Events , Governance & Risk Management , RSA Conference

Taking the Fight to the Enemy With Offensive Cybersecurity

NetSPI's Aaron Shilts on Why Point-in-Time Penetration Testing Is No Longer Enough
Aaron Shilts, president and CEO, NetSPI

Offensive security is transitioning from traditional penetration testing to a more continuous, technology-led approach, said Aaron Shilts, president and CEO at NetSPI.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

The security posture of organizations is constantly changing, making a point-in-time pen test less effective, Shilts said. A continuous approach allows for a real-time understanding of an organization's attack exposure. Shilts champions attack surface management and attack simulation to help customers understand how an adversary views their network and how to respond to potential threats (see: NetSPI Doubles Down on Pen Testing With nVisium Acquisition).

"One of the greatest areas of innovation around offensive security happening today is technology being built that allows you to leverage humans in the best and most efficient possible way," Shilts said. "We're automating the process of using different technology, whether it's commercial software, open-source software or our own scripts. Automate as much as possible."

In this video interview with Information Security Media Group at RSA Conference 2023, Shilts also discusses:

  • Why offensive security should be part of cyber defense strategies;
  • What makes offensive security different from penetration testing;
  • The most relevant drivers of demand for cloud penetration testing.

In his more than 20 years of industry leadership, Shilts has built innovative and high-performing organizations. Prior to joining NetSPI, he was the executive vice president of worldwide services at Optiv, where he led one of the industry's largest mergers.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing govinfosecurity.com, you agree to our use of cookies.