IoT: The Internet of Threats

Finite State

If you're a security professional, it probably seems like every day there are dozens of new high-priority threats to device security. In this podcast, we talk with leaders in device security to get the truth about security, threats, and what the future holds.

  1. Cybersecurity Ratings: A New Dawn in IoT or Just Another Day? with Larry Pesce, Product Security Research and Analysis Director, Finite State

    07/28/2023

    Cybersecurity Ratings: A New Dawn in IoT or Just Another Day? with Larry Pesce, Product Security Research and Analysis Director, Finite State

    On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and Larry Pesce (Finite State Director of Product Security Research and Analysis) delve into the recently announced U.S. Cyber Trust Mark, a cybersecurity labeling program for IoT devices - a long-anticipated directive of Executive Order 14028.   Larry and Eric explore how, in contrast to static ratings like ENERGY STAR, this dynamic IoT security score will attempt to reflect the continually evolving landscape of cybersecurity threats and controls. They delve into the efficacy of this voluntary labeling program: Will consumers use it? Will manufacturers comply (and raise prices) or ignore it?   Together, Larry and Eric discuss the initial criteria for assigning these security scores and the user-friendly implementation strategies like QR codes. They also tackle the implications of this program on various connected devices, from baby monitors to solar panels, analyzing whether this voluntary program will see widespread adoption across various industries with varied potential risks (from privacy violations to deadly fires).   In the discussion, Larry turns the tables and asks Eric about the FCC's unexpected role in enforcing IoT labeling compliance and how this labeling initiative aligns with the broader trend towards transparency and accountability in device security regulation and progress.    Interview with Larry Pesce    Since joining Finite State, Larry has been providing expert product security program design and development as well as IoT pen testing services and guidance to product security teams worldwide. He is also a Certified Instructor at the SANS Institute and has co-hosted the Paul's Security Weekly podcast since 2005. Before joining Finite State, Larry spent 15 years as a penetration tester (among other various roles) focused on healthcare, ICS/OT, wireless, and IoT/IIoT embedded devices. Larry holds several GIAC certifications and earned his B.S. in Computer Information Systems from Roger Williams University.    Join in on this insightful discussion where Eric and Larry consider: Similarities and differences between the IoT labeling and ENERGY STAR rating programs  The need to reflect the ever-changing nature of cybersecurity risk and controls within cybersecurity scores  How, and how much, consumers will actually use the score and value higher-rated devices Criteria considered when assigning the scores and where labels will appear  The varying impacts of a voluntary IoT labeling program on consumer vs. industrial connected device cybersecurity The surprising role of the FCC as the enforcing regulator for IoT labeling compliance   Find Larry on LinkedIn: Larry Pesce: https://linkedin.com/in/larrypesce   Learn more about Finite State: https://finitestate.io/   Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/

    28 min
  2. AI and Cybersecurity: A Love Story or Security Nightmare? Pass the Popcorn, Please! with Alexander Fleischer

    07/13/2023

    AI and Cybersecurity: A Love Story or Security Nightmare? Pass the Popcorn, Please! with Alexander Fleischer

    In the latest episode of IoT: The Internet of Threats, podcast host Eric Greenwald sat down with guest Alexander Fleischer for a thought-provoking dialogue. They delved deep into the escalating symbiosis between artificial intelligence (AI) and cybersecurity. Fleischer elaborated on the rapid and complex evolution of AI, particularly in relation to its increasing role in cybersecurity procedures.  The conversation also extended to the potential implications of AI on the future job market and the nature of human-AI interactions. A significant portion of the discussion was dedicated to the question of whether the general public will, or even can, put their trust in the advancements of AI. Finally, the duo weighed in on an intriguing topic: In the ongoing battle between the cybersecurity defenders (the "good guys") and the cybercriminals (the "bad guys"), who stands a better chance of benefiting from the advancements in AI technology? Interview with Alexander Fleischer    Alexander Fleischer is an innovation lead for a leading consulting firm in the IT Services and IT Consulting sector. He works with start-ups, venture capital firms, accelerators, and incubators in finding solutions in emerging tech, including AI. His areas of expertise include Virtual Reality (VR), Augmented Reality (AR), and Artificial Intelligence (AI).  For more than a decade, Alex has worked in innovation, strategy, digital transformation and leadership within different industries in Germany, Hungary, and the United States. He started his career in Telecommunications.  Alex holds a Master of Science (M.Sc.) degree from the WFI - Ingolstadt School of Management, with a concentration in Corporate Strategy and Service Management. Earlier, he earned a Bachelor of Arts (B.A.) in International Business from the Fachhochschule der Wirtschaft (FHDW) in Paderborn, Germany. In this episode, Eric and Alexander discuss: The increasing interconnection and interdependence between AI and cybersecurity   The pace and nature of AI's growth and proliferation in cybersecurity practices What AI means to tomorrow's workforce and how people will interact with AI Whether people can and will trust AI and its advances Who is better positioned to survive and thrive in the AI arms race between the good guys and the bad guys Find Alexander on LinkedIn: Alexander Fleischer: https://www.linkedin.com/in/fleischeralexander/ Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/

    19 min
  3. How Big is Your Data? The Increasing Demand for Detailed, Actionable Information in Cybersecurity, with Dino Boukouris, Founder and Managing Director, Momentum Cyber

    06/21/2023

    How Big is Your Data? The Increasing Demand for Detailed, Actionable Information in Cybersecurity, with Dino Boukouris, Founder and Managing Director, Momentum Cyber

    In this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and Dino Boukouris, Founder and Managing Director of Momentum Cyber, delve into the increasing demand for detailed, actionable data in providing cybersecurity services. Eric and Dino scrutinize the role of regulations, assessing whether they inspire innovation or inadvertently stifle growth. They also examine the crucial part that data analytics and Software Bill of Materials (SBOM) play in today's risk management practices.  Will the increased prevalence of AI and emerging regulations bring about significant improvements in managing cyber risks? Join the conversation to find out.   Interview with Dino Boukouris    Dino Boukouris is a Founder of Momentum Cyber as well as its Managing Director. Momentum serves as a strategic advisor to founders, CEOs, and boards in the cybersecurity space. Dino specializes in cybersecurity, M&A, venture capital and private equity. He also has a background in engineering and finance.    Prior to founding Momentum Cyber, Dino served in a variety of capacities at strategic advisory services  and VC firms, including Illuminate Ventures and Advatech Advisors. Earlier in his career, he held the position of Engineering Manager at Cameron Health, a start-up later acquired by Boston Scientific.    Dino earned an MBA with honors from UC Berkeley's Haas School of Business and a Masters of Science degree in Mechanical Engineering from the University of Michigan's College of Engineering.      In this episode, Eric and Dino discuss: The increasing sophistication of cybersecurity threats and marketplace demand for better data risk management The role of regulation in driving and governing the proliferation of AI and whether it also stifles growth The double-edged sword that these advances bring to cybersecurity tools and threats  Whether AI's promises of efficiency will be a game-changer to today's cybersecurity practices   Find Dino on LinkedIn:   Dino Boukouris: https://www.linkedin.com/in/konstantinosboukouris/   Learn more about Momentum Cyber: https://www.linkedin.com/company/momentumcyber/   Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/

    24 min
  4. The FDA will soon require SBOMs for medical devices. Are you ready? with Larry Pesce, Product Security Research and Analysis Director, Finite State

    05/22/2023

    The FDA will soon require SBOMs for medical devices. Are you ready? with Larry Pesce, Product Security Research and Analysis Director, Finite State

    On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and Larry Pesce (Finite State Director of Product Security Research and Analysis) explore the FDA's new Refuse to Accept (RTA) decision process and what it means for successful premarket submissions of medical devices. Together, Larry and Eric examine how prepared the industry is for the coming changes and assess how medical device manufacturers may weigh the new risk-benefit calculus. Eric and Larry also look at how past cyberattacks lead companies to forge enduring changes in cybersecurity culture and controls and discuss whether these regulatory changes will bring about significant improvements in securing connected medical devices.    Interview with Larry Pesce    Since joining Finite State, Larry has been providing expert product security program design and development as well as IoT pen testing guidance and services to product security teams worldwide. He is also a Certified Instructor at the SANS Institute and has co-hosted the Paul's Security Weekly podcast since 2005. Before joining Finite State, Larry spent 15 years as a penetration tester (among other various roles) focused on healthcare, ICS/OT, wireless, and IoT/IIoT embedded devices. Larry holds several GIAC certifications and earned his B.S. in Computer Information Systems from Roger Williams University.    In this episode, Eric and Larry discuss the: FDA's new Refuse-To-Accept (RTA) decision authority and what it means for SBOMs and the premarket submissions of medical devices Whether the medical device sector is adequately prepared for these changes How the new regulations may alter the liability vs. risk tolerance question for medical device manufacturers The extent to which the FDA will rigorously enforce the new premarket submission requirements The potential qualitative difference this new regulation may bring to the the overall security of medical devices How cyberattacks often lead companies to make meaningful, lasting changes in their cybersecurity practices   Find Larry on LinkedIn: Larry Pesce: https://linkedin.com/in/larrypesce   Learn more about Finite State: https://finitestate.io/   Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/

    21 min
  5. Coming Soon? Getting Sued for Crappy Software? with John Banghart, Senior Director for Cybersecurity Services, Venable LLP

    03/27/2023

    Coming Soon? Getting Sued for Crappy Software? with John Banghart, Senior Director for Cybersecurity Services, Venable LLP

    On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald meets up with John Banghart, Senior Director for Cybersecurity Services at Venable LLP, a law firm that provides cybersecurity and privacy risk management advisory to clients of all shapes and sizes across a wide variety of sectors. Venable also runs a nonprofit organization called the Center for Cybersecurity Policy & Law that connects private-sector companies with government organizations to discuss policy and standards issues.    John Banghart has nearly 30 years of federal government and private sector experience in cybersecurity. These days, he focuses mostly on the healthcare sector with an emphasis on cloud computing and information sharing.     Together, Eric and John review the Biden Administration's National Cybersecurity Strategy and what it means for software makers and the liability they may face for their creations. They also examine how the Strategy builds upon Executive Order 14028 and the CMMC (Cybersecurity Maturity Model Certification), and whether the reference to DoJ's Civil Cyber-Fraud Initiative is likely to make companies more careful about what they attest to in their first-party attestations.    Interview with John Banghart   Prior to joining Venable in 2016, John served in a variety of roles spanning risk management, government policy, standards and regulatory compliance, and incident management at Microsoft, the White House National Security Council, and the National Institute of Standards and Technology.   In this episode, Eric and John discuss: Takeaways and conclusions from the Biden Administration's National Cybersecurity Strategy The shifting of cybersecurity liability to software makers and the struggle to enact effective cybersecurity rules How the National Cybersecurity Strategy builds upon Executive Order 14028 and the CMMC How tech companies may approach new cybersecurity regulation (and the safe harbor it may offer) Whether the Strategy's invocation of DoJ's Civil Cyber-Fraud Initiative will compel software vendors to put more scrutiny and time into their cybersecurity attestations    Find John on LinkedIn: John Banghart: https://www.linkedin.com/in/john-banghart-b43b6a/   Learn more about Venable, LLP: https://www.linkedin.com/company/venablellp/   Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/

    22 min
  6. The SBOM Challenge: Wait ... there was a contest? Who won?? with Matt Wyckhouse, Founder & CEO of Finite State

    03/07/2023

    The SBOM Challenge: Wait ... there was a contest? Who won?? with Matt Wyckhouse, Founder & CEO of Finite State

    On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald interviews Matt Wyckhouse, Founder and CEO of Finite State. Throughout his career, Matt has spearheaded complex national security programs ranging from detection of malicious integrated circuits in the supply chain to next-generation intrusion detection systems for automotive systems. Matt directed numerous intelligence programs related to the security of embedded and IoT devices and has been a speaker on the subject at security events.   Together, Eric and Matt revisit February's S4x23 event and its SBOM Challenge. They examine its takeaways and conclusions and analyze the performance of each of the five companies that showcased their SBOM offerings (including Finite State!). Later in the episode, they look at the evolution of the SBOM as a key cybersecurity tool and the drivers credited with its proliferation across the control environments of a growing list of industries.    Interview with Matt Wyckhouse   Matt Wyckhouse, Founder and CEO of Finite State, has invested some 20 years into leading and developing advanced solutions to some of the hardest problems in cyber security. Prior to founding and leading Finite State, Matt served as technical founder and CTO of Battelle's Cyber Innovations business unit.    In this episode, Eric and Matt discuss: Takeaways and conclusions from S4x23 and the SBOM Challenge How Finite State fared among the five companies competing in the SBOM Challenge How competitions like the SBOM Challenge drive attention to the value of software supply chain cybersecurity and the evolving maturity of the SBOM The twin drivers of regulatory and competitive pressures that are advancing SBOM adoption and use across many industries  The SBOM's best use cases: how product security and risk management teams apply SBOM as a critical control in their cybersecurity programs    Find Matt on LinkedIn: Matt Wyckhouse: https://www.linkedin.com/in/mattwyckhouse/   Learn more about Finite State: https://finitestate.io/   Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/

    27 min
  7. So, What the Heck Are You Supposed to Do with an SBOM? with Dr. George Shea, Chief Technologist at the Foundation for Defense of Democracies

