Safe Mode Podcast Episode Summary

Episode: How do you win a conflict most Americans can’t see?
Date: January 22, 2026
Host: Greg Otto (Editor-in-Chief, Cyberscoop)

Episode Overview

This episode of the Safe Mode Podcast confronts two pivotal cybersecurity topics:

1. The grey-area, high-stakes world of ransomware negotiations in the private sector, explored through a revealing interview with journalist Matt Kapko.
2. A deep dive with retired Lt. Gen. Charles "Tuna" Moore Jr. into his new report on a “whole of society” cyber defense strategy, including an ambitious proposal for a National Cyber Operations Team that integrates both public and private sector expertise.

Ransomware Negotiations: The Murky Realities

Guest: Matt Kapko, Cyberscoop reporter
Segment Start: [02:32]

Key Discussion Points

• The Tension of Ransomware Negotiation

  • Ransomware negotiation is not just about whether to pay; it’s an ethically fraught, legally ambiguous field with stresses unique to those who do the work.
  • Many professionals are uncomfortable discussing their role, citing “inherent tension” and ambiguous ethical boundaries.

  “Many cybersecurity professionals don't want to talk about this or pretend like it's not happening, but it is. Ransomware is a thriving business...” — Matt Kapko [02:32]

• Variability in Practice Across Firms

  • Even top-tier firms (Mandiant, CrowdStrike, Palo Alto Networks’ Unit 42) handle negotiations differently, driven variously by morality, legal liability, and business logic.

  “At the top of the industry, there are different rules that they impose on themselves… It’s kind of up to the eye of the beholder.” — Matt Kapko [03:53]

• The ‘Wild West’ Nature of the Field

  • Lack of oversight, certification, or shared standards leads to conflicts of interest and variable quality of service.
  • Notable quote from industry expert John DiMaggio:

  “He was pretty blunt... there's no certification, there's no peer review... He categorized it as the Wild West.” — Greg Otto [04:41]

• Fee Structures: Conflicts of Interest

  • Some negotiators charge flat fees, others hourly rates or a percentage of ransom reduction—raising concerns about incentives and victim outcomes alike.

  “There are some that charge a percentage of the ransom reduction... which obviously just creates more conflicts of interest.” — Matt Kapko [05:48]

• Calls for Frameworks & Lessons Learned

  • Most practitioners are resistant to openly sharing negotiation outcomes, fearing it would empower attackers.
  • There's general support for anonymized sharing of lessons learned as an ethical and educational compromise.

  “Everybody I spoke with said that open sharing of these ransom negotiations is just not going to happen. They just see it as a non starter.” — Matt Kapko [08:55]

• Unresolved Questions and Industry Secrecy

  • The core question remains: Is it possible, or desirable, to ban ransom payments entirely, and what would real oversight look like?

  “It comes back to just that simplified, you know, pay or not pay and what levers can be pulled to enforce a ban on ransom payments.” — Matt Kapko [10:23]

Notable Segment

• “The thin line between saving a company and funding a crime.” — Greg Otto [10:53]
• End of Segment: [11:12]

A Whole-of-Society Cyber Defense: Insights from Lt. Gen. Charles "Tuna" Moore, Jr.

Guest: Ret. Lt. Gen. Charles Moore, Jr., former Deputy Commander, U.S. Cyber Command, visiting professor at Vanderbilt University
Segment Start: [13:09]

Main Discussion Points

The Challenge: An Invisible, Persistent Cyber Conflict

• The general public sees only the most spectacular breaches, not the day-to-day reality of continual cyber “confrontation.”
• The cyber conflict underpins not just national security but economic stability and social trust.

  "The environment has significantly changed and we are at a very unique period in time here... it underpins everything we do." — Lt. Gen. Moore [16:12]

The Limits of Traditional Deterrence

• U.S. cyber deterrence below the threshold of armed conflict (like espionage, intellectual property theft) is largely unachievable.
• Adversaries can pre-position within critical infrastructure without crossing “use of force” red lines, making them difficult to deter.

