November 7, 2022
by Hacker Valley Studio
November 7, 2022
by Hacker Valley Studio
Alton Johnson, Founder and Principal Security Consultant at Vonahi Security, automates his way out of his pen testing job in this week’s episode. An AOl hacking gone wild got Alton into defensive cybersecurity years ago, and now, as the Founder of Vonahi, Alton advocates for automation and efficiency in the pen testing process. Alton talks about his connection to defensive over offensive, customizing a pen test report to your audience, and finding that sweet spot between practitioner and entrepreneur.
[00:00] Learning the importance of automation in defensive cyber
[07:48] Connecting with automation & defensive cybersecurity over offensive
[12:01] Showing the results that matter to the right people in a pen test report
[15:27] Prioritizing exploitations in the world of vulnerability assessments
[21:59] Maintaining the cyber practitioner & the entrepreneurial side of Vonahi
Thank you to our sponsors Axonius and NetSPI for bringing this episode to life!
The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.
How have you seen automation change yourself and your role?
As a penetration tester, Alton explains that time is often not on his side. There’s a limited amount of time to do an assessment, and the measure of a good pen tester is often determined by fast, high quality reporting. Automating the repetitive tasks of pen testing not only saves time, but Alton believes it genuinely changes the role into something much more efficient, high value, and successful.
“Automation obviously plays a huge part in growing in the career too, because the more you can do, the more value you can provide, and the faster you can provide that value makes you a better pentester.”
How do you convey the story of a red team engagement in different ways so that message is received by everyone in the company?
At Vonahi Security, Alton’s team separates pen testing reports into an executive summary and a technical report. The executive summary is high level, demonstrating the impact and severity of what was discovered from a business point of view. Many business executives don’t need the technical play by play, which is why that is saved for the technical report. The technical report acts as a scene by scene story of what was done and how to technically fix it.
“We separate the two conversations. Here's what we did at a high level to anyone that doesn't really care about the technical stuff, but only cares about how it impacts the business, and then, for the person that has to fix the issues, here's everything that they would need.”
What would you tell the newer generation of cybersecurity practitioners about the offensive side?
When Alton first started his cybersecurity journey, he was very into hacking and coding. That passion for code has served him well, allowing him to become successful enough to start his own business with Vonahi. For the younger generation of cyber practitioners, Alton recommends not skipping that coding education. As technically advanced and automated as cybersecurity tools are, practitioners should be prepared to code when something breaks or doesn’t work as intended.
“I think coding is extremely valuable, because there's going to be many times that tools that you use don't work and you have to have the experience and knowledge to basically fix those problems with coding.”
What have you learned over the past few years that has helped you to maintain both the technical and business side of Vonahi? 21
Efficiency is the name of the game for Vonahi— and it’s the one thing that has allowed Alton to remain in a hands-on pen testing role while still being a business owner. Keeping it efficient is more than just technology and automation. Alton believes his success is a direct result of the efficient technology around him and the hardworking, intelligent, efficient team members working with him at Vonahi.
“It is really just about efficiency. We look to all these other leaders, but for me, I like to learn from other people's failures. I don't want to take the same growth processes as the person who failed and didn't do well.”
Keep up with our guest Alton Johnson on LinkedIn and his personal website
Learn more about Vonahi Security on LinkedIn and the Vonahi Security website
Connect with Ron Eddings on LinkedIn and Twitter
Connect with Chris Cochran on LinkedIn and Twitter
Purchase a HVS t-shirt at our shop
Continue the conversation by joining our Discord
Check out Hacker Valley Media and Hacker Valley Studio
In this cybersecurity podcast episode, Chris Cochran and Ron Eddings discuss the concept of 'dojos' as environments for growth and learning, drawing on experiences from their own career paths in cybersecurity. The 'dojo' metaphor is applied to variou...
Join hosts Ron and Chris as they dive into the world of Attack Surface Management (ASM) in this episode recorded live at RSAC 2023. Special guest Nabil Hannan, a seasoned industry expert and Field CISO at NetSPI, shares his wealth of knowledge and ex...
In this episode, hosts Ron and Chris are joined by Paul Valente, CEO and co-founder of VISO Trust, and Bryan Wong, Sr. Security Analyst at Headspace, as they dive into the world of third-party risk in cybersecurity. With conversations ranging from th...
In this episode, Ron Eddings and Chris Cochran discuss the concept of "paying the piper" and its impact on their careers and personal lives. Paying the piper means facing the consequences of one's actions, whether they are good or bad. Chris shares h...
In this podcast episode, Jack Roehrig, Technology Evangelist at Uptycs, discusses his experience with burnout and health issues due to his job as a Chief Information Security Officer (CISO). Jack has always known health is wealth and retired to Mexic...
In this episode, we explore the often-overlooked importance of empathy in the cybersecurity field. Our guest, Tracy Maleeff, shares her personal journey from community involvement to the industry and discusses how embracing empathy can lead to more e...
Head into RSA 2023 with a purpose. This episode is all about how to reach a win-win when sealing deals, getting hired, and networking.If you want to catch up with the Hacker Valley Team during RSA be sure to jump into our discord. You can join by goi...
RSA is right around the corner and we’re so excited because it’s one of our big opportunities to meet with you, our dedicated listener. If you want to catch up with the Hacker Valley Team be sure to jump into our discord. You can join by going to hac...
Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some...
Special Thanks to our sponsor NetSPI NetSPI has a team of skilled pen-testers that can help you find those critical vulnerabilities and become your partner in creating the right remediation game plan for you. Check them out at http://netspi.com/HVM ...