FromNoise2Signal

Mehul Revankar

A cybersecurity podcast. Cyber conversations with more signal, less Noise. Noise 2 Signal is the antidote to the cybersecurity echo chamber: unfiltered conversations with the people who actually built the field — no buzzword bingo, no vendor pitches.

Episodes

  1. 2d ago

    EP 9. Do AI or Be Replaced by AI w/ Craig Adams. AI-Native Future of Cyber Offense, Defense & PM

    Craig Adams is a seasoned cybersecurity product leader with over 20 years of experience building and scaling industry-defining tools. Having served as the Chief Product Officer at Rapid7 and Chief Product and Engineering Officer at Recorded Future, Craig has steered some of the most prominent teams in enterprise tech through massive evolutionary shifts. In this episode, we unpack how the age of AI has fundamentally rewritten the roles of product management, user experience, and software engineering. Craig challenges the "SaaS apocalypse" narrative, explains why AI-generated code will cause an exponential explosion of vulnerabilities, and argues why human information security teams will actually grow in size to handle the complex, agentic future of tech. In our in-depth discussion, Craig shares: 00:04:01 - Why the traditional waterfall requirements document is dead in the age of AI. 00:05:40 - How the role of the software engineer is transitioning to architectural oversight. 00:06:19 - The core strategy differences between running B2B and B2C product management. 00:07:28 - The merging lines between PM and UX design systems. 00:08:58 - Why the role of the prompt engineer has already gone out of fashion. 00:10:06 - Walking the floor at RSA and the problem with copycat cybersecurity marketing. 00:12:03 - The shift from SEO to AEO (AI Engine Optimization) for scraping agents. 00:13:12 - The rise of sandbox-driven trial loops and the death of human-led software demos. 00:14:46 - Buying enterprise AI subscriptions purely on self-serve product value. 00:16:13 - Facing the "Mythos" vulnerability hype and how AI disrupts raw discovery. 00:19:23 - Why putting 5x more findings into a discovery bucket is an unsustainable model. 00:21:52 - Reframing the cybersecurity dilemma as an implementation problem. 00:22:59 - How AI is binarily decreasing the time to exploitation for attackers. 00:25:00 - A religious-level conviction that the number of human defenders will grow, not shrink. 00:27:35 - Why entry-level information security roles are in the center of the AI bullseye. 00:29:48 - The new reality of writing functional exploits using simple natural language prompts. 00:32:31 - Debunking the idea that AI-generated code will plateau software exposures. 00:33:32 - Shifting defender terminology to focus on "toxic combinations" rather than simple patching. 00:35:13 - Redefining SaaS software: Either you embed AI or you get replaced by it. 00:36:06 - Navigating the inequality between well-funded banks and under-budgeted municipalities. 00:39:49 - Why security teams who block AI usage will ultimately hinder their enterprise. 00:40:14 - Moving past the chatbot era of 2023 into true automated agency. 00:41:57 - The dramatic leapfrog analogy: Treating the adoption of AI like switching from mail to email. 00:44:23 - Dismantling the platformization myth of "one security platform to rule them all." 00:45:47 - The thesis behind why the next trillion-dollar tech giant will be a services organization. 00:48:00 - Predicting a renaissance of software-like margins inside the IT services industry. 00:49:56 - Automating lower-value tier-one analyst tasks to focus on higher maturity journeys.

    55 min

  2. Jun 1

    EP 8. The Buyer's Seat w/ Aysha Khan. Inside the Mind of CISOs Buying in AI Era

    Aysha is a technology executive with over 25 years in cybersecurity, most recently serving as CISO and CIO at Treasure Data. Known for her "spiritual CISO" persona, she blends deep operational experience with a monk-like clarity — cutting through vendor noise with equal parts wisdom and candor. In this episode, we explore the frustrations behind her Buyer's Seat series, the chronic delivery problem plaguing the cybersecurity industry, and a no-holds-barred look at how buyers actually evaluate, adopt, and renew software. Aysha shares her structured vendor evaluation process, what "fantasy math" ROI really signals, and how AI is fundamentally reshaping how she leads her team.

    1h 21m

  3. May 20

    EP 7. The History Of Vulnerabilities w/ Brian Martin. From 1993 to Current Era.

    In this episode, we sit down with Brian Martin — 33-year vulnerability historian and longtime OSVDB maintainer — to trace the chasm between what CVE actually tracks and what's really out there. Brian explains why VulnCheck's KEV is 3.5x bigger than CISA's, why the real public vulnerability count is missing somewhere between 500K and several million entries, and how he personally mined 105,000 vulns out of changelogs and bug trackers. The conversation digs into the manufactured 2024 funding crisis, NVD's quiet abandonment of a 30,000-vuln backlog, why CVSS V4 is a "train wreck," and the LLM-driven vulnerability spike about to dwarf the fuzzer era. They close on the 1903 Marconi wireless telegraph hack — the first documented exploit-in-the-wild.

    1h 43m

  4. May 13

    EP 6. Meme King. Covering AI, Cybersecurity, Acquisitions & everything in between w/ Pramod Gosavi

    In this episode, we sit down with investor Pramod to break down the deals, valuations, and strategic plays reshaping cybersecurity and AI. Pramod unpacks Nikesh Arora's "sell-to-me-or-I-build-it" M&A playbook, the dirty economics behind AI darlings like Cursor and Claude Code, and the looming SaaSpocalypse pitting AI startups against legacy vendors for the same IT budget. The conversation digs into Nvidia's circular money flow with OpenAI, Anthropic, and CoreWeave, why this AI cycle is the inverse of dot-com, and a sharp take on why Cloudflare commands the highest multiple in security while Okta leaves money on the table.

    1h 4m

  5. May 11

    EP 5. Past, Present & Future of CISA KEV w/ Patrick Garrity

    In this episode, Mehul sits down with vulnerability management influencer Patrick Garrity to unpack the rapidly shifting landscape of vulnerability exploitation. Patrick discusses how his unique data visualizations put CISA KEV on the map, but reveals the hidden limitations of the federal catalog today. He breaks down the recent geopolitical and funding crises paralyzing NIST’s NVD, highlighting how the private sector and projects like CISA's Vulnrichment are stepping up to fill the data void. The conversation also explores how MFA pushed threat actors toward network edge exploitation, the alarming reality of shrinking zero-day timelines, and why "exploitable by AI" might soon become the ultimate threat metric. Finally, they cover the looming impact of frontier AI models on mass bug discovery and how incoming European regulations will force companies to disclose active exploits within 24 hours. In this episode, Patrick shares: [00:01:48] How his unique data visualizations ultimately put CISA KEV on the map. [00:02:37] His journey from sales engineering at Duo to becoming a vulnerability data storyteller. [00:06:24] The early struggles of trying to contribute real-world exploit evidence to CISA KEV. [00:08:38] What the pre-CISA KEV era looked like, including scraping Twitter feeds for intel. [00:10:09] How SOC teams literally used a journalist's tweets as their primary exploitation feed. [00:11:48] Why the federal CISA KEV catalog only tracks ~1,500 exploits. [00:15:09] Why ENISA KEV's tiny catalog of 15 matters more than the label. [00:14:12] When VulnCheck’s CEO decided to give away their valuable commercial KEV data. [00:16:42] The death of Flash, IE, and Word macro exploits—and the rise of edge attacks. [00:18:25] An analysis of the Progress MOVEit attacks and the rise of "smash-and-grab" extortion. [00:23:24] Getting mocked for joining VM in 2022 because the industry thought it was "solved." [00:27:56] The funding crises that brought global CVE enrichment at NIST NVD to a halt. [00:34:05] The night the CVE program almost lost its funding entirely. [00:36:05] How 32K unenriched vulns were reclassified as "not scheduled" to clear their backlog. [00:41:40] The terrifying metric showing 26% of exploited vulns see action before a patch exists. [00:43:10] The rapid evolution of AI-generated bug reports from "slop" to legitimate. [00:48:02] Why "exploitable by AI" might replace CVSS and CISA KEV as the ultimate metric. [00:50:58] How Anthropic's Glasswing successfully found 300 real vulns in Firefox. [00:53:12] The possibility of attackers stealing proprietary source code specifically to feed into AI. [00:53:31] Why AI tools shipping without security in mind will become the next leakage problem. [00:54:38] War stories from the ProxyLogon exploits and the FBI's unprecedented interventions. [00:56:30] The time CrushFTP got mad at VulnCheck just for assigning a CVE ID to a vuln.

    1 hr

  6. Apr 30

    EP 4. Past, Present & Future of Risk Based Vulnerability Management with Ed Bellis

    Ed Bellis is the visionary who essentially created the Risk-Based Vulnerability Management (RBVM) category in 2010. From his days as CISO at Orbitz to founding Kenna Security in a market that didn't yet know it needed prioritization, Ed has consistently pushed the boundaries of cybersecurity. In this episode, Ed unpacks the grueling reality of convincing early investors and customers to put their vulnerability data in the cloud, the game-changing pivot that gave Kenna true product-market fit, and the candid truth behind what went wrong after the massive Cisco acquisition. He also dives into his new venture, Empirical Security, the role of AI in "eating the scanner," and why the industry needs to finally ditch the fear-mongering.

    55 min

  7. Apr 30

    EP 3. The Face of New Media for Cybersecurity with Cole Grolmus, Founder Strategy Of Security

    Cole Grolmus is the ultimate "N of one" in cybersecurity media. After a decade at PwC and a failed startup, he hit reset, writing a 65,000-word reflection that birthed Strategy of Security. Today, he cuts through the industry noise with brutally honest, deeply researched strategy analysis. In this episode, Cole breaks down his viral cybersecurity ecosystem map, the dangerous reality of blitzscaling, and why the AI revolution won't wipe out heavyweights like CrowdStrike. We also get an inside look at how he completely reinvented his independent media empire using advanced AI agents.

    49 min

  8. Apr 30

    EP 2. Past, Present and Future of Offensive Security w/ HD Moore

    HD Moore started the Metasploit framework project in 2003, forever changing the game on offensive security. Today, he serves as the CEO of runZero, mapping out global networks from behind the firewall. In this episode, we dive into the scrappy early days of internet security and dumpster diving for computer parts, why the AI revolution might make traditional vulnerability research and CVEs obsolete, and the brute-force reality of modern cybersecurity venture capital. We also explore how HD's deep technical roots helped him build runZero to $1M ARR as a solo operation, plus he shares the hilarious history of how the Blaster worm broke the internet using Metasploit's default port.

    45 min

  9. Apr 30

    EP 1. Bromure Secure Browser, Nessus Origins, Overbearer Proxy, Coding with AI, Fundraising in AI

    Renaud Deraison started the Nessus project in 1998 and co-founded Tenable, fundamentally changing how the world handles defensive cybersecurity. Today, he is leveraging AI to build and ship open-source security tools in a matter of weeks. In this episode, we dive into the early days of internet security and hardware scarcity , why the AI revolution might make traditional AppSec obsolete , and the exit pressures of the modern VC landscape. We also explore how deeply technical founders are gaining an "unfair advantage" by knowing exactly how to guide AI agents , plus Renaud shares the hilarious honeypot story that led to his new secure virtualized browser, Bromure.

    1h 8m
  • 9 Episodes

Ratings & Reviews

5
out of 5
2 Ratings

About

A cybersecurity podcast. Cyber conversations with more signal, less Noise. Noise 2 Signal is the antidote to the cybersecurity echo chamber: unfiltered conversations with the people who actually built the field — no buzzword bingo, no vendor pitches.

Information

  • Creator
    Mehul Revankar
  • Years Active
    2K
  • Episodes
    9
  • Rating
    Explicit
  • Copyright
    © 2026 Mehul Revankar
  • Show Website
    FromNoise2Signal