<?xml version="1.0" encoding="UTF-8"?><rss xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:atom="http://www.w3.org/2005/Atom" version="2.0" xmlns:itunes="http://www.itunes.com/dtds/podcast-1.0.dtd" xmlns:psc="http://podlove.org/simple-chapters" xmlns:podcast="https://podcastindex.org/namespace/1.0"><channel><title><![CDATA[ZeroSum]]></title><description><![CDATA[<p>ZeroSum is a new cybersecurity podcast that aims to talk honestly about the state of the cybersecurity industry. The show rejects standard "threat of the week" news breakdowns and instead focuses on the reality of the market. Viewing the industry through the lens of game theory, the podcast explores how the current cyber market is no longer a rising tide that lifts all boats; for massive VC gambles to win, the burnt-out practitioners on the ground are often the ones losing. The show features guests from all perspectives, including vendors, investors, workers, and CISOs.</p><p></p>]]></description><link>https://riverside.com</link><generator>Riverside.fm (https://riverside.com)</generator><lastBuildDate>Tue, 14 Jul 2026 09:24:24 GMT</lastBuildDate><atom:link href="https://api.riverside.com/hosting/wXwa7eyW.rss" rel="self" type="application/rss+xml"/><author><![CDATA[Aaron Mog]]></author><pubDate>Sat, 13 Jun 2026 18:37:22 GMT</pubDate><copyright><![CDATA[2026 Aaron Mog]]></copyright><language><![CDATA[en]]></language><ttl>60</ttl><category><![CDATA[Business]]></category><category><![CDATA[Technology]]></category><itunes:author>Aaron Mog</itunes:author><itunes:summary>&lt;p&gt;ZeroSum is a new cybersecurity podcast that aims to talk honestly about the state of the cybersecurity industry. The show rejects standard &quot;threat of the week&quot; news breakdowns and instead focuses on the reality of the market. Viewing the industry through the lens of game theory, the podcast explores how the current cyber market is no longer a rising tide that lifts all boats; for massive VC gambles to win, the burnt-out practitioners on the ground are often the ones losing. The show features guests from all perspectives, including vendors, investors, workers, and CISOs.&lt;/p&gt;&lt;p&gt;&lt;/p&gt;</itunes:summary><itunes:type>episodic</itunes:type><itunes:owner><itunes:name>Aaron Mog</itunes:name><itunes:email>aaron@zerosumpodcast.com</itunes:email></itunes:owner><itunes:explicit>no</itunes:explicit><itunes:category text="Business"/><itunes:category text="Technology"/><itunes:image href="https://hosting-media.riverside.com/media/podcasts/23a4d576-775e-4d68-b1b3-70b029cc414e/logos/6e34f3e3-f55a-4b2c-b2b2-526091c31a51.png"/><item><title><![CDATA[Is Anybody Safe? Adaptability in the Age of AI Disruption - with Mark Carney]]></title><description><![CDATA[<p>Is any security company safe from AI disruption? Evolve Security CEO Mark Carney's answer: no and that's the wrong question anyway.</p><p></p><p>Aaron talks with Mark Carney, CEO of Evolve Security and one of the OG figures in security services, about where the industry sits at a genuine inflection point. Mark breaks down why tech-enabled services are hotter than ever while human-only services are a dying breed, and how private equity now runs "AI disruption due diligence" before writing big checks.