Taking the Fight to the Enemy With Offensive CybersecurityNetSPI's Aaron Shilts on Why Point-in-Time Penetration Testing Is No Longer Enough
Offensive security is transitioning from traditional penetration testing to a more continuous, technology-led approach, said Aaron Shilts, president and CEO at NetSPI.
The security posture of organizations is constantly changing, making a point-in-time pen test less effective, Shilts said. A continuous approach allows for a real-time understanding of an organization's attack exposure. Shilts champions attack surface management and attack simulation to help customers understand how an adversary views their network and how to respond to potential threats (see: NetSPI Doubles Down on Pen Testing With nVisium Acquisition).
"One of the greatest areas of innovation around offensive security happening today is technology being built that allows you to leverage humans in the best and most efficient possible way," Shilts said. "We're automating the process of using different technology, whether it's commercial software, open-source software or our own scripts. Automate as much as possible."
In this video interview with Information Security Media Group at RSA Conference 2023, Shilts also discusses:
- Why offensive security should be part of cyber defense strategies;
- What makes offensive security different from penetration testing;
- The most relevant drivers of demand for cloud penetration testing.
In his more than 20 years of industry leadership, Shilts has built innovative and high-performing organizations. Prior to joining NetSPI, he was the executive vice president of worldwide services at Optiv, where he led one of the industry's largest mergers.