In this episode of the Vertali Podcast, host Ed Nell is joined by Kev Milne, Cyber Threat Manager at NatWest Group who also runs a mainframe pen testing course and is writing a book on Mainframe Hacking. Kev gives us a deep dive into cyber risk quantification, red teaming, and the growing need to include mainframes in modern cyber security testing. Kev draws on more than 30 years of experience in cyber security, from penetration testing and risk management to cyber threat intelligence, to explain why organizations need to move beyond vague risk labels and toward evidence-based, business-focused conversations about cyber threats.
Key Takeaways
Cyber Risk Quantification Makes Risk More Actionable: Kev explains that cyber risk quantification helps turn cyber security from a vague discussion of “high” or “medium” risk into something more useful by identifying likely threat actors, attack methods, technical outcomes, and potential financial consequences. This makes it easier for leaders to understand what is really at stake.
Evidence Matters More Than Assumptions: Rather than relying on gut feel or subjective scoring, Kev emphasizes using penetration test reports, red team findings, audit reports, vulnerability scans, and risk registers to measure actual exposure. That evidence-based approach helps validate whether security controls are truly working.
Red Teaming Goes Beyond Traditional Penetration Testing: Kev describes red teaming as broader and more realistic than a standard penetration test. It can include physical security, social engineering, open-source intelligence, phishing, and cross-network movement to simulate how real attackers behave, rather than just testing a narrow technical scope.
Mainframes Should Not Be Left Out: One of the episode’s core messages is that mainframes are still often excluded from red teaming and cyber risk quantification because many security teams do not understand them, while mainframe teams may be wary of offensive testing. Kev argues that this creates a dangerous blind spot, especially since attackers are unlikely to ignore systems that hold critical business data and processing power.
AI Is Accelerating the Threat Landscape: Kev highlights how AI is making phishing and cyber attacks faster, easier, and more effective. He points to a rise in successful phishing and faster lateral movement within networks as signs that organizations need to improve testing, monitoring, and communication now rather than later.
Best Moments
“Cyber risk quantification is really about making cyber risk useful.”
“When you start to see, here is a risk, here is who could attack it, here’s how they would do it, and this is the outcome technically and the outcome financially, that is where cyber risk quantification becomes really pretty useful.”
“Red teaming engagement is more about see what you can do, see if you can get in.”
“The mainframe is doing all the processing… the crown jewels.”
“If we don’t test, there’s something that we don’t know that they will know.”
“Make sure that the techies and the business side talk to each other.”
About Vertali
Vertali is a leading cyber security company specialising in IBM® mainframe infrastructure. With deep expertise, innovative software, and trusted resources, Vertali supports organisations across the UK and globally, particularly in finance, retail, utilities, and government sectors.
100% focused on mainframe systems, Vertali helps organizations secure and optimize their operations. By combining advanced technology with expert insights, Vertali delivers powerful cybersecurity solutions and consulting services that protect against evolving threats. Driven by a proactive approach, Vertali enables businesses to build resilient systems, safeguard sensitive data, and maintain smooth, uninterrupted operations in the face of cyber risks.
Connect with Vertali: https://vertali.com/
","author_name":"Vertali"}