IoT Security Podcast

Hash Salehi, Reserve Engineer and Founder of RECESSIM, joins host Philip Wylie to demystify the world of hardware hacking and security, highlighting niche but critical vulnerability research in IoT and embedded devices. Through recounting his own experiences, from customizing low-cost fault injection attacks on automotive microprocessors to reverse engineering smart meters, Hash shares both successes and frustrations from the front lines of hands-on security assessment. The conversation aims to inspire and equip listeners who want to explore or deepen their understanding of hardware security by surfacing resources, communities, and the mindset necessary to uncover vulnerabilities beyond software.Links:http://www.recessim.com/https://wiki.recessim.com/https://www.youtube.com/c/RECESSIM Let's connect about IoT Security!Follow Phillip Wylie at https://www.linkedin.com/in/phillipwyliehttps://youtube.com/@phillipwylieThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Cybersecurity in healthcare is facing heightened challenges as regulations shift, IoT devices proliferate, and ransomware attacks become increasingly devastating. Josh Spencer, Founder, and CIO at FortaTech Security and with over fifteen years in the field including time as CISO/CTO at UT Southwestern, explores why HIPAA changes are necessary, the high stakes of securing medical devices, and how both technology and culture play roles in protecting patient data and safety. The conversation breaks down risks, practical mitigation strategies, and the ongoing evolution of both threats and defensive tools -- including AI --  and covers the evolving HIPAA landscape and the move from “addressable” to required controls, ransomware's impact on hospitals and patient safety, challenges and best practices in securing connected medical (IoT/OT) devices, the importance of real-world risk assessment and penetration testing in healthcare, and human factors, including security awareness training and leveraging AI both for defense and as a threat. Let's connect about IoT Security!Follow Phillip Wylie at https://www.linkedin.com/in/phillipwyliehttps://youtube.com/@phillipwylieThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Cybersecurity is redefined as a discipline for the curious and adaptable, with a focus on continuous learning, imagination, and embracing change. On location at the RSA Conference, host Phillip Wylie and Anand Singh discusses the evolving challenges of IoT and OT security, the rapid integration of AI, and how organizations must address overlooked endpoints and fragmented infrastructures. There is an emphasis on practical advice for CISOs and cybersecurity practitioners, underscoring the importance of foundational security practices, data visibility, identity management, and mental well-being in high-stress leadership roles.The role of curiosity and adaptability in cybersecurity careersOverlooked risks and challenges in IoT and OT device securityThe transformative impact of AI and the importance of securing AI adoptionPractical strategies for asset, identity, and data managementMaintaining work-life balance and resilience for CISOs and security leaders Let's connect about IoT Security!Follow Phillip Wylie at https://www.linkedin.com/in/phillipwyliehttps://youtube.com/@phillipwylieThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Healthcare IoT systems are increasingly targeted by cyber threats, necessitating a shift in strategy from isolated, organization-specific responses to a collaborative, ecosystem-wide approach. James McCarthy sits down with vCISO and 30-year information assurance and cybersecurity veteran Jason Taule. Taule brings important insights into the challenges faced by healthcare providers due to regulatory pressures, financial constraints, and technological advancements, urging both manufacturers and providers to participate in a unified security effort. Emphasizing the critical need for proactivity,  Taule also calls for a balance between regulation and adaptability in safeguarding these critical infrastructures. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Matt Brown, Hardware Security Researcher, Bug Bounty Hunter, and Founder of Brown Fine Security, leaves nothing to the imagination in this conversation with host Eric Johansen on the world of embedded devices and cybersecurity. Matt shares his journey from childhood tinkering to professional vulnerability research, offering insights into the complexities of IoT attack surfaces, legacy system challenges, and real-world hacking experiences. The conversation covers everything from surprising device vulnerabilities to practical advice for aspiring IoT hackers, including why off-brand devices are a great starting point. Plus, Matt reveals some of the sketchy smart devices in his own home and why understanding your threat model is key to robust security. It's an unfiltered look into the intersection of curiosity, technology, and defense strategies in today's connected world.You may know Matt from his hit YouTube channel at https://www.youtube.com/@mattbrwn. If you like hardware, taking gear apart, and digging into what makes devices vulnerable, you're definitely going to want to give it a look. You can also find Matt Brown at the following places:brownfinesecurity.comlinkedin.com/in/mattbrwntwitter.com/nmatt0github.com/nmatt0reddit.com/user/mattbrwn0 Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, host Eric Johansen welcomes Bill Lucas, Senior Director of Cybersecurity at Mastronardi Produce, to explore the evolving security challenges in agricultural IoT. With over sixteen years of experience across the automotive, healthcare, and tech industries, Bill brings a deep understanding of enterprise risk management, endpoint security, and cyber defense—now applied to one of the world's most critical industries: food production.Bill and Eric explore the unique cybersecurity risks in modern agriculture, from UV robots to robotic bees, and discuss how automation, sensor networks, and supply chain security play pivotal roles in securing these technologies. Bill also shares his personal career journey, offering valuable insights for professionals looking to strengthen their IoT security strategies.Join us for a compelling conversation about the intersection of innovation and cybersecurity in the agricultural sector—and what it takes to secure the future of connected farming. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

