EPISODE · Jun 23, 2026 · 58 MIN
Ridge Security in the Real World: An Offensive Security Practitioner's Perspective
from Phillip Wylie Show · host Phillip Wylie
## How AI-Powered Penetration Testing Is Transforming Security Validation with Andy Simpson**Sponsored by Ridge Security**In this sponsored episode of The Phillip Wylie Show, Phillip Wylie welcomes Andy Simpson, founder of Cipher Security, for an in-depth discussion about the future of penetration testing, continuous security validation, API security, and the growing role of AI in offensive security.What makes this conversation unique is that Andy is not a Ridge Security employee. As a cybersecurity consultant and penetration testing practitioner, he evaluated multiple automated security testing platforms before selecting Ridge Security to help scale and enhance his team's testing capabilities.Drawing on decades of experience in IT, infrastructure, executive leadership, and offensive security, Andy shares his journey from working at IBM to building a successful offensive security consultancy serving organizations throughout Australia and New Zealand.The conversation explores the challenges facing modern security teams, including expanding attack surfaces, API security risks, infostealer-driven attacks, limited security resources, and the need to continuously validate security controls. Andy also demonstrates how automation and AI-driven testing are changing the way organizations identify and validate risk.## Topics Covered* Andy Simpson's cybersecurity origin story* From IBM engineer to offensive security consultant* The evolution of penetration testing* Common shortcomings in traditional API assessments* Continuous Threat Exposure Management (CTEM)* Vulnerability validation versus vulnerability identification* Automated penetration testing at scale* Attack surface management## Key Takeaways* Annual penetration testing is often insufficient for today's threat landscape.* Organizations need continuous validation of their attack surface and security controls.* API security remains one of the most overlooked areas of cybersecurity.* Security teams must focus on validating risk rather than simply identifying vulnerabilities.* Automation helps security teams scale without sacrificing visibility.* Generative AI is enabling deeper testing of business logic and application workflows.* Human expertise remains critical, but AI-powered testing is becoming an important force multiplier.* Attackers are increasingly leveraging stolen credentials and authenticated access paths, making continuous testing more important than ever.Connect with Andy Simpson:Andy's LinkedIn:https://www.linkedin.com/in/andy-simpson-nz/Cipher Security website: https://ciphersecurity.co.nz/## Episode SponsorThis episode is sponsored by Ridge Security.Connect with Ridge Security:Ridge Security website: https://ridgesecurity.aiGet a free RidgeBot Demo: https://ridgesecurity.ai/demo-request/Ridge Security LinkedIn: https://www.linkedin.com/company/ridge-security/posts/?feedView=allRidge Security provides automated penetration testing and security validation solutions that help organizations continuously identify, validate, and prioritize security risks across networks, web applications, APIs, and cloud environments. During this episode, Andy shares his firsthand experience using Ridge Security's platform as part of his offensive security practice. ## Connect with Andy SimpsonConnect with Andy on LinkedIn to learn more about offensive security, API testing, threat exposure management, and the future of AI-powered security testing.## Listen, Subscribe, and ShareEnjoyed the episode? Subscribe to The Phillip Wylie Show, leave a review, and share this episode with your network to help others learn about the future of penetration testing and security validation.#ThePhillipWylieShow #Cybersecurity #PenTesting #OffensiveSecurity #APISecurity #AI #ArtificialIntelligence #CTEM #ThreatExposureManagement #RidgeSecurity #SecurityTesting #EthicalHacking #CyberDefense #InfoSec #CyberRisk
What this episode covers
## How AI-Powered Penetration Testing Is Transforming Security Validation with Andy Simpson**Sponsored by Ridge Security**In this sponsored episode of The Phillip Wylie Show, Phillip Wylie welcomes Andy Simpson, founder of Cipher Security, for an in-depth discussion about the future of penetration testing, continuous security validation, API security, and the growing role of AI in offensive security.What makes this conversation unique is that Andy is not a Ridge Security employee. As a cybersecurity consultant and penetration testing practitioner, he evaluated multiple automated security testing platforms before selecting Ridge Security to help scale and enhance his team's testing capabilities.Drawing on decades of experience in IT, infrastructure, executive leadership, and offensive security, Andy shares his journey from working at IBM to building a successful offensive security consultancy serving organizations throughout Australia and New Zealand.The conversation explores the challenges facing modern security teams, including expanding attack surfaces, API security risks, infostealer-driven attacks, limited security resources, and the need to continuously validate security controls. Andy also demonstrates how automation and AI-driven testing are changing the way organizations identify and validate risk.## Topics Covered* Andy Simpson's cybersecurity origin story* From IBM engineer to offensive security consultant* The evolution of penetration testing* Common shortcomings in traditional API assessments* Continuous Threat Exposure Management (CTEM)* Vulnerability validation versus vulnerability identification* Automated penetration testing at scale* Attack surface management## Key Takeaways* Annual penetration testing is often insufficient for today's threat landscape.* Organizations need continuous validation of their attack surface and security controls.* API security remains one of the most overlooked areas of cybersecurity.* Security teams must focus on validating risk rather than simply identifying vulnerabilities.* Automation helps security teams scale without sacrificing visibility.* Generative AI is enabling deeper testing of business logic and application workflows.* Human expertise remains critical, but AI-powered testing is becoming an important force multiplier.* Attackers are increasingly leveraging stolen credentials and authenticated access paths, making continuous testing more important than ever.Connect with Andy Simpson:Andy's LinkedIn:https://www.linkedin.com/in/andy-simpson-nz/Cipher Security website: https://ciphersecurity.co.nz/## Episode SponsorThis episode is sponsored by Ridge Security.Connect with Ridge Security:Ridge Security website: https://ridgesecurity.aiGet a free RidgeBot Demo: https://ridgesecurity.ai/demo-request/Ridge Security LinkedIn: https://www.linkedin.com/company/ridge-security/posts/?feedView=allRidge Security provides automated penetration testing and security validation solutions that help organizations continuously identify, validate, and prioritize security risks across networks, web applications, APIs, and cloud environments. During this episode, Andy shares his firsthand experience using Ridge Security's platform as part of his offensive security practice. ## Connect with Andy SimpsonConnect with Andy on LinkedIn to learn more about offensive security, API testing, threat exposure management, and the future of AI-powered security testing.## Listen, Subscribe, and ShareEnjoyed the episode? Subscribe to The Phillip Wylie Show, leave a review, and share this episode with your network to help others learn about the future of penetration testing and security validation.#ThePhillipWylieShow #Cybersecurity #PenTesting #OffensiveSecurity #APISecurity #AI #ArtificialIntelligence #CTEM #ThreatExposureManagement #RidgeSecurity #SecurityTesting #EthicalHacking #CyberDefense #InfoSec #CyberRisk
NOW PLAYING
Ridge Security in the Real World: An Offensive Security Practitioner's Perspective
No transcript for this episode yet
Similar Episodes
No similar episodes found.