Zero Signal

Conor Sherman

Zero Signal is a podcast for CISOs and senior security leaders who are expected to have answers about AI risk before the industry has standards. We go after the strategic questions that don't yet have clean answers — the ones your board is asking and the industry is still debating. Each episode is an honest conversation with someone navigating that pressure — not with perfect answers but with principles, frameworks, and lived experience. We host guests who've had to make real calls under uncertainty and are willing to talk about what worked, what didn't, and what they're still figuring out

  1. 3 DAYS AGO

    Matt Peters on the AI “Captain America Serum” and Rebuilding the Broken Enterprise Foundation

    Welcome back to Zero Signal! In this special solo-host episode, Conor Sherman sits down with Matt Peters, co-founder and CEO of Fixify. With a powerhouse pedigree as the former Chief Product Officer at Expel and VP of Worldwide Operations at Mandiant during the height of the APT era, Matt brings a unique perspective on the intersection of cybersecurity heritage and IT transformation. Matt breaks down the reality behind the "AI productivity" hype, unpacking Fixify’s 2026 Benchmark Report. While AI allows organizations to resolve tickets 16 times faster, first response times remain identical—highlighting a critical gap in human expectations versus machine efficiency. They discuss why 95% of GenAI pilots fail not because of the technology, but due to a "poverty of vision" and misaligned organizational incentives. In this conversation, Conor and Matt explore how AI acts as a "Captain America serum" for businesses, the collapse of the zero-day patching clock to under 24 hours, and why the next era of leadership requires "systems thinking" over simple domain expertise. Continued Reading: The Enterprise AI Playbook (Stanford Digital Economy Lab) Fixify — 2026 IT Help Desk Benchmark Report Fixify 2026 Benchmark Report  Sysdig 2025 Cloud-Native Security and Usage Report Sysdig 555 Benchmark for Cloud Detection and Response  Sysdig Threat Research: LLM-assisted cloud attack MIT NANDA: The GenAI Divide: State of AI in Business 2025 Prophet Security  Prediction Machines by Agrawal, Gans, and Goldfarb The Myths of Innovation by Scott Berkun About the Guest: Matt Peters is the co-founder and CEO of Fixify, an AI-powered IT platform. Before Fixify, he served as the Chief Product Officer at Expel, a leading MDR provider, and spent years at Mandiant managing worldwide operations during the most significant state-sponsored cyberattacks in history. Matt is a recognized expert in incident response, product strategy, and leveraging AI to solve complex organizational friction.⁠ Matt Peters LinkedinKey Topics: 01:14 Why AI is a "Captain America Serum" for Organizations 02:13 The 16x Resolution Speed Gap: Why First Response Times Haven't Moved 04:20 Trimming the "Slop": How AI Handles the Tier 2 Long Tail 06:58 The Average Enterprise Has 150+ Apps (and IT Doesn't Know Half of Them) 09:00 Why 95% of GenAI Pilots Fail: Lessons from MIT & Stanford 12:02 Solutions vs. Problems: The Importance of Problem Definition 15:03 The Productivity Dip: Why You Shouldn't Fire Your Staff the Day AI Arrives 16:25 Shipping Containers & Unit Economics: Reworking the Whole Business Around AI 19:28 From "Get It Right" to "Generate and Judge": The New Dev Cycle 21:39 The "Infinite People" Mental Model: Reimagining Constraints 26:21 The CMDB Myth: Building AI on Brittle Technology Foundations 32:17 Threat Actors Using LLMs to Own Cloud Accounts in Under 10 Minutes 35:28 The "What Now?" Problem in Incident Response 38:54 The Collapse of the Patching Clock: From Two Years to One Day 42:48 Decision Points: Who Makes the Call When the CEO is Asleep? 47:23 Intent-Based Leadership: "Turn the Ship Around" for AI Agents 51:08 The Three Traits of Durable Leaders: Systems Thinking, Curiosity, and Clarity Meet our Sponsors: Hampton North is the premier US based cybersecurity search firm. Start building your security team with Hampton North: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal Sysdig is the leader in AI-powered real-time cloud defense; stop watching and start defending: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal

    54 min

  2. 8 MAY

    Matt Stamper: The 4 Classic Failures AI Just Made Existential

    Welcome back to Zero Signal! In this episode, Conor and Stuart are joined by Matt Stamper, co-author of the CISO Desk Reference Guide and chair of the FBI InfraGard CISO Cross-Sectional Council. With experience spanning Gartner research and national critical infrastructure, Matt dives into the "four persistent failures" that AI is rapidly turning into existential risks: identity governance, data governance, third-party risk, and vulnerability management. Matt explains why the "Hustle Hard" era of manual triage is fundamentally broken. As attack timescales collapse from weeks to seconds—evidenced by AI-driven compromises occurring in under eight minutes—security leaders must shift from a "secure-first" mindset to one of radical resiliency and "continuous zero-day" preparedness. In this conversation, Conor, Stuart, and Matt discuss the necessity of "autopilot" for security operations, the legal and geopolitical fallout of "Glasswing" and "Mythos" level capabilities, and why boards must move past the "single slide" and lean into the technical details of enterprise risk. Continued Reading: CISO Desk Reference Guide: https://www.cisodesk.com/ FBI InfraGard: https://www.infragard.org/ Cloud Security Alliance (CSA) Analysis on Glasswing/Mythos: https://cloudsecurityalliance.org/ VulnCheck State of Exploitation 2026: https://www.vulncheck.com/blog/state-of-exploitation-2026  Securing AI agents: the defining cybersecurity challenge of 2026: https://www.bvp.com/atlas/securing-ai-agents-the-defining-cybersecurity-challenge-of-2026  The State of AI Cybersecurity 2026: Unveiling insights from over 1,500 security leaders: https://www.darktrace.com/blog/the-state-of-ai-cybersecurity-2026  About the Guest: Matt Stamper is a globally recognized security leader, executive advisor, and the co-author of the CISO Desk Reference Guide. A former Gartner Research Director covering incident response architecture, Matt currently serves as the chair of the FBI InfraGard CISO Cross-Sector Council, where he represents nearly a thousand CISOs across critical infrastructure sectors. His work focuses on transforming technical security into business-aligned risk management and building resilient enterprise architectures. Key Topics: 01:11 Meet Matt Stamper: The Voice of Critical Infrastructure 01:50 The Four Persistent Failures AI Just Accelerated 03:26 The Collapse of the Zero-Day Clock: From Weeks to Seconds 04:31 Why Security is a "Whole of Enterprise" Problem 05:41 Customized Daisy-Chained Exploits (The Glasswing Effect) 08:24 Leaning In: How Security Leaders Become the Hero 11:47 Why 15 Minutes for Security in the Boardroom is "Borderline Negligence" 13:01 The Business Impact Analysis (BIA) as a Risk Vehicle 15:52 Incident Response in the Age of Agents 17:15 Hands-Off Keyboard: Trusting the System to Counter Swarms 20:41 The Advantage Shifts: Why Attackers Aren't Waiting for Budget Sign-Off 22:52 Crossing the "Four-Minute Mile" of AI Capabilities 25:10 A Manhattan Project Moment for Critical Infrastructure 31:54 Resilience vs. Protection: Designing for Failure 38:34 Geopolitical, Climatic, and Technical Risk Concurrency 42:05 The Strategic Move to Open Source for Transparency 46:00 The Autopilot Mindset: Continuous Preparedness 50:24 Why the Airline Safety Model is the Future of Cyber Metrics Meet our Sponsors: Hampton North is the premier US based cybersecurity search firm.Start building your security team with Hampton North: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal Sysdig is the leader in AI-powered real-time cloud defense; stop watching and start defending: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal

    53 min
  3. “The Hustle Hard Era is Over”: Crystal Morin on How to Move Beyond the Human Ceiling

    1 MAY

    “The Hustle Hard Era is Over”: Crystal Morin on How to Move Beyond the Human Ceiling

    Welcome back to Zero Signal! On this episode, Crystal Morin, Chief Cybersecurity Strategist at Sysdig and author of the Sysdig Cloud Native Security and Usage Reports, discusses findings showing vulnerability management has hit a “human ceiling,” with about 5.5% of workloads still running critical/high vulnerabilities year over year despite better tooling.  Morin explains why backlog volume and faster exploitation push organizations toward automation and agentic AI, highlights a major drop in exploitable vulnerabilities in production (to under 0.2%), and notes reduced image bloat (unused packages under 1%) as both cost and risk reduction.  In this conversation, Crystal, Conor, and Stu discuss how threat actors use AI to exploit CVEs within hours, identity trends and new messy identity governance concerns, and growing autonomous response actions like a 140% increase in “kill process.” They also discuss LLM jacking, regional AI package adoption led by EMEA, and McKinsey’s takers/shapers/makers framework. Read the 2026 Sysdig Cloud Native Security and Usage Report here. Continued Reading: The NVD Just Threw In The Towel - Now What? NIST Updates NVD Operations to Address Record CVE Growth About the Guest: Crystal Morin is a former Air Force Intelligence analyst and current Senior Cybersecurity Strategist at SYSDIG. Morin has authored four of the nine annual SYSDIG Cloud Native Security and Usage Reports, which serve as the industry's primary source for real customer data on Cloud Native Security trends. These influential reports are published on sysdig.com and cited across Dark Reading, Security magazine, and SANS webinars. Key Topics: 01:37 Hustle Hard Era Ends 05:43 Case for Agentic Remediation 08:09 Image Bloat Drops 11:10 Threat Actors Move Faster 14:40 Humans vs Machine Identities 19:32 Who Owns Identity Risk 22:09 Machine Identity Risk Stats 23:48 Breach Math Explained 24:25 Tokens and Agents 26:02 Europe Leads AI Packages 28:20 Compliance Drives Confidence 30:52 Makers Takers Shapers 33:02 AI Adoption by Sector 36:01 Rise of Agentic Defense 40:20 LLM Jacking and Costs 45:09 Autonomous Response Ladder Meet our Sponsors: Hampton North is the premier US based cybersecurity search firm. Start building your security team with Hampton North. Sysdig is the leader in AI-powered real-time cloud defense; stop watching and start defending.

