On this week’s Safe Mode, Greg welcomes Jason Pufahl, VP of Security Services at Vancord. Jason shares deep insights into the evolving managed security landscape, focusing on challenges faced by small and mid-sized businesses and the practical fundamentals they need for strong cybersecurity. He also discusses the evolving role of CISA and the importance of making threat intelligence and resources broadly accessible to help organizations of all sizes strengthen their cybersecurity posture.

In this episode of Safe Mode, Betsy Cooper, founding director of the Aspen Institute’s Policy Academy, details a new initiative designed to mobilize ordinary citizens as cybersecurity policy advocates. The Cyber Civic Engagement program, supported by Craig Newmark Philanthropies’ Take9 campaign, offers virtual training sessions to equip participants with effective communication techniques, policy writing know-how, and access to one-on-one advocacy coaching. As digital threats multiply, Cooper argues that community storytelling and grassroots engagement are essential tools for prompting government action and ensuring critical local services are protected.

Kevin Greene, chief cybersecurity technologist for the public sector at BeyondTrust, joins Greg to unpack the fallout from the recent lapse of the CISA information sharing bill and what it means for both public and private sector cyber defenses. The conversation dives into how the threat landscape has shifted since the bill’s original passage, the limitations of relying solely on indicators of compromise, and the need for more proactive, behavior-based analytics. Kevin shares insights on identity management—including the challenges of both human and machine identities—and emphasizes that meaningful information sharing must be modernized to stay relevant.

This episode of Safe Mode features a nuanced conversation with Ben Harris, CEO of Watchtower, who delves into the complexities of vulnerability management in today’s threat landscape. Harris discusses why traditional patching is no longer a guarantee of security, revealing how sophisticated attackers are staying persistent even after organizations update and remediate systems—particularly in the challenging context of edge devices and black-box appliances. Drawing on real-world research and recent incidents involving vendors like Oracle, Cisco, and Avanti, the interview highlights the urgent need for resilience, increased transparency from companies, and a cultural shift toward proactive detection.

This week on Safe Mode, we talk with Scott Montgomery, VP of Federal at Island, about the realities of achieving FedRAMP authorization. Scott demystifies the often daunting FedRAMP process, shares lessons learned from real-world experience, and reveals the biggest pitfalls organizations face. From data sensitivity requirements to the growing importance of automation in security compliance, this episode is essential listening for anyone navigating federal cloud standards or considering a move into the government tech space. In our reporter chat, Greg talks with Matt Kapko about a whirlwind week around Clop's targeting of Oracle.

In this week's episode of Safe Mode, Greg Otto talks with Brian Carbaugh, CEO of Andesite, who reveals how lessons learned in the CIA are transforming Andesite’s unique, human-first approach to AI-driven cybersecurity. Carbaugh shares behind-the-scenes stories about building a “bionic SOC,” where cutting-edge artificial intelligence works seamlessly with analysts, amplifying their skills, streamlining investigations, and making security operations not just more efficient but genuinely exciting. In our reporter chat, Greg and Matt Kapko dive into a week's worth of critical vulnerabilities and government emergency directives, and how enterprises have responded in kind.

In this episode of Safe Mode, Greg talks with Silas Cutler, principal security researcher at Census, how ransomware attackers chain together overlooked vulnerabilities, especially in platforms like SharePoint, and why patch fatigue leaves defenders at risk. Silas breaks down advanced ways criminals maintain access even after patches, and explains what makes government and critical sectors prime targets. We discuss the real challenges of incident response, threat intelligence, and preventing long-term damage—especially in complex cloud and hybrid environments. In our reporter chat, Greg talks with Tim Starks about two marquee stories this week: a look at how the government information sharing law renewal has sputtered, and a new China-linked espionage campaign has researchers sounding the alarms. https://cyberscoop.com/cyber-threat-information-law-hurtles-toward-expiration-with-poor-prospects-for-renewal/

On this episode of Safe Mode, we’re joined by a renowned cybersecurity expert and CyberScoop 50 winner, Veracode co-founder and CTO Chris Wysopal, to discuss the fast-evolving landscape of AI-assisted software development. Chris shares insights from a recent study examining over 100 large language models and their tendency to introduce security vulnerabilities in generated code. The conversation delves into why a staggering 45% of AI-generated code samples contained vulnerabilities and why improvements in AI reasoning haven’t translated to more secure outputs. Chris emphasizes the critical need for enhanced security testing and better quality training data, discussing both the challenges and opportunities ahead as AI adoption accelerates. Tune in for a thoughtful exploration of the intersection between AI, secure coding, and what the future holds for developers and enterprises alike. In our reporter chat, Greg talks with Derek Johnson about work that OpenAI and Anthropic have done with the U.S. and U.K. government to secure their models.

