Zero Signal

Conor Sherman

Zero Signal is a podcast for CISOs and senior security leaders who are expected to have answers about AI risk before the industry has standards. We go after the strategic questions that don't yet have clean answers — the ones your board is asking and the industry is still debating. Each episode is an honest conversation with someone navigating that pressure — not with perfect answers but with principles, frameworks, and lived experience. We host guests who've had to make real calls under uncertainty and are willing to talk about what worked, what didn't, and what they're still figuring out

  1. 3일 전

    [RE-RELEASE] Clint Gibler on AI Revolutionizing Cybersecurity

    Welcome back to Zero Signal! In this special re-release, Conor Sherman and Stuart Mitchell sit down with Clint Gibler—Head of Security Research at Semgrep, creator of the TLDRsec newsletter, and host of the Modern Security Podcast. Recorded live at Black Hat, Clint breaks down how artificial intelligence is rewriting the playbook for application security, vulnerability discovery, and developer workflows.AI is rapidly transforming cybersecurity, moving from a speculative future tech to an active force automating penetration testing and reshaping how security teams interact with codebases. In this conversation, Clint examines the practical implications, cost structures, and future prospects of deploying AI in security pipelines.More Conversations from Black Hat:The Zero Signal team will be in attendance on the ground again at Black Hat USA 2026, catching up with industry pioneers and capturing more amazing conversations on the cutting edge of cyber defense. Stay tuned for our upcoming on-site coverage!In the meantime, you can dive back into our full library of live event interviews by checking out the Full Black Hat 2025 Episode Playlist on YouTube: https://youtube.com/playlist?list=PLvtGUUDFmi-b-fELkdzirA9yYEcNVfVVJ&si=-6dc4A24dfJWyENpContinued Reading & Resources: TLDRsec Newsletter: https://tldrsec.comThe Modern Security Podcast: https://modernsecurity.ioSemgrep Code Analysis Platform: https://semgrep.devOWASP Top 10 for LLMs & Applications: https://owasp.orgGoogle Project Zero Vulnerability Research: https://googleprojectzero.blogspot.comDeepMind Camel Framework (Agent Separation): https://github.com/camel-ai/camelSocket Supply Chain Security Platform: https://socket.devHugging Face Model Repository: https://huggingface.coTrail of Bits Security Tools & Research: https://trailofbits.comBuilding Secure and Reliable Systems (Google Books): https://sre.google/books/building-secure-and-reliable-systemsComplianceAsCode GitHub Repository: https://github.com/ComplianceAsCode/content00:00 AI's Impact on Penetration Testing03:19 The Future of Junior Pen Testers05:42 Working with AI: A New Paradigm10:31 Trusting AI Outputs12:31 Shifting Down: A New Security Approach15:20 Making Security Invisible for Developers16:44 The Role of AI in Security and Development19:04 Integrating Security into Vibe Coding21:21 Human in the Loop: Balancing Automation and Oversight25:27 Emerging Security Risks in AI Infrastructure29:41 Understanding Prompt Injection Challenges31:05 Innovative Solutions in AI Security32:28 Risks of Model Integration and Code Execution34:14 Navigating AI Model Adoption in Organizations38:52 Career Pathways in CybersecurityAbout the Guest:Clint Gibler is the Head of Security Research at Semgrep, where he focuses on static analysis, developer enablement, and scaling AppSec programs. He is the creator of TLDRsec, a premier weekly newsletter providing deeply technical, actionable security summaries to thousands of industry professionals. Key Topics:Meet our Sponsors:Hampton North is the premier US-based cybersecurity search firm: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signalSysdig is the leader in AI-powered real-time cloud defense: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal

    43분
  2. 6월 26일

    Sean Catlett: Why Agent Trust Must Be Computed, Not Granted

    Welcome back to Zero Signal! In this episode, Conor Sherman and Stuart Mitchell sit down with Sean Catlett, co-founder of Polymodal, founding CISO of Reddit, former Chief Security Officer at Slack, and the executive who pioneered combining security with trust and safety at Bumble. Sean leverages his history across massive technological waves—from the dot-com era to cloud and mobile transitions—to deliver a masterclass on how modern security leaders must adapt to drive enterprise AI adoption or face getting layered out of the room completely. In this deep dive into agentic autonomy, Sean details why the traditional CISO operating model of building walls and forcing technology choices is entirely broken. He introduces the critical concept of "computed trust"—the philosophy that autonomous systems must continuously earn their privileges through verifiable runtime evidence and contextual sensing rather than holding permanently granted access. The conversation unpacks the vital distinction between automating narrow workflows and managing a non-deterministic, long-running agent workforce. Conor, Stu, and Sean confront the upcoming realities of "computer use" execution contexts, the illusion that pure observability equals true legibility, and why co-locating risk directly with product owners is the only sustainable way to survive the logarithmic expansion of insider threats driven by rogue digital twins. Continued Reading & Resources: Polymodal Independent Research: https://polymodal.ai/executive-insights London Tech Week AI Enablement Panels: https://londontechweek.com/cyber-security-agentic-transformation Google NotebookLM Optimization Best Practices: https://notebooklm.google.com/enterprise-strategy ISO 27001 AI Risk Management Implementations: https://www.iso.org/standard/information-security-governance-frameworks Black Hat Europe GRC and EDR Projections: https://www.blackhat.com/eu/briefings/ciso-ai-enablement-trajectories About the Guest: Sean Catlett is the co-founder of Polymodal, an early-stage startup focused on AI embodiment, boundaries, and novel interaction environments. A veteran security executive, Sean served as the founding CISO of Reddit, the Chief Security Officer at Slack, and the head of security, trust, and safety at Bumble. Throughout his career, he has specialized in architecting engineering-led and threat-led security programs built to scale alongside massive business transformation. Key Topics: 01:11 The CISO Transformation: Turning Control Positions into AI Enablement Functions 04:14 Tech Wave Echoes: Applying Dot-Com, Cloud, and Mobile Paradigms to AI Transitions 06:43 Batting Averages in Risk: Why the Office of "No" Gets Layered Out by Boards 09:20 Engineering-Led vs. Threat-Led Security Models: Redefining Teams for the AI Era 12:54 The Errors and Omissions Insurance Trap: Why Delegating Judgment Is Uncovered 17:10 Defining the Agent Primitive: Workflow Automation vs. Bounded Digital Twins 20:20 The Logarithmic Insider Threat: Differentiating Human Actions From Agent Malfunction 26:15 Observability Is Not Legibility: The Failure of Legacy EDR Knowledge in AI Sessions 28:31 Higher Execution Contexts: How Agents Navigate Guardrails via Windows Subsystems 31:00 Computing Trust: Educating Agents at Runtime on Second and Third-Order Effects 38:15 The GRC Shift: Why Future Security Operations Teams Will Deploy Code Directly 45:13 The Bumble Paradigm: Unifying Classical Cyber Defenses with Trust and Safety Meet our Sponsors: Hampton North is the premier US based cybersecurity search firm: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal  Sysdig is the leader in AI-powered real-time cloud defense: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal

    53분
  3. 6월 19일

    Ilya Kabanov: "It's Not a Bug, It's a Feature"—Rogue AI Exposed

    Welcome back to Zero Signal! In this episode, Conor Sherman and Stuart Mitchell sit down with Ilya Kabanov, the creator of "The Weather Report: Independent Dispatches on AI, Security, and Safety," which serves as a vital piece of public infrastructure read by CISOs, CEOs, and startup investors who want to stay grounded on what is actually going on in a market that sells noise. Ilya draws from his deep technical background running security engineering for Schneider Electric and leading AI protections at Google Cloud to give an honest, unvarnished look at the realities of modern enterprise defense. In this conversation, Ilya breaks down the stark reality of modern vulnerability management, where frontier models excel at discovering critical vulnerabilities but corporations are only successfully patching 14% of them. He unpacks how the changing economics of cybercrime—driven by cheap AI token customization—has completely compressed threat actor ROI, democratizing sophisticated cyber attacks and turning every organization into a financially viable target. Conor, Stu, and Ilya also explore why traditional AppSec isn't dying but rather facing massive coordination headwinds inside non-tech companies buried under legacy code and multi-vendor dependencies. The group dives into the dangerous illusion of prompt-level guardrails, the emergence of a cloud-style "shared responsibility model" forced by frontier labs, and why rogue agent behaviors like instrumental convergence are actually built-in features of advanced AI systems that security teams must learn to systematically design around. The Weather Report Project Page: https://theweatherreport.ai Ilya's LinkedIn Independent Briefings: https://linkedin.com/in/ilya-kabanov-ai-security Anthropic Aries Framework & Threat Report: https://anthropic.com/research/aries-defense-evasion-malware-analysis Verizon Data Breach Investigations Report: https://verizon.com/business/resources/reports/dbir-vulnerability-exploitation HackerOne Resolution Metrics & Bug Bounty Data: https://hackerone.com/resources/reporting/vulnerability-resolution-rates Mozilla AppSec Browser Remediation Studies: https://mozilla.org/security/blog/ai-mythos-patching-velocity Ilya Kabanov is the creator and principal architect of "The Weather Report," a weekly personalized briefing that filters noise to provide actionable data for C-suite executives and cloud architects. Before launching this independent nonprofit public infrastructure, Ilya accumulated extensive corporate leadership experience directing core security engineering operations at Schneider Electric and pioneering specialized enterprise AI protection frameworks for Google Cloud. 01:08 Filtering Market Noise to Provide Public Infrastructure for Decision Makers 06:00 The 14% Paradox: Finding Critical Vulnerabilities vs. Actual Corporate Patching Rates 07:22 The Economics of Cybercrime: How AI Compressed Threat Actor ROI Thresholds 11:11 Anthropic Metrics: Exposing the Strategic Use of AI for Defense Evasion and Malware 14:52 The Failure of Resolution Metrics: Why Corporations Can Only Patch 30% of Key Exploits 18:50 Coordination Headwinds: Why Non-Tech Organizations Stash Patches for Months 22:00 Designing Around Human Bottlenecks: Transitioning Toward Closed-Loop Remediation Stacks 27:12 The Kodak Trap: Why Legacy Defense Vendors Struggle to Overcome Core Cultures 44:24 Rogue Agents: Why Gemini 3 Pro Root Escalation is a Feature Not a Bug 48:40 The Cloud Deja Vu: Shifting to a Shared Responsibility Model for Frontier Models Hampton North is the premier US based cybersecurity search firm: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal Sysdig is the leader in AI-powered real-time cloud defense: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal

    53분
  4. 6월 12일

    Cheryl Martin: The CISO Who Says No Is "Toast"

    Welcome back to Zero Signal! In this episode, Conor Sherman and Stuart Mitchell sit down with Cheryl Martin, cybersecurity executive at C86 and former Vice President and Head of Cybersecurity at Capgemini in the UK, where she led over 350 cyber specialists across regulated sectors. Cheryl is a recognized voice on cyber leadership and was named in the 2026 most inspiring women in cyber awards. In this deep dive into modern risk operating models, Cheryl reveals how security leaders can safely navigate massive technological transformation without becoming the corporate bottleneck. Drawing from her extensive background—including her time as the global head of IT risk at HSBC managing 45 distinct global business lines—she unpacks her famous "yellow duck" analogy for scaling risk management, breaking down how to build an approval framework that turns shadow adoption into governed enablement. Conor, Stu, and Cheryl also challenge the outdated stereotype of the CISO who simply says no, tracing the critical shift toward becoming a business evangelist who establishes proactive guardrails. The conversation covers the rise of unstructured "cottage industries" of shadow AI among employees, the threat landscape shifts bringing exploitation windows down to mere seconds, and why executive humility—including the power of black box thinking and reverse mentoring from younger engineers—is a CISO's ultimate weapon for surviving the ongoing AI revolution. C86 Cybersecurity Executive Insights: https://c86.com/cyber-executive-intelligence International Cyber Expo Leadership Panel: https://www.internationalcyberexpo.com/cyber-leadership-technical-environments NIST Artificial Intelligence Risk Management Framework: https://www.nist.gov/itl/ai-risk-management-framework UK Cyber Resiliency Bill Overview: https://www.gov.uk/government/collections/cyber-resiliency-digital-working-legislation Cloud Security Alliance Open-Source Playbooks: https://cloudsecurityalliance.org/research/artifacts/open-source-frameworks-mythos-response Cheryl Martin is a cybersecurity executive at C86 and a highly accomplished cyber transformation leader. She previously served as the Vice President and Head of Cybersecurity at Capgemini in the UK, managing a team of over 350 cyber specialists across heavily regulated sectors. Prior to that, Cheryl was the global head of IT risk at HSBC, directing risk postures across 45 global business entities. She is a recurring speaker at the International Cyber Expo and a recipient of the 2026 Most Inspiring Women in Cyber Award. 01:11 Navigating AI Transformation Without Becoming the Bottleneck 02:48 The Yellow Duck Analogy: Scaling Risk Postures Across 45 Global Businesses 05:47 The Threat of Shadow AI and Employee "Cottage Industries" 09:53 Flipping the Model: From "CISO Says No" to Governed Guardrails 11:11 The Sysdig Vibe Coding Stat: Why You Can't Put Brakes on Devs 17:39 The 5 Major AI Risk Vectors: Data, Models, Security, Supply Chain, and Regulation 21:48 Exploits in 27 Seconds: Tracking Mean Time to Adapt Over Mean Time to Detect 23:15 The Chameleon CISO: Shifting From Infrastructure Defense to Thought Leadership 26:43 Black Box Thinking: Adopting Aviation Industry Models for Cybersecurity Near Misses 28:31 Rising Personal Liability Under NIST2, DORA, and the SEC 31:43 Balancing Soft Skills and Team Burnout Against Complex AI Trajectories 42:41 The Power of Reverse Mentoring: Learning AI Red Teaming From Your Own Engineers Hampton North is the premier US based cybersecurity search firm. Start building your security team with Hampton North: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal Sysdig is the leader in AI-powered real-time cloud defense; stop watching and start defending: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal

    47분
  5. 6월 5일

    Ayoub Fandi: Why Your Audit Program is Lying to You

    Welcome back to Zero Signal! In this episode, Conor Sherman and Stuart Mitchell sit down with Ayoub Fandi, the creator of the GRC Engineering Movement and author of the GRC Engineering Newsletter, read by thousands of security and compliance practitioners. Ayoub drops a truth bomb on the industry, exposing how typical SOC 2 audits rely on antiquated methodologies that sample a measly 25 pull requests out of thousands, slapping a 100% coverage certification on what amounts to 0.07% of actual infrastructure. He breaks down how this "abusal of trust signals" leaves organizations blind to systemic risk at a time when automated threat actors are moving faster than ever. The conversation dives deep into why 86% of GRC teams are still stuck relying on spreadsheets, how to weaponize compliance rules to win security infrastructure battles against development teams, and why the next generation of GRC platforms won't be SaaS tools but foundational AI models with real-time data wrappers. Finally, Ayoub outlines the future of Third-Party Risk Management (TPRM) through his open-source project, Corsair, moving the industry away from static PDFs and toward cryptographic, automated continuous assurance. The GRC Engineering Newsletter: https://grcengineering.com/newsletter Corsair Open-Source Trust Infrastructure: https://github.com/grcengineering/corsair Ayoub's State of the GRC 2026 Report: https://grcengineering.com/state-of-grc-2026/ Death By Claude Tracker: https://deathbyclaude.com/ Ayoub Fandi is the founder and principal pioneer of the GRC Engineering Movement. A former leading GRC engineer at GitLab, where he built custom cloud compliance infrastructure from scratch, Ayoub specializes in treating compliance and risk modeling as data engineering problems. He is an international speaker who recently presented his findings at RSA Conference 2026. 01:08 Transforming GRC from an Audit Prep Machine into an Engineering Program 01:54 The 25 PR Fallacy: Why Your SOC 2 Audit is Lying to You 02:23 Financial Auditing Legacies: Copy-Pasting Methods from the Enron Era 04:14 The Abuse of Trust Signals in Third-Party Risk Management 06:33 CISOs as Cynics: GRC Relegated to a Sales Enablement Tool 08:32 Compliance is Latin for Cash: Procurement vs. Real Security 09:16 CYA Mode: Why Standard Questionnaires Provide Zero Vendor Assurance 11:00 Building Corsair: Leveraging Open Protocols for Continuous Assurance Data 13:40 The Critical Sweet Spot: Auditing High-Risk, Low-Headcount AI Vendors 16:13 Replacing the GRC Acronym with a Trust and Assurance Framework 20:05 Deterministic Checkboxes vs. Probabilistic Risk Postures 21:08 Turning Compliance into Real-Time Observability Engine Metrics 22:56 The 2026 Survey: Why 86% of Security Programs Are Trapped in Excel 24:32 Relational Spreadsheets vs. Unified Graph Data Models 27:51 Excel Pivot Tables vs. Modern Prompt Engineering Roles 31:00 Node Hallucinations: What Happens When AI Drafts and Reviews Audit PDFs 35:28 The Notion and Cloudcore Shift: The Next GRC Platform is a Foundation Model 37:10 Leveraging Model Context Protocol (MCP) to Connect Direct Sources of Truth 41:42 The Lagging Indicator: Why Fortune 500s are Hiring Technical GRC Engineers 45:44 Parkinson’s Law: How Audit Calendars Expand to Destroy Security Innovation 47:34 Weaponizing Standards: Using Compliance to Win Hardening Battles with Devs 49:15 Control Planes and Telemetry: Who Will Own Future Assurance Programs? Hampton North is the premier US based cybersecurity search firm. Start building your security team with Hampton North: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal Sysdig is the leader in AI-powered real-time cloud defense; stop watching and start defending: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal Continued Reading & Resources:About the Guest:Key Topics:Meet our Sponsors:

