Description

About the Guest: 

Andrew Lemon is a seasoned offensive security professional and founder of Red Threat, a cybersecurity consulting firm focused on pentesting, red teaming, and ransomware readiness assessments. With a wealth of experience from working at Boeing, Dell, and other tech corporations, Andrew has become a respected figure in the cybersecurity community, known for his contributions to physical security, social engineering, and AI pentesting. Andrew is also an advocate for transparency and community support within the cybersecurity industry. 

Episode Summary: 

Welcome to another episode of the Phillip Wylie Show, where host Phillip Wylie dives into the fascinating journey of his friend and cybersecurity expert, Andrew Lemon. Andrew shares his unique hacker origin story, from tech-savvy childhood and learning from his Novell admin dad to becoming the founder of Red Threat. With an emphasis on practical, hands-on experience, Andrew discusses how he has approached building a successful career in offensive security and what it takes to start a thriving consulting business. 

In this comprehensive conversation, Andrew explains the strategies and technologies he employs in his assessments, the importance of tailoring services to client maturity levels, and insights into some of his latest research, including traffic control system vulnerabilities and AI pentesting. Phillip and Andrew also explore the critical nature of crafting a personal brand and the value of community-driven networking in cybersecurity. These engaging insights make this a must-listen episode for anyone interested in the inner workings of professional hacking and security consulting. 

Key Takeaways: 

• Starting a cybersecurity consulting business: Andrew highlights the importance of financial planning, brand recognition, and maintaining integrity in service offerings. 

• Ransomware readiness assessments: A key focus for Andrew’s company, Red Threat, is preparing organizations for ransomware attacks by simulating real-world scenarios and actor techniques. 

• Physical security and social engineering: Despite the transition to remote work, physical security assessments remain a crucial part of Andrew's toolkit, demonstrating easy-to-understand vulnerabilities. 

• AI pentesting: Andrew talks about the emerging field of AI pentesting, shedding light on the unique challenges and methodologies, including leveraging the OWASP Top Ten for AI. 

• Career advice: Emphasizing the importance of networking and creating opportunities, Andrew shares actionable tips on how to navigate and succeed in the cybersecurity industry. 

Notable Quotes: 

• "Growth begins at the edge of your comfort zone." 
• "If you want to see an area mature, look at it through the lens of an attacker." 
• "My main goal has been transparency." 
• "For me, it's all about delivering the highest integrity I can." 
• "There's no rulebook in the job market—you can always re-engineer your career path." 

Resources: 

• Andrew Lemon on LinkedIn 

• Red Threat 

• Defcon 

• OWASP Top Ten for AI 

For more...