About
Jerry Perullo is the Founder and CEO of Adversarial Risk Management (adversarial.com), a…
Articles by Jerry
Activity
11K followers
-
Jerry Perullo shared thisJack Dorsey just cut 40% of Block's workforce. Is he unlocking AI-driven efficiency, or repositioning ahead of a structural collapse in tech company P/E multiples? Closer to home, is Claude Code Security threatening the wider cyber marketplace, or just exposing point solutions whose valuations were built on shallow moats and unrealistic growth assumptions? And did the headlines care - or notice - as Anthropic structured its for-profit business into a public benefit corporation (PBC)? Pundits wondering if Dario Amodei was shirking his fiduciary duties by holding fast in the face of the Pentagon may have to get used to the new definition - and its no longer limited to maximizing shareholder return. All that and.. yet we somehow also fit in debunking - nah, "contextualizing" Airsnitch and ETH Zürich's paper on password manager flaws. Come and get it! https://lnkd.in/e-ASNpxj #CISO #cybersecurity #airsnitch #anthropic #block #dorsey #claude #amodei #pentagon #saas #TVM #adversarialJerry Perullo shared thisNew episode alert! This week, Jerry Perullo, Mario Duarte, and Sounil Yu discuss how Anthropic is doubling down on Claude Code Security while the federal government pushes hard to swap Claude for OpenAI, raising serious questions about trust, guardrails, and supply-chain risk. Meanwhile, AirSnitch shows how cross-layer Wi‑Fi identity desync lets attackers shrug off client isolation and stage full MITM sessions, even on home routers. Get it now at https://lnkd.in/ehnviqP6 or listen on any Podcast app!S4E14 – Federal Gov vs. Anthropic, 40% layoff at Blocks due to AIS4E14 – Federal Gov vs. Anthropic, 40% layoff at Blocks due to AI
-
Jerry Perullo shared thisLast week while I was off skiing w the fam, our intrepid podcast producer Tillson Galloway dropped S4E13 of The Adversarial Podcast! It's not one to be missed. With Sounil Yu joining from Germany at the Munich Security Conference, Mario Duarte and I jumped on some super relevant current topics such as: - “AI security” fails when models inherit 20 years of industry panic. Left alone, LLMs treat every alert as DEFCON-1. Constraining AI with seasoned incident rubrics produces calmer, more deterministic outcomes and better executive decisions. - A 15-minute technical conversation beats 300 control questions. Security maturity shows up in reasoning, tradeoffs, and execution speed, not checkbox artifacts. - The real AI moat isn’t the model, it’s the scaffolding. Context engineering, procedural constraints, and execution discipline are what actually compound.| Enjoy in all the usual places including my favorite - https://lnkd.in/gzHCrxQmJerry Perullo shared thisNew podcast is up! This week, Jerry Perullo, Mario Duarte, and Sounil Yu discuss hiring AI specialists and recent threat intelligence about adversarial use of AI and residential proxies. Get it now at https://lnkd.in/epzdb8h8, https://lnkd.in/ejwwTEPv or any podcast app!S4E13 – Munich Security Conference, Gemini used by criminals, priority shifts at CISAS4E13 – Munich Security Conference, Gemini used by criminals, priority shifts at CISA
-
Jerry Perullo shared thisThis week we spent a lot of time on Bu Bounties - if there is one thing the three of us agree on it’s the value there. Then as usual we pivoted hard, this time to a Federal Reserve comm instructing cyber bank examiners to chill out. All that and more - jump in and enjoy! https://lnkd.in/d4nNYA8PJerry Perullo shared thisNew episode is up! Join Mario Duarte, Jerry Perullo, and Sounil Yu as they discuss how AI-generated bug bounty reports killed curl's bug bounty program, expensive security controls that don't work, and more! Get it on YouTube, adversarial.com/podcast, or any podcast app! https://lnkd.in/eXjNXBnsAdversarial Podcast S4E12 – Curl shuts down bug bounty, expensive but ineffective security controlsAdversarial Podcast S4E12 – Curl shuts down bug bounty, expensive but ineffective security controls
-
