Ahead of the Breach

What makes a vulnerability truly shocking is simplicity, once you notice the assumption everyone else missed. In this episode, Daniel shares a memorable SAML/SSO privilege escalation from a real engagement, then zooms out into what it takes to grow as a penetration tester: handling uncertainty, collaborating through roadblocks, and building the fundamentals that make creative problem-solving possible.
The conversation blends war stories with practical guidance for both aspiring testers and security leaders. We cover everything from dependency risk and real-world scoping realities to why thinking like an attacker belongs early in the SDLC, not at the end.

What does effective threat hunting actually look like inside large, complex environments? In this episode of Ahead of the Breach, we sit down with Matthew Winters of T. Rowe Price to unpack what it means to hunt threats at scale and why the hardest part isn’t finding suspicious behavior, but deciding where to look in the first place.
Matthew brings a practitioner’s perspective shaped by years in SOC operations, incident response, and enterprise environments. The conversation moves well beyond tools and techniques, focusing instead on mindset, prioritization, and how defenders can think more strategically about disrupting attackers.

What does navigating risk really look like at global scale?
In this episode of Ahead of the Breach, host Casey Cammilleri sits down with Ryan Hays from Citi to explore how security teams operate inside one of the world’s largest financial institutions. Ryan shares real-world perspective on managing risk, building resilience, and making security decisions in environments defined by complexity, regulation, and constant threat pressure.
From aligning security efforts with business priorities to adapting defenses across massive, interconnected systems, this conversation offers practical insight into what it takes to protect critical financial infrastructure at scale.

In this episode of Ahead of the Breach, host Casey Cammilleri sits down with Tori Westerhoff, a member of Microsoft’s AI Red Team, to explore what offensive security looks like in the age of large language models and AI-driven systems.
Tori breaks down how AI red teaming differs from traditional security testing, what it takes to identify real-world abuse cases in generative models, and why understanding adversarial thinking is critical as AI becomes embedded in modern products. The conversation dives into model misuse, prompt manipulation, system-level risks, and how red teams collaborate with engineers to build safer AI from the ground up.
Whether you’re a penetration tester, security engineer, or just trying to understand how AI systems are tested before they reach production, this episode offers a rare look inside one of the most cutting-edge offensive security roles in the industry.

In this episode of Ahead of the Breach, host Casey Cammilleri sits down with Nikita Belikov of the Nevada Air National Guard to explore what cybersecurity looks like inside a military and critical-infrastructure environment.
Nikita shares insight into defending high-stakes systems where availability, resilience, and mission readiness are non-negotiable. The conversation covers how military cyber teams think about risk, how defensive priorities differ from traditional enterprise security, and what it takes to operate effectively in an environment shaped by real-world threats and strict operational constraints.
From translating security strategy into actionable defense to preparing for incidents where failure isn’t an option, this episode offers a grounded look at cyber defense from the perspective of someone protecting systems that truly matter.

Live from Black Hat 2025, host Casey Cammalleri sits down with Seth Arnoff, a cybersecurity engineer at the John D. and Catherine T. MacArthur Foundation, to talk about what it really looks like to run security at a mission-driven organization with a lean team.
Seth walks through the day-to-day reality—patching, vuln management, and log triage—alongside bigger culture-forward initiatives like going passwordless with Windows Hello and driving adoption through demos, lunch-and-learns, and intentional communication. From there, the conversation shifts into proactive security: why MacArthur moved from point-in-time assessments to a continuous penetration testing model, how “always-on” testing reduces operational drag, and why verified remediation matters more than one-and-done reports.
They also dig into the security side of the AI boom on the conference floor—how to build guardrails when people are going to use AI tools anyway, what third-party risk looks like in an LLM world, and how to monitor tool usage without becoming invasive. Seth shares practical advice for reporting security to leadership (hint: fewer scary vanity metrics, more measurable objectives), how they’re maturing vendor management with repeatable processes and SOC 2 reviews, and what he thinks the industry still isn’t talking about enough: quantum computing.
 

Live from Black Hat USA 2025, host Casey Cammilleri sat down with cyber threat-intelligence researcher Megan Squire to break down one of the fastest-growing and most misunderstood pillars of modern cybercrime: infostealers.
Megan, a computer-science PhD and seasoned threat-tracking expert, walks us through how infostealers have evolved into a massive underground economy powering identity theft, fraud, and initial-access brokering. She unpacks what happens the moment a machine is infected, why attackers covet browser autofill data and screenshots, and how terabytes of stolen logs expose painful patterns in real victim behavior.
Casey and Megan dig into everything from synthetic log generation to the flood of fake and duplicated logs polluting marketplaces — and why gaming mods and “quick download” culture are driving infections at scale. Megan also shares how red teams can responsibly leverage infostealer artifacts for richer attack paths, sharper assessments, and a much clearer picture of how users actually think and behave.
If you want an unfiltered look at how infostealers are reshaping the threat landscape — and what organizations should be doing right now to stay ahead — this is an episode you won’t want to miss.

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses what makes hybrid pentesting so powerful. 
Would you like to have Casey answer one of your questions in a future episode? Email podcast@sprocketsecurity.com with your question and a short summary of why you're looking for an answer!
Get in touch with your host, Casey Cammilleri: 
LinkedIn 
Listen to more episodes: 
Apple 
Spotify
YouTube 

What if you could predict major security vulnerabilities weeks before they're publicly disclosed? Andrew Morris, Founder & Chief Architect at GreyNoise Intelligence, built a global sensor network that does exactly that by tracking internet-wide scanning patterns that spike 3-4 weeks before critical vulnerabilities become public knowledge. This transforms the chaotic noise of billions of daily internet scans into precise threat intelligence that helps organizations focus on real attacks.
Andrew walks Casey through how he created what he calls the "opposite of Shodan." Instead of cataloging what's scannable on the internet, GreyNoise tracks who's doing the scanning and why. The technical challenge required learning new programming languages and building infrastructure across hostile network environments globally, but the result is a system that functions like noise-canceling headphones for cybersecurity. 
Topics discussed:
The methodology behind building internet-wide sensor networks across multiple cloud providers and regional hosting environments.
How network fingerprinting techniques using MTU overhead, TLS signatures, and protocol implementations reveal the true origins of scanning traffic through VPNs and proxies.
The correlation between massive scanning spikes for specific software or hardware and vulnerability disclosures that follow 3-4 weeks later.
Why embedded systems and edge devices represent the most vulnerable attack surface on the internet.
Technical challenges of processing and indexing billions of daily network sessions while applying pattern matching and classification rules at line rate performance.
The operational realities of maintaining distributed infrastructure in hostile network environments.
How threat actors use geographic and software-specific targeting patterns that become visible only through comprehensive internet-wide monitoring capabilities.
The discovery of zero day vulnerabilities through automated classification pipelines that identify previously unknown attack patterns.
Why traditional threat intelligence approaches fail to distinguish between legitimate research scanning and malicious reconnaissance activities targeting organizations.
Strategic approaches to handling sensor network detection and fingerprinting by adversaries, including infrastructure rotation and traffic obfuscation techniques.
Listen to more episodes: 
Apple 
Spotify 
YouTube
Website

Welcome to a special edition of Ahead of the Breach, where our host Casey Cammilleri answers the top questions our listeners have asked us. In today's episode, Casey addresses how expert-driven offensive security provides comprehensive risk insight. 
Would you like to have Casey answer one of your questions in a future episode? Email podcast@sprocketsecurity.com with your question and a short summary of why you're looking for an answer!
Get in touch with your host, Casey Cammilleri: 
LinkedIn 
Listen to more episodes: 
Apple 
Spotify
YouTube