The Future of Pentesting: AI, Automation, and Better Reporting with Dan DeCloss
In this episode of Simply Offensive, Philip Wylie welcomes Dan DeCloss, the founder of PlexTrac. The two veterans of the cybersecurity industry discuss their history together, the evolution of report writing, and the seismic shift AI is bringing to offensive security.
From the struggles of manual Word document formatting to the "Hacking as a Service" era, this conversation covers where the industry has been and where it’s headed as we approach RSA 2026.
The "Boring" Part of Hacking: Why Reporting Matters
Most hackers get into the field for the thrill of the exploit, not the labor of documentation. Dan and Phil reflect on the early days of reporting:
- The "One Person" Problem: Many firms relied on internal tools maintained by a single person who was also busy pentesting, leading to slow updates and volatile software.
- The Word Document Nightmare: Consultants used to spend hours merging reports from multiple testers into a single Word file, struggling with font consistency and resizing screenshots.
- PlexTrac’s Origin: Dan started PlexTrac to solve these exact pains, moving toward collaborative, real-time reporting that allows teams to work together seamlessly.
AI: The Ultimate Assistant for Defenders and Attackers
Dan shares his perspective on how AI is transforming the "cat-and-mouse" game of security:
- The Speed Advantage: While AI helps defenders, Dan worries it may speed up attackers even faster. Attackers aren't slowed down by corporate politics or non-technology aspects of a "day job".
- Automating the Mundane: For pentesters, AI is a powerful assistant that can automate tedious tasks like validating TLS/SSL vulnerabilities, allowing testers to focus on complex exploitation.
- Enhanced Reporting: PlexTrac has already integrated AI to help write custom findings and narrative sections based on report data, significantly cutting down the time spent on documentation.
Career Transformation and the Job Market
Will AI replace pentesters? Dan offers a measured view:
- Bridging the Skills Gap: AI is already helping to bridge the talent shortage in cybersecurity by acting as an "on-call assistant" for entry-level and experienced professionals alike.
- The Transformation Era: While some entry-level white-collar roles may disappear, Dan believes innovation will create new jobs we haven't even named yet—much like the industrial revolution or the dawn of the internet.
- Adaptability is Key: The job you have in 18 months might not exist today. Success in this field requires staying on the "wave" of change.
Advice for Industry Newcomers
Dan, who has two degrees in computer science and served in the DoD, emphasizes foundational knowledge:
- Networking and Systems: Understanding how systems communicate and how they are misconfigured is the cornerstone of being a good pentester.
- Lower-Level Coding: While not always strictly necessary, understanding coding helps you see how systems work under the hood.
- Stay Curious: Use AI as a research tool to understand known vulnerabilities and potential threat vectors at your fingertips.
Coming Soon: PlexTrac will be showcasing new, unannounced AI capabilities at RSA 2026. Be sure to stop by the booth to see the latest in reporting automation.
Watch the full episode: The Future of Pentesting with Dan DeCloss
.png)
.png)
.png)
