Hack Responsibly
Coming soon.
Hack Responsibly
Hack Responsibly Episode 06: Testing at the Speed of Attackers
Use Left/Right to seek, Home/End to jump to start or end. Hold shift to jump forward or backward.
In this episode of Hack Responsibly, Karl Fossen talks to James Albany, NetSPI’s Senior Director of Network Pentesting, about his path from a SOC analyst to a penetration testing leader. They cover how AI and continuous testing are reshaping the security industry, what common gaps still show up in assessments, and what James is up to outside of work.
What’s discussed:
- Advice for newcomers: understand the fundamentals so you can gut-check what AI is doing well versus poorly
- The shift from point-in-time assessments to continuous testing programs and why clients are increasingly asking for it
- AI's role in security testing, including generating Nuclei templates and accelerating vulnerability discovery, and when traditional automation is still the better choice
- The "fire hose effect" of AI tools like Mythos compressing timelines for vulnerability discovery, proof-of-concept development, and remediation
- Underrepresented topics in security: SCCM/deployment server risks, Linux and Kubernetes environments, and supply chain security
- Common gaps still showing up in assessments, including Active Directory and application-level vulnerabilities that network scanners miss
- TFTP and PXE booting as surprisingly persistent and effective attack vectors
Hello and welcome to the Hack Responsibly Podcast, where we get to know NetSpy's technical leaders. I'm your host, Carl Foss, and today we'll be speaking with James Albany, the senior director that oversees network pen testing services here at NetSpy. I've gotten to know James pretty well over the years, and it was great catching up with him in this format. Here's my conversation with James. Welcome to Hack Responsibly, a NetSpy podcast focused on the experience of our NetSpy agents, including insights and trends in the cybersecurity industry. I'm your host, Carl Fawson. Today we have James Albany with us. James, you want to give everybody a quick intro about yourself?
SPEAKER_01Yeah, hey, I'm James. I've uh been at NetSpy for a few years now. I'm a senior director of infrastructure testing and lead those efforts at NetSpy.
SPEAKER_00Awesome. So uh you know, with Senior Director of Infrastructure, what have you been working on? Uh, what's kind of top of mind for you?
SPEAKER_01Yeah, so right now that's focusing on two things primarily. That's how we can improve our uh continuous testing capabilities across various verticals. Um, so that's internal, external, cloud, etc. Um, and then uh focusing on automation efforts and how we can use AI to augment our testing success and speed.
SPEAKER_00Well, those all sound like really cool things to be working on. Uh, how did you get your start in cybersecurity?
SPEAKER_01Uh yeah, so I started as a SOC analyst actually and a managed security services provider. Um, and did that for about a year, got a lot of good experience on different technologies. Uh, we managed IAM, so got a lot of experience with Active Directory and got to manage RSA tokens and then uh gamut of technologies uh for managing alerts and uh in the SOC there, and then transferred into penetration testing about a year later, um getting into consulting.
SPEAKER_00Yeah, I never knew that about you about the uh SOC side of things when we met, gosh, probably what, 10 years ago at this point, probably. Yeah. Uh yeah, you were at a different firm at that time and eventually came over to NetSpy here, but uh yeah, I didn't really know that about you. Very cool.
SPEAKER_01Yeah, yeah. It was uh overnight shift, but it was it was getting started in the industry and it was my first foot in the door.
SPEAKER_00So speaking of first feet in the door, uh you know, for people that are just starting their career, any advice that you would give to somebody that's early on in their cybersecurity career?
SPEAKER_01Well, the uh the early job market is much different than when I entered the cybersecurity industry. So I guess like my classic response would be to look at sock jobs like I did and kind of get a feel for the defensive side of the industry and the security industry as a whole, how things are handled. But really today, um I think people need to think about how AI can impact their automation and the speed at which they do things and create tools and uh things like that. But I think that a big focus or big piece of advice I'd give to newcomers is to really focus on um the technical aspects under the hood of the things they're building. Um really understand what's happening under the hood so that you're able to know what AI is doing really well and what AI is not doing so well.