</p><p></p><p>We get into:</p><ul><li>Why finding vulnerabilities became a commodity — and where the real value lives now</li><li>Why Evolve deliberately isn't using AI for autonomous exploitation yet</li><li>The 50% false-positive problem with autonomous pen testing tools</li><li>Attack chains, business logic, and prioritizing high-impact exposures</li><li>Chartering an "autonomous enterprise" across every business function</li><li>The death of tasteful outbound and the abuse of the CISO relationship</li><li>Career advice for a tough market: deliver outcomes, not activity<p></p></li></ul><p>Guest: Mark Carney, CEO of Evolve Security. Find him at <a rel="noopener noreferrer nofollow" href="http://evolvesecurity.com" target="_blank">evolvesecurity.com</a> or on LinkedIn.</p>]]></description><guid isPermaLink="false">2848ee3e-796a-439d-baba-82af37c4b056</guid><dc:creator><![CDATA[Aaron Mog]]></dc:creator><pubDate>Tue, 07 Jul 2026 15:55:17 GMT</pubDate><enclosure url="https://api.riverside.com/hosting-analytics/media/9a1da883766d72047032dcfb3372a49ed1f1d094dcb2073ca66106f558a4ba41/eyJlcGlzb2RlSWQiOiIyODQ4ZWUzZS03OTZhLTQzOWQtYmFiYS04MmFmMzdjNGIwNTYiLCJwb2RjYXN0SWQiOiIyM2E0ZDU3Ni03NzVlLTRkNjgtYjFiMy03MGIwMjljYzQxNGUiLCJhY2NvdW50SWQiOiI2YTJkOWIwNmFmMWEyOWFmYzA5ODFlOTQiLCJwYXRoIjoibWVkaWEvY2xpcHMvNmE0NmEwOTU4NjViZWMyOWI2ODIyYzcyL2Fhcm9ucy1zdHVkaW8tRDUxMUMtY29tcG9zZXItMjAyNi03LTJfXzE5LTMyLTUubXAzIn0=.mp3" length="115833356" type="audio/mpeg"/><podcast:transcript url="https://hosting-media.riverside.com/media/podcasts/23a4d576-775e-4d68-b1b3-70b029cc414e/episodes/2848ee3e-796a-439d-baba-82af37c4b056/transcripts.txt" type="text/plain"/><itunes:summary>&lt;p&gt;Is any security company safe from AI disruption? Evolve Security CEO Mark Carney&apos;s answer: no and that&apos;s the wrong question anyway.&lt;/p&gt;&lt;p&gt;&lt;/p&gt;&lt;p&gt;Aaron talks with Mark Carney, CEO of Evolve Security and one of the OG figures in security services, about where the industry sits at a genuine inflection point. Mark breaks down why tech-enabled services are hotter than ever while human-only services are a dying breed, and how private equity now runs &quot;AI disruption due diligence&quot; before writing big checks.&lt;/p&gt;&lt;p&gt;&lt;/p&gt;&lt;p&gt;We get into:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;Why finding vulnerabilities became a commodity — and where the real value lives now&lt;/li&gt;&lt;li&gt;Why Evolve deliberately isn&apos;t using AI for autonomous exploitation yet&lt;/li&gt;&lt;li&gt;The 50% false-positive problem with autonomous pen testing tools&lt;/li&gt;&lt;li&gt;Attack chains, business logic, and prioritizing high-impact exposures&lt;/li&gt;&lt;li&gt;Chartering an &quot;autonomous enterprise&quot; across every business function&lt;/li&gt;&lt;li&gt;The death of tasteful outbound and the abuse of the CISO relationship&lt;/li&gt;&lt;li&gt;Career advice for a tough market: deliver outcomes, not activity&lt;p&gt;&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;Guest: Mark Carney, CEO of Evolve Security. Find him at &lt;a rel=&quot;noopener noreferrer nofollow&quot; href=&quot;http://evolvesecurity.com&quot; target=&quot;_blank&quot;&gt;evolvesecurity.com&lt;/a&gt; or on LinkedIn.&lt;/p&gt;</itunes:summary><itunes:explicit>no</itunes:explicit><itunes:duration>01:00:20</itunes:duration><itunes:image href="https://hosting-media.riverside.com/media/podcasts/23a4d576-775e-4d68-b1b3-70b029cc414e/logos/6e34f3e3-f55a-4b2c-b2b2-526091c31a51.png"/><itunes:season>1</itunes:season><itunes:episode>3</itunes:episode><itunes:title>Is Anybody Safe? Adaptability in the Age of AI Disruption - with Mark Carney</itunes:title><itunes:episodeType>full</itunes:episodeType></item><item><title><![CDATA[The Scariest Story a CISO Has Ever Told the Board - with Jason Loomis]]></title><description><![CDATA[<p>"This is the scariest story I've ever had to tell my board."</p><p>CISO Jason Loomis on what AI is really doing to security teams.</p><p></p><p>Aaron sits down with Jason Loomis for a raw, funny, unfiltered conversation about AI's impact on security teams, careers, and the humans caught in the middle. Jason lays out his "farm team" problem: the tier-one SOC, GRC, and help desk roles that grow new talent are being automated away and he's brutally honest with his own team about it.</p><p></p><p>We get into:</p><ul><li>Why the security fundamentals haven't changed in 20 years, even as velocity explodes</li><li>The hype gap between vendor promises and enterprise reality</li><li>Vulnerability chaining in the era of frontier models</li><li>Why AppSec is the problem actually worth solving</li><li>The build-vs-buy debate for security tooling</li><li>A myth-busting rant on AI data paranoia and security theater</li><li>Why "security is a revenue generator" is a line CISOs need to stop repeating<p></p></li></ul><p>Guest: Jason Loomis, CISO at Freshworks and co-host of the new "Gen and Tonic" podcast. Find him on LinkedIn (no pitch-slapping, please).</p>]]></description><guid isPermaLink="false">69e87474-b242-4e02-9a41-f462d71f6666</guid><dc:creator><![CDATA[Aaron Mog]]></dc:creator><pubDate>Tue, 07 Jul 2026 15:47:47 GMT</pubDate><enclosure url="https://api.riverside.com/hosting-analytics/media/815624ebdf055302c70d42bcfc0ce8b9d5aa807f996fc4d29230fe0428817ba1/eyJlcGlzb2RlSWQiOiI2OWU4NzQ3NC1iMjQyLTRlMDItOWE0MS1mNDYyZDcxZjY2NjYiLCJwb2RjYXN0SWQiOiIyM2E0ZDU3Ni03NzVlLTRkNjgtYjFiMy03MGIwMjljYzQxNGUiLCJhY2NvdW50SWQiOiI2YTJkOWIwNmFmMWEyOWFmYzA5ODFlOTQiLCJwYXRoIjoibWVkaWEvY2xpcHMvNmE0ZDFkYTEyNTExODliYThlN2FmOTQ4L2Fhcm9ucy1zdHVkaW8tRDUxMUMtY29tcG9zZXItMjAyNi03LTdfXzE3LTM5LTEzLm1wMyJ9.mp3" length="113176807" type="audio/mpeg"/><podcast:transcript url="https://hosting-media.riverside.com/media/podcasts/23a4d576-775e-4d68-b1b3-70b029cc414e/episodes/69e87474-b242-4e02-9a41-f462d71f6666/transcripts.txt" type="text/plain"/><itunes:summary>&lt;p&gt;&quot;This is the scariest story I&apos;ve ever had to tell my board.&quot;&lt;/p&gt;&lt;p&gt;CISO Jason Loomis on what AI is really doing to security teams.&lt;/p&gt;&lt;p&gt;&lt;/p&gt;&lt;p&gt;Aaron sits down with Jason Loomis for a raw, funny, unfiltered conversation about AI&apos;s impact on security teams, careers, and the humans caught in the middle. Jason lays out his &quot;farm team&quot; problem: the tier-one SOC, GRC, and help desk roles that grow new talent are being automated away and he&apos;s brutally honest with his own team about it.