Ahead of the Breach

Many cybersecurity programs fail because they prioritize tools over understanding what they're protecting. Brett Price, Lead Cybersecurity Consultant & vCISO at AccessIT Group, brings decades of experience to explain why data discovery and governance create more security value than any technology purchase. His approach starts with mapping critical data to business functions before implementing solutions — a methodology that has helped organizations discover everything from unsecured credit card data in S3 buckets to massive compliance gaps that traditional scanners missed entirely.
Drawing from his experience as a reformed QSA and virtual CISO across multiple industries, Brett tells Casey how successful security leaders build programs around culture and relationships rather than technical controls. His framework transforms overwhelming vulnerability backlogs into focused remediation strategies by prioritizing currently exploited vulnerabilities over theoretical risks, enabling resource-constrained organizations to eliminate real attack vectors first.
Topics discussed:
The evolution of cybersecurity leadership from Steve Katz's appointment as Citigroup's first CSO in 1995 to today's business-aligned security executives.
Why organizations fail by throwing tools at security problems without first understanding their critical data locations and business functions.
Building incident response plans that include communication trees, out-of-band protocols, and muscle memory development through tabletop exercises.
DSPM strategies for discovering, classifying, and protecting crown jewel data across cloud and on-premises environments.
Vulnerability prioritization methodologies that focus on currently exploited vulnerabilities rather than overwhelming teams with thousands of theoretical risks.
Creating security cultures through trust-building and gradual implementation rather than forcing dramatic changes that trigger organizational resistance.
The limitations of compliance frameworks like PCI DSS and HIPAA that create false security by protecting only specific data types while missing broader organizational risks.
Essential security metrics for boardroom reporting, including mean time to detect, mean time to resolve, and vulnerability burn-down rates.
How healthcare and manufacturing industries struggle with cybersecurity implementation due to budget constraints and rapidly expanding attack surfaces.
Building holistic security programs using frameworks like NIST CSF and CIS Controls that address governance, technical controls, and business alignment simultaneously.
Get in touch with Brett:
brettp@accessitgroup.com
Listen to more episodes: 
Apple 
Spotify 
YouTube
Website
 

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses 5 steps to building a modern pentesting program. 
Would you like to have Casey answer one of your questions in a future episode? Email podcast@sprocketsecurity.com with your question and a short summary of why you're looking for an answer!
Get in touch with your host, Casey Cammilleri: 
LinkedIn 
Listen to more episodes: 
Apple 
Spotify
YouTube 

Most security architecture programs struggle to demonstrate their value because they focus on creating diagrams rather than driving implementation. Parthasarathi Chakraborty, Former Deputy CISO at Natixis CIB, shares his approach to transforming security architecture from theoretical frameworks to measurable business impact. 
With experience across Fortune 15 banks to mid-market companies, Partha gives Casey a peek into how his "architectural assurance function" bridges the critical gap between security requirements and engineering implementation, reducing incidents, accelerating deployment times, and proving security's ROI to business leaders.
Topics discussed:
Why many organizations have security architecture in name only, with PowerPoint diagrams and Word documents that provide little practical guidance to engineering teams.
How to turn high-level security principles into detailed engineering specifications that developers can actually implement.
Tracking how architecture maturity reduces time-to-market for applications, minimizes configuration drift, and decreases security incidents.
Building a specialized team with both technical depth and breadth to validate whether engineering implementations adhere to security requirements.
Incorporating compliance standards, threat data, and security operations insights to create risk-based architectural requirements that address real-world threats.
Codifying security blueprint requirements into cloud security posture management systems to detect and remediate drift automatically.
Ensuring security requirements remain simple enough for teams to adopt while still addressing critical risks.
Navigating initial resistance through clear communication, demonstrating value, and creating structured roles and responsibilities.
Creating feedback loops between security architecture, engineering teams, and assurance functions to continuously improve both requirements and implementation.
Evolving from reactive patching toward proactive security design that prevents vulnerabilities from reaching production.
Listen to more episodes: 
Apple 
Spotify 
YouTube
Website

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses the most common myths around continuous pentesting. 
Would you like to have Casey answer one of your questions in a future episode? Email podcast@sprocketsecurity.com with your question and a short summary of why you're looking for an answer!
 
Listen to more episodes: 
Apple 
Spotify
YouTube 

When Tim Silverline received a pentest report that was essentially a clean bill of health with zero evidence of actual testing, he knew his security program had a problem. As Vice President of Security at Rocket Lawyer, this experience sparked a complete transformation from annual security theater to continuous, evidence-based testing that provides actionable intelligence — with Sprocket! In his chat with Casey, recorded at RSA 2025, Tim shares hard-earned insights about building effective security programs in established organizations while navigating the complexities of rapid AI development and multi-compliance requirements. 
 
Tim touches on how static analysis tools create more noise than value, explaining how packages flagged as critical vulnerabilities often aren't even loaded into memory or used in exploitable ways. His solution involves runtime analysis with eBPF sensors that monitor actual execution rather than theoretical package inventories. He also discusses the unique challenges of implementing SOC 2 controls in an 18-year-old company versus a startup, emphasizing the critical importance of executive alignment before attempting cultural transformation. 
 
Topics discussed:
The limitations of traditional annual penetration testing and why continuous testing provides better coverage for organizations with rapid deployment cycles.
How runtime analysis with eBPF sensors eliminates false positives by monitoring actual code execution rather than static package inventories that generate noise.
The strategic approach to managing SOC 2 compliance implementation in established organizations, focusing on executive alignment before attempting cultural transformation.
Advanced attack surface management techniques that extend beyond hosted applications to include third-party platforms and exposed API keys.
The challenge of staying ahead of AI development from a security perspective, particularly as interconnected AI models create complex data flow patterns difficult to audit.
Why clean penetration test reports with no evidence of actual testing indicate vendor problems rather than strong security posture.
The evolution from static vulnerability scanning to context-aware prioritization based on actual exploitability and system exposure.
Strategies for integrating security findings into development workflows through two-way JIRA integration and regular cross-team security reviews.
The growing complexity of non-human identity management as DevOps practices increase the proliferation of API keys and service accounts across cloud environments.
How the NextJS vulnerability response demonstrates the value of runtime monitoring for rapidly identifying which instances actually use vulnerable middleware configurations.
Listen to more episodes: 
Apple 
Spotify 
YouTube
Website

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses how to prepare for the future of pentesting. 
Would you like to have Casey answer one of your questions in a future episode? Email podcast@sprocketsecurity.com with your question and a short summary of why you're looking for an answer!
Get in touch with your host, Casey Cammilleri: 
LinkedIn 
X
Website 
Listen to more episodes: 
Apple 
Spotify
YouTube 

The shift from annual compliance-driven security testing to continuous validation represents one of the most critical evolutions in modern cybersecurity practice. Vivek Menon, CISO & Head of Data at Digital Turbine, discovered this firsthand when his team's focus on modern cloud applications nearly missed a critical legacy system that could have triggered cascading failures across their entire infrastructure. On this episode of Ahead of the Breach, Vivek tells Casey how quarterly penetration testing aligned with engineering roadmaps delivers superior security outcomes while building rather than eroding trust with development teams.
Vivek has developed frameworks that balance thorough security validation with business agility. His approach to shadow AI governance, stakeholder communication strategies, and leveraging AI simulation for previously impossible attack scenarios offers practical guidance for security leaders navigating today's rapid development cycles while maintaining robust defensive postures.
Topics discussed:
Quarterly penetration testing frameworks that align with product roadmaps and engineering milestones rather than annual compliance cycles to catch vulnerabilities as they're introduced.
The critical importance of comprehensive asset discovery, particularly legacy systems that may be interconnected with modern cloud infrastructure in ways that create cascading vulnerability risks.
Building trust equations with engineering teams through consistent, non-disruptive testing practices that demonstrate security as an enabler rather than a blocker to development velocity.
Shadow AI governance challenges as employees enthusiastically adopt tools like Zapier agents without proper controls, creating new data exposure vectors that require immediate attention.
Risk register development using business risk alignment rather than treating all systems equally, focusing testing resources on revenue-generating and business-critical components.
AI-driven attack simulation capabilities that make previously cost-prohibitive or technically impossible testing scenarios accessible for better adversary understanding.
Stakeholder communication strategies that tailor security messaging across three distinct audiences: technical implementers, middle management, and executive leadership with board reporting requirements.
Leveraging AI agents for frictionless continuous testing that reduces visible pain points for engineering organizations while maintaining security thoroughness.
Integration strategies for penetration testing platforms with existing productivity tools like Jira, Confluence, and Slack to streamline vulnerability management workflows.
Non-traditional hiring approaches for security teams, particularly recruiting from MLOps and data science backgrounds to address machine learning security gaps that traditional cybersecurity professionals often miss.
Listen to more episodes: 
Apple 
Spotify 
YouTube
Website

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses what is broken about legacy pentesting. 
Would you like to have Casey answer one of your questions in a future episode? Email podcast@sprocketsecurity.com with your question and a short summary of why you're looking for an answer!

From a casual gaming project at NASA's JPL to powering 700+ cybersecurity vendors, WhoisXML API has become the foundation of modern threat intelligence. In this episode of Ahead of the Breach, recorded at RSA Conference 2025, Casey sits down with Vice President Alex Ronquillo to explore how domain registration data has become critical infrastructure for security tools and how penetration testers can leverage this intelligence in their work.
Alex takes us behind the scenes of the massive data collection operation that tracks billions of domain events monthly, explaining how even the most heavily reviewed security tools rely on WhoisXML API to identify potentially malicious domains based on registration patterns. He also reveals surprising research showing that 90% of subdomains in security databases don't actually exist — they're artifacts of security scanning against wildcard DNS configurations that respond to any query. 
Topics discussed:
Research showing that domains created within the last 30 days are significantly more likely to be malicious, forcing penetration testers to deliberately "age" domains to avoid detection by security tools that automatically flag new registrations.
How security professionals can use reverse WHOIS lookups based on email addresses, organization names, and nameservers to discover hidden attack surfaces and verify domain ownership during testing.
Rather than performing millions of individual WHOIS queries, major security platforms license structured data dumps to perform local lookups for domain intelligence at massive scale.
Since GDPR implementation in 2018, approximately 80-90% of domains have non-public registrant information, forcing security teams to rely on alternative signals like SSL certificates and hosting infrastructure.
WhoisXML API's partnership network with cybersecurity vendors creates a collaborative intelligence platform that tracks malicious domains and infrastructure across the internet ecosystem.
How security tools inadvertently pollute passive DNS databases by triggering wildcard DNS records, creating the illusion that millions of non-existent subdomains are real assets.
How the Registration Data Access Protocol is modernizing domain registration data access while preserving the critical information that security tools need for threat intelligence.
How companies like Doppel use WhoisXML API's data to identify phishing domains targeting their customers within minutes of registration, enabling rapid takedown before damage occurs.
How investment analysts and technology companies use WHOIS and hosting data to track market share and adoption patterns across cloud providers and services.
Listen to more episodes: 
Apple 
Spotify 

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today’s episode, Casey addresses “Why does continuous penetration testing outperform bug bounties?”Would you like to have Casey answer one of your questions in a future episode? Email podcast@sprocketsecurity.com with your question and a short summary of why you’re looking for an answer!