A Conversation with Romeo Mungiu, Cybersecurity Technical Lead at CyberSA
Romeo, what does conducting a Penetration Test mean to you?
Conducting a Penetration Test is like playing a game of chess, except the opponent is invisible and the rules are constantly changing!
At CyberSA, when we conduct a test, we don’t just use standard tools or follow checklists. We think like attackers, putting ourselves in the shoes of those who might want to exploit a vulnerability. Each test is an opportunity to challenge not only the infrastructure but also ourselves.
What experiences have impacted you the most in your work?
Well, over the years, I’ve seen it all.
From the gaming industry, with massive servers and stringent security levels, to critical infrastructures where, for example, an update can require weeks of planning. I’ve worked in healthcare environments where every Bluetooth device can pose a risk, and in small companies where the development teams’ passion is so strong that you find original solutions at every corner.
But what always leaves a lasting impression on me is the importance of our work!
We’ve stolen credentials, compromised domain controllers, exfiltrated data, and every time I wonder: ‘What would happen if this attack were real?"
It’s an enormous responsibility, but also a fascinating challenge.
Is a Penetration Test Just About Finding Vulnerabilities?
Absolutely not!
Identifying vulnerabilities is just the starting point. The truly crucial part is understanding which vulnerabilities can have a significant impact and, most importantly, clearly explaining to the client how to resolve them. Every infrastructure is different, and each vulnerability can pose unique risks. Our job doesn’t end when we find a problem; that’s when the most important part begins: helping the client solve that problem.
How Do You See the Future of Penetration Testing?
It’s a constantly evolving world.
With regulations like NIS2 and DORA, we will see more and more sectors forced to implement tests they previously did not consider. And then there are new technologies: with the arrival of LLMs, we expect to face completely new challenges, such as prompt injection. The threat landscape is not static, and that is why we as penetration testers must always stay one step ahead of the attackers!
Can you give us one last piece of advice?
A Penetration Test is never a “one and done” process.
Threats evolve, just as infrastructures do.
My advice is simple: never underestimate the importance of regular testing.
Only this way can we truly prevent attacks and protect what matters most!
English (UK) 
Italiano
Leave a Reply