🎙️
AIPodify
Shows

Darknet Diaries

There's No Way Into This Tech Company's Server Room ... Except Through the SewerEpisode 166: Maxie

Guest: Maxi ReynoldsDecember 2, 2025
penetration testingsocial engineeringphysical securitycybersecurityattacker mindsetdata centersunderwater roboticssubsea technologyred teamingosint
There's No Way Into This Tech Company's Server Room ... Except Through the Sewer💧Episode 166: Maxie

Episode Summary

AI-generated · Mar 2026

AI-generated summary — may contain inaccuracies. Not a substitute for the full episode or professional advice.

In this episode of Darknet Diaries, host Jack Rhysider interviews Maxi Reynolds, a penetration tester, social engineer, and author known for her unique approach to cybersecurity. Reynolds, who started her career in underwater robotics and even stunt work before transitioning to computer science, shares her adventurous journey into red teaming and physical security. The central thesis of the episode revolves around the critical importance of developing an "attacker mindset"—understanding how malicious actors strategize, manipulate, and persist—as the most effective way to build resilient defense systems, rather than solely relying on tools or policies.

Reynolds recounts several of her most memorable penetration tests, illustrating the power of social engineering and physical infiltration. Her first physical pen test involved successfully, albeit briefly, posing as a Swedish ambassador to gain entry into a transport company's facility in Australia. Another engagement saw her, as part of a team, attempting to find vulnerabilities in a local government's network from the inside, leading to the accidental shutdown of the city's water supply and an interrogation where she was accused of being a Russian spy. These high-stakes experiences honed her understanding of real-world vulnerabilities and the profound impact a penetration tester can have.

Her skills were further tested during a solo mission to infiltrate a high-security logistics company. After failing to bypass perimeter security through conventional means, Reynolds discovered an open second-floor window accessible via stacked pallets and navigated down a pegboard wall. Once inside, she found unlocked computer terminals and successfully completed her objective. Impressed, the client then challenged her to "steal" trucks from their lot, a task she accomplished by finding numerous keys left unsecured in and around the vehicles, even those in a fenced-off area.

The culmination of Reynolds's experiences and her attacker mindset led her to address one of the most challenging security problems: protecting data centers. Faced with an impenetrable data center perimeter during a pen test, her team ultimately gained unauthorized access through a sewer line. This revelation sparked a groundbreaking idea: if traditional data centers are so vulnerable, why not put them underwater? This led her to co-found a company developing modular underwater data centers, offering not only enhanced physical security against attacks but also significant cost savings and environmental benefits through natural cooling. Reynolds outlines how these subsea data centers leverage existing underwater infrastructure for power and fiber optics, and are physically secured by immense water pressure and self-destruct mechanisms.

Listeners will walk away with a profound appreciation for the ingenuity of penetration testers and the critical need for organizations to adopt a comprehensive security posture that includes robust physical defenses, strong social engineering awareness, and a deep understanding of the attacker's perspective. The episode highlights that security is not just about technology, but about human behavior and out-of-the-box thinking.

👤 Who Should Listen

  • Cybersecurity professionals seeking to enhance their understanding of physical penetration testing and social engineering techniques.
  • Business leaders and security managers responsible for protecting critical infrastructure or data centers.
  • Individuals curious about innovative solutions for data center security, such as subsea technology.
  • Aspiring red teamers or social engineers looking for real-world examples and career insights.
  • Anyone interested in the psychological aspects of security and developing an 'attacker mindset' for defensive strategies.
  • Professionals in logistics, transport, or government sectors concerned about physical access vulnerabilities.

🔑 Key Takeaways

  1. 1.Physical penetration testing often leverages open-source intelligence (OSINT) to identify potential entry points or pretexts, such as knowledge of a company's international connections or maintenance schedules (08:35, 45:59).
  2. 2.Social engineering frequently exploits human tendencies, with Maxi Reynolds successfully using pretexts like a Swedish ambassador or a maintenance worker to bypass initial security checks (10:11, 45:59).
  3. 3.Even authorized penetration tests carry significant risks, as demonstrated by Maxi Reynolds's accidental shutdown of a city's water supply and subsequent interrogation by police for being a suspected Russian spy (19:56, 21:27).
  4. 4.Traditional layered security measures for data centers can be circumvented by unconventional physical access points, with one highly secure facility being breached through a sewer line (47:01).
  5. 5.Many companies exhibit poor physical security practices, such as leaving keys in or around vehicles, leaving windows unlocked, or having loading doors unconnected to alarm systems, creating easy avenues for unauthorized access (33:43, 36:46, 38:49).
  6. 6.Developing an 'attacker mindset' is crucial for designing effective defenses, as it enables security professionals to anticipate how an adversary would strategize, manipulate, and persist beyond mere technical safeguards (41:56).
  7. 7.Underwater data centers offer superior physical security by leveraging water pressure and depth to deter access, making them resistant to conventional intrusion methods short of nation-state submarine capabilities (56:16).
  8. 8.The cognitive skills honed in an attacker mindset, such as grit, determination, and goal orientation, are also valuable for navigating normal life (42:57).

💡 Key Concepts Explained

OSINT (Open-Source Intelligence)

OSINT is the practice of collecting information from publicly available sources to gather intelligence about a target. In this episode, Maxi Reynolds uses OSINT to research target companies, learning details like their international connections or specific maintenance needs to formulate a pretext for social engineering, proving its importance in planning penetration tests (08:35, 45:59).

Attacker Mindset

The attacker mindset is a strategic way of thinking that security professionals must adopt to design truly effective defenses. Maxi Reynolds explains it involves understanding how an attacker strategizes, manipulates, and persists, rather than solely focusing on tools, networks, or policies. This approach is fundamental to building resilient systems and identifying vulnerabilities that traditional security measures might miss (41:56).