    51 min
  4. The Future of Threat Detection is here -ft Founders of Embed Security

    13 MAR

    The Future of Threat Detection is here -ft Founders of Embed Security

    On the Zero Signal Podcast, the hosts preview RSA micro-events and then interview Embed Security co-founders Seth Summersett (CEO) and Jeffrey Johns (CTO), who launched the company in 2024 after careers at NSA, FireEye/Mandiant, Google, Meta, and others. They discuss the SOC’s operational crisis—thousands of daily alerts, manual triage, burnout, and uninvestigated incidents—and how Embed aims to reduce investigation time and alert noise using agentic AI with human oversight, transparency, and a “chain of evidence” that shows its reasoning. They argue the analyst role will shift toward validating AI-driven investigations, that organizational context and feedback are key, and that investigation, detection engineering, and threat hunting will converge. They cite customer results such as ~90% reduction in false positives and ~155 hours saved per month, predict major disruption to MDR/MSP economics, and emphasize domain-specific models and trust-building metrics. Sponsors Thank you to our sponsors who make this show possible. → https://hamptonnorth.com/. Hampton North is the premium US-based cybersecurity search firm. → https://www.sysdig.com/. Leader in real-time AI-powered cloud security. 00:00 Podcast Welcome00:41 RSA Micro Events01:54 AI SOC Alert Crisis02:47 Meet Embed Security06:17 Why Tackle Investigation07:50 State of Detection Today10:43 Future SOC Analyst Role14:35 Skills That Stand Out19:06 Human in the Loop22:43 Building Modern Detections24:58 Convergence Ahead26:26 AI Arms Race Reality27:38 Defenders Gain New Tools28:33 False Positives Economics30:56 Proactive Analyst Work31:51 MDR Market Disruption35:03 Build Versus Buy AI36:17 Domain Specific Models41:46 Trust And Transparency46:19 Measuring Trust Metrics49:19 Customer Win Story50:51 Lightning Round Threats53:20 Closing Thanks

    49 min

  5. 13 MAR

    Business-Driven Security: SAP on Cyber Risk & AI Security - ft. Jay Thoden van Velzen

    Episode Summary Business-Driven Security: SAP on Cyber Risk & AI Security features Jay Thoden van Velzen, Technical Advisor in SAP’s Office of the Chief Security Officer. The episode explores how cybersecurity must evolve to secure business processes, not just technology, and addresses the challenges of agentic AI, risk quantification, and the importance of human-centric controls in enterprise environments.   Sponsors Thank you to our sponsors who make this show possible. → https://hamptonnorth.com/. Hampton North is the premium US-based cybersecurity search firm. → https://www.sysdig.com/. Leader in real-time AI-powered cloud security.   Guest Introduction Jay Thoden van Velzen is a Technical Advisor in SAP's Office of the Chief Security Officer, supporting security processes, products, and partner management across cybersecurity functions. He previously led SAP cloud security operations and transformation during SAP’s rapid shift to cloud business applications and platforms.   Chapters 00:00 Introduction to SAP and Its Impact02:44 The Role of Cybersecurity in Business Processes13:38 Risk Management and Business Outcomes23:02 Exploring Security in Agentic Systems27:20 Balancing Innovation and Compliance in AI31:22 The Weight of SAP: Stability vs. Innovation38:12 Future of AI and Data Sovereignty  Referenced Links & Resources SAP Community Security BlogSAP TechEd 2025: SAP launches RPT-1, AI & Security in Business Process Platforms  Call to Action For more insights on business-driven security and agentic AI, follow Jay and the SAP Security team at SAP Community.

