Zero Signal

Episode SummaryZero Signal hosts Conor Sherman and Stuart Mitchell sit down with Adam Arellano, former VP of Cybersecurity at PayPal and now Field CTO at Harness, to unpack the rise of agentic AI in software delivery and what it means for software engineers, security leaders, and the broader tech economy. They dig into real-world data on AI-generated code, the new attack surface created by agent skills, and how security and engineering teams can partner to ship faster while reducing risk. SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI. Guest IntroductionAdam Arellano is the Field CTO at Harness, focusing on AI for DevOps and automation, and previously served as VP of Cybersecurity at PayPal. In this episode he brings both security and engineering leadership perspectives to the rapid shift toward agentic coding and AI-augmented software delivery. Referenced Links & ResourcesAdam Arellano – LinkedInAI Coding Becomes a Risky Norm as Use of AI Coding Assistants Takes Off and More Than 80% of Organizations Ship Vulnerable Code – BusinessWireGenerative AI Adoption and the Impact on Junior Employment – Harvard studyAgent Skills in the Wild: An Empirical Study of Security Vulnerabilities at ScaleGitHubArcanum-Sec/sec-context

Episode SummaryConor Sherman and Stuart Mitchell break down Moody’s 2026 cybersecurity outlook through four lenses: AI agents outperforming most human pen testers, n8n’s “Ni8mare” CVSS 10.0 RCE and what it says about AI-era patching, Claude Code’s ability to recreate a complex agent orchestration system in an hour, and how always-on recording devices change the risk surface. SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI. Guest IntroductionThis episode features an in-depth conversation between Conor Sherman and Stuart Mitchell, using real research and market signals to frame how AI agents, cloud concentration, and emerging tooling are reshaping the work of senior cybersecurity leaders. Chapters00:00 Intro + Banter02:34 AI Agents vs. Human Penetration Testing13:12 N8N Vulnerability Disclosure and Its Impact17:17 AI Productivity in Software Engineering27:35 Moody Rating Agency's 2026 Cybersecurity Outlook36:36 The Ethics of AI Recording Devices Referenced Links & ResourcesComparing AI Agents to Cybersecurity Professionals in Real-World Penetration Testingn8n Security AdvisoryJaana Dogan on Claude Code and distributed agent orchestrationMoody’s 2026 Cybersecurity & AI OutlookUnderwriting Superintelligence – AI risk & insurance

Episode SummaryHosts Conor Sherman and Stuart Mitchell break down 2026 cybersecurity predictions from leading voices across AI, identity, supply chain, and security talent. Google SlideZero Signal | 2026 Predications SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI. Chapters00:00 Holiday Reflections and Podcast Introduction01:40 Madison Horn's Insights on AI and Infrastructure07:29 Nicole Kerrigan on Agentic AI as Insider Risk13:04 Greg Notch on Automated Exploits and Incentives18:52 Crystal Morne on Supply Chain Risks25:03 Daniel Measler's Predictions for Security Talent31:30 James Berthoty's Predictions36:37 Stuart Mitchell's Predictions46:28 Conor Sherman's Predictions Referenced Links & ResourcesMadison Horn – 2026 Cybersecurity PredictionsAndres Andreu – Cybersecurity Predictions for 2026Nicole Carignan – AI & Cybersecurity Trends to Watch in 2026Greg Notch – Cybersecurity Predictions 2026Crystal Morin – Top 10 Ways to Get Breached in 2026Shai-Hulud Worm AnalysisAnand Singh – Top 5 AI Predictions for 2026James Berthoty – The 5 Security Features That Will Lead in 2026Daniel Miessler – How AI Changes Cybersecurity in 2026

Episode SummarySaad Ullah, PhD student and founder of CVE-Genie, joins to explain how AI is changing vulnerability management and why defenders need to rethink their approach as threat actors adopt these tools. You’ll hear how his research is shaping the future of cybersecurity and what it means for staying ahead of attacks. SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI. Guest BioSaad Ullah is a PhD student at Boston University, a founder of CVE-Genie, and a key member of the Shellfish team for DARPA's cyber reasoning challenge. His work focuses on advancing AI-driven vulnerability management and has made a significant impact in the cybersecurity research community. Chapters00:00 Banter02:24 Guest Intro: Saad Ullah05:08 AI in Cybersecurity: The Emergence of Threats07:41 CVE Genie: Revolutionizing Vulnerability Management10:13 The Asymmetry of Defense: Challenges Ahead15:49 The Future of Vulnerability Remediation18:20 The Role of Security Engineers in an AI-Driven World20:40 Building Trust in AI Systems for Cybersecurity23:13 Passion and Evolution in Cybersecurity Careers26:22 Collaboration and Support in Research33:06 Exploring Vulnerabilities: The Journey Begins36:25 Building a Comprehensive Benchmark for Vulnerabilities39:33 Future of Vulnerability Management and Remediation42:39 Looking Ahead: Conferences and Future Projects44:52 Reflecting on Season One Highlights48:26 Outro Resources & LinksGithub CVE-GenieDARPA Cyber Reasoning ChallengeShellphishArtiphishellPrompt||GTFO Call to ActionIf you found this episode useful, please share it and subscribe!→ Apple Podcasts→ Spotify.→ YouTube→ Website Follow You Hosts:→ Conor Sherman: LinkedIn→ Stuart Mitchell: LinkedIn

Episode SummaryAmelia Forrest Kaye (AFK) joins to break down how security and tech leaders can turn crises into opportunities to build trust, navigate the fast-changing risks of AI, and why building strong relationships across teams—and your own personal brand—matters more than ever.SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.Guest IntroductionAmelia, or AFK as many know her, is a Fractional Chief Customer Officer and Executive Advisor who has spent nearly two decades shaping the post-sales and customer success engines at companies like Expel, Salt Security, and Tanium. Chapters00:00 Welcome01:44 Crisis Management and Customer Trust12:43 Bermuda Triangle of AI, Security & Market Forces25:09 Understanding Customer Patience and Expectations25:36 Customer Retention in the Age of AI27:47 Ignition Metrics: The Key to First Value34:42 Transformative CISOs: Building Cross-Departmental Relationships44:21 The Importance of Personal Branding for Security Leaders55:27 Monday Morning AdviceReferenced Links & ResourcesAnthropic November Threat Report Cybersecurity budgets tighten as economic anxiety risesOver 40% of agentic AI projects will be scrapped by 2027, Gartner saysHouse of Lies (TV Show) Call to ActionIf you found this episode useful, please share it and subscribe!Conor Sherman — LinkedIn | Website | Sysdig;Stuart Mitchell — LinkedIn | Website.Add subscription links: Apple Podcasts | Spotify | YouTube | Website.

Episode SummaryDamien Lewke, founder and CEO of Nebulock, joins to discuss how agentic AI is rapidly changing cybersecurity, making both attacks and defense faster and more accessible. You’ll hear why proactive, AI-driven threat hunting is now essential for every organization, and how Damien’s experience at top security firms shapes his approach to democratizing these tools.SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.Guest BioDamien Lewke is the Founder and CEO of Nebulock, a Boston-based cybersecurity startup pioneering autonomous, agentic threat hunting. Before launching Nebulock, he led key roles at Northrop Grumman, CrowdStrike, Palo Alto Networks, and Arctic Wolf, and is now at the forefront of using AI to transform proactive defense.Episode Breakdown00:00 Banter03:22 The Evolution of Cybersecurity and Threat Hunting10:17 Vibe Hunting: A New Approach to Threat Detection16:21 Leadership as a Verb in Cybersecurity19:09 Adversaries Leveraging AI: A New Era24:38 Rethinking Security Strategies31:05 The Future of Security Teams and AI37:26 Career Advice for Threat HuntersResources & ReferencesAnthropic Disrupting the first reported AI-orchestrated cyber espionage campaignGoogle Threat Intelligence Team AI Threat TrackerJocko Willink: Extreme OwnershipCall to ActionIf you found this episode useful, please share it and subscribe!→ Apple Podcasts→ Spotify.→ YouTube→ WebsiteFollow You Hosts:→ Conor Sherman: LinkedIn→ Stuart Mitchell: LinkedIn

Episode OverviewIn this episode, cybersecurity leader Iman Ghanizada shares insights on how AI is reshaping the security landscape, the evolving role of CISOs, and why security teams must adapt to drive business value. His experience at Google and industry perspective make this a must-listen for anyone interested in the future of cybersecurity and organizational risk.SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.About the GuestIman Ghanizada is a globally recognized cybersecurity leader known for his work at Google on autonomic security systems and for helping shape the industry through published books and innovative frameworks like CDCR. He has a track record of driving security transformation and is respected for his visionary approach to both technology and business risk. Connect with Iman on LinkedIn to follow his latest work and insights.Episode Breakdown00:00 The Evolution of Cybersecurity02:54 AI and the Future of Security06:01 The Role of CISOs in Modern Organizations11:48 AI's Impact on Security and Business Growth14:49 Red Teaming and the Future of AI Security18:28 Integrating AI in Security Operations25:52 Rethinking Security Roles and Responsibilities30:48 The Future of the CISO Role36:29 Corporate Espionage and Insider Threats40:26 Navigating AI Workloads in Cloud Environments44:34 Intro Long - Final.mp4Referenced ResourcesSite Reliability Engineering (SRE) — Referenced as the foundational discipline for security engineering at Google.Pegasus Spyware — Cited as an example of advanced persistent threat tools.Subscribe & FollowIf you found this episode useful, please share it and subscribe!→ Apple Podcasts→ Spotify.→ YouTube→ WebsiteFollow You Hosts:→ Conor Sherman: LinkedIn→ Stuart Mitchell: LinkedIn

Episode SummaryIn this episode, Ira Goldstein, Executive Chair and CEO of Ultraviolet Cyber, shares insights on the company's acquisition of Black Duck's application security testing business and explains how CISOs can drive value and manage risk during cybersecurity M&A.SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.Guest BioIra Goldstein is the Executive Chair and CEO of Ultraviolet Cyber and the Founder and CEO of Kernel Advisory. He has scaled global operations at Herjavec Group as SVP and COO. Ira also serves on boards, including Rogers CyberSecure Catalyst.LinkedIn: https://www.linkedin.com/in/goldsteinira/Website: https://www.uvcyber.com/Episode Breakdown00:00 Banter02:33 Guest Introduction: Ira Goldstein03:41 Exploring Cyber M&A Trends10:57 The Role of Security Leaders in M&A18:08 Ultraviolet Cyber's Acquisition of Black Duck21:13 The Impact of AI on Code Quality28:26 Navigating the Cybersecurity Market Landscape31:09 Building Trust in Cybersecurity Partnerships41:11 Monday Morning Advice for Security Leaders44:25 OutroReferenced ResourcesBusinessWire: UltraViolet Cyber Acquires Black Duck’s Application Security Testing Services BusinessUltraViolet Cyber: UltraViolet Cyber Acquires Black Duck’s Application Security Testing Services BusinessKroll: Cybersecurity Software Sector M&A Industry Insights – Summer 2025Return on Security: Security Funded #214 – Services Roll-Ups & AI Consolidation4x Velocity, 10x Vulnerabilities: AI Coding Assistants Are Shipping More RisksFollow and Subscribe→ Apple Podcasts→ Spotify.→ YouTube

Episode SummaryKarl Mattson shares his journey from CISO to venture investor, offering practical advice on what makes founders successful in cybersecurity and how AI is rapidly changing the field. If you want to understand career transitions and what it takes to thrive in today's security landscape, this episode gives you direct insights from someone who's done it all.SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.About the GuestKarl Mattson is a cybersecurity leader turned venture investor, known for his journey from operating as a CISO at a bank to field CISO roles and now founding his own venture fund. He is recognized for his hands-on approach, deep industry insight, and commitment to backing exceptional founders in AI and security. Connect with Karl to follow his work and insights:LinkedIn: https://www.linkedin.com/in/karlmattson1/Website: https://squaredcircle.vc/Episode Chapters00:00 The Journey to Venture Capital05:01 Assessing Founders and Companies08:40 The Role of AI in Security16:22 Characteristics of Successful Startups22:10 The CISO's Transition to Vendor Roles30:39 The Reality of the CISO Role33:08 AI's Impact on Security and Staffing38:29 Advice for CISOs in a Rapidly Changing Environment42:00 Embracing Strengths and Taking RisksSubscribe & FollowIf you found this episode useful, please share it and subscribe!→ Apple Podcasts→ Spotify.→ YouTube→ WebsiteFollow You Hosts:→ Conor Sherman: LinkedIn→ Stuart Mitchell: LinkedIn

Episode SummaryIn this episode, Conor and Stuart break down the risks of new tech like OpenAI's Atlas browser, the F5 source code breach, AWS outages, and deepfakes, showing you why resilience and clear risk management matter more than ever. You'll get practical advice on handling third- and fourth-party risk, understanding the real cost of outages, and preparing your business for today's cybersecurity threats.SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.Episode Chapters00:00 Banter01:19 OpenAI's Atlas Browser04:34 The Implications of F5 Source Code Theft10:53 AWS Outage and Business Resilience18:04 The Real Cost of Service Outages23:42 The FTC's Stance on AI Marketing and Truthfulness30:08 The Rise of Deepfakes and Their Implications43:45 Actionable Insights for Business Leaders45:16 Intro LongReferenced Links & ResourcesOpenAI Atlas BrowserBrave Research on Perplexity's Comet BrowserGoogle Mandiant M-Trends Report FTC Operation AI Comply Ironscales Deepfake ReportDarktrace Sam Altman/AP Voiceprint Authentication Quote Call to ActionIf you found this episode useful, please share it and subscribe!→ Apple Podcasts→ Spotify.→ YouTube→ WebsiteFollow You Hosts:→ Conor Sherman: LinkedIn→ Stuart Mitchell: LinkedIn