SPEAKER_00That's good to hear. I think the fundamentals are absolutely important. Because yeah, to a certain degree, you can you can trust some of these models to give you the right thing out of it, right? But if you don't know enough of the fundamentals to do the gut check and be like, is this just a hallucination or is this like really a thing? Uh yeah, like if you don't know those core fundamentals, how do you know that you're actually reporting something that's real and valid, right? So getting that kind of under your belt first, I think that's super important.
SPEAKER_01Yeah, exactly.
SPEAKER_00So speaking of, did you kind of cut your teeth on that with your initial entry into the uh cybersecurity field? Or did you learn that you know prior to getting into that SOC job?
SPEAKER_01Yeah, I think I I actually had a research internship in college that allowed me to kind of build an Active Directory environment from the ground up, and then building off of that in my first job as a SOC analyst, getting my hands on a bunch of different technologies and then researching how those work. And really, as I got into penetration testing, realizing how the defensive side works for that fundamental understanding of how these things are being intaked by teams. Um, and then yeah, just building on that fundamental understanding and then constantly learning. I think earlier in the industry, there was a lot of focus on certifications. Uh, I think that's less and less now. Um, and there's just more information available to people for lower cost or free. But um yeah, I think just using those courses as learning material, not necessarily focusing on the certification, but making sure that you understand the information that those courses are displaying is really important for fundamental understanding.
SPEAKER_00I'm really jealous. Uh, when I was in school, we were, I guess in the program I was in, we were very locked into just Linux only and you know, very open source-centric kind of things. And not that it didn't prepare us for the real world, but like outside of having a computer lab that happened to have Windows in it, like we didn't talk about Active Directory or Windows or programming for Windows necessarily. Like a lot of the computer science background that I had was really focused on like, yeah, you're gonna program in you know, C, C, Python, you know, stuff like that on a Linux system. Uh, so we never touched that. Uh, I think I really didn't get my Active Directory experience until I was out of school and worked for a smaller company where you know, uh, hey, we need somebody to you know manage the Active Directory environment. And okay, I can help out, I guess. And learned a lot. It was great. Uh, but you know, it was really more like in the job uh kind of experience.
SPEAKER_01Yeah. Yeah, the professor at Penn State, Nick Jacoby, uh, he taught me a lot uh around that and he explained the kind of situation that colleges and universities go through with that, where it's really a timing thing of licensing combined with curriculum approval, where uh by the time that they're approved to give more concrete material around, like Active Directory users and computers for Windows 2008, all of a sudden that might be end of life, or they're moved on to 2012 and teaching the latest material. Yep. Which I understand. Um, so yeah, it was it was a really interesting and unique opportunity to get to work with him and really build that out for a research project.
SPEAKER_00In terms of tools, techniques, other kind of you know, fun stuff that you've learned over the years here, do you have a specific technique or tool that you like to lean on or that you think is particularly fun to use?
SPEAKER_01Um, I think on nowadays I am surprised to see how effective things like Pixie booting are and network boot functionality uh with things like SECM and config servers, uh being able to key in on that TFTP service on internal networks. Yep. Um I think otherwise I'll I'll kind of date myself with some of my go-tos. I think nowadays there's a lot of tools out, right? There's a lot of options to do a lot of things. Um, but before Bloodhound, I think my go-to was just using NetRPC in different ways for enumeration. Um I think I had just like a sheet of different net RPC loops that I would run to enumerate directory.
SPEAKER_00I could probably dig up my old checklist for that. I probably still have that.
unknownYeah.
