The Reveal Sessions

Red teaming isn’t just about malware, exploits, and technical tooling—it’s about understanding people.In this episode, Matt sits down with Krittika, a seasoned red team operator with nearly a decade of experience specializing in social engineering and initial access operations. Krittika shares her unconventional journey into cybersecurity—from studying Middle East affairs and counterterrorism to becoming a certified social engineer and red team specialist. The conversation dives deep into the craft behind social engineering, why initial access is often the hardest and most overlooked part of offensive security, and how human behavior remains the most powerful attack surface.They also explore:How social engineering actually works in real red team operationsThe planning, reconnaissance, and tradecraft behind phishing and vishing campaignsStories from DEFCON social engineering competitions and real-world red team engagementsHow AI is changing both attack and defense in social engineeringThe evolving tactics of modern threat actors—including fake job applicants and insider accessWhy “being technical” in cybersecurity is more nuanced than most people thinkKritika also shares lessons from physical security testing, executive-targeted operations, and the mindset required to successfully execute complex red team engagements.If you’re interested in offensive security, red teaming, human-centered hacking, or the psychology behind social engineering, this episode is packed with insights and real-world stories from the field.

In this episode of The Reveal Sessions, Matt Mullins sits down with Farzan Karimi — former red team leader at Google (Android) and EA, now Deputy CISO at Moderna — for a candid conversation on offensive security, leadership, and the realities of modern security programs.Farzan shares stories from the field, including discovering active compromise during a government pen test and navigating a last-minute legal escalation just hours before a DEF CON talk . But this episode goes far beyond war stories.Together, they explore:The art of responsible disclosure under pressureWhy “running the scanner” isn’t the same as thinking like an attackerHow to deliver hard findings without becoming the blockerBridging security with engineering, labs, and operational teamsThe real state of AI in red teaming — and where humans still have the edgeThis is a conversation about more than breaking systems. It’s about building trust, influencing culture, and turning offensive insights into stronger, more resilient organizations.Whether you’re a red teamer, security leader, or builder navigating risk at scale, this episode delivers both tactical lessons and leadership perspective.

Matt sits down with Joe Slowik to break down what effective threat intelligence actually looks like in practice. They discuss why reports alone aren’t enough, how attackers really operate, the growing importance of identity and browser-based attacks, and what defenders need to focus on to protect modern environments - from SaaS to critical infrastructure. A practical conversation on closing the gap between threat intel and real-world defense.

The Reveal Sessions sits down with purple-team veteran Travis Altman for a deep, practical dive into how modern security teams can actually make purple teaming work. Hosted by Matt Mullins, this conversation unpacks the evolution of offensive and defensive collaboration, the realities of detection engineering, and what it takes to build exercises that matter—not just flashy red-team reports.Travis shares lessons from decades across finance, manufacturing, healthcare, and beyond, including how to design useful attack scenarios, meaningfully validate detections, handle brittle controls, and navigate the growing challenges of cloud, SaaS, and identity-driven environments.If you work in security engineering, detection, red teaming, or incident response, this episode gives an unfiltered look at how teams can stop playing telephone and actually work together to reduce real risk.