Jerry Perullo shared thisWhat Iran’s internet shutdowns taught us about enterprise security... Today's episode of The Adversarial Podcast sparked a conversation that hit uncomfortably close to home for security leaders. Watching how information escapes authoritarian control systems is a mirror for how employees route around enterprise security. A few takeaways worth chewing on: • Extreme control doesn’t equal real security Internet blackouts and surveillance create fear, not safety. In companies, overly restrictive controls do the same thing: they drive workarounds. • Controls mostly catch “stupid,” not clever Whether it’s a nation-state or a Fortune 500, people who need to get around controls usually can. DLP, logging, and monitoring are often retrospective - not preventative. • Detection is oversold; enforcement is rare We love to say “we’re monitoring.” In reality, logs are used after something goes wrong. Deterrence only works when consequences are real—and in enterprises, they rarely are. • Privacy tools are misunderstood VPNs, Tor, and anonymization matter when the adversary is a hostile state. For the average person or company, they’re often a distraction, and sometimes increase risk. • Culture is a security control Running security like an authoritarian regime damages trust, hiring, and velocity. Most people would rather work in “Norway” than “North Korea.” • Most breaches aren’t hacks - they’re logins Password reuse and weak authentication still dominate real-world incidents. MFA and password managers beat most shiny tools. • Prioritize the threat that actually matters Not every company should obsess over data exfiltration. For many, extortion and operational disruption are the real risks. • Architecture beats policy If employees can casually access and export sensitive data, the problem isn’t awareness - it’s system design. • Less awareness, done better If you get four seconds of attention per year, focus on the few things that actually move the needle. “See something, say something” still works. Security isn’t about maximum control. It’s about intentional tradeoffs aligned to real threats. It's a good one - https://lnkd.in/gzHCrxQm #adversarial #podcast #iran #protests #starlink #CyberSecurity #RiskManagement #CISO #Governance #SecurityCulture #awarenessJerry Perullo shared this🚨New episode alert! 🚨 This week, Jerry Perullo, Mario Duarte, and Sounil Yu discuss the Iranian Internet blackout, whether cybersecurity practitioners should focus on geopolitical threat intelligence, and more! Check it out on YouTube, podcast apps, or at https://lnkd.in/gCaGUuDG! https://lnkd.in/epJ853ndAdversarial Podcast S4E11 – Iran Internet blackout, threat intelligence, cyber framework alignmentAdversarial Podcast S4E11 – Iran Internet blackout, threat intelligence, cyber framework alignment
-
Jerry Perullo shared thisI'm going to be in Vegas in a couple of weeks at AWS re:Invent, speaking at Cloudflare's Trust Forward side summit on Wednesday night with Ramy & The Drossman (best band name ever). I've done something like this with Cloudflare before, and I can say their events are awesome - intellectually legitimate, insightful, candid, and no fluff. While we might enjoy a beer or two, we won't be talking just college football and golf handicaps here. Packets. Realistic GenAI acceptable use policies. Probabilistic compliance with deterministic rules. That sort of thing. I'd love to catch up with my security and technology friends in town! Bring it via: https://lnkd.in/geqtq3bM
-
Jerry Perullo shared thisCloudflare experienced a rare outage yesterday, and as has been the case since inception senior leadership and specifically Matthew Prince went on to not only put on a clinic in mea culpa and taking responsibility, but also in just sheer engineering competence. It's one thing to say "we screwed up," and it's what differentiates the top 5% of enterprises. But it's a totally separate and unicorny thing for anyone at the company, no less the CEO, to stop the presses and dig this deep and masterclass their own infrastructure to this level. The ops challenge for a CEO of any scale - no less a $70b market cap company - is usually to ensure operational excellence DESPITE not being able to comprehend all the minutia any more. But what if you COULD grok it all.. somehow? Sit back and see: https://lnkd.in/gZU-mhxV
-