&lt;/p&gt;&lt;p&gt;&lt;/p&gt;&lt;p&gt;We get into:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;Why the security fundamentals haven&apos;t changed in 20 years, even as velocity explodes&lt;/li&gt;&lt;li&gt;The hype gap between vendor promises and enterprise reality&lt;/li&gt;&lt;li&gt;Vulnerability chaining in the era of frontier models&lt;/li&gt;&lt;li&gt;Why AppSec is the problem actually worth solving&lt;/li&gt;&lt;li&gt;The build-vs-buy debate for security tooling&lt;/li&gt;&lt;li&gt;A myth-busting rant on AI data paranoia and security theater&lt;/li&gt;&lt;li&gt;Why &quot;security is a revenue generator&quot; is a line CISOs need to stop repeating&lt;p&gt;&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;Guest: Jason Loomis, CISO at Freshworks and co-host of the new &quot;Gen and Tonic&quot; podcast. Find him on LinkedIn (no pitch-slapping, please).&lt;/p&gt;</itunes:summary><itunes:explicit>no</itunes:explicit><itunes:duration>00:58:57</itunes:duration><itunes:image href="https://hosting-media.riverside.com/media/podcasts/23a4d576-775e-4d68-b1b3-70b029cc414e/logos/6e34f3e3-f55a-4b2c-b2b2-526091c31a51.png"/><itunes:season>1</itunes:season><itunes:episode>2</itunes:episode><itunes:title>The Scariest Story a CISO Has Ever Told the Board - with Jason Loomis</itunes:title><itunes:episodeType>full</itunes:episodeType></item><item><title><![CDATA[The Cyber Industry Is Moving Fast but Chasing the Wrong Things - with Cris Neckar]]></title><description><![CDATA[<p>The cyber industry is moving faster than ever and Cris Neckar thinks it's chasing the wrong things.</p><p></p><p>In the debut episode of Zero Sum, host Aaron Mog sits down with Cris Neckar, security researcher turned entrepreneur turned VC at Two Bears Capital in Whitefish, Montana. Cris traces his unusual path from hardcore offensive work to venture capital, and explains why the biggest roadblocks in security aren't technical but structural: broken incentives, revenue-first boards, and founders who fall in love with cool tech instead of customer problems.</p><p></p><p>We get into:</p><ul><li>The "scientist vs. salesman" failure mode that kills early-stage security startups</li><li>Why Cris's first diligence question is always "let me talk to your customers"</li><li>How the Cursor playbook rewrote the rules of company-building</li><li>How elite hackers use AI as a force-multiplier, not a replacement</li><li>Why "nobody wants to buy more red on a dashboard"</li><li>FinOps for AI spend, compliance-as-collateral, and betting on power and data centers<p></p></li></ul><p>Guest: Cris Neckar, Partner at Two Bears Capital. Connect on LinkedIn or pitch via the Two Bears website.</p><p></p><p><b>Cris is a Partner at Two Bear Capital.  The views he expresses are his own and do not necessarily reflect the views of TBC or its partners.</b></p>]]></description><guid isPermaLink="false">edbe6ff6-f5e5-48ec-8d63-382ee6f873cd</guid><dc:creator><![CDATA[Aaron Mog]]></dc:creator><pubDate>Tue, 07 Jul 2026 15:31:50 GMT</pubDate><enclosure url="https://api.riverside.com/hosting-analytics/media/f1d8f5a12e89b361f78bb00590c9cbe31295c0f6f1431b65c21f9fd69dd324b9/eyJlcGlzb2RlSWQiOiJlZGJlNmZmNi1mNWU1LTQ4ZWMtOGQ2My0zODJlZTZmODczY2QiLCJwb2RjYXN0SWQiOiIyM2E0ZDU3Ni03NzVlLTRkNjgtYjFiMy03MGIwMjljYzQxNGUiLCJhY2NvdW50SWQiOiI2YTJkOWIwNmFmMWEyOWFmYzA5ODFlOTQiLCJwYXRoIjoibWVkaWEvY2xpcHMvNmEzYWY5ZmQyNWMyMGVmZWVkZTM2ODQzL2Fhcm9ucy1zdHVkaW8tRDUxMUMtY29tcG9zZXItMjAyNi02LTIzX18yMy0yNi0yMS5tcDMifQ==.mp3" length="114502574" type="audio/mpeg"/><podcast:transcript url="https://hosting-media.riverside.com/media/podcasts/23a4d576-775e-4d68-b1b3-70b029cc414e/episodes/edbe6ff6-f5e5-48ec-8d63-382ee6f873cd/transcripts.txt" type="text/plain"/><itunes:summary>&lt;p&gt;The cyber industry is moving faster than ever and Cris Neckar thinks it&apos;s chasing the wrong things.