Cybersecurity Headlines: Department of Know
Episode Summary – March 3, 2026
Theme:
This episode dives into the hottest cybersecurity news and trends, including AI’s growing impact in both cyber offense and defense, shifting ransomware economics, the realities of iPhone and iPad device clearance for NATO use, and new Wi-Fi vulnerabilities. The hosts, Rich Stroffolino (moderator), Dan Holden (CISO, Commerce), and Mark Eggleston (CISO, CSC), share practical, sometimes skeptical, and highly security-literate takes on whether the biggest stories are truly game-changers or just headline noise.
Key Discussion Points & Insights
Lightning Round: "Know or No?" (Main Segment)
A rapid-fire segment assessing whether major current stories warrant further team action or attention.
1. Pentagon Adopts GROK Model on Classified Systems
- Summary: The Pentagon’s adoption of Elon Musk's GROK LLM (large language model) for classified use, against the backdrop of LLM vendor politics (Anthropic/Claude vs. OpenAI).
- Dan:
- "It's a no." [02:44]
- Rationale: Typical government posture—deep vetting, partnership, and control is standard with major tech vendors (Google, Apple, et al.)
- Quote: “It’s very normal. You don’t want to know what they’re doing. The only upside is the fact that it is being tested in ways that none of us will test it. So you have to hope that the companies involved do the right thing as much as they can.” [02:50]
- Mark:
- “No with an N. ...Somewhat political theater.” [03:45]
- Broader concern is not vendor choice, but what public officials are inputting into LLMs.
- Quote: “...Let’s focus on that versus anything else.” [03:45]
2. iPhone/iPad Approved for NATO Classified Use
- Summary: iOS devices get the greenlight for “NATO restricted” processing with default apps.
- Mark:
- “No, thank you...It’s great the configuration passed these standards...But my bigger concern is the human element: how are they using and managing these devices?” [05:24]
- Dan:
- “Very similar to the last topic...This is just making procurement a little easier, but very little change, I'd argue.” [06:07]
- Discussion on custom MDM solutions and parallels to James Bond's gadgets.
- Quote: “The hardware is the same as what we get, but the software is different.” [06:47]
3. Ransomware Payments Drop in 2025
- Summary: Payments drop, but attack rates and median payments rise. Regulatory scrutiny and better instant response likely causes.
- Dan:
- “This is just the further commoditization of a threat type that’s been with us for decades.” [07:51]
- Increasing specialization in both attack and defense, with a more sophisticated defender ecosystem.
- Mark:
- “No, a little bit more...People are paying less ransom — that's wonderful. ...No real surprise that ATTCK [attack] numbers are higher with AI out there.” [08:56]
- Dan adds: Attacker sophistication may be falling, while the number of attackers rises. “If one user’s click can undo your company, then you’re not in a very good position.” [26:05]
4. AI Development Makes Security “Unattainable” (Veracode Report)
- Summary: Claim that vulnerabilities now outpace fixes due to AI-driven development.
- Mark:
- “No a little bit more...Security being less attainable? Do we really need more bad news? ...Some of the increase in vulnerabilities is due to better testing tools and more false positives.” [11:26]
- Potential for AI to address the deluge—using it to triage and filter false positives.
- Dan:
- “Fascinating topic… Our paranoia as humans is so high, even as we use robots, we’ll want someone checking their homework.” [12:19]
- “It will remain a quality control issue. ...Do you want to throw more robot at it, or more human?” [13:01]
- Quote: “It’s the first time we can actually put the robot next to the robot and not be after-the-fact bolt-on.” [14:55]
5. Block (Square, Cash App) Lays Off Employees, Citing AI
- Summary: Tech layoffs at Block, with AI automation directly cited.
- Dan:
- “No more for years to come. Every company is going to be asking themselves this. ...If you haven't crossed that bridge yet [with AI], you might have a lot of paranoia.” [16:49]
- Mark:
- “All of us security professionals should be soaking in AI, be very, very good by now about prompt engineering... What keeps clients sticky is good human interactions and creativity, and AI isn’t great at that—yet.” [18:07]
- Dan:
- “It's your sales and support that we can’t help you with. As long as you’ve got those two functions strong, you’ve got a viable business—now and into the future.” [19:48]
Deep Dive: Threats and Defenses
6. Threat Actors Move Laterally in Under 30 Minutes (CrowdStrike Report)
- Summary: Lateral movement (breakout time) has accelerated drastically—average 29 minutes, fastest 27 seconds. Human “weak link” most exploited.
- Dan:
- “Primarily training...Zero Trust went from a marketing moniker to a necessity. ...I don't know if you're a legit employee, a contractor, a robot, or a North Korean IT worker. I can't make any assumptions.” [21:53]
- Mark:
- “Use this as an opportunity to treat your people as your greatest opportunity, not your greatest weakness. ...Educate people these things can happen in less than 60 seconds, seconds count.” [23:08]
- “Dwell time is decreasing, but lateral movement time is decreasing even faster...We still have work to do—AI agents may help us with autonomous, faster responses.” [24:42]
- Dan:
- “It’s a bit of a cop out. If one user’s click can undo your company, you’re not in a good position.” [26:05]
7. Claude Code Jailbroken in Mexican Gov’t Attack
- Summary: Attackers used >1,000 prompts to jailbreak Claude for code generation, bypassing guardrails, information then passed to GPT-4.1.
- Dan:
- “Par for the course...The companies building LLMs respond quickly and well, so that's not my worry. I'm far more worried about privacy than security in AI.” [27:39]
- Quote: "Tell me what your AI incidents actually look like versus your AI privacy incidents. I bet CISOs have had next to no true AI security incidents, but probably a pile of privacy incidents related to AI." [28:21]
- Mark:
- “Color me less than surprised. ...Just another oops. Our guardrails didn’t contain this.” [29:43]
- Noting that often such attacks replay already-public information—may not signal deep LLM hack sophistication at all.
8. Air Snitch: WI-FI Vulnerability Bypasses Encryption
- Summary: Researchers show how “Air Snitch” vulnerabilities allow attackers on one SSID to access others on the same AP/router, bypassing client isolation across a wide range of hardware, and rendering many WiFi “segmentation” schemes moot.
- Mark:
- “No silver bullet, no easy update. This is a wakeup call to keep your NOC and SOC teams close. ...Increase frequency of war walking, get network engineers involved.” [31:53]
- Quote: “Talk with your network teams, folks.” [32:45]
- Dan:
- Finds satisfaction that “networking still matters in a world of SaaS and cloud.” [32:50]
- Quote: “What is a CISO these days? A business bookie. ...I'll take the risk of my city over the rest of planet Earth that's after us.” [33:08]
Notable Quotes & Moments
- Dan Holden on vendor politics and AI:
- “Is this the Terminator scenario? ...It’s just being tested in ways none of us will test it. So you have to hope the companies involved do the right thing.” [02:50]
- Mark Eggleston on LLM supply chain risk:
- “I think the bigger concern is what are public officials putting into these LLMs.” [03:45]
- Dan Holden on ransomware commoditization:
- “The arc of cyberattacks bends towards boring.” [09:42]
- On the inundation of vulnerabilities in AI-era AppSec:
- “Give a bot a false positive, you know, for a day...” [14:49, Rich joking]
- Dan Holden on quality controls in AI software:
- “You can pump out the code, but patching it you’re eating up tokens. It’s always been a quality control issue, always will be.” [13:01]
- Mark on lateral movement:
- “Educate people these things can happen in less than 60 seconds...seconds count.” [23:08]
- Dan on AI risks:
- “It’s not the security issues that are the problems with AI right now, it’s the privacy issues.” [28:21]
- Dan Holden’s high-level CISO advice:
- “There’s no hiding from AI, there’s no getting away from it. Make yourself viable or don’t be surprised by what happens. Roll with the punches.” [34:51]
- Mark Eggleston’s closing:
- “Use the power of community...crowdsource your reviews of these type of things with the peers that matter and the peers that you trust and we’ll get through it all together.” [35:29]
Timestamps for Key Segments
- Intro & Guest Priorities: 00:00–01:00
- "Know or No?" Lightning Round: 01:00–16:49
- Pentagon & GROK: 01:30–03:45
- iPhone/NATO: 04:45–07:11
- Ransomware trends: 07:29–09:42
- AI and vulnerability glut: 10:20–15:48
- Block layoffs/AI: 16:49–20:12
- Break & Sponsor (skipped, per instructions): 20:12–21:12
- Deep Dives:
- CrowdStrike Lateral Movement: 21:53–26:45
- Claude jailbreak in Mexico: 26:52–30:43
- Air Snitch WiFi: 30:43–34:12
- Advice & Wrap-up: 34:12–36:13
Recurring Themes & Tone
- Skepticism of Hype: Many “headline” stories are present but not urgent for most CISOs—AI vendor politics, device approvals, and splashy breaches may not change day-to-day priorities.
- Focus on Fundamentals: Human element (“I am the firewall”), backups, continuous training, and practical attack surface reduction remain core advice.
- AI as Enabler and Challenge: Both threat and opportunity—automation is here, but human oversight, creativity, and privacy concerns are rising.
- Community & Collaboration: Sharing with peer CISOs and crowd-sourcing nuanced takes is more effective than acting solo on every trending headline.
Takeaways & Closing Advice
- Dan: “No hiding from AI. Make yourself viable. Roll with the punches.” [34:51]
- Mark: “Crowdsource your interpretation. Use your network. Don’t go it alone.” [35:29]
For more resources and the latest headlines, visit: cisoseries.com
This summary maintains the conversational, occasionally tongue-in-cheek, and practical tone of the hosts, highlighting their experienced skepticism and solution-focused approach.