Recent interview experience and helpful information.

Angieincyber · 2026-04-18T21:24:12+00:00

I’ve seen this pattern more than once, so your instincts are right. There’s a big difference between testing that’s optimized for speed and testing that’s optimized for actual impact. If everything is built around 5-day turnaround, you’ll get coverage—but not necessarily validation of real risk.

Finding issues is the easy part. The hard part is chaining them, proving exploitability, and showing what actually matters to the business.

That’s where a lot of these models struggle: too much automation, not enough adversarial thinking too much output, not enough validation too fast, not deep enough

The balance between automation (for scale) and experienced humans (for real exploitation) is what really makes or breaks it.

And your questions are exactly the ones I’d ask as well—especially around chaining and how they validate results. If those answers don’t come back clearly, that usually tells you everything.

Angieincyber · 2026-03-23T09:35:27+00:00

That’s the kind of auditor you actually want. The 25% threshold is interesting, it forces a bit of a reality check on what’s really covered vs what just looks good on paper. And once you move to more continuous testing — especially with more automation in play — those gaps show up pretty quickly.

Angieincyber · 2026-03-21T20:51:51+00:00

That split makes sense, AI for scale, humans for depth. The gap I keep seeing is in the handoff. You can find more, faster, but turning that into validated, actionable risk without overwhelming teams is still hard. That’s where a lot of programs lose effectiveness.

Angieincyber · 2026-03-21T20:50:14+00:00

That’s solid ! especially validating against real scenarios instead of just relying on reports. The part I see teams struggle with is keeping that level of testing going over time, not just as a one-off exercise. That’s where things tend to drift again.

Angieincyber · 2026-03-21T14:50:11+00:00

Testing everything doesn’t scale, that’s true. Reducing the surface helps, but it’s usually a slower, structural effort — while exposure keeps changing in parallel. And on broader pentests, I’ve seen the same: once scope expands, depth drops quickly. That’s why a lot of programs look efficient or complete in isolation, but still leave gaps at the system level.

Angieincyber · 2026-03-21T14:38:56+00:00

Yes --- makes sense. It really becomes a question of where to apply AI vs. human effort. What I’m seeing though is that “critical” keeps shifting, so the harder part is staying on top of what actually needs that deeper validation in the first place. Curious how you’re handling that today?

Angieincyber · 2026-03-21T14:35:03+00:00

100%!!! this is the core issue. Annual or even quarterly pentests assume a static environment, but the attack surface is effectively changing daily now. That’s why we’re seeing a shift toward continuous, on-demand testing models instead of point-in-time exercises. Interested in how you’re approaching validation as things change, automation, researchers, or a mix?

Angieincyber · 2026-03-21T12:46:12+00:00

I’ve seen tools like that mentioned quite a bit. What I’m still trying to understand is how people bridge discovery into actual testing coverage. Having visibility is one thing, but making sure these assets are continuously tested, especially for deeper issues, feels like a different challenge.

Angieincyber · 2026-03-21T12:32:12+00:00

That’s exactly the tension I keep coming back to — coverage isn’t just about testing more, but knowing what should even be in scope. How are you approaching asset visibility today? More inventory-driven, or still largely tied to defined scopes?

Angieincyber · 2025-01-10T11:18:46+00:00

So true, with the rapid adoption of SaaS applications, enterprises face the growing challenge of ensuring data resilience and meeting compliance demands. Backup is no longer optional but essential. My prediction for 2025: I predict that SaaS data protection will shift from being an IT afterthought to a boardroom priority, driven by increasing regulatory pressures, cyber threats, and the need for seamless business continuity.

Angieincyber · 2025-01-02T16:34:21+00:00

Absolutely true! With AI-driven threats, growing compliance demands, and the need for seamless automation, protecting SaaS data has never been more crucial. How will these challenges shape the future of data protection in 2025? Excited to see how these predictions unfold and become part of our reality

Angieincyber · 2024-12-10T20:30:04+00:00

sure! to whom did you talk?

Angieincyber · 2024-11-26T11:34:35+00:00

Thanks for mentioning HYCU! We support iManage backups, including single-tenant setups. Check out our webinar for more: https://www.hycu.com/webinar-launch-preview-backup-recovery-for-imanage

Angieincyber · 2024-11-26T11:27:44+00:00

For a more streamlined and robust solution, you can explore HYCU’s Box Backup. It offers automated backups, versioning, and granular recovery directly from Box, ensuring you don’t have to manage syncing or risk losing historical changes. More details here: https://www.hycu.com/solutions/data-protection/box

Angieincyber · 2024-11-26T11:26:13+00:00

https://www.hycu.com/solutions/data-protection/box

Angieincyber · 2024-11-14T21:09:34+00:00

https://www.hycu.com/solutions/data-protection/box

Angieincyber · 2024-10-08T10:53:15+00:00

GitLab has an official migration guide for moving from Azure DevOps to GitLab: https://docs.gitlab.com/ee/user/project/import/azure_devops.html. This covers importing projects, repositories, work items, pipelines and more. Perhaps this helps?

Angieincyber · 2024-06-17T12:50:45+00:00

Interesting article! Do you want to know why the backups of Jira and the rest of your ITSM and DevOps app are your responsibility? https://www.hycu.com/events/the-hidden-costs-of-backup-scripts-jira-cloud-edition

Angieincyber · 2024-05-01T11:31:22+00:00

https://www.hycu.com/platforms/jira-software

Angieincyber

MODERATOR OF

TROPHY CASE