NetSPI Adds Seasoned Security Expert Nabil Hannan to Its Team

Hannan brings 13 years’ cyber security experience to help NetSPI clients overcome vulnerability management challenges.

Minneapolis, Minnesota  –  NetSPI, a leader in enterprise security testing and vulnerability management, has added Nabil Hannan as Managing Director, where he will work with NetSPI clients on strategic security solutions incorporating both technology and services.

“NetSPI’s innovative technology and services are essential for any high performing security program,” said Aaron Shilts, NetSPI President and COO. “Strategically, we continue to strive to be at the leading edge of this industry, providing valuable, actionable guidance to our clients, and Nabil adds to our ability to do this. He will consult directly with our clients and advise them on how to solve their most critical cyber security challenges in 2020 and beyond.”

Hannan comes to NetSPI with a deep background in building and improving effective software security initiatives, with expertise in the financial services sector. Most notably, in his 13 years of experience in cyber security consulting, he held a position at Cigital/Synopsys Software Integrity Group, where he identified, scoped, and delivered on software security projects, including architectural risk analysis, penetration testing, secure code review, malicious code detection, vulnerability remediation, and mobile security assessments. Hannan has also worked as a Product Manager at Research In Motion/BlackBerry and has managed several flagship initiatives and projects through the full software development life cycle.

“Cyber security is more critical today than ever before. We’ve all seen news of breaches in the headlines and may have even been affected by these breaches personally,” said Nabil Hannan, NetSPI Managing Director. “I look forward to advising NetSPI’s prestigious client base and helping companies protect their organizations, strategic assets, and valuable intellectual property. My role will also support NetSPI’s vision to help organizations build and maintain strong threat and vulnerability management programs – leveraging both technology and human capital.”

Learn more about NetSPI’s Advisory Services at or connect with Nabil on Twitter or LinkedIn.

About NetSPI

NetSPI is the leader in enterprise security testing and vulnerability management. We are proud to partner with seven of the top 10 U.S. banks, the largest global cloud providers, and many of the Fortune® 500. Our experts perform deep dive manual penetration testing of application, network, and cloud attack surfaces. We uniquely deliver Penetration Testing as a Service (PTaaS) through our Resolve™ platform. Clients love PTaaS for the simplicity of scoping new engagements, viewing their testing results in real-time, orchestrating remediation, and the ability to perform always-on continuous testing. We find vulnerabilities that others miss and deliver clear, actionable recommendations allowing our customers to find, track and fix their vulnerabilities faster. Follow us on FacebookTwitter, and LinkedIn.

Media Contact
Tori Norris
Maccabee Public Relations
Phone: (612) 294-3100


Three Things To Remember When Building Your InfoSec Program

Over the past 20 years of working with companies of all sizes and ages, NetSPI has seen some of the best and worst infosec programs. No matter what stage you’re in with developing your program, keep these three best practices in mind today to set your team and company up for success tomorrow.

Scalability First

Build scalability into every strategy and program.Ask yourself “Will this scale?” at every step. It’s very easy to paint yourself into a corner focusing on a tactical solution when a security alert or emergency occurs, so take a minute to stop and think if your solution is going to scale if it is implemented company wide. If your “solution” is not scalable, you may end up with two- or three-times the work and expense later, so try to quantify the lifetime impact of your decision upfront.

Another scalability-related tip is to plan to be successful from the outset. Choose scalable tools and processes, supported by flexible staffing, to help manage growth efficiently.

Be Flexible

Find a balance between repeatability and consistency vs. flexibility and agile ingenuity. Some processes need to be rigid and consistent, while some can be more freeform. In the past, we’ve tried to engineer a process to enforce a set of constraints only to learn that it did not really matter or mitigate risk. In the security community we tend to look for ways to make processes repeatable and remove their dynamics,but by doing so, we sometimes lose the intended purpose of the activity. It’s more art than science, but finding a balance between flexibility and rigidity is important.

Plan for Communication and Collaboration

Many problemscan be traced back to miscommunicationand misunderstanding of what is usually a technical topic by people that do not have technical expertise. As such, planning for communication and collaboration in the early stages of building out your program is critical.

Keep in mind that people interpret words differently. Scan, assessment, risk, and vulnerability have different meanings to different people and resulted in some miscommunication issues and differing expectations. Take a step back to clearly define those terms and ensure everyone is on the same page.

Discover how the NetSPI BAS solution helps organizations validate the efficacy of existing security controls and understand their Security Posture and Readiness.