#195 - Pentesting for Readiness not Compliance (with Snehal Antani)

In this episode of CISO Tradecraft, host G Mark Hardy is joined by special guest Snehal Antani, co-founder of Horizon3.AI, to discuss the crucial interplay between offensive and defensive cybersecurity tactics. They explore the technical aspects of how observing attacker behavior can enhance defensive strategies, why traditional point-in-time pen testing may be insufficient, and how autonomous pen testing can offer continuous, scalable solutions. The conversation delves into Snehal’s extensive experience, the importance of readiness over compliance, and the future of cybersecurity tools designed with humans out of the loop. Tune in to learn how to elevate your cybersecurity posture in a rapidly evolving threat landscape.

Horizon3 - https://www.horizon3.ai

Snehal Antani - https://www.linkedin.com/in/snehalantani/

Transcripts: https://docs.google.com/document/d/1IFSQ8Uoca3I7TLqNHMkvm2X-RHk8SWpo

Chapters:

• 00:00 Introduction and Guest Welcome
• 01:43 Background and Experience of Snehal Antani
• 03:09 Challenges and Limitations of Traditional Pen Testing
• 14:47 The Future of Pen Testing: Autonomous Systems
• 23:10 Leveraging Data for Cybersecurity Insights
• 24:02 Expanding the Attack Surface: Cloud and Supply Chain
• 24:46 Third-Party Risk Management Evolution
• 44:37 Future of Cyber Warfare: Algorithms vs. Humans