Kenneth Kasuba

Secure AI automation at scale.
10x velocity, without 10x risk.

I’m a Principal Security Engineer + Researcher who designs and scales modern security strategies. Risk ownership, innovation, and leadership across AI, cloud, Kubernetes, and AppSec, proven secure through adversarial simulation.

View Resume STRATA-8 and AI Purple Ops

Get security research in your inbox

Selected Impact

Program ownership, guardrails, and adversary-driven validation work.

Defined security strategy and roadmaps for SaaS and enterprise clients as Director of Security and AI Research.
Built CI/CD guardrails with pre-merge enforcement using SAST, DAST, SCA, SBOM gating, and policy-as-code workflows.
Hardened AWS and GCP environments with org-level audit logging, encryption baselines, least-privilege IAM patterns, and alerting for anomalous access.
Standardized Kubernetes security using Pod Security Standards, OPA/Gatekeeper policies, and RBAC normalization to reduce attack paths.
Led cloud and container adversary emulation and turned findings into detection and incident response playbooks with engineering teams.

Core Expertise

Security program ownership, AI agent validation, and cloud-native hardening.

Security Program Ownership

Roadmaps, risk framing, executive readouts, and cross-functional execution across AppSec, cloud, data, and AI risk in audit-driven environments.

Strategy AI Governance Governance

AI Security and Agent Validation

Threat modeling and adversary-driven validation for MLops, RAG, MCP, and agentic AI systems, including tool access, memory, data egress paths, and guardrail testing.

GenAI MCP MLops

Cloud and Kubernetes Security

AWS and GCP security baselines, IAM patterns, logging, and Kubernetes hardening for EKS and multi-tenant clusters.

AWS GCP Kubernetes

AppSec and DevSecOps Guardrails

Secure SDLC enablement with CI/CD enforcement, policy as code, and evidence generation that engineering teams can sustain.

Shift Left Secure CI/CD Penetration Testing

Writing

Your First 90 Days in AppSec Are Political, Not Technical

The biggest mistake I see new AppSec leads make isn't technical. It's political. They buy a SAST tool, scan everything, generate 40,000 findings, and wonder why engineering treats them like an adversary by week six.

Mar 13, 2026 Read more →

I Spent a Year Breaking AI Agents. Most Aren't Ready.

Last spring I red teamed an AI agent that managed AWS infrastructure. I fed it a poisoned Terraform plan and had full admin access in four minutes. That engagement broke something in my head about how we think about AI security.

Jan 22, 2026 Read more →

Every EKS Cluster I Audit Has the Same Five Problems

Last quarter I got handed a 'production-ready' EKS cluster. 400 pods running as root with hostNetwork, one IAM role with s3:* on the whole account. It had been running this way for eleven months. That's not an outlier. It's the median.

Dec 12, 2025 Read more →

View all writing

Qualified Credentials

Industry-recognized certifications with verifiable identifiers

CISSP

Certified Information Systems Security Professional

Certified since 2020

View writeup Verify credential

AWS DevOps Professional

AWS Certified DevOps Engineer - Professional

Certified since 2022

View writeup Verify credential

View all certifications

Featured Projects

STRATA-8 Framework

Evidence-first discovery model for agentic AI security that maps topology, trust boundaries, state, memory, permissions, and validation into a repeatable assessment.

Read the framework View writeup

AI Purple Ops

Open-source validation harness for LLM and agent security testing with repeatable suites, evidence packs, and exportable reporting.

View project View writeups

Let's Build Something Secure

Need AI security validation, cloud hardening, or leadership insights? Let's talk about building controls that scale with your engineering velocity.

Connect on LinkedIn Read more