The Internet of Things (IoT) and Industrial Internet of Things (IIoT) are integrated systems that combine software and physical components. These integrated systems have experienced rapid growth over the past decade, from fields as disparate as telemedicine, smart manufacturing, autonomous vehicles, industrial control systems, smart power grids, remote laboratory environments, and many more. As IIoT becomes increasingly ubiquitous throughout supply chains, malicious attacks by hostile actors have grown exponentially in recent years. Attacks on critical national infrastructure (CNI) such as oil pipelines or electrical power grids have become commonplace, as increased connectivity to the public internet increases the attack surface of IIoT. This paper presents a review of the current academic literature describing the state of the art of the use of simulated environments and testbeds in the system development life cycle for IIoT environments, with a focus on the use of simulators for rapid iteration of security validation tests during the development process. As a new contribution, this paper also identifies outstanding challenges in the field, and maps selected challenges to potential solutions and/or opportunities for further research.