Episode Summary
Saad Ullah, PhD student and founder of CVE-Genie, joins to explain how AI is changing vulnerability management and why defenders need to rethink their approach as threat actors adopt these tools. You’ll hear how his research is shaping the future of cybersecurity and what it means for staying ahead of attacks.
Sponsors
Thank you to our sponsors who make this show possible.
→ Hampton North. Hampton North is the premium US based cybersecurity search firm.
→ Sysdig. Secure the cloud the right way with agentic AI.
Guest Bio
Saad Ullah is a PhD student at Boston University, a founder of CVE-Genie, and a key member of the Shellfish team for DARPA's cyber reasoning challenge. His work focuses on advancing AI-driven vulnerability management and has made a significant impact in the cybersecurity research community.
Chapters
00:00 Banter
02:24 Guest Intro: Saad Ullah
05:08 AI in Cybersecurity: The Emergence of Threats
07:41 CVE Genie: Revolutionizing Vulnerability Management
10:13 The Asymmetry of Defense: Challenges Ahead
15:49 The Future of Vulnerability Remediation
18:20 The Role of Security Engineers in an AI-Driven World
20:40 Building Trust in AI Systems for Cybersecurity
23:13 Passion and Evolution in Cybersecurity Careers
26:22 Collaboration and Support in Research
33:06 Exploring Vulnerabilities: The Journey Begins
36:25 Building a Comprehensive Benchmark for Vulnerabilities
39:33 Future of Vulnerability Management and Remediation
42:39 Looking Ahead: Conferences and Future Projects
44:52 Reflecting on Season One Highlights
48:26 Outro
Resources & Links
Call to Action
If you found this episode useful, please share it and subscribe!
→ Spotify.
→ YouTube
→ Website
Follow You Hosts:
→ Conor Sherman: LinkedIn
→ Stuart Mitchell: LinkedIn
Episode Summary
Amelia Forrest Kaye (AFK) joins to break down how security and tech leaders can turn crises into opportunities to build trust, navigate the fast-changing risks of AI, and why building strong relationships across teams—and your own personal brand—matters more than ever.
Sponsors
Thank you to our sponsors who make this show possible.
→ Hampton North. Hampton North is the premium US based cybersecurity search firm.
→ Sysdig. Secure the cloud the right way with agentic AI.
Guest Introduction
Amelia, or AFK as many know her, is a Fractional Chief Customer Officer and Executive Advisor who has spent nearly two decades shaping the post-sales and customer success engines at companies like Expel, Salt Security, and Tanium.
Chapters
00:00 Welcome
01:44 Crisis Management and Customer Trust
12:43 Bermuda Triangle of AI, Security & Market Forces
25:09 Understanding Customer Patience and Expectations
25:36 Customer Retention in the Age of AI
27:47 Ignition Metrics: The Key to First Value
34:42 Transformative CISOs: Building Cross-Departmental Relationships
44:21 The Importance of Personal Branding for Security Leaders
55:27 Monday Morning Advice
Referenced Links & Resources
Call to Action
If you found this episode useful, please share it and subscribe!
Add subscription links: Apple Podcasts | Spotify | YouTube | Website.
Episode Summary
Damien Lewke, founder and CEO of Nebulock, joins to discuss how agentic AI is rapidly changing cybersecurity, making both attacks and defense faster and more accessible. You’ll hear why proactive, AI-driven threat hunting is now essential for every organization, and how Damien’s experience at top security firms shapes his approach to democratizing these tools.
Sponsors
Thank you to our sponsors who make this show possible.
→ Hampton North. Hampton North is the premium US based cybersecurity search firm.
→ Sysdig. Secure the cloud
the right way with agentic AI.
Guest Bio
Damien Lewke is the Founder and CEO of Nebulock, a Boston-based cybersecurity startup pioneering autonomous, agentic threat hunting. Before launching Nebulock, he led key roles at Northrop Grumman, CrowdStrike, Palo Alto Networks, and Arctic Wolf, and is now at the forefront of using AI to transform proactive defense.
Episode Breakdown
00:00 Banter
03:22 The Evolution of Cybersecurity and Threat Hunting
10:17 Vibe Hunting: A New Approach to Threat Detection
16:21 Leadership as a Verb in Cybersecurity
19:09 Adversaries Leveraging AI: A New Era
24:38 Rethinking Security Strategies
31:05 The Future of Security Teams and AI
37:26 Career Advice for Threat Hunters
Resources & References
Call to Action
If you found this episode useful, please share it and subscribe!
→ Spotify.
