Subscribe Share Full episode and show notes Encryption , Phishing , Threat Management Post Quantum Migration Struggles, AI Threats, and Modern Defenses – Bobby Ford, HD Moore, Eyal Benishti, Ramin Farassat, Daniel dos Santos – ESW #457 Interview with Daniel dos Santos: Post-Quantum Cryptography and the Risks No One Is Talking About Post-quantum cryptography (PQC) is quickly shifting from theory to inevitability. In this segment, Daniel dos Santos, VP of Research at Forescout, explains why PQC isn’t the most immediate threat today—but still demands early attention as standards solidify and timelines accelerate. The discussion highlights overlooked risks beyond encrypted traffic, including digital signatures, firmware integrity, and blockchain systems. Daniel also emphasizes the real challenge: migration. While client-side adoption is already underway, organizations face major hurdles identifying and upgrading servers, legac... May 4, 2026 This episode is sponsored by Full Segment Notes Interview with Daniel dos Santos: Post-Quantum Cryptography and the Risks No One Is Talking About Post-quantum cryptography (PQC) is quickly shifting from theory to inevitability. In this segment, Daniel dos Santos, VP of Research at Forescout, explains why PQC isn’t the most immediate threat today—but still demands early attention as standards solidify and timelines accelerate. The discussion highlights overlooked risks beyond encrypted traffic, including digital signatures, firmware integrity, and blockchain systems. Daniel also emphasizes the real challenge: migration. While client-side adoption is already underway, organizations face major hurdles identifying and upgrading servers, legacy systems, and unmanaged assets like IoT and OT. The bottom line: PQC migration is unavoidable. Starting early—especially with crypto inventory and planning—will make the transition far less painful. RSAC Interview: Multi-Channel Impersonation: Why Legacy Controls Are Failing As social engineering expands past just email to include text messages, chat apps, social platforms, and live video calls, traditional point solutions are struggling to keep up. In this segment, Bobby Ford explains how AI-powered impersonation and deepfake-enabled campaigns are exposing critical gaps in legacy defenses, and why organizations must evolve toward a unified social engineering defense platform that connects Digital Risk Management and Human Risk Management. He’ll outline what modern security programs need: real-time cross-channel visibility, behavior-driven detection, and strategies designed around how people actually communicate and make decisions today. Visit https://securityweekly.com/doppelrsac to learn how Doppel helps organizations defend against AI-powered impersonation, phishing, and multi-channel social engineering threats with a modern Human Risk Management approach. RSAC Interview: OT: Segmented Today, Breached Tomorrow As the worlds of IT and OT converge, traditional network segmentation falls short, exposing risks in the critical environments that keep energy flowing and shelves stocked. Conventional security tools fail to identify these gaps, with serious repercussions for operators. At runZero, we empower defenders to win by default through comprehensive discovery, rapid detection of critical exposures, and unique segmentation analysis that does not depend on span ports, credentials, or on-device agents. runZero provides real-time insights into even the most sensitive environments — quickly, safely, and securely. This segment is sponsored by runZero. Visit https://securityweekly.com/runzerorsac to learn more about them! RSAC Interview: Securing the Next Billion Users: Why the Browser is the Front Line for Agentic AI The enterprise is facing a fundamental shift: the next billion knowledge workers will not be human, they will be AI agents. While these agents offer exponential productivity, they operate at machine speed without human guardrails like MFA or skepticism, creating a massive security blind spot. Ramin Farassat discusses the "Agentic Paradox" and how a new approach to browser security is required to provide architectural immunity for the modern, hybrid workforce of both humans and agents. Learn more about how Menlo Security protects both humans and agents at https://securityweekly.com/menlorsac . RSAC Interview: The Threat Curve Has Reset: Why AI Made “Solved” Attacks Dangerous Again AI hasn’t just evolved cyberattacks—it has reset the threat curve entirely. New research shows that even “solved” problems like phishing and business email compromise are immature and dangerous again, with attackers using AI and autonomous agents to launch hyper-personalized, multi-channel attacks at scale. This session explores what Phishing 3.0 really means for security leaders—and why defending trust now requires a fundamentally new approach. This segment is sponsored by IRONSCALES. Visit https://securityweekly.com/IRONSCALESrsac to learn more about them! Guests Bobby Ford Chief Strategy and Experience Officer at Doppel Bobby Ford is the Chief Strategy and Experience Officer at Doppel, an AI-native social engineering defense platform backed by Bessemer Venture Partners and a16z. A globally recognized cybersecurity leader, Bobby has nearly 30 years of experience and has served as CISO for Abbott Laboratories, Unilever, Exelis, and Hewlett Packard Enterprise. Since joining Doppel in July, Bobby has played a pivotal role in shaping the company’s strategy during a defining period of expansion and innovation. HD Moore CEO and Founder at runZero HD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability disclosure. HD serves as the CEO and founder of runZero, which provides a single source of truth for exposure management across your total attack surface. Delivering in-depth visibility into every asset and exposure, runZero helps you mitigate risks faster, meet compliance requirements, and ensure you continuously discover critical insights that others miss — including unknown and unmanageable devices and elusive exposures that evade traditional tools. Prior to founding runZero, HD held leadership positions at Atredis Partners, Rapid7, and BreakingPoint. HD has also been a frequent speaker at industry events such as Black Hat and DEF CON. HD’s professional journey began with exploring telephone networks, developing exploits for the Department of Defense, and hacking into financial institution networks. Eyal Benishti CEO and Founder at IRONSCALES @eyalbd1#9132 Eyal Benishti is the CEO and Founder of IRONSCALES, pioneering the world’s first self-learning email security solution to combat advanced phishing, BEC, and account takeover attacks. With over 15 years in the software industry, Eyal has held roles as a security researcher and malware analyst at Radware and a technical lead for information security solutions at Imperva. He also held R&D positions at Comverse and Amdocs. Eyal earned his bachelor’s degree in computer science and mathematics from Bar-Ilan University in Israel and has been passionate about cybersecurity from a young age. Ramin Farassat Chief Product Officer at Menlo Security Ramin Farassat is the Chief Product Officer at Menlo Security, where he leads the company’s product strategy, management, and design. He is an Executive Product Leader with a proven track record of scaling SaaS platforms, driving Al-led innovation, and delivering sustained enterprise growth. Ramin bridges boardroom strategy with day-to-day execution – aligning product direction with market opportunity, investor priorities, and operational excellence. Daniel dos Santos Vice President of Research at ForeScout Daniel dos Santos is the Head of Security Research at Forescout’s Vedere Labs, where he leads a team of researchers that identifies new vulnerabilities and monitors active threats. He holds a PhD in computer science, has published over 30 journal and conference papers on cybersecurity and has spoken at conferences such as Black Hat, Hack In The Box, and x33fcon. Hosts Adrian Sanabria @sawaba https://adriansanabria.com Doug White https://securedigitallife.com/ Joshua Marpet https://www.cyturus.com Matt Alderman Sean Metcalf https://www.trustedsec.com Tyler Shields https://www.90degree.vc/ Show More Stay in the Know, No Smoke and Mirrors – Join Our Newsletter Get expert insights and technical breakdowns straight to your inbox. Join Now Related Segments AI/ML The Guardrails are Gone: The Onus for AI Security Is On the Enterprise – Marc Manzano – RSAC26 #3 Container security Post-Quantum Compliance Starts in Your Containers, and Sooner Than You Think – George Manuelian – RSAC26 #6 Asset Management Say Easy, Do Hard – Crypto-Agility – BSW #440 Related Content Network Security Microsoft to block legacy TLS connections for POP and IMAP in Exchange Online MSSP The 2026 MSSP Blueprint: Navigating the Quantum Countdown Encryption Now’s the time to get working on post-quantum cryptography You can skip this ad in 5 seconds