efforts, aiming to provide a comprehensive exploration of the regulatory landscape and its implications for businesses. In our reporter chat, Greg talks to Tim Starks about a Congressional hearing that examined DHS’s elimination of the entire Cyber Safety Review Board’s roster. LINK: https://cyberscoop.com/removal-cyber-safety-review-board-members/
    Show more Show less
    40 mins
  • Guidepoint Security’s Jason Baker on lessons learned from negotiations with ransomware groups

    Guidepoint Security’s Jason Baker on lessons learned from negotiations with ransomware groups
    Jan 16 2025
    As we head into 2025, Greg talks with Jason Baker, a ransomware negotiator for Guidepoint Security, on how ransomware has shifted and evolved, and the challenges it poses for businesses and governments alike. Jason also sheds light on the top threat actors, the future of international regulations and where they might fall concerning the contentious issue of paying ransoms, and what businesses can do to limit the damage if they are ever attacked. In our reporter chat, Greg talks to Tim Starks about the conversations happening in Washington, D.C. regarding enhanced offensive cybersecurity operations. LINK: https://cyberscoop.com/aggressive-cyber-offense-trump-administration-us-strategy-debate/
    Show more Show less
    52 mins
  • Phil Venables on the State of the CISO

    Phil Venables on the State of the CISO
    Jan 8 2025
    In the first episode of 2025, Greg Otto dives into a conversation with Phil Venables, the Chief Information Security Officer of Google Cloud, who shares insights from his expansive career in cybersecurity. From his beginnings as Goldman Sachs' first CISO to his current role leading risk and security at Google, Phil discusses the evolving challenges CISOs face, including the impact of AI-powered cyber threats and strategies to prevent burnout. Discover Phil's perspectives on fostering a supportive organizational culture and the importance of proactive planning in strengthening cybersecurity resilience. In our reporter chat, Greg talks with Derek Johnson about a hacker scheme that abuses the guardrails in generative AI.
    Show more Show less
    41 mins
  • Vik Phatak on the inherent issues in native cloud firewalls

    Vik Phatak on the inherent issues in native cloud firewalls
    Dec 19 2024
    In the latest episode of Safe Mode, Greg Otto talks with Vik Phatak, Chairman and CEO of CyberRatings.org. Cyber Ratings recently released a report assessing the native firewalls provided by major cloud service providers like Microsoft, Google, and AWS. These cloud-native firewalls, included with their instances, were put to the test by Cyber Ratings to evaluate their effectiveness. The findings reveal significant shortcomings in relying solely on these built-in security measures. In our reporter chat, Greg Otto talks with Tim Starks about two interesting stories that chronicle the latest in the shady world of spyware. LINK: https://cyberscoop.com/russian-surveillance-spyware-threat-citizen-lab/ https://cyberscoop.com/amnesty-international-exposes-serbian-polices-use-of-spyware-on-journalists-activists/
    Show more Show less
    32 mins
  • Emily Crose on the government’s long history with hackers

    Emily Crose on the government’s long history with hackers
    Dec 11 2024
    In the latest episode of Safe Mode, Greg Otto talks with Emily Crose about her new book “Hack to The Future: How World Governments Relentlessly Pursue and Domesticate Hackers.” Emily explains how the US government managed to weaponize a subculture widely seen as misanthropic and awkward into a lever of power that now has far-reaching geopolitical implications In our reporter chat, Greg Otto talks with Tim Starks about the continued investigation and fallout of the Salt Typhoon hacks. Also in this episode: ThreatLocker CEO and Co-Founder Danny Jenkins joins SNG host Wyatt Kash in a sponsored podcast discussion on how implementing a layered approach to network security better protects government data. This segment was sponsored by ThreatLocker. LINK: https://cyberscoop.com/senators-witnesses-3b-for-rip-and-replace-a-good-start-to-preventing-salt-typhoon-style-breaches/
    Show more Show less
    50 mins
  • GreyNoise’s Andrew Morris on using AI to find zero-days

    GreyNoise’s Andrew Morris on using AI to find zero-days
    Dec 5 2024
    In the latest episode of Safe Mode, Greg Otto talks with Andrew Morris, founder and chief architect of GreyNoise. Greg and Andrew talk about some recent work GreyNoise has released including one of the first instances where threat detection has been augmented by AI to discover zero-day vulnerabilities. In our reporter chat, Greg talks with Tim Starks about his interview with the president of Dakota State University, and how she sees the state’s politicians impacting cybersecurity in a Trump administration. LINK: https://cyberscoop.com/south-dakota-cybersecurity-leadership-2025/
    Show more Show less
    44 mins