→ YouTube
→ Website
Follow You Hosts:
→ Conor Sherman: LinkedIn
→ Stuart Mitchell: LinkedIn
Episode Overview
In this episode, cybersecurity leader Iman Ghanizada shares insights on how AI is reshaping the security landscape, the evolving role of CISOs, and why security teams must adapt to drive business value. His experience at Google and industry perspective make this a must-listen for anyone interested in the future of cybersecurity and organizational risk.
Sponsors
Thank you to our sponsors who make this show possible.
→ Hampton North. Hampton North is the premium US based cybersecurity search firm.
→ Sysdig. Secure the cloud the right way with agentic AI.
About the Guest
Iman Ghanizada is a globally recognized cybersecurity leader known for his work at Google on autonomic security systems and for helping shape the industry through published books and innovative frameworks like CDCR. He has a track record of driving security transformation and is respected for his visionary approach to both technology and business risk. Connect with Iman on LinkedIn to follow his latest work and insights.
Episode Breakdown
00:00 The Evolution of Cybersecurity
02:54 AI and the Future of Security
06:01 The Role of CISOs in Modern Organizations
11:48 AI's Impact on Security and Business Growth
14:49 Red Teaming and the Future of AI Security
18:28 Integrating AI in Security Operations
25:52 Rethinking Security Roles and Responsibilities
30:48 The Future of the CISO Role
36:29 Corporate Espionage and Insider Threats
40:26 Navigating AI Workloads in Cloud Environments
44:34 Intro Long - Final.mp4
Referenced Resources
Subscribe & Follow
If you found this episode useful, please share it and subscribe!
→ Spotify.
→ YouTube
→ Website
Follow You Hosts:
→ Conor Sherman: LinkedIn
→ Stuart Mitchell: LinkedIn
Episode Summary
In this episode, Ira Goldstein, Executive Chair and CEO of Ultraviolet Cyber, shares insights on the company's acquisition of Black Duck's application security testing business and explains how CISOs can drive value and manage risk during cybersecurity M&A.
Sponsors
Thank you to our sponsors who make this show possible.
→ Hampton North. Hampton North is the premium US based cybersecurity search firm.
→ Sysdig. Secure the cloud the right way with agentic AI.
Guest Bio
Ira Goldstein is the Executive Chair and CEO of Ultraviolet Cyber and the Founder and CEO of Kernel Advisory. He has scaled global operations at Herjavec Group as SVP and COO. Ira also serves on boards, including Rogers CyberSecure Catalyst.
LinkedIn: https://www.linkedin.com/in/goldsteinira/
Website: https://www.uvcyber.com/
Episode Breakdown
00:00 Banter
02:33 Guest Introduction: Ira Goldstein
03:41 Exploring Cyber M&A Trends
10:57 The Role of Security Leaders in M&A
18:08 Ultraviolet Cyber's Acquisition of Black Duck
21:13 The Impact of AI on Code Quality
28:26 Navigating the Cybersecurity Market Landscape
31:09 Building Trust in Cybersecurity Partnerships
41:11 Monday Morning Advice for Security Leaders
44:25 Outro
Referenced Resources
Follow and Subscribe
→ Spotify.
→ YouTube
Episode Summary
Karl Mattson shares his journey from CISO to venture investor, offering practical advice on what makes founders successful in cybersecurity and how AI is rapidly changing the field. If you want to understand career transitions and what it takes to thrive in today's security landscape, this episode gives you direct insights from someone who's done it all.
Sponsors
Thank you to our sponsors who make this show possible.
→ Hampton North. Hampton North is the premium US based cybersecurity search firm.
→ Sysdig. Secure the cloud the right way with agentic AI.
About the Guest
Karl Mattson is a cybersecurity leader turned venture investor, known for his journey from operating as a CISO at a bank to field CISO roles and now founding his own venture fund. He is recognized for his hands-on approach, deep industry insight, and commitment to backing exceptional founders in AI and security. Connect with Karl to follow his work and insights:
LinkedIn: https://www.linkedin.com/in/karlmattson1/
Website: https://squaredcircle.vc/
Episode Chapters
00:00 The Journey to Venture Capital
05:01 Assessing Founders and Companies
08:40 The Role of AI in Security
16:22 Characteristics of Successful Startups
22:10 The CISO's Transition to Vendor Roles
30:39 The Reality of the CISO Role
33:08 AI's Impact on Security and Staffing
38:29 Advice for CISOs in a Rapidly Changing Environment
42:00 Embracing Strengths and Taking Risks
Subscribe & Follow
If you found this episode useful, please share it and subscribe!
→ Spotify.