What did 2024 teach us about securing the IoT and OT landscape? In this special 2024 lookback episode, Alex Nehmy, Asia Pacific CTO at Phosphorus, revisits impactful moments from industry experts and IoT Security Podcast guests, including Jason Taule,  Patrick Gillespie,  Sean Tufts, Michael Lester, Joel Goins, Khris Woodring, Mike Holcomb, and John Threat who share their unique journeys and lessons-learned in the realm of IoT security and beyond. Reflecting on learnings from 2024 and looking ahead at 2025, the discussion spans...• Why remediation beats endless assessments in IoT security.• Overcoming challenges with legacy systems and device management.• Trends shaping the future of Cyber-Physical Systems.• The power of community in tackling cybersecurity risks. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, host and xIoT security evangelist John Vecchi sits down with Enrique Martinez, OT/IoT Practice Lead at World Wide Technology (WWT), to explore the critical challenges and solutions in securing OT and IoT environments. Enrique shares his journey into cybersecurity, highlights the importance of asset visibility, and discusses how AI is transforming both defense and risk in the cyber-physical world.Key Topics Covered:The foundational importance of asset awareness and behavior analysis.How IT/OT convergence increases vulnerabilities and the need for layered security.Challenges in securing legacy systems and balancing risk with safety.How AI can enhance data analytics, decision-making, and security in OT.Practical insights on remediation and accelerating asset discovery.Featured Insights:“It all starts with asset awareness—knowing what you have and how it behaves is the first step to securing it.”“AI offers great potential for security, but with cyber-physical systems, safety and availability must always come first.” Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, Mark Mattei, Global Director of Industrial Managed Security Services at 1898 & Company, unpacks the high-stakes challenges of protecting vital systems from sophisticated attacks. Host John Vecchi highlights the critical issues surrounding IoT and OT security within industrial critical infrastructure. From the importance of cybersecurity in industrial environments to the practical challenges of compliance and regulation and strategies for mitigating cybersecurity threats without compromising operational integrity, Mark shares key insights and actionable advice for operators in today's volatile security landscape.Listeners of this episode will hear about...The Growing Complexity of OT and IT Security Needs: Mark discusses the increasing sophistication of threats targeting critical infrastructure, including state-sponsored attacks and ransomware, and the complexities operators face in balancing security needs with uninterrupted operations. Challenges with Compliance and Budget Constraints: Critical infrastructure operators often face budgetary and regulatory challenges that limit their ability to invest in cybersecurity. Navigating mandates like NERC CIP and adapting to regulatory changes is essential but can detract from proactive security efforts. Building a Supportive Community: Mark encourages operators to reach out within the OT security community for advice and support. With limited experts in this field, sharing knowledge and collaborating can make a significant difference for smaller utilities and organizations facing resource constraints.  Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Emphasizing the importance of collaboration and communication, Mike Holcomb shares his extensive experience and practical insights into securing ICS and IoT environments. Holcomb, ICS/OT cybersecurity global lead at Fluor, stresses mastering basic cybersecurity fundamentals and asset inventory, along with the nuances of integrating IT and OT security. The episode aims to bridge gaps between IT and OT teams to fortify defenses against sophisticated cyber threats.Listeners will gain valuable insights into critical takeaways, including:Real-World Impact of Cyber Attacks: Mike explains how high-profile incidents, such as Colonial Pipeline and Triton, highlighted the physical consequences of cyber threats, making clear that OT security is a top priority for critical infrastructure.Bridging the IT-OT Divide: The discussion underscores the need for IT and OT teams to collaborate, as a lack of communication and understanding can leave vulnerabilities open to exploitation.Achievable Defense Strategies: From basic network segmentation to secure remote access, Mike provides practical, accessible steps to strengthen ICS/OT security without overwhelming smaller teams. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Recent years have seen a growing awareness of the vulnerabilities in our critical infrastructure to cyberattacks, particularly from nation-states like Russia, Iran, and China. In this episode of the IoT Security Podcast, host John Vecchi welcomes Khris Woodring, Senior Cybersecurity Architect at Syngenta, to explore the evolving challenges and opportunities in securing critical infrastructure. From his serendipitous journey into the field to actionable insights on workforce development, Khris shares how industries can overcome the persistent talent gap and drive proactive change in OT security.Key topics include:The unique challenges of bridging IT and OT security.Why workforce shortages hinder progress and how industry and academia can collaborate.The importance of standardizing roles, frameworks, and terminology.Stories of how early curiosity sparked a career in cybersecurity.Tune in for a passionate discussion on how to protect the systems that make modern life possible—and the steps we can take to secure a resilient future. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Businesses and government organizations have seen threats to critical US infrastructure on the rise in recent years, particularly within IoT and OT systems, posed by cyberattacks, notably from state actors like Iran. With that context, Joel Goins, a veteran of manufacturing, oil and gas, and OT security at large, talks with John Vecchi about the critical need for enhanced security measures for data centers and other vital components, the vulnerabilities present in IoT devices, and the essential steps companies must take to safeguard against both traditional and emerging cyber threats. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Explore the intricate challenges and solutions in managing OT cybersecurity, particularly emphasizing the importance of active querying over passive deep packet inspection, with Michael Lester, Senior Product Security Engineer at Rockwell Automation! Lester underscores the necessity of segmenting networks, improving visibility, and fostering collaboration between IT and OT teams to mitigate risks and enhance security. His journey, from passionate mentorship to pursuing a PhD, exemplifies a commitment to advancing industrial cybersecurity frameworks and education. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, we're diving deep into the world of Operational Technology (OT) and IoT security, exploring the critical challenges and evolving threat landscape that are impacting sectors from manufacturing to critical infrastructure and healthcare. With insights from Patrick Gillespie, an OT expert at GuidePoint Security, we'll discuss the convergence of IT and OT systems, the risks introduced by COVID-19, and the advanced solutions from providers like Phosphorus that are combatting these threats. Patrick also sheds light on his personal journey from military service to a cybersecurity career, and the essential steps organizations should take to bolster their OT security, from embracing cyber hygiene to implementing robust security programs. Join us as we uncover the pressing issues facing IoT security today and how innovations are driving a safer, more secure operational environment. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Are you curious about the evolving world of cybersecurity, virtual CISOs, and their vital role in different industries? In this episode, Brian and John are joined by cross-vertical vCISO Jason Taule, who brings a wealth of experience and insights from his diverse career in the field as one of the first CISOs...ever. From working with federal agencies like NASA to serving as a virtual CISO for agriculture, heavy manufacturing, and healthcare organizations, Jason offers valuable perspectives on the unique security challenges faced across different sectors.Throughout the episode, Jason discusses the evolving role of the Chief Information Security Officer (CISO) in various industries. He highlights the intricacies of implementing cybersecurity measures in sectors like healthcare, where specific jargon and risks come into play.The conversation also goes into the complexities of managing operational technology (OT) and IoT security, emphasizing the need for improved third-party access control and a better understanding of firmware vulnerabilities. Additionally, the episode explores the impact of regulations, financial pressure, and the evolving threat landscape on organizations' engagement with security. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Sean Tufts is in the house, and we ask him to go all the way back. All the way. From his origins to the evolving challenges and security needs in IoT and OT environments, particularly in critical infrastructure. Your hosts, Brian Contos and John Vecchi, engage in a thought-provoking conversation with special guest Sean Tufts from Optiv. The discussion goes into Tufts' background, from his transition from an NFL player to a cybersecurity and critical infrastructure expert, to managing substantial programs at Optiv. Sean touches on the changing landscape of critical infrastructure, the challenges of IoT and OT security in the wake of COVID-19, and the evolving tactics in cyber attacks. He also shares insightful anonymized stories of cyber incidents, emphasizing the importance of effectively addressing vulnerabilities in IoT devices and legacy systems to mitigate risks. After listening to the episode, be sure to subscribe to the Phosphorus IoT Security Podcast to stay updated on evolving cybersecurity challenges and strategies in the IoT and OT space. Share this impactful episode with colleagues and peers involved in securing critical infrastructure to spark insightful conversations and proactive measures for vulnerability management. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Content Warning: This episode contains explicit language and references to criminal activity.In this episode, Brian and John are joined by a very special guest—John Threat, also known as John Lee, a veteran of the Great Hacker War and known as "Corrupt" from the early 90s hacking group MOD (Masters of Deception). We dive into the fascinating origins and culture of hacking, with John Threat sharing his experiences from the '80s all the way to the present day and the excitement of exploring and breaking into systems. The discussion also explores the evolution and loss of excitement in the hacking culture, the potential impact of AI and machine learning, and the changing threat landscape. From the deep camaraderie within hacking groups and the diversity of the MOD team in the 90s to the potential ethical and legal implications of new technologies, this episode is set to be a thought-provoking and riveting journey into the world of cybersecurity and hacking.You can follow John Threat on Instagram at @johnthreat or follow his work at http://www.rip.space and http://www.johnthreat.com. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

She's no slacker. Danielle Jablanski has been an "expert" — she hates that word — in nuclear policy analysis (the "original Cyber-Physical System"), energy research, and now Nozomi Networks, where she plays the crucial OT cybersecurity strategist role. John Vecchi and Brian Contos pick Danielle's brain on the ever- and never-changing trends and challenges, digging into the need for consequence-based security and collaboration between security professionals and OT engineers. The discussion also covers the growing concern about the security of IoT devices in OT environments, the importance of centralizing and managing security, addressing the issues surrounding legacy devices, and the evolving landscape of liability and insurance in cybersecurity.Key Topics Covered:1. Trends in cybersecurity and the importance of consequence-based security2. Concerns about the security of IoT devices in OT environments and the role of centralization and management3. Challenges with legacy devices in ICS and healthcare and the need for building controls and defense-in-depth4. Evolving conversations about liability and insurance in cybersecurityAfter tuning in to this episode, subscribe to the IoT Security Podcast, powered by Phosphorus, to stay informed about the latest trends and insights in IoT security. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Susan Peterson Sturm joins Brian Contos and John Vecchi on the IoT Security Podcast to discuss the importance of understanding specific features needed for different teams in IoT security. Susan Peterson Sturm has dedicated most of her career to the energy industry, where her expertise lies in asset optimization and energy market trading. However, it was her venture into product management that led her to the exciting field of OT security. Susan's journey in the industry spans approximately 15 years, and she feels privileged to have witnessed the growth and evolution of her peers throughout this time.In this episode, Susan, Brian, and John emphasize the need for change management, localization in factories, and the integration of cybersecurity measures into existing processes. The episode also touches on the challenges faced by CISOs, the importance of user feedback, and the need to quantify material cybersecurity risk. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Find the line between man and machine with John, Brian, and guest Len Noe, CyberArk technical evangelist. Len, the personification of transhumanism and the future of human-machine integration, host to a number of augmentations himself, is a self-taught cybersecurity expert with a unique background in the world of black hat and gray hat hacking. For most of his life, Len delved into the dark side of technology, breaking into computers and causing havoc. However, with the arrival of grandchildren, Len realized that he needed to change his ways. Recognizing that his skills were primarily focused on hacking, Len made the brave decision to use his expertise for good. He embarked on a new journey, putting his unique perspective on security to work for the good guys. Len transitioned from being a malicious hacker to becoming a cybersecurity professional, using his knowledge to defend against cyber threats and secure computer systems.Len shares his experiences and insights as someone who has embraced technological enhancements and implanted various devices in his own body. From RFID NFC chips to a mini-computer in their leg, Len takes us on a journey through the possibilities and challenges of this emerging field. Join us as we explore transhumanism's societal, theological, technological, moral, and medical implications. Get ready to dive deep into the possibilities of collaboration, the debates surrounding free will, and the potential benefits and drawbacks of these advanced technologies. Stay informed and open-minded about the advancements in technology and their potential impact on humanity. Share this episode with others to spark discussions on transhumanism, IoT security, and the future of technology. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

