Shows
The Lock & Key Lounge — An ArmorText Original PodcastPodcast #30 Faster Than HumanAnthropic's Project Glasswing used a restricted AI model to surface over ten thousand high-severity vulnerabilities across more than a thousand open-source projects. The 2026 Verizon DBIR tells us vulnerability exploitation just became the number one initial access vector for breaches—up 55% in a single year. Only 26% of critical vulnerabilities were fully remediated last year, down from 38% the year before. Median time to resolution: 43 days, up from 32. That was the pre-Glasswing baseline—before AI-scale discovery even entered the equation. Tim Chase, Program Director at MFG-ISAC, and Brian Geffert, VP of Cyber Defense at 3M and former Global CISO at KPMG International, join...
2026-06-0443 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast #29 The Structures That HoldBuilding Governance that Holds Because the Mission Demands It—Not Because Anyone Required ItWe have spent years in this industry talking about who belongs in the room—the board table, the executive suite, the security leadership track. What we have talked about far less is what it actually takes to get there, and whether the commitments organizations have made to broadening who leads are holding when the environment makes it easier to let them quietly lapse. Jameeka Green Aaron has operated at both levels simultaneously: as the CISO responsible for making security governance work...
2026-05-2050 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast #28 196 Countries, One CISOMost security leaders spend their careers building programs in the private sector—strong compensation, clear organizational lines, and at least some degree of control over the stakeholder map. Occasionally, someone makes a different call. Bjørn Watne left senior CISO roles at Telenor and Storebrand—two of Scandinavia's most recognized institutions—to take on one of the most complex security mandates on the planet: Global CISO of INTERPOL, the international law enforcement organization supporting 196 member nations in the fight against transnational crime. In this conversation with Navroop Mitter, Bjørn explores what that decision looked like up close—the mission th...
2026-05-0633 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast #27 Grid Resiliency: It Must Be A Bottoms Up ApproachWhen we talk about securing the electric grid, the conversation usually focuses on preventing outages or protecting the biggest, most visible assets like large power plants, transmission lines, and control centers. But operators know the harder problem is not knocking the grid down; it’s bringing it back up. Grid recovery depends on a fragile chain of smaller substations, control systems, communications links, and auxiliary components that must come online in a precise sequence. Increasingly, those overlooked components are now becoming the real targets. Rob Lee, co-founder and CEO of Dragos, joins Matt Calligan to explain how adv...
2026-04-2255 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast#26: Blackstarts and BlindspotsHow AI can turn air gaps into security gaps for ICS/SCADAFor decades, critical infrastructure companies have relied on organizational silos—air gaps between IT and operational technology—to ensure that enterprise disruptions do not cascade into the physical systems that keep the lights on. But those silos have been largely successful due to biology and physics: the scale of coordination and depth of expertise required to overwhelm them has been beyond human capability. That changed when we built something capable of assembling expert skill sets instantaneously. Patrick Miller, CEO of Ampyx Cyber, recovering regu...
2026-04-0854 min
Digital FortressEpisode 10: Matt Calligan of ArmorTextImagine that your company has been hacked and the bad guys are on your network. If you try to use that network to coordinate your response, the bad guys will be a step ahead of you. You need a secure way for the incident response team to communicate away from the hacked network. And if you work in a regulated industry, that secure way needs to be logged and audited by the regulators, so you can't just use encrypted chat like Signal. That's where ArmorText comes in.
2026-03-3150 min
The Lock & Key Lounge — An ArmorText Original PodcastThe Lock & Key Lounge - RIFF Edition 5In this RIFF Edition, Navroop and Matt work through seven stories spanning different sectors, threat actors, and tools—but one failure mode: the layer underneath your security stack is the actual attack surface. From the collapse of patching windows to Russian intelligence phishing Signal accounts, from an Iranian-linked group wiping 80,000 Stryker devices through Microsoft Intune to Proton Mail's billing layer unmasking an anonymous user, the throughline is consistent: the attack didn't beat the technology—it went around it.
