Ahead of the Breach

"It's kind of like homeowners’ insurance," says Joshua Brown, Founder of Digital Defense Consulting & CISO at Spektrum Labs, about security programs — they’re helping to mitigate risks, not remove them entirely. “If you have homeowners insurance and your house never burns down, it doesn't mean you wasted money. You were there to mitigate the impact of that potentially catastrophic event.”
On this episode of Ahead of the Breach, Josh helps Casey dive deep into why security leaders must abandon technical jargon for financial impact metrics when speaking to executives. He also shares how his strategic approach to the FAIR risk model helps convert everything into business impact dollars. 
Josh tells Casey his multi-source technique for identifying security gaps by correlating CMDB, cloud services, and EDR data, as well as his three-point leadership framework that emphasizes purpose, ownership, and mentorship to retain talent in an era where AI-powered attackers are developing exploits and sophisticated phishing campaigns faster than defenders can patch.
Topics discussed:
Translating risk using the FAIR model to convert complex security risks into financial terms, because boards care less about technical risk metrics and more about potential business impact in dollars.
How his team at H&R Block built an internal threat team that monitored dark web markets to provide contextualized, industry-specific intelligence.
Managing dynamic attack surfaces across hybrid environments with a multi-source approach to asset management, including correlated data from CMDB, cloud services, EDR solutions, and Active Directory to identify security gaps and configuration drift in highly dynamic environments.
How attackers are currently leveraging AI more effectively than defenders, and how this is dramatically reducing the timeline for exploiting vulnerabilities and making phishing campaigns more sophisticated and harder to detect.
Rather than fearing investment in team growth will lead to turnover, Joshua advocates for three principles: connecting team members to their "why," instilling ownership through budget control and OKRs, and embracing a mentorship mindset even if it means team members eventually outgrow their positions.
The "Illusion of Control" fallacy in modern security, which argues that security teams should abandon the outdated notion that they can fully control their environments, especially with personal devices accessing corporate resources, and instead focus on building influence across the organization.

In this episode of Ahead of the Breach, Donika Mirdita, Security Researcher at Fraunhofer Institute for Secure Information Technology, details the technical discovery and exploitation of RPKI manifest file vulnerabilities in BGP routing infrastructure. Through precise manipulation of relay party processing patterns and repository query timing, her "Stellaris downgrade attack" exploits manifest files with 2-48 hour lifecycles to achieve undetected RPKI security downgrades. 
Using a sophisticated test environment with Krill publication points and FRR routing software, Donika validated that 47% of publication points are vulnerable to targeted rate limiting attacks that can stall processing for 6-8 hours, effectively enabling BGP prefix hijacking without triggering monitoring alerts.
Topics discussed:
Technical analysis of how predictable relay party query patterns (default 10-minute intervals) enable precisely timed attacks against RPKI infrastructure.
Methodology for constructing publication point subtrees with 50-100 nodes to achieve extended processing delays without triggering timeout mechanisms.
Implementation details of targeted rate limiting using spoofed packets to prevent repository updates during critical processing windows.
Development of isolated BGP/RPKI test environments using self-signed certificates and custom trust anchors to validate attacks without Internet connectivity.
Impact analysis across different relay party implementations and their varying susceptibility to processing stalls.
Architectural improvements for RPKI systems, including manifest lifecycle management and decoupled router data generation.
Analysis of why seemingly aggressive manifest expiration times (2-48 hours) create an exploitable security tradeoff between data freshness and processing resilience.
Listen to more episodes: 
Apple 
Spotify 
YouTube
Website

From testing critical infrastructure and IoT devices to leading application security at NerdWallet, DK Koran, BISO, draws from his experience finding vulnerabilities in police cruisers and SCADA systems to discuss his transition to building and managing proactive security teams. On this episode of Ahead of the Breach, he and Casey explore the challenges of implementing security guardrails, running an internal red team, and testing AI systems for prompt injection vulnerabilities. 
Through candid insights about his evolution from individual contributor to security leader, DK emphasizes the importance of understanding the 'why' behind security requirements and building strong relationships with development teams.
Topics discussed:
Exploring vulnerabilities in automotive systems and IOT devices, including experiences testing police cruisers and critical infrastructure for security weaknesses.
Transitioning from offensive security testing to application security leadership, focusing on preventing recurring vulnerabilities through proactive measures.
Implementing automated security guardrails and requirements across infrastructure and applications to prevent security issues before production deployment.
Managing the evolution from individual contributor to security leader while maintaining technical relevance and fostering team growth.
Building and scaling an internal red team program, including strategies for target selection and maintaining continuous value delivery.
Testing AI systems and chatbots for prompt injection vulnerabilities, highlighting the resurgence of classic security issues in new technologies.
Developing effective relationships with development teams by focusing on the “why” behind security requirements and showing empathy for business needs.
Creating automated enforcement mechanisms through pre-commit hooks and pipeline controls to ensure security requirement compliance.
Balancing team autonomy with security controls in a single-threaded team model while managing infrastructure security at scale.
Supporting professional growth and certification pursuits while transitioning from technical roles to security leadership positions.

What can a controversial cyber weapon teach us about everyday security? From chemistry labs to cyber weapons development, Rapyd’s CISO/CIO, Nir Rothenberg’s, journey is anything but conventional. In his conversation with Casey on Ahead of the Breach, he cuts through the headlines about Pegasus to get down to the complex realities of intelligence operations and why most companies are focusing on the wrong security threats. 
Drawing from his vast experience, Nir challenges common security assumptions while offering practical wisdom about continuous testing, modern security architecture, and why worrying about nation-state actors might be distracting you from real risks.
Topics discussed:
Understanding the development, deployment, and oversight of sophisticated cyber capabilities in intelligence operations.
Examining the importance of context and complete information when evaluating security tools and their real-world applications.
Exploring the evolution of cybersecurity from IT assurance to a crucial component of modern business operations.
Building effective security programs that focus on probable threats rather than theoretical risks and nation-state actors.
Managing security in high-stakes environments while maintaining proper context and perspective about threats.
Implementing continuous security testing through bug bounties and regular assessments to validate security controls.
Transitioning from technical roles to security leadership while maintaining practical understanding of threats.
Balancing security requirements with business objectives in rapidly growing organizations.
Creating security programs that provide consistent friction and validation rather than annual compliance exercises.
Understanding the role of offensive security testing in building effective defense capabilities.

What if vulnerability management was less about filling backlogs with findings and more about strategic risk reduction? Sean Finley, Director of Application & Product Security at Eptura, brings a refreshing perspective to application security to his conversation with Casey on this episode of Ahead of the Breach. 
Shaped by years of experience as both a software analyst and security leader, his approach challenges the traditional "dump truck of data" mentality, instead advocating for thoughtful prioritization and strong stakeholder partnerships. From building bridges with development teams to making the case for security investments to business leaders, Sean shares practical wisdom for creating AppSec programs that truly serve organizational goals while keeping risks in check.
Topics discussed:
Understanding the limitations of traditional vulnerability management and why flooding backlogs with findings doesn't equate to effective security.
Building strategic partnerships with business stakeholders to ensure security efforts align with organizational priorities and risk tolerance.
Integrating security tools seamlessly into developer workflows to reduce friction and increase adoption across engineering teams.
Advocating for security considerations during the design phase to prevent costly fixes and potential data breaches later.
Managing the delicate balance between development speed and security requirements in modern Agile environments.
Creating effective risk-based approaches to vulnerability prioritization based on business context and threat intelligence.
Developing strategies for earning developer trust and respect while educating teams about security concepts and threats.
Implementing repeatable security processes that work across different release cadences, from quarterly to daily deployments.
Building quality assurance into the software development lifecycle through consistent security testing and validation.
Fostering a collaborative security culture that emphasizes enablement rather than obstruction or purely compliance-driven approaches.

From a friendly gaming challenge to uncovering critical vulnerabilities, Vladimir Tokarev's journey showcases the power of curiosity in cybersecurity. As a Senior Security Researcher at Microsoft, Tokarev recently unveiled four significant vulnerabilities in OpenVPN's Windows implementation at Black Hat 2024, which he tells Casey all about in this episode of Ahead of the Breach. 
Vladimir’s discovery process, beginning with ExpressVPN and leading to wider implications across multiple VPN providers, demonstrates how deep technical expertise combined with creative thinking can uncover security flaws in even the most widely reviewed open source projects.
Topics discussed:
How a friendly gaming challenge to find ExpressVPN vulnerabilities led to discovering critical flaws in OpenVPN's core implementation
The technical details of four chained vulnerabilities, including integer overflow issues and privilege escalation in OpenVPN's Windows service
Exploring how vulnerable code propagated across VPN providers through shared components, affecting ExpressVPN, Proton VPN, and multiple other services
Walking through the vulnerability research process using IDA Pro for reverse engineering and WinDbg for kernel debugging in Windows environments
Understanding how natural curiosity and creative thinking drive successful vulnerability research, from initial discovery through full exploitation
Strategies for maintaining research momentum during long periods without findings, including the importance of switching tasks and maintaining work-life balance
Essential advice for newcomers to vulnerability research, focusing on building strong technical foundations and developing systematic approaches to discovery
How studying newly released CVEs without proof-of-concepts helps develop intuition and provides immediate feedback for improving research skills
Insights into balancing security research across different domains, from Microsoft's internal products to IoT devices and popular open source projects

From executing his first SQL injection at age 14 to contributing to the Linux kernel, Keiran Smith’s path to becoming Lead Pentest Engineer at N-able is anything but conventional, as he tells Casey in this episode of Ahead of the Breach. His journey weaves through roles as a senior developer, architect, and DevOps engineer — experiences that transformed him into a security leader who speaks both attacker and defender languages fluently. 
Drawing from his extensive software development background, Keiran explains how understanding code makes him a more effective penetration tester and enables him to build stronger relationships with development teams. Armed with Rust-based custom tools and a developer's mindset, he shows how technical expertise paired with engineering empathy creates a more effective approach to security testing.
Topics discussed:
Bug bounty programs have transformed security testing, creating legitimate paths for aspiring ethical hackers.
Understanding code architecture and development processes makes for more effective and impactful security testing results.
Creating productive partnerships with development teams by offering solutions rather than just pointing out problems.
Essential penetration testing tools, including Burp Suite extensions like Stepper and Hackvertor.
Streamlining security documentation with Obsidian, markdown-based notes, and automated report generation through custom CI/CD pipelines.
Strategies for tracking and testing constantly evolving attack surfaces in modern development environments.
Real-world guidance for newcomers about embracing failure and building strong technical foundations in security.
Lessons learned from multiple OSCP certification attempts and why persistence matters more than initial success.
How contributing to open source projects like Swagger Jacker and developing custom tools enhances the security community.

In this episode of Ahead of the Breach, Casey speaks with Lorenzo Pedroncelli, Senior Manager at RSA, who shares his insights on the evolving landscape of cybersecurity, emphasizing the critical role of identity security. He discusses the importance of fostering a security culture within organizations, where employees feel empowered to report suspicious activities. 
Lorenzo also highlights the challenges of combating identity fraud and the necessity of implementing effective identity proofing measures. Additionally, he explores how organizations can leverage advanced identity management solutions to strengthen their security posture. 
Topics discussed:
Identity security as a foundational element of modern cybersecurity strategies in protecting organizational assets and sensitive information.  
Fostering a security culture where employees feel comfortable verifying identities and reporting suspicious activities to enhance overall organizational security.  
The rise of identity fraud and phishing attacks, highlighting the need for robust identity verification processes.  
Implementing effective identity proofing measures during employee onboarding to ensure that the right individuals are granted access to sensitive systems.  
The importance of continuous risk assessment strategies to adapt to evolving threats and maintain a strong security posture.  
Leveraging advanced identity management solutions to streamline authentication processes and improve user experience while maintaining security.  
The role of open communication and regular training in empowering employees to recognize and respond to potential security threats.  
Strategies for separating machine identity from user identity to enhance security and reduce the risk of unauthorized access.  
The impact of regulatory compliance on identity security practices and the necessity for organizations to stay updated on best practices.  
Building collaborative relationships with other cybersecurity vendors to share intelligence and improve overall security measures across the industry.   

In this episode of Ahead of the Breach, Casey speaks with Bindi Davé, Deputy CISO at DigiCert, who shares her extensive experience in cybersecurity, focusing on the critical importance of digital trust in today’s interconnected world. She discusses how organizations can establish trust in digital communications and the role of zero trust principles in enhancing security. 
 
Bindi also explores the dual nature of artificial intelligence in cybersecurity, highlighting both its potential to improve efficiency and the risks it poses if mismanaged. Additionally, she emphasizes the need for automation in managing crypto assets to ensure compliance and agility in an evolving threat landscape. 
 
Topics discussed:
 
The significance of digital trust in ensuring secure online interactions and transactions in an increasingly connected world. 
How zero trust principles can enhance security by continuously verifying user identities and access rights across digital platforms.
The dual-edged nature of artificial intelligence in cybersecurity, highlighting its potential benefits and inherent risks when misused.
The importance of establishing trust in AI systems and ensuring the integrity of data fed into machine learning models.
Strategies for automating the management of crypto assets to maintain compliance and prevent security breaches in organizations.
The role of vulnerability assessments and penetration testing in identifying and mitigating security risks within digital infrastructures.
Insights on building effective relationships between security teams and other departments to foster collaboration and enhance overall security posture.
The need for continuous education and training in cybersecurity to keep pace with evolving threats and technologies.
Lessons learned from past incident response experiences, emphasizing the importance of preparedness and effective communication during crises.

In this episode of Ahead of the Breach, Casey speaks with cybersecurity leader and expert, Arif Basha. Arif offers his insights on the critical importance of attack surface management in today’s cybersecurity landscape. Arif highlights how the dissolution of traditional network perimeters has shifted the focus to identity as the new perimeter, emphasizing the need for proactive security measures. 
He also shares insights on the significance of maintaining up-to-date incident response plans and fostering a culture of cybersecurity awareness within organizations. Tune in to learn how to effectively manage vulnerabilities and prepare for potential breaches in an evolving threat environment. 
 
Topics discussed:
The critical role of attack surface management in identifying vulnerabilities and mitigating risks in an increasingly complex cybersecurity landscape. 
How geopolitical tensions impact the security posture of organizations and necessitate a proactive approach to cybersecurity measures.
The shift from traditional network perimeters to identity as the new perimeter, highlighting the importance of multi-factor authentication and access controls.
The significance of maintaining a strong patch management process to ensure systems are secure and vulnerabilities are addressed promptly.
The need for comprehensive incident response plans that include documentation, procedures, and tabletop exercises to prepare for potential breaches.
The importance of fostering a culture of cybersecurity awareness among employees to minimize risks associated with phishing and social engineering attacks.
Insights into the challenges of getting the cybersecurity fundamentals right and why organizations often overlook basic security practices.
The evolving role of AI in cybersecurity, including its potential to enhance incident response and automate threat detection processes.
The necessity of effective communication strategies during a breach, ensuring that internal and external stakeholders are informed and engaged.
The growing importance of cyber insurance and understanding policy coverage to mitigate financial impacts from potential security incidents.