Phillip Wylie Show

Phillip Wylie
Phillip Wylie Show Podcast

Join Phillip Wylie Show host Phillip Wylie as he and his guests discuss the intriguing and ever-expanding field of cybersecurity, including topics from the offensive security side to the defensive and response sides of cybersecurity. Frequent offensive security topics include pentesting, red teaming, ethical hacking, security research, and bug bounties. Guests share their origin stories, tips, and career advice. Phillip and his guests discuss content creation and personal branding in this podcast. If you enjoyed Phillip's previous podcast, The Hacker Factory, you will love this!

  1. HOU.SEC.CON

    1 DAY AGO

    HOU.SEC.CON

    Summary   HOU.SEC.CON is a cybersecurity conference in Texas that aims to provide opportunities for students and professionals in the industry. The conference was started in 2010 by Michael Farnum and Sam Van Ryder, who wanted to create a community for cybersecurity professionals in Houston. They initially ran the conference under the auspices of the National Information Security Group, but eventually split off and ran it independently. The conference has grown over the years, attracting attendees and speakers from all over the United States and even internationally. They have had to move to larger venues to accommodate the increasing number of participants. HOU.SEC.CON has steadily grown from 120 attendees in its first year to almost 1400 attendees last year. The organizers initially planned to cap the conference at 300 or 500 attendees, but the demand kept increasing. The conference aims to grow the cybersecurity community in Houston and provide a more affordable and accessible option compared to larger conferences like RSA and Black Hat. HOU.SEC.CON has added two additional conferences, OT.SEC.CON and EXEC.SEC.CON, to cater to specific cybersecurity subfields. The organizers also host monthly user group meetings and provide networking opportunities for the community.   Takeaways   HOU.SEC.CON is a cybersecurity conference in Texas that provides opportunities for students and professionals in the industry. The conference was started in 2010 by Michael Farnum and Sam Van Ryder to create a community for cybersecurity professionals in Houston. They initially ran the conference under the auspices of the National Information Security Group before splitting off and running it independently. HOU.SEC.CON has grown over the years, attracting attendees and speakers from all over the United States and internationally. HOU.SEC.CON has experienced significant growth, from 120 attendees in its first year to almost 1400 attendees last year. The conference aims to provide an affordable and accessible option for the cybersecurity community in Houston. HOU.SEC.CON has added two additional conferences, OT.SEC.CON and EXEC.SEC.CON, to cater to specific cybersecurity subfields. The organizers also host monthly user group meetings and provide networking opportunities for the community.   Sound Bites   "HOU.SEC.CON is a cybersecurity conference in Texas" "The conference was started in 2010 by Michael Farnum and Sam Van Ryder" "They initially ran the conference under the auspices of the National Information Security Group" "We were close to 1400 last year." "Let's top out at 300. Let's top out at 500. Let's do whatever." "We would have to take up multiple floors if we were going to stay at the hotel."   Chapters   00:00 Introduction to HOU.SEC.CON and its mission 06:15 The origins of HOU.SEC.CON and its role in the Houston cybersecurity community 18:33 Differentiating HOU.SEC.CON from other conferences: Valuable content and community focus 24:15 The growth and recognition of HOU.SEC.CON 26:35 Expanding HOU.SEC.CON 30:51 A More Accessible Alternative 35:46 Building a Strong Cybersecurity Community     Resources http://houstonseccon.org/ https://www.linkedin.com/company/houseccon/ https://x.com/HouSecCon   https://www.linkedin.com/in/mfarnum/ https://x.com/m1a1vet   https://www.linkedin.com/in/svanryder/ https://x.com/SamVR

    45 min
  2. Be Fearless Online: In-Browser Email Security

    5 DAYS AGO

    Be Fearless Online: In-Browser Email Security

    About the Guest: Jeswin Mathai is the Chief Architect at SquareX. He leads the team responsible for designing and implementing the Infrastructure. Prior to joining SquareX, He was working as the chief architect at INE. He has published his work at DEFCON China, RootCon, Blackhat Arsenal, and Demo Labs (DEFCON). He has also been a co-trainer in-classroom training conducted at Black Hat Asia, HITB, RootCon, and OWASP NZ Day. He has a Bachelor's degree from IIIT Bhubaneswar. He was the team lead at InfoSec Society IIIT Bhubaneswar in association with CDAC and ISEA, which performed security auditing of government portals and conducted awareness workshops for government institutions. His area of interest includes Cloud Security, Container Security, and Web Application Security. Episode Summary: In this captivating episode of 'The Philip Wylie Show', host Philip Wylie is joined once again by offensive security aficionado Jeswin Mathai. This talk orbits around the expansive realm of professional hacking, highlighting the persistent curiosity and zealous passion these experts have for overcoming challenges in their line of work. With Jeswin on board, listeners can anticipate an in-depth exploration of Squarex's new and riveting features aimed at staving off online vulnerabilities. The episode delves into the intricate world of in-browser malicious file detection, a pressing issue in today's digital-heavy climate. Jeswin Mathai meticulously walks listeners through the challenges surrounding the detection of malicious files, expanding upon why conventional antivirus solutions struggle and how attackers exploit naïveté during delivery. Furthermore, he presents a live demonstration of Squarex's monumental browser integration, showcasing its real-time detection capabilities and remediation options, elevating Gmail's native security measures to impressive new heights. Key Takeaways: Squarex is revolutionizing online security: The discussion reveals how the product can enhance Gmail security by detecting and alerting users to potential threats before they materialize. In-browser file analysis: Squarex performs comprehensive checks directly within your browser, maintaining user privacy while offering robust protection against malicious files. Malicious macros are a key threat vector: Jeswin explains how attackers utilize document macros, often undetected by traditional antivirus software, to compromise user systems. Real-time alerts and remediation: Squarex provides instantaneous analysis of file attachments, distinguishing malicious intent and providing safer alternatives for download. Enhanced user-friendly protection: The product is designed for ease of use, offering an intuitive safety net for both tech-savvy individuals and those less accustomed to cybersecurity measures. Notable Quotes: "The moment you open it, it's almost instantaneous. And not only is it telling you contains macros, tells you the details." "This is a macro free version created right there in your browser, in case if you're concerned that something can go wrong." "Email is like the primary source right now of delivery of malicious payload." "So we have received the mail. So now as you can notice, this is a macro enabled file, but Gmail didn't say anything." "It's a full blown file system packaged in just one single file, and how crazy it can be to detect malicious macros." Resources: Get your free Chrome plugin: ⁠⁠http://sqrx.io/pw_x⁠⁠ ⁠⁠https://www.linkedin.com/company/getsquarex/⁠⁠ ⁠⁠https://twitter.com/getsquarex⁠⁠ ⁠⁠https://www.instagram.com/getsquarex/

    51 min
  3. Joe Brinkley aka The Blind Hacker

    SEP 3

    Joe Brinkley aka The Blind Hacker

    Summary In this episode, Joe Brinkley, also known as the blind hacker, joins Phillip Wylie to discuss his hacker origin story and offer advice for breaking into offensive security and pen testing. They also explore the commoditization of pen testing, the evolution of the industry, and the challenges of testing complex environments. Joe shares his insights on the different generations of hackers and the role of automation and AI in pen testing. He also talks about his work with the Mentor Village and offers resources for those interested in starting their own cybersecurity brand or company. Takeaways Joe Brinkley, also known as the blind hacker, shares his hacker origin story and offers advice for breaking into offensive security and pen testing. The commoditization of pen testing has led to a shift in the industry, with companies seeking budget-friendly alternatives and rotating vendors frequently. Automation and AI play a significant role in pen testing, allowing for faster and more efficient testing, but human expertise is still crucial for in-depth analysis and finding vulnerabilities that automated tools may miss. The industry is currently in the sixth or seventh generation of hackers, with increased access to education and tools, but also more complex environments to test. Joe Brinkley is actively involved in the Mentor Village, offering mentoring, education, and resources to those interested in cybersecurity. He encourages individuals to build their own cybersecurity brand and consider starting their own cybersecurity company, emphasizing the importance of branding and networking in the industry. Sound Bites "I don't care who you go to, learn something." "Long-term security is the value we provide" "People are looking for a budget-friendly alternative because compliance and insurance now require yearly security activities." Resources https://www.linkedin.com/in/brinkleyjoseph/ https://x.com/TheBlindHacker https://x.com/deadpixelsec https://deadpixelsec.com/ Chapters 00:00 Introduction and Background 06:24 Advice for Breaking into Offensive Security 10:39 The Commoditization of Pentesting 15:53 The Impact of Compliance and Cyber Insurance 22:03 Challenges Faced by Practitioners in Limited Time Windows 25:33 The Evolution of Hackers and Accessibility of Education and Tools 30:36 The Role of Automation, Orchestration, and AI in Modern Pentesting 36:23 Building Cybersecurity Brands and the Mentor Village 41:14 Conclusion 41:52 Phillip Wylie Show Outro Video.mp4

