22 episodes

If you’re a security professional, it probably seems like every day there are dozens of new high-priority threats to device security. In this podcast, we talk with leaders in device security to get the truth about security, threats, and what the future holds.

IoT: The Internet of Threats Finite State

    • Business
    • 5.0 • 7 Ratings

If you’re a security professional, it probably seems like every day there are dozens of new high-priority threats to device security. In this podcast, we talk with leaders in device security to get the truth about security, threats, and what the future holds.

    Cybersecurity Ratings: A New Dawn in IoT or Just Another Day? with Larry Pesce, Product Security Research and Analysis Director, Finite State

    Cybersecurity Ratings: A New Dawn in IoT or Just Another Day? with Larry Pesce, Product Security Research and Analysis Director, Finite State

    On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and Larry Pesce (Finite State Director of Product Security Research and Analysis) delve into the recently announced U.S. Cyber Trust Mark, a cybersecurity labeling program for IoT devices - a long-anticipated directive of Executive Order 14028.
     
    Larry and Eric explore how, in contrast to static ratings like ENERGY STAR, this dynamic IoT security score will attempt to reflect the continually evolving landscape of cybersecurity threats and controls. They delve into the efficacy of this voluntary labeling program: Will consumers use it? Will manufacturers comply (and raise prices) or ignore it?
     
    Together, Larry and Eric discuss the initial criteria for assigning these security scores and the user-friendly implementation strategies like QR codes. They also tackle the implications of this program on various connected devices, from baby monitors to solar panels, analyzing whether this voluntary program will see widespread adoption across various industries with varied potential risks (from privacy violations to deadly fires).
     
    In the discussion, Larry turns the tables and asks Eric about the FCC's unexpected role in enforcing IoT labeling compliance and how this labeling initiative aligns with the broader trend towards transparency and accountability in device security regulation and progress. 
     
    Interview with Larry Pesce 
     
    Since joining Finite State, Larry has been providing expert product security program design and development as well as IoT pen testing services and guidance to product security teams worldwide. He is also a Certified Instructor at the SANS Institute and has co-hosted the Paul's Security Weekly podcast since 2005. Before joining Finite State, Larry spent 15 years as a penetration tester (among other various roles) focused on healthcare, ICS/OT, wireless, and IoT/IIoT embedded devices. Larry holds several GIAC certifications and earned his B.S. in Computer Information Systems from Roger Williams University. 
     
    Join in on this insightful discussion where Eric and Larry consider:
    Similarities and differences between the IoT labeling and ENERGY STAR rating programs 
    The need to reflect the ever-changing nature of cybersecurity risk and controls within cybersecurity scores 
    How, and how much, consumers will actually use the score and value higher-rated devices
    Criteria considered when assigning the scores and where labels will appear 
    The varying impacts of a voluntary IoT labeling program on consumer vs. industrial connected device cybersecurity
    The surprising role of the FCC as the enforcing regulator for IoT labeling compliance
     
    Find Larry on LinkedIn:
    Larry Pesce: https://linkedin.com/in/larrypesce
     
    Learn more about Finite State: https://finitestate.io/
     
    Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.
     
    If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.
     
    To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/
     
     

    • 27 min
    AI and Cybersecurity: A Love Story or Security Nightmare? Pass the Popcorn, Please! with Alexander Fleischer

    AI and Cybersecurity: A Love Story or Security Nightmare? Pass the Popcorn, Please! with Alexander Fleischer

    In the latest episode of IoT: The Internet of Threats, podcast host Eric Greenwald sat down with guest Alexander Fleischer for a thought-provoking dialogue. They delved deep into the escalating symbiosis between artificial intelligence (AI) and cybersecurity. Fleischer elaborated on the rapid and complex evolution of AI, particularly in relation to its increasing role in cybersecurity procedures. 
    The conversation also extended to the potential implications of AI on the future job market and the nature of human-AI interactions. A significant portion of the discussion was dedicated to the question of whether the general public will, or even can, put their trust in the advancements of AI. Finally, the duo weighed in on an intriguing topic: In the ongoing battle between the cybersecurity defenders (the "good guys") and the cybercriminals (the "bad guys"), who stands a better chance of benefiting from the advancements in AI technology?
    Interview with Alexander Fleischer 
     
    Alexander Fleischer is an innovation lead for a leading consulting firm in the IT Services and IT Consulting sector. He works with start-ups, venture capital firms, accelerators, and incubators in finding solutions in emerging tech, including AI. His areas of expertise include Virtual Reality (VR), Augmented Reality (AR), and Artificial Intelligence (AI). 
    For more than a decade, Alex has worked in innovation, strategy, digital transformation and leadership within different industries in Germany, Hungary, and the United States. He started his career in Telecommunications. 
    Alex holds a Master of Science (M.Sc.) degree from the WFI - Ingolstadt School of Management, with a concentration in Corporate Strategy and Service Management. Earlier, he earned a Bachelor of Arts (B.A.) in International Business from the Fachhochschule der Wirtschaft (FHDW) in Paderborn, Germany.
    In this episode, Eric and Alexander discuss:
    The increasing interconnection and interdependence between AI and cybersecurity   The pace and nature of AI's growth and proliferation in cybersecurity practices What AI means to tomorrow's workforce and how people will interact with AI Whether people can and will trust AI and its advances Who is better positioned to survive and thrive in the AI arms race between the good guys and the bad guys Find Alexander on LinkedIn:
    Alexander Fleischer: https://www.linkedin.com/in/fleischeralexander/
    Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.
     
    If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.
     
    To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/

    • 18 min
    How Big is Your Data? The Increasing Demand for Detailed, Actionable Information in Cybersecurity, with Dino Boukouris, Founder and Managing Director, Momentum Cyber

    How Big is Your Data? The Increasing Demand for Detailed, Actionable Information in Cybersecurity, with Dino Boukouris, Founder and Managing Director, Momentum Cyber

    In this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and Dino Boukouris, Founder and Managing Director of Momentum Cyber, delve into the increasing demand for detailed, actionable data in providing cybersecurity services. Eric and Dino scrutinize the role of regulations, assessing whether they inspire innovation or inadvertently stifle growth. They also examine the crucial part that data analytics and Software Bill of Materials (SBOM) play in today's risk management practices. 
    Will the increased prevalence of AI and emerging regulations bring about significant improvements in managing cyber risks? Join the conversation to find out.
     
    Interview with Dino Boukouris 
     
    Dino Boukouris is a Founder of Momentum Cyber as well as its Managing Director. Momentum serves as a strategic advisor to founders, CEOs, and boards in the cybersecurity space. Dino specializes in cybersecurity, M&A, venture capital and private equity. He also has a background in engineering and finance. 
     
    Prior to founding Momentum Cyber, Dino served in a variety of capacities at strategic advisory services  and VC firms, including Illuminate Ventures and Advatech Advisors. Earlier in his career, he held the position of Engineering Manager at Cameron Health, a start-up later acquired by Boston Scientific. 
     
    Dino earned an MBA with honors from UC Berkeley's Haas School of Business and a Masters of Science degree in Mechanical Engineering from the University of Michigan's College of Engineering.   
     
    In this episode, Eric and Dino discuss:
    The increasing sophistication of cybersecurity threats and marketplace demand for better data risk management
    The role of regulation in driving and governing the proliferation of AI and whether it also stifles growth
    The double-edged sword that these advances bring to cybersecurity tools and threats 
    Whether AI's promises of efficiency will be a game-changer to today's cybersecurity practices
     
    Find Dino on LinkedIn:
     
    Dino Boukouris: https://www.linkedin.com/in/konstantinosboukouris/
     
    Learn more about Momentum Cyber: https://www.linkedin.com/company/momentumcyber/
     
    Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.
     
    If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.
     
    To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/

    • 23 min
    The FDA will soon require SBOMs for medical devices. Are you ready? with Larry Pesce, Product Security Research and Analysis Director, Finite State

    The FDA will soon require SBOMs for medical devices. Are you ready? with Larry Pesce, Product Security Research and Analysis Director, Finite State

    On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and Larry Pesce (Finite State Director of Product Security Research and Analysis) explore the FDA's new Refuse to Accept (RTA) decision process and what it means for successful premarket submissions of medical devices. Together, Larry and Eric examine how prepared the industry is for the coming changes and assess how medical device manufacturers may weigh the new risk-benefit calculus. Eric and Larry also look at how past cyberattacks lead companies to forge enduring changes in cybersecurity culture and controls and discuss whether these regulatory changes will bring about significant improvements in securing connected medical devices. 
     
    Interview with Larry Pesce 
     
    Since joining Finite State, Larry has been providing expert product security program design and development as well as IoT pen testing guidance and services to product security teams worldwide. He is also a Certified Instructor at the SANS Institute and has co-hosted the Paul's Security Weekly podcast since 2005. Before joining Finite State, Larry spent 15 years as a penetration tester (among other various roles) focused on healthcare, ICS/OT, wireless, and IoT/IIoT embedded devices. Larry holds several GIAC certifications and earned his B.S. in Computer Information Systems from Roger Williams University. 
     
    In this episode, Eric and Larry discuss the:
    FDA's new Refuse-To-Accept (RTA) decision authority and what it means for SBOMs and the premarket submissions of medical devices
    Whether the medical device sector is adequately prepared for these changes
    How the new regulations may alter the liability vs. risk tolerance question for medical device manufacturers
    The extent to which the FDA will rigorously enforce the new premarket submission requirements
    The potential qualitative difference this new regulation may bring to the the overall security of medical devices
    How cyberattacks often lead companies to make meaningful, lasting changes in their cybersecurity practices
     
    Find Larry on LinkedIn:
    Larry Pesce: https://linkedin.com/in/larrypesce
     
    Learn more about Finite State: https://finitestate.io/
     
    Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.
     
