In this episode, Spencer and Brad dig into a question that comes up all the time: what exactly is offensive security? Hint: it’s not just “pentesting.” Offensive security covers a whole spectrum of activities, including, penetration testing, red teaming, purple teaming, adversary emulation, and more. We’ll break down what each of these means, how they’re different, and how we do things at SecurIT360. By the end, you’ll have a clearer picture of how offensive security fits into a bigger security strategy and why it’s more than just finding vulnerabilities.👉Find vulnerabilities that matter, learn about how we do assume breach internal pentesting here.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com
--------
43:33
--------
43:33
Episode 151: Tool Time - PingCastle for Defenders
In this episode, we’re digging into a super awesome Active Directory security tool called PingCastle. We’ll cover what it is, why it matters for Active Directory security, and how IT and security teams can leverage it to get ahead of adversaries. PingCastle is a staple tool on our internal pentesting toolbelt. In this episode, you will find out why.👉Find vulnerabilities that matter, learn about how we do assume breach internal pentesting here.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com
--------
42:27
--------
42:27
Episode 150: How to Use Pentest Findings to Justify Your Next Security Spend
https://offsec.blog/budgetIn this episode, we’re tackling an often-overlooked opportunity: using pentest results to secure more budget for security initiatives. Too many organizations run a pentest, file the report away, and move on without leveraging it for strategic value. We’ll break down how to translate findings into business language, influence leadership, and turn vulnerabilities into funding for better defenses.Click here to see if you're a fit for our style of internal pentesting.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com
--------
30:36
--------
30:36
Episode 149: Building a Security Stack That Works A Practitioner’s Perspective
In this episode, Brad and Spencer sit down with an experienced information security and risk manager to explore how they build and manage their security stack, choose the right tools, and win support from their team and leadership. We dig into the balance between technical defenses and business-driven risk management, from budgeting and vendor selection to measuring success and preparing for emerging threats. Whether you’re a hands-on practitioner or a security leader, you’ll walk away with practical insights on building stronger defenses and aligning security with business goals.Blog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com
--------
36:33
--------
36:33
Episode 148: Securing Windows: Common Misconfigurations That Give Attackers The Advantage
This is the webinar I gave in August 2025 on the topic of common Windows misconfigurations I see during internal pentests. Make sure you grab your free gifts!Learn how we do internal pentesting differently...https://securit360.com/free-giftshttps://links.spenceralessi.com/credshttps://go.spenceralessi.com/windows-slidesBlog: https://offsec.blog/Youtube: https://www.youtube.com/@cyberthreatpovTwitter: https://x.com/cyberthreatpov Follow Spencer on social ⬇Spencer's Links: https://go.spenceralessi.com/links Work with Us: https://securit360.com
Step into the ever-evolving world of cybersecurity with the offensive security group from SecurIT360. We’re bringing you fresh content from our journeys into penetration testing, threat research and various other interesting [email protected]
Polska