NetSPI’s CPTO on why proactive security is fast becoming the enterprise default

As attack surfaces expand across cloud, applications and AI-driven systems, traditional compliance-led penetration tests are proving inadequate. In a recent conversation with TechCircle, Sridhar Jayanthi, Interim Chief Product and Technology Officer at NetSPI, a security solutions provider focused on penetration testing as a service, explains why continuous, human-led security testing is gaining ground, how AI is reshaping offensive security, and why India is central to the company’s innovation roadmap. Edited excerpts.

As Interim Chief Product and Technology Officer, what are your top priorities for accelerating innovation at NetSPI?

My focus is on scaling innovation while staying grounded in real-world security outcomes. That means continuing to mature the NetSPI Platform as a unified, enterprise-grade system and deepening the integration between automation, AI and human-led testing.
We are investing in capabilities that enable continuous discovery, faster validation and smarter prioritisation across complex environments, including cloud, applications and AI systems. In parallel, we are equipping our penetration testers with more effective tools and context, enabling them to focus on the highest-impact threats. Innovation for us is not about feature expansion, but about making proactive security more scalable, repeatable and effective.

Why is the shift from reactive, point-in-time testing to proactive security becoming unavoidable for enterprises?

Enterprise environments now change too quickly for point-in-time testing to remain effective. Cloud adoption, agile development, third-party integrations and AI systems introduce new exposures continuously, not annually.
Snapshot-based testing inevitably leaves gaps between assessments. Proactive security reflects operational reality by continuously testing assets as they evolve, validating fixes and adapting to new threat intelligence. For large, dynamic environments, this shift is no longer optional.

What gaps in traditional penetration testing led to the rise of PTaaS?

Traditional penetration testing was built as a project, not a programme. It typically delivers a static report weeks after testing, with limited ability to validate remediation or retain learnings over time.
Penetration testing as a Service (PTaaS), a cloud-based model that combines automation with human assessments to identify vulnerabilities, addresses this by making testing continuous. It enables real-time visibility into findings, streamlined collaboration and rapid retesting, closing the gap between discovery and remediation.

How does NetSPI’s PTaaS platform deliver better outcomes than compliance-driven annual assessments?

Compliance-led assessments focus on meeting minimum requirements, not reducing real-world risk, and are often conducted just once a year. NetSPI’s PTaaS embeds testing into day-to-day operations. Findings surface in real time, are prioritised by risk, and flow directly into remediation tools such as Jira and ServiceNow. Continuous testing and retesting ensure vulnerabilities are verified as resolved, delivering measurable risk reduction rather than checkbox compliance.

How are AI and automation integrated without diluting human-led security testing?

AI and automation are designed to amplify human expertise, not replace it. We use them to accelerate asset discovery, identify patterns at scale and prioritise testing based on risk. This frees our testers to focus on complex attack paths, logic flaws and novel exploitation techniques that automation alone cannot uncover. Human-led validation remains central, ensuring accuracy and context.

How does continuous testing make security more predictive for CISOs?

Continuous testing gives CISOs ongoing visibility into how their attack surface is changing and where risk is building up. By correlating testing results with exposure data and threat intelligence, teams can spot trends rather than isolated issues.
This allows leaders to anticipate where breaches are most likely and allocate resources proactively, instead of reacting to incidents or audits.

What is driving PTaaS adoption among large enterprises and regulated sectors such as BFSI?

These organisations face scale, complexity and intense scrutiny. They manage sensitive data, expansive environments and strict regulatory expectations. PTaaS offers continuous visibility, repeatable methodologies and auditable workflows. For BFSI and similar sectors, it supports both security and compliance while enabling faster remediation and sharper risk prioritisation.

With many vendors claiming “continuous testing,” what differentiates your services?

Continuous testing is not about running scanners more often. Our differentiation lies in delivering enterprise-scale, human-led continuous testing through a mature SaaS platform.
We combine proprietary automation, attack surface management and AI-driven insights with a large team of full-time, vetted penetration testers following standardised methodologies. This ensures actionable outcomes, not noise.

How important is India to NetSPI’s product and innovation roadmap?

India is central to our global strategy. We have built a strong presence with highly skilled engineers, security testers and quality professionals contributing directly to product development and service delivery. This talent base helps us scale efficiently while maintaining enterprise-grade standards. India will remain a key hub for innovation as we expand globally.

Looking ahead to 2026, how will proactive security and PTaaS evolve?

Proactive security will become the default expectation. Enterprises will increasingly adopt continuous threat and exposure management models that unify testing, monitoring and validation. The PTaaS market will mature around platform depth, integration and the ability to secure emerging technologies, including AI systems. Providers that blend automation with human expertise and deliver measurable risk reduction at scale will define the next phase.