→ YouTube
→ Website
Follow You Hosts:
→ Conor Sherman: LinkedIn
→ Stuart Mitchell: LinkedIn
Episode Summary
In this episode, Conor and Stuart break down the risks of new tech like OpenAI's Atlas browser, the F5 source code breach, AWS outages, and deepfakes, showing you why resilience and clear risk management matter more than ever. You'll get practical advice on handling third- and fourth-party risk, understanding the real cost of outages, and preparing your business for today's cybersecurity threats.
Sponsors
Thank you to our sponsors who make this show possible.
→ Hampton North. Hampton North is the premium US based cybersecurity search firm.
→ Sysdig. Secure the cloud the right way with agentic AI.
Episode Chapters
00:00 Banter
01:19 OpenAI's Atlas Browser
04:34 The Implications of F5 Source Code Theft
10:53 AWS Outage and Business Resilience
18:04 The Real Cost of Service Outages
23:42 The FTC's Stance on AI Marketing and Truthfulness
30:08 The Rise of Deepfakes and Their Implications
43:45 Actionable Insights for Business Leaders
45:16 Intro Long
Referenced Links & Resources
Call to Action
If you found this episode useful, please share it and subscribe!
→ Spotify.
→ YouTube
→ Website
Follow You Hosts:
→ Conor Sherman: LinkedIn
→ Stuart Mitchell: LinkedIn
Episode Summary
In this episode, Richard Bird, Chief Information Security Officer at Singular AI, explains why the rush to adopt AI is creating new security risks and why getting the basics right is more important than ever. If you want to understand how AI is changing security and what you need to do about it, this conversation is essential.
Sponsors
Thank you to our sponsors who make this show possible.
→ Hampton North. Hampton North is the premium US based cybersecurity search firm.
→ Sysdig. Secure the cloud the right way with agentic AI.
Guest Bio
Richard Bird is the Chief Information Security Officer at Singular AI and an industry veteran with over 30 years of experience. He has held key roles at JP Morgan, Chase, Ping Identity, and Traceable, and recently launched the podcast Yippee-ki-ai, focused on operationalizing AI in the real world. Connect with Richard on LinkedIn to follow his latest work and insights.
Episode Timestamps
00:00 The AI Adoption Crisis and API Security
11:41 Corporate Showmanship and the Reality of Layoffs
15:11 The Role of the Chief AI Officer: A Critical Examination
20:11 AI's Impact on Security Dynamics
26:10 The Dangers of AI in Security
30:50 Economic Sustainability of AI Technologies
41:40 AI Ethics: Real-World Implications
45:58 The Future of AI: Optimism and Caution
48:03 The Evolution of Security Landscape: AI's Role
52:08 Intro Long - Final.mp4
Referenced Thought Leaders & Articles
Subscribe & Follow
If you found this episode useful, please share it and subscribe!
→ Spotify.
→ YouTube
→ Website
Follow You Hosts:
→ Conor Sherman: LinkedIn
→ Stuart Mitchell: LinkedIn
Episode Summary
Walter Haydock shares practical strategies for navigating the complex landscape of AI governance, risk management, and compliance, especially in regulated sectors.
Sponsors
Thank you to our sponsors who make this show possible.
→ Hampton North. Hampton North is the premium US based cybersecurity search firm.
→ Sysdig. Secure the cloud the right way with agentic AI.
Guest Bio
Walter Haydock is the Founder and CEO of StackAware, where he helps organizations operationalize AI governance through frameworks like ISO/IEC 42001 and the NIST AI RMF.
→ Connect with Walter on LinkedIn
→ Subscribe to his newsletter, Deploy Securely
Referenced Laws, Frameworks, and Papers
Call to Action
If you found this episode useful, please share it and subscribe!
→ Spotify.
→ YouTube
→ Website
Follow You Hosts:
→ Conor Sherman: LinkedIn
→ Stuart Mitchell: LinkedIn
Episode Summary
In this episode, Jake Bernardes, CISO at Anecdotes, joins to break down the risks and opportunities of OpenAI's AgentKit, vendor lock-in, and the real impact of AI on enterprise security and jobs.
Sponsors
Thank you to our sponsors who make this show possible.
→ Hampton North. Hampton North is the premium US based cybersecurity search firm.
→ Sysdig. Secure the cloud the right way with agentic AI.
Guest Details
Jake Bernardes is the Chief Information Security Officer at Anecdotes, a top GRC platform.
Referenced Links & Research
Call to Action
If you found this episode useful, please share it and subscribe!
→ Spotify.
