Safe Mode Podcast

In this episode of Safe Mode, Greg talks with Tom Pace, CEO of Netrise, about the recent Salt Typhoon cyberattack against U.S. telecom networks and how the government is responding. Tom explains why it’s so hard to fully protect or fix these giant, complex systems, even when officials say they have stopped the threat. He points out the tough choices telecom companies face—like keeping service running, following regulations, and fixing security gaps—which don’t always work together. The conversation also covers problems with current rules and why spending more money isn’t always the answer. Listen for a straightforward discussion about what it will really take to keep our communication networks safe.

Greg is joined in studio with Kemba Walden and Devin Lynch from the Paladin Global Institute about securing the future of AI. They break down the multilayered AI technology stack and highlight where systems are most at risk—from data poisoning to adversarial model extraction. We discuss the adequacy of today’s security standards, the evolving responsibilities of cloud providers, and the ethical challenges facing policymakers in an era of rapid AI adoption. Tune in for practical insights on best practices, global cooperation, and the next wave of threats and opportunities as AI shapes critical infrastructure worldwide.

Greg is joined in studio with Kemba Walden and Devin Lynch from the Paladin Global Institute about securing the future of AI. They break down the multilayered AI technology stack and highlight where systems are most at risk—from data poisoning to adversarial model extraction. We discuss the adequacy of today’s security standards, the evolving responsibilities of cloud providers, and the ethical challenges facing policymakers in an era of rapid AI adoption. Tune in for practical insights on best practices, global cooperation, and the next wave of threats and opportunities as AI shapes critical infrastructure worldwide. Michael Saintcross, Senior Director for Defense and Intelligence Community Business at Optiv + ClearShark, joins SNG host Wyatt Kash in a sponsored podcast discussion on why agencies must pivot from traditional ICAM strategies to solutions that offer granular control and "zero standing privilege" to defuse advanced threats. This segment was sponsored by Optiv + ClearShark.

This week, Greg talks to Will Dixon, Senior Intelligence Collection Manager for Intel471, about the lifecycle and takedown of DanaBot — one of the most notorious malware-as-a-service (MaaS) platforms of the last decade. We'll explore how DanaBot transformed from a banking trojan into a full-featured MaaS tool, capable of serving both criminal enterprises and espionage operations. Will shares insights on its technical evolution, how it became a vital cog in the Initial Access Broker (IAB) ecosystem, and the anti-forensic tricks that kept detection teams on their toes. We'll also dig into the broader impact on the cybercrime underground: How did DanaBot’s productization and subscription model reshape the MaaS and IAB economies? Has its downfall changed how actors maintain operational security, or blurred the lines between crimeware and espionage tools? This episode is perfect for anyone interested in the inside story of a leading-edge cybercrime operation and global enforcement campaign.

Greg Otto talks with Andrew Carney, project manager at DARPA, about the AIxCC competition. With the finals set to be held in August during DEF CON, they discuss how these autonomous systems fared in detecting and remediating vulnerabilities, as well as the key lessons learned from live exercises and the semifinals. The conversation highlights DARPA's vision to merge formal software engineering with large language models to dramatically reduce software vulnerabilities and explains the scientific and engineering advances still needed to achieve this goal at scale. We also examine the challenges of safeguarding critical infrastructure, particularly when so much depends on open-source projects maintained by volunteers, and consider the impact of AI on patch deployment, code verification, and sustainable defense. In the reporter chat, Greg talks with Matt Kapko about a story debunking the 16 billion password hack.

Greg Otto talks with RSA CEO Rohit Ghai on the global shift toward passkeys and passwordless authentication. Together, they explore pressing issues including the differences between consumer and enterprise solutions, infrastructure vulnerabilities, regulatory challenges, and how emerging threats are evolving as passwordless adoption accelerates. The discussion also covers the complexities practitioners face as they navigate credential transitions in a rapidly changing security landscape. In the reporter chat, Greg talks with Matt Kapko about the attack on a top grocery distributor in the United States.

Greg Otto talks with Eran Barak, CEO and co-founder of MIND, on the dramatic rise of insider threats in cybersecurity, exploring recent high-profile cases and the factors fueling this surge. He discusses which industries and data types are most at risk, how insider tactics have evolved, and practical strategies for organizations to detect and prevent internal threats. In our reporter chat, Greg talks with Derek Johnson on how vibe coding can be secure as it grows into a practice that software developers rely on for their work. LINK: https://cyberscoop.com/vibe-coding-ai-cybersecurity-llm/

Greg Otto talks with Rob Ragan, Principal Technology Strategist at Bishop Fox, as he shares his vision of building an “Iron Man suit” for human security testers that is shaping how AI is used in offensive cybersecurity. Rob dives into lessons learned from developing adaptive AI tools, the unique challenges and risks facing modern AI systems, and effective strategies for safeguarding against adversarial attacks and data leakage. Discover how ethical frameworks, innovation, and industry collaboration can drive responsible offensive security, what organizations often get wrong about AI threats, and what’s needed to secure the future as AI transforms the cybersecurity landscape. In our reporter chat, Greg Otto talks with Matt Kapko about a new wave of zero-days impacting Ivanti products.

In this episode, Greg sits down with Olivia Rose, Founder and CISO of the Rose CISO Group, to talk about her role in "CISO: The Worst Job I Ever Wanted," a groundbreaking cybersecurity docuseries that reveals the real experiences of Chief Information Security Officers. This podcast uncovers the pressures, sleepless nights, and personal sacrifices these leaders endure while making critical decisions and shouldering the responsibility of defending the digital world. Through honest and compelling stories, listeners gain a rare glimpse into the human side of one of the most challenging and misunderstood roles in technology. In our reporter chat, Greg Otto talks with Derek Johnson and Tim Starks about their deep dives into why Salt Typhoon may never be out of U.S. telecom systems.

In this episode, Greg sits down with Semperis CEO Mickey Bresman to explore how organizations can proactively prepare for cyber crises before they strike. The conversation centers on the power of tabletop exercises—simulated attack scenarios that test response plans, reveal hidden vulnerabilities, and build muscle memory across teams. Together, Greg and Mickey discuss why preparation is far more than a technical checklist, how effective tabletop exercises bridge the gap between policy and real-world action, and what practical steps leaders can take to protect their organizations from the inside out. In our reporter chat, Greg Otto talks with Cynthia Brumfield about the future of the CVE program.