Vibe coding is great, until it isn’t. AI-native solutions should aim to offer a better service at a cost where customers aren’t required to vibe code.
One of the main challenges with traditional software was that they had a "one-size-fits-all" mindset. AI finally allows us to do one-size-fits-one, without the added overhead. 😅
More on my thoughts here...
https://t.co/xcMAM8u0v2
Ed Bellis is the visionary who essentially created the Risk-Based Vulnerability Management (RBVM) category in 2010. From his days as CISO at Orbitz to founding Kenna Security in a market that didn't yet know it needed prioritization, Ed has consistently pushed the boundaries of cybersecurity.
In this episode, Ed unpacks the grueling reality of convincing early investors and customers to put their vulnerability data in the cloud, the game-changing pivot that gave Kenna true product-market fit, and the candid truth behind what went wrong after the massive Cisco acquisition. He also dives into his new venture, Empirical Security, the role of AI in "eating the scanner," and why the industry needs to finally ditch the fear-mongering.
https://t.co/MUeMZv7eei
Excited to welcome @colegrolmus to my interview series (Noise2Signal). If the cybersecurity media is broken then it only makes sense to talk to the person who is actually taking steps to fix it. Cole is truly an N of 1. There is no one like him in independent cyber security media.
I really enjoy reading his commentary and analysis on cybersecurity companies and the ecosystem. His writing is so good on the companies and categories that I "claim" 😉 to understand that I trust his analysis on companies that I don't understand really well.
In this interview we talk about a lot of things.
Here are some highlights :
- Origins of Strategy of Security, and the initial setbacks. 😅
- The broken state of cyber security media. ⛓️💥
- What makes his posts viral? (hint: Nikesh Arora) 🔥
- Which companies will die because of AI? ⚰️
- And finally how cyber security careers will evolve with AI.
Full Episode : https://t.co/M6UU2DGQl7
As I have said before the goal of these interviews is to educate and inform and bring different perspectives to light. If you are looking for more fear mongering and FUD then you will get NO value from these interviews 😀.
Also, if you have interesting insights and stories to tell. Drop me a line.
Subscribe to the channel @FromNoise2Signal for new interview updates. I have some amazing interviews lined up.
https://t.co/04ZzaNNHaq
raison d'etre for the interview series :
https://t.co/42futWXxlO
I had fun interviewing @hdmoore about the current state of offensive security and how we got here as part of Noise2Signal interview series.
We covered a lot of ground, here are some highlights :
- The early days of Metasploit and how he helped kill ActiveX ⚰️
- How he spends his "spare time" breaking AI models 😃
- Some spicy takes on over-funded startups 🔥🔥
- Why Port 4444 is blocked forever and how jail doors could (potentially) be popped remotely.
Full Episode : https://t.co/xpo7fV1vPd
I am honored to kick off my interview series with Renaud Deraison.
Renaud is a friend, a mentor, and a former boss (a good boss btw, all salary increments followed a hockey stick pattern 😀). As the creator of Nessus and the co-founder of Tenable, he is a true OG and a GOAT of our industry.
Nessus is one of the most used network scanning tools in the world. To give some context, when Log4Shell hit, his team setup a dns server to verify callbacks and confirm the vulnerability. And the dns server was getting ~ 5 Million hits/second.
In this episode, we cover a lot of ground: from his latest open-source project Bromure (a secure browser), to how he has achieved a 1,000x improvement in shipping speed using AI. We look back at the early days of Nessus and the design principles forced on him by the on-prem era, contrasted with how he would build the entire thing today in the age of AI. Was creating NASL a mistake? Maybe, maybe not. We also discuss his current coding workflow, including the hilarity of watching AI agents quarrel amongst each other only to ship inferior code. We talk about the future of defensive cyber security solutions.
And finally, with someone of his pedigree it would have been trivial to raise a 20M series A or even a seed round for one of his OSS projects, but he didn't. And instead decided to give it away free with MIT license. He explains why, and the pros and cons of fundraising too much or too little in the age of AI.
Renaud delivers all of this with his signature French satirical humor (IYKYK).
It's a fascinating insight into one of the finest engineering minds of our era.
https://t.co/uNO0bOsQWk
Please enjoy the episode.
Last week was a brutal week for cybersecurity stocks. And I enjoyed every bit of it. For one reason and one reason alone.
It helped expose all the charlatans who asked if “cybersecurity is dead” as people who don’t actually understand cyber or security. If nothing else I at least now know a group people to not take advice from ;)
The rapid advancement of AI shouldn’t surprise anyone. We are about to see an onslaught of industrial-scale exploitation, essentially "agents gone wild."
The defenders must adapt, but luckily the playbook hasn't changed as much as you'd think:
- Reduce the attack surface.
- Implement rigorous security controls.
- Patch vulnerabilities before the bad actors find them.
Also, while we are on the topic of replacing software. The easiest thing to replace is an AI model. Just ask OpenAI ;)
https://t.co/3k2ws2qOBI
As organizations deploy the first iterations of AI agents, a distinct pattern is emerging. I call it the AI Agent Barbell Problem. 🏋
Right now, we are looking at a structural issue in the market: heavy weights on both ends, connected by a thin, fragile middle.
On one side: The Hyperscalers.
On the other: Siloed niche tools.
Both connected by a thin fragile middle.
More on my thoughts here....
https://t.co/e7UGetGLOp
I recently read about a service that charges $30,000 to name your newborn. I nearly fell off my chair. I’ve always felt that naming a child is a deeply personal act, one of those things you just don't outsource.
Until recently, I thought hiring a sleep consultant to make your baby sleep through the night was the ultimate "high-water mark" of wealth. But this? This is something else entirely.
It got me thinking: what makes a name actually good, whether it’s for a baby or a product? With hashtag#RSAC (aka product launch season) just around the corner, I thought I will share five naming principles I’ve picked up over the years.
It’s a fun post, but if you actually need help naming something, drop me a line. I charge way less than $30k, and I take Venmo 😜.
Happy New Year All 🙌
https://t.co/67dbZrBstW
McAfee Vulnerability Manager, BeyondTrust Enterprise Vulnerability Manager, and now Cisco Vulnerability Management. Another one bites the dust !!!
The history of vulnerability management (VM) is littered with vendors who tried to expand into the space, only to realize it is the "easiest-looking hard category" to crack.
Few quick thoughts why this category is so deceptively difficult to disrupt, where the incumbents are vulnerable, and why the path to scale now requires alignment with the industry's biggest players or the newest players.
https://t.co/DTLPkUcELX
Soul-crushing, Gut-wrenching, Mind-numbing. Those were just a few of the epithets hurled at the mere mention of an upcoming compliance audit. 🤦♂️
For years, I’d built compliance tools that helped teams collect evidence for these very audits. I never really understood why an audit caused teams to spiral out of control. That was until recently though, when I found myself on the other side of the table going through an SOC 2/IS0 27001 audit.
Having been through one now, I have come to appreciate the value of these audits, but I also think adjectives you’ve heard are still euphemisms for the pain you actually endure. 😉
The cynic in me has come to believe that compliance is a jobs program. A benign virus disguised as a vaccine unleashed on unsuspecting organizations by the powers that be. Creating a situation where you are playing a two player game between you and your customer with an infinite set of referees. Each asking something slightly different. 🤯
More on our journey and my thoughts on the compliance-industrial-complex here... 👇
https://t.co/b5tqy6RI4i
“We’re investing against the thesis that basically all incumbents are going to get nuked. And everything is going to get rebuilt from scratch, just across the board.” - Marc Andreessen
A provocative statement from Marc, and one that got me thinking.
And I found myself reading Forrester's Q3, 2025 Unified Vulnerability Management (UVM) report over the weekend , and I couldn't help but wonder what happens to this category in the age of AI. Do we see an incremental change or a complete rebuild?
Here's my take.
It’s a long one, so grab a cup of coffee ☕️ and settle in. It's a fun read with a brief history into VM 😉.
https://t.co/IJKxoCaYkm
Everyone Is a Prompt Engineer — Even Product Managers
In the early days of ChatGPT, someone said,
“Everyone will be a prompt engineer.”
I remember scoffing at the idea, even making fun of it. But today’s AI tools and LLM's have become so good that I find myself eating my own words. I now use prompts daily to save time and improve almost everything I do — even product management.
Here's a playbook I use to save time, build shared understanding with the team, and ultimately build better products.
https://t.co/tRpW4pkxTl