Ahead of the Breach

From testing critical infrastructure and IoT devices to leading application security at NerdWallet, DK Koran, BISO, draws from his experience finding vulnerabilities in police cruisers and SCADA systems to discuss his transition to building and managing proactive security teams. On this episode of Ahead of the Breach, he and Casey explore the challenges of implementing security guardrails, running an internal red team, and testing AI systems for prompt injection vulnerabilities. 
Through candid insights about his evolution from individual contributor to security leader, DK emphasizes the importance of understanding the 'why' behind security requirements and building strong relationships with development teams.
Topics discussed:
Exploring vulnerabilities in automotive systems and IOT devices, including experiences testing police cruisers and critical infrastructure for security weaknesses.
Transitioning from offensive security testing to application security leadership, focusing on preventing recurring vulnerabilities through proactive measures.
Implementing automated security guardrails and requirements across infrastructure and applications to prevent security issues before production deployment.
Managing the evolution from individual contributor to security leader while maintaining technical relevance and fostering team growth.
Building and scaling an internal red team program, including strategies for target selection and maintaining continuous value delivery.
Testing AI systems and chatbots for prompt injection vulnerabilities, highlighting the resurgence of classic security issues in new technologies.
Developing effective relationships with development teams by focusing on the “why” behind security requirements and showing empathy for business needs.
Creating automated enforcement mechanisms through pre-commit hooks and pipeline controls to ensure security requirement compliance.
Balancing team autonomy with security controls in a single-threaded team model while managing infrastructure security at scale.
Supporting professional growth and certification pursuits while transitioning from technical roles to security leadership positions.

What can a controversial cyber weapon teach us about everyday security? From chemistry labs to cyber weapons development, Rapyd’s CISO/CIO, Nir Rothenberg’s, journey is anything but conventional. In his conversation with Casey on Ahead of the Breach, he cuts through the headlines about Pegasus to get down to the complex realities of intelligence operations and why most companies are focusing on the wrong security threats. 
Drawing from his vast experience, Nir challenges common security assumptions while offering practical wisdom about continuous testing, modern security architecture, and why worrying about nation-state actors might be distracting you from real risks.
Topics discussed:
Understanding the development, deployment, and oversight of sophisticated cyber capabilities in intelligence operations.
Examining the importance of context and complete information when evaluating security tools and their real-world applications.
Exploring the evolution of cybersecurity from IT assurance to a crucial component of modern business operations.
Building effective security programs that focus on probable threats rather than theoretical risks and nation-state actors.
Managing security in high-stakes environments while maintaining proper context and perspective about threats.
Implementing continuous security testing through bug bounties and regular assessments to validate security controls.
Transitioning from technical roles to security leadership while maintaining practical understanding of threats.
Balancing security requirements with business objectives in rapidly growing organizations.
Creating security programs that provide consistent friction and validation rather than annual compliance exercises.
Understanding the role of offensive security testing in building effective defense capabilities.

What if vulnerability management was less about filling backlogs with findings and more about strategic risk reduction? Sean Finley, Director of Application & Product Security at Eptura, brings a refreshing perspective to application security to his conversation with Casey on this episode of Ahead of the Breach. 
Shaped by years of experience as both a software analyst and security leader, his approach challenges the traditional "dump truck of data" mentality, instead advocating for thoughtful prioritization and strong stakeholder partnerships. From building bridges with development teams to making the case for security investments to business leaders, Sean shares practical wisdom for creating AppSec programs that truly serve organizational goals while keeping risks in check.
Topics discussed:
Understanding the limitations of traditional vulnerability management and why flooding backlogs with findings doesn't equate to effective security.
Building strategic partnerships with business stakeholders to ensure security efforts align with organizational priorities and risk tolerance.
Integrating security tools seamlessly into developer workflows to reduce friction and increase adoption across engineering teams.
Advocating for security considerations during the design phase to prevent costly fixes and potential data breaches later.
Managing the delicate balance between development speed and security requirements in modern Agile environments.
Creating effective risk-based approaches to vulnerability prioritization based on business context and threat intelligence.
Developing strategies for earning developer trust and respect while educating teams about security concepts and threats.
Implementing repeatable security processes that work across different release cadences, from quarterly to daily deployments.
Building quality assurance into the software development lifecycle through consistent security testing and validation.
Fostering a collaborative security culture that emphasizes enablement rather than obstruction or purely compliance-driven approaches.

