In Episode 0x9 of Hack Dissection, host Mike Lisi flips the perspective from offense to defense with guest Cody Spooner, Principal Sales Engineer at Corelight.

While Mike spends his days breaking into networks, Cody helps organizations defend them. Together they unpack how visibility, monitoring, and mindset intersect in modern cybersecurity — from the SOC Triad (SIEM, EDR, NDR) to the realities of MDR services, threat hunting, and alert fatigue.

They dig into:

• Why companies think they’re protected but still miss every alert
• How to turn red-team findings into real defensive improvements
• What threat hunting actually means (and why it’s not just a buzzword)
• Lessons from ransomware incidents and tabletop exercises
• How small businesses can build effective defenses without enterprise budgets

If you’ve ever wondered what happens after the pen testers pack up, this conversation connects the offensive and defensive sides of the same fight — and shows how better collaboration can close the gap.

In this episode of Hack Dissection, host Mike Lisi welcomes back Graham O’Donnell, Penetration Tester at Maltek Solutions, to pull back the curtain on what really happens during external and internal network assessments.

From OSINT and subdomain enumeration to Nmap quirks and the chaos of inconsistent vulnerability data, Graham shares his raw, unfiltered process for finding weaknesses in the wild — plus the unexpected human side of hacking when tests get a little too real.

Mike and Graham also discuss:

• Automating and optimizing pen testing workflows
• Credential reuse and why third-party breaches still matter
• The ethics of exploring live environments
• What it feels like to uncover personal data during an engagement

Whether you’re a cybersecurity pro or just curious how ethical hackers think, this conversation offers a rare, behind-the-scenes look at the craft, the chaos, and the conscience of penetration testing.

In this episode of Hack Dissection, host Mike Lisi sits down with Brandon Finton, MS, CISSP, CISM, President of Orion Secure, to unpack the evolving landscape of cybersecurity for businesses. From the early days of Cyber Defense Institute to the launch of Orion Secure, Brandon shares his journey and the shift from training to professional services. Together, Mike and Brandon dive into: 🔒 Why Written Information Security Policies (WISP) are the foundation of any program 💡 The difference between compliance reviews and real risk assessments 👩‍⚕️ Why no one—not even doctors, lawyers, or CEOs—should get a pass on MFA 📑 Governance, risk, and compliance (GRC) as living documents 🤖 How AI and chatbots are reshaping security—and the risks of giving them too much authority ⚠️ Real-world stories from penetration tests, ransomware cases, and phishing assessments Whether you’re a small business owner, IT leader, or simply curious about the state of cybersecurity, this episode sheds light on the challenges organizations face—and the practical steps they can take to strengthen their defenses.