NerdWallet’s DK Koran on Building Proactive Security Through Red Teams episode artwork

EPISODE · Feb 25, 2025 · 29 MIN

NerdWallet’s DK Koran on Building Proactive Security Through Red Teams

from Ahead of the Breach · host Sprocket

From testing critical infrastructure and IoT devices to leading application security at NerdWallet, DK Koran, BISO, draws from his experience finding vulnerabilities in police cruisers and SCADA systems to discuss his transition to building and managing proactive security teams. On this episode of Ahead of the Breach, he and Casey explore the challenges of implementing security guardrails, running an internal red team, and testing AI systems for prompt injection vulnerabilities.  Through candid insights about his evolution from individual contributor to security leader, DK emphasizes the importance of understanding the 'why' behind security requirements and building strong relationships with development teams. Topics discussed: Exploring vulnerabilities in automotive systems and IOT devices, including experiences testing police cruisers and critical infrastructure for security weaknesses. Transitioning from offensive security testing to application security leadership, focusing on preventing recurring vulnerabilities through proactive measures. Implementing automated security guardrails and requirements across infrastructure and applications to prevent security issues before production deployment. Managing the evolution from individual contributor to security leader while maintaining technical relevance and fostering team growth. Building and scaling an internal red team program, including strategies for target selection and maintaining continuous value delivery. Testing AI systems and chatbots for prompt injection vulnerabilities, highlighting the resurgence of classic security issues in new technologies. Developing effective relationships with development teams by focusing on the “why” behind security requirements and showing empathy for business needs. Creating automated enforcement mechanisms through pre-commit hooks and pipeline controls to ensure security requirement compliance. Balancing team autonomy with security controls in a single-threaded team model while managing infrastructure security at scale. Supporting professional growth and certification pursuits while transitioning from technical roles to security leadership positions.

From testing critical infrastructure and IoT devices to leading application security at NerdWallet, DK Koran, BISO, draws from his experience finding vulnerabilities in police cruisers and SCADA systems to discuss his transition to building and managing proactive security teams. On this episode of Ahead of the Breach, he and Casey explore the challenges of implementing security guardrails, running an internal red team, and testing AI systems for prompt injection vulnerabilities.  Through candid insights about his evolution from individual contributor to security leader, DK emphasizes the importance of understanding the ’why’ behind security requirements and building strong relationships with development teams. Topics discussed: - Exploring vulnerabilities in automotive systems and IOT devices, including experiences testing police cruisers and critical infrastructure for security weaknesses. - Transitioning from offensive security testing to application security leadership, focusing on preventing recurring vulnerabilities through proactive measures. - Implementing automated security guardrails and requirements across infrastructure and applications to prevent security issues before production deployment. - Managing the evolution from individual contributor to security leader while maintaining technical relevance and fostering team growth. - Building and scaling an internal red team program, including strategies for target selection and maintaining continuous value delivery. - Testing AI systems and chatbots for prompt injection vulnerabilities, highlighting the resurgence of classic security issues in new technologies. - Developing effective relationships with development teams by focusing on the “why” behind security requirements and showing empathy for business needs. - Creating automated enforcement mechanisms through pre-commit hooks and pipeline controls to ensure security requirement compliance. - Balancing team autonomy with security controls in a single-threaded team model while managing infrastructure security at scale. - Supporting professional growth and certification pursuits while transitioning from technical roles to security leadership positions.

NOW PLAYING

NerdWallet’s DK Koran on Building Proactive Security Through Red Teams

0:00 29:16

No transcript for this episode yet

We transcribe on demand. Request one and we'll notify you when it's ready — usually under 10 minutes.

Frequently Asked Questions

How long is this episode of Ahead of the Breach?

This episode is 29 minutes long.

When was this Ahead of the Breach episode published?

This episode was published on February 25, 2025.

What is this episode about?

From testing critical infrastructure and IoT devices to leading application security at NerdWallet, DK Koran, BISO, draws from his experience finding vulnerabilities in police cruisers and SCADA systems to discuss his transition to building and...

Can I download this Ahead of the Breach episode?

Yes, you can download this episode by clicking the download button on the episode player, or subscribe to the podcast in your preferred podcast app for automatic downloads.
URL copied to clipboard!