SideChannel & Optimize Cyber: Rethinking Offensive Security and Risk Management
Key Takeaways
- Quality over quantity in penetration testing—understanding scope and outcomes matters more than checking a box.
- Offensive security and defensive strategy must work together within a clear cyber risk management structure.
- Vendor scrutiny is increasing, and independent assessments are becoming standard in insurance and compliance programs.
- Securing emerging systems—IoT, autonomous vehicles, and industrial automation—requires specialized expertise and new testing methods.
A Practical Conversation on Modern Cyber Risk
In this LinkedIn Live session, Brian Haugli, CEO of SideChannel, sat down with Matt Quammen, President and Co-Founder of Optimize Cyber, to discuss how organizations should approach offensive security and risk management. The conversation focused on practical measures that improve security outcomes rather than trends or slogans.
The Partnership and Focus on Specialized Roles
SideChannel and Optimize Cyber bring complementary expertise to the table—SideChannel in cybersecurity leadership and program development, and Optimize Cyber in offensive testing and risk validation. Together, they emphasized the growing need for specialized security roles and partnerships that align services with an organization’s maturity and priorities.
Building Effective Risk Management Structures
Brian and Matt outlined the four main pillars of modern cyber risk management: defensive operations, offensive testing, governance and compliance (GRC), and cyber insurance. They discussed how organizations should view penetration testing not as a regulatory step but as a means to genuinely assess and improve risk posture.
Quality and Market Maturity in Penetration Testing
The discussion highlighted a persistent problem in the market—inconsistent quality in penetration testing. Many organizations buy the least expensive option without understanding what a comprehensive test includes. Both agreed that testing should identify exploitable weaknesses, not just produce reports. SideChannel’s vCISO services and Optimize Cyber’s independent testing model align to help organizations make better use of these assessments.
Vendor and Insurance-Driven Risk Pressure
Organizations face increasing scrutiny from partners, insurers, and customers. Larger enterprises now require detailed third-party risk assessments and evidence of real security testing. Brian explained how companies can use penetration testing and structured risk data to improve their position with insurance underwriters. Matt noted that Optimize Cyber partners directly with insurers to help clients qualify for better terms through validated testing and assessments.
Securing Automation, IoT, and Critical Infrastructure
As operations become more automated, cybersecurity failures can directly halt production. Matt shared a case where a manufacturing plant lost $100 million in four days of downtime. These environments—robots, industrial Bluetooth, connected vehicles—require different testing methods than traditional IT systems.
Brian and Matt also addressed autonomous vehicles, drones, and water treatment facilities, stressing that cybersecurity for critical infrastructure must be treated as national security. Both agreed that regulation and accountability should increase for sectors operating connected systems that could impact public safety.
Looking Ahead
The session closed with a shared goal: continuing collaboration between SideChannel and Optimize Cyber to raise the bar for independent, high-quality cybersecurity services. Both organizations will continue exploring how offensive and defensive teams can work together to help businesses manage real-world risks more effectively.
Watch the full conversation here:
https://www.linkedin.com/events/penetrationtestingisjustacheckt7389678678315773952/theater
