Enterprise Security Weekly Subscribe

Vulnerability Management, Penetration Testing, Automated penetration testing

Penetration Tests: useful, pointless, harmful, required, ineffective? – Phillip Wylie – ESW #398

March 16, 2025

Penetration tests are probably the most common and recognized cybersecurity consulting services. Nearly every business above a certain size has had at least one pentest by an external firm.

Here's the thing, though - the average ransomware attack looks an awful lot like the bog standard pentest we've all been purchasing or delivering for years. Yet thousands of orgs every year fall victim to these attacks. What's going on here? Why are we so bad at stopping the very thing we've been training against for so long?

This Interview with Phillip Wylie will provide some insight into this! Spoiler: a lot of the issues we had 10, even 15 years ago remain today.

Segment resources:

Phillip's talk, Optimal Offensive Security Programs from Dia de los Hackers last fall

Full episode and show notes

Announcements

Identiverse 2025 is returning to Las Vegas, June 3-6. Hear from 250+ expert speakers and connect with 3,000+ identity security professionals across four days of keynotes, breakout sessions, and deep dives into the latest identity security trends. Plus, take part in hands-on workshops and explore the brand-new Non-Human Identity Pavilion. Register now and save 25% with code IDV25-SecurityWeekly at https://www.securityweekly.com/IDV2025

Guest

Host at Phillip Wylie Show

Phillip Wylie is an offensive security professional with over 21 years of cybersecurity experience. He is also a former Dallas College Adjunct Instructor where he taught pentesting and web application pentesting. Phillip has diverse experience in multiple cybersecurity disciplines, including network security, application security, and pentesting. As an offensive security professional with over a decade of experience, he has conducted pentests of networks, Wi-Fi networks, and applications.

Phillip’s contributions to the cybersecurity industry extend beyond his work as a pentester. He is the concept creator and co-author of The Pentester Blueprint: Starting a Career as an Ethical Hacker, a highly regarded book inspired by a lecture he presented to his class at Dallas College, which later became a conference talk. Phillip previously hosts The Phillip Wylie Show and The Hacker Factory Podcast. Lastly, he is a frequent speaker, keynote speaker, international speaker, and workshop instructor.

Hosts

Adrian Sanabria

Principal Researcher at The Defenders Initiative

https://adriansanabria.com

Fractional CISO | Author | Educator | Coffee Nerd at Cloud Security Labs

https://coffeewithayman.com/

Related

Vulnerability Management

Your Cloud is a Mess, and We Explore 5 Reasons Why – Marina Segal – ESW #398

March 17, 2025

It takes months to get approvals and remediate cloud issues. It can take months to fix even critical vulnerabilities! How could this be? I thought the cloud was the birthplace of agile/DevOps, and everything speedy and scalable in IT? How could cloud security be struggling so much? In this interview we chat with Marina Segal, the founder and CEO o...

Vulnerability Management

AI Bad, PHP, RDP, SuperBlack, VT, Deepseek, MassJacker, Roblox, Aaran Leyland… – SWN #459

March 14, 2025

AI Bad, PHP, Remote Desktop, SuperBlack, Deepseek, Volt Typhoon, MassJacker, Roblox, Aaran Leyland, and More, on this edition of the Security Weekly News.

Vulnerability Management

Brains, kill switch, parking fees, CobaltStrike, Minja, Allstate, GitHub, Josh Marpet – SWN #458

March 11, 2025

Brains, kill switch, unpaid parking, Cobalt Strike, Minja, Allstate, GitHub, Josh Marpet, and more on the Security Weekly News.