2026-03-2634 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast#24 : The Board Has No PlaybookIn the days since the US-Israel strikes against Iran, business guidance has been pouring in from analyst firms, newsrooms, and government agencies—but roughly ninety percent of the coverage focuses on cyber-attack preparedness and supply chain disruption, with the board appearing in less than one percent of what we found. Today's conversation with Christopher Hetner—Senior Cyber Risk Advisor to the NACD, chair of the Cybersecurity, AI and Privacy committee at the Nasdaq Center for Board Excellence, and former Senior Cybersecurity Advisor to the Chair of the SEC—addresses the gap that no one else is addressing: what a prepar...
2026-03-1135 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast#23 When AI Becomes the Attack SurfaceToday’s topic is AI, and before you click off let me stop you because we’re coming at this topic from some new directions and with a definitive voice in this space. As organizations accelerate AI adoption across cloud platforms and security operations, they are also introducing new vulnerabilities, attack paths, and questions of control. Today’s conversation explores how AI is reshaping the cyber threat landscape and why issues of data and infrastructure sovereignty will define the next decade of security strategy.
2026-02-251h 04
The Lock & Key Lounge — An ArmorText Original PodcastThe Lock & Key Lounge — RIFF Edition 4In this RIFF, we connect recent headlines to the realities of communicating during a crisis.Headline 1: Verizon and Microsoft 365/Outlook outagesWhen your primary tools go dark, approvals stall, and coordination breaks down.Headline 2: Iran’s Starlink “kill switch” (with the Russia angle)Satellite isn’t a guaranteed “Plan B.” Geopolitics can shut it down.Headline 3: Identity verification and deepfakesWith synthetic personas rising, you must be able to trust who’s in the room when you pivot out-of-band.We map these stor...
2026-01-2925 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast#20 Secure Isn't the Same as Defensible Part 2What the Signal IG Report Teaches Enterprises About Communications RiskThis episode touches on a topic we initially covered in Episode #2 where discussed the Signal/Atlantic group chat with Marisa Darden of Benesch Law. The latest DoD IG report has brought the privacy-vs-compliance conflict back to the front page. So, today we’re going to translate those findings for the enterprise.
2026-01-1436 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast#20 Secure Isn’t the Same as Defensible Part 1What the Signal IG Report Teaches Enterprises About Communications RiskThis episode touches on a topic we initially covered in Episode #2 where discussed the Signal/Atlantic group chat with Marisa Darden of Benesch Law. The latest DoD IG report has brought the privacy-vs-compliance conflict back to the front page. So, today we’re going to translate those findings for the enterprise.
2025-12-1849 min
The Lock & Key Lounge — An ArmorText Original PodcastThe Lock & Key Lounge — RIFF Edition 3, LIVE in Saudi ArabiaJoin Navroop and his guest Crowell and Moring's Global Co Chair on Privacy and Cyber, Emma Wright live in Riyadh, Saudi Arabia as they continue their discussion over dinner and mock-tails right on the heels of their speaking session at Black Hat MEA 2025. This RIFF session is an unscripted discussion further unpacking how cybersecurity and resilience planning will be potentially impacted by the shifting geopolitics, threats of nation-state sabotage and sanctions. Navroop and Emma further unpack these ideas spanning the people, technical, and legal dimensions so cybersecurity SaaS providers—and their multinational customers—can design for both infrastructure sovereignty and d...
2025-12-0432 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast#18 The Humanity FirewallThe Benefits of Developing People Skills That Are Missing From Today’s Cybersecurity TeamsWhy tomorrow’s cybersecurity leaders will rise not through deeper technical mastery, but through empathy, translation, and human connection.In this episode of The Lock & Key Lounge, host Matt Calligan explores what he calls “The Humanity Firewall,” highlighting an often-overlooked truth in cybersecurity: the most critical skill gap isn’t technical, but human. From communication breakdowns—like CISOs feeling underfunded while boards believe budgets are sufficient—to the impact of soft skills on program effectiveness, Matt makes the case that tomorrow’s cybersecurity...
