Headshot of Philip Young

Philip Young


Director, Mainframe

Philip Young joined NetSPI in 2023 as the Director of Mainframe Penetration Testing to help enterprises better understand their mainframe cybersecurity threat landscape. Prior to joining NetSPI, Philip spent the past 15 years building mainframe penetration testing programs at Fortune 500 companies such as Visa Inc. and Wells Fargo Inc, covering z/OS, z/TPF, RACF, TSO, VTAM, CICS, TopSecret, Web apps and cloud. He has numerous certificates including but not limited to Security+, CISSP and OSCP. Philip has presented on mainframe cybersecurity around the globe at conferences such as BlackHat, SEC-T, GSE, RSA, Hactivity, DEFCON, and SHARE. He also co-created and taught the world’s only mainframe penetration testing class. He has contributed to multiple opensource tools such as Nmap and Metasploit to add support for z/OS, and has developed many opensource mainframe penetration testing tools such as CATMAP, APFCHECK, OMVSEnum, NJELib, XMILib and TN3270lib for Nmap, as well as brute force tools for TSO and CICS.