    01/06/2023

    So, What the Heck Are You Supposed to Do with an SBOM? with Dr. George Shea, Chief Technologist at the Foundation for Defense of Democracies

    On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald interviews Dr. George Shea, the Chief Technologist of the Transformative Cyber Innovation Lab (also known as the TCIL or the Lab) of the Foundation for Defense of Democracies (FDD), a nonprofit, nonpartisan 501(c)(3) research institute that concentrates on foreign policy and national security. George is also a member of the Operational Resilience Framework (ORF) Task Force, Cybersecurity Canon, and a contributor at The CyberWire.    Together, Eric and George examine the continuous visibility that SBOM brings to software supply chains, the push for SBOM's adoption and use, and the thorny questions that enterprises face when they adopt this critical tool.    Interview with Dr. George Shea    Dr. George Shea, Chief Technologist at FDD, has made vast contributions in SBOM research and thought leadership and to the wider discussion of how to advance cybersecurity. Prior to joining FDD, George served as a Chief Engineer at MITRE, leading initiatives to improve the technical integrity and quality of the products and deliverables of the IT services and consulting leader. She holds a Doctor of Computer Science degree from Colorado Technical University and an MS in Computer and Information Sciences and Support Services from Regis University.    In this episode, Eric and George discuss: How the SBOM offers critical visibility into the supply chain vulnerabilities of existing software deployments The source of the push for SBOM's adoption and use: government or private sector?  Regulators' slow walk toward requiring SBOM as a cybersecurity practice The thorny questions that come with adopting SBOM: how to generate, deploy, and use an SBOM Critical next-step SBOM considerations such as formats, required fields, ensuring its reporting integrity, and building a mechanism to follow through on its results   Find George on LinkedIn: Dr. George Shea: https://www.linkedin.com/in/drgeorgeshea/   Learn more about the Foundation for Defense of Democracies (FDD): https://www.linkedin.com/company/foundation-for-defense-of-democracies/   To see Dr. Shea's Working Draft of the SBOM Lifecycle and Landscape and the SBOM Use Case with RMF that she references on this episode, please see this link.    Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust product security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/

    25 min
  8. What's Going on with ICS Security, and What's SBOM Got to Do with It? with Dale Peterson, ICS Security Catalyst and Founder of S4 Events

    12/12/2022

    What's Going on with ICS Security, and What's SBOM Got to Do with It? with Dale Peterson, ICS Security Catalyst and Founder of S4 Events

    On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald interviews Dale Peterson, a widely recognized name in the OT cybersecurity field and, specifically, in ICS (industrial control system) security. Dale is the founder of S4, the premiere event in ICS security. Dale created the event in 2007 to showcase the best offensive and defensive work in ICS security and to build connections within the industry. He founded Digital Bond, an ICS / SCADA cybersecurity consulting company in 1998 and serves as its CEO.    Together, Eric and Dale examine the origins of Dale's influential S4 conference and the addition of this year's SBOM Challenge (in which Finite State will take part in February). They also discuss the future of ICS cybersecurity, the role the SBOM will play, how manufacturers and asset owners can best derive value from the SBOM, and Dale's insights into developing an effective ICS patching strategy that won't break the bank.    Interview with Dale Peterson    Dale Peterson is the Founder and CEO of Digital Bond, Inc. and S4 Events. Prior to founding Digital Bond in 1998, Dale held a variety of positions in security. Dale started his career as a cryptanalyst with the NSA (National Security Agency) in 1984. He holds a B.S. in Finance from the University of Illinois Urbana-Champaign.    In this episode, Eric and Dale discuss: The genesis of the S4 ICS Security Event: How and why Dale created one of the world's largest and most influential ICS cybersecurity conferences  Dale's insights into what the future of ICS cybersecurity holds and the role that the SBOM will play How manufacturers and asset owners can best derive information and value from the SBOM (and the business models that will support and fund their continued development and improvement) What constitutes an effective and efficient ICS patching strategy Regulation methodology: cyber hygiene-style vs. risk-based regulations    Find Dale on LinkedIn: Dale Peterson: https://www.linkedin.com/in/dale-peterson-s4/   Learn more about S4: https://s4xevents.com/   Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust product security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/

    26 min
See All (22)

Trailer

Ratings & Reviews

5
out of 5
7 Ratings

About

If you're a security professional, it probably seems like every day there are dozens of new high-priority threats to device security. In this podcast, we talk with leaders in device security to get the truth about security, threats, and what the future holds.

Information