SPEAKER_00I'm gonna have to look for that one. I so it's a good thing that I'm not a betting person, because if you had said TFTP was gonna be as prevalent as it still is today, say five to ten years ago, when you know we were starting to see more of those attacks kind of pop up and actually having some pretty good luck with it, uh, I would have thought, oh no, the TFTP is gonna be gone. Like I thought that was already kind of just barely hanging on by a thread, uh, say 10 years ago. Uh, but it actually seemed to pick up a ton more of adoption over the years. And I get it, it's you know, practical, and there's a lot of different ways it can be implemented. And uh it's just interesting to hear how prevalent that still is these days.
SPEAKER_01Yeah, it's uh open attack vector. I think a lot of it is um like we've been checking for it for years, like you say, but uh I think a lot of uh pen test groups might not check for it. It seems to be new information sometimes when um we're identifying these things.
SPEAKER_00Yeah. And it definitely feels like something that's kind of evolved over the years. Uh speaking of things evolving over the years, what have you seen kind of as a shift in the overall threat landscape or potentially from testing methodology uh over, you know, we'll say your years in uh in the cybersecurity consulting space?
SPEAKER_01There's a few perspectives here. I think the the biggest shift that I'm seeing is a focus on being able to operate continuously. So fixing that gap between point-and-time assessments if a new vulnerability is disclosed or a new service comes online um and having that tested, validated, make sure that you you know if you are or not vulnerable to uh a newly disclosed issue uh and things like that. And then nowadays uh there's things like uh the mention of mythos coming out, and I think that an important perspective to realize is that we're not dealing with any new problems or new techniques with some of these AI evolutions. It's more just a fire hose effect. So it's just the issues are coming at us faster. Um, so like a year ago, two years ago, these vulnerabilities still existed. It's just now we're gonna be faster to know about them, which is overall a good thing for the security industry, right? Um, because there will be less vulnerabilities that threat actors have access to that we do not. Um, and we can know about those and patch those and um things like that. But I think that's a key perspective that's lost on people is that we're not really dealing with any new problems in the security industry. It's just more of a fire hose effect of them coming at us faster.
SPEAKER_00Yeah, the volume that we're seeing with this and just the detection rates and the ease of being able to pull these things in. I totally agree with more of the kind of continuous approach of we have to be on top of these things because they're just they are coming at us at a fire hose pace. Uh do you feel like the time to proof of concept code is coming down? Because I feel like 10 years ago you would get a vulnerability to get introduced, and you might not see proof of concept code for six months to a year in some cases. Do you feel like that is starting to shrink?
SPEAKER_01Yeah, and I think it will keep shrinking with things like mythos. I think that drastically shifts that and could probably take some denial of service vulnerabilities into full remote code execution, um, depending on the vulnerability and things like that. But uh also the shift of being able to develop checks for some of these vulnerabilities. So, say you use something like Nuclei or any POC, just being able to generate a check and validate that is a much quicker process now than it was six months ago, a year ago, and things like that.
SPEAKER_00Oh, of course. Yeah, I I think the the big takeaway I'm getting here is that the timeframes are reducing overall, right? Time to detect the actual vulnerabilities themselves, time to get detections written as you know, new things are emerging, research gets put out there, that kind of thing. And then time frames for remediation and just making sure that you know everything's buttoned up and patched as quick as possible. I think everything's just kind of compressing to a certain degree, uh, thanks to a lot of the AI stuff, which may be a good thing. Uh maybe the remediation part uh compressing a little bit. But when you start talking volume with the time to identification, you start blowing that out of the water a little bit. So yeah, it'll be interesting to see how this evolves in the next few years. So, you know, speaking from you know a client perspective and how things are evolving there, are you hearing any interesting things from clients lately or interesting asks that they have that might be pushing different directions?
SPEAKER_01I think it's kind of the same vein. Uh, everyone is looking for how they can get continuous testing and then also um what we're doing with AI and how AI is being used. Um, we're having to use AI securely. We don't want to put any data in um AI workflows, but you can kind of abstract that with tool usage and things like that. So uh it's really just mainly questions around that speed, how we're using AI and how we're doing continuous testing, um, and how we're approaching those things to be able to rapidly identify these issues as they come out um over time. So it's it's definitely a move away. The industry is starting to move away from point-in-time mentality and more uh security programs that go on uh for longer periods of time.