→ YouTube
→ Website
Follow You Hosts:
→ Conor Sherman: LinkedIn
→ Stuart Mitchell: LinkedIn
Episode Summary
In this episode, AI architect and security researcher Disesdi Susanna Cox explains the vast and complex attack surface of AI systems, highlighting the need for new security approaches like purple teaming and MLSecOps. Her insights help security leaders understand the unique risks and ethical challenges of AI, making this a must-listen for anyone responsible for securing modern AI-driven organizations.
Sponsors
Thank you to our sponsors who make this show possible.
→ Hampton North. Hampton North is the premium US based cybersecurity search firm.
→ Sysdig. Secure the cloud the right way with agentic AI.
About the Guest
Disesdi Susanna Cox is an AI architect, patent holder, and consulting security researcher recognized for her work with the OWASP AI Exchange. Her frameworks and research have been adopted globally to help organizations understand and address the evolving security landscape in AI. Connect with Susanna to follow her latest insights and contributions:
LinkedIn: https://www.linkedin.com/in/disesdi/
Newsletter: https://disesdi.substack.com/
OWASP AI Exchange: https://owasp.org/www-project-ai-exchange/
Episode Breakdown
00:00 Navigating the AI Security Landscape
03:30 Understanding Adversarial Attacks in AI
06:06 The Importance of Purple Teaming in AI Security
08:49 Establishing MLSecOps for AI Systems
11:40 The Role of Chief AI Security Officer
13:03 Ethics and Risks of AI in Decision Making
26:07 The Future of Red Teaming in AI Security
35:33 Intro Long - Final.mp4
Referenced Resources
Subscribe & Share
If you found this episode useful, please share it and subscribe!
→ Spotify.
→ YouTube
→ Website
Follow You Hosts:
→ Conor Sherman: LinkedIn
→ Stuart Mitchell: LinkedIn
Overview
Today's episode features Keith Hoodlet from Trail of Bits. We discuss how AI is rapidly accelerating both cyber threats and defenses, shrinking the time to exploit vulnerabilities and reshaping cybersecurity job requirements.
Sponsors
Thank you to our sponsors who make this show possible.
→ Hampton North. Hampton North is the premium US based cybersecurity search firm.
→ Sysdig. Secure the cloud the right way with agentic AI.
Guest Bio
That was Keith Hoodlet, Engineering Director at Trail of Bits, former Code Security Architect at GitHub, and winner of the DoD’s inaugural AI Bias Bounty.
Referenced Links & Resources
Subscribe & Follow
If you found this episode useful, please share it and subscribe!
→ Spotify
→ YouTube
→ Website
Follow You Hosts:
→ Conor Sherman: LinkedIn
→ Stuart Mitchell: LinkedIn
Quick Take (TL;DR)
AI is rapidly transforming cybersecurity, from automating penetration testing to reshaping how security teams and developers work. This episode examines the practical implications, risks, and future prospects of AI in security, offering actionable insights for leaders and practitioners.
Guest Spotlight
Clint Gibler is Head of Security Research at Semgrep, creator of the TLDRsec newsletter, and host of the Modern Security Podcast.
Connect:
Key Topics & Timestamps
00:00 AI's Impact on Penetration Testing
03:19 The Future of Junior Pen Testers
05:42 Working with AI: A New Paradigm
10:31 Trusting AI Outputs
12:31 Shifting Down: A New Security Approach
15:20 Making Security Invisible for Developers
16:44 The Role of AI in Security and Development
19:04 Integrating Security into Vibe Coding
21:21 Human in the Loop: Balancing Automation and Oversight
23:04 Model Dependency and Cost Considerations
25:27 Emerging Security Risks in AI Infrastructure
29:41 Understanding Prompt Injection Challenges
31:05 Innovative Solutions in AI Security
32:28 Risks of Model Integration and Code Execution
34:14 Navigating AI Model Adoption in Organizations
34:42 The Future of AI in Security
38:52 Career Pathways in Cybersecurity
Resources & References
Quick Take (TL;DR)
This episode explores the evolving risks and opportunities at the intersection of AI, security, and leadership, featuring insights from instant response veteran Jason Rebholz. The conversation highlights why AI safety and agentic systems matter for CISOs and security teams today.
Key Topics & Timestamps
Guest Spotlight
Jason Rebholz is the co-founder of Evoke Security and former CISO at Corvus Insurance. He previously led incident response at Mandiant, handling nation-state threats and major breaches. Jason is a leading voice on AI security, agentic systems, and practical risk management. Connect: LinkedIn | Website | Newsletter | Twitter/X
Resources & References
Books
Articles / Studies
Tools / Frameworks
Subscribe: Apple Podcasts | Spotify | YouTube | Website
Quick Take (TL;DR)
This episode examines how AI is transforming the cybersecurity landscape, with Sandy Dunn discussing why security leaders must reassess risk, trust, and business alignment in the era of agentic AI. Essential listening for anyone navigating the intersection of AI, security, and executive decision-making.
