T. Rowe Price's Matthew Winters on Threat Hunting, Graph Thinking, and Making Adversaries Cry

Gary Lobermier on Scaling Red Team Automation with AI to Run Hundreds of Real Attacks Daily

Most security teams test their detections once a year. Gary Lobermier, Lead Adversarial Security Engineer at Northwestern Mutual, built something different: a custom automation platform that executes hundreds of MITRE ATT&CK techniques daily across Windows, macOS, Linux, and AWS, giving his team real-time signal on whether their defenses actually hold. In this episode, Gary breaks down why off-the-shelf purple team tools fall short at enterprise scale, the procedure-level gap nobody talks about in the MITRE ATT&CK framework, and what EDR vendors don't advertise about their own coverage limits. He also shares how his non-traditional path (from network admin to red teamer) shaped the way he thinks about adversary emulation and detection engineering. If you're building or scaling an offensive security program and want to know what continuous validation actually looks like in practice, this one's worth your time.

Zoom's Andy Grant on Offensive Intuition and Letting Hackers Hunt

What happens when you remove timeboxes, rigid scope, and checklist-driven testing from offensive security? In this episode of Ahead of the Breach, we sit down with Andy Grant to explore what it looks like to build an intuition-driven offensive security program, one designed to let skilled engineers follow the signal instead of the schedule. Drawing from more than a decade in consulting and product security, Andy shares how traditional two-week pentests often cut off discovery just as understanding begins to form. His solution: hire exceptional hackers, give them space to explore, and focus on the most impactful risks rather than superficial coverage metrics.

Accenture's Daniel Barnes on SAML exploitation and what really matters in pentesting

What makes a vulnerability truly shocking is simplicity, once you notice the assumption everyone else missed. In this episode, Daniel shares a memorable SAML/SSO privilege escalation from a real engagement, then zooms out into what it takes to grow as a penetration tester: handling uncertainty, collaborating through roadblocks, and building the fundamentals that make creative problem-solving possible. The conversation blends war stories with practical guidance for both aspiring testers and security leaders. We cover everything from dependency risk and real-world scoping realities to why thinking like an attacker belongs early in the SDLC, not at the end.

T. Rowe Price's Matthew Winters on Threat Hunting, Graph Thinking, and Making Adversaries Cry

What does effective threat hunting actually look like inside large, complex environments? In this episode of Ahead of the Breach, we sit down with Matthew Winters of T. Rowe Price to unpack what it means to hunt threats at scale and why the hardest part isn’t finding suspicious behavior, but deciding where to look in the first place. Matthew brings a practitioner’s perspective shaped by years in SOC operations, incident response, and enterprise environments. The conversation moves well beyond tools and techniques, focusing instead on mindset, prioritization, and how defenders can think more strategically about disrupting attackers.

Citi's Ryan Hays Navigating Risk and Resilience at Scale

What does navigating risk really look like at global scale? In this episode of Ahead of the Breach, host Casey Cammilleri sits down with Ryan Hays from Citi to explore how security teams operate inside one of the world’s largest financial institutions. Ryan shares real-world perspective on managing risk, building resilience, and making security decisions in environments defined by complexity, regulation, and constant threat pressure. From aligning security efforts with business priorities to adapting defenses across massive, interconnected systems, this conversation offers practical insight into what it takes to protect critical financial infrastructure at scale.