Behind the Firewall ft. Aslan Konsavage

by Morgan Prost / June 2, 2026

Security isn't just about what's behind the firewall, it's also about what's being shared outside of it. Sometimes, the biggest risks aren’t in the code, they’re in the conversations around it. While researching during an engagement, Aslan Konsavage came across a public developer forum where one of his client’s developers was sharing screenshots of their internal portal and source code. The discovery wasn’t part of the original scope, but it…

Behind the Firewall ft. Jeneil Russell

by Morgan Prost / June 2, 2026

What happens if your tools get it wrong? During our KP Panel Interview hosted by Allie Krings, we got to hear from our Director of Quality Assurance, Jeneil, about what she’s seeing in the field: when organizations change how they talk about risk, everything else changes too. A risk-aware culture anticipates threats, while a reactive culture responds only after harm occurs. A reactive culture is easy to spot – it…

Behind the Firewall ft. Shannon Lane

by Morgan Prost / June 2, 2026

A good audit doesn't exist to hand out gold stars. Sometimes, the best compliment an auditor can receive is:"You were tough on us."On a recent call, the project director at a client company said exactly that about Shannon Lane's audit — and meant it as the highest praise.They'd worked with plenty of auditors before, but Shannon's approach was different. Where others moved quickly through the checklist, Shannon dug deeper, pushed…

Behind the Firewall ft. Kyle Pardue

by Morgan Prost / May 22, 2026

Just because you bought a tool doesn't mean you're ready. Just because you’ve bought a tool doesn’t mean you are ready, you’ve just started.  Kyle Pardue, KirkpatrickPrice’s VP of Sales, has noticed a growing trend: more prospects are pursuing audits for the first time, and putting GRC tool selection ahead of auditor evaluation. In one case, a company had purchased a GRC tool eight months before reaching out, only to admit, “We’re…

Behind the Firewall ft. Randy Bartels

by Morgan Prost / May 22, 2026

Don't just secure your code, secure the systems that build it. VP of Security Services, Randy Bartels, has seen a major shift in how teams manage their CI/CD pipelines. Jenkins, CircleCI, and other tools are being replaced by GitHub Actions at a rapid pace, but with that shift comes a new layer of responsibility: securing the runners—the Docker containers that execute the workflows and produce the artifacts used in production.In…