Jerry Perullo shared thisWe dug through some recent reports on "Adversarial AI" to differentiate conflicted hype from reality, and confirmed the world isn't on fire quite yet. We also stepped through some interesting comparisons between a State of Nevada ransomware incident and the Jaguar Land Rover saga, and so much more! Enjoy!Jerry Perullo shared thisNew episode is out! This week, Jerry Perullo, Mario Duarte, and Sounil Yu talk about AI ransomware FUD, the Louvre's cyber audit, Nevada's response to ransomware, and more! Check it out out at https://lnkd.in/ejwwTEPv, on YouTube, or on any podcast app! https://lnkd.in/e8tE73zqAdversarial Podcast S4E07 – The password is "Louvre", AI ransomware, Nevada stands up to ransomwareAdversarial Podcast S4E07 – The password is "Louvre", AI ransomware, Nevada stands up to ransomware
-
Jerry Perullo shared thisI spent yesterday at an Amazon's ATL2 Fulfillment Center at an NACD (National Association of Corporate Directors) event on AI governance. Thank you Cindy Baerman, Marina Finnegan, and the Atlanta Chapter for an outstanding event at a mind-blowing facility - and Bill Durham and Amazon Web Services (AWS) for the content and tour! With a rare occasion to actually drive somewhere, I got to listen to the latest episode of The Adversarial Podcast, which we released that very morning. It sounds weird to listen to your own podcast, but it's genuinely my favorite. There are a few gems in there that escaped the release notes including: On CRQ and FAIR: "Our F5 devices have management interfaces exposed to the internet... assigning a dollar value to that is asinine." And on the SOC2 industry: "It used to cost you $80,000 for a load of crap, and now it costs you $6000 for a load of crap... that is a net positive!" I encourage you to dig in for a really candid, no-sponsor (aka unconflicted) take from 3 retired CISOs-turned Founders on the cybersecurity world. adversarial.com/podcast
-
Jerry Perullo shared thisLove these guys - absolutely crushing a critical space with innovation, customer service, and execution. If you happen to use email at your business you should check them out.Jerry Perullo shared thisExcited to share we (Sublime Security) raised $150M in Series C funding to accelerate our roadmap and global impact. Our adversaries operate like businesses with objectives and resource constraints. With AI, constraints like time and skill are gone, enabling faster and more sophisticated, varied, and targeted attacks at scale with higher returns. We built Sublime to stop this next generation of attacks and fight fire with fire. Over the past year, we launched our first two Agents for autonomously triaging threats and auto-adapting detection coverage. Over the coming months, we'll continue to invest in our team of Agents to do more for our customers, with the transparency and control that enhances work instead of creating friction. I'm incredibly grateful for the trust and support of our customers, partners, team, and investors. We're just getting started. Russell Moore, Georgian Cack Wilhelm, IVP Jahanvi Sardana, Shardul Shah, Index Ventures Dan Nguyen-Huu, Jon Sakoda, Decibel Partners Sam Lessin, Will Quist, Slow Ventures Jared Sleeper, Avenir Dick Costolo, Adam Bain, David Fischer, 01 Advisors Nick Sands, Citi Ventures Dmitri Alperovitch, Jon Oberheide, Nicole Perlroth Read the full announcement here: https://lnkd.in/epR84qcMSublime raises $150M Series C to arm defenders for the post-LLM world · Blog · Sublime SecuritySublime raises $150M Series C to arm defenders for the post-LLM world · Blog · Sublime Security
Jerry Perullo commented on a post
1d
This is true. In a world of vendor
puffery and exaggeration, it’s worth pointing out when one is just telling the truth. You are crushing this.
Jerry Perullo replied to a comment
1w
yeah exactly. I wrote that in the airport and then brainstormed into the flight, and there is clearly a better version of "like this result? thumbs up/down." An interesting wrinkle is when you want to use this to vet new models, as it basically means you want to drop a new model on a production customer for a sample of items.. ouch again. But nothing is insurmountable!
Jerry Perullo commented on a post
1w
What a great, nerdy topic close to home.
We talk about this pretty regularly, and like everything of course it gets complicated quickly!
