Safe Mode Podcast

In this episode of Safe Mode, we sit down with Philip George, Executive Technical Strategist at Merlin Group to talk about the real challenges federal agencies face at the intersection of cybersecurity, AI adoption, and post-quantum cryptography. Philip breaks down the disconnect between cyber spending and mission outcomes, why rushing into AI without sound identity management and data integrity is a recipe for disaster, and what evolving federal cryptographic requirements and shortened certificate lifecycles mean for government IT. We dig into why visibility — simply knowing what's on your network — remains the most powerful defensive posture regardless of the threat, explore the tension between zero trust and agentic AI, and hear Philip's counterintuitive take that the answer to AI-driven security challenges might just be more AI, purpose-built and narrow in scope. Also, Greg sits down with Chris Townsend, Elastic’s Global VP of Public Sector, at the Elastic Public Sector Summit to unpack how agencies can operationalize data amid rising cyber threats. Townsend explains why open standards and cross-agency data sharing matter—and how agentic AI can help modernize SOC operations by prioritizing alerts and speeding response times. In our reporter chat, Greg Otto and Derek Johnson break down the surge of AI-in-cybersecurity developments—from Anthropic’s Project Glasswing and the “too dangerous to release” Mythos model to OpenAI’s trusted-access approach—focusing on what these tools could mean for vulnerability discovery and the balance between real risk and hype.

Bob Ackerman (founder of Allegis Cyber and a partner at DataTribe) joins Safe Mode to talk about where the new national cybersecurity strategy is trying to push the industry—especially around more open, coordinated “active disruption” with government support (and what that does not mean, like hack-back). He shares what he’s hearing from leaders who want clearer “rules of the road,” and why it’s tough to move from reactive collaboraBob Ackerman (founder of Allegiance Cyber and a partner at DataTribe) joins Safe Mode to talk about where the new national cybersecurity strategy is trying to push the industry—especially around more open, coordinated “active disruption” with government support (and what that does not mean, like hack-back). He shares what he’s hearing from leaders who want clearer “rules of the road,” and why it’s tough to move from reactive collaboration to getting ahead of threats. The conversation then turns to AI and why the next couple of years could get “a little spicy,” with offensive tooling accelerating fast and defenders struggling with visibility, noise, and prioritization. Ackerman’s bottom line: don’t get distracted by shiny objects—double down on fundamentals and hygiene, because you can’t defend what you can’t see.tion to getting ahead of threats. The conversation then turns to AI and why the next couple of years could get “a little spicy,” with offensive tooling accelerating fast and defenders struggling with visibility, noise, and prioritization. Ackerman’s bottom line: don’t get distracted by shiny objects—double down on fundamentals and hygiene, because you can’t defend what you can’t see. In our reporter chat, Greg talks with Tim Starks about the proposed CISA budget and warnings that Iran is going after critical infrastructure in cyber domain.

A sophisticated iPhone exploit kit known as DarkSword has escaped the world of targeted espionage and landed in public view—leaked on GitHub in a form that researchers say is trivial to repurpose and deploy. With the barrier to entry collapsing to “copy, paste, host,” the immediate concern is no longer whether advanced actors can use it, but how quickly criminal groups and opportunistic attackers will operationalize it against the enormous population of out-of-date iOS devices. In this episode, Jame’s Michael Covington joins us for a practitioner-level breakdown of what the DarkSword leak changes, who’s exposed, and what defenders can do right now. We dig into the real enterprise blast radius for organizations with BYOD and partially managed fleets, what meaningful detection and response looks like on iOS when visibility is limited, and how to prioritize patch enforcement, quarantine decisions, and Lockdown Mode for high-risk users. We also zoom out to the bigger pattern: highly capable mobile exploitation frameworks (including recent reporting on Coruna) increasingly surfacing outside tightly controlled circles—reshaping the threat model for Apple devices in the enterprise. In our reporter chat, Greg talks with Matt Kapko on what they heard during their many conversations during their time at the RSAC 2026 Conference.

In this episode, we sit down with Chris Formosa to break down the Socksescort disruption—a proxy botnet powered by AVRecon that compromised edge devices at scale. Chris walks us through why the operation was so dangerous, how investigators tracked its command-and-control infrastructure, and what changed between the 2023 disclosure and the eventual takedown in coordination with the Department of Justice. We also dig into why edge devices remain prime targets, where most organizations still have visibility gaps, and what the next evolution of this threat could be. In our reporter chat, Greg Otto and Tim Starks break down DarkSword, a iOS exploit kit that could impact hundreds of millions of people.

