Cyclone is a safe dialect of C. It has been designed from the ground up to prevent the buffer overflows, format string attacks, and memory management errors that are common in C programs, while retaining C's syntax and semantics. In this talk I will examine safety violations enabled by C's design, and show how Cyclone avoids them, without giving up C's hallmark control over low-level details such as data representation and memory management.I will spend some time focusing on the latter concern, and particularly our experience integrating two previously-proposed, safe memory-management mechanisms: statically-scoped regions and tracked pointers. We found that typing mechanisms can be combined to build useful memory-management abstractions, such as reference counted objects and arenas with dynamic lifetimes, and thus provide a safe, flexible basis. Our experience---porting C programs and building new applications for resource-constrained systems---confirms that experts can use these features to improve memory footprint and sometimes to improve throughput when used instead of, or in combination with, a conservative garbage collector. The Cyclone project is joint work with Greg Morrisett (Harvard), Dan Grossman (Washington), Trevor Jim (AT&T), Nikhil Swamy (Maryland), and other generous contributors.