    42 min
  4. Live from BSides Twin Cities 2024

    AUG 29

    Live from BSides Twin Cities 2024

    Summary In this live episode of The Phillip Wylie Show, cybersecurity experts Ira Winkler and Ryan Cloutier discuss their hacker origin stories and the evolution of hacking over the years. They emphasize the importance of basic cyber hygiene and the need to systematize the fundamentals of cybersecurity. They also discuss the risks and benefits of AI, highlighting the potential for manipulation and the need for safe adoption. The conversation touches on the role of policies and procedures, the alignment of cybersecurity with business objectives, and the impact of technology on human experiences. Takeaways Basic cyber hygiene is essential in preventing hacking and improving cybersecurity. AI is ready for prime time, but organizations need to ensure safe adoption and consider the potential risks and impacts. Systematizing the fundamentals of cybersecurity and aligning it with business objectives is crucial for effective cybersecurity programs. Technology should be designed with people in mind, considering their experiences and needs. Understanding the risks and benefits of new technologies, such as AI, is important for making informed decisions and designing resilient systems. Quotes "All I did my whole career is primarily take advantage of bad awareness, bad administration, bad configurations." "We're gonna have an overabundance of tooling and an underabundance of looking at the business processes themselves." "Your users are a company resource that are gonna be fallible, just like any other resource you have." Resources https://www.linkedin.com/in/irawinkler/ https://www.linkedin.com/in/ryan-cloutier/ https://cruisecon.com/ Chapters 00:00 Introduction and Hacker Origin Stories 05:39 The Evolution of Hacking and Basic Cyber Hygiene 08:03 Threat Landscape and Shifting Attack Profiles 10:18 The Impact of Social Media and Bring Your Own Device 18:05 Systematizing the Basics and Enforcing Policies 23:35 Aligning Cybersecurity with the Business and Employee Experience 26:01 AI: Readiness and Safe Adoption 32:13 Understanding AI as Math and the Potential Risks 34:48 Personal Intimate Information and the Weaponization of AI

    35 min
  5. Dahvid Schloss: From JSOC to Offensive Security

    AUG 27

    Dahvid Schloss: From JSOC to Offensive Security

    Summary David Schloss shares his hacker origin story, starting with his military background and how he ended up in the field of cybersecurity. He talks about his time in the Joint Special Operations Command (JSOC) and the unique missions he was involved in. He also discusses his transition to the private sector and his current role as a Hive Leader at Covert Swarm. The skills he acquired in JSOC have been highly transferable and valuable in his offensive security career. In this conversation, Dahvid Schloss discusses his experience at Seer, a practice prison camp that taught him transferable skills like lock picking and prison escape. He also talks about the challenges of transitioning from using malware and exploits to using his brain in the civilian world. Dahvid emphasizes the importance of finding your passion within offensive security and recommends exploring different areas to figure out what you enjoy. He also highlights the significance of building a personal brand in the cybersecurity field and encourages professionals to be more public about their skills and expertise. Takeaways David Schloss has a military background and served in the Joint Special Operations Command (JSOC), where he was involved in unique and high-value missions. He transitioned to the private sector and currently works as a Hive Leader at Covert Swarm, focusing on continuous APT emulation. The skills he acquired in JSOC, such as threat emulation, malware development, and exploit development, have been highly transferable and valuable in his offensive security career. David emphasizes the importance of privacy and cybersecurity as basic human rights and aims to grow the field by helping individuals with no experience enter the industry and supporting specialization for those already in the field. Seer, a practice prison camp, taught Dahvid Schloss transferable skills like lock picking and prison escape, which he found helpful in the cybersecurity field. Transitioning from using malware and exploits to using his brain in the civilian world was challenging for Dahvid. Dahvid recommends exploring different areas within offensive security to find your passion and avoid pigeonholing yourself into a specific role. Building a personal brand is crucial in the cybersecurity field to showcase your skills and expertise. Dahvid encourages professionals to be more public about their personal brand and expertise to increase job opportunities and career growth. Quotes "I got through this course, I graduated, and I got to do the fun job of being a special operations communicator." "Seer was amazing. So Seer is like practice prison camp, right? Which sounds why would that be amazing to cyber? And the reason is, is because they teach you some transferable skills, like how to pick locks and how to escape from prisons." "Having access to really good malware, really good exploits was not at all. It sounds like it would be really helpful, but it was a hard transfer for me, especially because I'm so used to being able to go dot slash execute. And now I'm on a box and now I have to go, Oh, I have to use my brain." "Offensive security is massive. It's like, there is no way you can be a master of all. Like there is only one and that's John Hammond so far. That's all I've seen. He's, know, he's got, he's got the chops, but we can't all be him. Right. So, um, really like my biggest recommendation." Resources https://www.linkedin.com/in/dahvidschloss/ https://x.com/DahvidSchloss Chapters 00:00 Introduction and Background 02:36 Military to Cybersecurity Transition 08:41 Learning Cybersecurity Skills 17:34 JSOC and Fighting High-Value Targets 26:34 Transferable Skills and Challenges in Offensive Security 29:55 Exploring Different Areas in Offensive Security 39:04 The Importance of Building a Personal Brand 46:41 Opportunities for Growth in Smaller Cybersecurity Startups 49:49 Taking the Time to Find Your Path i

    51 min
  6. Eric Teichmiller: Exploring Cybersecurity Careers

    AUG 20

    Eric Teichmiller: Exploring Cybersecurity Careers

    Summary In this episode of the Phillip Wylie Show, Phillip is joined by Eric Teichmiller, a technical account manager at Horizon 3. Eric shares his background in cybersecurity and his journey from IT to risk and compliance to offensive security. He explains his role as a technical account manager and how his defensive background helps him understand and support customers. Eric also discusses the benefits of certifications, offers advice for getting into cybersecurity, and shares his study tips and strategies for avoiding burnout. Takeaways Eric Teichmiller shares his background in cybersecurity and his journey from IT to risk and compliance to offensive security. As a technical account manager, Eric supports customers and acts as a subject matter expert for autonomous pen testing. Certifications can be beneficial in the cybersecurity field, but work experience and the ability to connect with interviewers are also important. Eric advises aspiring cybersecurity professionals to never stop learning, focus on building experience, and apply intentionally for positions. To avoid burnout while studying, eliminate distractions, find a learning method that works for you, and have hobbies outside of your day job. Eric's goal at Horizon3 is to explore positions that allow him to take a big picture approach and continue problem-solving. Sound Bites "I'm really enjoying cybersecurity as a whole." "I kind of have that customer perspective." "Everything that they were geeking out on not only works, but it works well." Chapters 00:00 Introduction and Background 03:29 The Role of a Technical Account Manager 06:36 Transitioning from Defensive to Offensive Security 08:41 The Fascination with Autonomous Pen Testing 12:14 The Value of Certifications and Continuous Learning 14:13 Advice for Job Seekers in Cybersecurity 15:55 Navigating Job Descriptions and Requirements 20:12 Avoiding Burnout in Cybersecurity 24:07 Goals and Future Plans at Horizon 3 25:59 Final Thoughts and Conclusion Resources https://www.linkedin.com/in/eric-teichmiller-82296295/ https://x.com/ericteichmiller

    27 min
  7. Jeff Man: From NSA to Pentesting

    AUG 13

    Jeff Man: From NSA to Pentesting

    About the Guest: Jeff Man is a seasoned professional in the cybersecurity industry, with a rich history in penetration testing and security. He began his career at the National Security Agency (NSA) and has since become renowned for his expertise and contributions to the field. Jeff is also a co-host on Paul Security Weekly and frequently shares his insights at notable security conferences. His vast experience and deep understanding of the industry's evolution make him a respected figure in cybersecurity. Episode Summary: In this captivating episode of the Phillip Wylie Show, host Phillip Wylie welcomes cybersecurity veteran Jeff Man. Known for his storied career starting at the NSA, Jeff dives into his unique hacker origin story and the evolution of penetration testing. This episode is packed with insights, anecdotes, and practical advice for anyone interested in the cybersecurity landscape. Jeff Man shares his early experiences working at NSA, highlighting key moments such as his involvement in creating the first software-based cryptosystem. He delves into the early days of penetration testing, describing how methodologies and technologies have transformed over the years. Jeff also discusses the importance of understanding penetration testing's true objectives and offers guidance on how organizations can maximize the value of these tests. His reflections on the cybersecurity community, vendor relationships, and the need for precise terminology provide valuable perspectives for practitioners and enthusiasts alike. Key Takeaways: • Jeff's Striking Background: Learn about Jeff Man's remarkable career trajectory, from his start at the NSA to his present role as a cybersecurity expert and podcaster. • Evolution of Pen Testing: Understand the shifts in penetration testing methods, technologies, and industry perceptions over the past three decades. • Maximizing Pen Test Effectiveness: Discover practical advice on how organizations can make the most out of their penetration testing efforts by setting clear objectives and collaborating with trusted advisors. • Cybersecurity Insights: Jeff emphasizes the importance of understanding and correctly using industry terminology and the value of a comprehensive security program. • Community and Learning: Hear Jeff's thoughts on the cybersecurity community, including his participation in conferences and his ongoing mission to educate and mentor upcoming professionals. Notable Quotes: • "I've always tried to ascribe to that. You might lose something in the near term by saying, well, what we have really isn't the best thing for you right now." • "Pen testers are the unsung heroes of the industry, often with relatively boring stories, but they are crucial to the security landscape." • "Very rarely do I see a pen test report that's actually, we tried to break in, or we tried to gain access, or we tried to gain unannounced access." • "I've always been a consultant. I've always been sort of in this trusted advisor role." • "And I have clients that I've been working with now for 15, 20, 25 years. Not all the time, but when they need something, they're like, hey, let me give Jeff a call and see what he has to say." Resources: Jeff Man LinkedIn: https://www.linkedin.com/in/jeffreyeman/ Jeff Man X(formerly Twitter): https://x.com/MrJeffMan Jeff Man on Paul Security Weekly: https://www.scmagazine.com/security-weekly

