Banking Dive: Banks engage in self-hacks to keep defenses sharp
On Mar. 9, 2020, NetSPI President and COO Aaron Shilts was featured in Banking Dive.
The next level of self-hack is conducted at a more enterprise level, called red team testing.
There are a few variations of the approach. In one, red-team testers adopt the tactics of a specific, known threat actor and try to achieve a specific objective against a chosen target.
Red teaming is typically done by banks that are at a higher level of security maturity overall, said Wong.
The value of penetration testing over simply using scanning software is that you’re adding humans to the mix, said Aaron Shilts, president and COO of vulnerability assessment firm NetSPI.
“If we were bad guys, you know, what would we use to get in?” Shilts told ABA. “How could we get in? What do their defenses really look like? With limited information, it’s kind of a good way to simulate how accessible the crown jewels are from the outside.”
Read the full article here.
Explore More News
Solutions Review: AI and Enterprise Technology Predictions from Industry Experts for 2026
Nabil Hannan, Field CISO at NetSPI, contributed a 2026 cybersecurity prediction to Solutions Review's article, warning that AI will accelerate rather than eliminate tool sprawl in organizations.
DevOps Digest: 2026 DevOps Predictions – Part 7
Paul Ryan, Senior Director of Web Application Penetration Testing at NetSPI, contributed a prediction to DevOps Digest's article forecasting that API growth is still in its early stages despite significant expansion in 2025.
DevOps Digest: 2026 DevOps Predictions – Part 2
Aaron Shilts, President and CEO of NetSPI, contributes a cautionary prediction about AI security risks in the 2026 DevOps predictions article.