Podcast Summary:

To The Point – Cybersecurity
Episode: From Passwords to Quantum Threats: Securing Remote Access in a Rapidly Changing World with Neil Gad
Date: March 10, 2026
Host: Rachael Lyon
Co-Host: Jonathan Knepher
Guest: Neil Gad, Chief Product & Technology Officer, RealVNC

Episode Overview

This episode dives deep into modern remote access threats, the evolution of cybersecurity strategies, and how emerging technologies like AI and quantum computing are transforming how organizations protect access and data. Neil Gad shares a practical, “secure by design” philosophy, essential controls for remote access, and his predictions for the rapidly-evolving threat landscape. The conversation is candid, insightful, and relevant for cybersecurity leaders, technologists, and anyone interested in the next frontier of digital security.

Key Discussion Points & Insights

1. The Shift from Malware to Credential-based Ransomware (00:33)

• Credential Over Malware: Rachael Lyon opens by noting a new trend: attackers now increasingly use legitimate credentials instead of malware to breach systems and deploy ransomware.
• Neil Gad’s Insight:

  “Remote access, by definition, is creating a way to access devices across networks... and that's often in conflict with what a cybersecurity professional is trying to do.” ([02:49])

2. Secure by Design Principles in Remote Access (03:23–05:50)

• Software Must Be Built Securely from the Start:
  • Secure design isn’t an afterthought—it’s essential to prevent hijacking of remote access tools.
• Table Stakes for Security:
  • End-to-End Encryption: Many older systems, especially industrial frameworks, are still using unencrypted open-source solutions—an obvious risk.
  • Granular Role-Based Access Control: Control and audit exactly who accesses what, when, and with what permissions.
  • Comprehensive Auditing:

    “There needs to be an audit trail to know who connected to which device, when, and what did they do…” ([04:22])

3. New & Overlooked Risks (App Sprawl, LLM Data Exfiltration) (06:16–08:17)

• Application Sprawl as an Attack Surface: Multiple apps and login pathways increase vulnerability.
• AI & LLMs as Data Leaks:
  • Proprietary data can be mistakenly exfiltrated into LLMs; organizations should implement enterprise data protection controls.
  • Neil:

    “An employee uploads a bunch of proprietary info—could be source code—into an LLM, and that contains proprietary information…” ([07:08])

4. Cloud vs. On-Premise Security (10:35–14:33)

• Cloud Remote Access: Secure with robust controls (encryption, permissions), but endpoints remain vulnerable.
• On-Premise Preference: Particularly vital for industrial critical infrastructure due to air-gapped, firewall-protected environments.
• Hybrid Trend: Post-pandemic, there’s been a resurgence in on-premise adoption for its inherent “hiding,” but complexity and evolving workflow demands may push some back to the cloud.

  “On premises is by design more secure because there’s no Internet connection. But also cloud with the right controls... can also be equally as effective…” ([12:59])

5. Hidden Backdoors in On-Prem Deployments (14:51–16:39)

• Commonality of Backchannels:
  • Many supposedly "on-prem" solutions maintain connections back to vendors (for analytics, updates), introducing risk.
  • True 100% on-prem is hard to achieve but sometimes mandatory, especially in manufacturing/critical infrastructure.

  “It’s actually a lot harder to do software that is fully on premise with no cloud connection because it puts more work on the customer…” ([15:48])

6. The Inevitable Hybrid Future (16:51–17:44)

• AI-Enabled Workflows Will Push for Cloud Integration:
  • Need to provide on-premise-level security with cloud-enabled AI-driven operations.

7. Embedding Security into Engineering (18:10–20:06)

• Top-Down Security: Cybersecurity teams must provide guardrails before engineering begins development.

  “There’s no good building stuff and then going to the cybersecurity team and saying, hey, what do you think of this? You kind of have to do it the other way around.” ([18:54])

• Innovation vs. Security: Ongoing tension exists, but creative cooperation can yield both seamless customer experience and robust defense.

8. Frameworks to Guide Secure Development (20:23–21:07)

• Zero Trust, Least Privilege, and NIST:
  • Compliance with established standards (like NIST SDLC guidelines) removes debate—security must be "baked in," not bolted on.

9. Quantum Computing: Imminent or Distant? (21:07–23:14)

• Quantum Threat Immediacy:
  • The timeline for quantum computers capable of breaking current encryption could be as soon as the next decade, or even sooner.
  • NIST post-quantum cryptography standards (2024) are starting points, but true resilience remains uncertain.