On this episode of Safe Mode, Greg Otto and Tim Starks look past the headline release of President Trump’s new cyber strategy and focus on what comes next: the promised follow-on guidance, the rollout of an interagency “cell” spanning DOJ, State, FBI, DoD and others that pairs cyber operations with diplomacy and arrests, and the state-by-state critical infrastructure pilot programs designed to test what actually works before scaling. In our interview segment, acting Federal CISO Mike Duffy lays out his priorities for 2026.

In this episode, we sit down with Gharun Lacy, Deputy Assistant Secretary for the Cyber and Technology Security Directorate at the U.S. Department of State, who issues a stark warning: no organization can defend against quantum-enabled cyber threats alone. Hear Lacy explain why adversaries like China are already harvesting encrypted data today—planning to crack it years from now when quantum computers arrive. He breaks down the "harvest now, decrypt later" threat and why your encrypted data may outlive multiple leadership cycles, creating risks that stretch across generations like an accordion through time. Lacy challenges both public and private sector defenders to stop thinking about their post-quantum encryption plans in isolation. Instead, he argues we must defend "holistically as an ecosystem," with industries and sectors coordinating their transition to quantum-resistant algorithms by 2035. But is that timeline fast enough? In our reporter chat, Greg talks with Derek Johnson about a new study that finds that LLMs can used to deanonymize online profiles.

One year into the second Trump administration, the Cybersecurity and Infrastructure Security Agency (CISA) is facing what former officials and industry partners describe in stark terms: “decimated,” “amateur hour,” and “pretty much fallen apart.” In this episode, Greg Otto dives in with Tim Starks to unpack what’s happened inside the nation’s lead civilian cyber defense agency—and what it could mean for the country’s ability to withstand the next major cyber crisis. In the interview segment, we bring two experts from the DOD's Cyber Crime Center to speak about what they're seeing on the threat landscape.

In this episode, Greg explores the gap between password manager marketing claims of "Zero Knowledge Encryption" and the reality uncovered by Swiss researchers who found 25 attacks against Bitwarden, LastPass, and Dashlane. Professor Kenny Patterson joins Greg to discuss why the industry's "honest-but-curious" security model is dangerously inadequate compared to a "malicious server" threat model, diving into three critical vulnerability categories: account recovery mechanisms that allow attackers to swap encryption keys, seemingly innocent features like icon fetching that leak passwords, and "vault malleability" where individual item encryption lets attackers cut-and-paste data between vault fields. They also discuss how legacy code support and backwards compatibility create cryptographic hazards, and what non-negotiable features are needed to build a truly "provably secure" password manager from scratch.

Join Virtru on Feb 18th for the inaugural DCMMC at 1801 Pennsylvania Ave for a no-nonsense CMMC deep dive followed by a bourbon tasting—grab your spot here. - https://www.virtru.com/dcmmc-event In this episode, we sit down with Stephen Schmidt, SVP & Chief Security Officer at Amazon, to explore the engineering and leadership required to run a "no exceptions" identity program at a global scale. Most organizations suffer from the "fragmentation problem"—a mix of high-security cloud apps and vulnerable legacy systems. Stephen explains how Amazon unified its authentication standard to ensure that every internal account, from a fresh developer environment to a legacy application from 2003, meets the same rigorous bar. In our reporter chat, Greg talks with Derek Johnson on why your AI doctor does not have the same privacy protections as your real doctor.

AI is reshaping cybersecurity faster than most organizations can govern it—and the risk no longer stops at the edge of the enterprise. In this episode, Greg speaks with Brian Dye, CEO of Corelight, about the World Economic Forum’s Global Cybersecurity Outlook 2026: why fraud and phishing are rising on the CEO agenda, why ransomware still dominates operations, and how leaders can build measurable resilience amid growing third‑party and cloud dependencies. In the reporter chat, Greg talks with Derek Johnson on the reaction at the recent NASS conference to the raid on election efforts in Fulton County, Georgia.

In this episode of Safe Mode, we look at how opportunistic campaigns—often starting as loud disruption like DDoS—can probe for weak points and, in some cases, move closer to operational technology and industrial control systems. Using a recent Justice Department case tied to pro‑Russia hacktivist groups as a jumping-off point, we discuss what this pattern says about the OT threat landscape in 2025, from remote access and trust boundaries to engineering workflows and data integrity risk. Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, joins to explain what defenders should prioritize now to keep “noise” from becoming real-world operational impact.

Retired Lt. Gen. Charlie “Tuna” Moore, former deputy commander of U.S. Cyber Command, joins Safe Mode to break down his new paper on “dominating the digital space” and a whole-of-society strategy for defending the United States from cyber aggression. Host Greg Otto digs into why cyber deterrence often fails below the threshold of armed conflict and what a National Cyber Operations Team—integrating private-sector talent under Cyber Command oversight—could look like in practice. Plus, journalist Matt Kapko returns to unpack the messy ethics and incentives behind ransomware negotiations after new guilty pleas spotlight just how unregulated the space can be.