    If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.
     
    To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/
     

    • 20 min
    Coming Soon? Getting Sued for Crappy Software? with John Banghart, Senior Director for Cybersecurity Services, Venable LLP

    Coming Soon? Getting Sued for Crappy Software? with John Banghart, Senior Director for Cybersecurity Services, Venable LLP

    On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald meets up with John Banghart, Senior Director for Cybersecurity Services at Venable LLP, a law firm that provides cybersecurity and privacy risk management advisory to clients of all shapes and sizes across a wide variety of sectors. Venable also runs a nonprofit organization called the Center for Cybersecurity Policy & Law that connects private-sector companies with government organizations to discuss policy and standards issues. 
     
    John Banghart has nearly 30 years of federal government and private sector experience in cybersecurity. These days, he focuses mostly on the healthcare sector with an emphasis on cloud computing and information sharing.  
     
    Together, Eric and John review the Biden Administration's National Cybersecurity Strategy and what it means for software makers and the liability they may face for their creations. They also examine how the Strategy builds upon Executive Order 14028 and the CMMC (Cybersecurity Maturity Model Certification), and whether the reference to DoJ's Civil Cyber-Fraud Initiative is likely to make companies more careful about what they attest to in their first-party attestations. 
     
    Interview with John Banghart
     
    Prior to joining Venable in 2016, John served in a variety of roles spanning risk management, government policy, standards and regulatory compliance, and incident management at Microsoft, the White House National Security Council, and the National Institute of Standards and Technology.
     
    In this episode, Eric and John discuss:
    Takeaways and conclusions from the Biden Administration's National Cybersecurity Strategy
    The shifting of cybersecurity liability to software makers and the struggle to enact effective cybersecurity rules
    How the National Cybersecurity Strategy builds upon Executive Order 14028 and the CMMC
    How tech companies may approach new cybersecurity regulation (and the safe harbor it may offer)
    Whether the Strategy's invocation of DoJ's Civil Cyber-Fraud Initiative will compel software vendors to put more scrutiny and time into their cybersecurity attestations 
     
    Find John on LinkedIn:
    John Banghart: https://www.linkedin.com/in/john-banghart-b43b6a/
     
    Learn more about Venable, LLP:
    https://www.linkedin.com/company/venablellp/
     
    Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.
     
    If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.
     
    To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/
     

    • 22 min
    The SBOM Challenge: Wait ... there was a contest? Who won?? with Matt Wyckhouse, Founder & CEO of Finite State

    The SBOM Challenge: Wait ... there was a contest? Who won?? with Matt Wyckhouse, Founder & CEO of Finite State

    On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald interviews Matt Wyckhouse, Founder and CEO of Finite State. Throughout his career, Matt has spearheaded complex national security programs ranging from detection of malicious integrated circuits in the supply chain to next-generation intrusion detection systems for automotive systems. Matt directed numerous intelligence programs related to the security of embedded and IoT devices and has been a speaker on the subject at security events.
     
    Together, Eric and Matt revisit February's S4x23 event and its SBOM Challenge. They examine its takeaways and conclusions and analyze the performance of each of the five companies that showcased their SBOM offerings (including Finite State!). Later in the episode, they look at the evolution of the SBOM as a key cybersecurity tool and the drivers credited with its proliferation across the control environments of a growing list of industries. 
     
    Interview with Matt Wyckhouse
     
    Matt Wyckhouse, Founder and CEO of Finite State, has invested some 20 years into leading and developing advanced solutions to some of the hardest problems in cyber security. Prior to founding and leading Finite State, Matt served as technical founder and CTO of Battelle's Cyber Innovations business unit. 
     
    In this episode, Eric and Matt discuss:
    Takeaways and conclusions from S4x23 and the SBOM Challenge
    How Finite State fared among the five companies competing in the SBOM Challenge
    How competitions like the SBOM Challenge drive attention to the value of software supply chain cybersecurity and the evolving maturity of the SBOM
    The twin drivers of regulatory and competitive pressures that are advancing SBOM adoption and use across many industries 
    The SBOM's best use cases: how product security and risk management teams apply SBOM as a critical control in their cybersecurity programs 
     
    Find Matt on LinkedIn:
    Matt Wyckhouse: https://www.linkedin.com/in/mattwyckhouse/
     
    Learn more about Finite State:
    https://finitestate.io/
     
    Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.
     
    If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.
     
    To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/
     

    • 27 min

Customer Reviews

5.0 out of 5
7 Ratings

7 Ratings

holmer186 ,

Great Topic!

Wow, great topic and area of focus. I'm really looking forward to the discussions here.

Top Podcasts In Business

The Ramsey Show
Ramsey Network
Money Rehab with Nicole Lapin
Money News Network
NerdWallet's Smart Money Podcast
NerdWallet Personal Finance
The Diary Of A CEO with Steven Bartlett
DOAC
Planet Money
NPR
The Money Mondays
Dan Fleyshman