166: Maxie

What It Covers

Maxie Reynolds shares her journey from underwater robotics to physical penetration testing, including breaking into secure facilities, accidentally shutting down a city's water supply, stealing transport trucks, and founding an underwater data center company.

Key Questions Answered

• •Physical Security Failures: Keys left in truck ignitions, cup holders, under mud flaps, and on visors enabled theft of multiple commercial transport vehicles from a logistics facility with supposedly secure perimeters and 24-hour security patrols that never materialized during testing.
• •Credential Management Weakness: Unlocked computer terminals left running overnight in critical infrastructure facilities create immediate access points for attackers. Organizations must enforce automatic lockouts after inactivity periods and require authentication for all workstation access, even during off-hours when facilities appear empty.
• •Penetration Testing Risks: Junior testers without proper supervision can cause catastrophic failures. One mistyped command shut down an entire city's water supply during a network test, demonstrating why graduated responsibility, real-time monitoring, and immediate rollback capabilities are essential for infrastructure assessments.
• •Perimeter Security Gaps: Multi-layered physical security with armed guards, vehicle scanning, and access lists can still fail when underground infrastructure like sewage tunnels remains unmonitored. Organizations must map and secure all physical access points including utility corridors, not just obvious entry points like doors and windows.
• •Underwater Data Centers: Submerged facilities reduce capital expenditure by 80 percent, eliminate dust-related failures, require minimal cooling since water absorbs four times more heat than air per degree Celsius, and provide superior physical security since accessing them requires submarines or remotely operated vehicles.