Sign up to save your podcasts
Or
Share Sounil Yu: How to Solve Problems & Manage Predicaments
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Sounil Yu: How to Solve Problems & Manage Predicaments
Welcome back to Zero Signal! In this solo episode, Conor Sherman sits down with Sounil Yu—Cybersecurity Hall of Fame inductee, SANS Lifetime Achievement Award recipient, and Chief AI Safety Officer at Knostic.
Sounil delivers a masterclass on navigating shifting security landscapes. He breaks down the difference between a "problem" (technologically fixable) and a "predicament" (a systemic risk to manage), such as collapsing exploitation timeframes following the release of "Mythos". Conor and Sounil also unpack why traditional TPRM questionnaires fail, how AI coding agents help teams replace "sick legacy pets" with "cattle" architectures, the Zero Trust renaissance, and why 10x-ing individual cognition will trigger organizational chaos without proper structural reorgs.
Continued Reading & Resources:
Knostic AI Infrastructure Security: https://knostic.ai
The Cyber Defense Matrix Hub: https://cyberdefensematrix.com/
Cyber Defense Matrix Book Guide: https://cyberdefensematrix.com/book/
Thinking, Fast and Slow by Daniel Kahneman: https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555
The Cynefin Framework overview via Dave Snowden: https://thecynefin.co/about-us/about-cynefin-framework/
Sounil’s Piece on Predicaments (2022): https://threatpost.com/security-problems-vs-predicaments/179267/
The AI Vulnerability Storm Whitepaper: https://labs.cloudsecurityalliance.org/research/ai-vulnerability-storm-mythos-ready-security-program/
Unprompted and Seasides Conferences: https://unprompted.co/ and https://seasides.io/
Crab Trap Open-Source Project by Brex: https://github.com/brex/crabtrap
Key Topics:
01:13 Meet Sounil Yu: Hall of Fame Thinker & Chief AI Safety Officer
03:54 Breaking Down the Cyber Defense Matrix: A 10-Year Retrospective
04:32 Applying the Cynefin Model: Chaotic, Complex, Complicated, Clear
05:50 The Ultimate Advice for Chaos: Don't Stand Still, Move
08:15 Problems vs. Predicaments: The Crucial Boardroom Distinction
09:21 Why Third-Party Risk Management (TPRM) Questionnaires Solve Nothing
12:54 Playing Bingo vs. Playing Blackout: Managing Cost Calculus
14:23 Facing the AI Vulnerability Tsunami: When Patches Fail
16:17 Legacy Systems as Sick Pets: The Case for Code Refactoring Agents
17:58 Moving from CIA to DIE: Distributed, Immutable, and Ephemeral
20:38 The Zero Trust Renaissance: Assembling the Bricks You Already Bought
23:08 The Three Little Pigs of AI Architecture: Building a Resilient Straw House
25:00 Mythos vs. Scaffolding: Exponential Trajectory in Vulnerability Disclosures
30:41 Inbound vs. Outbound Controls: The Criticality of Egress Filtering
33:24 Open Source Egress: Leveraging Tools Like Crab Trap
35:07 The Strategy of Allergic Reactions: Calibrating for Fast Environments
39:45 AI Convergence: What Happens When Everyone Becomes a Developer?
41:40 Individual Contributors as Task Masters: Assigning Agentic Workloads
42:52 System 1 vs. System 2 Thinking in Cybersecurity Risk
44:11 The Organizational Efficiency Mirage: Why You Haven't Seen the AI Payoff
46:12 Reorg Patterns: Borrowing Scaled Leadership Architecture from the Military
Meet our Sponsors:
Hampton North: Premier US-based cybersecurity search firm. Build your security team: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal
Sysdig: The leader in AI-powered real-time cloud defense. Stop watching, start defending: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal
View all episodes
By Conor ShermanWelcome back to Zero Signal! In this solo episode, Conor Sherman sits down with Sounil Yu—Cybersecurity Hall of Fame inductee, SANS Lifetime Achievement Award recipient, and Chief AI Safety Officer at Knostic.
Sounil delivers a masterclass on navigating shifting security landscapes. He breaks down the difference between a "problem" (technologically fixable) and a "predicament" (a systemic risk to manage), such as collapsing exploitation timeframes following the release of "Mythos". Conor and Sounil also unpack why traditional TPRM questionnaires fail, how AI coding agents help teams replace "sick legacy pets" with "cattle" architectures, the Zero Trust renaissance, and why 10x-ing individual cognition will trigger organizational chaos without proper structural reorgs.
Continued Reading & Resources:
Knostic AI Infrastructure Security: https://knostic.ai
The Cyber Defense Matrix Hub: https://cyberdefensematrix.com/
Cyber Defense Matrix Book Guide: https://cyberdefensematrix.com/book/
Thinking, Fast and Slow by Daniel Kahneman: https://www.amazon.com/Thinking-Fast-Slow-Daniel-Kahneman/dp/0374533555
The Cynefin Framework overview via Dave Snowden: https://thecynefin.co/about-us/about-cynefin-framework/
Sounil’s Piece on Predicaments (2022): https://threatpost.com/security-problems-vs-predicaments/179267/
The AI Vulnerability Storm Whitepaper: https://labs.cloudsecurityalliance.org/research/ai-vulnerability-storm-mythos-ready-security-program/
Unprompted and Seasides Conferences: https://unprompted.co/ and https://seasides.io/
Crab Trap Open-Source Project by Brex: https://github.com/brex/crabtrap
Key Topics:
01:13 Meet Sounil Yu: Hall of Fame Thinker & Chief AI Safety Officer
03:54 Breaking Down the Cyber Defense Matrix: A 10-Year Retrospective
04:32 Applying the Cynefin Model: Chaotic, Complex, Complicated, Clear
05:50 The Ultimate Advice for Chaos: Don't Stand Still, Move
08:15 Problems vs. Predicaments: The Crucial Boardroom Distinction
09:21 Why Third-Party Risk Management (TPRM) Questionnaires Solve Nothing
12:54 Playing Bingo vs. Playing Blackout: Managing Cost Calculus
14:23 Facing the AI Vulnerability Tsunami: When Patches Fail
16:17 Legacy Systems as Sick Pets: The Case for Code Refactoring Agents
17:58 Moving from CIA to DIE: Distributed, Immutable, and Ephemeral
20:38 The Zero Trust Renaissance: Assembling the Bricks You Already Bought
23:08 The Three Little Pigs of AI Architecture: Building a Resilient Straw House
25:00 Mythos vs. Scaffolding: Exponential Trajectory in Vulnerability Disclosures
30:41 Inbound vs. Outbound Controls: The Criticality of Egress Filtering
33:24 Open Source Egress: Leveraging Tools Like Crab Trap
35:07 The Strategy of Allergic Reactions: Calibrating for Fast Environments
39:45 AI Convergence: What Happens When Everyone Becomes a Developer?
41:40 Individual Contributors as Task Masters: Assigning Agentic Workloads
42:52 System 1 vs. System 2 Thinking in Cybersecurity Risk
44:11 The Organizational Efficiency Mirage: Why You Haven't Seen the AI Payoff
46:12 Reorg Patterns: Borrowing Scaled Leadership Architecture from the Military
Meet our Sponsors:
Hampton North: Premier US-based cybersecurity search firm. Build your security team: https://hamptonnorth.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal
Sysdig: The leader in AI-powered real-time cloud defense. Stop watching, start defending: https://www.sysdig.com/?utm_source=website&utm_medium=podcast&utm_campaign=aware_global_swsd_all&utm_content=zero-signal