Phillip Wylie Show | Cybersecurity & Pentesting Podcast

## How AI-Powered Penetration Testing Is Transforming Security Validation with Andy Simpson**Sponsored by Ridge Security**In this sponsored episode of The Phillip Wylie Show, Phillip Wylie welcomes Andy Simpson, founder of Cipher Security, for an in-depth discussion about the future of penetration testing, continuous security validation, API security, and the growing role of AI in offensive security.What makes this conversation unique is that Andy is not a Ridge Security employee. As a cybersecurity consultant and penetration testing practitioner, he evaluated multiple automated security testing platforms before selecting Ridge Security to help scale and enhance his team's testing capabilities.Drawing on decades of experience in IT, infrastructure, executive leadership, and offensive security, Andy shares his journey from working at IBM to building a successful offensive security consultancy serving organizations throughout Australia and New Zealand.The conversation explores the challenges facing modern security teams, including expanding attack surfaces, API security risks, infostealer-driven attacks, limited security resources, and the need to continuously validate security controls. Andy also demonstrates how automation and AI-driven testing are changing the way organizations identify and validate risk.## Topics Covered* Andy Simpson's cybersecurity origin story* From IBM engineer to offensive security consultant* The evolution of penetration testing* Common shortcomings in traditional API assessments* Continuous Threat Exposure Management (CTEM)* Vulnerability validation versus vulnerability identification* Automated penetration testing at scale* Attack surface management## Key Takeaways* Annual penetration testing is often insufficient for today's threat landscape.* Organizations need continuous validation of their attack surface and security controls.* API security remains one of the most overlooked areas of cybersecurity.* Security teams must focus on validating risk rather than simply identifying vulnerabilities.* Automation helps security teams scale without sacrificing visibility.* Generative AI is enabling deeper testing of business logic and application workflows.* Human expertise remains critical, but AI-powered testing is becoming an important force multiplier.* Attackers are increasingly leveraging stolen credentials and authenticated access paths, making continuous testing more important than ever.Connect with Andy Simpson:Andy's LinkedIn:
https://www.linkedin.com/in/andy-simpson-nz/Cipher Security website: https://ciphersecurity.co.nz/## Episode SponsorThis episode is sponsored by Ridge Security.Connect with Ridge Security:Ridge Security website: https://ridgesecurity.aiGet a free RidgeBot Demo: https://ridgesecurity.ai/demo-request/
Ridge Security LinkedIn: https://www.linkedin.com/company/ridge-security/posts/?feedView=allRidge Security provides automated penetration testing and security validation solutions that help organizations continuously identify, validate, and prioritize security risks across networks, web applications, APIs, and cloud environments. During this episode, Andy shares his firsthand experience using Ridge Security's platform as part of his offensive security practice. ## Connect with Andy SimpsonConnect with Andy on LinkedIn to learn more about offensive security, API testing, threat exposure management, and the future of AI-powered security testing.## Listen, Subscribe, and ShareEnjoyed the episode? Subscribe to The Phillip Wylie Show, leave a review, and share this episode with your network to help others learn about the future of penetration testing and security validation.#ThePhillipWylieShow #Cybersecurity #PenTesting #OffensiveSecurity #APISecurity #AI #ArtificialIntelligence #CTEM #ThreatExposureManagement #RidgeSecurity #SecurityTesting #EthicalHacking #CyberDefense #InfoSec #CyberRisk

What happens when hacking moves beyond computers and into devices that can keep people alive?
In this episode of The Phillip Wylie Show, Phillip Wylie welcomes Sean Satterlee to discuss the rapidly growing field of medical device security. Sean explains how security researchers evaluate connected healthcare technology, the skills needed to transition into hardware hacking, and why traditional pentesting knowledge is still incredibly valuable in the world of embedded systems.
From Wireshark and wireless protocols to JTAG, UART, and hardware analysis, this conversation provides a practical roadmap for cybersecurity professionals interested in expanding their offensive security skillset.
=========================
Connect with Sean Satterlee:
LinkedIn: https://www.linkedin.com/in/seansatterlee/
=========================
Connect with your host, Phillip Wylie:
LinkedIn: https://linkedin.com/in/phillipwylie
X: https://x.com/PhillipWylie
Instagram: https://www.instagram.com/phillipwylie

In this episode of The Phillip Wylie Show, Phillip sits down with longtime friend, former student, and offensive security professional Christian Gonzalez.
Christian shares his journey from curious teenager and network engineer to penetration tester, mobile application security specialist, and AI security researcher.
The conversation explores career growth, certifications, AI security, and how aspiring pentesters can stay relevant in an increasingly competitive cybersecurity landscape.

=========================
Connect with Christian Gonzalez:
LinkedIn: https://www.linkedin.com/in/christian-g-672104160/
Educational AI Pentesting Lab: https://www.aipwn.me/
=========================
Connect with your host, Phillip Wylie:
LinkedIn: https://linkedin.com/in/phillipwylie
X: https://x.com/PhillipWylie
Instagram: https://www.instagram.com/phillipwylie

In this episode of The Phillip Wylie Show, Phillip Wylie welcomes back cybersecurity leader, content creator, and self-described "Cybersecurity Bestie," Eva Benn. Eva shares her journey from growing up in rural Bulgaria with no access to technology to becoming a cybersecurity leader, red team professional, and influential content creator. The conversation explores how cybersecurity professionals can leverage content creation to educate others, grow their careers, and make a meaningful impact on the community.
Rather than focusing on followers or personal branding, Eva discusses why successful content creation starts with helping others. She offers practical advice for aspiring creators, explains how she built her Security Mondays series, shares lessons learned from producing cybersecurity content, and discusses the importance of authenticity in an AI-driven world.
=========================
Connect with Eva Benn:
LinkedIn: https://www.linkedin.com/in/evabenn/
YouTube: https://www.youtube.com/@evabennofficial
Instagram: https://www.instagram.com/evabennofficial/
=========================
Connect with your host, Phillip Wylie:
LinkedIn: https://linkedin.com/in/phillipwylie
X: https://x.com/PhillipWylie
Instagram: https://www.instagram.com/phillipwylie

In this episode of The Phillip Wylie Show, Phillip Wylie sits down with legendary application security pioneer and entrepreneur Jeremiah Grossman to discuss the evolution of web security, vulnerability management, cyber insurance, AI-driven software development, and the future of offensive security.Jeremiah shares his hacker origin story, from hacking his ISP as a teenager to discovering vulnerabilities in Yahoo Mail during the early days of the web. That experience eventually led him to Yahoo and later to founding WhiteHat Security, one of the first SaaS-based web application security companies.The conversation dives deep into how application security evolved from manual testing and early vulnerability scanners into scalable AppSec programs, as well as why modern vulnerability management is still fundamentally broken. Jeremiah explains why only a tiny percentage of CVEs ever lead to real financial loss and how his latest company is approaching vulnerability prioritization differently.

=========================
Connect with Jeremiah Grossman:
LinkedIn: https://www.linkedin.com/in/grossmanjeremiah
Website: https://www.jeremiahgrossman.com
Root Evidence: https://www.rootevidence.com

=========================
Connect with your host, Phillip Wylie:
https://linkedin.com/in/phillipwylieX
https://x.com/PhillipWylieInstagram
https://www.instagram.com/phillipwylie

Chapters

00:00 Introduction to Content Creation Journey
02:15 Eva's Hacker Origin Story
05:03 Career Advice for Aspiring Cybersecurity Professionals
06:19 The Importance of Skills Over Certifications
07:44 Motivation Behind Content Creation
10:00 Navigating Misinformation in Cybersecurity Education
12:57 The Role of AI in Content Creation
13:41 Mindset Shifts for New Content Creators
16:38 Types of Content and Finding Your Niche
18:20 The Importance of Experience in Content Creation
20:41 Balancing Structure and Authenticity in Content
24:44 Equipment Recommendations for Beginners
28:18 Final Thoughts on Content Creation
31:44 Phillip Wylie Show Outro