Phil Young

Phillip Young – Senior Vice President, Offensive Security, Undisclosed Bank

Philip is a cybersecurity and assurance expert. He has a deep background in IT Security dating back to high school and was able to translate that in to a career in IT risk and security after attaining his degree in computer science.

Prior to joining Visa, Philip worked at Ernst & Young and Grant Thornton as a Sr. IT Auditor conducting IT security process and system reviews for large financial institutions, specializing in Unix, Windows and Legacy systems. He continued this work when he moved over to Visa Inc’s internal audit department bringing his deep technical background to the types of audits typically found within a large, global, tech company. During this time he was applauded for his ability to translate between the business and the technical for management reporting.

In his spare time Philip enjoys exploring security on uncommon systems. As a result he recently devoted himself to raising awareness about the vulnerabilities in systems that are often referred to as ‘Legacy’. To demonstrate some of these platforms weaknesses he’s written multiple tools (available here: and given talks at various IT security and hacker conferences around the world including:

    • BlackHat USA
    • DEFCON
    • Shmoocon
    • BSidesLV
    • Thotcon
    • RSA

He has also been invited to speak on multiple podcasts including PaulDotCom, SecuraBit and Eurotrash Security.

Due to this personal endeavor Philip was invited to join the Global Information Security group, within Visa, to create and build the Core Systems Security group. In this role he has:

    • Re-written the technical security standards and requirements based on industry standards
    • Conducted detailed security assessments of our core platforms
    • Re-designed the SSDLC program to appropriately risk rank and assess applications
    • Re-wrote penetration testing processes and scope when testing core/commercial systems
    • Assessed network segregation
    • Designed a program to identify and assess rogue assets