  “A quantum computer... is going to be able to crack all encryption as we know it. So 256-bit encryption is going to be indefensible…” ([21:47])

10. AI Agents: The New Security Battleground (23:16–28:11)

• AI Will Accelerate Attack and Defense:
  • AI agents already can mimic humans (even “check the box” captchas).
  • Both defenders and attackers are leveraging AI to find vulnerabilities, creating an "agentic arms race."

  “AI agents are actually really good at checking the box that says 'I’m not a robot'… they're going to get really good at interacting with screens…” ([24:02])

• Agent Scale (Threat and Potential):
  • Thousands of autonomous agents interacting across devices compound the complexity of monitoring and defense.
• Safeguards:
  • Enterprise data protection, sandboxing, sub-compartmentalization of assets, and always retaining “human in the loop” are critical strategies.

11. Future of Authentication & MFA Fatigue (29:09–31:12)

• MFA is Here to Stay:
  • Biometric and multi-factor are the main defenses as AI can emulate human behavior.
  • MFA is likely to become more sophisticated, maybe more steps, focused on “proof of true human presence.”

  “I can tell you this checkbox, 'I’m not a robot', is not a defense anymore…” ([30:25])

12. Next 5–10 Years: The Road Ahead for Remote Access (31:12–32:45)

• Key Future Challenges:
  • Building secure, cloud-connected “hybrid” remote access that preserves on-premise-grade security while enabling AI-powered efficiency.
  • Managing agentic interaction with devices in a way that preserves security and data integrity.

  “How do you solve for and optimize a remote access product to be used by AI agents in a secure way? That... is a really fascinating question…” ([32:20])

13. The Growing Power and Responsibility of Cyber Teams (32:30–33:37)

• The pace of innovation means cybersecurity teams' influence and necessity will only increase.

14. Advice for Next-Gen Talent (33:37–35:43)

• Most Valuable Skills:
  • Beyond coding, critical thinking, empathy, problem-solving, and orchestration are the durable, future-proof abilities.
  • AI lacks breadth, context, and real-world experience—humans with big-picture, empathetic judgment are irreplaceable.

  “It’s moved beyond being able to code Python or have a specific skill. I think what’s really valuable is critical thinking, is empathy…” ([34:09])

Notable Quotes

• “Remote access, by definition, is creating a way to access devices across networks… and that's often in conflict with what a cybersecurity professional is trying to do.”
  – Neil Gad ([02:49])

• “All it takes is an unauthorized remote access application to be on someone’s machine and all of a sudden you have a backdoor out of that organization to somewhere else.”
  – Neil Gad ([08:42])

• “A quantum computer… is going to be able to crack all encryption as we know it.”
  – Neil Gad ([21:47])

• “AI agents are actually really good at checking the box that says I'm not a robot… they're going to get really good at interacting with screens.”
  – Neil Gad ([24:02])

• “There's no good building stuff and then going to the cybersecurity team and saying, hey, what do you think of this? You kind of have to do it the other way around.”
  – Neil Gad ([18:54])

• “It’s moved beyond being able to code Python or have a specific skill... what’s really valuable is critical thinking, is empathy.”
  – Neil Gad ([34:09])

Timestamps for Key Segments

• 01:02: Credential-based intrusion replaces malware as a primary attack vector
• 03:23: Secure by design principles for remote access
• 06:16: New threats: application sprawl & data exfiltration into LLMs
• 10:35: Cloud vs. on-premise security approaches
• 14:51: Hidden backdoors in “on-prem” solutions
• 18:10: Embedding security upfront—not after the fact
• 21:07: The quantum computing threat and NIST post-quantum standards
• 23:16: AI agents as the new attack/defense battleground
• 29:09: Multifactor authentication’s future as AI advances
• 31:28: The next decade for remote access security
• 33:37: Key skills for up-and-coming talent in cybersecurity

Tone & Style

The episode is a lively, expert-driven discussion blending advanced technical concepts with practical, real-world advice. Both seasoned leaders and new entrants to cybersecurity will benefit from the clarity and directness of Neil Gad’s insights.

For Listeners

If you want off-the-record wisdom on how organizations should defend against the next wave of digital risks—from insider threats and credential-based attacks to AI agents and the quantum future—you’ll find this episode both informative and actionable.
No matter your background, the clear takeaways and honest predictions make it an essential listen for anyone tasked with defending remote access in a rapidly changing world.