Phillip Wylie Show

Ridge Security in the Real World: An Offensive Security Practitioner's Perspective


Listen Later

## How AI-Powered Penetration Testing Is Transforming Security Validation with Andy Simpson**Sponsored by Ridge Security**In this sponsored episode of The Phillip Wylie Show, Phillip Wylie welcomes Andy Simpson, founder of Cipher Security, for an in-depth discussion about the future of penetration testing, continuous security validation, API security, and the growing role of AI in offensive security.What makes this conversation unique is that Andy is not a Ridge Security employee. As a cybersecurity consultant and penetration testing practitioner, he evaluated multiple automated security testing platforms before selecting Ridge Security to help scale and enhance his team's testing capabilities.Drawing on decades of experience in IT, infrastructure, executive leadership, and offensive security, Andy shares his journey from working at IBM to building a successful offensive security consultancy serving organizations throughout Australia and New Zealand.The conversation explores the challenges facing modern security teams, including expanding attack surfaces, API security risks, infostealer-driven attacks, limited security resources, and the need to continuously validate security controls. Andy also demonstrates how automation and AI-driven testing are changing the way organizations identify and validate risk.## Topics Covered* Andy Simpson's cybersecurity origin story* From IBM engineer to offensive security consultant* The evolution of penetration testing* Common shortcomings in traditional API assessments* Continuous Threat Exposure Management (CTEM)* Vulnerability validation versus vulnerability identification* Automated penetration testing at scale* Attack surface management## Key Takeaways* Annual penetration testing is often insufficient for today's threat landscape.* Organizations need continuous validation of their attack surface and security controls.* API security remains one of the most overlooked areas of cybersecurity.* Security teams must focus on validating risk rather than simply identifying vulnerabilities.* Automation helps security teams scale without sacrificing visibility.* Generative AI is enabling deeper testing of business logic and application workflows.* Human expertise remains critical, but AI-powered testing is becoming an important force multiplier.* Attackers are increasingly leveraging stolen credentials and authenticated access paths, making continuous testing more important than ever.Connect with Andy Simpson:Andy's LinkedIn:

https://www.linkedin.com/in/andy-simpson-nz/Cipher Security website: https://ciphersecurity.co.nz/## Episode SponsorThis episode is sponsored by Ridge Security.Connect with Ridge Security:Ridge Security website: https://ridgesecurity.aiGet a free RidgeBot Demo: https://ridgesecurity.ai/demo-request/

Ridge Security LinkedIn: https://www.linkedin.com/company/ridge-security/posts/?feedView=allRidge Security provides automated penetration testing and security validation solutions that help organizations continuously identify, validate, and prioritize security risks across networks, web applications, APIs, and cloud environments. During this episode, Andy shares his firsthand experience using Ridge Security's platform as part of his offensive security practice. ## Connect with Andy SimpsonConnect with Andy on LinkedIn to learn more about offensive security, API testing, threat exposure management, and the future of AI-powered security testing.## Listen, Subscribe, and ShareEnjoyed the episode? Subscribe to The Phillip Wylie Show, leave a review, and share this episode with your network to help others learn about the future of penetration testing and security validation.#ThePhillipWylieShow #Cybersecurity #PenTesting #OffensiveSecurity #APISecurity #AI #ArtificialIntelligence #CTEM #ThreatExposureManagement #RidgeSecurity #SecurityTesting #EthicalHacking #CyberDefense #InfoSec #CyberRisk

...more
View all episodesView all episodes
Download on the App Store

Phillip Wylie ShowBy Phillip Wylie

  • 4.9
  • 4.9
  • 4.9
  • 4.9
  • 4.9

4.9

18 ratings


More shows like Phillip Wylie Show

View all
The Social-Engineer Podcast by Social-Engineer, LLC

The Social-Engineer Podcast

150 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

369 Listeners

Risky Business by Risky Business Media

Risky Business

375 Listeners

Down the Security Rabbithole Podcast (DtSR) by Rafal (Wh1t3Rabbit) Los

Down the Security Rabbithole Podcast (DtSR)

98 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

648 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,030 Listeners

Click Here by Recorded Future News

Click Here

421 Listeners

Cleared Hot - Powered By BRCC by Andy Stumpf

Cleared Hot - Powered By BRCC

11,005 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

8,051 Listeners

Talkin' Bout [Infosec] News by Black Hills Information Security

Talkin' Bout [Infosec] News

93 Listeners

All-In with Chamath, Jason, Sacks & Friedberg by All-In Podcast, LLC

All-In with Chamath, Jason, Sacks & Friedberg

10,182 Listeners

The Jack Carr Channel by Jack Carr

The Jack Carr Channel

2,897 Listeners

Risky Bulletin by Risky Business Media

Risky Bulletin

45 Listeners

Simply Defensive by Simply Cyber Media Group

Simply Defensive

2 Listeners

Simply Offensive by Suzu Labs

Simply Offensive

3 Listeners