Interview: On inspiration and pentesting rigs

by Black Hat Middle East and Africa
on
Interview: On inspiration and pentesting rigs

#BHMEA23 speaker Phillip Wylie (Security Solutions Specialist at CYE) is an offensive security professional with over 25 years in the industry. His specialities include pentesting and security vulnerability assessments. He’s also the author of a book, The Pentester Blueprint, and host of popular cybersecurity podcast The Hacker Factory – both of which are driven by his passion to help others launch and sustain careers in cybersecurity.

We asked Wylie about the first steps you should take towards working as a pentester or information security professional, and what his pentesting rigs look like today. Here’s what he told us.

Could you briefly share your career journey so far?

“I started my career as a CAD (computer-assisted drafting) drafter, and after a few years working as a CAD drafter, I discovered the role of system administrator. I taught myself how to build computers and took a 90-day Novel NetWare network operating system course. After completing the course, I got my first system administrator job in September 1997.

“I worked as a system administrator until January 2004 and was offered a role on the security team. I started out in network security managing firewalls, and intrusion detection systems (IDSs), doing vulnerability scans, and risk assessments. In 2005 I moved into an application security role and that is where I decided that I wanted to become a pentester. I did web application vulnerability scans and managed third-party pentests and remediation. I got laid off in 2012 – and I got a job consulting as a pentester.”

For someone interested in becoming a pentester, what steps would you encourage them to take first?

“I would encourage them to learn more about the role of a pentester to make sure it is something they genuinely want to do. Then if it is something they want to do, they need to learn IT basics such as operating systems, and networking, or if they want to be a web application pentester learn the basics of web development and how web and web applications work. You need to understand the technology and security of the technologies you are going to test to be able to penetrate the security of the target.”

What do your pentesting rigs look like today? Has the tech you used changed a lot over the course of your career?

“I am a fan of both Mac OS and Linux. When I perform internal pentests I use a Mac or a computer with Linux. I run virtual machines (VMs) for Kali Linux or Parrot OS for most of my testing tools. I like to have a virtual private server (VPS) that is hosted in the cloud for doing external pentests.

“Tech has changed a lot over the course of my career. Most servers and computer systems were on prem in company datacenters. The adoption of cloud started to catch on and companies started moving more to the cloud. Mobile technology such as smartphones and tablets have become more popular.”

Could you share any projects you've worked on that you're particularly proud of, or that have had an impact that means a lot to you?

“Not so much projects, but mentoring, teaching, speaking, and contributing to the cybersecurity community are my most proud accomplishments. Helping others get their first security job or move into pentesting is such a rewarding feeling.  

“Writing The Pentester Blueprint was a great accomplishment, and I love the way it has helped so many advance their careers and guide them to becoming pentesters.

“Third on the list for me is my podcast, which plays into my first item. The stories and advice from my guests inspire and encourage my listeners, of which many are aspiring security professionals.”

Finally, what's the value of events like Black Hat MEA for you and/or the industry?

“Events like Black Hat MEA are great opportunities for cybersecurity professionals to learn, network, and share with others. With events like Black Hat MEA having speakers and attendees from around the globe, it is an opportunity to meet people that you might not otherwise get the chance to meet.”
Thanks to Phillip Wylie at CYE. Want to learn more? Register now to attend Black Hat MEA 2023.

Share on

Join newsletter

Join the newsletter to receive the latest updates in your inbox.


Follow us


Topics

Sign up for more like this.

Join the newsletter to receive the latest updates in your inbox.

Related articles

The bad guys share. Do you?

The bad guys share. Do you?

We asked Gram Ludlow (SVP, CISO at Marriott Vacations Worldwide) what forms of cyberthreat he’s seeing a lot of right now – and why it’s important for CISOs to share information.

Read More