Ahead of the Breach

Most security teams test their detections once a year. Gary Lobermier, Lead Adversarial Security Engineer at Northwestern Mutual, built something different: a custom automation platform that executes hundreds of MITRE ATT&CK techniques daily across Windows, macOS, Linux, and AWS, giving his team real-time signal on whether their defenses actually hold. In this episode, Gary breaks down why off-the-shelf purple team tools fall short at enterprise scale, the procedure-level gap nobody talks about in the MITRE ATT&CK framework, and what EDR vendors don't advertise about their own coverage limits. He also shares how his non-traditional path (from network admin to red teamer) shaped the way he thinks about adversary emulation and detection engineering. If you're building or scaling an offensive security program and want to know what continuous validation actually looks like in practice, this one's worth your time.

What happens when you remove timeboxes, rigid scope, and checklist-driven testing from offensive security? In this episode of Ahead of the Breach, we sit down with Andy Grant to explore what it looks like to build an intuition-driven offensive security program, one designed to let skilled engineers follow the signal instead of the schedule. Drawing from more than a decade in consulting and product security, Andy shares how traditional two-week pentests often cut off discovery just as understanding begins to form. His solution: hire exceptional hackers, give them space to explore, and focus on the most impactful risks rather than superficial coverage metrics.

What makes a vulnerability truly shocking is simplicity, once you notice the assumption everyone else missed. In this episode, Daniel shares a memorable SAML/SSO privilege escalation from a real engagement, then zooms out into what it takes to grow as a penetration tester: handling uncertainty, collaborating through roadblocks, and building the fundamentals that make creative problem-solving possible. The conversation blends war stories with practical guidance for both aspiring testers and security leaders. We cover everything from dependency risk and real-world scoping realities to why thinking like an attacker belongs early in the SDLC, not at the end.

What does effective threat hunting actually look like inside large, complex environments? In this episode of Ahead of the Breach, we sit down with Matthew Winters of T. Rowe Price to unpack what it means to hunt threats at scale and why the hardest part isn’t finding suspicious behavior, but deciding where to look in the first place. Matthew brings a practitioner’s perspective shaped by years in SOC operations, incident response, and enterprise environments. The conversation moves well beyond tools and techniques, focusing instead on mindset, prioritization, and how defenders can think more strategically about disrupting attackers.

What does navigating risk really look like at global scale? In this episode of Ahead of the Breach, host Casey Cammilleri sits down with Ryan Hays from Citi to explore how security teams operate inside one of the world’s largest financial institutions. Ryan shares real-world perspective on managing risk, building resilience, and making security decisions in environments defined by complexity, regulation, and constant threat pressure. From aligning security efforts with business priorities to adapting defenses across massive, interconnected systems, this conversation offers practical insight into what it takes to protect critical financial infrastructure at scale.

In this episode of Ahead of the Breach, host Casey Cammilleri sits down with Tori Westerhoff, a member of Microsoft’s AI Red Team, to explore what offensive security looks like in the age of large language models and AI-driven systems. Tori breaks down how AI red teaming differs from traditional security testing, what it takes to identify real-world abuse cases in generative models, and why understanding adversarial thinking is critical as AI becomes embedded in modern products. The conversation dives into model misuse, prompt manipulation, system-level risks, and how red teams collaborate with engineers to build safer AI from the ground up. Whether you’re a penetration tester, security engineer, or just trying to understand how AI systems are tested before they reach production, this episode offers a rare look inside one of the most cutting-edge offensive security roles in the industry.

In this episode of Ahead of the Breach, host Casey Cammilleri sits down with Nikita Belikov of the Nevada Air National Guard to explore what cybersecurity looks like inside a military and critical-infrastructure environment. Nikita shares insight into defending high-stakes systems where availability, resilience, and mission readiness are non-negotiable. The conversation covers how military cyber teams think about risk, how defensive priorities differ from traditional enterprise security, and what it takes to operate effectively in an environment shaped by real-world threats and strict operational constraints. From translating security strategy into actionable defense to preparing for incidents where failure isn’t an option, this episode offers a grounded look at cyber defense from the perspective of someone protecting systems that truly matter.

Live from Black Hat 2025, host Casey Cammalleri sits down with Seth Arnoff, a cybersecurity engineer at the John D. and Catherine T. MacArthur Foundation, to talk about what it really looks like to run security at a mission-driven organization with a lean team. Seth walks through the day-to-day reality—patching, vuln management, and log triage—alongside bigger culture-forward initiatives like going passwordless with Windows Hello and driving adoption through demos, lunch-and-learns, and intentional communication. From there, the conversation shifts into proactive security: why MacArthur moved from point-in-time assessments to a continuous penetration testing model, how “always-on” testing reduces operational drag, and why verified remediation matters more than one-and-done reports. They also dig into the security side of the AI boom on the conference floor—how to build guardrails when people are going to use AI tools anyway, what third-party risk looks like in an LLM world, and how to monitor tool usage without becoming invasive. Seth shares practical advice for reporting security to leadership (hint: fewer scary vanity metrics, more measurable objectives), how they’re maturing vendor management with repeatable processes and SOC 2 reviews, and what he thinks the industry still isn’t talking about enough: quantum computing.  

Live from Black Hat USA 2025, host Casey Cammilleri sat down with cyber threat-intelligence researcher Megan Squire to break down one of the fastest-growing and most misunderstood pillars of modern cybercrime: infostealers. Megan, a computer-science PhD and seasoned threat-tracking expert, walks us through how infostealers have evolved into a massive underground economy powering identity theft, fraud, and initial-access brokering. She unpacks what happens the moment a machine is infected, why attackers covet browser autofill data and screenshots, and how terabytes of stolen logs expose painful patterns in real victim behavior. Casey and Megan dig into everything from synthetic log generation to the flood of fake and duplicated logs polluting marketplaces — and why gaming mods and “quick download” culture are driving infections at scale. Megan also shares how red teams can responsibly leverage infostealer artifacts for richer attack paths, sharper assessments, and a much clearer picture of how users actually think and behave. If you want an unfiltered look at how infostealers are reshaping the threat landscape — and what organizations should be doing right now to stay ahead — this is an episode you won’t want to miss.

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses what makes hybrid pentesting so powerful.  Would you like to have Casey answer one of your questions in a future episode? Email [email protected] with your question and a short summary of why you're looking for an answer! Get in touch with your host, Casey Cammilleri:  LinkedIn  Listen to more episodes:  Apple  Spotify YouTube 

What if you could predict major security vulnerabilities weeks before they're publicly disclosed? Andrew Morris, Founder & Chief Architect at GreyNoise Intelligence, built a global sensor network that does exactly that by tracking internet-wide scanning patterns that spike 3-4 weeks before critical vulnerabilities become public knowledge. This transforms the chaotic noise of billions of daily internet scans into precise threat intelligence that helps organizations focus on real attacks. Andrew walks Casey through how he created what he calls the "opposite of Shodan." Instead of cataloging what's scannable on the internet, GreyNoise tracks who's doing the scanning and why. The technical challenge required learning new programming languages and building infrastructure across hostile network environments globally, but the result is a system that functions like noise-canceling headphones for cybersecurity.  Topics discussed: The methodology behind building internet-wide sensor networks across multiple cloud providers and regional hosting environments. How network fingerprinting techniques using MTU overhead, TLS signatures, and protocol implementations reveal the true origins of scanning traffic through VPNs and proxies. The correlation between massive scanning spikes for specific software or hardware and vulnerability disclosures that follow 3-4 weeks later. Why embedded systems and edge devices represent the most vulnerable attack surface on the internet. Technical challenges of processing and indexing billions of daily network sessions while applying pattern matching and classification rules at line rate performance. The operational realities of maintaining distributed infrastructure in hostile network environments. How threat actors use geographic and software-specific targeting patterns that become visible only through comprehensive internet-wide monitoring capabilities. The discovery of zero day vulnerabilities through automated classification pipelines that identify previously unknown attack patterns. Why traditional threat intelligence approaches fail to distinguish between legitimate research scanning and malicious reconnaissance activities targeting organizations. Strategic approaches to handling sensor network detection and fingerprinting by adversaries, including infrastructure rotation and traffic obfuscation techniques. Listen to more episodes:  Apple  Spotify  YouTube Website

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses how expert-driven offensive security provides comprehensive risk insight.  Would you like to have Casey answer one of your questions in a future episode? Email [email protected] with your question and a short summary of why you're looking for an answer! Get in touch with your host, Casey Cammilleri:  LinkedIn  Listen to more episodes:  Apple  Spotify YouTube 

Modern attackers have abandoned obvious indicators and now mimic legitimate engineering activities so closely that traditional detection methods fail. Roger Allen, Sr. Director, Global Head of Detection & Response at Sprinklr, has watched this evolution firsthand. He gives Casey the rundown of how his team's response involves outcome-based detection strategies that focus on what attackers accomplish rather than the specific actions they take to get there. But detection is only part of the equation. From transforming UBA alerts into contextualized "events of interest" that correlate across the MITRE framework to implementing breach response scenarios that consider cloud-native production implications, Roger shares tactical approaches that bridge the gap between red team thinking and blue team operations. Topics discussed: Why focusing on what attackers accomplish rather than individual actions creates more effective monitoring as threat actors become increasingly sophisticated in mimicking legitimate engineering activities. Filling the critical 10-20% gap in security coverage through business context enrichment and custom detection logic that vendors can't provide. Converting traditional user behavior analytics from noise-generating alerts into correlated "events of interest" that map to MITRE kill chain stages for dynamic alert prioritization. Systematic approaches to removing unnecessary tools like Netcat and Telnet while creating contextual detections for essential utilities. Building tier-based response frameworks that account for production disruption risks when containing threats in environments where simply isolating hosts could shut down customer-facing services. Implementing scenario-based training that goes beyond tabletop exercises to create muscle memory for security operations teams responding to active compromises. Why having practitioners in both development and leadership chains at security vendors correlates with product effectiveness and company growth trajectories. How to distinguish between genuine artificial intelligence capabilities and rebranded automation when evaluating security tools, plus practical applications for analyst efficiency without replacement Listen to more episodes:  Apple  Spotify  YouTube Website

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses why continuous pentesting is a must for dynamic environments.  Would you like to have Casey answer one of your questions in a future episode? Email [email protected] with your question and a short summary of why you're looking for an answer!   Get in touch with your host, Casey Cammilleri:  LinkedIn  Listen to more episodes:  Apple  Spotify

What if you could predict which vulnerabilities threat actors will weaponize months before CISA adds them to their Known Exploited Vulnerabilities list? Andrew Grealy, Head of Armis Labs, has built exactly that capability, providing organizations with threat intelligence that arrives 3-12 months ahead of traditional indicators. His "left of boom" approach changes how security teams prioritize patches and allocate resources. But early warning is just the beginning, Andrew tells Casey. From mom and pop honeypots that catch nation-state actors to AI-powered supply chain attacks that slip malicious packages into enterprise applications, Andrew details how attackers are weaponizing the same AI tools that security teams use for defense. He also offers insights on the "triple threat" evolution of ransomware and practical frameworks for securing AI-generated code. Topics discussed: Building CVE early warning systems that identify threat actor targets 56% faster than CISA's Known Exploited Vulnerabilities list. Implementing "left of boom" intelligence collection through honeypots in mom and pop infrastructure. Moving beyond CVSS scores as risk indicators to prioritize patches based on actual threat actor behavior and CWE patterns. Deploying strategic security controls like WAFs to eliminate 28% of ESX server console attacks, reducing patch urgency and operational disruption. Understanding the "triple threat" ransomware evolution that combines traditional encryption with data exfiltration and AI-powered internal investigation for multiple revenue streams. Combating AI-accelerated supply chain attacks where 54% of coding assistants automatically introduce vulnerabilities into generated code. Preventing typosquatting attacks where threat actors create packages with similar name that AI tools recommend to infiltrate internal applications. Establishing approved package repositories with exact version matching and implementing coding checks throughout the development pipeline as countermeasures. Evaluating LLMs for security applications by testing with known answers first, then gradually increasing complexity to validate capabilities before deployment. Listen to more episodes:  Apple  Spotify  YouTube Website

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses how to build an offensive security program from scratch.  Would you like to have Casey answer one of your questions in a future episode? Email [email protected] with your question and a short summary of why you're looking for an answer! Get in touch with your host, Casey Cammilleri:  LinkedIn  Listen to more episodes:  Apple  Spotify YouTube

What happens when a covert entry specialist turns a Super Bowl hotel room into a rooftop breach point? Brent White, Sr. Principal Security Consultant & Covert Entry Specialist at Dark Wolf Solutions, offers Casey his approach to physical security testing that goes far beyond lock picking, rooted in understanding human psychology and building systematic infiltration strategies. Brent shares how his team compressed an entire backpack of penetration tools into a concealed-carry belt system that even works with swimming trunks. But the real breakthrough isn't in the gear — it's in his multi-day reconnaissance methodology that builds familiarity before attempting entry. Brent's "Post It flag" system transforms traditional physical assessments by having clients mark objects they're comfortable losing, leading to scenarios where his team wheels office chairs and $500 juice machines through bank lobbies while security guards helpfully watch their haul. This approach moves beyond simple "can you get in" to demonstrating real-world impact and exfiltration capabilities.  Topics discussed: Building familiarity through multi-day reconnaissance that establishes psychological comfort before entry attempts rather than relying on cold tailgating approaches. Transitioning from backpack-based toolkits to concealed carry belt systems that house bypass tools for major door configurations, American padlock bypasses, and dimple lock rakes. Mapping regional security culture patterns where Northeast locations show higher vigilance compared to South and Midwest willingness to help strangers. Using Proxmark readers and modified Flipper Zero devices hidden in Starbucks cups to capture badge credentials during natural conversations. Implementing hybrid covert-to-overt assessment methodology that escalates until detection then transitions to educational walkthroughs with clients. Developing systematic drone security evaluation frameworks that assess radio frequencies, web interfaces, payload access, and MAVLink flight data to identify pilot locations. Creating quick-change disguise systems using wig colors matched to facial hair combined with tactical clothing featuring concealed tool pockets. Establishing post-engagement flag collection strategies where clients mark acceptable-loss items, enabling teams to wheel office chairs and expensive equipment through lobbies as proof of exfiltration capability. Understanding how sUAS government standards are forcing commercial drone manufacturers to implement stronger security measures. Navigating destructive versus non-destructive entry protocols when clients approve hinge removal and window manipulation while avoiding classified room decertification that triggers 24/7 guard requirements. Listen to more episodes:  Apple  Spotify  YouTube Website

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey covers what you should ask before choosing an offensive security program.  Would you like to have Casey answer one of your questions in a future episode? Email [email protected] with your question and a short summary of why you're looking for an answer! Get in touch with your host, Casey Cammilleri:  LinkedIn  Listen to more episodes:  Apple  Spotify YouTube 

After 21 years in cybersecurity, Phillip Wylie, Penetration Tester & Podcast Host at The Phillip Wylie Show, has learned how a critical flaw in how most organizations approach security testing when a "low-risk" vulnerability suddenly became exploitable between scheduled assessments. He shares this knowledge with Casey, and more, including why annual penetration testing creates dangerous gaps that threat actors are increasingly exploiting through non-traditional attack vectors like IoT devices.  Phillip's dual perspective as both a penetration tester and IoT security professional provides unique insights into how threat actors are adapting their tactics. As traditional endpoints become harder to exploit, attackers are pivoting to security cameras, printers, and other connected devices that often maintain default credentials and poor security hygiene. His systematic approach to community building and client relationships demonstrates how technical expertise must be balanced with communication skills and ego management to create lasting security improvements.   Topics discussed: The critical security gaps created by annual penetration testing schedules, demonstrated through real-world examples of vulnerabilities that became exploitable between scheduled assessments. How threat actors are pivoting to IoT devices as primary attack vectors when traditional IT endpoints become more difficult to exploit. Essential IoT security controls including credential management, firmware updates, network segmentation, and protocol security to prevent corporate network compromise through connected devices. The evolution of Windows security from insecure-by-default configurations in NT4.0 to locked-down modern systems, and how this shift has changed offensive security methodologies. Advanced penetration testing reporting strategies that build client trust through adequate documentation, proof-of-concept demonstrations, and balanced presentations of security posture. Why focusing on data discovery through network shares and file systems often provides more business-relevant findings than achieving elevated privileges like domain admin. Practical approaches to building cybersecurity communities through combined virtual and in-person engagement, including structured meetups and CTF-based learning sessions. The importance of highlighting positive security controls during assessments to provide balanced risk perspectives and maintain productive client relationships. Strategies for staying current with emerging technologies including AI adoption to avoid becoming obsolete in rapidly evolving cybersecurity landscapes. Listen to more episodes:  Apple  Spotify  YouTube Website

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses the tools needed for an offensive security stack.  Would you like to have Casey answer one of your questions in a future episode? Email [email protected] with your question and a short summary of why you're looking for an answer!  Listen to more episodes:  Apple  Spotify YouTube

Many cybersecurity programs fail because they prioritize tools over understanding what they're protecting. Brett Price, Lead Cybersecurity Consultant & vCISO at AccessIT Group, brings decades of experience to explain why data discovery and governance create more security value than any technology purchase. His approach starts with mapping critical data to business functions before implementing solutions — a methodology that has helped organizations discover everything from unsecured credit card data in S3 buckets to massive compliance gaps that traditional scanners missed entirely. Drawing from his experience as a reformed QSA and virtual CISO across multiple industries, Brett tells Casey how successful security leaders build programs around culture and relationships rather than technical controls. His framework transforms overwhelming vulnerability backlogs into focused remediation strategies by prioritizing currently exploited vulnerabilities over theoretical risks, enabling resource-constrained organizations to eliminate real attack vectors first. Topics discussed: The evolution of cybersecurity leadership from Steve Katz's appointment as Citigroup's first CSO in 1995 to today's business-aligned security executives. Why organizations fail by throwing tools at security problems without first understanding their critical data locations and business functions. Building incident response plans that include communication trees, out-of-band protocols, and muscle memory development through tabletop exercises. DSPM strategies for discovering, classifying, and protecting crown jewel data across cloud and on-premises environments. Vulnerability prioritization methodologies that focus on currently exploited vulnerabilities rather than overwhelming teams with thousands of theoretical risks. Creating security cultures through trust-building and gradual implementation rather than forcing dramatic changes that trigger organizational resistance. The limitations of compliance frameworks like PCI DSS and HIPAA that create false security by protecting only specific data types while missing broader organizational risks. Essential security metrics for boardroom reporting, including mean time to detect, mean time to resolve, and vulnerability burn-down rates. How healthcare and manufacturing industries struggle with cybersecurity implementation due to budget constraints and rapidly expanding attack surfaces. Building holistic security programs using frameworks like NIST CSF and CIS Controls that address governance, technical controls, and business alignment simultaneously. Get in touch with Brett: [email protected] Listen to more episodes:  Apple  Spotify  YouTube Website  

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses 5 steps to building a modern pentesting program.  Would you like to have Casey answer one of your questions in a future episode? Email [email protected] with your question and a short summary of why you're looking for an answer! Get in touch with your host, Casey Cammilleri:  LinkedIn  Listen to more episodes:  Apple  Spotify YouTube 

Most security architecture programs struggle to demonstrate their value because they focus on creating diagrams rather than driving implementation. Parthasarathi Chakraborty, Former Deputy CISO at Natixis CIB, shares his approach to transforming security architecture from theoretical frameworks to measurable business impact.  With experience across Fortune 15 banks to mid-market companies, Partha gives Casey a peek into how his "architectural assurance function" bridges the critical gap between security requirements and engineering implementation, reducing incidents, accelerating deployment times, and proving security's ROI to business leaders. Topics discussed: Why many organizations have security architecture in name only, with PowerPoint diagrams and Word documents that provide little practical guidance to engineering teams. How to turn high-level security principles into detailed engineering specifications that developers can actually implement. Tracking how architecture maturity reduces time-to-market for applications, minimizes configuration drift, and decreases security incidents. Building a specialized team with both technical depth and breadth to validate whether engineering implementations adhere to security requirements. Incorporating compliance standards, threat data, and security operations insights to create risk-based architectural requirements that address real-world threats. Codifying security blueprint requirements into cloud security posture management systems to detect and remediate drift automatically. Ensuring security requirements remain simple enough for teams to adopt while still addressing critical risks. Navigating initial resistance through clear communication, demonstrating value, and creating structured roles and responsibilities. Creating feedback loops between security architecture, engineering teams, and assurance functions to continuously improve both requirements and implementation. Evolving from reactive patching toward proactive security design that prevents vulnerabilities from reaching production. Listen to more episodes:  Apple  Spotify  YouTube Website

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses the most common myths around continuous pentesting.  Would you like to have Casey answer one of your questions in a future episode? Email [email protected] with your question and a short summary of why you're looking for an answer!   Listen to more episodes:  Apple  Spotify YouTube 

When Tim Silverline received a pentest report that was essentially a clean bill of health with zero evidence of actual testing, he knew his security program had a problem. As Vice President of Security at Rocket Lawyer, this experience sparked a complete transformation from annual security theater to continuous, evidence-based testing that provides actionable intelligence — with Sprocket! In his chat with Casey, recorded at RSA 2025, Tim shares hard-earned insights about building effective security programs in established organizations while navigating the complexities of rapid AI development and multi-compliance requirements.    Tim touches on how static analysis tools create more noise than value, explaining how packages flagged as critical vulnerabilities often aren't even loaded into memory or used in exploitable ways. His solution involves runtime analysis with eBPF sensors that monitor actual execution rather than theoretical package inventories. He also discusses the unique challenges of implementing SOC 2 controls in an 18-year-old company versus a startup, emphasizing the critical importance of executive alignment before attempting cultural transformation.    Topics discussed: The limitations of traditional annual penetration testing and why continuous testing provides better coverage for organizations with rapid deployment cycles. How runtime analysis with eBPF sensors eliminates false positives by monitoring actual code execution rather than static package inventories that generate noise. The strategic approach to managing SOC 2 compliance implementation in established organizations, focusing on executive alignment before attempting cultural transformation. Advanced attack surface management techniques that extend beyond hosted applications to include third-party platforms and exposed API keys. The challenge of staying ahead of AI development from a security perspective, particularly as interconnected AI models create complex data flow patterns difficult to audit. Why clean penetration test reports with no evidence of actual testing indicate vendor problems rather than strong security posture. The evolution from static vulnerability scanning to context-aware prioritization based on actual exploitability and system exposure. Strategies for integrating security findings into development workflows through two-way JIRA integration and regular cross-team security reviews. The growing complexity of non-human identity management as DevOps practices increase the proliferation of API keys and service accounts across cloud environments. How the NextJS vulnerability response demonstrates the value of runtime monitoring for rapidly identifying which instances actually use vulnerable middleware configurations. Listen to more episodes:  Apple  Spotify  YouTube Website

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses how to prepare for the future of pentesting.  Would you like to have Casey answer one of your questions in a future episode? Email [email protected] with your question and a short summary of why you're looking for an answer! Get in touch with your host, Casey Cammilleri:  LinkedIn  X Website  Listen to more episodes:  Apple  Spotify YouTube 

The shift from annual compliance-driven security testing to continuous validation represents one of the most critical evolutions in modern cybersecurity practice. Vivek Menon, CISO & Head of Data at Digital Turbine, discovered this firsthand when his team's focus on modern cloud applications nearly missed a critical legacy system that could have triggered cascading failures across their entire infrastructure. On this episode of Ahead of the Breach, Vivek tells Casey how quarterly penetration testing aligned with engineering roadmaps delivers superior security outcomes while building rather than eroding trust with development teams. Vivek has developed frameworks that balance thorough security validation with business agility. His approach to shadow AI governance, stakeholder communication strategies, and leveraging AI simulation for previously impossible attack scenarios offers practical guidance for security leaders navigating today's rapid development cycles while maintaining robust defensive postures. Topics discussed: Quarterly penetration testing frameworks that align with product roadmaps and engineering milestones rather than annual compliance cycles to catch vulnerabilities as they're introduced. The critical importance of comprehensive asset discovery, particularly legacy systems that may be interconnected with modern cloud infrastructure in ways that create cascading vulnerability risks. Building trust equations with engineering teams through consistent, non-disruptive testing practices that demonstrate security as an enabler rather than a blocker to development velocity. Shadow AI governance challenges as employees enthusiastically adopt tools like Zapier agents without proper controls, creating new data exposure vectors that require immediate attention. Risk register development using business risk alignment rather than treating all systems equally, focusing testing resources on revenue-generating and business-critical components. AI-driven attack simulation capabilities that make previously cost-prohibitive or technically impossible testing scenarios accessible for better adversary understanding. Stakeholder communication strategies that tailor security messaging across three distinct audiences: technical implementers, middle management, and executive leadership with board reporting requirements. Leveraging AI agents for frictionless continuous testing that reduces visible pain points for engineering organizations while maintaining security thoroughness. Integration strategies for penetration testing platforms with existing productivity tools like Jira, Confluence, and Slack to streamline vulnerability management workflows. Non-traditional hiring approaches for security teams, particularly recruiting from MLOps and data science backgrounds to address machine learning security gaps that traditional cybersecurity professionals often miss. Listen to more episodes:  Apple  Spotify  YouTube Website

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses what is broken about legacy pentesting.  Would you like to have Casey answer one of your questions in a future episode? Email [email protected] with your question and a short summary of why you're looking for an answer!

From a casual gaming project at NASA's JPL to powering 700+ cybersecurity vendors, WhoisXML API has become the foundation of modern threat intelligence. In this episode of Ahead of the Breach, recorded at RSA Conference 2025, Casey sits down with Vice President Alex Ronquillo to explore how domain registration data has become critical infrastructure for security tools and how penetration testers can leverage this intelligence in their work. Alex takes us behind the scenes of the massive data collection operation that tracks billions of domain events monthly, explaining how even the most heavily reviewed security tools rely on WhoisXML API to identify potentially malicious domains based on registration patterns. He also reveals surprising research showing that 90% of subdomains in security databases don't actually exist — they're artifacts of security scanning against wildcard DNS configurations that respond to any query.  Topics discussed: Research showing that domains created within the last 30 days are significantly more likely to be malicious, forcing penetration testers to deliberately "age" domains to avoid detection by security tools that automatically flag new registrations. How security professionals can use reverse WHOIS lookups based on email addresses, organization names, and nameservers to discover hidden attack surfaces and verify domain ownership during testing. Rather than performing millions of individual WHOIS queries, major security platforms license structured data dumps to perform local lookups for domain intelligence at massive scale. Since GDPR implementation in 2018, approximately 80-90% of domains have non-public registrant information, forcing security teams to rely on alternative signals like SSL certificates and hosting infrastructure. WhoisXML API's partnership network with cybersecurity vendors creates a collaborative intelligence platform that tracks malicious domains and infrastructure across the internet ecosystem. How security tools inadvertently pollute passive DNS databases by triggering wildcard DNS records, creating the illusion that millions of non-existent subdomains are real assets. How the Registration Data Access Protocol is modernizing domain registration data access while preserving the critical information that security tools need for threat intelligence. How companies like Doppel use WhoisXML API's data to identify phishing domains targeting their customers within minutes of registration, enabling rapid takedown before damage occurs. How investment analysts and technology companies use WHOIS and hosting data to track market share and adoption patterns across cloud providers and services. Listen to more episodes:  Apple  Spotify 

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today’s episode, Casey addresses “Why does continuous penetration testing outperform bug bounties?” Would you like to have Casey answer one of your questions in a future episode? Email [email protected] with your question and a short summary of why you’re looking for an answer!

How do you effectively measure security operations in a world where vulnerabilities never stop coming? Cody Florek, Director of Information Security Operations at Sentry, brings a refreshing approach that combines agile methodology with practical security execution. In this episode of Ahead of the Breach, he tells Casey how his journey from computer repair technician to security leader shaped his perspective on measuring capacity, building AppSec programs that don't antagonize developers, and communicating security risk effectively to leadership. Cody explains why many AppSec programs fail by overwhelming development teams with vulnerability findings without context, and offers a better approach using DREAD modeling to prioritize what truly matters. He also reveals his strategies for conducting effective tabletop exercises that uncover critical security blind spots most organizations miss. Whether you're running security operations or building an application security program, Cody's practical insights on balancing project work with operational demands will transform how you measure security effectiveness.   Topics discussed: Measuring security operations capacity with agile methodology, using story points to quantify both project work and operational demands, with each day representing two points to realistically plan team bandwidth. The evolution of application security implementation from vulnerability scanning to strategic DREAD modeling that helps prioritize findings based on context, exploitability, and real-world impact rather than overwhelming developers. Strategic approaches to communicating security risk to leadership by translating technical issues into business impact while leveraging technical background to accurately assess vulnerability context. Implementing structured vulnerability prioritization frameworks that combine CVSS scores with business context, exploitability analysis, and threat intelligence to focus remediation on what truly matters. Building effective partnerships with development teams by avoiding the "throw it over the fence" mentality and instead providing context-driven vulnerability assessments with prioritized remediation plans. Practical shift-left security implementation strategies that recognize organizational maturity levels and gradually empower developers after cleaning up existing vulnerabilities. Designing and conducting effective tabletop exercises that uncover critical security blind spots, including encouraging reluctant participants to actively engage in scenario planning. Holistic security metrics frameworks that balance operational effectiveness, program impact measurement, and threat intelligence to provide comprehensive security oversight. Creating comprehensive security coverage using a "Plinko game" metaphor to ensure multiple defensive layers prevent attacks from finding direct paths through defenses. The importance of curiosity-driven incident analysis that goes beyond immediate fixes to understand root causes and systemic improvements needed for long-term security posture enhancement. Listen to more episodes:  Apple  Spotify  YouTube Website

From intercepting key fob signals with HackRF devices to setting up rogue cellular networks with USRP transceivers, Ayyappan Rajesh, Offensive Security Engineer at Block Harbor Cybersecurity, takes Casey deep into the technical underbelly of wireless security testing in this illuminating episode of Ahead of the Breach.  As an offensive security engineer with Block Harbor's VCL team, Ayyappan specializes in testing "everything that has a radio on it" — from automotive systems operating at 315 MHz to Bluetooth-enabled tire pressure monitoring systems and cellular networks requiring sophisticated Faraday cage environments. He shares how teams can intercept SPI and I2C communications to extract firmware directly from chips, implement GPS spoofing using NASA satellite constellation data, and why many vulnerabilities now require physical access rather than just wireless interception. Topics discussed: The evolution of RF exploitation from replay to rollback methodologies that deliberately desynchronize key fob counter synchronization, allowing security testers to exploit implementation weaknesses rather than breaking encryption algorithms directly. Hardware-based firmware extraction techniques using direct chip interfaces that bypass wireless protections entirely, revealing how security researchers connect via SPI and I2C protocols to obtain proprietary algorithms from automotive security chips. Lateral movement strategies from infotainment systems to critical vehicle controls through careful analysis of gateway implementations that act as rudimentary firewalls between entertainment and control networks. Creating isolated cellular test environments using programmable SIM infrastructure and open-source base stations that enable comprehensive security testing without FCC violations through controlled Faraday environments. Manipulating GPS-dependent systems through satellite constellation spoofing that leverages NASA ephemeris data processed through GPS-SDR-SIM to generate deceptive signals targeting both location and time-dependent security controls. Building cost-effective wireless security testing labs that leverage increasingly affordable software-defined radio platforms like HackRF and USRPs, enabling more researchers to conduct sophisticated wireless security assessments. Leveraging automotive security education resources like the Cyber Auto Challenge that provide aspiring security researchers with manufacturer-supported environments for learning without the significant financial barriers traditionally associated with automotive security testing.

Implementing effective DevSecOps requires balancing security controls with developer experience — a challenge Eyal Paz, VP of Research at OX Security, tackles with practical strategies drawn from his network security background. In this episode of Ahead of the Breach, Eyal explains to Casey how organizations can gradually build shift-left security programs without disrupting development workflows, using a strategic phased approach similar to transitioning from IDS to IPS systems.  Eyal explores multiple implementation methods from pipeline scans to pre-commit hooks, explains why "making developers angry" is the greatest security risk to shift-left adoption, and shares research from his Black Hat presentation on the exploitation likelihood of transitive dependencies. Drawing from the Log4j crisis, Eyal also emphasizes the critical importance of maintaining a comprehensive software bill of materials (SBOM) and strategically prioritizing vulnerabilities based on actual exploitation risk rather than raw CVE counts.   Topics discussed: Gradual shift-left security implementation that mirrors IDS-to-IPS transition, starting with detection mode for 1-2 weeks, collecting pipeline data on hundreds of scans, then engaging development managers with concrete findings before enabling blocking mode. Leveraging recent security incidents as strategic entry points for DevSecOps adoption, targeting tools that address specific vulnerabilities developers recognize as harmful like XSS or exposed S3 buckets to maximize buy-in and patience with implementation challenges. Optimizing developer experience as a critical success factor in security programs by choosing implementation points with minimal workflow disruption, focusing on pipeline scans over pre-commit hooks and cautioning against IDE-level scanning that creates excessive friction. Multi-layered scanning strategy framework addressing static analysis (SAS), software composition (SCA), infrastructure-as-code, and container scanning, with guidance on prioritizing integration based on organizational maturity and security history. Strategic vulnerability triage approach based on Black Hat research showing that while 70% of vulnerabilities come from transitive dependencies, the likelihood of exploitation decreases dramatically deeper in the dependency tree. Software bill of materials (SBOM) as critical infrastructure for rapid vulnerability response, drawing lessons from Log4j when organizations without dependency visibility wasted remediation time locating affected systems during active exploitation. Build vs. buy considerations for security tooling that balances the simplicity of open-source implementation against the hidden costs of building comprehensive workflows and integrations at enterprise scale.

"It's kind of like homeowners’ insurance," says Joshua Brown, Founder of Digital Defense Consulting & CISO at Spektrum Labs, about security programs — they’re helping to mitigate risks, not remove them entirely. “If you have homeowners insurance and your house never burns down, it doesn't mean you wasted money. You were there to mitigate the impact of that potentially catastrophic event.” On this episode of Ahead of the Breach, Josh helps Casey dive deep into why security leaders must abandon technical jargon for financial impact metrics when speaking to executives. He also shares how his strategic approach to the FAIR risk model helps convert everything into business impact dollars.  Josh tells Casey his multi-source technique for identifying security gaps by correlating CMDB, cloud services, and EDR data, as well as his three-point leadership framework that emphasizes purpose, ownership, and mentorship to retain talent in an era where AI-powered attackers are developing exploits and sophisticated phishing campaigns faster than defenders can patch. Topics discussed: Translating risk using the FAIR model to convert complex security risks into financial terms, because boards care less about technical risk metrics and more about potential business impact in dollars. How his team at H&R Block built an internal threat team that monitored dark web markets to provide contextualized, industry-specific intelligence. Managing dynamic attack surfaces across hybrid environments with a multi-source approach to asset management, including correlated data from CMDB, cloud services, EDR solutions, and Active Directory to identify security gaps and configuration drift in highly dynamic environments. How attackers are currently leveraging AI more effectively than defenders, and how this is dramatically reducing the timeline for exploiting vulnerabilities and making phishing campaigns more sophisticated and harder to detect. Rather than fearing investment in team growth will lead to turnover, Joshua advocates for three principles: connecting team members to their "why," instilling ownership through budget control and OKRs, and embracing a mentorship mindset even if it means team members eventually outgrow their positions. The "Illusion of Control" fallacy in modern security, which argues that security teams should abandon the outdated notion that they can fully control their environments, especially with personal devices accessing corporate resources, and instead focus on building influence across the organization.

In this episode of Ahead of the Breach, Donika Mirdita, Security Researcher at Fraunhofer Institute for Secure Information Technology, details the technical discovery and exploitation of RPKI manifest file vulnerabilities in BGP routing infrastructure. Through precise manipulation of relay party processing patterns and repository query timing, her "Stellaris downgrade attack" exploits manifest files with 2-48 hour lifecycles to achieve undetected RPKI security downgrades.  Using a sophisticated test environment with Krill publication points and FRR routing software, Donika validated that 47% of publication points are vulnerable to targeted rate limiting attacks that can stall processing for 6-8 hours, effectively enabling BGP prefix hijacking without triggering monitoring alerts. Topics discussed: Technical analysis of how predictable relay party query patterns (default 10-minute intervals) enable precisely timed attacks against RPKI infrastructure. Methodology for constructing publication point subtrees with 50-100 nodes to achieve extended processing delays without triggering timeout mechanisms. Implementation details of targeted rate limiting using spoofed packets to prevent repository updates during critical processing windows. Development of isolated BGP/RPKI test environments using self-signed certificates and custom trust anchors to validate attacks without Internet connectivity. Impact analysis across different relay party implementations and their varying susceptibility to processing stalls. Architectural improvements for RPKI systems, including manifest lifecycle management and decoupled router data generation. Analysis of why seemingly aggressive manifest expiration times (2-48 hours) create an exploitable security tradeoff between data freshness and processing resilience. Listen to more episodes:  Apple  Spotify  YouTube Website

From testing critical infrastructure and IoT devices to leading application security at NerdWallet, DK Koran, BISO, draws from his experience finding vulnerabilities in police cruisers and SCADA systems to discuss his transition to building and managing proactive security teams. On this episode of Ahead of the Breach, he and Casey explore the challenges of implementing security guardrails, running an internal red team, and testing AI systems for prompt injection vulnerabilities.  Through candid insights about his evolution from individual contributor to security leader, DK emphasizes the importance of understanding the 'why' behind security requirements and building strong relationships with development teams. Topics discussed: Exploring vulnerabilities in automotive systems and IOT devices, including experiences testing police cruisers and critical infrastructure for security weaknesses. Transitioning from offensive security testing to application security leadership, focusing on preventing recurring vulnerabilities through proactive measures. Implementing automated security guardrails and requirements across infrastructure and applications to prevent security issues before production deployment. Managing the evolution from individual contributor to security leader while maintaining technical relevance and fostering team growth. Building and scaling an internal red team program, including strategies for target selection and maintaining continuous value delivery. Testing AI systems and chatbots for prompt injection vulnerabilities, highlighting the resurgence of classic security issues in new technologies. Developing effective relationships with development teams by focusing on the “why” behind security requirements and showing empathy for business needs. Creating automated enforcement mechanisms through pre-commit hooks and pipeline controls to ensure security requirement compliance. Balancing team autonomy with security controls in a single-threaded team model while managing infrastructure security at scale. Supporting professional growth and certification pursuits while transitioning from technical roles to security leadership positions.

What can a controversial cyber weapon teach us about everyday security? From chemistry labs to cyber weapons development, Rapyd’s CISO/CIO, Nir Rothenberg’s, journey is anything but conventional. In his conversation with Casey on Ahead of the Breach, he cuts through the headlines about Pegasus to get down to the complex realities of intelligence operations and why most companies are focusing on the wrong security threats.  Drawing from his vast experience, Nir challenges common security assumptions while offering practical wisdom about continuous testing, modern security architecture, and why worrying about nation-state actors might be distracting you from real risks. Topics discussed: Understanding the development, deployment, and oversight of sophisticated cyber capabilities in intelligence operations. Examining the importance of context and complete information when evaluating security tools and their real-world applications. Exploring the evolution of cybersecurity from IT assurance to a crucial component of modern business operations. Building effective security programs that focus on probable threats rather than theoretical risks and nation-state actors. Managing security in high-stakes environments while maintaining proper context and perspective about threats. Implementing continuous security testing through bug bounties and regular assessments to validate security controls. Transitioning from technical roles to security leadership while maintaining practical understanding of threats. Balancing security requirements with business objectives in rapidly growing organizations. Creating security programs that provide consistent friction and validation rather than annual compliance exercises. Understanding the role of offensive security testing in building effective defense capabilities.

What if vulnerability management was less about filling backlogs with findings and more about strategic risk reduction? Sean Finley, Director of Application & Product Security at Eptura, brings a refreshing perspective to application security to his conversation with Casey on this episode of Ahead of the Breach.  Shaped by years of experience as both a software analyst and security leader, his approach challenges the traditional "dump truck of data" mentality, instead advocating for thoughtful prioritization and strong stakeholder partnerships. From building bridges with development teams to making the case for security investments to business leaders, Sean shares practical wisdom for creating AppSec programs that truly serve organizational goals while keeping risks in check. Topics discussed: Understanding the limitations of traditional vulnerability management and why flooding backlogs with findings doesn't equate to effective security. Building strategic partnerships with business stakeholders to ensure security efforts align with organizational priorities and risk tolerance. Integrating security tools seamlessly into developer workflows to reduce friction and increase adoption across engineering teams. Advocating for security considerations during the design phase to prevent costly fixes and potential data breaches later. Managing the delicate balance between development speed and security requirements in modern Agile environments. Creating effective risk-based approaches to vulnerability prioritization based on business context and threat intelligence. Developing strategies for earning developer trust and respect while educating teams about security concepts and threats. Implementing repeatable security processes that work across different release cadences, from quarterly to daily deployments. Building quality assurance into the software development lifecycle through consistent security testing and validation. Fostering a collaborative security culture that emphasizes enablement rather than obstruction or purely compliance-driven approaches.

From a friendly gaming challenge to uncovering critical vulnerabilities, Vladimir Tokarev's journey showcases the power of curiosity in cybersecurity. As a Senior Security Researcher at Microsoft, Tokarev recently unveiled four significant vulnerabilities in OpenVPN's Windows implementation at Black Hat 2024, which he tells Casey all about in this episode of Ahead of the Breach.  Vladimir’s discovery process, beginning with ExpressVPN and leading to wider implications across multiple VPN providers, demonstrates how deep technical expertise combined with creative thinking can uncover security flaws in even the most widely reviewed open source projects. Topics discussed: How a friendly gaming challenge to find ExpressVPN vulnerabilities led to discovering critical flaws in OpenVPN's core implementation The technical details of four chained vulnerabilities, including integer overflow issues and privilege escalation in OpenVPN's Windows service Exploring how vulnerable code propagated across VPN providers through shared components, affecting ExpressVPN, Proton VPN, and multiple other services Walking through the vulnerability research process using IDA Pro for reverse engineering and WinDbg for kernel debugging in Windows environments Understanding how natural curiosity and creative thinking drive successful vulnerability research, from initial discovery through full exploitation Strategies for maintaining research momentum during long periods without findings, including the importance of switching tasks and maintaining work-life balance Essential advice for newcomers to vulnerability research, focusing on building strong technical foundations and developing systematic approaches to discovery How studying newly released CVEs without proof-of-concepts helps develop intuition and provides immediate feedback for improving research skills Insights into balancing security research across different domains, from Microsoft's internal products to IoT devices and popular open source projects

From executing his first SQL injection at age 14 to contributing to the Linux kernel, Keiran Smith’s path to becoming Lead Pentest Engineer at N-able is anything but conventional, as he tells Casey in this episode of Ahead of the Breach. His journey weaves through roles as a senior developer, architect, and DevOps engineer — experiences that transformed him into a security leader who speaks both attacker and defender languages fluently.  Drawing from his extensive software development background, Keiran explains how understanding code makes him a more effective penetration tester and enables him to build stronger relationships with development teams. Armed with Rust-based custom tools and a developer's mindset, he shows how technical expertise paired with engineering empathy creates a more effective approach to security testing. Topics discussed: Bug bounty programs have transformed security testing, creating legitimate paths for aspiring ethical hackers. Understanding code architecture and development processes makes for more effective and impactful security testing results. Creating productive partnerships with development teams by offering solutions rather than just pointing out problems. Essential penetration testing tools, including Burp Suite extensions like Stepper and Hackvertor. Streamlining security documentation with Obsidian, markdown-based notes, and automated report generation through custom CI/CD pipelines. Strategies for tracking and testing constantly evolving attack surfaces in modern development environments. Real-world guidance for newcomers about embracing failure and building strong technical foundations in security. Lessons learned from multiple OSCP certification attempts and why persistence matters more than initial success. How contributing to open source projects like Swagger Jacker and developing custom tools enhances the security community.

In this episode of Ahead of the Breach, Casey speaks with Lorenzo Pedroncelli, Senior Manager at RSA, who shares his insights on the evolving landscape of cybersecurity, emphasizing the critical role of identity security. He discusses the importance of fostering a security culture within organizations, where employees feel empowered to report suspicious activities.  Lorenzo also highlights the challenges of combating identity fraud and the necessity of implementing effective identity proofing measures. Additionally, he explores how organizations can leverage advanced identity management solutions to strengthen their security posture.  Topics discussed: Identity security as a foundational element of modern cybersecurity strategies in protecting organizational assets and sensitive information.   Fostering a security culture where employees feel comfortable verifying identities and reporting suspicious activities to enhance overall organizational security.   The rise of identity fraud and phishing attacks, highlighting the need for robust identity verification processes.   Implementing effective identity proofing measures during employee onboarding to ensure that the right individuals are granted access to sensitive systems.   The importance of continuous risk assessment strategies to adapt to evolving threats and maintain a strong security posture.   Leveraging advanced identity management solutions to streamline authentication processes and improve user experience while maintaining security.   The role of open communication and regular training in empowering employees to recognize and respond to potential security threats.   Strategies for separating machine identity from user identity to enhance security and reduce the risk of unauthorized access.   The impact of regulatory compliance on identity security practices and the necessity for organizations to stay updated on best practices.   Building collaborative relationships with other cybersecurity vendors to share intelligence and improve overall security measures across the industry.   

In this episode of Ahead of the Breach, Casey speaks with Bindi Davé, Deputy CISO at DigiCert, who shares her extensive experience in cybersecurity, focusing on the critical importance of digital trust in today’s interconnected world. She discusses how organizations can establish trust in digital communications and the role of zero trust principles in enhancing security.    Bindi also explores the dual nature of artificial intelligence in cybersecurity, highlighting both its potential to improve efficiency and the risks it poses if mismanaged. Additionally, she emphasizes the need for automation in managing crypto assets to ensure compliance and agility in an evolving threat landscape.    Topics discussed:   The significance of digital trust in ensuring secure online interactions and transactions in an increasingly connected world.  How zero trust principles can enhance security by continuously verifying user identities and access rights across digital platforms. The dual-edged nature of artificial intelligence in cybersecurity, highlighting its potential benefits and inherent risks when misused. The importance of establishing trust in AI systems and ensuring the integrity of data fed into machine learning models. Strategies for automating the management of crypto assets to maintain compliance and prevent security breaches in organizations. The role of vulnerability assessments and penetration testing in identifying and mitigating security risks within digital infrastructures. Insights on building effective relationships between security teams and other departments to foster collaboration and enhance overall security posture. The need for continuous education and training in cybersecurity to keep pace with evolving threats and technologies. Lessons learned from past incident response experiences, emphasizing the importance of preparedness and effective communication during crises.

In this episode of Ahead of the Breach, Casey speaks with cybersecurity leader and expert, Arif Basha. Arif offers his insights on the critical importance of attack surface management in today’s cybersecurity landscape. Arif highlights how the dissolution of traditional network perimeters has shifted the focus to identity as the new perimeter, emphasizing the need for proactive security measures.  He also shares insights on the significance of maintaining up-to-date incident response plans and fostering a culture of cybersecurity awareness within organizations. Tune in to learn how to effectively manage vulnerabilities and prepare for potential breaches in an evolving threat environment.    Topics discussed: The critical role of attack surface management in identifying vulnerabilities and mitigating risks in an increasingly complex cybersecurity landscape.  How geopolitical tensions impact the security posture of organizations and necessitate a proactive approach to cybersecurity measures. The shift from traditional network perimeters to identity as the new perimeter, highlighting the importance of multi-factor authentication and access controls. The significance of maintaining a strong patch management process to ensure systems are secure and vulnerabilities are addressed promptly. The need for comprehensive incident response plans that include documentation, procedures, and tabletop exercises to prepare for potential breaches. The importance of fostering a culture of cybersecurity awareness among employees to minimize risks associated with phishing and social engineering attacks. Insights into the challenges of getting the cybersecurity fundamentals right and why organizations often overlook basic security practices. The evolving role of AI in cybersecurity, including its potential to enhance incident response and automate threat detection processes. The necessity of effective communication strategies during a breach, ensuring that internal and external stakeholders are informed and engaged. The growing importance of cyber insurance and understanding policy coverage to mitigate financial impacts from potential security incidents.

In this episode of Ahead of the Breach, Casey speaks with Joe Mariscal, Director of Cybersecurity and Compliance at Ryerson. Joe brings his extensive experience in the cybersecurity field to discuss topics such as the critical issue of burnout among cybersecurity professionals. He emphasizes the importance of leadership in fostering a supportive work environment.    Joe also highlights strategies for preventing burnout, such as establishing clear boundaries for off time and encouraging open communication. Additionally, Joe delves into navigating compliance frameworks and the emerging threats posed by OT, IoT, and IIoT in the manufacturing sector. Tune in for valuable insights on building resilient cybersecurity teams!    Topics discussed:   The importance of leadership in preventing burnout among cybersecurity teams and fostering a supportive work environment that prioritizes mental well-being.   Strategies for establishing clear boundaries between work and personal time, ensuring that team members can disconnect and recharge effectively.   The impact of constant on-call expectations on employee stress levels and overall team morale in high-pressure cybersecurity roles.   Navigating compliance frameworks, including the differences between prescriptive and advisory guidelines, and aligning them with organizational needs and risk profiles.   Emerging threats in the manufacturing sector, particularly related to operational technology (OT), the internet of things (IoT), and the industrial internet of things (IIoT).   The challenges of managing legacy systems within cybersecurity and the importance of maintaining an accurate asset inventory for effective defense.   The role of ongoing training and development in keeping cybersecurity teams sharp and prepared for evolving threats in the digital landscape.   Utilizing risk registers to prioritize vulnerabilities and communicate effectively with executive leadership about necessary remediation efforts.   The significance of proactive security measures in identifying and mitigating risks associated with remote support and third-party vendor access.   Building a resilient cybersecurity culture that encourages open communication, regular check-ins, and support for personal issues affecting team performance.   

In this episode of Ahead of the Breach, Casey speaks with Konrad Fellmann, VP of IT Infrastructure and CISO at Cubic. Konrad explores critical topics in cybersecurity, including privacy implications of data collection in the automotive industry, for example car manufacturers are reportedly selling consumer data.    Konrad also discusses the evolving role of the CISO, emphasizing the importance of pragmatism and understanding business goals. Additionally, he shares proactive strategies for identifying vulnerabilities, such as integrating security early in the development process and conducting regular penetration testing.   Topics discussed:   The importance of building a security culture within organizations, ensuring that all employees understand their role in protecting sensitive information.   The evolving responsibilities of a CISO, focusing on the need for pragmatism and effective communication with various stakeholders across the business.   Strategies for integrating security into the development process from the outset, ensuring that security requirements are established early in projects.   The dual impact of AI on cybersecurity, enhancing defenses while also providing attackers with tools to craft more convincing phishing attempts.   Proactive measures for identifying vulnerabilities, including routine vulnerability scans and regular penetration testing to uncover potential weaknesses before exploitation.   The significance of understanding business goals and aligning security initiatives with organizational objectives to maintain productivity and customer satisfaction.   The challenges of negotiating with various stakeholders, balancing security needs with operational requirements and budget constraints within the organization.   The necessity of continuous learning and adaptability in the fast-paced cybersecurity landscape, especially in the context of cloud and DevOps environments.   The role of encryption and data anonymization in protecting sensitive information and ensuring compliance with privacy regulations in the transportation sector.   

In this episode of Ahead of the Breach, Casey speaks with Al Imran Husain, CISO & VP of Global Infrastructure at MillerKnoll. Al Imran shares his journey into cybersecurity and discusses the unique challenges faced by manufacturing companies, particularly the convergence of IT and OT systems.    He emphasizes the importance of implementing robust security measures, such as network segmentation and user access controls, to protect critical infrastructure. Al Imran also highlights the growing threat of social engineering attacks and the need for effective security awareness training.   Topics discussed:   The unique cybersecurity challenges faced by manufacturing companies, particularly the integration of operational technology (OT) with information technology (IT). The Purdue model, which outlines different layers of operational technology and its implications for cybersecurity in manufacturing environments. The importance of network segmentation to protect critical systems and prevent unauthorized access in manufacturing operations. Proactive vulnerability management strategies, including scanning for weaknesses and implementing automation to streamline the process. The necessity of strict user access controls to ensure that only authorized personnel can access sensitive operational technology environments. The rising threat of social engineering attacks and the importance of security awareness training for employees at all levels. The significance of understanding cybersecurity fundamentals, including networking and infrastructure, as a foundation for effective security practices. The role of artificial intelligence in enhancing vulnerability management and improving overall cybersecurity posture in manufacturing. Advice for CISOs to engage with leadership teams to raise awareness about cybersecurity issues and ensure organizational support for security initiatives. 

In this episode of Ahead of the Breach, Casey speaks with Jack Leidecker, CISO at Gong, who shares his extensive experience in cybersecurity, emphasizing the importance of proactive measures to enhance organizational security. He discusses the value of hiring offensive security professionals to identify vulnerabilities and strengthen defenses.    Jack also highlights the need to balance rapid innovation with effective security practices, ensuring that development teams can work efficiently without compromising safety. Additionally, he provides insights on building a robust security program from scratch, stressing the significance of aligning security initiatives with business goals.    Topics discussed:   The necessity of implementing proactive security strategies to identify and mitigate potential vulnerabilities before they can be exploited. The importance of recruiting creative and offensive-minded security experts is discussed, as they can effectively challenge existing security measures and identify weaknesses. The need for organizations to balance rapid technological advancements with robust security practices to protect sensitive data and systems. How to develop a comprehensive security program, focusing on aligning security initiatives with overall business objectives. The value of regular penetration testing and security assessments to ensure that organizations remain vigilant against evolving threats and vulnerabilities. The importance of understanding the specific needs of the business to tailor security measures that effectively support organizational goals. The significance of being able to quantify the impact of security initiatives to demonstrate their value to stakeholders and secure necessary resources. The value of conducting red team exercises, as they provide a more creative and realistic approach to testing an organization’s defenses. The necessity of cross-departmental collaboration to foster a culture of security awareness and ensure that security practices are integrated throughout the organization. The importance of communicating security needs and strategies effectively to stakeholders is highlighted, ensuring that security is prioritized at all levels of the organization.

In this episode of Ahead of the Breach, Casey speaks with Dan Creed, CISO of Allegiant Travel Company, who shares his expertise on the evolving landscape of cybersecurity. They discuss the alarming rise of deepfake technology and its implications for corporate security, including a compelling example of its use in social engineering.    Dan emphasizes the importance of building strong relationships with board members to effectively communicate cybersecurity risks and foster a culture of awareness within organizations. He also highlights the necessity for cybersecurity professionals to continuously adapt and learn in order to stay ahead of emerging threats.    Topics discussed:   The growing threat of deepfakes in corporate environments and how they can be used for social engineering attacks against organizations. The importance of effectively communicating cybersecurity risks to board members and how to gain their trust and support. Strategies for fostering strong relationships with leadership to ensure cybersecurity is prioritized within the organization’s overall business strategy. The necessity for cybersecurity professionals to engage in ongoing education and training to keep pace with evolving threats and technologies. The need for robust verification methods in communications, particularly in light of the potential misuse of deepfake technology. Wisdom for aspiring CISOs, including the value of obtaining an MBA to enhance business communication skills and strategic thinking. The critical importance of rapid detection and response to security incidents, and how organizations can improve their response times. The role of threat intelligence in shaping security strategies and how it can help organizations stay ahead of potential attacks. The need for a culture of cybersecurity awareness within organizations is discussed, focusing on how to engage all employees in security practices. The importance of having a mid-level competency in various technologies to understand lateral movement and improve overall security posture.

In this episode of Ahead of the Breach, Casey speaks with Mario DiNatale, CISO at Odyssey Group. Mario shares his insights on the importance of understanding your organization's attack surface and the necessity of hiring skilled professionals to address modern cyber threats.  He emphasizes the value of staying informed about the latest trends and tactics used by threat actors to effectively mitigate risks. Mario also offers actionable strategies for enhancing cybersecurity posture and fostering a proactive defense culture.  Topics discussed: The need for organizations to thoroughly assess their attack surface to identify vulnerabilities and potential entry points for cyber threats. The importance of recruiting skilled cybersecurity professionals is highlighted, as they play a crucial role in effectively managing and mitigating risks. The necessity of adopting proactive measures to defend against cyber threats, rather than relying solely on reactive responses. The importance of keeping abreast of the latest cybersecurity trends and tactics used by threat actors to stay one step ahead. Leveraging the collective intelligence of cybersecurity teams to enhance overall security posture and address complex challenges effectively. The need to translate technical cybersecurity concepts into business language for stakeholders is discussed, ensuring alignment and understanding across the organization. The importance of measuring the effectiveness of cybersecurity initiatives to ensure they are meeting organizational goals and adapting to new threats. Implementing risk management frameworks to systematically identify, assess, and prioritize cybersecurity risks within an organization. Fostering a culture of security within organizations, encouraging all employees to take an active role in protecting sensitive information. The necessity for ongoing education and training in cybersecurity practices is discussed, as the threat landscape is constantly evolving.

In this episode of Ahead of the Breach, Casey chats with Nicholas Anastasi, Director of Technical Operations; Nate Fair, Penetration Tester & Cyber Security Consultant; Juan Pablo “JP” Gomez Postigo, Penetration Tester; and Willis Vandevanter, Senior Staff Security Researcher — all of whom are members of the Sprocket team! They met up at the Black Hat conference to share their expertise in offensive security, focusing on innovative techniques for bypassing web application security measures and identifying vulnerabilities.  Their discussion covers the importance of reconnaissance and staying updated on the latest threats and provides listeners with actionable insights that can enhance their security practices. They explore real-world examples and emphasize the value of collaboration within the cybersecurity community. The team also offers unique perspectives that empower professionals to improve their penetration testing methodologies and better protect their systems against emerging risks.  Topics discussed: Innovative techniques for circumventing common security measures, including login panels and access controls, to identify vulnerabilities effectively. The critical role of reconnaissance in penetration testing and strategies for gathering intelligence on potential targets before assessments begin. The necessity of keeping abreast of the latest vulnerabilities and threats to ensure effective security measures are in place. Case studies from the team’s recent engagements, illustrating how they discovered vulnerabilities and implemented successful remediation strategies. The value of knowledge sharing and collaboration within the cybersecurity community including how it leads to improved security practices. How to incorporate findings from recent conferences, such as Black Hat and DEFCON, into their testing methodologies and tools. How different companies implement various tech stacks, highlighting the need for tailored approaches in penetration testing. The importance of clear communication with clients regarding findings and remediation strategies is emphasized to ensure understanding and effective implementation. The process of creating and refining testing tools that enhance penetration testing capabilities and streamline assessments. How having a background in application development can significantly enhance a tester's intuition and effectiveness during assessments.