  "We have no proof... that we can perform functions or take actions that deter adversaries from operations that occur below the level of use of force..." — Lt. Gen. Moore [19:05]

  • Analogy: Like foreign agents quietly planting explosives under America’s bridges—unacceptable in the physical world, but happening in cyberspace.

Proposal: The National Cyber Operations Team

• Concept: Integrate public and private sector cyber talent into a “team of teams” under operational control of U.S. Cyber Command (Title 10 authority).
• Why: Current approaches using contractors are piecemeal; this model would scale offensive capability, harness innovation, and maintain unity of command.
• Execution:
  • Teams could include both highly trained operators and those handling more basic tasks.
  • Private sector teams receive specific missions, innovate solutions, and sidestep bureaucratic bottlenecks.

  "Think of it as a cyber team, just like we see present at cybercom now, but totally made up of private sector individuals... under direct oversight... of U.S. Cyber Command." — Lt. Gen. Moore [25:18]

The Machine-vs-Machine Future and the Role of AI

• Cyber operations are shifting to machine speed; humans must leverage AI to stay relevant, both defensively and offensively.
• AI enables proactive operations, rapid data triage, behavioral analysis, and response coordination.

  "If you're reacting in war fighting, you're losing. So if we want to be proactive, we have to be able to operate at the speed of relevance, which is machine speed. AI gives us the ability to do that." — Lt. Gen. Moore [29:33]

Structural Agility: Overcoming Bureaucracy

• Acquisition reform is essential; current government procurement processes are too slow and inflexible.
• Voluntary information sharing is no longer enough; the future demands persistent, transparent data sharing—especially concerning critical infrastructure.

  "We have to move into involuntary... data sharing and persistent transparency... so that we can be proactive and not reactive." — Lt. Gen. Moore [33:08]

Memorable Quotes & Insights

• On the nature of modern cyber conflict:

  "A continuous confrontation largely invisible to most of the American public." — Report/Host Greg Otto [14:07]

• On adversaries' persistent presence:

  "They're pre-positioning themselves inside of our critical infrastructure, but not taking action..." — Lt. Gen. Moore [19:05]

• On industry self-regulation in ransomware negotiation:

  “It’s kind of up to the eye of the beholder. Everyone can decide how far they’re willing to take this and what they feel comfortable with...” — Matt Kapko [03:53]

Notable Timestamps

• [02:32] — The realities of ransomware negotiations with Matt Kapko
• [08:55] — Dilemmas over sharing negotiation outcomes; calls for anonymized lessons learned
• [13:09] — Introduction of Lt. Gen. Charles "Tuna" Moore and the new cyber strategy report
• [16:12] — The hidden nature of U.S. cyber conflict
• [19:05] — The limits of cyber deterrence below the armed conflict threshold
• [22:40] — The proposal for a National Cyber Operations Team
• [25:18] — How the National Cyber Operations Team would differ from current models
• [29:33] — Impact and importance of AI in cyber operations
• [33:08] — The need for mandatory data sharing in critical infrastructure defense

Tone and Takeaways

• The episode maintains a frank, sober, and pragmatic tone—neither alarmist nor complacent, but urging urgency and innovation.
• There is sharp focus on the ethical, legal, and practical ambiguities that define both ransomware negotiation and public-private defense cooperation.
• Both interviews stress a need for systemic reform: more transparency, new frameworks, and a future-oriented embrace of technology and organizational agility.
• Listeners unfamiliar with the deep workings of cybersecurity will walk away with a better understanding of why cyber conflict is uniquely complex, largely invisible, and yet critically important to American society and security.

For more, visit cyberscoop.com and find the full text of Lt. Gen. Moore's report, "Dominating the Digital Space: A Whole of Society Strategy for Securing the United States from Cyber Aggression."