From a friendly gaming challenge to uncovering critical vulnerabilities, Vladimir Tokarev's journey showcases the power of curiosity in cybersecurity. As a Senior Security Researcher at Microsoft, Tokarev recently unveiled four significant vulnerabilities in OpenVPN's Windows implementation at Black Hat 2024, which he tells Casey all about in this episode of Ahead of the Breach. 
Vladimir’s discovery process, beginning with ExpressVPN and leading to wider implications across multiple VPN providers, demonstrates how deep technical expertise combined with creative thinking can uncover security flaws in even the most widely reviewed open source projects.
Topics discussed:
How a friendly gaming challenge to find ExpressVPN vulnerabilities led to discovering critical flaws in OpenVPN's core implementation
The technical details of four chained vulnerabilities, including integer overflow issues and privilege escalation in OpenVPN's Windows service
Exploring how vulnerable code propagated across VPN providers through shared components, affecting ExpressVPN, Proton VPN, and multiple other services
Walking through the vulnerability research process using IDA Pro for reverse engineering and WinDbg for kernel debugging in Windows environments
Understanding how natural curiosity and creative thinking drive successful vulnerability research, from initial discovery through full exploitation
Strategies for maintaining research momentum during long periods without findings, including the importance of switching tasks and maintaining work-life balance
Essential advice for newcomers to vulnerability research, focusing on building strong technical foundations and developing systematic approaches to discovery
How studying newly released CVEs without proof-of-concepts helps develop intuition and provides immediate feedback for improving research skills
Insights into balancing security research across different domains, from Microsoft's internal products to IoT devices and popular open source projects

From executing his first SQL injection at age 14 to contributing to the Linux kernel, Keiran Smith’s path to becoming Lead Pentest Engineer at N-able is anything but conventional, as he tells Casey in this episode of Ahead of the Breach. His journey weaves through roles as a senior developer, architect, and DevOps engineer — experiences that transformed him into a security leader who speaks both attacker and defender languages fluently. 
Drawing from his extensive software development background, Keiran explains how understanding code makes him a more effective penetration tester and enables him to build stronger relationships with development teams. Armed with Rust-based custom tools and a developer's mindset, he shows how technical expertise paired with engineering empathy creates a more effective approach to security testing.
Topics discussed:
Bug bounty programs have transformed security testing, creating legitimate paths for aspiring ethical hackers.
Understanding code architecture and development processes makes for more effective and impactful security testing results.
Creating productive partnerships with development teams by offering solutions rather than just pointing out problems.
Essential penetration testing tools, including Burp Suite extensions like Stepper and Hackvertor.
Streamlining security documentation with Obsidian, markdown-based notes, and automated report generation through custom CI/CD pipelines.
Strategies for tracking and testing constantly evolving attack surfaces in modern development environments.
Real-world guidance for newcomers about embracing failure and building strong technical foundations in security.
Lessons learned from multiple OSCP certification attempts and why persistence matters more than initial success.
How contributing to open source projects like Swagger Jacker and developing custom tools enhances the security community.

In this episode of Ahead of the Breach, Casey speaks with Lorenzo Pedroncelli, Senior Manager at RSA, who shares his insights on the evolving landscape of cybersecurity, emphasizing the critical role of identity security. He discusses the importance of fostering a security culture within organizations, where employees feel empowered to report suspicious activities. 
Lorenzo also highlights the challenges of combating identity fraud and the necessity of implementing effective identity proofing measures. Additionally, he explores how organizations can leverage advanced identity management solutions to strengthen their security posture. 
Topics discussed:
Identity security as a foundational element of modern cybersecurity strategies in protecting organizational assets and sensitive information.  
Fostering a security culture where employees feel comfortable verifying identities and reporting suspicious activities to enhance overall organizational security.  
The rise of identity fraud and phishing attacks, highlighting the need for robust identity verification processes.  
Implementing effective identity proofing measures during employee onboarding to ensure that the right individuals are granted access to sensitive systems.  
The importance of continuous risk assessment strategies to adapt to evolving threats and maintain a strong security posture.  
Leveraging advanced identity management solutions to streamline authentication processes and improve user experience while maintaining security.  
The role of open communication and regular training in empowering employees to recognize and respond to potential security threats.  
Strategies for separating machine identity from user identity to enhance security and reduce the risk of unauthorized access.  
The impact of regulatory compliance on identity security practices and the necessity for organizations to stay updated on best practices.  
Building collaborative relationships with other cybersecurity vendors to share intelligence and improve overall security measures across the industry.   

In this episode of Ahead of the Breach, Casey speaks with Bindi Davé, Deputy CISO at DigiCert, who shares her extensive experience in cybersecurity, focusing on the critical importance of digital trust in today’s interconnected world. She discusses how organizations can establish trust in digital communications and the role of zero trust principles in enhancing security. 
 
Bindi also explores the dual nature of artificial intelligence in cybersecurity, highlighting both its potential to improve efficiency and the risks it poses if mismanaged. Additionally, she emphasizes the need for automation in managing crypto assets to ensure compliance and agility in an evolving threat landscape. 
 
Topics discussed:
 
The significance of digital trust in ensuring secure online interactions and transactions in an increasingly connected world. 
How zero trust principles can enhance security by continuously verifying user identities and access rights across digital platforms.
The dual-edged nature of artificial intelligence in cybersecurity, highlighting its potential benefits and inherent risks when misused.
The importance of establishing trust in AI systems and ensuring the integrity of data fed into machine learning models.
Strategies for automating the management of crypto assets to maintain compliance and prevent security breaches in organizations.
The role of vulnerability assessments and penetration testing in identifying and mitigating security risks within digital infrastructures.
Insights on building effective relationships between security teams and other departments to foster collaboration and enhance overall security posture.
The need for continuous education and training in cybersecurity to keep pace with evolving threats and technologies.
Lessons learned from past incident response experiences, emphasizing the importance of preparedness and effective communication during crises.

