With more than 28 years in cybersecurity and IT, Phillip has worked across network security, application security, penetration testing, red teaming and social engineering. He is also the co-author of The Pentester BluePrint, host of The Phillip Wylie Show, and founder of The Pwn School Project, which focuses on practical cybersecurity education.
In this exclusive interview with the Cyber Security Speakers Agency, Phillip explains where organisations leave themselves exposed, how threat actors are adapting through IoT devices and overlooked infrastructure, and why cyber threat intelligence, practical training and realistic testing are now essential for teams trying to keep pace with modern attacks.
Join The European Business Briefing
New subscribers this quarter are entered into a draw to win a Rolex Submariner. Join 40,000+ founders, investors and executives who read EBM every day.
SubscribeQ-Many organisations now run vulnerability scans, security awareness training and phishing simulations. Where do you see the biggest gap between what they believe is secure and what would actually hold up under attack?
Phillip Wylie: “I think there are a couple of different things.
“One is their vulnerability management programme, where they’re doing vulnerability scanning and think that’s enough. With pentesting, they’re not using all the different methods to test.
“In some cases, companies will use software to do social engineering or phishing campaigns, but those don’t have a payload in them. So they’re really just testing security awareness.
“While that’s good, you really need to be testing using a payload to see what happens if someone accidentally clicks on one of those links that they shouldn’t click on.”
Q-Attackers are increasingly exploiting connected devices, cloud services and overlooked infrastructure. How are threat actors adapting faster than organisations can secure new technologies?
Phillip Wylie: “Threat actors have to continue to change the way they do things. It’s getting more difficult to get into organisations.
“One example was the Akira ransomware. They weren’t able to get a foothold in the environment, so threat actors are going to external devices like web security cameras, printers and different IoT-connected devices.
“They were able to hack that device, share a connection to one of the internal systems and then install the ransomware.
“They’re constantly having to alter the way they’re doing things because people are getting better at defending against them.”
Q-Security teams are under pressure to protect the business without becoming a blocker to growth. What does staying ahead of evolving threats look like in practice?
Phillip Wylie: “It’s kind of twofold.
“Education is one part: being educated on the latest types of defensive techniques, as well as learning how the threat actors are attacking.
“This is done through courses, education, webinars and cyber threat intelligence.
“If you’re keeping up with cyber threat intelligence and the latest news, you’re able to see what threat actors are using to exploit organisations.
“You’re able to stay ahead of the game.”
Q-Cybersecurity can become highly technical very quickly. When you speak to business leaders or wider audiences, what do you want them to leave the room understanding?
Phillip Wylie: “One of the things I get a lot is that I’m able to explain complex topics so people can understand them.
“When I give my speeches, I want people to be able to understand and learn something from them, and enjoy them as well.
“I like my presentations to be enjoyable and not boring.
“One of the main things I want is for them to come away learning something.”
This exclusive interview with Phillip Wylie was conducted by Tabish Ali of the Motivational Speakers Agency.