What is security? Our guest here, Patrick Benoit, Global CISO for Brinks, thinks about that a lot, working for a company with 165 years in the space. From reinforced stage coaches to the security today, there's a focus on the physical. In today's episode, John and Brian talk to Patrick Benoit about people and Things. People are the solution as well as the problem, as Patrick declares that breaches only happen for two reasons. Someone did something they were supposed to do, or someone didn't do something they were supposed to do. There's always a human component. Listen in as they hit on topics like:The evolving landscape of integrated security platforms and the importance of trust in team dynamics The challenges of breach reporting and materialityThe rising threat of ransomware attacks on IoT devicesThe fascinating potential of Generative AI for hackers And more on zero trust, IoT security standardization, and the role of CISOsGet ready for an information-packed episode that will illuminate the complexities and opportunities in the world of IoT security. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

The passion for cybersecurity can arise at any moment. For our guest Andres Andreu, he started his career in software engineering, but that path was not to be. His naturally (self-described) paranoid nature drove him to constantly think about potential vulnerabilities and how to protect against them. Andres was already performing tests on his software creations, and his career transitioned from software engineering to becoming a renowned figure in the world of security.Andres sheds light on a significant portion of the attack surface, including IoT, OT, IIoT, and IoMT cyber-physical systems in organizations across manufacturing, utilities, energy, healthcare, finance, retail, and logistics. He and hosts John and Brian delve into the difficulties of gaining visibility into these devices and understanding their posture and risk assessment.In this episode, learn about the limitations of traditional passive monitoring tools and the challenges faced when scanning industrial IoT devices for vulnerabilities. Andres emphasizes the importance of identifying and understanding these devices before implementing security measures.Andres shares insights into the difficulties of monitoring IoT devices, including the importance of careful firmware updates, the complexities of monitoring configurations in industrial control systems, and the vulnerabilities of older equipment.Join us as we delve into the world of IoT device security with Andres Andreu on this episode of the IoT Security Podcast. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Ron Kuriscak is here to share his extensive knowledge and experiences in the world of IoT security, and has he got some great stories! Ron brings over 20 years of experience in the field to the show. He's been in the trenches on a number of high-profile breaches, giving him a unique perspective on the challenges and importance of securing IoT devices.In our conversation, we dive deep on the role of the CISO, their relationships with other executives, and the evolving threat landscape, littered with unmonitored, unmanaged devices. Ron sheds light on the struggles faced by CISOs, as they juggle physical and data security responsibilities with different skill sets required for each. He also discusses the changing trend of CISOs reporting up through the legal chain of command or directly to the CEO for clearer communication and a better understanding of security matters.Then we delve into the world of breaches and the lessons Ron has learned along the way. From the importance of being prepared with a good partner by your side, to the challenges faced when seeking assistance from big entities, Ron shares his valuable insights on prevention, preparation, and engaging with the right partners.Furthermore, we explore the concept of being a "seesaw" in security, a topic rarely discussed in such detail before. Ron reflects on the ever-evolving role of security directors, the shift towards risk-driven approaches, and the need for effective communication and storytelling when presenting to boards and executives. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Huddled in a corner, away from the lights and sounds of the slots, John and Brian reminisce about the Black Hat USA conferences gone by and what trends and topics this one already holds. In this mini-sode on location, the dynamic duo discusses AI, xIoT, and the security of slots. But when you end up in Vegas yearly, you also inevitably get up to some non-work activities. Did you know you can rent and drive construction equipment?Let's get into Things on an extra mini-sode of the IoT Security Podcast! Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Over the past 17 years, Kelly Jackson Higgins, editor-in-chief at Dark Reading, has watched the cybersecurity industry explode. She brings a unique perspective to the podcast in discussion with Brian and John as they pick apart the challenges faced in industrial environments to the vulnerabilities in healthcare organizations. Just as the world of technology journalism has changed, so has Dark Reading and the way they approach the industry, the major players, and evolving conversations in the space. Kelly's unique position allows her to triage the firehose of information for us, focusing on ransomware and "the whole AI thing," and more. Throughout the conversation, we will explore the importance of visibility and monitoring of connected devices, the persistent issue of devices being connected to the public internet when they shouldn't be, and the need for collaboration between IT and OT teams. We will also delve into recent cyber threats, such as ransomware attacks and the concerning trend of ransomware as a service, shedding light on the advancement of technology and its impact on cybersecurity.Join us as we explore these critical topics with our expert guest, Kelly Jackson Higgins, and uncover the challenges, advancements, and solutions in the realm of IoT security. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

It's cyber all day, every day, with Chase Cunningham, Dr. Zero Trust himself. He joins John and Brian to delve into the complex and ever-evolving world of online security threats. With cyber-attacks becoming increasingly sophisticated and prevalent, understanding the strategies and technologies that can safeguard our digital assets has never been more crucial.Chase Cunningham, a seasoned cybersecurity professional, renowned author, and podcast host in his own right, joins us as our esteemed guest. With his extensive background in the industry, Chase brings a wealth of knowledge and insights to the table. From his time serving as a military strategist and chief cryptologic technician in the United States Navy to his current role as a prominent cybersecurity analyst, Chase has witnessed firsthand the evolving landscape of cyber threats and the strategies required to combat them.During the conversation, we explore various pressing topics, including the rise of nation-state cyber attacks, the growing importance of zero-trust architecture, the impact of artificial intelligence and machine learning on cybersecurity, and the critical role of individuals and organizations in safeguarding their digital identities.This episode should offer the listener valuable insights and practical advice from one of the industry's foremost experts. Join us as we unmask the complexities of cybersecurity and empower ourselves with the knowledge to stay one step ahead of potential threats.Listen to Chase Cunningham on DrZeroTrust here. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, Tammy Hawkins, a fraud specialist with over 20 years of experience, warns of the growing threat of cyberattacks on IoT devices and emphasizes the need for organizations and individuals to take proactive security measures. She offers critical advice and recommendations on how the audience — that's you! — can protect themselves against these cyber threats.In this episode, learn about:Delving into the world of IoT security threats and the risks they pose in our digital landscapeUnraveling the complexity of cybercriminal activity and how insiders contribute to security breachesRealizing the importance of taking a proactive approach to secure IoT devicesExamining the role of IoT devices in organizations and the potential risks they carryGaining insight into the necessity of staying informed and vigilant in the fight against cyber threatsBrian Contos and John Vecchi speak with Tammy Hawkins, a seasoned cybersecurity specialist whose career has taken her through various roles and industries. Starting in information security, Tammy transitioned to Mastercard, where her expertise lay in creating cutting-edge security products to fight the world's best fraudsters. From there, she branched out into the gaming sector at Activision Blizzard, focusing on anti-toxicity solutions. Now, as the Director of Cybersecurity and Fraud at Intuit, Tammy is passionate about protecting small businesses and their software systems. With her comprehensive knowledge of IoT device security, Tammy's input is an invaluable asset to today's topic. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Brian and John sit down to the mic with Vignesa Moorthy. With a seasoned background in telecommunications and cybersecurity, Vignesa Moorthy is a forward-thinking innovator in the industry. Running a successful Singapore-based telco company, he has expanded operations across Southeast Asia and evolved his company's focus to cybersecurity services. With years of hands-on experience securing customer infrastructure, Vignesa has unparalleled knowledge of the key risks facing IoT infrastructure managers in today's rapidly advancing technology landscape. His expertise in managing IoT device vulnerabilities makes him an ideal speaker on this very subject.In this episode, you will hear about:Insights into Southeast Asia's cybersecurity landscape and the solutions implemented to combat threats.The indispensable role of data leak prevention and IoT infrastructure protection for ensuring data security.The explosive growth of IoT devices and the best practices to address inherent vulnerabilities.The importance of cooperation and ongoing education across stakeholders in the IoT domain.How staying alert and adaptable can be game-changers for businesses in cybersecurity.The pain of taking ineffective actions and not seeing results can be overwhelming. But don't lose hope. In this episode, we'll explore the best practices for managing IoT vulnerabilities and improving overall device security, giving you the peace of mind you deserve. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Are you tired of feeling helpless and exposed when using IoT devices? Have you been told to simply 'be careful' without any real solutions? In this episode, we get our ears on some expert insights and practical solutions to help you take control of your privacy. From understanding the risks and vulnerabilities to mastering cybersecurity challenges and envisioning a safer future - this episode is a must-listen for every privacy-conscious individual using IoT devices.In this episode, you will hear:Valuable insights into privacy risks and vulnerabilities within IoT devices and discover expert solutions to tackle them.The importance of increasing consumer awareness for preserving privacy while using IoT devices.The complexities of cybersecurity challenges and integrating security measures within IoT devices and regulations.The technical aspects of IoT devices, such as encryption, protocols, and shared infrastructure.Future plans by empowering users and cooperating with protection authorities and organizations for a more secure IoT environment.Our guest in this episode is Anna Maria Mandalari.Brian and John talk with Anna Maria Mandalari, a talented IoT privacy and security expert who has dedicated her career to understanding and addressing the vulnerabilities of IoT devices. Beginning her education journey in Italy, Anna specialized in Telematics before pursuing a Ph.D. in Internet measurements in Madrid. Her expertise in networking eventually led her to London's Imperial College, where she began focusing on IoT privacy and security. Now, Anna works at University College London, where she collaborates with other experts to develop innovative solutions for safeguarding consumer privacy in the IoT space. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, John and Brian talk with Mark Weatherford, a skilled cybersecurity veteran with a diverse background in both government and private sectors. Having held positions such as CISO for California and Colorado and serving in the Obama administration as the Deputy Under Secretary for Cybersecurity, Mark has a unique perspective on IoT security and critical infrastructure protection challenges. In addition to his government roles, Mark has ventured into the private sector, working with startups and as the Chief Security Officer at NERC. His expertise in IoT security is incredibly valuable for cybersecurity professionals looking to stay informed in this rapidly evolving field.Listen in for a conversation on:Navigating the complicated obstacles involved in securing IoT devices and defending crucial infrastructureIdentifying the underestimated hazards linked to the perception that air-gapped networks are entirely protected from breachesAcknowledging the powerful impact of education and awareness in tackling IoT security challengesRecognizing the importance of implementing more regulatory measures and policies for bolstering IoT device securityInvestigating the escalating threats of IoT attacks and the need for integrating security solutions within IoT devicesAs a cybersecurity professional, staying up-to-date on IoT security challenges is crucial to protecting critical infrastructure. Don't fall for the common misconceptions - Mark Weatherford will share the truth with John and Brian about the complex challenges of securing IoT devices and infrastructure. Stay informed and stay protected. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, Brian and John dive into the world of Capture the Flag competitions in the realm of cybersecurity. Our special guest, Rachael Tubbs from IoT Village, discusses the rise of CTFs and how they are becoming a popular feature at cybersecurity conferences like Defcon. We explore how IoT Village is leading the way in making these conferences more accessible, exhibiting a range of innovative devices, and even holding a free virtual conference. We also discuss the challenges of developing security life cycles for IoT development and how the limited security mindset of small companies is a concerning trend across the 50 billion devices in use. Tune in for an exciting and informative look into the rapidly evolving world of cybersecurity.Topics covered in this episode include:Introduction to Capture the Flags (CTFs) and their importance in securityBackground of IoT VillageDefcon CTF and its valueIoT Village's response to pandemicRachel Tubbs is a psychology graduate who developed an interest in understanding human motivation. She started working as a contractor for the US Government's Defense Counterintelligence Security Agency, where she was introduced to the world of cybersecurity. However, she found that the private sector was more suited to her, and she eventually found a position at IoT Village, a security consulting and research firm founded by Independent Security Evaluators. Rachel has been with IoT Village for almost three years now. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, Brian and John speak with Julie Tsai. Julie Tsai is a seasoned cybersecurity expert with over 25 years of experience in Silicon Valley, navigating the complex world of securing IoT environments. With a diverse background that includes a liberal arts degree and a minor in economics from Stanford, Julie has honed her skills in system administration, DevOps, and DevSecOps. She has worked with numerous tech startups, helping them overcome security challenges and achieve compliance with minimal resources. Julie's unique problem-solving approach and ability to adapt quickly to new challenges have made her a sought-after expert in cybersecurity.In this episode, the gang discusses how to:Tackle intricate cybersecurity challenges using minimal resources for maximum protectionExplore the driving forces behind psychological and emotional triggers in cybersecurity threatsGain insight into the essential nature of visibility and understanding within IoT securityAchieve equilibrium between networking and prioritizing the use of connected devicesStreamline processes and harmonize tools to ensure the security of your IoT environment Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Unlock the secrets to secure your connected world with powerful IoT security solutions."If you don't assume that there's going to be some level of detect and respond kind of fail back mechanism, then you're going to come up and be very disappointed one day because you didn't build those layers of defense in, but you should 100% lead with prevention, if you ask me." - Jay LeekIn this episode, John and Brian speak with Jay Leek. Jay is a venture capitalist investor with a unique background in cybersecurity, having served as a consultant, corporate executive, and the first CISO in private equity. He is the co-founder of Send Ventures, a venture capital firm investing in the best early-stage cybersecurity startups in the world.Jay Leek's career path has been a winding one, from consulting to being the first CISO in private equity. He then started a fund that has done well and has partnered with a four-time CISO to start a venture fund. Through this, Jay and his team have invested in the best, brightest, and most exciting cybersecurity startups. After meeting with 500 companies, Jay and his team learned that prevention is possible when the team, technology and total addressable market are in the right place. After four years of searching, they finally found a company that could actively defend and remediate security risks. Jay and his team have made it their mission to help CISOs solve their security problems and provide the best possible solutions.In this episode, John and Brian speak with Jay about the following:1. How former Fortune 500 CISOs are leveraging their experience to help the world's biggest companies through venture capital investments.2. How companies are leveraging automation and preventive approaches to combat the shortage of security professionals.3. How CSOs are tackling the problem of IoT security through prevention measures. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

When Steven Edwards, an IT Guy turned Security Analyst, discovered the unexpected challenge of securing an expansive attack surface that includes refrigerators, vending machines, and scanners across multiple private address spaces, he had to be tenacious and curious to protect his organization from attack."No matter what the tragedy is, it's beholden upon us to learn from it, to grow and improve. And I think we have done that in a lot of ways." - Steven EdwardsIn this episode, Brian Contos and John Vecchi talk with Steven Edwards. Steven Edwards was a "Regular IT Guy," content with his work and comfortable with his life. But when a coworker advised him to move into cybersecurity, he took it. He returned to school, got his master's degree, and never looked back. With a curious and tenacious mindset, he was able to find a prosperous career, and when the pandemic hit, he saw how the business model was changing in ways he had seen before. He recognized the need for companies to recognize their security vulnerabilities and to invest in the solutions to protect their assets, but the biggest challenge was convincing those who held the checkbook. As he continued to work in the field, he found that the attack surface had broadened and that IoT security was an ever-growing challenge. Steven Edwards has a master's degree in cybersecurity and enjoys the challenge of solving problems and learning new things in the security field.In this episode, Brian and John discuss with Steven:1. The need for those with an investigative mindset and their curiosity to enter into the security field.2. How the remote work model has changed the security mindset and how organizations must adapt.3. The challenge of identifying, cataloging, and patching devices such as phones, TVs, and printers in the network. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

