Zero Signal

Episode SummaryIn this episode, Ira Goldstein, Executive Chair and CEO of Ultraviolet Cyber, shares insights on the company's acquisition of Black Duck's application security testing business and explains how CISOs can drive value and manage risk during cybersecurity M&A.SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.Guest BioIra Goldstein is the Executive Chair and CEO of Ultraviolet Cyber and the Founder and CEO of Kernel Advisory. He has scaled global operations at Herjavec Group as SVP and COO. Ira also serves on boards, including Rogers CyberSecure Catalyst.LinkedIn: https://www.linkedin.com/in/goldsteinira/Website: https://www.uvcyber.com/Episode Breakdown00:00 Banter02:33 Guest Introduction: Ira Goldstein03:41 Exploring Cyber M&A Trends10:57 The Role of Security Leaders in M&A18:08 Ultraviolet Cyber's Acquisition of Black Duck21:13 The Impact of AI on Code Quality28:26 Navigating the Cybersecurity Market Landscape31:09 Building Trust in Cybersecurity Partnerships41:11 Monday Morning Advice for Security Leaders44:25 OutroReferenced ResourcesBusinessWire: UltraViolet Cyber Acquires Black Duck’s Application Security Testing Services BusinessUltraViolet Cyber: UltraViolet Cyber Acquires Black Duck’s Application Security Testing Services BusinessKroll: Cybersecurity Software Sector M&A Industry Insights – Summer 2025Return on Security: Security Funded #214 – Services Roll-Ups & AI Consolidation4x Velocity, 10x Vulnerabilities: AI Coding Assistants Are Shipping More RisksFollow and Subscribe→ Apple Podcasts→ Spotify.→ YouTube

Episode SummaryKarl Mattson shares his journey from CISO to venture investor, offering practical advice on what makes founders successful in cybersecurity and how AI is rapidly changing the field. If you want to understand career transitions and what it takes to thrive in today's security landscape, this episode gives you direct insights from someone who's done it all.SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.About the GuestKarl Mattson is a cybersecurity leader turned venture investor, known for his journey from operating as a CISO at a bank to field CISO roles and now founding his own venture fund. He is recognized for his hands-on approach, deep industry insight, and commitment to backing exceptional founders in AI and security. Connect with Karl to follow his work and insights:LinkedIn: https://www.linkedin.com/in/karlmattson1/Website: https://squaredcircle.vc/Episode Chapters00:00 The Journey to Venture Capital05:01 Assessing Founders and Companies08:40 The Role of AI in Security16:22 Characteristics of Successful Startups22:10 The CISO's Transition to Vendor Roles30:39 The Reality of the CISO Role33:08 AI's Impact on Security and Staffing38:29 Advice for CISOs in a Rapidly Changing Environment42:00 Embracing Strengths and Taking RisksSubscribe & FollowIf you found this episode useful, please share it and subscribe!→ Apple Podcasts→ Spotify.→ YouTube→ WebsiteFollow You Hosts:→ Conor Sherman: LinkedIn→ Stuart Mitchell: LinkedIn

Episode SummaryIn this episode, Conor and Stuart break down the risks of new tech like OpenAI's Atlas browser, the F5 source code breach, AWS outages, and deepfakes, showing you why resilience and clear risk management matter more than ever. You'll get practical advice on handling third- and fourth-party risk, understanding the real cost of outages, and preparing your business for today's cybersecurity threats.SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.Episode Chapters00:00 Banter01:19 OpenAI's Atlas Browser04:34 The Implications of F5 Source Code Theft10:53 AWS Outage and Business Resilience18:04 The Real Cost of Service Outages23:42 The FTC's Stance on AI Marketing and Truthfulness30:08 The Rise of Deepfakes and Their Implications43:45 Actionable Insights for Business Leaders45:16 Intro LongReferenced Links & ResourcesOpenAI Atlas BrowserBrave Research on Perplexity's Comet BrowserGoogle Mandiant M-Trends Report FTC Operation AI Comply Ironscales Deepfake ReportDarktrace Sam Altman/AP Voiceprint Authentication Quote Call to ActionIf you found this episode useful, please share it and subscribe!→ Apple Podcasts→ Spotify.→ YouTube→ WebsiteFollow You Hosts:→ Conor Sherman: LinkedIn→ Stuart Mitchell: LinkedIn

Episode SummaryIn this episode, Richard Bird, Chief Information Security Officer at Singular AI, explains why the rush to adopt AI is creating new security risks and why getting the basics right is more important than ever. If you want to understand how AI is changing security and what you need to do about it, this conversation is essential.SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.Guest BioRichard Bird is the Chief Information Security Officer at Singular AI and an industry veteran with over 30 years of experience. He has held key roles at JP Morgan, Chase, Ping Identity, and Traceable, and recently launched the podcast Yippee-ki-ai, focused on operationalizing AI in the real world. Connect with Richard on LinkedIn to follow his latest work and insights.Episode Timestamps00:00 The AI Adoption Crisis and API Security11:41 Corporate Showmanship and the Reality of Layoffs15:11 The Role of the Chief AI Officer: A Critical Examination20:11 AI's Impact on Security Dynamics26:10 The Dangers of AI in Security30:50 Economic Sustainability of AI Technologies41:40 AI Ethics: Real-World Implications45:58 The Future of AI: Optimism and Caution48:03 The Evolution of Security Landscape: AI's Role52:08 Intro Long - Final.mp4Referenced Thought Leaders & ArticlesRay Dalio (referenced for modeling rise and fall of empires)Chase Cunningham (Dr. Zero Trust, referenced as a thought leader)David Friedman article on AI economics (referenced for economic analysis of AI)Subscribe & FollowIf you found this episode useful, please share it and subscribe!→ Apple Podcasts→ Spotify.→ YouTube→ WebsiteFollow You Hosts:→ Conor Sherman: LinkedIn→ Stuart Mitchell: LinkedIn

Episode SummaryWalter Haydock shares practical strategies for navigating the complex landscape of AI governance, risk management, and compliance, especially in regulated sectors.SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.Guest BioWalter Haydock is the Founder and CEO of StackAware, where he helps organizations operationalize AI governance through frameworks like ISO/IEC 42001 and the NIST AI RMF. → Connect with Walter on LinkedIn→ Subscribe to his newsletter, Deploy SecurelyReferenced Laws, Frameworks, and PapersCalifornia Transparency and Frontier Artificial Intelligence Act California AB 2013 SB53 California California Consumer Privacy Act (CCPA)New York City Local Law 144 ISO/IEC 42001 Colorado Artificial Intelligence ActUnified Control FrameworkCall to ActionIf you found this episode useful, please share it and subscribe!→ Apple Podcasts→ Spotify.→ YouTube→ WebsiteFollow You Hosts:→ Conor Sherman: LinkedIn→ Stuart Mitchell: LinkedIn

Episode SummaryIn this episode, Jake Bernardes, CISO at Anecdotes, joins to break down the risks and opportunities of OpenAI's AgentKit, vendor lock-in, and the real impact of AI on enterprise security and jobs. SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.Guest DetailsJake Bernardes is the Chief Information Security Officer at Anecdotes, a top GRC platform. LinkedIn: https://www.linkedin.com/in/jakeleobernardes/Referenced Links & ResearchOpenAI: Introducing AgentKit+Axios: The jobs crisis is bigger than AITechRadar: AI might not actually be killing off jobs like we thoughtYale Budget Lab: Evaluating the Impact of AI on the Labor MarketChallenger Gray: September Job Cuts Fall 37% from AugustLockedInAI: 2025 AI Trends in US Job MarketsSysdig: Shai Hulud: The Novel Self-Replicating Worm Infecting Hundreds of NPM PackagesCall to ActionIf you found this episode useful, please share it and subscribe!→ Apple Podcasts→ Spotify.→ YouTube→ WebsiteFollow You Hosts:→ Conor Sherman: LinkedIn→ Stuart Mitchell: LinkedIn

Episode SummaryIn this episode, AI architect and security researcher Disesdi Susanna Cox explains the vast and complex attack surface of AI systems, highlighting the need for new security approaches like purple teaming and MLSecOps. Her insights help security leaders understand the unique risks and ethical challenges of AI, making this a must-listen for anyone responsible for securing modern AI-driven organizations.SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.About the GuestDisesdi Susanna Cox is an AI architect, patent holder, and consulting security researcher recognized for her work with the OWASP AI Exchange. Her frameworks and research have been adopted globally to help organizations understand and address the evolving security landscape in AI. Connect with Susanna to follow her latest insights and contributions:LinkedIn: https://www.linkedin.com/in/disesdi/Newsletter: https://disesdi.substack.com/OWASP AI Exchange: https://owasp.org/www-project-ai-exchange/Episode Breakdown00:00 Navigating the AI Security Landscape03:30 Understanding Adversarial Attacks in AI06:06 The Importance of Purple Teaming in AI Security08:49 Establishing MLSecOps for AI Systems11:40 The Role of Chief AI Security Officer13:03 Ethics and Risks of AI in Decision Making26:07 The Future of Red Teaming in AI Security35:33 Intro Long - Final.mp4Referenced ResourcesOWASP AI ExchangeDisesdi Substack: The Adversarial Subspace ProblemDO-178C (Guidance for Aerospace Software)Subscribe & ShareIf you found this episode useful, please share it and subscribe!→ Apple Podcasts→ Spotify.→ YouTube→ WebsiteFollow You Hosts:→ Conor Sherman: LinkedIn→ Stuart Mitchell: LinkedIn

OverviewToday's episode features Keith Hoodlet from Trail of Bits. We discuss how AI is rapidly accelerating both cyber threats and defenses, shrinking the time to exploit vulnerabilities and reshaping cybersecurity job requirements. SponsorsThank you to our sponsors who make this show possible.→ Hampton North. Hampton North is the premium US based cybersecurity search firm.→ Sysdig. Secure the cloud
the right way with agentic AI.Guest BioThat was Keith Hoodlet, Engineering Director at Trail of Bits, former Code Security Architect at GitHub, and winner of the DoD’s inaugural AI Bias Bounty. LinkedIn — Keith HoodletWebsite — Trail of BitsNewsletter — Secure.DevReferenced Links & ResourcesCVE Genie Hexstrike Buttercup Trail of Bits: MCP Security LayerGoogle/Mandiant Threat Intelligence The Skill Code by Matt Bean Harvard Business Review: AI-Generated WorkslopSubscribe & FollowIf you found this episode useful, please share it and subscribe!→ Apple Podcasts→ Spotify→ YouTube→ WebsiteFollow You Hosts:→ Conor Sherman: LinkedIn→ Stuart Mitchell: LinkedIn

Quick Take (TL;DR)AI is rapidly transforming cybersecurity, from automating penetration testing to reshaping how security teams and developers work. This episode examines the practical implications, risks, and future prospects of AI in security, offering actionable insights for leaders and practitioners. Guest SpotlightClint Gibler is Head of Security Research at Semgrep, creator of the TLDRsec newsletter, and host of the Modern Security Podcast. Connect:LinkedIn — Clint GiblerNewsletter — TLDRsecPodcast — Modern Security Podcast Key Topics & Timestamps00:00 AI's Impact on Penetration Testing03:19 The Future of Junior Pen Testers05:42 Working with AI: A New Paradigm10:31 Trusting AI Outputs12:31 Shifting Down: A New Security Approach15:20 Making Security Invisible for Developers16:44 The Role of AI in Security and Development19:04 Integrating Security into Vibe Coding21:21 Human in the Loop: Balancing Automation and Oversight23:04 Model Dependency and Cost Considerations25:27 Emerging Security Risks in AI Infrastructure29:41 Understanding Prompt Injection Challenges31:05 Innovative Solutions in AI Security32:28 Risks of Model Integration and Code Execution34:14 Navigating AI Model Adoption in Organizations34:42 The Future of AI in Security38:52 Career Pathways in Cybersecurity Resources & ReferencesTLDRsec — Security newsletter by Clint GiblerModern Security Podcast — Hosted by Clint GiblerSemgrep — Code analysis toolOWASP Top 10 — Common web security risksGoogle Project Zero — Security research teamDeepMind Camel Framework — AI agent separationSocket — Supply chain security toolHugging Face — Model repositoryTrail of Bits — Security research and toolsBuilding Secure and Reliable Systems — Google book on securityGitHubComplianceAsCode/content — Automating compliance

Quick Take (TL;DR)This episode explores the evolving risks and opportunities at the intersection of AI, security, and leadership, featuring insights from instant response veteran Jason Rebholz. The conversation highlights why AI safety and agentic systems matter for CISOs and security teams today. Key Topics & Timestamps (00:00) Banter(03:39) Guest Introduction(04:29) DeepMind’s Frontier Safety Framework(06:11) Manipulative AI & Enterprise Risk(07:53) Frontier vs. Enterprise Risk(11:24) Early Signs & Real-World Impact(14:25) Safety vs. Security(16:16) Implementation Context(18:06) Expel Talent Index(22:08) What Makes a Great Security Pro?(29:05) Good CISO, Bad CISO(36:43) Memo to File(38:03) Securing AI Agents(44:49) Actionable Advice Guest SpotlightJason Rebholz is the co-founder of Evoke Security and former CISO at Corvus Insurance. He previously led incident response at Mandiant, handling nation-state threats and major breaches. Jason is a leading voice on AI security, agentic systems, and practical risk management. Connect: - LinkedIn - Website- Newsletter  Resources & References BooksGood CISO, Bad CISO by Phil Venables Articles / StudiesDeepMind Frontier Safety FrameworkExpel 2025 Talent IndexRAND Security ObjectivesWeekend Byte Newsletter Tools / FrameworksRAND Security Objectives Subscribe: Apple Podcasts | Spotify | YouTube | Website