Specifically, for AI functionality in "customer tenant model" SaaS platforms, there is nothing like legitimate customer data. But how do you regression test evals against new models or prompt changes without accessing that data or copying it to another environment? It's a massive no-no. So you end up having to run evals on fake or heavily redacted data, and with probabilism it's hard to trust clean tests on that data will translate into clean behavior in production. It feels like over time we may have to build intra-tenant eval logic that can stay within a customer environment, re-run their data with new parameters, summarize the deltas, and then wait for them to approve sharing the meta data of those back up to the SaaS provider. Ouch.
And then there is the narrative output - like creating a Board deck. Evaluating that quality and accuracy is persisted in a naturally non-deterministic output like that is so tough to do with scale.
But I guess if it was easy everyone would do it : )
-
Jerry Perullo liked thisJerry Perullo liked thisMet Gambit and won @ Hacklanta all in one day. Had a blast building CounterStack with Abrar Sarwar, john sang, and David Salas Carrascal! We built a cybersecurity platform that simplifies an organization's complex cybersecurity posture into a single poker hand, enabling users to pit their organization against different threats in a gamified environment. You can check out our project here at https://counterstack.dev/ A huge thank you to our mentors, Devin Hicks, Nick San George, Yulduz M., NUR HAQUE and Robert Jordshaugen, MBA for their valuable insights. Between the laughs and the feedback, you all helped push the project into its final version. A special shoutout to Jerry Perullo, Emran H., Corey Hall, and Demecos Chambers for pushing us to think beyond the hackathon and helping us map out how CounterStack can actually grow into something real. And finally, massive props to joey zhang and progsu for pulling this amazing event together in just 5 weeks.
-
Jerry Perullo liked thisJerry Perullo liked thisI just made history. -attended my first hackathon at gsu’s biggest hackathon in recent time, hacklanta (progsu’s first hackathon chapter) -won first place -helped set up this huge event -built counterstack with Abrar Sarwar Luigi Fernandez, and David Salas Carrascal to take home the win -learned a lot about cyber security and all the things that go into a good product -learned that being bold and willingness to put the work in will always pay dividends hacklanta was built in 5 weeks, with countless sleepless nights, and a determination to make an impact. so to all of the progsu exec team personally, I’ve seen all the work you guys put in and I am so proud of each and everyone of you for being a part of this event. thank you for being goated people and keep shining wherever you go special shoutout to: joey zhang for making this whole thing possible, and for being a BEAST. I truly don’t know anyone who works harder than you. thank you for bringing me on the board to contribute to something so awesome, I really appreciate you for giving me the chance to meet so many awesome people and build something cool lastly, thank you to Jerry Perullo, Emran H., andy, Yulduz M., Devin Hicks, Nick San George and Marc Donatien Jr. for sitting down with us and giving us advice, couldn’t have done it without yall our project counterstack is a cyber security tool used to make learning complex cybersecurity concepts more intuitive, fun and simple. check it out at counterstack.dev #hacklanta #hackathon #win
-
Jerry Perullo liked thisJerry Perullo liked thisTwo things that struck me about RSA this year: 1. AI security is meaningless. There is an emerging recognition from security teams and vendors alike that we need to drop down a level of abstraction and stop talking about “AI Security” or “Agent Security”. Remember past waves of technology transformation such as Internet, Mobile, or Cloud. Each one of these started off with the similarly meaningless appeals, for example, to have “Internet security”. At the time no-one knew what this meant either. It took dropping down a level of abstraction for us to make progress. Understanding the need for firewalls, intrusion detection, web server security, browser security, application security, penetration testing, and so on yielded such clarity. We are just starting to see the same happen with AI/Agentic security. The vendors that make sense of the right (not necessarily analyst driven) categories will win. The companies that shape this with vendors and for themselves will also win. 2. The quiet before the storm. Perhaps I’m being overly dramatic but I was surprised with the generally relaxed tone about the impending wave of vulnerabilities and the extent of industrialized attackers coming in the coming quarters. Everyone seems to know vulnerability management isn’t where it needs to be in most companies and what’s coming will pile on the pressure. This was contrasted with the recent [Un]prompted conference, also in San Francisco, where there was a palpable sense of amazement, and concern, at the utility of current models for vulnerability research and exploitation. I still think things are going to get wild: https://lnkd.in/eGqg4npb