SPEAKER_00Yes, I would totally agree with that one. I have gotten some interesting questions regarding AI. Uh, kind of a like for better or worse, you know, how are you using AI? And it's almost like it's a requirement that you have to use it, even if it's the right tool for the job or not. Uh there's some mandates out there that folks need to be using AI. And I don't know if I always agree with it, because sometimes traditional automation is just the better choice. But yeah, AI it's useful in a lot of different cases. So it's interesting to get some of those questions.
SPEAKER_01Yeah, it's it's interesting because AI is making us overall faster, but there's also situations where putting something at the tool level will be faster than putting it at the LLM level. Um, if you need quick defined response, like if it's do X or Y, then the tool level is usually better than um making that at the AI level, um, just for speed and things like that.
SPEAKER_00Yeah, I I think we are seeing a little bit of a shift where folks are focusing more on what can AI produce to help the automation, like you were talking about nuclei templates, uh, being able to produce those out of an AI and then utilize those in more traditional automations. I think that's really the way to go. Then instead of just sending the HTTP request in response over to the LLM to go, hey, process this and tell me if it's vulnerable, I think that's kind of a waste of AI resources. Like let's build actual templates to uh detect that instead. I think that's a little bit better focused, but that's my opinion.
SPEAKER_01Yeah, and another shout out, I uh Jake Reynolds made a blog about how uh they were using AI and not use or what how they were thinking about using AI or not at wire speed, and whether they were considering themselves an AI company. And um, he had some some good thoughts on that around how AI can produce maybe different results. So if you want something consistent, that might need to be at the tool level, and then he's the one who brought up the speed comment as well.
SPEAKER_00Yes, yeah. Shout out to Jake and Tim over at WireSpeed. So uh you get a little bit more exposure to this than I do. I'm not in the reports, I think, as much as you are, but from a gaps and vulnerabilities perspective, what are you seeing? Are you seeing any kind of common gaps or common vulnerabilities across the board?
SPEAKER_01I think we're still seeing people catch up on Active Directory Security because that's that's a big one. Um, and then externally, still seeing um vulnerabilities that scanners can't find, though this is getting better. I think that's one thing that AI is improving a lot um is application level scanning at scale, because uh your typical network vulnerability scanners won't find something like uh teleric UI is an easy example of just underlying technology in the application that could have a vulnerability associated with it, um, if using the wrong version or etc., where some of the AI-driven application scanners um are able to drive better results there at scale. But historically, we're still seeing uh a lot of vulnerabilities come out of that angle of if a network vulnerability scanner can't find it and then it's at the application level, then uh there may be still uh exploits present there.
SPEAKER_00Yep. Yep, that makes sense. So you had mentioned TFTP kind of prior. I always feel like that one's kind of underrepresented and not talked about as much. I mean, there's a handful of blog posts I've seen in the last couple of years here that call it out, but do you feel like that or any other topics are kind of underrepresented or people aren't talking about enough?
SPEAKER_01Yeah, I think um probably that one with uh just SECM and deployment servers being set up in networks in general. I think we've given Active Directory a lot of attention and maybe had too much focus on that. Um I think the talks that have kind kind of not gotten enough focus at conferences, for example, and things like that is some of the Linux uh environment and like Kubernetes stuff, um where people there's critical infrastructure being hosted there and uh a lot of times um gets missed in common security assessments because there's so much of a focus on Active Directory and things like that. Um and then the final one is uh supply chain risks and uh things of that nature.
SPEAKER_00Yeah, I feel like supply chain is picking up a little bit because we've seen some of the major compromises happen in the last year or so.
SPEAKER_01Uh would definitely that happens every few years.
