Technology can protect us, but people truly defend us. Behind every firewall, every complex algorithm, and every security protocol stands a human – someone who thinks beyond the code, who understands that cybersecurity is fundamentally about anticipating human behavior, not just blocking technical vulnerabilities.
Meet Maril Vernon, a cybersecurity professional who embodies this philosophy. With just six years in the industry, she’s already risen to a principal role, bringing a unique perspective that challenges traditional security paradigms.
“I broke into cybersecurity completely non-technical,” Vernon reveals. “Within four months of starting, I was pen testing. A year later, I was on a red team for a FAANG-sized organization. Most red teamers don’t speak risk – that’s where I made my mark.”
Her journey isn’t just a personal success story; it’s a blueprint for how modern cybersecurity professionals must think. Vernon’s background spans offensive security, risk management, and a deep understanding of cloud infrastructure – she even helped author the CIS benchmark for AWS. But what truly sets Vernon apart is her belief that security can’t exist in isolated chambers. “We need to break down silos,” she emphasizes. “Collaborative security means bringing together developers, pen testers, and every vertical in between.”
This philosophy now drives her work at NetSPI, a professional penetration testing and product firm with over 350 fully badged in-house testers.
Unlike many firms that rely on crowdsourcing or white-labeling, NetSPI has a rigorous onboarding process with a 70% dropout rate, ensuring only the most skilled professionals make the cut.
The Problem: A Fragmented Security Landscape
Today’s cybersecurity environment is overwhelmingly complex. CISOs juggle multiple priorities: endpoint security, cloud protection, in-house staffing, managed service providers, and SIEM solutions.
Adding a $40,000 annual penetration test feels like just another checkbox.
“Many organizations are afraid of pen testing,” Vernon explains. “They want to maintain plausible deniability. They’d rather not know how ‘dirty the water is.”
This fear stems from a fundamental misunderstanding of penetration testing’s purpose. It’s not about shaming an organization but empowering it. “We’re here to help you hack yourself before someone else does,” Vernon says. “Think of it like a friendly fire drill that prevents actual disasters.”
A New Approach: Consolidation and Continuous Improvement
NetSPI’s solution goes beyond traditional pen testing. They’ve developed a platform that consolidates multiple security functions: Pen Testing as a Service (PtaaS), External Attack Surface Management (EASM), Cyber Asset Attack Surface Management (CAASM), and Breach and Attack Simulation (BAS).
“Tool overload is killing cybersecurity teams,” Vernon argues. “We’re moving towards consolidation because it’s more cost-effective and, frankly, saves your brain.”
The platform isn’t just about tools; it’s about creating a continuous feedback loop. After an initial assessment, organizations can use NetSPI’s tools to monitor, test, and improve their security posture throughout the year.
When the next pen test arrives, they’re not starting from scratch but building upon previous insights. Human Touch in an AI-Driven World In an era obsessed with AI and automation, NetSPI stands out by emphasizing human creativity.
“In a sea of AI, we’re out here trying to be human – and effective,” Vernon says.
This means custom playbooks built from real-world experiences, not just library-based signatures. When their red teamers discover a vulnerability, they transform it into a testable scenario that can help protect other organizations.
The Call to Action for CISOs
Vernon’s message is clear: proactive security isn’t a luxury; it’s a necessity. “Meet yourself where you are,” she advises. “Whether you’re a startup or a major bank, there are ways to systematically improve your security posture.”
For CISOs feeling overwhelmed, her recommendation is simple: start by understanding your true attack surface, consolidate your tools, and embrace a mindset of continuous improvement. “Don’t just check boxes,” she warns. “Actually get better.”
As cyber threats become more sophisticated, Vernon and NetSPI represent a new breed of cybersecurity professionals: strategic, collaborative, and relentlessly focused on real-world defense. The future of cybersecurity isn’t about perfect prevention. It’s about resilience, adaptability, and the human capacity to outsmart increasingly complex threats.
Are you ready to go hack yourself?
About the Author
Pete Green is the CISO / CTO of Anvil Works, a ProCloud SaaS company. With over 25 years of experience in information technology and cybersecurity, Pete is a seasoned and accomplished security practitioner.
Throughout his career, he has held a wide range of technical and leadership roles, including LAN/WLAN Engineer, Threat Analyst, Security Project Manager, Security Architect, Cloud Security Architect, Principal Security Consultant, Director of IT, CTO, CEO, Virtual CISO, and CISO.
Pete has supported clients across numerous industries, including federal, state, and local government, as well as financial services, healthcare, food services, manufacturing, technology, transportation, and hospitality.
He holds a Master of Computer Information Systems in Information Security from Boston University, which is recognized as a National Center of Academic Excellence in Information Assurance / Cyber Defense (CAE IA/CD) by the NSA and DHS. He also holds a Master of Business Administration in Informatics.