&lt;/p&gt;&lt;p&gt;&lt;/p&gt;&lt;p&gt;In the debut episode of Zero Sum, host Aaron Mog sits down with Cris Neckar, security researcher turned entrepreneur turned VC at Two Bears Capital in Whitefish, Montana. Cris traces his unusual path from hardcore offensive work to venture capital, and explains why the biggest roadblocks in security aren&apos;t technical but structural: broken incentives, revenue-first boards, and founders who fall in love with cool tech instead of customer problems.&lt;/p&gt;&lt;p&gt;&lt;/p&gt;&lt;p&gt;We get into:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;The &quot;scientist vs. salesman&quot; failure mode that kills early-stage security startups&lt;/li&gt;&lt;li&gt;Why Cris&apos;s first diligence question is always &quot;let me talk to your customers&quot;&lt;/li&gt;&lt;li&gt;How the Cursor playbook rewrote the rules of company-building&lt;/li&gt;&lt;li&gt;How elite hackers use AI as a force-multiplier, not a replacement&lt;/li&gt;&lt;li&gt;Why &quot;nobody wants to buy more red on a dashboard&quot;&lt;/li&gt;&lt;li&gt;FinOps for AI spend, compliance-as-collateral, and betting on power and data centers&lt;p&gt;&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;Guest: Cris Neckar, Partner at Two Bears Capital. Connect on LinkedIn or pitch via the Two Bears website.&lt;/p&gt;&lt;p&gt;&lt;/p&gt;&lt;p&gt;&lt;b&gt;Cris is a Partner at Two Bear Capital.  The views he expresses are his own and do not necessarily reflect the views of TBC or its partners.&lt;/b&gt;&lt;/p&gt;</itunes:summary><itunes:explicit>no</itunes:explicit><itunes:duration>00:59:38</itunes:duration><itunes:image href="https://hosting-media.riverside.com/media/podcasts/23a4d576-775e-4d68-b1b3-70b029cc414e/logos/6e34f3e3-f55a-4b2c-b2b2-526091c31a51.png"/><itunes:season>1</itunes:season><itunes:episode>1</itunes:episode><itunes:title>The Cyber Industry Is Moving Fast but Chasing the Wrong Things - with Cris Neckar</itunes:title><itunes:episodeType>full</itunes:episodeType></item><item><title><![CDATA[Breaking In, Standing Out, and Becoming a "Data Shepherd" — with Wade Wells]]></title><description><![CDATA[<p>Entry-level security jobs are vanishing so how does anyone break in now? Detection engineer and educator Wade Wells has thoughts.</p><p></p><p>Detection engineer, educator, and B-Sides San Diego organizer Wade Wells joins Aaron for a practical, honest look at entering and surviving in security today. Wade, who teaches cybersecurity students across all levels, admits the field moves so fast he can no longer confidently tell students what to do, since even the old advice can now be faked with AI.</p><p></p><p>We get into:</p><ul><li>Why networking and a genuine community footprint beat a perfect résumé</li><li>The collapse of entry-level roles and the patience the job market now demands</li><li>The "AI slop" problem: people submitting work they never read</li><li>Why everyone is becoming a developer — or a "data shepherd" who validates what AI builds</li><li>The reckless reality of businesses uploading confidential data to AI</li><li>The coming "AI living off the land" attack and the yes-but approach to security<p></p></li></ul><p>Guest: Wade Wells, detection engineer and B-Sides San Diego organizer. Catch him at DEFCON or on LinkedIn and Twitter — just mention where you found him.</p>]]></description><guid isPermaLink="false">3be3021b-af4c-476e-a25a-fcf5425c4b34</guid><dc:creator><![CDATA[Aaron Mog]]></dc:creator><pubDate>Tue, 07 Jul 2026 15:16:25 GMT</pubDate><enclosure url="https://api.riverside.com/hosting-analytics/media/4d046fe580f044511450ce15b610d43eced97827d0c937bbffe3d32a4319301f/eyJlcGlzb2RlSWQiOiIzYmUzMDIxYi1hZjRjLTQ3NmUtYTI1YS1mY2Y1NDI1YzRiMzQiLCJwb2RjYXN0SWQiOiIyM2E0ZDU3Ni03NzVlLTRkNjgtYjFiMy03MGIwMjljYzQxNGUiLCJhY2NvdW50SWQiOiI2YTJkOWIwNmFmMWEyOWFmYzA5ODFlOTQiLCJwYXRoIjoibWVkaWEvY2xpcHMvNmE0NTgyY2VhMzJhOWU2ODI4YzdkMTY2L2Fhcm9ucy1zdHVkaW8tRDUxMUMtY29tcG9zZXItMjAyNi03LTFfXzIzLTEyLTQ2Lm1wMyJ9.mp3" length="101820856" type="audio/mpeg"/><podcast:transcript url="https://hosting-media.riverside.com/media/podcasts/23a4d576-775e-4d68-b1b3-70b029cc414e/episodes/3be3021b-af4c-476e-a25a-fcf5425c4b34/transcripts.txt" type="text/plain"/><itunes:summary>&lt;p&gt;Entry-level security jobs are vanishing so how does anyone break in now? Detection engineer and educator Wade Wells has thoughts.&lt;/p&gt;&lt;p&gt;&lt;/p&gt;&lt;p&gt;Detection engineer, educator, and B-Sides San Diego organizer Wade Wells joins Aaron for a practical, honest look at entering and surviving in security today. Wade, who teaches cybersecurity students across all levels, admits the field moves so fast he can no longer confidently tell students what to do, since even the old advice can now be faked with AI.&lt;/p&gt;&lt;p&gt;&lt;/p&gt;&lt;p&gt;We get into:&lt;/p&gt;&lt;ul&gt;&lt;li&gt;Why networking and a genuine community footprint beat a perfect résumé&lt;/li&gt;&lt;li&gt;The collapse of entry-level roles and the patience the job market now demands&lt;/li&gt;&lt;li&gt;The &quot;AI slop&quot; problem: people submitting work they never read&lt;/li&gt;&lt;li&gt;Why everyone is becoming a developer — or a &quot;data shepherd&quot; who validates what AI builds&lt;/li&gt;&lt;li&gt;The reckless reality of businesses uploading confidential data to AI&lt;/li&gt;&lt;li&gt;The coming &quot;AI living off the land&quot; attack and the yes-but approach to security&lt;p&gt;&lt;/p&gt;&lt;/li&gt;&lt;/ul&gt;&lt;p&gt;Guest: Wade Wells, detection engineer and B-Sides San Diego organizer. Catch him at DEFCON or on LinkedIn and Twitter — just mention where you found him.&lt;/p&gt;</itunes:summary><itunes:explicit>no</itunes:explicit><itunes:duration>00:53:02</itunes:duration><itunes:image href="https://hosting-media.riverside.com/media/podcasts/23a4d576-775e-4d68-b1b3-70b029cc414e/logos/6e34f3e3-f55a-4b2c-b2b2-526091c31a51.png"/><itunes:season>1</itunes:season><itunes:episode>4</itunes:episode><itunes:title>Breaking In, Standing Out, and Becoming a &quot;Data Shepherd&quot; — with Wade Wells</itunes:title><itunes:episodeType>full</itunes:episodeType></item></channel></rss>