    49 min
  8. Andrew Lemon: Engineering Your Own Opportunities

    AUG 5

    Andrew Lemon: Engineering Your Own Opportunities

    About the Guest:  Andrew Lemon is a seasoned offensive security professional and founder of Red Threat, a cybersecurity consulting firm focused on pentesting, red teaming, and ransomware readiness assessments. With a wealth of experience from working at Boeing, Dell, and other tech corporations, Andrew has become a respected figure in the cybersecurity community, known for his contributions to physical security, social engineering, and AI pentesting. Andrew is also an advocate for transparency and community support within the cybersecurity industry.  Episode Summary:  Welcome to another episode of the Phillip Wylie Show, where host Phillip Wylie dives into the fascinating journey of his friend and cybersecurity expert, Andrew Lemon. Andrew shares his unique hacker origin story, from tech-savvy childhood and learning from his Novell admin dad to becoming the founder of Red Threat. With an emphasis on practical, hands-on experience, Andrew discusses how he has approached building a successful career in offensive security and what it takes to start a thriving consulting business.  In this comprehensive conversation, Andrew explains the strategies and technologies he employs in his assessments, the importance of tailoring services to client maturity levels, and insights into some of his latest research, including traffic control system vulnerabilities and AI pentesting. Phillip and Andrew also explore the critical nature of crafting a personal brand and the value of community-driven networking in cybersecurity. These engaging insights make this a must-listen episode for anyone interested in the inner workings of professional hacking and security consulting.  Key Takeaways:  Starting a cybersecurity consulting business: Andrew highlights the importance of financial planning, brand recognition, and maintaining integrity in service offerings.  Ransomware readiness assessments: A key focus for Andrew’s company, Red Threat, is preparing organizations for ransomware attacks by simulating real-world scenarios and actor techniques.  Physical security and social engineering: Despite the transition to remote work, physical security assessments remain a crucial part of Andrew's toolkit, demonstrating easy-to-understand vulnerabilities.  AI pentesting: Andrew talks about the emerging field of AI pentesting, shedding light on the unique challenges and methodologies, including leveraging the OWASP Top Ten for AI.  Career advice: Emphasizing the importance of networking and creating opportunities, Andrew shares actionable tips on how to navigate and succeed in the cybersecurity industry.  Notable Quotes:  "Growth begins at the edge of your comfort zone."  "If you want to see an area mature, look at it through the lens of an attacker."  "My main goal has been transparency."  "For me, it's all about delivering the highest integrity I can."  "There's no rulebook in the job market—you can always re-engineer your career path."  Resources:  Andrew Lemon on LinkedIn  Red Threat  Defcon  OWASP Top Ten for AI  For more in-depth insights and to hear the full conversation, be sure to listen to the complete episode. Stay tuned for more engaging discussions on the Phillip Wylie Show, where you get a behind-the-curtain look at the world of professional hacking.

    34 min

Ratings & Reviews

5
out of 5
14 Ratings

About

Join Phillip Wylie Show host Phillip Wylie as he and his guests discuss the intriguing and ever-expanding field of cybersecurity, including topics from the offensive security side to the defensive and response sides of cybersecurity. Frequent offensive security topics include pentesting, red teaming, ethical hacking, security research, and bug bounties. Guests share their origin stories, tips, and career advice. Phillip and his guests discuss content creation and personal branding in this podcast. If you enjoyed Phillip's previous podcast, The Hacker Factory, you will love this!

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.

Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada