Security Architecture Podcast: Securing Tomorrow

Evgeniy Kharam:
Hello everyone, welcome to the Cyber Inspiration Podcast. My name is Evgeniy. I have been around cybersecurity for the last 20 years, and I have a lot of experience working with a variety of cybersecurity vendors. My main work is vendor consulting and cybersecurity advisory for companies. As part of my passion for technology and cyber, I’ve been intrigued to learn how companies start. I started this podcast to understand the thinking process and what motivated people to start their own companies. This podcast is affiliated with the Security Architecture Podcast.

Evgeniy Kharam:
We have the pleasure today to talk to David from Dune Security, and I’m very, very excited because I just watched Dune 2 in IMAX, so I really want to understand the connection between the Dune movie and the company. David, can you please tell me about yourself and the company?

David DellaPelle :
Absolutely. First of all, thank you so much for having me today, Evgeniy. The movie — I think they’re saying it might go down as one of the best movies of all time, right? The production value is incredible. I think the Hans Zimmer score for me was what did it. The scenes where they’re fighting the Harkonnens with the spice harvesters — that’s one of my favorite scenes in the whole movie.

Dune Security actually was not named after Dune the movie. Ironically, Dune Security was named after “Dun” — D-U-N — which is an old Gaelic word for fortification, for protection. And we kind of have the side benefit of having the same name as the movie and this incredible franchise. The company was named Dune, and we’ve definitely basked in kind of the Dune lore — we enjoy that as a cultural element of our company. Our first dummy environment was all characters from Dune — Paul Atreides, Duncan Idaho, and so on.

Dune Security was founded in May of last year. We’re a ten-month-old company, and I think we’re hitting above our weight class. We’re funded by Craft Ventures, Alumni Ventures, Sequoia out of their Scout Fund, as well as Antler and Firestreak Ventures. We’ve also had ten enterprise CISOs — some of the biggest names in the industry — fund us directly.

We’ve built this incredible CISO Advisory Council of over seventy industry-leading enterprise CISOs who have aligned themselves with Dune because of how important our mission is. Before this new age of AI, 80% of breaches — at minimum — started because of employee error. And there’s really been no great way to improve this problem.

There are beautiful castle walls, so to speak — but as we saw in Dune the movie, those walls can break down with the right type of threats. When you’re segmenting the network with Zscaler and you have CrowdStrike on every endpoint, and SailPoint sitting on top of the identity layer, you’re in a good spot. But there’s still no way to quantify and reduce risk in the employee layer. CISOs are tired of this, which is why we started Dune Security.

We are reducing the attack surface for every enterprise. We are preventing AI-powered social engineering. And our mission is incredibly important.

Evgeniy Kharam:
This is a very good story, and we’re going to jump right now to the inspiration. As you know, the name of the podcast is Cyber Inspiration. What happened a year ago? You’re quite a young company. What clicked for David — “I want to do this”? Tell me about what happened a year ago, or maybe before that, that moved you toward this company.

David DellaPelle:
Yeah, I had been building other people’s cybersecurity companies — from both the product and the revenue perspective — across AI and cybersecurity, from pre-seed through post-Series D. Helping to build these companies into unicorns.

I was also working in venture capital and doing many things at once, and I realized there were all these great solutions for the “castle walls.” Every year there were marginal improvements in endpoint, network, email, and cloud security. Companies like Wiz — which has been a North Star for us — have done amazing work.

But in the employee risk space, the technology and execution have been lacking. There needs to be a solution that can take in all relevant data about employee risk — contextual data, behavioral data, third-party tool data — and pinpoint within the company who’s creating risk, to what extent, and how.

That’s what we do. We are AI fighting AI. The data sources are increasingly disparate, which requires advanced AI engineering to connect them accurately. Once we identify who’s creating risk, our system trains people on what they’re bad at, not what they’re good at — while automating compliance.

That was the initial idea — a point solution. But what we’ve built is much bigger. We remediate risk through targeted training and integrate across the stack — network, identity, email — to increase ROI on the investments CISOs have already made.

Evgeniy Kharam:
You brought something very interesting — a great idea. In reality, we all have ideas, but few execute. After you had this idea, how did you test if it was good and actually raise money to make it real?

David DellaPelle:
Yeah, and Frank Slootman talks about this. Strategy will only get you so far; execution is what matters. The idea for Dune Security has evolved over these ten months. Initially it was smaller. I spoke with over 200 investors and about 150 to 200 CISOs during that period.

Evgeniy Kharam:
That’s very interesting — how did you get them to talk to you? Because we all get cold messages that go nowhere.

David DellaPelle:
Right — I’m not an expert in any one thing, but one thing I studied deeply at Cornell and NYU is heuristics: understanding what makes people tick. People need an emotional connection to want to talk. There has to be a “what’s in it for me.”

CISOs and security teams are tired of the current state of security awareness training. They’re jaded with standardized testing and outdated platforms. High-risk employees aren’t held accountable, and low-risk employees’ time is wasted.