    53분
  6. 5월 29일

    Loris Degioanni: Headless Security and the Coding CISO

    Welcome back to Zero Signal! In this episode, Conor Sherman and Stuart Mitchell are joined by cybersecurity royalty: Loris Degioanni, the co-founder of Wireshark, founder and CTO of Sysdig, and the creator of Falco, the open-source standard for cloud-native runtime threat detection. Loris steps up to break down a revolutionary new architectural paradigm: Headless Cloud Security. Following the release of Sysdig's brand new model for agentic defense, Loris explains why the era of security teams staring at dashboards and clicking through complex UIs is dead. With exploit windows rapidly collapsing down to mere minutes, the interface must entirely disappear into the environment where coding agents live. In this conversation, Conor, Stu, and Loris discuss the shift toward flattening security organizations and the rise of the "Coding CISO". They challenge the failing legacy strategy of baking checklists into standalone agents, arguing instead for injecting security and hard-coded expertise directly into the substrate of development tools via open-source communities, MCPs, and plugins. Sysdig Cloud Native Security and Usage Report (2026): https://sysdig.com/resources/papers/2026-cloud-native-security-and-usage-report/ Falco Open Source Project: https://falco.org/ Wireshark Foundation: https://www.wireshark.org/ Loris Degioanni’s Headless Security Founder's Letter: https://sysdig.com/blog/headless-security/ Loris Degioanni is a foundational pillar of modern computer networking and cloud security. He is the co-founder of Wireshark, the world's most widely used network protocol analyzer, and the founder and CTO of Sysdig. An open-source pioneer, Loris also created Falco, the CNCF graduated standard for cloud-native runtime threat detection. He holds a PhD in Computer Engineering from Politecnico di Torino and actively contributes to re-architecting cybersecurity for the agentic era. 01:17 Rebuilding the Operating Model Around Coding Agents 01:54 Defining Headless Security: Moving Beyond Dashboards 03:34 The Disappearing UI: Consuming Software Inside the Agent 06:53 Prioritizing Outcomes Over Problems: The Death of Point-and-Click 08:18 Shifting Beyond Traditional Vulnerability Prioritization 09:55 Tech Layoffs and Flattening Organizations: Everyone Becomes a Contributor 11:31 Rise of the "Coding CISO": Why Executives Must Get Hands-On 12:38 Building GRC and Security Tooling in Hours with Claude Code 13:46 Blending Architectural Vision with Agent Management Skills 15:21 The Defensive Paradox: Why AI Will Increase Cyber Headcount 18:04 The Three Technical Pillars of 2026 Tech Stacks 20:32 Rediscovering the "Love of the Game" Through Prompt-Driven Creativity 24:12 The Timeline of Failing Strategies: Trying to Bake Security Into the Agent 25:34 The Evolution of Substrate Security: From AutoGPT to 4.6 Models 28:44 The Friction of Tool Fragmentation vs. Centralized Ecosystems 31:37 Private Enterprise LLMs: The Safe Way to Handle Token Costs 34:11 Democratizing Software Development: The Marginal Cost of Code Hits Zero 37:40 Overcoming the Enterprise Fear of Open-Source Foundation Integration 40:20 Defining "Skills" in the Headless Architecture (Integrations, Skills, Facilitation) 41:38 Encoding True Engineering Expertise into AI Plugins Hampton North is the premier US based cybersecurity search firm. Start building your security team with Hampton North: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal Sysdig is the leader in AI-powered real-time cloud defense; stop watching and start defending: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal Continued Reading & Resources:About the Guest:Key Topics:Meet our Sponsors:

    50분
  7. 5월 22일

    Sounil Yu: How to Solve Problems & Manage Predicaments

    Welcome back to Zero Signal! In this solo episode, Conor Sherman sits down with Sounil Yu—Cybersecurity Hall of Fame inductee, SANS Lifetime Achievement Award recipient, and Chief AI Safety Officer at Knostic. Sounil delivers a masterclass on navigating shifting security landscapes. He breaks down the difference between a "problem" (technologically fixable) and a "predicament" (a systemic risk to manage), such as collapsing exploitation timeframes following the release of "Mythos". Conor and Sounil also unpack why traditional TPRM questionnaires fail, how AI coding agents help teams replace "sick legacy pets" with "cattle" architectures, the Zero Trust renaissance, and why 10x-ing individual cognition will trigger organizational chaos without proper structural reorgs. Continued Reading & Resources: Knostic AI Infrastructure Security: https://knostic.ai The Cyber Defense Matrix Hub: https://cyberdefensematrix.com/ Cyber Defense Matrix Book Guide: https://cyberdefensematrix.com/book/ Thinking, Fast and Slow by Daniel Kahneman: https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555 The Cynefin Framework overview via Dave Snowden: https://thecynefin.co/about-us/about-cynefin-framework/ Sounil’s Piece on Predicaments (2022): https://threatpost.com/security-problems-vs-predicaments/179267/ The AI Vulnerability Storm Whitepaper: https://labs.cloudsecurityalliance.org/research/ai-vulnerability-storm-mythos-ready-security-program/ Unprompted and Seasides Conferences: https://unprompted.co/ and https://seasides.io/ Crab Trap Open-Source Project by Brex: https://github.com/brex/crabtrap Key Topics: 01:13 Meet Sounil Yu: Hall of Fame Thinker & Chief AI Safety Officer 03:54 Breaking Down the Cyber Defense Matrix: A 10-Year Retrospective 04:32 Applying the Cynefin Model: Chaotic, Complex, Complicated, Clear 05:50 The Ultimate Advice for Chaos: Don't Stand Still, Move 08:15 Problems vs. Predicaments: The Crucial Boardroom Distinction 09:21 Why Third-Party Risk Management (TPRM) Questionnaires Solve Nothing 12:54 Playing Bingo vs. Playing Blackout: Managing Cost Calculus 14:23 Facing the AI Vulnerability Tsunami: When Patches Fail 16:17 Legacy Systems as Sick Pets: The Case for Code Refactoring Agents 17:58 Moving from CIA to DIE: Distributed, Immutable, and Ephemeral 20:38 The Zero Trust Renaissance: Assembling the Bricks You Already Bought 23:08 The Three Little Pigs of AI Architecture: Building a Resilient Straw House 25:00 Mythos vs. Scaffolding: Exponential Trajectory in Vulnerability Disclosures 30:41 Inbound vs. Outbound Controls: The Criticality of Egress Filtering 33:24 Open Source Egress: Leveraging Tools Like Crab Trap 35:07 The Strategy of Allergic Reactions: Calibrating for Fast Environments 39:45 AI Convergence: What Happens When Everyone Becomes a Developer? 41:40 Individual Contributors as Task Masters: Assigning Agentic Workloads 42:52 System 1 vs. System 2 Thinking in Cybersecurity Risk 44:11 The Organizational Efficiency Mirage: Why You Haven't Seen the AI Payoff 46:12 Reorg Patterns: Borrowing Scaled Leadership Architecture from the Military Meet our Sponsors: Hampton North: Premier US-based cybersecurity search firm. Build your security team: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal Sysdig: The leader in AI-powered real-time cloud defense. Stop watching, start defending: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal

    50분
  8. 5월 15일

    Matt Peters on the AI “Captain America Serum” and Rebuilding the Broken Enterprise Foundation

    Welcome back to Zero Signal! In this special solo-host episode, Conor Sherman sits down with Matt Peters, co-founder and CEO of Fixify. With a powerhouse pedigree as the former Chief Product Officer at Expel and VP of Worldwide Operations at Mandiant during the height of the APT era, Matt brings a unique perspective on the intersection of cybersecurity heritage and IT transformation. Matt breaks down the reality behind the "AI productivity" hype, unpacking Fixify’s 2026 Benchmark Report. While AI allows organizations to resolve tickets 16 times faster, first response times remain identical—highlighting a critical gap in human expectations versus machine efficiency. They discuss why 95% of GenAI pilots fail not because of the technology, but due to a "poverty of vision" and misaligned organizational incentives. In this conversation, Conor and Matt explore how AI acts as a "Captain America serum" for businesses, the collapse of the zero-day patching clock to under 24 hours, and why the next era of leadership requires "systems thinking" over simple domain expertise. Continued Reading: The Enterprise AI Playbook (Stanford Digital Economy Lab) Fixify — 2026 IT Help Desk Benchmark Report Fixify 2026 Benchmark Report  Sysdig 2025 Cloud-Native Security and Usage Report Sysdig 555 Benchmark for Cloud Detection and Response  Sysdig Threat Research: LLM-assisted cloud attack MIT NANDA: The GenAI Divide: State of AI in Business 2025 Prophet Security  Prediction Machines by Agrawal, Gans, and Goldfarb The Myths of Innovation by Scott Berkun About the Guest: Matt Peters is the co-founder and CEO of Fixify, an AI-powered IT platform. Before Fixify, he served as the Chief Product Officer at Expel, a leading MDR provider, and spent years at Mandiant managing worldwide operations during the most significant state-sponsored cyberattacks in history. Matt is a recognized expert in incident response, product strategy, and leveraging AI to solve complex organizational friction.⁠ Matt Peters LinkedinKey Topics: 01:14 Why AI is a "Captain America Serum" for Organizations 02:13 The 16x Resolution Speed Gap: Why First Response Times Haven't Moved 04:20 Trimming the "Slop": How AI Handles the Tier 2 Long Tail 06:58 The Average Enterprise Has 150+ Apps (and IT Doesn't Know Half of Them) 09:00 Why 95% of GenAI Pilots Fail: Lessons from MIT & Stanford 12:02 Solutions vs. Problems: The Importance of Problem Definition 15:03 The Productivity Dip: Why You Shouldn't Fire Your Staff the Day AI Arrives 16:25 Shipping Containers & Unit Economics: Reworking the Whole Business Around AI 19:28 From "Get It Right" to "Generate and Judge": The New Dev Cycle 21:39 The "Infinite People" Mental Model: Reimagining Constraints 26:21 The CMDB Myth: Building AI on Brittle Technology Foundations 32:17 Threat Actors Using LLMs to Own Cloud Accounts in Under 10 Minutes 35:28 The "What Now?" Problem in Incident Response 38:54 The Collapse of the Patching Clock: From Two Years to One Day 42:48 Decision Points: Who Makes the Call When the CEO is Asleep? 47:23 Intent-Based Leadership: "Turn the Ship Around" for AI Agents 51:08 The Three Traits of Durable Leaders: Systems Thinking, Curiosity, and Clarity Meet our Sponsors: Hampton North is the premier US based cybersecurity search firm. Start building your security team with Hampton North: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal Sysdig is the leader in AI-powered real-time cloud defense; stop watching and start defending: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal

    54분
5
최고 5점
4개의 평가

소개

Zero Signal is a podcast for CISOs and senior security leaders who are expected to have answers about AI risk before the industry has standards. We go after the strategic questions that don't yet have clean answers — the ones your board is asking and the industry is still debating. Each episode is an honest conversation with someone navigating that pressure — not with perfect answers but with principles, frameworks, and lived experience. We host guests who've had to make real calls under uncertainty and are willing to talk about what worked, what didn't, and what they're still figuring out

좋아할 만한 다른 항목