On this episode of Cyber Security Matters, hosts Harry Baldwin and Matt Rose sit down with Michael Waite, Co-founder and CTO of Dune Security. Michael shares his journey from enterprise consulting to building a venture-backed startup tackling one of security’s stickiest problems: the human element.

Episode Summary

Michael discusses how traditional security awareness training fails to change human behaviour and why the threat landscape has shifted dramatically toward off-channel attacks via WhatsApp and encrypted apps. He reveals how attackers are using AI-powered voice cloning and open-source intelligence to launch sophisticated social engineering campaigns, and shares his personal security practices. Michael also explains how Dune Security uses AI defensively to quantify individual risk and drive targeted interventions that achieve a two-order-of-magnitude improvement in employee security posture.

Key Topics Covered

• The transition from hands-on-keyboard building to strategic leadership as a startup scales
• How Dune’s CISO Advisory Council shaped the product from day one
• Why soft skills and curiosity matter more than technical expertise in hiring
• The shift from email phishing to off-channel attacks on personal devices
• Real-world examples including the MGM breach and $50 bribes in lower-cost delivery centres
• Personal security practices anyone can adopt
• Using AI defensively for individual-level risk quantification

Chapters

• 00:00 – Introduction
• 01:12 – How Michael got into cybersecurity
• 04:43 – Key influences and leadership lessons from consulting
• 07:05 – Mindset shift from consultant to co-founder/CTO
• 09:05 – Building the CISO Advisory Council
• 10:59 – Talent acquisition strategy and team building
• 13:51 – The skills shortage debate and what really matters in hiring
• 16:58 – The state of enterprise security and the human element
• 19:42 – Off-channel attacks and the WhatsApp threat
• 23:03 – What motivates attackers: bribes, data, and disruption
• 25:00 – Why no business is safe from AI-powered attacks
• 27:00 – Personal security tips
• 29:24 – AI on the defensive side: how Dune Security uses it
• 32:47 – Changing the “tick the box” compliance mindset
• 35:42 – Advice for those entering cybersecurity

Guest Bio

Michael Waite is the Co-founder and CTO of Dune Security, a company focused on protecting enterprises from modern social engineering threats. His career spans building secure platforms, leading large-scale cloud migrations, and scaling security solutions for Fortune 50 organisations. Under his technical leadership, Dune Security has raised $8 million in pre-seed and seed funding.