2025-11-1939 min
The Cybersecurity Defenders Podcast#266 - Preparing for Out-of-Band Communication in Incident Response with Navroop Mitter from ArmorTextOn this episode of The Cybersecurity Defenders Podcast we speak with Navroop Mitter, CEO of ArmorText, about the role of Out-of-Band (OOB) communication in cyber incident response.ArmorText Named a Leader in The Forrester Wave™: Secure Communications Solutions, Q3 2024Cyber Resilience: Incident Response Tabletop ExercisesNavroop Mitter is the CEO of ArmorText, a mobile security and privacy company based in the Washington, D.C. area.Before founding ArmorText, Navroop was a Senior Manager in Accenture’s North American Security Practice, where he built and led information security programs across multiple regions. He h...
2025-11-1230 min
The Lock & Key Lounge — An ArmorText Original PodcastThe Lock & Key Lounge - RIFF Edition 2From Signal getting squeezed by AWS to Microsoft Teams launching what some think as spyware, the stories this week all circle the same theme: trust, resilience, and sovereignty.
2025-11-0630 min
The Lock & Key Lounge — An ArmorText Original PodcastThe Lock & Key Lounge — RIFF Edition 1Welcome to The Lock & Key Lounge, debuting its first-ever RIFF Edition — a new, unscripted spin on security conversations hosted by Navroop Mitter, Founder and CEO of ArmorText, alongside Matt. In this episode, the duo riff through a series of stories and ideas that caught their attention — from Asahi’s production-halting cyberattack and Jen Easterly’s bold take on “The End of Cybersecurity,” to the alarming rise in text scams among young adults, China’s Phantom Taurus targeting telecoms, platform sovereignty challenges involving Microsoft and Proton, and the myth of SATCOM security. Recorded in true “out-of-band” fashion — Matt from home and Navroop fresh of...
2025-10-2230 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast#15 Ghosts in the CodebaseThe Nightmares Acquirers Often MissBehind the glossy surfaces of emerging tech and M&A deals lies a quiet but critical risk: compromised code, embedded threat actors, and the increasing industrialization of the cybercriminal ecosystem. In this episode, we’re diving into how tech built by startups, often developed with freelance labor and questionable security hygiene, is making its way into the infrastructure of critical industries through acquisition. We’ll talk about how cybercriminals are professionalizing—offering benefits packages and funding models that look suspiciously like venture capital—and how all of this combines with the rise...
2025-10-0835 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast#14 When Food Stops Moving The Cyber Risks We’re Still IgnoringIn today’s episode, we’re diving into the quiet crises already happening in the fields, warehouses, and distribution networks we depend on every day—and why so few in cybersecurity are paying attention.From the $400M breach you didn’t hear about, to the operational systems federal policies refuse to name, Kristin helps us connect the dots between food, resilience, and the future of critical infrastructure.
2025-09-241h 00
The Lock & Key Lounge — An ArmorText Original PodcastPodcast#13 Out-of-Band or Out of LuckCommunicating When You Can’t Trust the NetworkWhen adversaries can read the playbook—searching email, SharePoint, Teams/Slack, and even joining incident response calls—communication becomes the attack surface. That’s why the FBI now explicitly urges organizations to “plan to use out-of-band communications when normal channels like email and VoIP are compromised.” This episode is about preparedness: defining OOB comms, getting executive buy-in, and exercising realistic failovers so “if you can’t trust the network,” you can still run the response.We’re joined by Aubrey Wade to explore why secure out-of-ba...
2025-09-1033 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast#12 Investigating the Insider You Never HiredUnpacking Regulatory, Contractual, and Sanctions Challenges from DPRK-Affiliated SchemesToday, we’re zeroing in on a uniquely challenging scenario—what happens when the insider threat isn’t an employee at all, but rather a remote worker posing under false pretenses, potentially linked to adversarial nations like the DPRK. Landon Winkelvoss is here to help us understand how these investigations play out, what legal and operational pitfalls to avoid, and why secure, out-of-band communications become critical during these sensitive internal investigations.
2025-08-2739 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast #11 Legal FalloutNavigating Remote Worker DeceptionToday we’ll explore the legal landmines that organizations face when uncovering remote workers connected to adversarial states like the DPRK. We'll unpack critical questions about liability, disclosure obligations, compliance pitfalls, and sanctions risks—helping legal teams prepare to navigate the regulatory maze following remote worker deception discoveries.
