Hack Dissection

In this episode of Hack Dissection, Mike Lisi sits down with Wayne Koback from NRECA to talk about the cybersecurity challenges facing electric cooperatives and rural utilities across the country.Wayne shares what makes the co-op utility space so unique, from massive organizations with nuclear assets to small-town teams where one person may be handling IT, utility operations, and town management all at once. Mike and Wayne dig into the realities of protecting critical infrastructure with limited resources, the importance of practical cyber goals, and why collaboration across co-ops matters when facing threats to the grid.They also explore how data center growth is impacting rural utilities, why vendor security needs more accountability, and how SCADA knowledge can open doors for cybersecurity professionals in industries far beyond electric power.For anyone interested in cybersecurity, critical infrastructure, rural utilities, or building a stable and meaningful career in tech, this episode offers a grounded look at where cyber work has real-world consequences.

In Episode 12 of Hack Dissection, Mike Lisi sits down with longtime friend and respected security educator Phillip Wylie — Chief Security Evangelist and Senior Consultant at Suzu Labs, and host of the Simply Offensive and The Phillip Wylie Show podcasts. Together, they look back on their early days pursuing the OSCP, discuss how offensive security has evolved over the last decade, and break down the changing realities of penetration testing in today’s environment.Phillip shares stories from the field, including a memorable web app penetration test involving SQL injection, weak credential practices, and the all-too-common misuse of risk acceptance. The conversation also explores the growing importance of web app testing, IoT attack paths, continuous remediation, and why foundational skills like networking, operating systems, and scripting still matter for anyone serious about building a career in cybersecurity.They also dig into mentorship, community involvement, conference speaking, and the future of the industry — from AI as a force multiplier to the value of staying adaptable in a field that never stops changing. Whether you’re an experienced practitioner or just breaking into offensive security, this episode is packed with practical insight, career wisdom, and real-world perspective from one of the community’s most generous voices.

In Episode 11 of Hack Dissection, Mike Lisi and Graham O’Donnell reunite in person after a brutal Q4 to break down what they’re seeing across penetration testing, external assessments, web apps, and internal networks heading into 2026.The conversation dives into why Q4 is always chaos in cybersecurity, how compliance deadlines shape client behavior, and why traditional external pen tests may be giving way to continuous monitoring and more practical security validation. Mike and Graham also unpack the real-world tradeoffs of scoping engagements, why collaboration with clients leads to better results, and the common misconceptions organizations still have about realism, downtime, and what offensive testing is actually meant to prove.Along the way, they share stories from the field — including strange external exposures, recurring misconfigurations, creative attack paths, and a wild case where a locked-down browser-based remote desktop environment led to full command-line access. It’s a candid, technical, and funny conversation about where offensive security is headed, what still works, and what organizations should really be testing.

In this episode of Hack Dissection, Mike Lisi sits down with Josh Cutting, a young software engineer who did what many cybersecurity students struggle to do — land a job immediately after graduating.Josh shares his journey from learning to code as a kid and studying at SUNY Poly to completing multiple internships, earning his master’s degree, and transitioning seamlessly into the workforce. Together, Mike and Josh unpack what actually matters when trying to break into cybersecurity today — and what doesn’t.This conversation dives deep into:Why internships matter more than credentials aloneThe mindset shift students need to succeed in cybersecurityLearning outside the classroom through labs, CTFs, hackathons, and home labsHow employers really evaluate candidates during interviewsWhy passion, curiosity, and adaptability beat “checking boxes”The importance of mentorship, networking, and soft skills in technical careersWhether you’re a student trying to land your first role, a career-changer navigating cybersecurity, or a hiring manager looking for motivated talent, this episode offers practical insights from someone who’s been through the process recently — and successfully.If you’ve ever asked, “What does it really take to get hired in cybersecurity?” — this episode breaks it down.

In Episode 0x9 of Hack Dissection, host Mike Lisi flips the perspective from offense to defense with guest Cody Spooner, Principal Sales Engineer at Corelight.While Mike spends his days breaking into networks, Cody helps organizations defend them. Together they unpack how visibility, monitoring, and mindset intersect in modern cybersecurity — from the SOC Triad (SIEM, EDR, NDR) to the realities of MDR services, threat hunting, and alert fatigue.They dig into:Why companies think they’re protected but still miss every alertHow to turn red-team findings into real defensive improvementsWhat threat hunting actually means (and why it’s not just a buzzword)Lessons from ransomware incidents and tabletop exercisesHow small businesses can build effective defenses without enterprise budgetsIf you’ve ever wondered what happens after the pen testers pack up, this conversation connects the offensive and defensive sides of the same fight — and shows how better collaboration can close the gap.

In this episode of Hack Dissection, host Mike Lisi welcomes back Graham O’Donnell, Penetration Tester at Maltek Solutions, to pull back the curtain on what really happens during external and internal network assessments.From OSINT and subdomain enumeration to Nmap quirks and the chaos of inconsistent vulnerability data, Graham shares his raw, unfiltered process for finding weaknesses in the wild — plus the unexpected human side of hacking when tests get a little too real.Mike and Graham also discuss:Automating and optimizing pen testing workflowsCredential reuse and why third-party breaches still matterThe ethics of exploring live environmentsWhat it feels like to uncover personal data during an engagementWhether you’re a cybersecurity pro or just curious how ethical hackers think, this conversation offers a rare, behind-the-scenes look at the craft, the chaos, and the conscience of penetration testing.

In this episode of Hack Dissection, host Mike Lisi sits down with Brandon Finton, MS, CISSP, CISM, President of Orion Secure, to unpack the evolving landscape of cybersecurity for businesses. From the early days of Cyber Defense Institute to the launch of Orion Secure, Brandon shares his journey and the shift from training to professional services. Together, Mike and Brandon dive into: 🔒 Why Written Information Security Policies (WISP) are the foundation of any program 💡 The difference between compliance reviews and real risk assessments 👩‍⚕️ Why no one—not even doctors, lawyers, or CEOs—should get a pass on MFA 📑 Governance, risk, and compliance (GRC) as living documents 🤖 How AI and chatbots are reshaping security—and the risks of giving them too much authority ⚠️ Real-world stories from penetration tests, ransomware cases, and phishing assessments Whether you’re a small business owner, IT leader, or simply curious about the state of cybersecurity, this episode sheds light on the challenges organizations face—and the practical steps they can take to strengthen their defenses.

In this episode of Hack Dissection, Mike Lisi is joined by cyber operations expert Paul Marco for a deep dive into the true purpose—and power—of tabletop exercises. From crisis simulations that reveal communication breakdowns to the uncomfortable truths leaders often overlook, Paul shares real-world stories that highlight the human factor in cybersecurity.You’ll hear why most organizations get tabletop exercises wrong, what really matters in the heat of a cyber crisis, and how to build muscle memory that actually holds up under pressure. Plus, Paul and Mike discuss the need for chaos, iteration, and yes—even a little embarrassment—to prepare your team for the moment the alarms go off.Whether you’re building your first incident response plan or you’ve lived through the fire, this episode offers practical insights, blunt truths, and a refreshing perspective on what real cybersecurity preparedness looks like.

In this episode of Hack Dissection, hosts Mike Lisi and Graham O'Donnell sit down with red teamer, educator, and co-author of Redefining Hacking — Wesley Thurner. What starts as a light-hearted conversation about soldering badges at Cactus Con quickly dives deep into red team tactics, AI exploitation, and the culture of CTF (Capture the Flag) competitions.Wesley shares real-world stories from his time in the military, his role on red teams at Amazon and Intuit, and his work organizing large-scale CTF events through ThreatSim and Red Team Village. From session hijacking and model poisoning to building MVP command-and-control tools with LLMs, this episode is packed with insights from the front lines of ethical hacking.Whether you're a cybersecurity pro, CTF player, or curious about how AI is reshaping the red team playbook, this conversation offers a rare look behind the curtain — with humor, humility, and a whole lot of practical wisdom.Topics covered:Creative red team engagements involving AI platformsHow tainted training data can derail machine learning modelsThe evolving power (and danger) of prompt engineeringCTF design philosophy and community-first organizingWhy the simplest hacks still work in complex systems📕 Redefining Hacking is available now — and you might even catch Wesley signing copies at DEF CON’s Red Team Village.

In this episode of Hack Dissection, Mike Lisi is joined once again by ethical hacker Graham O’Donnell to unpack a memorable internal penetration test at a K-12 school district. What started with a forgotten, outdated Windows machine in a bus garage quickly escalated into full domain compromise—and revealed just how fragile infrastructure can be when one unpatched endpoint gets plugged back in.Mike and Graham walk through each stage of the assessment, from asset mapping to privilege escalation, showing how seemingly minor oversights can trigger devastating cascading effects. Along the way, they highlight how tools like BloodHound, EternalBlue, and Mimikatz played pivotal roles, and why school districts—despite tight budgets—must prioritize cyber hygiene.This episode dives into real-world tactics, practical takeaways for IT teams, and some wild detours into smartboards, PA systems, and Russian hacking forums.🔐 Key topics:Pen testing vs. red teamingInternal vs. external assessmentsRisks of legacy systems in modern environmentsMiscommunications that lead to major security gapsThe real-world implications of cached credentialsIf you’re a school IT admin, security pro, or just a fan of behind-the-scenes cybersecurity stories, this episode is a must-listen.🎧 Want to share your own pen test war story? Reach out: [email protected]

In this episode, Mike Lisi sits down with Graham O'Donnell, a penetration tester at Maltek Solutions, to explore the mindset and methods behind physical security testing. From the art of blending in with a Carhartt jacket to the thrill of mapping out buildings like real-life Hitman levels, Graham shares his journey from curious wanderer to professional pen tester. Topics covered in this episode: 🔹 The thrill of exploring abandoned places 🔹 How photography sparked a career in cybersecurity 🔹 Lessons learned from early mistakes 🔹 The tools and tactics used to bypass physical security 🔹 Why physical security is often overlooked in modern businesses Whether you’re an aspiring ethical hacker or just curious about the world of physical security, this episode will give you a behind-the-scenes look at what it takes to break into the field – and the buildings. 🔔 Don’t forget to like, subscribe, and hit the notification bell to stay up-to-date with the latest episodes of Hack Dissection. #HackingForGood #Cybersecurity #PhysicalSecurity #EthicalHacking #TechTalk

🚨 Welcome to the very first episode of Hack Dissection! 🚨 In this premiere episode, Mike Lisi, founder of Maltek Solutions, dives into the hidden cybersecurity threats that businesses across industries face—but rarely see. From real-world penetration testing stories to the biggest mistakes companies make, this episode breaks down: 🔍 The unseen security gaps that leave businesses wide open to attacks 💻 How ethical hackers expose vulnerabilities before criminals do ⚠️ The shocking truth about cyber risks in every industry (even internationally!) 🎟️ Why getting hacked might be the only way some companies take security seriously Whether you're an IT professional, business owner, or just someone curious about how cybersecurity really works, this episode will change the way you see digital threats. 📢 Don’t forget to like, comment, and subscribe for more deep dives into cybersecurity and ethical hacking!

In this episode of Hack Dissection, ethical hacker and TASBot creator Allan Cecil dives into the fascinating world of tool-assisted speedruns and video game exploitation. Discover how unchangeable, read-only code can still be manipulated to reveal unexpected behavior—and what that teaches us about cybersecurity, system flaws, and human ingenuity.