Guest Spotlight
Sandy Dunn is the Chief Information Security Officer (CISO) at SPLX, where she leads AI-driven security strategy and advises executive teams on risk and defense alignment. A 20-year cybersecurity veteran, Sandy is the creator and project leader of the OWASP Top 10 for LLM Applications and the GenAI Compass, and serves as an adjunct professor at Boise State University and board member at Agentic.org.
LinkedIn | SPLX | Agentic.org
Resources & References
Books
Articles / Studies
Tools / Frameworks
Call to Action
If you found this episode useful, please share it and subscribe!
AI is redrawing the economic map while vendors rush to “platformize” and attackers weaponize LLMs. Leaders must push for real platforms (shared data planes + policy layers), avoid “platform-in-name-only” lock-in, and prepare for agentic threats like PromptLock.
(00:00) Introduction — Why this week matters: AI divide, platformization reality check, agentic ransomware.
(02:10) Topic 1 — The AI Divide; Anthropic’s index shows productivity clustering in high-adoption regions; implications for hiring, policy, and multi-national execution.
(12:00) Topic 2 — Platformization & Consolidation; CrowdStrike–Pangea and Check Point–Lakera signal AI-security land grab; what “true platform” means; buyer guardrails.
(22:40) Topic 3 — PromptLock & Agentic Threats; ransomware that personalizes and negotiates; how to update IR/comms playbooks.
(31:30) Closing — Play offense: evidence-based platformization, workforce redesign, agentic blue-team prep.
NIST AI RMF — governance + risk controls: https://www.nist.gov/itl/ai-risk-management-framework
OWASP GenAI / LLM Top 10 — threat categories: https://genai.owasp.org/llm-top-10/
Quick Take (TL;DR)
This episode examines the evolving cybersecurity economy, the impact of AI on security roles and investments, and why trust, adaptability, and community are more crucial than ever for security leaders.
Key Topics & Timestamps
Guest Spotlight
Mike Privette is the founder of Return on Security, recognized as the industry’s first cybersecurity economist. He’s known for his in-depth analysis of funding trends, M&A, and the shifting landscape of security and AI. Mike’s work has been featured at B-Sides and followed by thousands of industry leaders.
Connect with Mike: LinkedIn | Newsletter.
Resources & References
Articles / Studies
Tools / Frameworks
Call to Action
Summary
In this episode, Conor Sherman and Stuart Mitchell discuss the evolving landscape of education, job markets, and AI regulation. They explore the implications of Gen Z's shifting attitudes towards college, the impact of AI on job security, and the recent endorsement of AI safety legislation by Anthropic. The conversation also delves into the current job market trends, the integration of AI in security teams, and the alarming advancements in exploit development through tools like CVE Genie.
Articles
Follow for More
Conor Sherman — LinkedIn | Website | Sysdig;
Stuart Mitchell — LinkedIn | Website.
Add subscription links: Apple Podcasts | Spotify | YouTube | Website.
Quick Take (TL;DR)
Daniel Miessler, cybersecurity veteran and creator of Unsupervised Learning, explores the future of work in an AI-driven world—why the ideal number of employees might be zero, and what that means for society, security, and meaning.
Key Topics & Timestamps
Guest Spotlight
Daniel Miessler is a cybersecurity expert, writer, and creator of the Unsupervised Learning newsletter and podcast.
Connect: LinkedIn | Website | Newsletter | Twitter/X
Resources & References
Books
Articles / Studies
Tools / Frameworks
If you found this episode useful, please share and subscribe!
Connect with the Hosts:
Subscribe: Apple Podcasts | Spotify | YouTube | Website
Conor Sherman and Stuart Mitchell dive into the intersection of AI, coding, security, and leadership. They discuss the “September Surge” in hiring, the evolving role of AI in software development, and the critical need for strong security fundamentals as organizations accelerate their adoption of AI technologies. The conversation covers the risks and rewards of AI-driven coding, the responsibilities of security teams, and the importance of leadership and organizational change in navigating this new landscape.
4x Velocity, 10x Vulnerabilities: AI Coding Assistants Are Shipping More Risks: Read the Apiiro blog
Sysdig 2025 Cloud-Native Security Report. Read the Sysdig report
Cisco: Detecting Exposed LLM Servers (Ollama/Shodan Study). Read the Cisco blog
Brave Research: Indirect Prompt Injection in Perplexity Comet: Read the Brave blog
NIST CSRC: Control Overlays for Securing AI Systems (COSAIS) – Concept Paper: Read the NIST concept paper