NetSPI’s Field CISO Nabil Hannan was featured in an SC Media article highlighting the CISO perspective on how cyber defenders must evolve their tactics as adversarial attacks also evolve. Read the preview below or view it online


Experts advise CISOs to work to keep the organization’s attack surface to a minimum.

That means identifying software and system vulnerabilities and patching and mitigating these risks. It also means minimizing the number of entry points into an organization and using multi-factor authentication. “Attack surfaces are expanding at a rate we haven’t seen before, driven by the increase of cloud solutions, SaaS applications, and shadow IT,” says Nabil Hannan, field CISO at NetSPI.

Hannan says organizations should consider turning to systems that help automate attack surface management so that security teams fully understand their assets and can better prioritize their risks. “To keep pace with the rate of change today, we must consider security continuity beyond isolated security evaluations, such as external penetration tests. Given that a penetration testing engagement typically lasts a few days to a couple of weeks. What measures are in place during the remaining 50 weeks of the year? Attack surface management addresses the visibility gaps between scheduled, deep dive security tests,” says Hannan.

You can read the full article at