Tech Optimist Podcast: User Error in Cybersecurity

Mike Collins:
In a world captivated by criticism and negative headlines, it’s easy to overlook the power of the technologies propelling us forward. At Tech Optimist, we explore the vibrant intersection of technology and entrepreneurship, shining a light on innovators who are building a better future.

As members of one of the most active venture capital firms in the United States, we have a unique vantage point into the real-world impact of technology. Join us as we explore, celebrate, and contribute to the stories of those creating tomorrow.

Welcome to the sixth episode of The Tech Optimist Podcast. On this show, we cover the intersection of technology, venture capital, and entrepreneurship. Episode six might be our best show yet. Thanks for joining us.

We have three segments for you today.

In the first block, I talk with David DellaPelle, co-founder and CEO of Dune Security, a company using AI in cybersecurity. Dune is interesting because it focuses deeply on the human factors that drive cyber risk. If you’ve read the news, you know this is one of the biggest weak links in cybersecurity defense. It’s a fascinating conversation, and I hope you enjoy it.

In block two, Pete Mathias speaks with Matthew White, co-founder and CEO of Multitude Insights, a company helping police departments share critical information. It’s a powerful story about how technology can transform public safety.

And finally, in block three, I talk with Drew Wandzilak, a senior associate at Alumni Ventures, about what’s happening in space technology—what’s interesting, what’s investable, and where we’re headed.

As always, this podcast is for informational purposes only. It’s not financial advice or an offer to buy or sell securities. For more details, see the disclosure linked in this episode description.

Let’s get started with Dune Security and David DellaPelle.

Mike Collins:
David, thanks for joining us today. Tell us a little bit about Dune Security.

David DellaPelle:
Thanks, Mike. I’m really excited to be here. Dune Security is a paradigm shift in enterprise cybersecurity. For too long, the focus has been on endpoints and networks, but about 80% of breaches start with employee error.

What we do is take in all the relevant data across a company and pinpoint who is creating risk, to what extent, and how. In doing so, we reduce the attack surface created by human behavior—the biggest vulnerability in enterprise security today.

Mike Collins:
You’re still early in your journey, right?

David DellaPelle:
That’s right. We’re less than a year in. We incorporated in May of last year and had an amazing first year working with some of the biggest enterprise security teams and brand-name companies.

We’re also fortunate to have great investors, including Alumni Ventures, Craft Ventures, Sequoia Scout Fund, Firestreak Ventures, and Antler. It’s been a great start.

Mike Collins:
My sense is that a lot of what you’re addressing is the human side of cybersecurity—the psychology, the error, the biases. That’s where most breaches start, right?

David DellaPelle:
Exactly. The human piece is massive. And you’re right—"error" isn’t always fair to call it. It’s about psychology, heuristics, and how people think. Attackers understand that and exploit it.

So yes, we’re dealing with the behavioral side of cybersecurity. This is where many of the vulnerabilities are. And I believe it’s the biggest problem in cybersecurity today.

For years, companies have built amazing castle-wall solutions—network security, endpoint protection, identity management. But the human layer has been left behind. There’s been very little innovation in addressing real-world employee behavior.

Mike Collins:
That’s fascinating. So, give us a sense of how you engage with a customer and what that experience looks like.

David DellaPelle:
We kicked off with one of the largest investment management firms, and we designed our approach to delight the user from the start.

We talk internally about creating a “10-star experience.” That idea came from Brian Chesky at Airbnb—don’t just give someone a clean space; pick them up at the airport, hand them champagne, and make the experience remarkable.

For us, that means going beyond the basics. We make risk transparent. Users can see their own risk profile clearly, and that visibility goes viral inside organizations. It creates a sense of shared responsibility for security.

That’s something everyone talks about, but few have actually achieved. We’re proud that we’ve built a platform where that happens organically.

Mike Collins:
That’s interesting—so you’re saying the psychology of shared visibility and accountability actually helps the system manage itself.

David DellaPelle:
Exactly. If you surface the right data, the organization starts to self-correct. People understand where they stand and want to improve.

And you’re right, it’s an arms race. Attackers exploit human psychology and biases, but we can use those same insights to strengthen awareness, accountability, and resilience.

Mike Collins:
And the AI piece seems critical to that, right?

David DellaPelle:
It’s huge. Standardized testing and quarterly phishing simulations are going away. AI can now automate risk identification and training.

We’re replacing old, manual, back-office processes with intelligent automation that adapts to each user. Governance, risk, and compliance teams—who are our power users—can finally move beyond endless manual configuration.

For example, our system automatically trains people on what they’re bad at, not what they’re already good at. It ensures compliance while targeting actual weaknesses.

And for the small group—maybe 3 to 5 percent of users—who are truly careless or negligent, the platform provides data to security leaders so they can enforce stronger controls, like higher email filters or restricted access.

Mike Collins:
That’s impressive. And of course, attackers are also using AI now, which changes the game.

David DellaPelle:
Exactly. Attackers can now target thousands of companies in the time it used to take to target ten. You can’t fight that scale manually. It’s like bringing a knife to a gunfight.

That’s why we believe you have to fight AI with AI—use automation and intelligence to protect at the same speed and scale as the threat.

Mike Collins:
Let’s talk about your founding story. What led you to start Dune?

David DellaPelle:
Honestly, my path wasn’t planned—it found me. In my early 20s, I was impatient to learn and grow, so I worked relentlessly. I held two full-time jobs at once, earned my MBA, and helped build a network security company that later exited at a unicorn valuation.

I spent years helping build AI and cybersecurity startups from pre-seed through post-Series D, including AppOmni, Perimeter 81, and others. My last role was leading security product strategy at a cyber insurance company called App. That’s where I saw the same issue over and over—the human side wasn’t being solved effectively.

When I left, it was clear to me that this was the next big opportunity.

Mike Collins:
And how did you meet your co-founder?

David DellaPelle:
It’s a funny story. We met by chance on a flight to the Portuguese island of Madeira. There was a four-hour delay at JFK because of a cybersecurity issue—all the computers were down, and everything was being checked in manually.

We got to talking on the plane and realized we had complementary skills. I pitched him the idea when we landed—actually, in the Azores, because the flight was diverted. He had spent 12 years building AWS data science platforms for Fortune 50 clients at Accenture. It was a perfect fit.

Mike Collins:
That’s a great story—serendipity meets timing.

David DellaPelle:
Exactly. And what’s interesting is that our initial idea was much simpler. We thought we’d just build a better security awareness training platform—one that trains people only on what they’re bad at and saves time for everyone else.

From there, the idea evolved into something much bigger: quantifying individual user risk across identity, behavior, and data systems. It’s been a natural evolution, not a pivot.

Mike Collins:
So, what’s your big ask right now? How can our network help you?

David DellaPelle:
The world has changed. The corporate network is now the public internet, and it’s impossible to build castle walls high enough to keep attackers out. The human element is the true perimeter.

My ask is simple: if anyone listening believes cybersecurity must become more human-centric—focused on users, not just systems—reach out. That’s the future we’re building.

Mike Collins:
Well said. And you’re right—this isn’t something organizations can wait to fix.

David DellaPelle:
Exactly. Sometimes prospects tell us they’ll revisit in a year, and we always respect that. But we know many will come back, because these problems don’t go away—they only get more urgent.

Mike Collins:
Before we wrap up, I like to ask founders about a personal productivity habit or mindset that’s helped them most.

David DellaPelle:
For me, it’s sacrifice and discipline. My co-founder and I have made the business our top priority. Of course, you must care for your health and family—that’s essential—but beyond that, success requires total commitment.

I stopped drinking, I work out nearly every day, and I’ve built my life around focus and purpose. Once you find a vision that truly aligns with you, those sacrifices don’t feel hard—they feel natural.

I remember a mentor telling me, once you have a long-term vision, the short-term decisions become easy. That’s exactly how I feel about Dune.

Mike Collins:
That resonates deeply. I started Alumni Ventures later in life, and when I realized it was the right move, I went all in. Being a founder is about total focus. You can’t hedge.

And yes, it’s hard—but it’s also the most rewarding thing you can do.

David DellaPelle:
I agree completely. The harder the challenge, the more fulfilling it becomes. Taking on big responsibility creates meaning.

Mike Collins:
Exactly. The most rewarding things in life—whether relationships, family, or building a company—take time, discipline, and endurance.

David, thank you for your time. Keep up the great work with Dune. It’s an incredibly important mission.

David DellaPelle:
Thank you, Mike. I really appreciate it.

Mike Collins:
We’ll take a quick break so I can tell you about the Deep Tech Fund from Alumni Ventures. AV is one of the only VC firms focused on making venture capital accessible to individual investors. We’re also one of the most active and best-performing VCs in the United States, co-investing alongside top-tier investors.

With the Deep Tech Fund, you can invest in companies building innovative solutions to major technical and scientific challenges—ventures that redefine industries, create a more sustainable future, and have the potential to deliver significant financial returns.

If you’re interested, visit us at av.vc/funds/deeptech.

Now back to the show.

Next up in block two is Pete Mathias with Matthew White, co-founder and CEO of Multitude Insights.