EPISODE 04 – From Blue Team to Pentesting: Tools, Tales, and Techniques
Karl Fosaaen
VP Research at NetSPI
Episode Details:
In this episode, host Karl Fosaaen sits down with Paul Ryan, Senior Director of Application Security at NetSPI, to explore his journey in cybersecurity and his leadership in application pentesting. Paul shares how his career evolved from IT and blue team roles to becoming a key figure in application security at NetSPI.
What You’ll Hack Away With
- Paul’s career journey: From IT to blue team to pentesting leader
- The evolution of application pentesting, including the rise of APIs and AI
- Why checklists are the unsung heroes of pentesting success
- Advice for aspiring cybersecurity pros
- Fun stories from the field, including creative vulnerability discoveries
About the Speakers
Host: Karl Fosaaen | VP Research
As a VP of Research, Karl is part of a team developing new services and product offerings at NetSPI. Karl previously oversaw the Cloud Penetration Testing service lines at NetSPI and is one of the founding members of NetSPI’s Portland, OR team. Karl has a Bachelors of Computer Science from the University of Minnesota and has been in the security consulting industry for over 15 years. Karl spends most of his research time focusing on Azure security and contributing to the NetSPI blog. As part of this research, Karl created the MicroBurst toolkit to house many of the PowerShell tools that he uses for testing Azure. In 2021, Karl co-authored the book “Penetration Testing Azure for Ethical Hackers” with David Okeyode.
Guest: Paul Ryan | Senior Director of App Pentesting
As a Senior Director, Paul is responsible for overseeing the execution of application penetration tests at NetSPI. With over 15 years of experience in system administration and information security, Paul has worked with both large financial services companies and consulting firms specializing in governmental contracts. Prior to NetSPI, Paul helped design and implement IAM solutions, maintain network security defenses, develop internal penetration testing processes, and advise on vulnerability remediation best practices. Paul has a Bachelor of Arts in East Asian Studies from St. Olaf College.
Episode Resources
- Service Overview: Application Penetration Testing
- Technical Insights: Hack Responsibly Blog
- Tools: NetSPI Open Source Tools
Ready to Hack Smarter, Not Harder?
Discover how NetSPI’s application pentesting services can uncover vulnerabilities, secure your apps, and keep you ahead of evolving threats.
Explore More Podcasts
EPISODE 03 – The Hidden Risk in Legacy Infrastructure
In this episode of the Hack Responsibly podcast, NetSPI VP of Research Karl Fosaaen connects with Phil Young, NetSPI Director of Mainframe Pentesting. Known in the industry as "Soldier of Fortran," Phil is a leading authority on mainframe security.
EPISODE 02 – Securing the AI Frontier
In this episode of the Hack Responsibly podcast, NetSPI VP of Research Karl Fosaaen speaks with Kim Wiles, Director of AI Penetration Testing, about the unique security challenges posed by emerging AI technologies.
EPISODE 01 – Inside the Mind of a Social Engineer
In this episode of Hack Responsibly podcast, Patrick Sayler, Director of Social Engineering shares stories from his nearly decade-long tenure at NetSPI.