SPEAKER_00Yeah. And it seems a little bit more frequent. It seems like some of the threat actor groups have been specifically targeting specific repos that they can potentially take over and seeing some of the uh GitHub actions take over kind of things recently. Uh a lot of that is getting really interesting to kind of see. So I think that's picking up a little bit, but from a Kubernetes perspective, I feel like that was the hot thing, probably like five years ago. People are really starting to get into that. It not just from an adoption perspective, but also from a security perspective. I feel like that's kind of cooled off a little bit, but I think it's really underrepresented myself. Uh yeah. Because it's definitely out there. We run into it a lot. But you know, I don't know if it's just we figured out the basics and everybody's talked about it already, and nobody wants to touch it anymore, or or what the deal is. But so speaking of kind of hot topic things or things that are kind of fun, do you have a most memorable engagement or favorite exploit that you can talk about without sharing too much you know info?
SPEAKER_01There's a few. I think most I'll I'll cop out in the probably most pen testers' most memorable engagement is a successful physical test. Um where I was able to get into a data center. I found a door that was uh basically broken and could stick my credit card in between the hinge and was able to get in pretty simply that way. But um yeah, being able to kind of sneak around a building. I was in the break room looking at uh the uh fire escape plan and the building plan so that I could know where to go and things like that, and going around not being asked questions, those are always those are always a fun one.
SPEAKER_00Those are really pro tips right there. The fire escape plan to get the building map. I I don't hear a lot of folks talking about that, but I have personally used that in the past to kind of like map out the different areas I need to get to, and it's super handy.
SPEAKER_01Sure. Yeah, and then another one, um not sure how much I can talk about it, but it was just a really interesting engagement where um a company was being pressured by a researcher about something the researcher had found, and we were able to work with the developers and really uh assess it end to end and um prove the researcher wrong, but also it was just a very interesting process of really going under the hood of a product and uh testing it end-to-end for this and other things.
SPEAKER_00That is really interesting. We'll have to talk about that one offline with a little bit more detail. I'm I'm curious about that one. Uh yeah, we we've had clients come to us uh saying, hey, this researcher is telling us we're vulnerable to this thing. Can you confirm it? And I can think of probably two or three different situations where we've gone in, either gone, yeah, no, they're actually correct here. Uh, here's what you need to do to remediate that, or a couple of situations where this is a really niche thing and it's not really a vulnerability. They're just kind of trying to scare you into you know buying their services, kind of ambulance chasing kind of behavior. Uh yeah, I'm not a big fan of that myself. Uh I think that's not the right way to go about it.
SPEAKER_01But always a fun time.
SPEAKER_00Now that I know that you're on social engineering, uh, Patrick Saylor, who we had in an earlier episode here, we're gonna have to give him a heads up that you know you might be an available resource here. I I didn't realize you had done that before.
SPEAKER_01Uh yeah, I haven't done it at NetSpy, but uh I have done it before that and red teaming I kind of stepped away from when I came to NetSpy.
SPEAKER_00So I'm curious, did you volunteer to do the social engineering or did you just kind of get booked on it?
SPEAKER_01Yes and no. Um I so uh so the my previous firm didn't have um our services segmented as much, um, if that makes sense. So um I kind of just did the gamut of all things uh pen testing.
SPEAKER_00I think that's super common. Uh you know, having worked at other firms prior to Nets by myself, I feel like anybody that's you know been at other firms or just in security in general and ended up doing social engineering, a lot of them just kind of got thrown on the project or kind of got voluntoled to do it. That's how it kind of started with me. It was like, I don't know, Carl seems kind of interested in this. Uh let's put him on the project. And then you just kind of fly by the seat, fly by the seat of your pants and learn it, and uh it's a ride.
SPEAKER_01Uh yeah, I think I think that probably started by when we were very early on in the industry, social and the phishing was usually maybe part of the external pen test. But then as the industry progressed, people started getting their phish from other vendors like security training vendors, things like that, um, where they didn't necessarily need it included in the external pen test and things like that. Um, so that might have been a shift that played into it. But uh yeah, we had at my previous firm we had kind of similar separation, but not um as detailed where we had application and infrastructure, but um the verticals weren't as defined um until shortly before I departed the company.