In this episode, Greg Otto talks with Sonu Shankar, President at Phosphorus, to discuss the unique security challenges facing today’s rapidly expanding Internet of Things landscape, where traditional endpoint protections are ineffective. The episode explores how everyday devices with default passwords and outdated firmware open organizations up to significant risk. Shankar highlights the tactics of groups like Salt Typhoon, who exploit these weak spots to infiltrate and persist within networks. The conversation underscores the pressing need for deeper asset inventory and active discovery in critical environments. In our reporter chat, Greg talks with Matt Kapko about a supply-chain attack on npm that turned out to be pretty close to a false alarm.

In this episode, Greg Otto talks with Cynthia Kaiser Sr. Vice President of Halcyon’s Ransomware Research Center, discussing the latest ransomware operations and exploring the latest shifts in the cyber threat landscape. Greg and Cynthia discuss the rise of new groups like DragonForce, SafePay, and Fog, and the decline of once-dominant names such as LockBit and BlackBasta. They also discuss unique tactics and tools employed by emerging players, discuss the impact of law enforcement and internal group dynamics, and examine why certain industries are now prime targets. Learn how attackers choose their victims, the early warning signs organizations should watch for, and the most frequent pitfalls in ransomware defense. In our reporter chat, Greg talks with Matt Kapko about the deep drive into an accused ransomware affiliate that has been given a long leash by law enforcement while he awaits trial.

In this episode of Safe Mode, host Greg Otto talks with Tim Starks about what would happen if the nation’s information sharing law – known as CISA 2015 – expires at the end of September. In our interview segment, Greg talks with Kevin Hanes, CEO of Reveal Security, exploring the critical and often overlooked world of machine identity security. From the blind spots in privileged access management that focus too heavily on human users while machines hold increasingly sensitive roles, to the operational challenges of securing identities in cloud-native, containerized, and AI-powered environments, Kevin shares practical insights on scaling visibility and maintaining accountability across fragmented teams.

In this episode of Safe Mode, host Greg Otto talks with Dave DeWalt, founder and CEO of NightDragon, about advising boards and portfolio companies on making cyber a first-order business issue, not an afterthought. We’ll explore how emerging technologies and remote work reshape risk profiles, when a CISO belongs in the board conversation—or even in a board seat—and what training and metrics actually move the needle across non-technical teams. We’ll also unpack how to motivate leaders outside of IT to own cyber risk, the structures that drive enterprise-wide accountability, and what information boards should demand to ensure the right risks are being prioritized. From calibrating cyber risk appetite in shifting threat environments to staying ahead of evolving regulations across sectors like power and aviation, we’ll get practical on governance and disclosure. In our reporter chat, Greg talks with Derek Johnson about the president’s possible push to end mail-in voting, and why the efforts are dead on arrival.

In this episode of Safe Mode, host Greg Otto sits down with Chris Sestito, CEO of HiddenLayer Technologies, to discuss the evolving landscape of AI security and where current protection strategies are falling short. Sestito shares insights on how leading enterprises are rethinking their approach to AI asset protection, reveals real-world examples where traditional security measures failed against AI-specific threats, and explains the unique vulnerabilities that conventional cybersecurity tools struggle to address. The conversation explores the tension between rapid AI innovation and regulatory frameworks, with Sestito offering his perspective on what smarter, more adaptive AI regulation should look like and how policymakers can balance innovation with robust security protections. Don't miss this deep dive into the future of AI security, insider threats in AI-driven workplaces, and Sestito's top recommendations for government regulators crafting new AI security laws In our reporter chat, Greg talks with Tim Starks about what the federal government is doing to meet the demands put forth in President Trump’s cybersecurity executive order.

On this episode of Safe Mode, Greg Otto sits with two CISA leaders, Chris Butera, Acting Executive Assistant Director for CISA’s Cybersecurity Division, and Bob Costello, CIO of CISA, at the 2025 Black Hat USA Conference to discuss numerous different topics: the recent Microsoft Sharepoint vulnerability, the upcoming CIRCIA rulemaking, the future of the JCDC, state and local cyber grants, and the emphasis they are placing to strengthening public-private partnerships. In our reporter chat, Greg talks with Matt Kapko about what they both heard during their conversations at the Black Hat conference.

On this episode of Safe Mode, host Greg Otto sits down with Daria Bahrami, Head of Policy at Dreadnode, for an in-depth exploration of the new AI Action Plan and its sweeping implications for critical infrastructure security. From the technical hurdles in securing vital systems to the growing need for “secure-by-design” technology standards, Daria breaks down what’s at stake as artificial intelligence becomes both a linchpin and a potential liability in our national cyber defenses. In our reporter chat, Greg talks with Tim Starks about the motion on Capitol Hill to confirm CISA Director nominee Sean Plankey.

In this episode of Safe Mode, Greg talks with Tom Pace, CEO of Netrise, about the recent Salt Typhoon cyberattack against U.S. telecom networks and how the government is responding. Tom explains why it’s so hard to fully protect or fix these giant, complex systems, even when officials say they have stopped the threat. He points out the tough choices telecom companies face—like keeping service running, following regulations, and fixing security gaps—which don’t always work together. The conversation also covers problems with current rules and why spending more money isn’t always the answer. Listen for a straightforward discussion about what it will really take to keep our communication networks safe.

Greg is joined in studio with Kemba Walden and Devin Lynch from the Paladin Global Institute about securing the future of AI. They break down the multilayered AI technology stack and highlight where systems are most at risk—from data poisoning to adversarial model extraction. We discuss the adequacy of today’s security standards, the evolving responsibilities of cloud providers, and the ethical challenges facing policymakers in an era of rapid AI adoption. Tune in for practical insights on best practices, global cooperation, and the next wave of threats and opportunities as AI shapes critical infrastructure worldwide.

Greg dives into the escalating landscape of SaaS security threats, highlighted by a recent CISA alert on cyber activity targeting Commvault’s SaaS cloud application, and a stark warning from JPMorgan Chase’s CISO on the rising risks of SaaS integration models. Joining us is Yoni Shohet, CEO of Valence Security—a leader in SaaS security—who will share insights into why SaaS security has become a critical topic in major forums, indicators that these attacks are on the rise, and which industries are most at risk.

This week, Greg talks to Will Dixon, Senior Intelligence Collection Manager for Intel471, about the lifecycle and takedown of DanaBot — one of the most notorious malware-as-a-service (MaaS) platforms of the last decade. We'll explore how DanaBot transformed from a banking trojan into a full-featured MaaS tool, capable of serving both criminal enterprises and espionage operations. Will shares insights on its technical evolution, how it became a vital cog in the Initial Access Broker (IAB) ecosystem, and the anti-forensic tricks that kept detection teams on their toes. We'll also dig into the broader impact on the cybercrime underground: How did DanaBot’s productization and subscription model reshape the MaaS and IAB economies? Has its downfall changed how actors maintain operational security, or blurred the lines between crimeware and espionage tools? This episode is perfect for anyone interested in the inside story of a leading-edge cybercrime operation and global enforcement campaign.

Greg Otto talks with Andrew Carney, project manager at DARPA, about the AIxCC competition. With the finals set to be held in August during DEF CON, they discuss how these autonomous systems fared in detecting and remediating vulnerabilities, as well as the key lessons learned from live exercises and the semifinals. The conversation highlights DARPA's vision to merge formal software engineering with large language models to dramatically reduce software vulnerabilities and explains the scientific and engineering advances still needed to achieve this goal at scale. We also examine the challenges of safeguarding critical infrastructure, particularly when so much depends on open-source projects maintained by volunteers, and consider the impact of AI on patch deployment, code verification, and sustainable defense. In the reporter chat, Greg talks with Matt Kapko about a story debunking the 16 billion password hack.