FromNoise2Signal

Mehul Revankar
  • 5.0 (2)
  • BUSINESS

A cybersecurity podcast. Cyber conversations with more signal, less Noise. Noise 2 Signal is the antidote to the cybersecurity echo chamber: unfiltered conversations with the people who actually built the field — no buzzword bingo, no vendor pitches.

Episodes

  1. 3D AGO

    EP 6. Meme King. Covering AI, Cybersecurity, Acquisitions & everything in between w/ Pramod Gosavi

    In this episode, we sit down with investor Pramod to break down the deals, valuations, and strategic plays reshaping cybersecurity and AI. Pramod unpacks Nikesh Arora's "sell-to-me-or-I-build-it" M&A playbook, the dirty economics behind AI darlings like Cursor and Claude Code, and the looming SaaSpocalypse pitting AI startups against legacy vendors for the same IT budget. The conversation digs into Nvidia's circular money flow with OpenAI, Anthropic, and CoreWeave, why this AI cycle is the inverse of dot-com, and a sharp take on why Cloudflare commands the highest multiple in security while Okta leaves money on the table.

    1h 4m

  2. 6D AGO

    EP 5. Past, Present & Future of CISA KEV w/ Patrick Garrity

    In this episode, Mehul sits down with vulnerability management influencer Patrick Garrity to unpack the rapidly shifting landscape of vulnerability exploitation. Patrick discusses how his unique data visualizations put CISA KEV on the map, but reveals the hidden limitations of the federal catalog today. He breaks down the recent geopolitical and funding crises paralyzing NIST’s NVD, highlighting how the private sector and projects like CISA's Vulnrichment are stepping up to fill the data void. The conversation also explores how MFA pushed threat actors toward network edge exploitation, the alarming reality of shrinking zero-day timelines, and why "exploitable by AI" might soon become the ultimate threat metric. Finally, they cover the looming impact of frontier AI models on mass bug discovery and how incoming European regulations will force companies to disclose active exploits within 24 hours. In this episode, Patrick shares: [00:01:48] How his unique data visualizations ultimately put CISA KEV on the map. [00:02:37] His journey from sales engineering at Duo to becoming a vulnerability data storyteller. [00:06:24] The early struggles of trying to contribute real-world exploit evidence to CISA KEV. [00:08:38] What the pre-CISA KEV era looked like, including scraping Twitter feeds for intel. [00:10:09] How SOC teams literally used a journalist's tweets as their primary exploitation feed. [00:11:48] Why the federal CISA KEV catalog only tracks ~1,500 exploits. [00:15:09] Why ENISA KEV's tiny catalog of 15 matters more than the label. [00:14:12] When VulnCheck’s CEO decided to give away their valuable commercial KEV data. [00:16:42] The death of Flash, IE, and Word macro exploits—and the rise of edge attacks. [00:18:25] An analysis of the Progress MOVEit attacks and the rise of "smash-and-grab" extortion. [00:23:24] Getting mocked for joining VM in 2022 because the industry thought it was "solved." [00:27:56] The funding crises that brought global CVE enrichment at NIST NVD to a halt. [00:34:05] The night the CVE program almost lost its funding entirely. [00:36:05] How 32K unenriched vulns were reclassified as "not scheduled" to clear their backlog. [00:41:40] The terrifying metric showing 26% of exploited vulns see action before a patch exists. [00:43:10] The rapid evolution of AI-generated bug reports from "slop" to legitimate. [00:48:02] Why "exploitable by AI" might replace CVSS and CISA KEV as the ultimate metric. [00:50:58] How Anthropic's Glasswing successfully found 300 real vulns in Firefox. [00:53:12] The possibility of attackers stealing proprietary source code specifically to feed into AI. [00:53:31] Why AI tools shipping without security in mind will become the next leakage problem. [00:54:38] War stories from the ProxyLogon exploits and the FBI's unprecedented interventions. [00:56:30] The time CrushFTP got mad at VulnCheck just for assigning a CVE ID to a vuln.

    1 hr

  3. APR 30

    EP 4. Past, Present & Future of Risk Based Vulnerability Management with Ed Bellis

    Ed Bellis is the visionary who essentially created the Risk-Based Vulnerability Management (RBVM) category in 2010. From his days as CISO at Orbitz to founding Kenna Security in a market that didn't yet know it needed prioritization, Ed has consistently pushed the boundaries of cybersecurity. In this episode, Ed unpacks the grueling reality of convincing early investors and customers to put their vulnerability data in the cloud, the game-changing pivot that gave Kenna true product-market fit, and the candid truth behind what went wrong after the massive Cisco acquisition. He also dives into his new venture, Empirical Security, the role of AI in "eating the scanner," and why the industry needs to finally ditch the fear-mongering.

    55 min

  4. APR 30

    EP 3. The Face of New Media for Cybersecurity with Cole Grolmus, Founder Strategy Of Security

    Cole Grolmus is the ultimate "N of one" in cybersecurity media. After a decade at PwC and a failed startup, he hit reset, writing a 65,000-word reflection that birthed Strategy of Security. Today, he cuts through the industry noise with brutally honest, deeply researched strategy analysis. In this episode, Cole breaks down his viral cybersecurity ecosystem map, the dangerous reality of blitzscaling, and why the AI revolution won't wipe out heavyweights like CrowdStrike. We also get an inside look at how he completely reinvented his independent media empire using advanced AI agents.

    49 min

  5. APR 30

    EP 2. Past, Present and Future of Offensive Security w/ HD Moore

    HD Moore started the Metasploit framework project in 2003, forever changing the game on offensive security. Today, he serves as the CEO of runZero, mapping out global networks from behind the firewall. In this episode, we dive into the scrappy early days of internet security and dumpster diving for computer parts, why the AI revolution might make traditional vulnerability research and CVEs obsolete, and the brute-force reality of modern cybersecurity venture capital. We also explore how HD's deep technical roots helped him build runZero to $1M ARR as a solo operation, plus he shares the hilarious history of how the Blaster worm broke the internet using Metasploit's default port.

    45 min

  6. APR 30

    EP 1. Bromure Secure Browser, Nessus Origins, Overbearer Proxy, Coding with AI, Fundraising in AI

    Renaud Deraison started the Nessus project in 1998 and co-founded Tenable, fundamentally changing how the world handles defensive cybersecurity. Today, he is leveraging AI to build and ship open-source security tools in a matter of weeks. In this episode, we dive into the early days of internet security and hardware scarcity , why the AI revolution might make traditional AppSec obsolete , and the exit pressures of the modern VC landscape. We also explore how deeply technical founders are gaining an "unfair advantage" by knowing exactly how to guide AI agents , plus Renaud shares the hilarious honeypot story that led to his new secure virtualized browser, Bromure.

    1h 8m
  • 6 Episodes

Ratings & Reviews

5
out of 5
2 Ratings

About

A cybersecurity podcast. Cyber conversations with more signal, less Noise. Noise 2 Signal is the antidote to the cybersecurity echo chamber: unfiltered conversations with the people who actually built the field — no buzzword bingo, no vendor pitches.

Information

  • Creator
    Mehul Revankar
  • Years Active
    2K
  • Episodes
    6
  • Rating
    Clean
  • Copyright
    © 2026 Mehul Revankar
  • Show Website
    FromNoise2Signal