Headshot of Ryan Wakeham

Ryan Wakeham

Ryan Wakeham has been with NetSPI since 2005 and has nearly 20 years of IT and cyber security experience. He holds a graduate degree in Information Security from the Georgia Institute of Technology and has a background that includes vulnerability testing, compliance advisory consulting, and security management program assessment & development. Over his years with NetSPI, Ryan has worked with clients ranging from Fortune 10 organizations and top US financial institutions to multinational retailers and global technology companies. For several years, Ryan led NetSPI’s pentesting team. In his current role, Ryan partners with NetSPI’s clients to better understand their security challenges and develop solutions to meet their needs.

More by Ryan Wakeham

Adversary Simulation

The Value of Detective Controls

September 22, 2013

Security professionals have spent the majority of their time focusing on preventative controls for years. Recently, as organizations have begun to accept that they cannot prevent every threat agent, they have also begun to realize the value of detective controls.

Learn More
Vulnerability Management

2013 Cyber Threat Forecast Released

December 12, 2012

Ryan Wakeham's thoughts on the recently released Georgia Tech Information Security Center and Georgia Tech Research Institute's 2013 report on emerging cyber threats.

Learn More
Web Application Pentesting

Thoughts on Web Application Firewalls

October 15, 2012

I recently attended a talk given by an engineer from a top security product company and, while the talk was quite interesting, something that the engineer said has been bugging me a bit. Let's discuss.

Learn More
Web Application Pentesting

Web Application Testing: What is the right amount?

June 22, 2012

It is becoming more common these days (though still not common enough) for organizations to have regular vulnerability scans conducted against Internet-facing, and sometimes internal, systems and devices. Let's dive into this.

Learn More
Vulnerability Management

Enterprise Vulnerability Management

May 24, 2012

Secure360 conference recap from Ryan Wakeham.

Learn More
Cloud Pentesting

Pentesting the Cloud

March 19, 2012

Thoughts on cloud pentesting after much discussion and buzz at an industry conference.

Learn More
Vulnerability Management

The Annual Struggle with Assessing Risk

February 7, 2012

In my experience, one of the security management processes that causes the most confusion among security stakeholders is the periodic risk assessment. Let's discuss.

Learn More
Cloud Pentesting

Why I Hate The Cloud

October 26, 2011

The Cloud is one of the "new big things" in IT and security and I hate it.  To be clear, I don't actually hate the concept of The Cloud (I'll get to that in a minute) but, rather, I hate the term. Hear me out...

Learn More
Mobile Application Pentesting

Mobile Devices in Corporate Environments

October 12, 2011

Mobile computing technology is hardly a recent phenomenon but, with the influx of mobile devices such as smartphones and tablet computers into the workplace, the specter of malicious activity being initiated by or through these devices looms large.

Learn More
Vulnerability Management

Do You Know Where Your Data Is?

October 4, 2011

When it comes to application of security controls, many organizations have gotten pretty good at selecting and implementing technologies that create defense-in-depth.

Learn More
Mobile Application Pentesting

Hacking Twitter for Fun (and Profit?)

September 16, 2011

Just last week, on the eve of the tenth anniversary of the 9/11 attacks, NBC News’ Twitter account was hacked by a group calling itself The Script Kiddies.

Learn More
Vulnerability Management

Metrics: Your Security Yardstick – Part 2 – Defining Metrics

September 15, 2011

After a number of questions on the topic, I have decided to follow up on my earlier security metrics blog with a bit more information regarding metrics development.

Learn More