SPEAKER_00Yeah, I think uh when I started here at NetSpy, Scott Sutherland uh was doing a lot of our social engineering and kind of went, Oh, you've done this before. Okay, you can do some of it. And I I ran with it for a few years, and then we had Patrick join us, and Patrick took it over from there. And thankfully we've we've got a much more robust program and uh a lot more training around it uh than I, you know, years ago when folks were just kind of thrown on the projects and kind of well, let's let's figure it out. So right.
SPEAKER_01Yeah, I think when I started, Scott was leading five services still, I want to guess. Something like that.
SPEAKER_00But I think we've we've grown significantly in that time. So yeah.
unknownYeah.
SPEAKER_00Well, cool. Well, to kind of wrap up our conversation here, we usually like to do more kind of personal conversation stuff, learn a little bit more about you as a person, you know, stuff you like. Uh, do you have a favorite hacker book, movie, TV show, any kind of I don't know, media thing that depicts hackers or cybersecurity?
SPEAKER_01Uh few, I guess. Uh Mr. Robot is definitely the most accurate, I would say, just because they got the they had consultants with making sure they were not misspeaking and things like that. I thought that was pretty cool that they put more effort into accuracy there. Um but I mean the classic, I think my favorite is probably War Games, and then um the movie that actually, as corny as it is, the movie that got me into the idea of hacking was um hackers.
SPEAKER_00Okay.
SPEAKER_01I was watching it and we had a family friend over that um their son worked in the Navy and information warfare. And she was saying that her son basically was a professional hacker, and that caught my ear and started looking into it, and I got in contact with him, and that's basically the real, I guess, start start to getting interested in this and in my journey, I guess.
SPEAKER_00That's awesome. I feel like it's so more so much more commonplace nowadays for people to know what cybersecurity is, and you know, professional hacker is an actual job title, but 15, 20 years ago it did not seem as commonplace. And even in you know, computer science programs, stuff like that, it was kind of talked about like, well, you know, security is important, you should do security, but it never really talked about like consulting or uh you know doing security reviews, that kind of stuff. It was just like, well, you know, you should make sure that you protect against these hacker things that you might need to worry about.
SPEAKER_01Yeah, exactly.
SPEAKER_00I'm totally with you on uh Mr. Robot. It was so refreshing to watch that and see things be accurate. Because I I came into it thinking, uh maybe they'll get it right. And then you're watching actual command line terminal things go in, and you're like, yeah, no, that's actually that's the command I would run.
SPEAKER_01Who did a lot better than uh two people one keyboard?
SPEAKER_00Right, right. Or enhance, like yeah, we've we turned a or there was uh what was it?
SPEAKER_01CSI said uh see if I can build something and visual build a GUI and visual basic to track an IP address. Yep, yep. I think that was a good one.
SPEAKER_00Yeah, nope. So yes, I'm 100% with you. Uh very refreshing when it's something that's actually technically accurate.
unknownSure.
SPEAKER_00I mentioned it kind of at the start here, but you and I met quite a long time ago, I believe at DerbyCon. Yeah, yeah. So do you have a favorite hacker con? And now that DerbyCon's gone.
SPEAKER_01Yeah, I mean, dating myself here. I think DerbyCon was my favorite, to be honest. Um, I was disappointed to see that that stop. Um, but I get it. Running a con is a lot of effort, a lot of work. Um so really appreciate the people that did run it. Um, but yeah, I I guess I'd have to default to DEF CON. Uh ShmooCon is pretty good. Uh I don't know if that's still going. I haven't gone into the code.
SPEAKER_00That's done now, too.
SPEAKER_01Uh no. Yeah. Um well yeah, I guess I have to default to DEF CON. Uh ShmooCon always had a few sleepers, a few really, really good talks that you weren't expecting. Um but yeah.
SPEAKER_00And that one also had a really good lobbycon presence as well.
SPEAKER_01Oh yeah.
unknownOh yeah.
SPEAKER_00And that was one of the perks of Derby as well. Like I said, that's where we met initially, and like the number of folks I met or conversations that we had, you know, down in the lobby kind of area. Uh, not that it was better than the talk content, but definitely got tons of value out of that, in addition to like really solid talks that were happening there as well.
SPEAKER_01Right.
SPEAKER_00But that's it. DEF CON's still really good. Yeah, I really like all of the different villages and kind of like subgroups that you get with DEF CON now as compared to 10, 15 years ago, when it was really more like focused on the individual tracks that you had. But uh yeah, I usually try to pop into just random talks, just go into a track and sit down and just you know, do the uh the roulette there, and like, well, this one landed, this one's a solid talk. I'm really glad I did this one.
SPEAKER_01Yeah, yeah. I'm also a big foodie, so I have a soft spot for Vegas and the food that is available to you when you're there. It's expensive, but yes, offer great options.
SPEAKER_00I uh I wish the uh the prices there haven't scaled as high as they have. It's extremely expensive now compared to years ago.
SPEAKER_01But yeah, you just go put it all on black and see if you're going to dinner tonight.
SPEAKER_00There you go. Well uh last question here. I always like to ask folks about kind of personal projects and you know things that they might be working on outside of work that might be kind of hacker adjacent or kind of home lab kind of things. Do you have any personal project kind of stuff that you're proud of or that you're working on that is kind of fun?
SPEAKER_01Yeah, I've I'm slowly, very slowly but surely setting up uh a home AI lab. I've always run small lab in my in my house, like a few VMs. I have a Synology and I run a GitLab server, things like that. Um but yeah, slowly but surely setting up an AI lab. Um I jumped on the Mac Mini bandwagon, but the problem is the shipping time on those right now is 16 to 18 weeks. Oof. Yeah, and I think they're coming out with a new one, but I don't know. I never thought I would say an Apple product was the most affordable and practical option for a project, but it seems to be with the way GPUs are going and uh servers and things like that.
SPEAKER_00Yeah, I've looked into some of the automation stuff around that and and setting that up at all. I just haven't had the time or bandwidth to do so. Uh, I already have a backlog of home automation stuff with the existing tech that I have and thought about oh well, I could automate it to do this, and like, yeah, but I also need to like fix the 10 other things that I need to do before I actually get to that point.
SPEAKER_01Yeah. One of these days I'll get it. Yada yada yada.
SPEAKER_00But oh yeah. I you're you're talking to somebody who needs to pull some cat five over here. So yep. Or well, I guess cat six, whatever. Anyways, I need to pull some networking wire at my house that's on the to-do list. So well, yeah. Ever growing list. Really appreciate the time today and getting to uh have a more in-depth conversation with you here in this format. Uh, if people want to get a hold of you, any any preferred channels for that?
SPEAKER_01Um, I don't keep up with X or Twitter as much anymore, but uh can reach out to me on LinkedIn if you're trying to connect. Uh, I keep up with that pretty frequently these days.
SPEAKER_00Good to hear. And there's typically comments on uh videos related to our release for this. So if folks have any questions, feel free to drop those in the comments. We try to keep tabs on those, see if anybody has any questions we can answer. But uh yeah, really appreciate having you on today. And anything else that you might want to promote or share?
SPEAKER_01Uh nothing more from me.
SPEAKER_00All right. Well, again, thanks for the time, and we'll talk to you later. Thanks. And that was our conversation with James Albany. Thanks for joining us on this episode of Hack Responsibly. If you'd like more episodes, make sure that you like, subscribe, follow all the things, and check out NetSpy's website to get connected with us. Thanks again. Remember, Hack Responsibly.