When tech industry veteran Dave Bang discovers that vendors have been using their phones to gain access to secure networks, he embarks on an urgent mission to secure the OT networks and prevent an attack before it's too late.In this episode, you will learn about leveraging the strengths of OT and IT security to build a comprehensive cybersecurity strategy."My experience has been they're not as quick to that as the OT folks are. The OT folks are starting to see there are big benefits to learning some of the IT stuff, right? There's efficiencies to be gained, there's automation to be used, things like that."Brian Contos and John Vecchi recently sat down and spoke with Dave Bang, an IT industry veteran with 30 years of experience in desktop support, OS life cycles, security, application security, architecture, and OT security. He focuses on security awareness and leveraging his expertise to bridge the IT and OT security gap.After working in IT for almost 30 years, Dave Bang had a newfound passion for OT security. He started partnering with manufacturing folks to bring their security game up to snuff. He realized the threats were the same, but the motivations were different. He soon uncovered that companies were not ready for the cross-pollination of OT and IT security when he noticed a vendor representative downloading files from the internet and then uploading them to a PLC. Dave was shocked to discover this was happening in many places and had to act. Dave Bang is now working to bring visibility to the OT side and to understand the passion and priorities that come with it.In this episode, you will learn answers to the following:1. What is the difference in security priorities between IT and OT networks?2. How can companies effectively leverage best-of-breed tools to secure their IoT devices?3. What potential attack vectors arise when vendors connect their laptops to the PLC devices? Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, Brian and John speak with Eric Adams, a 25-year security veteran. Eric embarks on a journey to protect data from attackers, navigating the complex process of FedRAMP Authorization and cyber liability insurance to ensure secure access for government and military personnel."Data is like the new gold. You're able to do a lot of powerful things. Look at it on the positive side from the consumer."Eric Adams is a cybersecurity illuminator with 25 years of experience in the industry. He has worked with HP and IBM on FedRAMP Authorization, Treasury Management, and Data Aggregation.Eric Adams had worked at HP for 19 years and in different security areas for the last 25 years of his career. Through his experience, he learned the importance of data security and the need to document systems and understand security controls. He experienced first-hand the military's strict security measures and the power of data. After his experience, he discovered that understanding data security, its controls and its compliance was essential for companies to be secure and remain resilient. Eric Adams was now aware of how to protect data, the new gold.In this episode, you will learn the following:1. Discovering the "new gold" of data and the importance of protecting access to it.2. The length and complexity of the FedRAMP authorization process.3. The role of cyber liability insurance in strengthening a company's security. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

"Discover how to hold vendors accountable for their cybersecurity responsibility and protect your business from attack."In this episode, Brian and John are back, this time with Kathleen Moriarty discussing how to hold vendors accountable for their cybersecurity responsibility and protect your business from attack.Kathleen Moriarty is a cybersecurity expert with over 25 years of experience in the field. She has served as a CISO multiple times and is currently the Chief Technology Officer at the Center for Internet Security. Kathleen is an IETF Security Area Director and author of the book "Transforming Information Security."Kathleen Moriarty learned about vendor responsibility for cybersecurity through her experience as an Internet Service Provider in 1995. She noticed that vendors are pushing for security as code, which involves managing security at scale and setting up policies for posture assessments, configuration requirements, and more. She works for the Center for Internet Security, which supports under-resourced state, local, tribal, and territorial organizations. They are developing a document that provides general guidance for IoT vendors to be held more accountable and ensure the devices they provide are secure. There is a need for a tool to make sure that updates are provided, and vendors should rely on something other than the end user to ensure their device is secure. She is also working on standards to help the vendor responsible for cybersecurity and ultimately help protect people from the sophisticated threat actors out there today."We have to take a step back, look at how we have done security for the past 30 years and say, can we change it now as we implement these new requirements? We have to push security back to vendors with architectural patterns that scale."In this episode, Brian and John discuss with Kathleen:1. How can vendors be held more accountable for delivering secure products?2. What strategies can organizations use to build resiliency into their infrastructure?3. What techniques can be employed to reduce the burden of manual system maintenance? Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Steve Lodin, a veteran of the cybersecurity industry, embarks on an ambitious mission to protect millions of identities from hackers while his team strives to maintain high-security standards and compliance with regulators."The more that we can identify, document, and share, the less attacks that are hitting our colleagues and our peers in the industry." - Steve LodinLodin's experience comes with a background in software engineering, system administration, and global IT security. He has worked with General Motors, Ernst and Young, Roche Diagnostics, and Sallie Mae, and has a Master's degree in Computer Science from Purdue University.Steve Lodin had been working with electronics engineering and software engineering since he got his engineering degree. He had a passion for computers and decided to focus on security. He went back to school for a Master's in Computer Science and went on to work at Ernst and Young, Roche Diagnostics, and the world of startups. For the past 10 years, he has been working at Sallie Mae protecting millions of IDs from hackers. With the shift to the cloud, Steve has been advocating for the removal of legacy security debt and providing security opportunities to improve the environment. He is a prominent contributor to the industry, helping to identify and document attacks to protect against them.In this episode, you will learn the following:1. What challenges arise when attempting to secure xIoT devices?2. How can organizations prevent external and internal attack surfaces?3. How can organizations use the cloud to reduce their legacy security debt? Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Discover how former Deputy Director at the NSA Bill Crowell envisions the present and future of xIoT in this exclusive interview!"An attacker focuses on whatever is left unprotected. And if there's not a lot of attention being given to xIoT or IoT or OT, then that's where the attacker is going to go." - Bill CrowellBill Crowell is a cybersecurity luminary and former National Security Agency executive with 34 years of experience in the field. He has held a variety of positions in the public and private sectors, from designing satellites to serving as the head of an intelligence organization focused on the Soviet Union during the Cold War.During Bill Crowell's years at the National Security Agency, he was involved in the intelligence-gathering systems for the military. He also co-authored a book in 2007 predicting the convergence of physical and logical security. In the current landscape, business leaders do not understand cyber-attacks and IoT threats, making them vulnerable targets. Nation-states such as Russia, China, Iran, and North Korea are taking advantage of these vulnerabilities by focusing their attacks on xIoT devices. For example, they are using the devices to hide and exfiltrate sensitive data.In this episode, you will learn the following:1. How the framework of cybersecurity has evolved over the years and what impact this has had on society.2. How nation-states are utilizing xIoT devices as a major attack vector.3. How attackers are using xIoT devices as an entry point to gain access to sensitive data and exfiltrate it. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Jeffrey Vinson, Senior VP and CISO at Harris Health System, has held leadership positions for much of his life, from military to federal to state government. It was a natural progression for him to move from IT to what he calls a “Pure Cyber Guy.” Vinson joins Brian and John on the show today to answer the question, “What makes up your special forces in cyber?”In healthcare, it's about saving lives, and cybersecurity is a patient safety issue. Vinson talks about the balancing act between patient safety and data privacy, HIPPA compliance, and legislation. Breaches are on the rise year over year, so clearly work needs to be done. Where does the buck stop on where confidential information lives? IoT devices, including cameras and printers and medical equipment, are providing inroads for attackers, but the industry has concerns over device downtime. Let's get into Things on the IoT Security Podcast!Follow Jeffrey on LinkedIn at https://www.linkedin.com/in/jeffrey-m-v-35b56b12/.Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontos/.And you can follow John Vecchi at https://www.linkedin.com/in/johnvecchi/.The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast/. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Dr. Ulf Lindqvist reports in from the Computer Science Laboratory at SRI International where he's the Senior Technical Director managing research and development. Focusing on critical infrastructure systems, including specialized systems in the Internet of Things, Dr. Lindqvist established and leads SRI's infrastructure security research program. Yeah, so we're pretty interested in the good doctor!In this episode, Brian and John explore the path from academia, the right to repair, and the long timeline of researchers. Dr. Lindqvist describes what goes into a device lab — and it turns out you don't just drive a car into it for connected vehicle testing.Dr. Lindqvist thinks in terms of 10 years out, so when he looks at drones or quantum computing, he sees a convergence of Things, the good and the bad, moving faster than ever. The drones work well because of widespread navigation services and the shrinking size of technology. All of those things coming together can do great things, but they can also be used for nefarious purposes from all over the globe.Let's get into Things on the IoT Security Podcast!Follow Ulf Lindqvist on LinkedIn at linkedin.com/in/ulflindqvist and on Twitter at @ulflindqvistFollow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontos/.And you can follow John Vecchi at https://www.linkedin.com/in/johnvecchi/.The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast/. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Richard Stiennon, Chief Research Analyst for IT-Harvest, joins us for The Return: Episode 2. Author of the recent Security Yearbook 2022, Richard started his career before cyber was cyber, a story he originally shared with Brian on a walk along some train tracks. How does a guy go from an ISP start-up to Gartner to IT-Harvest and being a bestselling author?Richard started IT-Harvest to literally harvest data, and that's resulted in his latest project, an app for data obsessives called the Analyst Dashboard. He talks about what it took to get there and some surprising results he's discovered from the tool.The cybersecurity space, he's found, has focused and refocused and reframed and refocused again. Now, it's apparent globally that cybercriminals and nation-states are looking at IoT as the new frontline. When new technologies come up, they're developed with no thought to security, says Richard. Now we're reaping what was sown. Let's get into Things on the IoT Security Podcast!Follow Richard Stiennon on all his platforms: https://www.linkedin.com/in/stiennonhttps://stiennon.substack.comhttps://twitter.com/stiennonhttps://www.it-harvest.comFollow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontos/.And you can follow John Vecchi at https://www.linkedin.com/in/johnvecchi/.The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast/. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

DJ Goldsworthy, Vice President of Security Operations and Threat Management at Aflac, joins the podcast for episode number 1. Brian and John dig into DJ's background in cybersecurity research and development, and his current role at Aflac where he oversees 8 teams. He's a leader, but he's really hands-on, keeping his technical edge. How do you make sure the right areas of a team this expansive get the right support? The right funding? They soon dig into the current threat-scape and trends in cybersecurity, particularly in terms of the increase in commoditized threats. These are no longer poorly written emails with a couple of links, but cybercrime as a service.Cybercriminals are also selling access to xIoT devices, which includes IoT, OT, and Network devices, after having gained persistence in a network. Let's get into Things on the IoT Security Podcast!Follow DJ on LinkedIn at https://www.linkedin.com/in/djgoldsworthyFollow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontos/.And you can follow John Vecchi at https://www.linkedin.com/in/johnvecchi/.The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast/. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

The IoT Security Podcast explores the Security of Things. The Internet of Things (IoT) is a giant network of over 50 billion connected devices, and it's transforming the way we live and work. But a breakdown in security will prevent this IoT transformation. Join Brian Contos and John Vecchi twice a month as they speak with the biggest names and the biggest brains in cybersecurity, including CISOs, analysts, security researchers, and other industry thought leaders, to give you the information you need to navigate security and threats in an increasingly Thing-based world.Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast/