Sounil Yu: How to Solve Problems & Manage Predicaments

Loris Degioanni: Headless Security and the Coding CISO

Welcome back to Zero Signal! In this episode, Conor Sherman and Stuart Mitchell are joined by cybersecurity royalty: Loris Degioanni, the co-founder of Wireshark, founder and CTO of Sysdig, and the creator of Falco, the open-source standard for cloud-native runtime threat detection. Loris steps up to break down a revolutionary new architectural paradigm: Headless Cloud Security. Following the release of Sysdig's brand new model for agentic defense, Loris explains why the era of security teams staring at dashboards and clicking through complex UIs is dead. With exploit windows rapidly collapsing down to mere minutes, the interface must entirely disappear into the environment where coding agents live. In this conversation, Conor, Stu, and Loris discuss the shift toward flattening security organizations and the rise of the "Coding CISO". They challenge the failing legacy strategy of baking checklists into standalone agents, arguing instead for injecting security and hard-coded expertise directly into the substrate of development tools via open-source communities, MCPs, and plugins. * Sysdig Cloud Native Security and Usage Report (2026): https://sysdig.com/resources/papers/2026-cloud-native-security-and-usage-report/ [https://www.google.com/search?q=https://sysdig.com/resources/papers/2026-cloud-native-security-and-usage-report/] * Falco Open Source Project: https://falco.org/ [https://falco.org/] * Wireshark Foundation: https://www.wireshark.org/ [https://www.wireshark.org/] * Loris Degioanni’s Headless Security Founder's Letter: https://sysdig.com/blog/headless-security/ [https://www.google.com/search?q=https://sysdig.com/blog/headless-security/] Loris Degioanni is a foundational pillar of modern computer networking and cloud security. He is the co-founder of Wireshark, the world's most widely used network protocol analyzer, and the founder and CTO of Sysdig. An open-source pioneer, Loris also created Falco, the CNCF graduated standard for cloud-native runtime threat detection. He holds a PhD in Computer Engineering from Politecnico di Torino and actively contributes to re-architecting cybersecurity for the agentic era. * 01:17 Rebuilding the Operating Model Around Coding Agents * 01:54 Defining Headless Security: Moving Beyond Dashboards * 03:34 The Disappearing UI: Consuming Software Inside the Agent * 06:53 Prioritizing Outcomes Over Problems: The Death of Point-and-Click * 08:18 Shifting Beyond Traditional Vulnerability Prioritization * 09:55 Tech Layoffs and Flattening Organizations: Everyone Becomes a Contributor * 11:31 Rise of the "Coding CISO": Why Executives Must Get Hands-On * 12:38 Building GRC and Security Tooling in Hours with Claude Code * 13:46 Blending Architectural Vision with Agent Management Skills * 15:21 The Defensive Paradox: Why AI Will Increase Cyber Headcount * 18:04 The Three Technical Pillars of 2026 Tech Stacks * 20:32 Rediscovering the "Love of the Game" Through Prompt-Driven Creativity * 24:12 The Timeline of Failing Strategies: Trying to Bake Security Into the Agent * 25:34 The Evolution of Substrate Security: From AutoGPT to 4.6 Models * 28:44 The Friction of Tool Fragmentation vs. Centralized Ecosystems * 31:37 Private Enterprise LLMs: The Safe Way to Handle Token Costs * 34:11 Democratizing Software Development: The Marginal Cost of Code Hits Zero * 37:40 Overcoming the Enterprise Fear of Open-Source Foundation Integration * 40:20 Defining "Skills" in the Headless Architecture (Integrations, Skills, Facilitation) * 41:38 Encoding True Engineering Expertise into AI Plugins Hampton North is the premier US based cybersecurity search firm. Start building your security team with Hampton North: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal] Sysdig is the leader in AI-powered real-time cloud defense; stop watching and start defending: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal] Continued Reading & Resources:About the Guest:Key Topics:Meet our Sponsors:

Sounil Yu: How to Solve Problems & Manage Predicaments

Welcome back to Zero Signal! In this solo episode, Conor Sherman sits down with Sounil Yu—Cybersecurity Hall of Fame inductee, SANS Lifetime Achievement Award recipient, and Chief AI Safety Officer at Knostic. Sounil delivers a masterclass on navigating shifting security landscapes. He breaks down the difference between a "problem" (technologically fixable) and a "predicament" (a systemic risk to manage), such as collapsing exploitation timeframes following the release of "Mythos". Conor and Sounil also unpack why traditional TPRM questionnaires fail, how AI coding agents help teams replace "sick legacy pets" with "cattle" architectures, the Zero Trust renaissance, and why 10x-ing individual cognition will trigger organizational chaos without proper structural reorgs. Continued Reading & Resources: * Knostic AI Infrastructure Security: https://knostic.ai [https://knostic.ai] * The Cyber Defense Matrix Hub: https://cyberdefensematrix.com/ [https://cyberdefensematrix.com/] * Cyber Defense Matrix Book Guide: https://cyberdefensematrix.com/book/ [https://cyberdefensematrix.com/book/] * Thinking, Fast and Slow by Daniel Kahneman: https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555 [https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555] * The Cynefin Framework overview via Dave Snowden: https://thecynefin.co/about-us/about-cynefin-framework/ [https://thecynefin.co/about-us/about-cynefin-framework/] * Sounil’s Piece on Predicaments (2022): https://threatpost.com/security-problems-vs-predicaments/179267/ [https://threatpost.com/security-problems-vs-predicaments/179267/] * The AI Vulnerability Storm Whitepaper: https://labs.cloudsecurityalliance.org/research/ai-vulnerability-storm-mythos-ready-security-program/ [https://labs.cloudsecurityalliance.org/research/ai-vulnerability-storm-mythos-ready-security-program/] * Unprompted and Seasides Conferences: https://unprompted.co/ [https://unprompted.co/] and https://seasides.io/ [https://seasides.io/] * Crab Trap Open-Source Project by Brex: https://github.com/brex/crabtrap [https://github.com/brex/crabtrap] Key Topics: * 01:13 Meet Sounil Yu: Hall of Fame Thinker & Chief AI Safety Officer * 03:54 Breaking Down the Cyber Defense Matrix: A 10-Year Retrospective * 04:32 Applying the Cynefin Model: Chaotic, Complex, Complicated, Clear * 05:50 The Ultimate Advice for Chaos: Don't Stand Still, Move * 08:15 Problems vs. Predicaments: The Crucial Boardroom Distinction * 09:21 Why Third-Party Risk Management (TPRM) Questionnaires Solve Nothing * 12:54 Playing Bingo vs. Playing Blackout: Managing Cost Calculus * 14:23 Facing the AI Vulnerability Tsunami: When Patches Fail * 16:17 Legacy Systems as Sick Pets: The Case for Code Refactoring Agents * 17:58 Moving from CIA to DIE: Distributed, Immutable, and Ephemeral * 20:38 The Zero Trust Renaissance: Assembling the Bricks You Already Bought * 23:08 The Three Little Pigs of AI Architecture: Building a Resilient Straw House * 25:00 Mythos vs. Scaffolding: Exponential Trajectory in Vulnerability Disclosures * 30:41 Inbound vs. Outbound Controls: The Criticality of Egress Filtering * 33:24 Open Source Egress: Leveraging Tools Like Crab Trap * 35:07 The Strategy of Allergic Reactions: Calibrating for Fast Environments * 39:45 AI Convergence: What Happens When Everyone Becomes a Developer? * 41:40 Individual Contributors as Task Masters: Assigning Agentic Workloads * 42:52 System 1 vs. System 2 Thinking in Cybersecurity Risk * 44:11 The Organizational Efficiency Mirage: Why You Haven't Seen the AI Payoff * 46:12 Reorg Patterns: Borrowing Scaled Leadership Architecture from the Military Meet our Sponsors: * Hampton North: Premier US-based cybersecurity search firm. Build your security team: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal] * Sysdig: The leader in AI-powered real-time cloud defense. Stop watching, start defending: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal]

Matt Peters on the AI “Captain America Serum” and Rebuilding the Broken Enterprise Foundation

Welcome back to Zero Signal! In this special solo-host episode, Conor Sherman sits down with Matt Peters, co-founder and CEO of Fixify. With a powerhouse pedigree as the former Chief Product Officer at Expel and VP of Worldwide Operations at Mandiant during the height of the APT era, Matt brings a unique perspective on the intersection of cybersecurity heritage and IT transformation. Matt breaks down the reality behind the "AI productivity" hype, unpacking Fixify’s 2026 Benchmark Report. While AI allows organizations to resolve tickets 16 times faster, first response times remain identical—highlighting a critical gap in human expectations versus machine efficiency. They discuss why 95% of GenAI pilots fail not because of the technology, but due to a "poverty of vision" and misaligned organizational incentives. In this conversation, Conor and Matt explore how AI acts as a "Captain America serum" for businesses, the collapse of the zero-day patching clock to under 24 hours, and why the next era of leadership requires "systems thinking" over simple domain expertise. Continued Reading: * The Enterprise AI Playbook (Stanford Digital Economy Lab) [https://digitaleconomy.stanford.edu/] * Fixify — 2026 IT Help Desk Benchmark Report [https://www.fixify.com/it-help-desk-benchmark-report-2026] * Fixify 2026 Benchmark Report  [https://www.prnewswire.com/news-releases/fixify-publishes-2026-it-help-desk-benchmark-report-302722898.html] * Sysdig 2025 Cloud-Native Security and Usage Report [https://www.sysdig.com/2025-cloud-native-security-and-usage-report] * Sysdig 555 Benchmark for Cloud Detection and Response  [https://www.sysdig.com/blog/sysdig-2025-cloud-native-security-and-usage-report] * Sysdig Threat Research: LLM-assisted cloud attack [https://www.sysdig.com/threat-research] * MIT NANDA: The GenAI Divide: State of AI in Business 2025 [https://mlq.ai/media/quarterly_decks/v0.1_State_of_AI_in_Business_2025_Report.pdf] * Prophet Security  [https://www.prophetsecurity.ai/about-us] * Prediction Machines by Agrawal, Gans, and Goldfarb [https://www.predictionmachines.ai/] * The Myths of Innovation by Scott Berkun [https://berkun.com/books/the-myths-of-innovation/] About the Guest: Matt Peters is the co-founder and CEO of Fixify, an AI-powered IT platform. Before Fixify, he served as the Chief Product Officer at Expel, a leading MDR provider, and spent years at Mandiant managing worldwide operations during the most significant state-sponsored cyberattacks in history. Matt is a recognized expert in incident response, product strategy, and leveraging AI to solve complex organizational friction.⁠ [https://berkun.com/books/the-myths-of-innovation/] * Matt Peters Linkedin [https://www.linkedin.com/in/matt-peters-5984b5?trk=public_post_feed-actor-name] Key Topics: * 01:14 Why AI is a "Captain America Serum" for Organizations * 02:13 The 16x Resolution Speed Gap: Why First Response Times Haven't Moved * 04:20 Trimming the "Slop": How AI Handles the Tier 2 Long Tail * 06:58 The Average Enterprise Has 150+ Apps (and IT Doesn't Know Half of Them) * 09:00 Why 95% of GenAI Pilots Fail: Lessons from MIT & Stanford * 12:02 Solutions vs. Problems: The Importance of Problem Definition * 15:03 The Productivity Dip: Why You Shouldn't Fire Your Staff the Day AI Arrives * 16:25 Shipping Containers & Unit Economics: Reworking the Whole Business Around AI * 19:28 From "Get It Right" to "Generate and Judge": The New Dev Cycle * 21:39 The "Infinite People" Mental Model: Reimagining Constraints * 26:21 The CMDB Myth: Building AI on Brittle Technology Foundations * 32:17 Threat Actors Using LLMs to Own Cloud Accounts in Under 10 Minutes * 35:28 The "What Now?" Problem in Incident Response * 38:54 The Collapse of the Patching Clock: From Two Years to One Day * 42:48 Decision Points: Who Makes the Call When the CEO is Asleep? * 47:23 Intent-Based Leadership: "Turn the Ship Around" for AI Agents * 51:08 The Three Traits of Durable Leaders: Systems Thinking, Curiosity, and Clarity Meet our Sponsors: Hampton North is the premier US based cybersecurity search firm. Start building your security team with Hampton North: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal] Sysdig is the leader in AI-powered real-time cloud defense; stop watching and start defending: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal]

Matt Stamper: The 4 Classic Failures AI Just Made Existential

Welcome back to Zero Signal! In this episode, Conor and Stuart are joined by Matt Stamper, co-author of the CISO Desk Reference Guide and chair of the FBI InfraGard CISO Cross-Sectional Council. With experience spanning Gartner research and national critical infrastructure, Matt dives into the "four persistent failures" that AI is rapidly turning into existential risks: identity governance, data governance, third-party risk, and vulnerability management. Matt explains why the "Hustle Hard" era of manual triage is fundamentally broken. As attack timescales collapse from weeks to seconds—evidenced by AI-driven compromises occurring in under eight minutes—security leaders must shift from a "secure-first" mindset to one of radical resiliency and "continuous zero-day" preparedness. In this conversation, Conor, Stuart, and Matt discuss the necessity of "autopilot" for security operations, the legal and geopolitical fallout of "Glasswing" and "Mythos" level capabilities, and why boards must move past the "single slide" and lean into the technical details of enterprise risk. Continued Reading: * CISO Desk Reference Guide: https://www.cisodesk.com/ [https://www.cisodesk.com/] * FBI InfraGard: https://www.infragard.org/ [https://www.infragard.org/] * Cloud Security Alliance (CSA) Analysis on Glasswing/Mythos: https://cloudsecurityalliance.org/ [https://cloudsecurityalliance.org/] * VulnCheck State of Exploitation 2026: https://www.vulncheck.com/blog/state-of-exploitation-2026 [https://www.vulncheck.com/blog/state-of-exploitation-2026]  * Securing AI agents: the defining cybersecurity challenge of 2026: https://www.bvp.com/atlas/securing-ai-agents-the-defining-cybersecurity-challenge-of-2026 [https://www.bvp.com/atlas/securing-ai-agents-the-defining-cybersecurity-challenge-of-2026]  * The State of AI Cybersecurity 2026: Unveiling insights from over 1,500 security leaders: https://www.darktrace.com/blog/the-state-of-ai-cybersecurity-2026 [https://www.darktrace.com/blog/the-state-of-ai-cybersecurity-2026]  About the Guest: Matt Stamper is a globally recognized security leader, executive advisor, and the co-author of the CISO Desk Reference Guide. A former Gartner Research Director covering incident response architecture, Matt currently serves as the chair of the FBI InfraGard CISO Cross-Sector Council, where he represents nearly a thousand CISOs across critical infrastructure sectors. His work focuses on transforming technical security into business-aligned risk management and building resilient enterprise architectures. Key Topics: * 01:11 Meet Matt Stamper: The Voice of Critical Infrastructure * 01:50 The Four Persistent Failures AI Just Accelerated * 03:26 The Collapse of the Zero-Day Clock: From Weeks to Seconds * 04:31 Why Security is a "Whole of Enterprise" Problem * 05:41 Customized Daisy-Chained Exploits (The Glasswing Effect) * 08:24 Leaning In: How Security Leaders Become the Hero * 11:47 Why 15 Minutes for Security in the Boardroom is "Borderline Negligence" * 13:01 The Business Impact Analysis (BIA) as a Risk Vehicle * 15:52 Incident Response in the Age of Agents * 17:15 Hands-Off Keyboard: Trusting the System to Counter Swarms * 20:41 The Advantage Shifts: Why Attackers Aren't Waiting for Budget Sign-Off * 22:52 Crossing the "Four-Minute Mile" of AI Capabilities * 25:10 A Manhattan Project Moment for Critical Infrastructure * 31:54 Resilience vs. Protection: Designing for Failure * 38:34 Geopolitical, Climatic, and Technical Risk Concurrency * 42:05 The Strategic Move to Open Source for Transparency * 46:00 The Autopilot Mindset: Continuous Preparedness * 50:24 Why the Airline Safety Model is the Future of Cyber Metrics Meet our Sponsors: Hampton North is the premier US based cybersecurity search firm.Start building your security team with Hampton North: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal] Sysdig is the leader in AI-powered real-time cloud defense; stop watching and start defending: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal [https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal]

“The Hustle Hard Era is Over”: Crystal Morin on How to Move Beyond the Human Ceiling

Welcome back to Zero Signal! On this episode, Crystal Morin, Chief Cybersecurity Strategist at Sysdig and author of the Sysdig Cloud Native Security and Usage Reports, discusses findings showing vulnerability management has hit a “human ceiling,” with about 5.5% of workloads still running critical/high vulnerabilities year over year despite better tooling.  Morin explains why backlog volume and faster exploitation push organizations toward automation and agentic AI, highlights a major drop in exploitable vulnerabilities in production (to under 0.2%), and notes reduced image bloat (unused packages under 1%) as both cost and risk reduction.  In this conversation, Crystal, Conor, and Stu discuss how threat actors use AI to exploit CVEs within hours, identity trends and new messy identity governance concerns, and growing autonomous response actions like a 140% increase in “kill process.” They also discuss LLM jacking, regional AI package adoption led by EMEA, and McKinsey’s takers/shapers/makers framework. Read the 2026 Sysdig Cloud Native Security and Usage Report here [https://www.sysdig.com/2026-cloud-native-security-and-usage-report/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal]. Continued Reading: * The NVD Just Threw In The Towel - Now What? [https://www.resilientcyber.io/p/the-nvd-just-threw-in-the-towel-now] * NIST Updates NVD Operations to Address Record CVE Growth [https://www.nist.gov/news-events/news/2026/04/nist-updates-nvd-operations-address-record-cve-growth] About the Guest: Crystal Morin is a former Air Force Intelligence analyst and current Senior Cybersecurity Strategist at SYSDIG. Morin has authored four of the nine annual SYSDIG Cloud Native Security and Usage Reports, which serve as the industry's primary source for real customer data on Cloud Native Security trends. These influential reports are published on sysdig.com and cited across Dark Reading, Security magazine, and SANS webinars. Key Topics: * 01:37 Hustle Hard Era Ends * 05:43 Case for Agentic Remediation * 08:09 Image Bloat Drops * 11:10 Threat Actors Move Faster * 14:40 Humans vs Machine Identities * 19:32 Who Owns Identity Risk * 22:09 Machine Identity Risk Stats * 23:48 Breach Math Explained * 24:25 Tokens and Agents * 26:02 Europe Leads AI Packages * 28:20 Compliance Drives Confidence * 30:52 Makers Takers Shapers * 33:02 AI Adoption by Sector * 36:01 Rise of Agentic Defense * 40:20 LLM Jacking and Costs * 45:09 Autonomous Response Ladder Meet our Sponsors: Hampton North is the premier US based cybersecurity search firm. Start building your security team with Hampton North. [https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal] Sysdig is the leader in AI-powered real-time cloud defense; stop watching and start defending.  [https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal]