Phillip Wylie Show-logo

Phillip Wylie Show

Technology Podcasts

Join Phillip Wylie Show host Phillip Wylie as he and his guests discuss the intriguing and ever-expanding field of cybersecurity, including topics from the offensive security side to the defensive and response sides of cybersecurity. Frequent offensive security topics include pentesting, red teaming, ethical hacking, security research, and bug bounties. Guests share their origin stories, tips, and career advice. Phillip and his guests discuss content creation and personal branding in this podcast. If you enjoyed Phillip's previous podcast, The Hacker Factory, you will love this!

Location:

United States

Description:

Join Phillip Wylie Show host Phillip Wylie as he and his guests discuss the intriguing and ever-expanding field of cybersecurity, including topics from the offensive security side to the defensive and response sides of cybersecurity. Frequent offensive security topics include pentesting, red teaming, ethical hacking, security research, and bug bounties. Guests share their origin stories, tips, and career advice. Phillip and his guests discuss content creation and personal branding in this podcast. If you enjoyed Phillip's previous podcast, The Hacker Factory, you will love this!

Language:

English


Episodes
Ask host to enable sharing for playback control

Len Noe: World's First Augmented Hacker

9/17/2024
Summary In this episode, Len Noe, the world's first augmented ethical hacker, shares his journey into cybersecurity and his experience with body modification. He discusses his hacker origin story, his professional career, and his current work as an evangelist for CyberArk. Len also talks about his book, 'Hacked Human: My Life and Lessons,' which explores the world of augmented humans and the ethical implications of integrating technology into the human body. Takeaways Sound Bites Chapters 00:00 Introduction and Guest Introduction 03:36 Unconventional Paths into Cybersecurity 10:28 Implantable Technology and the Future of Augmented Humans 18:41 Redefining Medical Ethics: Risks and Benefits of Body Modification 25:44 Hacked Human: Insights from the World's First Augmented Ethical Hacker 37:26 Phillip Wylie Show Outro Video.mp4 Resources https://x.com/hacker_213 https://www.linkedin.com/in/len-noe/ Human Hacked: My Life and Lessons as the World's First Augmented Ethical Hacker https://www.wiley.com/en-mx/Human+Hacked%3A+My+Life+and+Lessons+as+the+World's+First+Augmented+Ethical+Hacker-p-9781394269167

Duration:00:37:50

Ask host to enable sharing for playback control

HOU.SEC.CON

9/10/2024
Summary HOU.SEC.CON is a cybersecurity conference in Texas that aims to provide opportunities for students and professionals in the industry. The conference was started in 2010 by Michael Farnum and Sam Van Ryder, who wanted to create a community for cybersecurity professionals in Houston. They initially ran the conference under the auspices of the National Information Security Group, but eventually split off and ran it independently. The conference has grown over the years, attracting attendees and speakers from all over the United States and even internationally. They have had to move to larger venues to accommodate the increasing number of participants. HOU.SEC.CON has steadily grown from 120 attendees in its first year to almost 1400 attendees last year. The organizers initially planned to cap the conference at 300 or 500 attendees, but the demand kept increasing. The conference aims to grow the cybersecurity community in Houston and provide a more affordable and accessible option compared to larger conferences like RSA and Black Hat. HOU.SEC.CON has added two additional conferences, OT.SEC.CON and EXEC.SEC.CON, to cater to specific cybersecurity subfields. The organizers also host monthly user group meetings and provide networking opportunities for the community. Takeaways HOU.SEC.CON is a cybersecurity conference in Texas that provides opportunities for students and professionals in the industry. The conference was started in 2010 by Michael Farnum and Sam Van Ryder to create a community for cybersecurity professionals in Houston. They initially ran the conference under the auspices of the National Information Security Group before splitting off and running it independently. HOU.SEC.CON has grown over the years, attracting attendees and speakers from all over the United States and internationally. HOU.SEC.CON has experienced significant growth, from 120 attendees in its first year to almost 1400 attendees last year. The conference aims to provide an affordable and accessible option for the cybersecurity community in Houston. HOU.SEC.CON has added two additional conferences, OT.SEC.CON and EXEC.SEC.CON, to cater to specific cybersecurity subfields. The organizers also host monthly user group meetings and provide networking opportunities for the community. Sound Bites "HOU.SEC.CON is a cybersecurity conference in Texas" "The conference was started in 2010 by Michael Farnum and Sam Van Ryder" "They initially ran the conference under the auspices of the National Information Security Group" "We were close to 1400 last year." "Let's top out at 300. Let's top out at 500. Let's do whatever." "We would have to take up multiple floors if we were going to stay at the hotel." Chapters 00:00 Introduction to HOU.SEC.CON and its mission 06:15 The origins of HOU.SEC.CON and its role in the Houston cybersecurity community 18:33 Differentiating HOU.SEC.CON from other conferences: Valuable content and community focus 24:15 The growth and recognition of HOU.SEC.CON 26:35 Expanding HOU.SEC.CON 30:51 A More Accessible Alternative 35:46 Building a Strong Cybersecurity Community Resources http://houstonseccon.org/ https://www.linkedin.com/company/houseccon/ https://x.com/HouSecCon https://www.linkedin.com/in/mfarnum/ https://x.com/m1a1vet https://www.linkedin.com/in/svanryder/ https://x.com/SamVR

Duration:00:44:32

Ask host to enable sharing for playback control

Be Fearless Online: In-Browser Email Security

9/5/2024
About the Guest: Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security. Episode Summary: In this captivating episode of 'The Philip Wylie Show', host Philip Wylie is joined once again by offensive security aficionado Jeswin Mathai. This talk orbits around the expansive realm of professional hacking, highlighting the persistent curiosity and zealous passion these experts have for overcoming challenges in their line of work. With Jeswin on board, listeners can anticipate an in-depth exploration of Squarex's new and riveting features aimed at staving off online vulnerabilities. The episode delves into the intricate world of in-browser malicious file detection, a pressing issue in today's digital-heavy climate. Jeswin Mathai meticulously walks listeners through the challenges surrounding the detection of malicious files, expanding upon why conventional antivirus solutions struggle and how attackers exploit naïveté during delivery. Furthermore, he presents a live demonstration of Squarex's monumental browser integration, showcasing its real-time detection capabilities and remediation options, elevating Gmail's native security measures to impressive new heights. Key Takeaways: Squarex is revolutionizing online security: The discussion reveals how the product can enhance Gmail security by detecting and alerting users to potential threats before they materialize. In-browser file analysis: Squarex performs comprehensive checks directly within your browser, maintaining user privacy while offering robust protection against malicious files. Malicious macros are a key threat vector: Jeswin explains how attackers utilize document macros, often undetected by traditional antivirus software, to compromise user systems. Real-time alerts and remediation: Squarex provides instantaneous analysis of file attachments, distinguishing malicious intent and providing safer alternatives for download. Enhanced user-friendly protection: The product is designed for ease of use, offering an intuitive safety net for both tech-savvy individuals and those less accustomed to cybersecurity measures. Notable Quotes: "The moment you open it, it's almost instantaneous. And not only is it telling you contains macros, tells you the details." "This is a macro free version created right there in your browser, in case if you're concerned that something can go wrong." "Email is like the primary source right now of delivery of malicious payload." "So we have received the mail. So now as you can notice, this is a macro enabled file, but Gmail didn't say anything." "It's a full blown file system packaged in just one single file, and how crazy it can be to detect malicious macros." Resources: Get your free Chrome plugin: ⁠⁠http://sqrx.io/pw_x⁠⁠ ⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠ ⁠⁠https://twitter.com/getsquarex⁠⁠ ⁠⁠https://www.instagram.com/getsquarex/

Duration:00:51:01

Ask host to enable sharing for playback control

Joe Brinkley aka The Blind Hacker

9/3/2024
Summary In this episode, Joe Brinkley, also known as the blind hacker, joins Phillip Wylie to discuss his hacker origin story and offer advice for breaking into offensive security and pen testing. They also explore the commoditization of pen testing, the evolution of the industry, and the challenges of testing complex environments. Joe shares his insights on the different generations of hackers and the role of automation and AI in pen testing. He also talks about his work with the Mentor Village and offers resources for those interested in starting their own cybersecurity brand or company. Takeaways Sound Bites Resources https://www.linkedin.com/in/brinkleyjoseph/ https://x.com/TheBlindHacker https://x.com/deadpixelsec https://deadpixelsec.com/ Chapters 00:00 Introduction and Background 06:24 Advice for Breaking into Offensive Security 10:39 The Commoditization of Pentesting 15:53 The Impact of Compliance and Cyber Insurance 22:03 Challenges Faced by Practitioners in Limited Time Windows 25:33 The Evolution of Hackers and Accessibility of Education and Tools 30:36 The Role of Automation, Orchestration, and AI in Modern Pentesting 36:23 Building Cybersecurity Brands and the Mentor Village 41:14 Conclusion 41:52 Phillip Wylie Show Outro Video.mp4

Duration:00:42:16

Ask host to enable sharing for playback control

Live from BSides Twin Cities 2024

8/29/2024
Summary In this live episode of The Phillip Wylie Show, cybersecurity experts Ira Winkler and Ryan Cloutier discuss their hacker origin stories and the evolution of hacking over the years. They emphasize the importance of basic cyber hygiene and the need to systematize the fundamentals of cybersecurity. They also discuss the risks and benefits of AI, highlighting the potential for manipulation and the need for safe adoption. The conversation touches on the role of policies and procedures, the alignment of cybersecurity with business objectives, and the impact of technology on human experiences. Takeaways Quotes Resources https://www.linkedin.com/in/irawinkler/ https://www.linkedin.com/in/ryan-cloutier/ https://cruisecon.com/ Chapters 00:00 Introduction and Hacker Origin Stories 05:39 The Evolution of Hacking and Basic Cyber Hygiene 08:03 Threat Landscape and Shifting Attack Profiles 10:18 The Impact of Social Media and Bring Your Own Device 18:05 Systematizing the Basics and Enforcing Policies 23:35 Aligning Cybersecurity with the Business and Employee Experience 26:01 AI: Readiness and Safe Adoption 32:13 Understanding AI as Math and the Potential Risks 34:48 Personal Intimate Information and the Weaponization of AI

Duration:00:35:29

Ask host to enable sharing for playback control

Dahvid Schloss: From JSOC to Offensive Security

8/27/2024
Summary David Schloss shares his hacker origin story, starting with his military background and how he ended up in the field of cybersecurity. He talks about his time in the Joint Special Operations Command (JSOC) and the unique missions he was involved in. He also discusses his transition to the private sector and his current role as a Hive Leader at Covert Swarm. The skills he acquired in JSOC have been highly transferable and valuable in his offensive security career. In this conversation, Dahvid Schloss discusses his experience at Seer, a practice prison camp that taught him transferable skills like lock picking and prison escape. He also talks about the challenges of transitioning from using malware and exploits to using his brain in the civilian world. Dahvid emphasizes the importance of finding your passion within offensive security and recommends exploring different areas to figure out what you enjoy. He also highlights the significance of building a personal brand in the cybersecurity field and encourages professionals to be more public about their skills and expertise. Takeaways Quotes "I got through this course, I graduated, and I got to do the fun job of being a special operations communicator." "Seer was amazing. So Seer is like practice prison camp, right? Which sounds why would that be amazing to cyber? And the reason is, is because they teach you some transferable skills, like how to pick locks and how to escape from prisons." "Having access to really good malware, really good exploits was not at all. It sounds like it would be really helpful, but it was a hard transfer for me, especially because I'm so used to being able to go dot slash execute. And now I'm on a box and now I have to go, Oh, I have to use my brain." "Offensive security is massive. It's like, there is no way you can be a master of all. Like there is only one and that's John Hammond so far. That's all I've seen. He's, know, he's got, he's got the chops, but we can't all be him. Right. So, um, really like my biggest recommendation." Resources https://www.linkedin.com/in/dahvidschloss/ https://x.com/DahvidSchloss Chapters 00:00 Introduction and Background 02:36 Military to Cybersecurity Transition 08:41 Learning Cybersecurity Skills 17:34 JSOC and Fighting High-Value Targets 26:34 Transferable Skills and Challenges in Offensive Security 29:55 Exploring Different Areas in Offensive Security 39:04 The Importance of Building a Personal Brand 46:41 Opportunities for Growth in Smaller Cybersecurity Startups 49:49 Taking the Time to Find Your Path in Cybersecurity

Duration:00:51:12

Ask host to enable sharing for playback control

Eric Teichmiller: Exploring Cybersecurity Careers

8/20/2024
Summary In this episode of the Phillip Wylie Show, Phillip is joined by Eric Teichmiller, a technical account manager at Horizon 3. Eric shares his background in cybersecurity and his journey from IT to risk and compliance to offensive security. He explains his role as a technical account manager and how his defensive background helps him understand and support customers. Eric also discusses the benefits of certifications, offers advice for getting into cybersecurity, and shares his study tips and strategies for avoiding burnout. Takeaways Sound Bites "I'm really enjoying cybersecurity as a whole." "I kind of have that customer perspective." "Everything that they were geeking out on not only works, but it works well." Chapters 00:00 Introduction and Background 03:29 The Role of a Technical Account Manager 06:36 Transitioning from Defensive to Offensive Security 08:41 The Fascination with Autonomous Pen Testing 12:14 The Value of Certifications and Continuous Learning 14:13 Advice for Job Seekers in Cybersecurity 15:55 Navigating Job Descriptions and Requirements 20:12 Avoiding Burnout in Cybersecurity 24:07 Goals and Future Plans at Horizon 3 25:59 Final Thoughts and Conclusion Resources https://www.linkedin.com/in/eric-teichmiller-82296295/ https://x.com/ericteichmiller

Duration:00:26:42

Ask host to enable sharing for playback control

Jeff Man: From NSA to Pentesting

8/13/2024
About the Guest: Jeff Man is a seasoned professional in the cybersecurity industry, with a rich history in penetration testing and security. He began his career at the National Security Agency (NSA) and has since become renowned for his expertise and contributions to the field. Jeff is also a co-host on Paul Security Weekly and frequently shares his insights at notable security conferences. His vast experience and deep understanding of the industry's evolution make him a respected figure in cybersecurity. Episode Summary: In this captivating episode of the Phillip Wylie Show, host Phillip Wylie welcomes cybersecurity veteran Jeff Man. Known for his storied career starting at the NSA, Jeff dives into his unique hacker origin story and the evolution of penetration testing. This episode is packed with insights, anecdotes, and practical advice for anyone interested in the cybersecurity landscape. Jeff Man shares his early experiences working at NSA, highlighting key moments such as his involvement in creating the first software-based cryptosystem. He delves into the early days of penetration testing, describing how methodologies and technologies have transformed over the years. Jeff also discusses the importance of understanding penetration testing's true objectives and offers guidance on how organizations can maximize the value of these tests. His reflections on the cybersecurity community, vendor relationships, and the need for precise terminology provide valuable perspectives for practitioners and enthusiasts alike. Key Takeaways: • Jeff's Striking Background: Learn about Jeff Man's remarkable career trajectory, from his start at the NSA to his present role as a cybersecurity expert and podcaster. • Evolution of Pen Testing: Understand the shifts in penetration testing methods, technologies, and industry perceptions over the past three decades. • Maximizing Pen Test Effectiveness: Discover practical advice on how organizations can make the most out of their penetration testing efforts by setting clear objectives and collaborating with trusted advisors. • Cybersecurity Insights: Jeff emphasizes the importance of understanding and correctly using industry terminology and the value of a comprehensive security program. • Community and Learning: Hear Jeff's thoughts on the cybersecurity community, including his participation in conferences and his ongoing mission to educate and mentor upcoming professionals. Notable Quotes: • "I've always tried to ascribe to that. You might lose something in the near term by saying, well, what we have really isn't the best thing for you right now." • "Pen testers are the unsung heroes of the industry, often with relatively boring stories, but they are crucial to the security landscape." • "Very rarely do I see a pen test report that's actually, we tried to break in, or we tried to gain access, or we tried to gain unannounced access." • "I've always been a consultant. I've always been sort of in this trusted advisor role." • "And I have clients that I've been working with now for 15, 20, 25 years. Not all the time, but when they need something, they're like, hey, let me give Jeff a call and see what he has to say." Resources: Jeff Man LinkedIn: https://www.linkedin.com/in/jeffreyeman/ Jeff Man X(formerly Twitter): https://x.com/MrJeffMan Jeff Man on Paul Security Weekly: https://www.scmagazine.com/security-weekly

Duration:00:49:03

Ask host to enable sharing for playback control

Andrew Lemon: Engineering Your Own Opportunities

8/5/2024
About the Guest: Andrew Lemon is a seasoned offensive security professional and founder of Red Threat, a cybersecurity consulting firm focused on pentesting, red teaming, and ransomware readiness assessments. With a wealth of experience from working at Boeing, Dell, and other tech corporations, Andrew has become a respected figure in the cybersecurity community, known for his contributions to physical security, social engineering, and AI pentesting. Andrew is also an advocate for transparency and community support within the cybersecurity industry. Episode Summary: Welcome to another episode of the Phillip Wylie Show, where host Phillip Wylie dives into the fascinating journey of his friend and cybersecurity expert, Andrew Lemon. Andrew shares his unique hacker origin story, from tech-savvy childhood and learning from his Novell admin dad to becoming the founder of Red Threat. With an emphasis on practical, hands-on experience, Andrew discusses how he has approached building a successful career in offensive security and what it takes to start a thriving consulting business. In this comprehensive conversation, Andrew explains the strategies and technologies he employs in his assessments, the importance of tailoring services to client maturity levels, and insights into some of his latest research, including traffic control system vulnerabilities and AI pentesting. Phillip and Andrew also explore the critical nature of crafting a personal brand and the value of community-driven networking in cybersecurity. These engaging insights make this a must-listen episode for anyone interested in the inner workings of professional hacking and security consulting. Key Takeaways: Starting a cybersecurity consulting business: Andrew highlights the importance of financial planning, brand recognition, and maintaining integrity in service offerings. Ransomware readiness assessments: A key focus for Andrew’s company, Red Threat, is preparing organizations for ransomware attacks by simulating real-world scenarios and actor techniques. Physical security and social engineering: Despite the transition to remote work, physical security assessments remain a crucial part of Andrew's toolkit, demonstrating easy-to-understand vulnerabilities. AI pentesting: Andrew talks about the emerging field of AI pentesting, shedding light on the unique challenges and methodologies, including leveraging the OWASP Top Ten for AI. Career advice: Emphasizing the importance of networking and creating opportunities, Andrew shares actionable tips on how to navigate and succeed in the cybersecurity industry. Notable Quotes: Resources: Andrew Lemon on LinkedIn Red Threat Defcon OWASP Top Ten for AI For more in-depth insights and to hear the full conversation, be sure to listen to the complete episode. Stay tuned for more engaging discussions on the Phillip Wylie Show, where you get a behind-the-curtain look at the world of professional hacking.

