Cyber Security Matters Podcast: Tackling Social Engineering Prevention

Harry Baldwin:
Welcome to the Cyber Security Matters Podcast. Your hosts today are me, Harry Baldwin, and Connie Everett, and we're delighted to be joined today by David DellaPelle.

David has a diverse background in cybersecurity strategy and management consulting and has held senior positions with the likes of Ernst & Young, Perimeter 81, and At-Bay. David's educational background includes a Bachelor of Science from Cornell University and an MBA from NYU Stern School of Business.

Today, David is the Co-Founder and CEO of Dune Security, which specializes in AI-powered employee risk management. Welcome to the show, David — great to have you here.

David DellaPelle:
Thanks so much for having me, Harry. I really appreciate it.

Harry Baldwin:
Fantastic. Today, we’ll be talking all things people and the security industry. But to get us started, we always love to ask people the same thing: how did you get into the cybersecurity industry in the first place?

David DellaPelle:
Yeah, it’s a great question. I started my career at an AI startup in Tel Aviv out of school and then went back to New York and worked in management consulting for a bit. I was helping big banks and insurance companies get a bit smaller — a little more efficient — and I realized I wanted to do something a little bit more exciting, a little more growth-oriented.

I realized I wanted to build technology companies, so I applied to go back to school to get my MBA. But I had a friend named James who was working at a small startup called Perimeter 81, which was a network security company. I think they had just raised their Series A and were starting to scale a little bit.

I went over to Perimeter 81 in a very early position, standing up their biz ops and biz dev functions, and the rest is kind of history. That’s how I got started in my career there. I thought it was going to be a temporary thing, and it ended up being a whole career.

Connie Everett:
Thank you, David. We always love to hear everybody's different ways into the industry and how diverse those answers are — it’s always brilliant.

So, we’re going to move on to talk a little bit more about your career and some of the key lessons you’ve learned along that journey. To start with, what or who has been the biggest influence on your career?

David DellaPelle:
I think my answer to this is my father. My dad is one of the most hardworking, disciplined people that I’ve ever met. Growing up, he always taught me that if you’re going to do something, make sure you do it right.

I’ve tried to start about five businesses previous to this — they never got that far. I had one construction business which was successful, but in terms of my software businesses, I never really got past that ideation stage.

So, when I thought of Dune Security and met Michael Waite, my co-founder, it was really time to do it — and to do it right. I think my father is the biggest influence.

Another influence would be Elon Musk, Jeff Bezos, Steve Jobs, and Frank Slootman. Those individuals have been kind of North Stars for me in terms of being a co-founder and CEO of a tech startup.

Harry Baldwin:
Amazing. Thank you. And in terms of, I guess, throughout all of that, what would you say is the achievement you're most proud of?

David DellaPelle:
I think what we’re doing here at Dune Security is super important for the industry.

The way I talk about this problem is: social engineering continues to be the biggest problem for enterprise CISOs and security teams. There have been all these great solutions that have come out of Israel and the U.S. — out of Unit 8200 in Israel and the NSA in the U.S. — and they’ve really focused on endpoint security, network security, identity security, and so on.

We hear about those types of solutions all the time, but there’s really no solution that can take in all the relevant data about employee risk and actually quantify that risk at the individual employee level — to find out who’s creating risk, to what extent, and how.

That’s what we build here at Dune. Candidly, what we’re doing right now is definitely the most important work I’ve done in my career, and I’m really excited to keep it going.

Connie Everett:
Amazing — it sounds like you’re in a brilliant position at the moment.

And I guess to touch a little bit on what you mentioned at the beginning about those setbacks you had before reaching this point: every entrepreneur faces challenges. What would you say are some of the biggest challenges you encountered in the early stages of your business, and how did you overcome them?

David DellaPelle:
I think the best founders, the best entrepreneurs, have a great mix of optimism and resilience.

In my first year building Dune with Michael, I was told “no” by hundreds of venture capitalists — because they had seen a lot of security awareness training companies, which were next-generation in concept but failed in execution. The scope was limited, the impact was low.

But I was able to see around the corner and understand that a big company needed to be built in the employee risk space. One hadn’t really been built yet, and there was a massive opportunity — especially among large enterprises.

So, just being able to stay resilient and keep pushing — to follow your North Star even when everyone around you says no — that’s been key.

Harry Baldwin:
You may have sort of already answered this, but if you were giving advice to someone looking to be an entrepreneur, what would you say is the most important quality required?

David DellaPelle:
Yeah, I think it’s that optimism and resilience — but also the ability to build networks.

The ability to tap into powerful networks, to be a good person people want to spend time with, and to explain your vision clearly so others align with it — that’s been critical for me.

We’ve built an incredible network that’s really propelled us forward. So, making sure you’re not afraid to get in the room, speak with the right people, and build relationships — that’s hugely important.

Connie Everett:
Absolutely. And as a leader yourself, your leadership style sets the tone for the company. How would you describe your approach to leadership, and how has it evolved over time?

David DellaPelle:
I think the most important thing is to lead by example. Not to be cliché, but if you want to lead a team, especially in the early stages — when maybe you can’t pay a lot and are offering mostly equity — what people follow is your vision.

You have to really believe in that vision and communicate it clearly — paint that picture of the future. That’s how you get people to do the hard work of building the company.

And it’s not about being nice — it’s about being fair. As CEO, sometimes people won’t like you. That’s just part of it. But as long as you’re fair and leading from the front, that’s what matters most.

Harry Baldwin:
Brilliant. Leading on to the next topic — what are the key talent topics that need addressing in the industry?

David DellaPelle:
Location is incredibly important.

We’re a very high-tech cybersecurity company using AI, right in the heart of downtown Manhattan. It’s been easy for us to recruit great talent from Columbia University, NYU, Fordham, and other nearby schools.

What’s harder is senior leadership hiring. It’s difficult to recruit people away from the huge salaries at Google, Meta, Amazon, and others. Convincing them to take the pay cut and equity — that’s where real salesmanship comes in.

That’s probably the hardest thing — hiring senior-level talent.

Connie Everett:
And what soft skills do you think are critical for thriving in a startup?

David DellaPelle:
Getting along with the team is the most important thing. Being personable, fair, and someone people actually want to be around.

I think startups will fail if they aren’t in person — at least in the early stages. As the company grows, remote might make sense, but in the beginning, you need that face-to-face dynamic.

We always do our final interviews in person — lunch or coffee with the team — to make sure it’s someone we’d genuinely enjoy working with every day.

Harry Baldwin:
Thank you, David. It’s great insight into talent and culture. Let’s talk about Dune Security itself. Every business has an origin story. Can you take us back to when the idea first originated and what inspired it?

David DellaPelle:
Like I said before, there are fantastic companies out there doing endpoint, network, identity, and cloud security — companies like Wiz and Abnormal Security.

But I realized it doesn’t matter how strong your castle walls are. You can give every employee a YubiKey and have every filter cranked up — but if attackers want to get in, they can.

About 90% of breaches start with social engineering, and no one was really solving that problem at scale. The way most organizations handled it — traditional security awareness training — was just ineffective. People weren’t paying attention.

The initial idea was: what if we just train people on what they’re bad at? That was the spark.

It evolved into using AI to take data about each user’s behavior and context, then adapt training, simulations, and even security controls around them automatically. That’s how Dune became the first true user adaptive risk management platform.

Harry Baldwin:
That makes total sense. What were the moments along the journey where you realized this was going to be a viable business?

David DellaPelle:
There are two big ones.

First — when strangers with real budgets, CISOs at big companies, started saying, “This is a real problem. How can I help?”

Second — when those same people started paying for the product. That’s when you know you’ve built something viable.

A lot of founders spend too much time talking to investors. The truth is, customers know more about your product than VCs ever will. Get in front of them first — investors will follow traction.

We’ve now raised $9 million from top-tier VCs because we built a real business first.

