Down the Security Rabbithole Podcast (DtSR) DtSR Episode 688 - Looking for Meaning in the Signal
4 snips
Jan 13, 2026 Join Julian Brownlow Davies, SVP of Offensive Security Strategy at BugCrowd, as he unravels the complexities of modern security. With nearly 20 years in the field, Julian discusses how customer needs have evolved from merely discovering vulnerabilities to addressing pressing organizational issues. He explores the shift from traditional pen tests to red teaming, emphasizing the importance of context and prioritizing threats to critical assets. Julian also dives into the role of AI in offensive security, warning against relying solely on autonomous systems.
AI Snips
Chapters
Transcript
Episode notes
Offense Needs To Solve Customer Problems
- Offensive security techniques haven't changed much, but customer problems and expectations have shifted dramatically.
- Julian argues testers must focus on solving customer problems, not just finding vulnerabilities.
Prioritize Exposure Over Vulnerability Counts
- Mature organisations move from vulnerability counts to measuring real exposures and attack reachability.
- Prioritise vulnerabilities that actually expose crown jewels, not brochureware CVSS-10s.
Graph Attack Paths And Fix Choke Points
- Graph attack surface and connectivity to highlight choke points and real attack paths.
- Fix vulnerabilities that shut down multiple attack paths to critical assets first.