-
Jerry Perullo liked thisJerry Perullo liked this⭐ On Thursday of RSA, we take a break and spend time together at what we call the CISO UnConfrence. This marked our 3rd annual and it did not disappoint. ⭐ We spend the day talking strategy, what works, and what doesn't. We challenge each other and create a space where we can openly and transparently talk about challenges and encourage each other. ❤️ I am so grateful to be able to spend the day with such amazing leaders. ❤️ Thank you everyone for the authentic participation and thank you Bryan Payne for hosting us a the Adobe HQ. Nate Lee your picture was too good not to share. 😉 Josh Yavor TC NiedzialkowskiDevin ErtelStan L.Ryan GurneyAssaf KerenMatthew MyrickMatt HillaryKyle TobenerAaron StanleySara LazarusChuck KeslerJoanna ChenJerry PerulloAndrew BechererScott KisserBen CalvertAdam ArellanoDamian HasseSteve ZalewskiScott RobertsAndy SteingrueblKristen BeneduceNils PuhlmannDavid BradburyEsteban GutierrezBrandon SterneYaron LeviAanchal GuptaNate LeeElliot ColquhounMartin Choluj Bob LordKurt SauerJohn KennedyYassir Abousselham Bil Corry
-
Jerry Perullo liked thisTeamPCP compromised very popular telnyx library. Beware of the exposure. Implement controls before it is too late.Jerry Perullo liked this🚨 RL Research Alert! Look out for compromised versions 4.87.1 and 4.87.2 of telnyx PyPI package with more than 3.75 million downloads. https://lnkd.in/d9GF3y_S It is the latest victim in the ongoing TeamPCP supply chain campaign. Previous victims include Trivy, Checkmarx and LiteLLM. Ultimate goal is exfiltration of cloud secrets like observed in previous attacks. Malicious code is added to telnyx/_client.py file. New C2 server is 83[.]142.209.203telnyx@4.87.2 - PyPI | ReversingLabs Spectra Assure Communitytelnyx@4.87.2 - PyPI | ReversingLabs Spectra Assure Community
-
Jerry Perullo liked thisJerry Perullo liked thisEveryone’s talking AI + Cyber + Iran. I did too this week with my dear friend Jon Fortt, CNBC. But the part I actually remember? .. Swapping stories about our boys .. Re-learning music .. Celebrating life milestones We spend so much time preparing for what’s next. We forget to notice what’s already here. #WhatMakesYouHuman?
Experience & Education
-
Adversarial Risk Management
View Jerry’s full experience
See their title, tenure and more.
or
Licenses & Certifications
Publications
-
The Definitive Cybersecurity Guide for Directors and Officers
New York Stock Exchange and Palo Alto Networks
Patents
-
Multi-signature verification network
Issued US 10621579B2
See patentThis patent describes a novel method for applying on-chain multi-signature verification to create a payment system satisfying several unique criteria. First, it removes reliance on any single depository institution to hold customer assets. Second, it provides an alternative revenue stream for traditional depository institutions aligned with their investment banking experience. Finally, it minimizes fraud by aligning the interests of the financial institutions with those of the consumer. The…
This patent describes a novel method for applying on-chain multi-signature verification to create a payment system satisfying several unique criteria. First, it removes reliance on any single depository institution to hold customer assets. Second, it provides an alternative revenue stream for traditional depository institutions aligned with their investment banking experience. Finally, it minimizes fraud by aligning the interests of the financial institutions with those of the consumer. The system creates a competitive algorithmic market to assess and compete to acquire transaction risk at the individual payment level in real-time. Consumers begin a transaction; multiple banks assess the risk with micro latency similar to high frequency trading systems; and the consumer picks the best rate and has the transaction guaranteed against fraud - automatically if they wish.
Other similar profiles
Explore more posts
Explore top content on LinkedIn
Find curated posts and insights for relevant topics all in one place.
View top content