Connie Everett:
Congratulations — that’s huge. And I know you’re speaking soon in London as one of Gartner’s “Uncut Gems.” Tell us about that.

David DellaPelle:
Yeah, super exciting. Dune Security was selected as one of Gartner’s three Uncut Gems for 2024.

I’ll be speaking to around 50–60 CISOs, all from companies with over $10 billion in revenue. I can’t name them, but they’re some of the largest brands in the world.

I’ll be talking about the future of the security organization — how the silos between GRC, security awareness, and security operations need to close.

With Dune’s real-time adaptive risk management platform, we can finally make user risk data valuable for SOC teams. That’s what I’ll be sharing.

Harry Baldwin:
That’s fantastic. Now, let’s talk about AI. It’s a buzzword in the industry, but how is Dune actually using it?

David DellaPelle:
Yeah, a lot of startups today are just ChatGPT wrappers. Their “AI” is just an API to OpenAI. That’s not a business — it’s a feature.

At Dune, AI is core to the product. We’ve built proprietary language models that standardize and quantify user risk across roles and industries. That allows us to process massive data inputs and adapt training and security controls in real time.

That’s true AI — purpose-built for security.

Harry Baldwin:
How do you see AI shaping employee risk management over the next five to ten years?

David DellaPelle:
AI has increased both the quality and quantity of social engineering attacks.

Attackers can scrape open-source data and target thousands of employees at once. We’ve even seen deepfake video calls with multiple fake participants — it’s incredibly sophisticated.

The way we communicate is going to change. I think we’ll all have AI copilots, like Iron Man’s Jarvis — intelligent assistants that augment human thinking.

But that also means risk increases. Companies need to adapt. At Dune, our platform is a true data science system — it can ingest unlimited data and evolve as the threat landscape changes.

Connie Everett:
All right, time for the quick-fire round!

What was the last movie you watched?

David DellaPelle:
Dune: Part Two. Convenient, right? I loved it — but honestly, I liked the first one better. The aesthetic and visuals were just incredible.

Connie Everett:
What’s your favorite game or sport to play?

David DellaPelle:
Probably tennis. I love playing — it’s hard to find courts in Manhattan, but I make it work.

Connie Everett:
If you could only eat one meal for the rest of your life, what would it be?

David DellaPelle:
A really high-quality steak.

Connie Everett:
And how do you take your steak?

David DellaPelle:
Medium rare — there’s only one right answer.

Connie Everett:
If you could live anywhere in the world, where would it be?

David DellaPelle:
Probably Portugal — such a high quality of life. Or Israel — incredibly innovative, inspiring place with smart people solving hard problems every day.

Connie Everett:
What makes you laugh?

David DellaPelle:
Honestly, probably my team. I’ve got a weird mix of a seven-year-old and a fifty-year-old sense of humor. Our team lunches are just nonstop laughter.

Connie Everett:
What would you sing at karaoke night?

David DellaPelle:
Frank Sinatra — easy choice.

Connie Everett:
University of school or the university of life?

David DellaPelle:
The university of life. I believe in education, but real learning comes from doing — and reading voraciously.

Connie Everett:
RSA or Black Hat?

David DellaPelle:
Probably Black Hat. It’s more technical — RSA is more suits and investors.

Harry Baldwin:
Final question — what one piece of advice would you give to someone entering the industry?

David DellaPelle:
A rising tide raises all ships. This industry needs talent. Cybersecurity is going to be a trillion-dollar market in the next decade — there’s so much work to do.

Don’t be afraid to jump in. Work for a startup. Take a pay cut if you have to. The experience will be worth it.

Harry Baldwin:
That’s fantastic advice. David, thank you so much for joining us today.

Connie Everett:
Thank you, David — really appreciate your time.

David DellaPelle:
Thanks so much, Harry. Thanks, Connie. I really appreciate it.

Harry Baldwin:
And thank you to everyone listening. If you enjoyed the show, please subscribe and give us a rating — it really helps more people find and enjoy these stories.