Understanding that frustration and emotion helped us connect. We tapped into that pain — that sense that no matter how strong your castle walls are, it’s someone inside who lets the attacker in. That struck a chord with CISOs.

So yes, I reached out on LinkedIn or by email, and I was clear: I want your feedback. And once the vision spread, it caught fire. Now we’re working with some of the biggest companies in the world, funded by top investors, and have over seventy-three leading CISOs as advisers.

Evgeniy Kharam:
When you talk to CISOs, do you ask them to join formally?

David DellaPelle:
Yes, for some we’ve created formal advisory agreements. But overall, they’re aligned by vision — reducing the attack surface, preventing AI-powered social engineering. Everyone knows this is coming, and execution in this space has been lacking.

Evgeniy Kharam:
You’ve spoken to many CISOs and investors and raised a lot of money. What’s next?

David DellaPelle:
This is the fun part. Execution beats strategy ten times out of ten. Building the right team is everything. As Steve Jobs said, having A-players is critical. With limited resources, we focus on attracting talent that can grow with the company.

We’ve hired about one employee per month since our funding from Craft Ventures, SkyDay, and Alumni Ventures. Hiring the right people has been the most important thing I can do.

Evgeniy Kharam:
Let’s talk about culture. Did you design it intentionally or let it evolve?

David DellaPelle:
It’s both. Today actually marks our first all-hands meeting where we’re formalizing our culture, mission, and values. We’ve been instilling culture informally since the start — speed and quality of execution are everything.

Our model, inspired by Frank Slootman, starts with respect. Dune Security is an inclusive environment with a flat hierarchy that values diversity of thought. We encourage junior people to challenge senior people. We respect ourselves and each other.

Second, excellence. We aim for the highest speed and quality in everything — from product development to customer experience. There are excuses and there are results.

Third, customer. The whole company is customer-centric — not just a “customer success” department. Everyone, from engineering to sales, owns customer success.

Fourth, integrity. We uphold the highest ethical standards — meritocracy, honesty, and trust are non-negotiable.

Fifth, performance. We hire drivers, not passengers. Everyone must be mission-driven and deliver measurable impact.

And last, execution. We prioritize execution over strategy every day. A well-executed poor strategy beats a poorly executed good one.

Evgeniy Kharam:
That’s rare to hear from startups. Thank you for sharing. Let’s talk about personality — type A people are driven, but ego can cause conflict. How do you handle that?

David DellaPelle:
Great question. Ego gets a bad reputation, but knowing your value and striving for excellence is good. The problem is ego without ethics. We hire confident, capable people — but all with strong ethics and trust.

Evgeniy Kharam:
As a leader moving fast, how do you manage tasks?

David DellaPelle:
I’m a zero-inbox person. My inbox is my to-do list. I time-box in my calendar and prioritize by urgency, importance, and nice-to-have. Urgent gets done immediately. Important becomes urgent next. Nice-to-have can wait.

Evgeniy Kharam:
How do you manage across teams?

David DellaPelle:
That’s where hiring comes in. We hire drivers who own their functions. That lets me work on the company, not in it — building partnerships, closing major deals, and shaping culture.

Evgeniy Kharam:
You mentioned founders — you’re the first salesperson. How do you handle letting others sell?

David DellaPelle:
It’s hard to let go, but necessary. We posted our first sales role last October and received over 1,000 applications. I personally reviewed 200, interviewed 30, and hired Kaila as our Head of Growth — the perfect fit.

I also hired Alex as Head of Business Development. It all comes down to trust — hiring the best people and empowering them.

Evgeniy Kharam:
Your interview process is quick. Any advice for sales candidates?

David DellaPelle:
Read How to Win Friends and Influence People by Dale Carnegie. People want to work with people they like. Be genuine, be ambitious, and set big goals. Ambition isn’t arrogance — it’s accountability.

Evgeniy Kharam:
If you could go back a year, what would you do differently?

David DellaPelle:
Spend less time meeting investors. Once we started talking to customers — enterprise CISOs — everything took off. The customer is the best use of our time.

Evgeniy Kharam:
What about work-life balance?

David DellaPelle:
I don’t think balance exists if you’re building something world-changing. I work six to seven days a week. My friends are also builders; we push each other.

That said, I take care of myself. I stopped drinking alcohol, work out every morning, and meditate. You have to recharge at 50%, not 0%.

Michael and I are taking a short ski trip with friends and advisers this weekend — the first time off since founding the company. You have to be kind to yourself, too.

Evgeniy Kharam:
Let’s talk about “dark side” stories — when things didn’t go well.

David DellaPelle:
The hardest part is hiring. You have to be intentional. If someone isn’t a fit, let them go quickly — it’s kinder for everyone. We’re not a family; we’re SEAL Team Six. Everyone has to execute at a high level.

Evgeniy Kharam:
Thank you, David. You bring tons of energy. I think people will really enjoy this episode and learn a lot.

David DellaPelle:
Thank you so much, Evgeniy. It was a pleasure speaking with you today.