Show Notes
Alton Johnson, Founder and Principal Security Consultant at Vonahi Security, automates his way out of his pen testing job in this week’s episode. An AOl hacking gone wild got Alton into defensive cybersecurity years ago, and now, as the Founder of Vonahi, Alton advocates for automation and efficiency in the pen testing process. Alton talks about his connection to defensive over offensive, customizing a pen test report to your audience, and finding that sweet spot between practitioner and entrepreneur.
Timecoded Guide:
[00:00] Learning the importance of automation in defensive cyber
[07:48] Connecting with automation & defensive cybersecurity over offensive
[12:01] Showing the results that matter to the right people in a pen test report
[15:27] Prioritizing exploitations in the world of vulnerability assessments
[21:59] Maintaining the cyber practitioner & the entrepreneurial side of Vonahi
Sponsor Links:
Thank you to our sponsors Axonius and NetSPI for bringing this episode to life!
The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.
How have you seen automation change yourself and your role?
As a penetration tester, Alton explains that time is often not on his side. There’s a limited amount of time to do an assessment, and the measure of a good pen tester is often determined by fast, high quality reporting. Automating the repetitive tasks of pen testing not only saves time, but Alton believes it genuinely changes the role into something much more efficient, high value, and successful.
“Automation obviously plays a huge part in growing in the career too, because the more you can do, the more value you can provide, and the faster you can provide that value makes you a better pentester.”
How do you convey the story of a red team engagement in different ways so that message is received by everyone in the company?
At Vonahi Security, Alton’s team separates pen testing reports into an executive summary and a technical report. The executive summary is high level, demonstrating the impact and severity of what was discovered from a business point of view. Many business executives don’t need the technical play by play, which is why that is saved for the technical report. The technical report acts as a scene by scene story of what was done and how to technically fix it.
“We separate the two conversations. Here's what we did at a high level to anyone that doesn't really care about the technical stuff, but only cares about how it impacts the business, and then, for the person that has to fix the issues, here's everything that they would need.”
What would you tell the newer generation of cybersecurity practitioners about the offensive side?
When Alton first started his cybersecurity journey, he was very into hacking and coding. That passion for code has served him well, allowing him to become successful enough to start his own business with Vonahi. For the younger generation of cyber practitioners, Alton recommends not skipping that coding education. As technically advanced and automated as cybersecurity tools are, practitioners should be prepared to code when something breaks or doesn’t work as intended.
“I think coding is extremely valuable, because there's going to be many times that tools that you use don't work and you have to have the experience and knowledge to basically fix those problems with coding.”
What have you learned over the past few years that has helped you to maintain both the technical and business side of Vonahi? 21
Efficiency is the name of the game for Vonahi— and it’s the one thing that has allowed Alton to remain in a hands-on pen testing role while still being a business owner. Keeping it efficient is more than just technology and automation. Alton believes his success is a direct result of the efficient technology around him and the hardworking, intelligent, efficient team members working with him at Vonahi.
“It is really just about efficiency. We look to all these other leaders, but for me, I like to learn from other people's failures. I don't want to take the same growth processes as the person who failed and didn't do well.”
---------------
Links:
Keep up with our guest Alton Johnson on LinkedIn and his personal website
Learn more about Vonahi Security on LinkedIn and the Vonahi Security website
Connect with Ron Eddings on LinkedIn and Twitter
Connect with Chris Cochran on LinkedIn and Twitter
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
Check out Hacker Valley Media and Hacker Valley Studio
Recent Episodes
Do You Deserve To Be Hacked? Featuring Ilan Fehler and Dahvid ...
Do you deserve to be hacked? With that bold tagline, CovertSwarm is pushing leaders to rethink how they test and defend their systems, and in this episode, they’re sharing firsthand how ...
Transforming SOC Operations with AI featuring Roy Halevi
Cybersecurity is evolving fast, and AI is at the center. Roy Halevi, Co-Founder and CTO of Intezer, explains how AI automates SOC operations, improving speed and accuracy while freeing up teams ...
From Shadow IT to Full Asset Visibility with Wes Wright
Can you truly protect what you can't see? Wes Wright, Chief Healthcare Officer at Ordr, joins Ron to share how organizations can shine a light on their network and asset blind spots and take ...
Building Opportunities for Women and Minorities in Cybersecurity ...
How do you create waves of change in an industry? Connie Matthews, Founder and CEO of ReynCon, speaks with Ron about the power of resilience, mentorship, and taking that first bold step in ...
Rethinking Cybersecurity Hiring with Naomi Buckwalter
Is cybersecurity gatekeeping holding back the industry? Naomi Buckwalter, Senior Director of Product Security at Contrast Security and Founder of the Cybersecurity Gatebreakers Foundation, ...
AI, Deepfakes, and Human Risk in Cybersecurity with Perry Carpenter
In a world filled with AI-generated deceptions, how do we discern what’s real? Ron sits down with Perry Carpenter, author of FAIK: A Practical Guide to Living in a World of Deepfakes, ...
How to Become a True Security Leader with Nathan Case
How does one become a true security leader? According to Nathan Case, it’s not about titles—it’s about impact. In this episode, Nathan Case, VP of Cloud Security at Clarity, shares his journey ...
AI and the Future of Cyber Defense with John Hubbard
How can AI shape the future of cybersecurity defense? In this episode, we dive into SOC operations, AI integration, and the latest in threat detection with John Hubbard, Cyber Defense Curriculum ...
How Adversaries Are Living Off The Dark Web with Jason Haddix
Have you ever lost something important, only to find out someone moved it without telling you? The same thing happens with our personal and business data. But what if you could see what the ...
AT&T Dynamic Defense: Security Before It Reaches Your Company's ...
In this episode, Ron Eddings and Jen Langdon speak with Senthil Ramakrishnan, Assistant Vice President of Cybersecurity Product at AT&T Business. Senthil shares information about how a new ...
WORK WITH US
PODCASTS + SPEAKING + EVENTS
Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.
Thank you!
We will be in touch soon.