Greg sits down with Adam Myers, Head of Counter Adversary Operations at CrowdStrike, and Elia Zaitsev, CTO of CrowdStrike, to discuss why 2025 has been dubbed the "steroid era" for cybercrime due to AI's transformative impact on both attackers and defenders. The conversation reveals alarming statistics—a 442% increase in AI-powered voice-based phishing attacks, average adversary breakout times dropping to just 48 minutes, and 81% of intrusions now operating without any malware at all—while also exploring how adversaries are exploiting vulnerabilities faster and using AI to write exploits. However, the experts explain how AI is also empowering defenders through agentic security systems like CrowdStrike's Charlotte, which achieves 98.6% accuracy in detection triage, fundamentally shifting the economics of the defender's dilemma and offering hope that AI may ultimately benefit defenders more than attackers.

In our final episode of 2025, Dave Lewis, global advisory CISO for 1Password, joins Greg Otto to unpack the “access‑trust gap”: the growing mismatch between what employees (and tools like AI assistants) can access at work and what security teams can actually see, verify, and control. Dav explains how this gap shows up in everyday ways—logins that bypass intended controls, personal devices used for work, and teams adopting apps or AI tools faster than IT can govern them—and why that combination creates quiet but serious risk. You’ll hear practical advice on narrowing the gap with stronger identity checks, smarter device trust, cleaner SaaS governance, and simple guardrails for safe AI use that don’t crush productivity.

In this episode of Safe Mode, Jim Dolce, CEO of Lookout, reveals that 40% of phishing attacks now target mobile devices—yet CISOs are drastically underspending on mobile security compared to email protection. Jim demonstrates how AI-powered attacks have become devastatingly effective, showing how his team created a voice-cloning impersonation attack in 15 minutes that fooled over half their employees into surrendering credentials, bypassing even multi-factor authentication. He explains why credential theft is now the #1 attack vector, costing $4-5 million per breach, and how modern smishing attacks use scraped social media data to craft hyper-personalized messages that are nearly impossible for humans to detect. Jim's urgent message: enterprises must protect mobile devices with the same rigor as email systems, using AI-powered defenses to combat AI-powered threats.

In this episode, we sit down with Nate Beach-Westmoreland, Head of Strategic Cyber Threat Intelligence at Booz Allen, to explore the evolving sophistication of Chinese cyber operations and their implications for U.S. national security. Our guest breaks down how the PRC leverages trusted-relationship abuse, network edge exploitation, and AI-powered influence campaigns to infiltrate critical infrastructure, evade detection, and operate below escalation thresholds that limit allied responses. From supply chain compromises to the weaponization of artificial intelligence in information warfare, this conversation reveals the strategic chess game playing out in cyberspace—and what the U.S. and its allies must do to regain the advantage.

Visa CISO Subra Kumaraswamy joins Safe Mode to discuss the global scale and complexities of cybersecurity at Visa, from managing a billion transactions daily to maintaining a resilient, “paranoid” defensive posture. Subra reveals how his team blends innovation, threat intelligence, and layered security architectures—not just to protect Visa, but to uplift the wider payment ecosystem—including strategies for defending against supply chain attacks, leveraging AI, and preparing for deepfakes and post-quantum computing. The episode provides a look behind the scenes at how Visa is working to ensure trust and reliability in payments for its global network of cardholders, partners, and merchants.

Rebecca Krauthamer, CEO of QSecure, joins Safe Mode to delve into the rapidly shifting landscape of quantum computing and cybersecurity. The conversation covers the latest government and industry responses to the quantum threat, the urgency of adopting post-quantum encryption, and practical metrics for agencies and organizations. Listen in as the complexities and urgency of preparing for “Q-Day” are unpacked, offering key insights for policy makers, technologists, and anyone concerned with data security’s future.

On this week’s Safe Mode, Greg welcomes Jason Pufahl, VP of Security Services at Vancord. Jason shares deep insights into the evolving managed security landscape, focusing on challenges faced by small and mid-sized businesses and the practical fundamentals they need for strong cybersecurity. He also discusses the evolving role of CISA and the importance of making threat intelligence and resources broadly accessible to help organizations of all sizes strengthen their cybersecurity posture.

In this episode of Safe Mode, Betsy Cooper, founding director of the Aspen Institute’s Policy Academy, details a new initiative designed to mobilize ordinary citizens as cybersecurity policy advocates. The Cyber Civic Engagement program, supported by Craig Newmark Philanthropies’ Take9 campaign, offers virtual training sessions to equip participants with effective communication techniques, policy writing know-how, and access to one-on-one advocacy coaching. As digital threats multiply, Cooper argues that community storytelling and grassroots engagement are essential tools for prompting government action and ensuring critical local services are protected.