N-able's Keiran Smith on Building Better Security Through Development Experience

From executing his first SQL injection at age 14 to contributing to the Linux kernel, Keiran Smith’s path to becoming Lead Pentest Engineer at N-able is anything but conventional, as he tells Casey in this episode of Ahead of the Breach. His journey weaves through roles as a senior developer, architect, and DevOps engineer — experiences that transformed him into a security leader who speaks both attacker and defender languages fluently. 

Drawing from his extensive software development background, Keiran explains how understanding code makes him a more effective penetration tester and enables him to build stronger relationships with development teams. Armed with Rust-based custom tools and a developer's mindset, he shows how technical expertise paired with engineering empathy creates a more effective approach to security testing.

Topics discussed:

• Bug bounty programs have transformed security testing, creating legitimate paths for aspiring ethical hackers.
• Understanding code architecture and development processes makes for more effective and impactful security testing results.
• Creating productive partnerships with development teams by offering solutions rather than just pointing out problems.
• Essential penetration testing tools, including Burp Suite extensions like Stepper and Hackvertor.
• Streamlining security documentation with Obsidian, markdown-based notes, and automated report generation through custom CI/CD pipelines.
• Strategies for tracking and testing constantly evolving attack surfaces in modern development environments.
• Real-world guidance for newcomers about embracing failure and building strong technical foundations in security.
• Lessons learned from multiple OSCP certification attempts and why persistence matters more than initial success.
• How contributing to open source projects like Swagger Jacker and developing custom tools enhances the security community.