Underwater Data Centers

This concept involves housing servers in watertight, modular shipping container-like units on the ocean floor, as conceived and implemented by Maxi Reynolds. It's presented as a novel solution for extreme physical security against unauthorized access, leveraging the immense pressure of water and the subsea environment for cooling, offering significant cost savings and environmental benefits (49:03).

⚡ Actionable Takeaways

  • Conduct thorough OSINT on your own organization to identify publicly available information that could be leveraged by attackers for social engineering or physical infiltration (08:35).
  • Implement stringent key control policies for all vehicles and facilities, treating physical keys with the same level of security as digital access badges (39:10).
  • Evaluate your physical security beyond typical entry points by considering unconventional access routes like sewer lines, utility tunnels, or unsecured roof access (47:01, 30:39).
  • Regularly test your organization's human element through social engineering exercises to gauge susceptibility to pretexts and develop stronger employee awareness (10:11, 45:59).
  • Ensure all doors, windows, and loading bay access points are properly secured and integrated into alarm systems, as demonstrated by vulnerabilities found in the logistics company (33:43, 38:49).
  • When debriefing security findings, adopt a 'soft' and educational approach, explaining vulnerabilities without assigning blame to foster improvement rather than defensiveness (40:54).
  • Explore the 'attacker mindset' for developing security strategies, understanding how a determined adversary thinks and acts to identify overlooked weaknesses (41:56).

⏱ Timeline Breakdown

00:00Host Jack Rhysider shares the story of the Cardiff Giant hoax from the 1860s.
02:01Introduction to Maxi Reynolds and her early life seeking adventure and travel.
03:03Maxi discusses her struggles to get a job in underwater robotics due to gender discrimination.
04:03Maxi obtains private pilot's licenses for planes and helicopters to secure a job in underwater ROV piloting.
06:06Maxi develops a passion for computers, earns a degree in computer science, and briefly works as a stuntwoman.
07:08Maxi gets her first cybersecurity role as a penetration tester in Australia.
08:10Maxi prepares for her first physical pen test, planning to pose as a Swedish ambassador to infiltrate a transport company.
12:13Maxi is confronted by a Swedish-speaking man inside the target facility and subsequently detained by security.
15:17Maxi's first pen test solidifies her desire to pursue a career in penetration testing.
15:56Maxi participates in an internal network penetration test for a local government office in Australia.
19:56Maxi accidentally triggers a command that shuts off the city's water supply during the pen test.
21:27Maxi is detained, interrogated, and accused of being a Russian spy by security and police.
24:31Jack reflects on the vulnerability companies feel when a penetration tester reveals their weaknesses.
25:33Maxi leaves Australia and recommits to red teaming and physical building infiltration in the United States.
26:34Maxi details a solo mission to infiltrate a high-security logistics company's warehouse.
30:39Maxi gains entry to the warehouse by climbing stacks of pallets to an open second-story window.
32:41Maxi uses the building's pegboard walls to climb down from the window to the warehouse floor.
33:43Maxi finds unlocked computer terminals, plants her device, and seeks an exit without triggering alarms.
34:45The client issues a scope change, asking Maxi to try and 'steal' trucks from the facility.
35:45Maxi begins 'stealing' trucks by finding keys left in cup holders or under mud flaps, then parks them away from the facility.
37:48Maxi infiltrates the fenced area to 'steal' more trucks, finding similar key vulnerabilities.
38:49Maxi reports her success; staff don't realize trucks are missing until morning.
40:54Maxi emphasizes a 'soft' approach when debriefing clients on security findings.
41:56Maxi introduces her book, "The Art of Attack: Attacker Mindset for Security Professionals".
42:57Maxi discusses her most challenging pen test, involving a highly secure data center.
45:59Maxi's team attempts various social engineering and pretexts to enter the data center, all failing.
47:01Maxi's team discovers and uses a sewage line and tunnel to gain unauthorized access to the data center.
49:03Inspired by the data center breach, Maxi conceives of and starts a company to build underwater data centers.
50:05Maxi explains the economic and security benefits of modular underwater data centers.
54:13Maxi clarifies that underwater data centers do not heat the oceans and are more energy-efficient for cooling.
55:15Maxi describes the extreme physical security of underwater data centers, resistant to most attack vectors.
57:18Discussion of maritime laws and the challenges of enforcing them in international waters for data center placement.

Best of this topic

Best penetration testing episodes →Best social engineering episodes →Best physical security episodes →Best cybersecurity episodes →Best attacker mindset episodes →

💬 Notable Quotes

"The skills of a good attacker are the same skills that I want as a person going through life, normal life."
"Our report was, 'Your guy's security is bob on. We we hate it. It was amazing. you didn't let us in here... We got into your data center through a manhole for a sewer line and that was the bulk of our report.'"
"If you want to keep them that safe, you put them underwater."
"Treat keys like access badges, not souvenirs."

More from this guest

Maxi Reynolds

All appearances →Best episodes →

📚 Books Mentioned

The Art of Attack: Attacker Mindset for Security Professionals by Maxi Reynolds
Amazon →

Listen to Full Episode

▶ YouTube

📬 Get weekly summaries like this one

No spam. Unsubscribe anytime. By subscribing you agree to our Privacy Policy.

Continue Exploring

🎙️

More from Darknet Diaries

All episodes →

🏷️

More penetration testing episodes

Browse topic →

Best social engineering episodes

Ranked list →

🗂️

Browse all topics

Topic directory →

← All episodes of Darknet Diaries