In this episode of Hack Responsibly, Karl Fossen chats with Thomas Elling, NetSPI’s Director of Cloud Pentesting, about today’s cloud security challenges. They dive into cloud pentesting tips and common misconfigurations, discussing how attackers take advantage of these gaps. Thomas also shares his own path into cybersecurity. Listen to practical advice for newcomers, and a look at why staying curious and adaptable matters for anyone tackling today’s evolving threats. 

We dive into: 

• Strategic cloud adoption and layered security 
• Mitigating high-impact cloud vulnerabilities 
• The threat of attack chaining 
• Cultivating a resilience security culture 

In this episode, host Karl Fosaaen sits down with Paul Ryan, Senior Director of Application Security at NetSPI, to explore his journey in cybersecurity and his leadership in application pentesting. Paul shares how his career evolved from IT and blue team roles to becoming a key figure in application security at NetSPI. 

We dive into: 

• The evolution of application pentesting, including the rise of APIs and AI in security testing. 
• Paul’s favorite tools and techniques, including the importance of checklists for consistency and quality. 
• Advice for aspiring cybersecurity professionals: "Follow your passions." 
• Memorable pentesting engagements, from formula injection debates to creative vulnerability discoveries. 
• Paul’s love for hacker culture, including his favorite movie, Sneakers, and his passion for tinkering with old tech. 

For many enterprise organizations (particularly in financial services and healthcare) mainframes remain the backbone of daily operations. Yet, these critical legacy systems often operate under a false assumption of "security by obscurity." Overlooking the security of these core assets represents a significant, often unaddressed, operational risk. 

In this episode of the Hack Responsibly podcast, NetSPI VP of Research Karl Fosaaen connects with Phil Young, NetSPI Director of Mainframe Pentesting. Known in the industry as "Soldier of Fortran," Phil is a leading authority on mainframe security. Together, they dismantle the myth that legacy infrastructure is immune to modern threats and discuss why specialized testing is essential for business continuity. 

The adoption of artificial intelligence and large language models (LLMs) presents a significant opportunity for business innovation, but also introduces a new and complex attack surfaces. Balancing the drive for AI integration with robust security measures is essential for long-term strategic success and risk mitigation. 

In this episode of the Hack Responsibly podcast, NetSPI VP of Research Karl Fosaaen speaks with Kim Wiles, Director of AI Penetration Testing, about the unique security challenges posed by emerging AI technologies.  

A single human error can compromise even the most robust technical infrastructure. For executives and security leaders, understanding the psychology behind these breaches is critical to protecting organizational assets. 

In the first episode of the Hack Responsibly podcast, host and NetSPI VP of Research Karl Fosaaen talked with Patrick Sayler about dissecting the evolving landscape of social engineering. This discussion moves beyond simple phishing definitions to explore the sophisticated tactics threat actors use to bypass advanced security controls, from multi-factor authentication (MFA) fatigue to AI-driven deception. 

This episode offers high-level insights into how social engineering impacts your risk posture and what proactive measures you can take to align your security initiatives with business continuity goals.