    43 min

  6. 13 MAR

    State of the Cybersecurity Market - ft. Mike Privette

    Episode Summary The episode features Mike Privette, founder of Return on Security, discussing the 2025 State of the Cybersecurity Market.   Key topics include the realities behind AI security funding, the shift from product to service models, the impact of M&A and capital flows, and how regional consolidation is shaping the industry.   Subscribe to the Return on Security Newsletter    Guest Introduction Mike Privette is the founder of Return on Security and creator of Security, Funded, a data-driven briefing on cybersecurity funding, M&A, and market trends. He is recognized for his independent, data-driven analysis and his ability to bridge the gap between boardroom strategy and operational security.   Chapters 00:00 Introduction and Guest Introduction02:46 The Role of a Market Analyst in Cybersecurity05:23 Understanding the 2025 Cybersecurity Market Report08:06 AI's Impact on Cybersecurity Investments10:52 The Shift from Products to Services in Cybersecurity13:43 Unit Economics and the Future of Cybersecurity Companies16:15 The Dynamics of Private Equity and Venture Capital in Cybersecurity24:35 The Great Bundling Era in M&A35:34 Regional Capital Flows in Cybersecurity45:35 Outro  Referenced Links & Resources 2025 State of the Cybersecurity Market: $25B Funding, $76B M&A, and What's Next

    46 min

  7. 13 MAR

    Why AI’s Real Impact Lies in How Leaders Respond—Not Just What It Achieves

    Episode Summary Conor Sherman lays out the three pillars of the Zero Signal podcast’s AI philosophy: using AI as a growth engine rather than a cost-cutting tool, designing truly human-centered systems, and treating secure, observable AI as a moral obligation for leaders.   Sponsors Thank you to our sponsors who make this show possible. → Hampton North. Hampton North is the premium US based cybersecurity search firm. → Sysdig. Secure the cloud
the right way with agentic AI.   Guest Introduction Host Conor Sherman, a cybersecurity leader with fifteen years of experience building and leading security programs, walks solo through how AI is reshaping the world and what durable, responsible leadership looks like in this transition.   Chapters 00:00 Introduction to Zero Signal Podcast01:23 The Courage to Grow in AI05:57 Human-Centered Systems in AI10:34 Secure AI is Responsible AI  Referenced Links & Resources Stanford Digital Economy Lab – “The Turing Trap: The Promise & Peril of Human-Like Artificial Intelligence”Goldman Sachs – “Will the $1 Trillion of Generative AI Investment Pay Off?”Acemoglu & Restrepo – “Automation and New Tasks: How Technology Displaces and Reinstates Labor”MIT Sloan – “When humans and AI work best together—and when each is better alone”Stanford HAI – “A Human-Centered Approach to the AI Revolution”Daniel Miessler – “Keep the Robots Out of the Gym”MIT & Harvard study on overreliance on AI advice  Call to Action Reflect on how your organization can use AI to create new work, design human-centered socio-technical systems, and build secure, observable infrastructure that earns and keeps trust over time.

    15 min

  8. 13 MAR

    The Rise of Agentic AI: Transforming Software Development - ft. Adam Arellano

    Episode Summary Zero Signal hosts Conor Sherman and Stuart Mitchell sit down with Adam Arellano, former VP of Cybersecurity at PayPal and now Field CTO at Harness, to unpack the rise of agentic AI in software delivery and what it means for software engineers, security leaders, and the broader tech economy. They dig into real-world data on AI-generated code, the new attack surface created by agent skills, and how security and engineering teams can partner to ship faster while reducing risk.   Sponsors Thank you to our sponsors who make this show possible. → Hampton North. Hampton North is the premium US based cybersecurity search firm. → Sysdig. Secure the cloud
the right way with agentic AI.   Guest Introduction Adam Arellano is the Field CTO at Harness, focusing on AI for DevOps and automation, and previously served as VP of Cybersecurity at PayPal. In this episode he brings both security and engineering leadership perspectives to the rapid shift toward agentic coding and AI-augmented software delivery.   Referenced Links & Resources Adam Arellano – LinkedInAI Coding Becomes a Risky Norm as Use of AI Coding Assistants Takes Off and More Than 80% of Organizations Ship Vulnerable Code – BusinessWireGenerative AI Adoption and the Impact on Junior Employment – Harvard studyAgent Skills in the Wild: An Empirical Study of Security Vulnerabilities at ScaleGitHubArcanum-Sec/sec-context

    48 min
See All (33)

About

Zero Signal is a podcast for CISOs and senior security leaders who are expected to have answers about AI risk before the industry has standards. We go after the strategic questions that don't yet have clean answers — the ones your board is asking and the industry is still debating. Each episode is an honest conversation with someone navigating that pressure — not with perfect answers but with principles, frameworks, and lived experience. We host guests who've had to make real calls under uncertainty and are willing to talk about what worked, what didn't, and what they're still figuring out

Information

  • Creator
    Conor Sherman
  • Years Active
    2025 - 2026
  • Episodes
    33
  • Rating
    Explicit
  • Copyright
    © Conor Sherman
  • Show Website
    Zero Signal