The following blog post was originally published in the 2026 edition of Inside the Mind of a Hacker. Download the full report for more insights from hackers and security leaders.
Aaron Guzman is the CISO of Cisco Network Product Engineering, a leading organization securing enterprise and industrial networking devices from wireless access points, routers, switches to IoT cameras and sensors. The company plays a pivotal role in securing the infrastructure that moves the world’s data. Aaron is the author of IoT Penetration Testing Cookbook and has served as technical reviewer for Practical IoT Hacking and Bug Bounty Bootcamp. As OWASP’s IoT Project Leader, he leads the IoT Security Testing Guide initiative.
Like so many security leaders, Aaron started as a hacker, fueled by a curiosity to take things apart, understand how they work, and make them do things they weren’t designed to. The curiosity that once drove him to take apart toy cars to see what made them move now applies to hardware, firmware, supply chains, and software at enterprise scale. We sat down with Aaron to understand how hacking and security leadership go hand in hand, the challenges of securing hardware, and the impact of AI.
Aaron’s hacking origins are rooted in hands-on problem-solving and learning to figure out how systems behave. “Growing up without internet service at home made connectivity feel like a privilege, not a given,” Aaron says. “This led to me hacking access points and wireless networks, not maliciously, but because connectivity was valuable and I wanted to understand how it worked.”
Aaron later applied these values, along with a strong work ethic, to several technical support roles, followed by application security and pen testing roles. Finally, he found his way into leadership, but the hacker mindset never left. “I followed my curiosity through networks, systems, communities, and eventually into the rooms where decisions get made about how organizations defend themselves. Now, instead of breaking into systems, I break down organizational assumptions about security. The question changed from ‘How do I get in?’ to ‘Why do we keep building things that let adversaries in?’”
Hardware security is something that many CISOs are beginning to consider, but Aaron has always centered hardware as a major focus for his team. “Hardware lives at the edge of innovation, and that edge cuts both ways. We prioritize hardware security because network devices are foundational infrastructure. They’re not just assets—they’re the highways that make connectivity possible,” Aaron asserts. “A compromised router isn’t just a singular problem; it’s a pivot point to everything flowing through it.”
This is especially relevant in the age of AI, as these hardware devices are what makes AI possible. These devices move the data that trains models and serves inference at scale, as well as the next wave of quantum computing and networking.
Aaron notes that securing hardware comes with some unique challenges:
Overcoming these challenges requires reimagining foundational design and quality practices for the era of AI-powered adversaries. “The attackers of tomorrow will find vulnerabilities faster, chain exploits more creatively, and scale attacks more efficiently than we’ve ever seen. Our security practices need to evolve ahead of that curve. This means minimizing exposure through design—not just testing. This means treating security and quality as inseparable. This means embracing collaboration, transparency, and partnership across the ecosystem,” Aaron says. “Better outcomes come from working openly with hackers, suppliers, and partners rather than treating security as a proprietary secret. The devices we build power the world’s connectivity highway. That’s a responsibility worth taking seriously and an incredible honor to have.”
Aaron believes that AI creates massive value as an accelerator, both offensively and defensively. He’s actively finding methods to measure its effectiveness across security testing for devices as models evolve.
“New agentic capabilities are emerging that decompose security processes into automated workflows with organizational context, completing in minutes what previously took hours or days. Skills—an open specification (agentskills.io) that enables AI agents to acquire new capabilities through portable, reusable instruction sets—are being adopted by leading providers, enabling interoperability from personal workflows to enterprise security testing. This fosters a dynamic partnership between AI agents and humans,” Aaron says. “The hackers who learn to collaborate effectively with AI will find more bugs, produce better reports, and ultimately have greater impact—whether through bounty earnings, full-time security roles, or shaping how organizations defend themselves.”
One area where Aaron envisions huge opportunities is augmenting internal pen test teams with the assistance of AI. He believes teams must embrace AI security testing, shifting the model from “humans doing all the work” to “humans as operators managing agentic workflows.” This dynamic partnership between AI and humans where AI handles scale and speed while humans provide judgment and direction is critical. “AI alone won’t replace the human creativity needed to find novel attack paths, but a little nudge from AI definitely helps. I suggest teams start with small, impactful workflows and build on them. It’s only going to get better from here,” Aaron declares.
Check out the rest of Inside the Mind of a Hacker for insights from over 2,000 hackers!