In the latest episode of the Security by Default podcast, host Joe Carson sits down with seasoned cybersecurity expert Filipi Pires for a thought-provoking conversation on one of the most critical—and often overlooked—aspects of modern security: identity threats.
With over a decade of experience spanning both technical and sales roles, Filipi brings a well-rounded perspective to the discussion, highlighting the growing importance of identity in the evolving cybersecurity landscape. Their conversation offers valuable lessons for practitioners, business leaders, and anyone invested in building more resilient, security-conscious organizations.
Why Identity Is the New Battleground
In today’s threat landscape, identity has become a prime target for attackers. As Filipi points out, it’s no longer just about exploiting systems or networks. Gaining access to identities unlocks the keys to the kingdom.
“Identity is central to everything we do in security,” Filipi explains. “If you compromise an identity, you bypass so many of the traditional controls.”
This shift has elevated the role of identity threats from phishing and credential theft to privilege escalation and misuse of misconfigured accounts. Yet many organizations still underestimate how misconfigurations, overlooked credentials, and legacy identity systems can quietly erode their defenses.
Misconfigurations: The Silent Weakness
One of the recurring challenges discussed in the episode is the persistent problem of misconfigurations. Despite advancements in technology, simple oversights—such as exposed administrative accounts, poorly managed permissions, or forgotten legacy systems—remain among the top causes of breaches.
Filipi emphasizes that misconfigurations aren’t always the result of negligence. Often, they stem from complexity, rapid growth, or lack of visibility. That’s where the concept of observability becomes critical.
“You can’t secure what you can’t see,” Filipi reminds us. “Observability gives you the insight to spot weak points before attackers do.”
Tools Are Just the Beginning
With countless cybersecurity tools flooding the market, Filipi and Joe caution against becoming overly reliant on technology without understanding the underlying techniques.
“Tools are there to help you learn and uncover patterns,” Filipi says. “But if you don’t understand how attackers operate, the tools alone won’t save you.”
This mindset aligns with the growing emphasis on research, experimentation, and reverse engineering in the community. It’s through continuous learning and hands-on exploration that defenders stay ahead of adversaries.
Community, Learning, and Respecting the Journey
Beyond technical skills, both Filipi and Joe underscore the importance of community engagement in cybersecurity. Conferences, podcasts, online forums, and mentorship all play vital roles in building collective knowledge.
Filipi shares a personal reminder for anyone navigating their cybersecurity career:
“Respect the journey. Everyone starts somewhere, and growth comes from persistence and curiosity.”
Whether you’re a seasoned expert or just starting out, cybersecurity is a field where being humble, learning, and community matter as much as technical prowess.
Final Thoughts: Building Identity-Aware, Resilient Security
This episode reinforces a key message for modern defenders: protecting identities isn’t optional—it’s foundational to cybersecurity resilience.
By addressing misconfigurations, prioritizing observability, leveraging tools with purpose, and staying engaged with the community, organizations can build stronger defenses against evolving identity threats.
As the conversation between Filipi Pires and Joe Carson reminds us, effective cybersecurity is never static. It’s a continuous process of learning, adapting, and respecting the complex, human-driven journey that defines our industry.
Listen to the full podcast episode on the Security by Default podcast Now!
Catch Filipi Pires at Three Cybersecurity Conferences This August
Filipi Pires is hitting the summer circuit with a powerful trio of talks across BSides Las Vegas, Black Hat USA, and DEF CON 33 each focused on identity, cloud misconfigurations, and practical security tooling.
- 📍 BSides Las Vegas
Talk: Machine Identity & Attack Path: The Danger of Misconfigurations
Date & Time: Tuesday, August 5 | 2:00–2:45 PM (GMT+1)
Filipi explores how attackers exploit misconfigured security and unmanaged machine identities in multi-cloud environments. Learn how to visualize IAM risks using open-source tools like SecBridge, Cartography, and AWSPX. - 📍 Black Hat USA – Arsenal Station 3
Talk: APIDetector v3 – Advanced Swagger Endpoint Scanner with Real-time Web Interface
Date & Time: Thursday, August 7 | 1:00–1:55 PM
Get hands-on with APIDetector v3, the latest version of an advanced tool for finding exposed Swagger/OpenAPI endpoints. Now with real-time results, screenshot capture, and bulk scanning support. - 📍 DEF CON 33 – Cloud Village
Talk: Transforming Identity Protection: Innovating with AI and Attack Paths
Date & Time: Friday, August 8 | 2:10–2:40 PM (GMT+1)
Discover how generative AI and graph visualizations can predict and prevent misconfigurations across AWS, Azure, GCP, and OCI. Filipi showcases tools like Neo4j and Memgraph to map identity risk and attack paths in the cloud.
Whether you’re a cloud defender, API hunter, or identity strategist, Filipi’s talks deliver the tools and insights to secure your ecosystem against today’s threats.
If you want to see firsthand how protecting identities can transform your organization’s security, don’t miss the chance to discover Segura®’s platform.
Our solution is designed to help organizations identify vulnerabilities, prevent misconfigurations, and enhance visibility into identity usage—all in a simple and effective way.
Ready to take the next step toward truly resilient defense? Request a free demo of Segura® now and discover how we can strengthen your company’s security together!
About Segura®
Segura® strive to ensure the sovereignty of companies over actions and privileged information. To this end, we work against data theft through traceability of administrator actions on networks, servers, databases and a multitude of devices. In addition, we pursue compliance with auditing requirements and the most demanding standards, including PCI DSS, Sarbanes-Oxley, ISO 27001 and HIPAA.
About Version 2 Digital
Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.
Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.