2025-08-1345 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast #10 Forecasting Cyber ChaosHow Extreme Weather Disrupts Digital DefensesWhen the forecast calls for hurricanes, floods, wildfires or heat waves, most organizations are focused on physical risk. But what happens when cyber risk rides shotgun with those storms?In today’s episode, we’ll explore how extreme weather events don’t just disrupt operations—they create windows of opportunity for cyberattacks. Attackers are increasingly timing ransomware, DDoS attacks, and other campaigns to coincide with disasters, when resources and attention are focused elsewhere. Joining us to help make sense of this new world we live in, is Su...
2025-07-3035 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast #9 NGOs in the CrosshairsCyber Threats to Global Good and the Fight for Collective DefenseWhy nonprofit organizations are bigger cyber targets than most realize—and how the NGO-ISAC is helping defend the sector. NGOs face a cyber threat landscape that’s as serious—if not more —than private sector organizations. Partly because they often face those challenges with fewer resources, leaner teams, and less public awareness of their risk profiles. Today we’re joined by our friend Frank McGothigan, CISO of the Ford Foundation and VP of Member Services at the NGO-ISAC, we’ll explore what l...
2025-07-1636 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast #7 Part-2 Elevating Tabletop Exercises with RL LeaderTraditional tabletop exercises have a reputation for being, well, a little dry. Picture it—stale slides, scripted injects, and facilitators who may or may not be able to keep an audience engaged. But what if we could change that? What if tabletop exercises felt more like high-stakes crisis simulations, pulling participants into a dynamic, unfolding story rather than another box-checking exercise?That’s exactly what we’ll explore today with Erik and Brian) of RL Leaders—a team that has brought Hollywood-style immersive storytelling to national security exercises for years. Now, they’re bringing that expertise...
2025-07-0225 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast #7 Part 1 -Elevating Tabletop Exercises with RL LeaderTraditional tabletop exercises have a reputation for being, well, a little dry. Picture it—stale slides, scripted injects, and facilitators who may or may not be able to keep an audience engaged. But what if we could change that? What if tabletop exercises felt more like high-stakes crisis simulations, pulling participants into a dynamic, unfolding story rather than another box-checking exercise?That’s exactly what we’ll explore today with Erik and Brian) of RL Leaders—a team that has brought Hollywood-style immersive storytelling to national security exercises for years. Now, they’re bringing that exper...
2025-06-1830 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast #6 Threat Intelligence as a Team SportLessons from E-ISAC’s SuccessThreat intelligence sharing is a critical pillar of cybersecurity, yet not all programs are equally effective. The E-ISAC has distinguished itself as one of the most successful models for cross-industry collaboration, providing timely, actionable intelligence to its participants through various initiatives, including the widely successful Cybersecurity Risk Information Sharing Program (CRISP).So today we’re sitting down with Matt Duncan, to discuss why their approach to intelligence sharing has been so effective, We’ll explore the role of trust—in people, in platforms, and in the res...
2025-06-0429 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast #5 From Simulation to ApplicationHow Grid Exercises Shape Real-World ResilienceThe reliability of the electricity sector is increasingly tested by both physical and cyber threats. Large-scale exercises like GridEx have played a critical role in shaping how industry leaders, asset owners, and operators respond to crises. In this episode, we sit down with Jesse Sythe, Program Manager for GridEx at E-ISAC, to discuss the role of these exercises in enhancing industry-wide resilience.We’ll explore how GridEx has evolved over the years, the thought leadership that has emerged from key coordinating bodies like th...
2025-05-2131 min
The Lock & Key Lounge — An ArmorText Original PodcastPodcast #4 Collective Defense Under PressureNavigating Threat Intelligence Sharing in Uncertain TimesFirst, we’re joined again by Joe Slowik, formerly a Principal Critical Infrastructure Threat Intelligence Engineer at MITRE and now Director for cybersecurity alerting at Dataminr. Joe’s career spans the U.S. Navy, national labs, and private sector security teams—where he’s led efforts to track adversary behavior and build resilient cyber defense programs.He recently joined us for a previous episode of The Lock & Key Lounge, and today’s conversation picks up where that one left off—so if you haven’t already, be sure to che...
2025-05-081h 13