You Can’t Patch Your Way Out of This | Mahdi Abdulrazak & Kim van Lavieren, Dawnguard | Cyber Security District
Failed to add items
Add to cart failed.
Add to wishlist failed.
Remove from wishlist failed.
Follow podcast failed
Unfollow podcast failed
-
Narrated by:
-
Written by:
What if your infrastructure was built secure from minute one and stayed that way?
In this special one year anniversary episode of Cyber Security District, host Jeroen Prinse sits back down with Mahdi Abdulrazak (CEO) and Kim van Lavieren (CTO) of Dawnguard, a security automation platform that turns approved security architecture directly into deployable cloud infrastructure as code.
One year in, having just closed a pre-seed round and raised €6.3 million in total funding and opening a new office in New York, Dawnguard is making a bold bet: that the only real answer to modern cyber threats isn't better detection or faster patching, it's building systems that are resilient by design from the very start.
Mahdi and Kim have both led security teams inside large organisations and lived through the same recurring nightmare: architecture locked in too early, security reviews arriving too late and a list of 50 findings that nobody has time to fix before the product ships. Dawnguard was built to break that cycle, with a collaborative canvas that lets teams design, validate and deploy secure infrastructure in minutes, with continuous drift detection to make sure it stays that way.
One year on, we look back at how far that idea has come and what's next as the company expands.
Key Takeaways:
- You cannot patch your way out of agentic AI attacks, the only answer is building more resilient systems from the start
- The hardest translation in security is from policy to architecture, ambiguity and contradictions there cascade into every layer below
- Context is the missing ingredient in most security tooling: secure or insecure is a binary lens that doesn’t reflect reality
- Drift detection only works when you know what was approved in the first place, that’s the advantage of integrating into the design lifecycle
- Security decisions still belong to the business and engineers, Dawnguard removes the friction, not the ownership
- The shift from protection to resilience is already happening: it’s not if you get breached, it’s how contained the blast radius is
- European founders can compete, but capital conviction from investors matters as much as capital volume
Timestamps:
00:00 – Introduction
00:15 – Meet Dawnguard
00:48 – One year in: what proved Dawnguard was solving a real problem
01:30 – How customers are using the platform today: discover, design, deploy, monitor
03:20 – The shift-left moment: when architecture gets locked in and it’s already too late
05:15 – why organisations overestimate their resiliency requirements
06:15 – What Snyk, OPA and Sentinel leave unresolved
08:30 – Guardrails vs. findings: preventing vulnerabilities instead of just reporting them
09:30 – Policy to architecture to code to production: where is the hardest translation?
11:00 – The Mythos era: agentic AI and why patching is a losing strategy
12:50 – The shift from protection to resilience
15:00 – Blast radius reduction and the holistic trade-off view Dawnguard provides
16:45 – Drift detection: how Dawnguard tells a legitimate change from a malicious one
18:20 – Prompting redesigns for cost, sustainability, and resilience
20:00 – Bringing guardrails into the developer IDE in real time
22:25 – Who owns the security decision?
25:45 – European digital sovereignty: what it concretely means for Dawnguard
27:55 – Raising €6.3 million from European funds in year one
29:10 – What excites Mahdi and Kim most about the road ahead
30:40 – Final message: what CISOs should be doing differently a year from now
Connect with the guests:
Mahdi Abdulrazak: https://www.linkedin.com/in/mahdiabdulrazak/
Kim van Lavieren: https://www.linkedin.com/in/kim-v-0645931b4/
Website: https://www.dawnguard.io/
Follow Cyber Security District:
Jeroen Prinse on LinkedIn: https://www.linkedin.com/in/jprinse/
Laurens Jagt on LinkedIn: https://www.linkedin.com/in/laurensjagt/
Website: https://www.cybersecuritydistrict.com/
All channels & newsletter: https://beacons.ai/cybersecuritydistrict