In this episode of Ahead of the Breach, Casey speaks with cybersecurity leader and expert, Arif Basha. Arif offers his insights on the critical importance of attack surface management in today’s cybersecurity landscape. Arif highlights how the dissolution of traditional network perimeters has shifted the focus to identity as the new perimeter, emphasizing the need for proactive security measures. 
He also shares insights on the significance of maintaining up-to-date incident response plans and fostering a culture of cybersecurity awareness within organizations. Tune in to learn how to effectively manage vulnerabilities and prepare for potential breaches in an evolving threat environment. 
 
Topics discussed:
The critical role of attack surface management in identifying vulnerabilities and mitigating risks in an increasingly complex cybersecurity landscape. 
How geopolitical tensions impact the security posture of organizations and necessitate a proactive approach to cybersecurity measures.
The shift from traditional network perimeters to identity as the new perimeter, highlighting the importance of multi-factor authentication and access controls.
The significance of maintaining a strong patch management process to ensure systems are secure and vulnerabilities are addressed promptly.
The need for comprehensive incident response plans that include documentation, procedures, and tabletop exercises to prepare for potential breaches.
The importance of fostering a culture of cybersecurity awareness among employees to minimize risks associated with phishing and social engineering attacks.
Insights into the challenges of getting the cybersecurity fundamentals right and why organizations often overlook basic security practices.
The evolving role of AI in cybersecurity, including its potential to enhance incident response and automate threat detection processes.
The necessity of effective communication strategies during a breach, ensuring that internal and external stakeholders are informed and engaged.
The growing importance of cyber insurance and understanding policy coverage to mitigate financial impacts from potential security incidents.

In this episode of Ahead of the Breach, Casey speaks with Joe Mariscal, Director of Cybersecurity and Compliance at Ryerson. Joe brings his extensive experience in the cybersecurity field to discuss topics such as the critical issue of burnout among cybersecurity professionals. He emphasizes the importance of leadership in fostering a supportive work environment. 
 
Joe also highlights strategies for preventing burnout, such as establishing clear boundaries for off time and encouraging open communication. Additionally, Joe delves into navigating compliance frameworks and the emerging threats posed by OT, IoT, and IIoT in the manufacturing sector. Tune in for valuable insights on building resilient cybersecurity teams! 
 
Topics discussed:
 
The importance of leadership in preventing burnout among cybersecurity teams and fostering a supportive work environment that prioritizes mental well-being.  
Strategies for establishing clear boundaries between work and personal time, ensuring that team members can disconnect and recharge effectively.  
The impact of constant on-call expectations on employee stress levels and overall team morale in high-pressure cybersecurity roles.  
Navigating compliance frameworks, including the differences between prescriptive and advisory guidelines, and aligning them with organizational needs and risk profiles.  
Emerging threats in the manufacturing sector, particularly related to operational technology (OT), the internet of things (IoT), and the industrial internet of things (IIoT).  
The challenges of managing legacy systems within cybersecurity and the importance of maintaining an accurate asset inventory for effective defense.  
The role of ongoing training and development in keeping cybersecurity teams sharp and prepared for evolving threats in the digital landscape.  
Utilizing risk registers to prioritize vulnerabilities and communicate effectively with executive leadership about necessary remediation efforts.  
The significance of proactive security measures in identifying and mitigating risks associated with remote support and third-party vendor access.  
Building a resilient cybersecurity culture that encourages open communication, regular check-ins, and support for personal issues affecting team performance.   

In this episode of Ahead of the Breach, Casey speaks with Konrad Fellmann, VP of IT Infrastructure and CISO at Cubic. Konrad explores critical topics in cybersecurity, including privacy implications of data collection in the automotive industry, for example car manufacturers are reportedly selling consumer data. 
 
Konrad also discusses the evolving role of the CISO, emphasizing the importance of pragmatism and understanding business goals. Additionally, he shares proactive strategies for identifying vulnerabilities, such as integrating security early in the development process and conducting regular penetration testing.
 
Topics discussed:
 
The importance of building a security culture within organizations, ensuring that all employees understand their role in protecting sensitive information.  
The evolving responsibilities of a CISO, focusing on the need for pragmatism and effective communication with various stakeholders across the business.  
Strategies for integrating security into the development process from the outset, ensuring that security requirements are established early in projects.  
The dual impact of AI on cybersecurity, enhancing defenses while also providing attackers with tools to craft more convincing phishing attempts.  
Proactive measures for identifying vulnerabilities, including routine vulnerability scans and regular penetration testing to uncover potential weaknesses before exploitation.  
The significance of understanding business goals and aligning security initiatives with organizational objectives to maintain productivity and customer satisfaction.  
The challenges of negotiating with various stakeholders, balancing security needs with operational requirements and budget constraints within the organization.  
The necessity of continuous learning and adaptability in the fast-paced cybersecurity landscape, especially in the context of cloud and DevOps environments.  
The role of encryption and data anonymization in protecting sensitive information and ensuring compliance with privacy regulations in the transportation sector.