Hack Responsibly

Hack Responsibly Episode 06: Testing at the Speed of Attackers

In this episode of Hack Responsibly, Karl Fossen talks to James Albany, NetSPI’s Senior Director of Network Pentesting, about his path from a SOC analyst to a penetration testing leader. They cover how AI and continuous testing are reshaping the security industry, what common gaps still show up in assessments, and what James is up to outside of work.  What’s discussed:  * Advice for newcomers: understand the fundamentals so you can gut-check what AI is doing well versus poorly  * The shift from point-in-time assessments to continuous testing programs and why clients are increasingly asking for it  * AI's role in security testing, including generating Nuclei templates and accelerating vulnerability discovery, and when traditional automation is still the better choice  * The "fire hose effect" of AI tools like Mythos compressing timelines for vulnerability discovery, proof-of-concept development, and remediation  * Underrepresented topics in security: SCCM/deployment server risks, Linux and Kubernetes environments, and supply chain security  * Common gaps still showing up in assessments, including Active Directory and application-level vulnerabilities that network scanners miss  * TFTP and PXE booting as surprisingly persistent and effective attack vectors

Hack Responsibly Episode 05: Proactive Cloud Security: Mitigate Real Risks

In this episode of Hack Responsibly, Karl Fossen chats with Thomas Elling, NetSPI’s Director of Cloud Pentesting, about today’s cloud security challenges. They dive into cloud pentesting tips and common misconfigurations, discussing how attackers take advantage of these gaps. Thomas also shares his own path into cybersecurity. Listen to practical advice for newcomers, and a look at why staying curious and adaptable matters for anyone tackling today’s evolving threats.  We dive into:  * Strategic cloud adoption and layered security  * Mitigating high-impact cloud vulnerabilities  * The threat of attack chaining  * Cultivating a resilience security culture

Hack Responsibly Episode 04: From Blue Team to Pentesting - Tools, Tales, and Techniques

In this episode, host Karl Fosaaen sits down with Paul Ryan, Senior Director of Application Security at NetSPI, to explore his journey in cybersecurity and his leadership in application pentesting. Paul shares how his career evolved from IT and blue team roles to becoming a key figure in application security at NetSPI.  We dive into:  * The evolution of application pentesting, including the rise of APIs and AI in security testing.  * Paul’s favorite tools and techniques, including the importance of checklists for consistency and quality.  * Advice for aspiring cybersecurity professionals: "Follow your passions."  * Memorable pentesting engagements, from formula injection debates to creative vulnerability discoveries.  * Paul’s love for hacker culture, including his favorite movie, Sneakers, and his passion for tinkering with old tech.

Hack Responsibly Episode 03: The Hidden Risk in Legacy Infrastructure

For many enterprise organizations (particularly in financial services and healthcare) mainframes remain the backbone of daily operations. Yet, these critical legacy systems often operate under a false assumption of "security by obscurity." Overlooking the security of these core assets represents a significant, often unaddressed, operational risk.  In this episode of the Hack Responsibly podcast, NetSPI VP of Research Karl Fosaaen connects with Phil Young, NetSPI Director of Mainframe Pentesting. Known in the industry as "Soldier of Fortran," Phil is a leading authority on mainframe security. Together, they dismantle the myth that legacy infrastructure is immune to modern threats and discuss why specialized testing is essential for business continuity.

Hack Responsibly Episode 02: Securing the AI Frontier

The adoption of artificial intelligence and large language models (LLMs) presents a significant opportunity for business innovation, but also introduces a new and complex attack surfaces. Balancing the drive for AI integration with robust security measures is essential for long-term strategic success and risk mitigation.  In this episode of the Hack Responsibly podcast, NetSPI VP of Research Karl Fosaaen speaks with Kim Wiles, Director of AI Penetration Testing, about the unique security challenges posed by emerging AI technologies.