Duration:00:33:38

Ask host to enable sharing for playback control

Anthony "TonyP" Pillitiere: Offense Driven Defense

8/1/2024
About the Guest: Anthony "TonyP" Pillitiere: Anthony is the co-founder and Chief Technology Officer (CTO) of Horizon3.ai, a company renowned for its innovative product, NodeZero, which focuses on autonomous security. With a remarkable career spanning 21 years in the military, much of which was spent in highly sensitive missions, TonyP brings a wealth of expertise in offensive and defensive cybersecurity. His experience includes serving as the deputy CTO for the Joint Special Operations Command, where he spearheaded various cybersecurity initiatives. Episode Summary: In this episode of the Phillip Wylie Show, host Phillip Wylie delves into an insightful discussion with Anthony "TonyP" Pillitiere, the co-founder of Horizon 3 and the mastermind behind the cutting-edge product NodeZero. They explore the unique landscape of cybersecurity products stemming from the US special operations, contrasting with those from Israel's famous Unit 8200. Anthony shares riveting anecdotes from his military experience, emphasizing how the high-stakes environment shaped his approach to cybersecurity and led to the creation of NodeZero. Drawing from over 80,000 automated pen tests executed using NodeZero, TonyP elucidates key lessons and recurring security challenges organizations face. The conversation highlights the transformative impact of autonomous pen testing on identifying vulnerabilities, enhancing risk assessments, and ultimately shaping the future of cybersecurity. Through engaging narratives and technical wisdom, this episode offers listeners a rare glimpse into the synergy between offensive and defensive security practices and the vital role of continuous automated assessment in safeguarding digital assets. Key Takeaways: Offensive Security as the Future:Credentials and Vulnerabilities:Bridging the Gap:Continuous Assessment:Improving Business Outcomes: Notable Quotes: Anthony "TonyP" PillitiereAnthony "TonyP" PillitierAnthony "TonyP" PillitiereAnthony "TonyP" PillitiereAnthony "TonyP" Pillitier Resources: Anthony "TonyP" Pillitiere's LinkedIn: Anthony Pillitiere Horizon 3 Website: horizon3.ai NodeZero Product Information: NodeZero

Duration:00:56:20

Ask host to enable sharing for playback control

KJ Haywood: Exploring AI and Cybersecurity

7/30/2024
About the Guest: KJ Haywood: KJ Haywood is a seasoned professional in the field of cybersecurity with over 25 years of experience in governance and compliance. She has dedicated the last 11 years to security governance and has recently shifted focus to AI and generative AI, launching her company, Nomad Cyber Concepts. Her expertise lies in helping mid-sized organizations pivot their solutions and acquire or design AI tools. KJ holds an MIT certification in AI no-code model building and is a prominent figure in the cybersecurity community, frequently sharing her knowledge at conferences and through teaching and mentoring. Episode Summary: In this engaging episode of "The Phillip Wylie Show," Phillip Wylie welcomes KJ Haywood, a veteran in cybersecurity governance and compliance, to discuss the transformative impact of AI and generative AI on the industry. The conversation dives into KJ’s professional journey from human resources to cybersecurity, her passion for governance, and her recent pivot into AI, particularly focusing on her company's role in helping organizations integrate AI tools. The episode provides valuable insights into the importance of continually learning and staying updated in the cybersecurity field. KJ discusses the advent of generative AI, its rapid adoption since the release of ChatGPT, and the necessity for security practitioners to adapt. Listeners will gain an understanding of how to balance work and personal time to avoid burnout, the critical nature of governance in AI model design, and how to leverage community resources and certifications to advance one's career. Key Takeaways: Career Transition and Passion in Cybersecurity:Impact of AI on Cybersecurity:Balancing Work and Wellness:Educational Resources for AI and Cybersecurity:Community and Networking: Notable Quotes: "Are you absolutely sure you want to transition to this industry? Because you have to really love what you do because it's easy to get burned out." - KJ Haywood "The privileged access, remember we talked a lot about zero trust and privilege access back in the day. I think we're going to end up circling right back to that." - KJ Haywood "We need pen testers very much. Consider going into pen testing if you haven't already considered it." - KJ Haywood "I believe it's going to be similar to the shift with cybersecurity. Industry practitioners are going to have to pivot a little bit of their skill set and level themselves up." - KJ Haywood "I think artificial intelligence or any type of Gen AI tool, because there are going to be so many more that are going to be launched over the next, I'd say, three years, we're going to have so many." - KJ Haywood Resources: KJ Haywood: LinkedIn Nomad Cyber Concepts: Website Phillip Wylie: Pen Testing Book OWASP: Website MIT AI No-Code Course Women in Security and Privacy (WISP): Website SecureWorld: Website

Duration:00:37:07

Ask host to enable sharing for playback control

Rob Fuller (aka Mubix): From Hacking Games to Professional Hacker

7/23/2024
About the Guest: Rob Fuller (Mubix): Rob Fuller, also known as Mubix, is a well-known figure in the cybersecurity community, particularly in the realms of penetration testing and red teaming. As an experienced professional, Fuller has a background in the Marine Corps where he was part of the Marine Corps CERT at Quantico. Fuller has contributed significantly to the community through his work with Hak5 on series like Metasploit Minute and Practical Exploitation. His deep understanding of security concepts, coupled with his engaging teaching methods, has influenced aspiring hackers and professionals worldwide. He now holds a leadership role, guiding and nurturing the next generation of cybersecurity talent. Episode Summary: In this engaging episode of "The Phillip Wylie Show," Phillip Wylie sits down with Rob Fuller, also known as Mubix, a revered figure in the cybersecurity and penetration testing community. The conversation kicks off with Fuller's early experiences that propelled him into the world of hacking, such as his fascination with Game Shark and reverse engineering concepts during his childhood. Fuller elaborates on his journey from the Marine Corps to becoming a renowned penetration tester and red teamer, providing invaluable insights into the practical and psychological aspects of entering the cybersecurity field. Throughout the episode, Fuller emphasizes the importance of content creation and community involvement for career advancement in cybersecurity. He illustrates how blogging, podcasts, or even YouTube channels can showcase one's expertise and help build a personal brand. This episode is packed with actionable advice on certifications, the value of scripting, and the mental fortitude needed to combat imposter syndrome. Listeners are bound to find Fuller's story inspiring and his advice practical for both newcomers and seasoned professionals in cybersecurity. Key Takeaways: Content Creation is Key:Learning Programming Helps:Select Certifications Wisely:Imposter Syndrome is Natural:Trust in Community: Notable Quotes: Resources: Rob Fuller (Mubix) on Twitter:@mubixHak5:Hak5 WebsiteZero Point Security's CRTO Certification:https://training.zeropointsecurity.co.uk/courses/red-team-opsSecurity Plus Certification: https://www.comptia.org/certifications/securityOSCP Certification: https://www.offsec.com/courses/pen-200/ Don't miss this episode to dive deep into Mubix's fascinating journey through cybersecurity and glean insights that can aid your own career progression.

Duration:00:42:32

Ask host to enable sharing for playback control

Noah King: From Sales to Offensive Security Engineer

7/16/2024
About The Guest: Noah King is a Senior Software Engineer at Horizon3.ai, specializing in offensive security and exploit development. Coming from a background in sales and with a strong expertise in web application development, Noah transitioned into cybersecurity after being inspired by his wife's journey into engineering. With a passion for breaking things rather than building them, Noah has rapidly advanced in the field, earning his OSCP certification and contributing to automating complex security attacks at Horizon3.ai. Summary: Noah King shares his journey from sales to offensive security. He started with a coding bootcamp and transitioned into web app development. Eventually, he joined Horizon3.ai as a senior software engineer and became interested in offensive security. He learned through hack the box and became a teaching assistant for a cybersecurity bootcamp. He obtained the OSCP certification and now focuses on offensive security at Horizon3.ai, automating attacks and finding vulnerabilities. Takeaways Quotes: Chapters: 00:00 Introduction and Background 03:50 Finding Passion and Building a Foundation 10:07 Automation and Scaling in Offensive Security 15:19 The Challenges and Rewards of Offensive Security 22:59 Certifications and Experience in the Job Market 25:41 Closing Remarks Resources: Noah's Horizon3 Tech Talk: Journey to OSCP https://www.horizon3.ai/insights/webinars/tech-talk-journey-to-oscp/ Noah's LinkedIn: https://www.linkedin.com/in/noahking1/

Duration:00:26:49

Ask host to enable sharing for playback control

Jake Krasnov: From Aerospace to Cybersecurity

7/9/2024
About the Guest: Jacob Krasnov is a cybersecurity expert, CEO, and co-founder at BC Security. He and his co-founder Anthony and Vincent Rose have significantly contributed to the cybersecurity field, particularly with their work on the Empire project. Jacob's background includes aerospace engineering and high-level cybersecurity assessments in the Air Force, where he was involved in rigorous testing of military aircraft like the F-22 and F-35. Transitioning to BC Security, Jacob has focused on enhancing tools for red teaming and threat emulation, making sophisticated cybersecurity tools accessible and maintainable. Episode Summary: In this episode of the Phillip Wylie Show, Phillip Wylie sits down with Jacob Krasnov from BC Security to delve into the evolution of the Empire project, cybersecurity's role in modern defense systems, and the importance of making advanced security tools accessible. Jacob elaborates on his journey from working on military aircraft cybersecurity assessments to co-founding BC Security, a company that has breathed new life into the Empire project—a project initially shelved by its original developers but resuscitated and advanced by Jacob and his team. The conversation spotlights the significance of rigorous and repeatable security testing, as well as tying cybersecurity impacts to operational outcomes. Jacob details the extensive updates made to Empire, including support for Python 3, new agent types, and a comprehensive code rewrite to enhance maintainability and extend the tool's functionality. The show also touches on the importance of entry-level cybersecurity tools for global teams, the learning curve of such tools, and using AI in cybersecurity. Key Takeaways: Evolution of EmpireCybersecurity ExperienceEducational ResourcesTool AccessibilityAI in Cybersecurity Notable Quotes: Jacob KrasnovJacob KrasnovJacob KrasnovJacob KrasnovPhillip Wylie Resources: https://www.linkedin.com/in/jacobkrasnov/ BC Security WebsiteBlack Hat 2024 Training - ADVANCED THREAT EMULATION: EVASION Black Hat 2024 Training - ADVANCED THREAT EMULATION: ACTIVE DIRECTORYEmpire Operations I Training BC Security DiscordTryHackMeDefconThe Empire Project on GitHub Discover the intricacies of cybersecurity, the evolution of powerful tools, and insightful professional journeys in this episode. Tune in to not only learn about the technical advancements but also the significance of making these tools accessible to a broader audience. Stay tuned for more enriching content from the Philip Wylie Show.

Duration:00:35:09

Ask host to enable sharing for playback control

McKenna Dallmeyer: From Veterinarian Aspirations to Pentester

7/2/2024
About the Guest: McKenna Dallmeyer is a technical account manager at Horizon3.ai, specializing in offensive security and penetration testing. Starting her academic journey in biomedical science and political science, she eventually pursued cybersecurity, driven by a combination of personal interests and family influence. McKenna has experience working with the NSA as a developer intern and later full-time in a development program. She holds several certifications in penetration testing and network security and is also part of the Synack Red Team, conducting side work through her LLC. Episode Summary: In this engaging episode of The Phillip Wylie Show, host Phillip Wylie sits down with McKenna Dallmeyer to discuss her unconventional journey into the realm of cybersecurity and penetration testing. McKenna shares how her initial aspirations of becoming a veterinarian transitioned into a passion for cybersecurity and offensive security, ultimately leading her to her current role at Horizon3.ai. Along the way, she highlights the importance of hands-on experience, continuous learning, and the role of soft skills in a technical field. McKenna provides insights into her background, from her academic shifts and internships to her work at the NSA and her current involvement with Synack Red Team. She emphasizes the value of diverse experiences, outlining how coding, networking, and certifications like GCIH and GWAPT have contributed to her skill set. McKenna also offers practical advice for those aspiring to enter the field of penetration testing, underscoring the necessity of taking on challenges, saying yes to opportunities, and leveraging any available resources to facilitate learning and growth. Key Takeaways: Notable Quotes: Resources: McKenna's LinkedIn: https://www.linkedin.com/in/mckenna-dallmeyer/ Horizon3.ai: Website Synack Red Team: Website Certifications Mentioned: For more insightful discussions and expert advice from the world of cybersecurity, be sure to listen to the full episode and stay tuned for future episodes of The Phillip Wylie Show.

Duration:00:31:29

Ask host to enable sharing for playback control

White Knight Security: Navigating Advanced Red Team Operations

6/25/2024
Summary In this conversation, John and Greg from White Knight Labs discuss their backgrounds and the work they do in red teaming and penetration testing. They explain the difference between red teaming and pen testing, with red teaming being more focused on mission objectives and crippling a business, while pen testing is more about finding vulnerabilities and misconfigurations. They also discuss the skills and knowledge required to become a red teamer, including a background in sysadmin or software development, networking knowledge, and experience in pen testing. They recommend certifications such as Certified Red Team Professional and Certified Red Team Expert, as well as courses on redirectors and offensive development. In this conversation, John Stigerwalt and Greg Hatcher discuss various aspects of red teaming and physical security. They emphasize the importance of teamwork and diverse skill sets in red team operations. They also highlight the challenges and grueling nature of red teaming, as well as the misconceptions surrounding it. The conversation touches on the use of AI in security, the practice of assuming breach, and the courses offered by White Knight Labs. Takeaways Red teaming is focused on mission objectives and crippling a business, while pen testing is more about finding vulnerabilities and misconfigurations. A background in sysadmin or software development is recommended for aspiring red teamers. Networking knowledge and experience in pen testing are important skills to have. Certifications such as Certified Red Team Professional and Certified Red Team Expert can be beneficial. Courses on redirectors and offensive development are recommended for learning the necessary skills. Red teaming requires a diverse set of skills and a team approach. Red teaming can be grueling and data-intensive, with a focus on blending in and accessing file shares. Physical security assessments often involve challenging and uncomfortable situations. Getting started in physical security can involve courses like Covert Access Team and Optiv's course. Assume breach is a valuable mindset to adopt in security. White Knight Labs offers courses on offensive development, advanced red team operations, and offensive Azure operations and tactics. Takeaways Resources: White Knight Security Website https://whiteknightlabs.com/training/ https://www.linkedin.com/in/gregoryhatcher2/ https://www.linkedin.com/in/john-stigerwalt-90a9b4110/ https://x.com/WKL_cyber WKL Courses: Advanced Red Team Operations Course (ARTO) https://training.whiteknightlabs.com/advanced-red-team-operations/ Offensive Development Course https://training.whiteknightlabs.com/offensive-development-training/ Offensive Azure Operations and Tactics Course https://training.whiteknightlabs.com/offensive-azure-operations-tactics/ Educators and Tools: Travis Weathers physical pentesting courses: https://physicalexploit.com/

Duration:00:46:40

Ask host to enable sharing for playback control

Matt Scheurer: Finding Your Passion in Cybersecurity

6/18/2024
In this episode, Phillip Wylie is joined by Matt Scheurer, a digital forensics and incident response expert. They discuss Matt's hacker origin story, his work in digital forensics and incident response, and the education path for aspiring professionals in this field. They also touch on the importance of professional networking and the benefits of public speaking in the cybersecurity industry. Takeaways Sound Bites Resources https://www.linkedin.com/in/mattscheurer/ https://twitter.com/c3rkah

Duration:00:31:52

Ask host to enable sharing for playback control

John Woodling: The Power of Community and Self Learning

6/11/2024
About the Guest: John Woodling is a seasoned cybersecurity expert with seven years of experience in the industry. He currently holds the position of Senior Information Security Analyst. John has a diverse background that includes a blend of hands-on technical expertise and a profound understanding of different cybersecurity domains. As a member of the DFW Cybersecurity community and DEFCON 940 Group in Denton, Texas, John is known for his mentorship and willingness to share his insights. With an initial career path in art and finance, John’s journey into cybersecurity showcases his passion and curiosity for technology and security. Episode Summary: Welcome to another insightful episode of the Phillip Wylie Show! In this episode, Phillip sits down with John Woodling, a prominent figure in the DFW Cybersecurity community and an adept Senior Information Security Analyst. John shares his journey into the world of cybersecurity, providing invaluable advice for those looking to transition into this ever-evolving field. Known for his deep knowledge and practical experience, John offers listeners a comprehensive look into the necessary skills, potential career paths, and the importance of community in cybersecurity. The conversation delves into different entry points into the cybersecurity industry, emphasizing the significance of hands-on learning, certifications, and networking. John discusses the transformation of cybersecurity from a niche technical field into a widespread and essential discipline, highlighting various roles like GRC, red teaming, and social engineering. He also reflects on his personal career choices and lessons learned, offering today’s aspiring cybersecurity professionals actionable advice and encouragement. Additionally, the episode touches upon the evolving job market, the importance of diverse backgrounds, and the role of modern resources like bug bounties in global talent development. Key Takeaways: Evolving Cybersecurity Landscape Importance of Networking and Community Hands-On Learning and Certification Career Advice for Aspiring Professionals Global Opportunities with Technology Notable Quotes: Resources https://x.com/statictear https://www.linkedin.com/in/johnwoodling/ DC940 Discord https://discord.gg/DDZEnFHFbt

Duration:00:36:45

Ask host to enable sharing for playback control

Tennisha Martin: Cracking the Diversity Code

6/4/2024
Summary Tanisha Martin, founder of Black Girls Hack and organizer of Squad Con, shares her journey in cybersecurity, the importance of hands-on training, and the challenges of diversity in the industry. She also discusses the motivation behind organizing Squad Con and the need for scholarships to support diversity in cybersecurity education. Takeaways Sound Bites Resources https://www.linkedin.com/in/tennisha/ https://squadcon.me/ https://blackgirlshack.org/

Duration:00:40:42

Ask host to enable sharing for playback control

Eddie Miro: From Criminal to Cybersecurity Expert

5/28/2024
Summary In this episode, Eddie Miro shares his hacker origin story and discusses his recently published book. He talks about his journey from a troubled childhood to a life of crime and eventually finding his passion in cybersecurity. Eddie emphasizes the importance of mentorship, creativity, and community involvement in the cybersecurity field. He also highlights the process of self-publishing his book and the impact it has had on his personal growth and the lives of others. Takeaways Sound Bites Resources https://www.linkedin.com/in/theedmiroshow/ Eddie's book: https://www.amazon.com/Outlaw-Summer-Cyber-Dreams-Redemption/dp/B0CZFB2KNM/ref=sr_1_1?sr=8-1

Duration:00:41:38