Kenneth Kasuba

Secure AI automation at scale.
10x velocity, without 10x risk.

I’m a Principal Security Engineer + Researcher who designs and scales modern security strategies. Risk ownership, innovation, and leadership across AI, cloud, Kubernetes, and AppSec, proven secure through adversarial simulation.

View Resume STRATA-8 and AI Purple Ops

Subscribe to newsletter

Selected Impact

Program ownership, guardrails, and adversary-driven validation work.

Owned security strategy and roadmaps for SaaS and enterprise clients as fractional Head of Security and vCISO.
Built CI/CD guardrails with pre-merge enforcement using SAST, DAST, SCA, SBOM gating, and policy-as-code workflows.
Hardened AWS and GCP environments with org-level audit logging, encryption baselines, least-privilege IAM patterns, and alerting for anomalous access.
Standardized Kubernetes security using Pod Security Standards, OPA/Gatekeeper policies, and RBAC normalization to reduce attack paths.
Led cloud and container adversary emulation and turned findings into detection and incident response playbooks with engineering teams.

Core Expertise

Security program ownership, AI agent validation, and cloud-native hardening.

Security Program Ownership

Roadmaps, risk framing, executive readouts, and cross-functional execution across AppSec, cloud, data, and AI risk in audit-driven environments.

Strategy vCISO Governance

AI Security and Agent Validation

Threat modeling and adversary-driven validation for MLops, RAG, MCP, and agentic AI systems, including tool access, memory, data egress paths, and guardrail testing.

GenAI MCP MLops

Cloud and Kubernetes Security

AWS and GCP security baselines, IAM patterns, logging, and Kubernetes hardening for EKS and multi-tenant clusters.

AWS GCP Kubernetes

AppSec and DevSecOps Guardrails

Secure SDLC enablement with CI/CD enforcement, policy as code, and evidence generation that engineering teams can sustain.

Shift Left Secure CI/CD Penetration Testing

Writing

Hand drawn abstract illustration of a head silhouette with connected nodes and subtle security symbols, representing hacker intuition and systems thinking in cybersecurity.

The Hacker's Intuition

Most security training teaches you to follow patterns. Real hacking demands something else. Hacker intuition is the discipline of building a mental model, spotting the seams where systems disagree, and proving it with quiet, high signal tests.

May 31, 2024 Read more →

View all writing

Qualified Credentials

Industry-recognized certifications with verifiable identifiers

CISSP

Certified Information Systems Security Professional

Certified since 2020

View writeup Verify credential

AWS DevOps Professional

AWS Certified DevOps Engineer - Professional

Certified since 2022

View writeup Verify credential

View all certifications

Featured Projects

STRATA-8 Framework

Evidence-first discovery model for agentic AI security that maps topology, trust boundaries, state, memory, permissions, and validation into a repeatable assessment.

Read the framework View writeup

AI Purple Ops

Open-source validation harness for LLM and agent security testing with repeatable suites, evidence packs, and exportable reporting.

View project View writeups

Let's Build Something Secure

Need AI security validation, cloud hardening, or leadership insights? Let's talk about building controls that scale with your engineering velocity.

Connect on LinkedIn Read more