Ethical Hacking in Action
– Vlad-Cosmin Matei on the Tests That Make a Difference
Cybersecurity is no longer a luxury—it’s a necessity. As digital threats grow in complexity, having experts like Vlad-Cosmin Matei on your side is a game-changer. In this interview, Vlad-Cosmin Matei, a penetration tester at HiQ, shares his insights into the world of ethical hacking, vulnerability assessments, and why security is a team sport.
Vlad, cybersecurity has become a hot topic in the boardroom.
As a penetration tester, how do you help businesses stay
ahead of threats?
– My role is about identifying risks before attackers do. Penetration testing, or pentesting, is a controlled way of simulating real-world cyberattacks to find vulnerabilities in systems, networks, and applications. It’s not just about running tools and finding flaws – it’s about understanding how those vulnerabilities could impact a business. Once we identify gaps, we provide clear recommendations so companies can strengthen their defenses. Ultimately, it’s about reducing risk and building trust in the systems they rely on.
What differentiates a good penetration test from a great one?
– A great penetration test doesn’t just deliver a list of issues – it provides context. It’s about mapping vulnerabilities to real-world scenarios and answering the critical questions: What could an attacker do with this vulnerability? How likely is it to be exploited? And what’s the potential business impact? A great test goes beyond the technical report to deliver actionable insights that align with the company’s priorities and risk tolerance.
Balancing time constraints with deep dives into systems can
be a challenge. How do you manage that in client projects?
– Time management is key. Typically, we have a set number of hours to simulate attacks, so prioritization is critical. We focus on high-risk areas first – systems or applications most exposed to potential threats. At the same time, we stay flexible because pentesting is rarely linear. Some paths lead to dead ends, and others reveal unexpected vulnerabilities. Success comes from having a clear plan but adapting quickly as you uncover new information.
Success comes from having a clear plan but adapting quickly as you uncover new information.
Vlad-Cosmin Matei, Cybersecurity Consultant, HiQ
What’s the most rewarding aspect of tackling these challenges?
– The most rewarding part is knowing the work we do directly prevents breaches. It’s satisfying to uncover a critical vulnerability, present it to the client, and see them implement fixes that protect their business. Another aspect is the constant learning – cybersecurity is a field where you never stop growing. Each system or client brings new challenges, and that keeps the work fresh and exciting.
For organizations investing in cybersecurity, where do you see
the most common gaps?
– One of the biggest gaps is underestimating the importance of regular testing. Systems evolve, new features are added, and attackers develop new techniques. A penetration test isn’t a one-and-done activity – it needs to be part of an ongoing security strategy. Another common issue is overlooking the human element. Many breaches start with social engineering or weak passwords, so investing in training and awareness is just as important as securing the technical side.
There are a lot of tools out there, like “Hack the Box”.
How do they keep your skills sharp?
– Platforms like PortSwigger Labs are excellent for staying on top of the latest attack methods and defense strategies. They provide realistic scenarios where you can test techniques in a safe environment. It’s a sandbox for experimentation and a way to ensure your skills don’t just keep up—they stay ahead. In cybersecurity, attackers are always innovating, so as defenders, we need to be just as proactive.
For companies considering a penetration test, what
should they look for in a partner?
– Look for a team that goes beyond ticking boxes. The right partner should be collaborative, deeply knowledgeable, and focused on understanding your specific business needs. A good penetration tester doesn’t just think like an attacker – they think like your attacker, considering your industry, systems, and unique risks. Transparency is also critical – clients should feel they’re gaining insights, not just a technical report.
What’s next for you in cybersecurity, Vlad?
– The landscape is constantly shifting, and I’m particularly excited about how AI and automatizationare influencing both attacks and defenses. My focus is on staying ahead of these trends and continuing to help clients navigate this complex environment. Every new project is a chance to learn, adapt, and contribute to a safer digital ecosystem.
Curious for more insights? visit our knowledge hub or get in touch!