Left to Our Own Devices

We sat down with the Seagate, Intel, and ScaleFlux veteran to discuss innovations in storage technologies, emerging threats, and cybersecurity.

We sat down with the seasoned IT and cybersecurity leader and CISO at Trace3 to discuss emerging cyber threats, aligning security with business goals, and tailoring “right-sized” security programs. We also discuss balancing innovation with compliance and how military leadership principles influence corporate cybersecurity strategies.

We sat down with the Health-ISAC Chief Security Officer to discuss his 25-year career spanning banking, government, and healthcare to identify the biggest cybersecurity threats and trends impacting the healthcare industry in 2025 and beyond.

We had the privilege of sitting down with Dr. Hans-Martin von Stockhausen, Principal Key Expert in Cybersecurity at Siemens Healthineers, to delve into the intricacies of cybersecurity throughout the product lifecycle. Our conversation explored the delicate balance between device usability and time-to-market pressures, as well as practical tips for enhancing cybersecurity posture.

We sat down with the Head of Product Security at LivaNova, the former Chief Product Security Officer at Elekta and co-chair of the Legacy Devices Task Group at the Health Sector Coordinating Council to discuss what he learned throughout his long and successful career and to gain insights on regulations, security activities and more

We sat with the Senior Industry Analyst at Frost & Sullivan to learn from her cross-industry experience in automotive, mobility, technology, oil & gas, and manufacturing. We talked about innovation, market strategy, cybersecurity, and consulting for multiple industries, and gathered tips & insights for cybersecurity professionals from her experience across the globe.

We sat down with the Los Angeles Emmy Award-winning journalist and author to discuss global AI ethics, cybersecurity, and the future of Artificial Intelligence.

In this special episode, David and Shlomi, hosts of the Left to Our Own Devices podcast, sit down with Aaron C. Crow, a seasoned Cyber and Strategic Risk leader with 25 years of experience. Together, they share valuable insights on OT and product security, while also exploring the future direction of the industry.This episode is a republish from Aaron's own PrOTect It All podcast, where it was originally released.

We sat down with the Cybersecurity & Functional Safety Senior Engineering Specialist at Eaton to discuss the intersection of safety and security in the automotive world, upcoming updates to ISO/SAE 21434, and learn from his vast experience in the automotive and medical device industries.

We sat down with the Product Security Officer - Healthcare at Barco to discuss the intersection of QA and Product Security, the Secure Software Development Life Cycle, and cybersecurity standards from NIST and IEC.

We sat down with Melissa Rhodes, the Product Security Program Manager at Medtronic and an MDM security thought leader for a fun and insightful conversation about SBOMs and her journey from firmware engineering to leading product security.

In this episode of "Left to Our Own Devices," we dive into the world of automotive cybersecurity with Heather Vermillion, a security engineer at PACCAR, who shares her journey from the Department of Defense to safeguarding advanced automotive technologies, while also championing the next generation of cybersecurity professionals.

In this episode of Left to Our Own Devices, Rob Putman, Global Manager of Cybersecurity Services at ABB, shares his journey from Sony PlayStation to leading cybersecurity in industrial automation. Tune in for insights on product security and industrial control challenges.

In this episode, Dr. Allan Friedman from CISA returns to discuss the upcoming SBOM-a-Rama, a pivotal event in supply chain cybersecurity. He shares insights on the evolution of SBOMs, the significance of community collaboration, and what to expect from this year's hybrid event, including a showcase of innovative SBOM solutions.

In this episode, we welcome the Director of Product Security at Edwards Life Sciences. Samuel shares his journey from IT roles in a Zimbabwe safari to leading product security in the medical device industry, discussing challenges, solutions, and the impact of FDA regulations on their processes.

In this special bonus episode, we welcome back Tom Alrich, an expert in supply chain cybersecurity to discuss one of the most pressing issues in cybersecurity right now. Tom discusses the current issues with the National Vulnerability Database (NVD) and the challenges it presents for effective vulnerability management. We explore his proposed solutions and the future of software supply chain security, based on his extensive experience.If you'd like to reach out to Tom, his email address is tom@tomalrich.com.Additional links/resources mentioned during the episode or relevant to the discussion (if the links are not clickable please visit cybellum.com/podcasts to find them)The SBOM Forum's 2022 white paper on fixing the CPE problem in the NVDTom's post from yesterday on the problem with vulnerability managementThe link to the SBOM Forum's website, where donations can be made (please email Tom before donating)An additional post he published on the day we recorded the episode which further highlights the NVD issueTom's book "Introduction to SBOM and VEX" which is out nowTom also mentioned that he misspoke when he said at the end that the OWASP Vulnerability Database Working Group is meeting twice weekly. In reality, they are only meeting twice monthly, as he can't afford to dedicate more time than that. They would love to meet at least weekly and also create documents, webinars, and more. Therefore, they are seeking some modest donations to support these efforts.

Join us as we dive into the journey of Ashwini Siddhi, Director of Product Security Engineering at GoDaddy. Ashwini shares her experiences from Dell to GoDaddy, her expertise in threat modeling, and the pivotal role of Bengaluru in her career. We also explore her advocacy for diversity and inclusion in cybersecurity and her influential mentorship with Women in Cyber.

We sat down with Scott Sheahan, the owner of Rustic Security, to learn from his rich background in the automotive cybersecurity world and embedded software development.

We sat down with a System Security Architecture Manager at NVIDIA, to discuss the convergence of Automotive cybersecurity and AI, as well as NVIDIA's Morpheus Cybersecurity Framework.

We sat down with the Sr Director of Cyber Security & Medical Device Connectivity Engineering at ICU Medical to discuss medical device cybersecurity, FDA, and balancing innovation and security.

In this episode, we talk to Steve Orrin, Chief Technology Officer and Senior PE at Intel Federal, about his unique journey from biology to cybersecurity leadership. We discuss the main challenges faced by federal bodies in the cybersecurity landscape and how they differ across industries like Aerospace, Education, and Healthcare.Steve shares valuable insights on product cybersecurity, emphasizing the growing interest from governments worldwide, as seen in regulations like the FDA Premarket Guidance and the Cyber Resilience Act. He offers advice to vendors, suppliers, and users on navigating this evolving regulatory landscape.

We sat down with the Global Practice Leader, Healthcare & Life Sciences at the IEEE Standards Association to discuss cybersecurity standards, regulations, and building a career in cybersecurity

We sat down with the Co-founder and CEO of HACKERverse (Recently known as KIKrr) to discuss Entrepreneurship, product security, and the power of networking.

We chatted with the partner at Clark Hill PLC about AI, FDA regulations, and cybersecurity legal risks, based on his years of experience learning the legal aspects of healthcare and industrial cybersecurity

We invited the Partner at Mayer Brown and the leader of the Global Data Innovation team, to discuss the legal aspects of cybersecurity, AI, and privacy, as well as the evolving landscape of responsible AI.

We sat down with the VP of Research at Cybellum, aka "Roman Explains" to learn from his vast experience in embedded device security research and get practical insights into how to use AI in product security, following the release of his new "Ask Roman" product feature for product security professionals.

We were joined by the Director of Safety & Cybersecurity at ZF for a fascinating conversation about innovation in automotive cybersecurity, and ZF's uncompromising approach to both safety and security.

We sat down with the Chairman of the Board at itemis inc. and the world-renowned TARA expert to discuss innovations in Threat Analysis, automotive cybersecurity trends, and much more.

We sat down Jacob Combs, VP of Cybersecurity at Tandem Diabetes Care, to talk about how he manages product security at Tandem, and how he overcomes the need to secure an entire ecosystem, beyond the product's perimeters.

We sat down with the Senior Manager for Technical Cyber Security at PwC Deutschland to discuss trends in OT security, AI, automotive cybersecurity, and everything in between.

Hey hackers, defenders, and everyone in between! Today, we rewind 2023: a year of regulatory push, supply chain hacks, and enough zero days to fill a breach library. But fear not! We also saw product security rise like a phoenix, with threat modeling soaring and vulnerability management taking center stage. So buckle up as we toast the triumphs, dissect the dramas, and prepare for what's next in this ever-evolving world.

We sat down with Robert Smigelski, CISSP, MSEE, Manager Product Cybersecurity at B. Braun Medical, for a deep dive conversation about how he built the product security practice at B. Braun Medical, automation, and the intersection between safety and security.

We sat down with the Chief Radar Officer at Arbe, who also previously led radar technology and development for General Motors, to discuss radar technology, cybersecurity and autonomous technologies.

We sat down with Eddy Thesee, a world expert in rail cybersecurity. Eddy is the Vice President of Products & Solutions Cybersecurity at Alstom, a world leader in green, smart mobility rail solutions such as rail transportation and infrastructure. Eddy began his career as a network and systems consultant and then joined Alstom where he moved through the ranks all the way to becoming the company's VP of Products & Solutions Cybersecurity.

The brutal terrorist attack in Israel on Oct 7th against men, women, children and the elderly has left us heartbroken. We at Cybellum hold the hands of those who lost their family members and friends in such a horrific way and pray for the safe return of our hostages and soldiers. At the same time, we find it important to push forward. Our cyber adversaries, very much like the real-world ones, never stop, and it's important to keep advancing the product security community, especially in these trying times.On that note, we share our interview with Matanyahu Englman, Israel's state comptroller and Ombudsman. Mr. Engelman has held countless key positions across government, academia, and the private sector, and is one of the main voices promoting cybersecurity in the state of Israel and abroad. He invited us to his Jerusalem office to discuss his pioneering approach to cybersecurity, hear insights from his team's research, and learn about his multi-national cybersecurity cooperations.Please note the interview was recorded before the terrorist attacks in Israel.

We sat down with Helen Negre, the Chief Cybersecurity Officer for Siemens USA and the Americas CISO for Siemens Mobility, for a fascinating and candid conversation about product security, psychology, and personal growth. Helen has shared with us insights from her nontypical journey to cybersecurity leadership and provides tips for those wanting to follow a similar path.

We sat down with Michal Geva, General Manager, OTA and Cybersecurity at HARMAN International to discuss trends in automotive cybersecurity and OTA cybersecurity. Michal also discussed supply chain cybersecurity, EVs and provided her tips for women in cybersecurity roles.

We sat down with Nidhi Gani, a seasoned regulatory affairs professional with over a decade of experience in medical devices and digital health to discuss her experiences and her insights. Nidhi has worked with devices ranging from heart and lung machines to rehabilitation devices. She works at Embecta as a Regulatory Affairs Software and Cybersecurity and is a Cybersecurity Fellow at the Archimedes Center for Health Care and Medical Device Cybersecurity at Northeastern University.

The Chief Cyber Security Strategist at NTT Japan came by our offices to discuss the differences in cybersecurity approaches between countries, her experience working with the public and the private sector, and how to manage cybersecurity and spend time at the beach at the same time.

Joanna C. Cooper is the General Manager at Daimler Truck North America. Over the past 15 years, Joanna built multi-disciplinary industry experience, domestically and internationally, ranging from project management and component procurement, through manufacturing operations and engaging customer experience. She joined us to discuss the automotive industry, cybersecurity, and how to advance women in manufacturing roles.

We sat down with the Car Security Operations at Volkswagen AG, and ASRG founder to discuss his journey into automotive cybersecurity, what he learned along the way, and why the upcoming Secure Our Street Conference is so important to the community.

We sat down with the Director at AT&T Cybersecurity to discuss the relationship between cybersecurity and the business, the growing connectivity in the telecom industry, and to hear her tips and tricks for women in cybersecurity.

We sat down with Tony Turner, CEO at Opswright, for a fascinating conversation about everything product security - from the collaboration challenge between asset owners and manufacturers to HBOMs and his new book.

We sat down with the Managing Director, Cyber Security Services at KPMG, to discuss life on the front lines of securing the most critical national infrastructure, how AI will change security as we know it, and how her mother inspired her to become a leader in this field.

We sat down with Esti Peshin, VP, General Manager, Cyber Division at Israel Aerospace Industries - ELTA, and our guest host Michael Engstler, co-founder and CTO of Cybellum, to discuss what flying a plane can teach you about cybersecurity. Under Esti's management, IAI's cyber activity was expanded from a Directorate to a Division. Esti also served as the Director General of the Israeli Hi-Tech Caucus at the Knesset, the Israeli Parliament, and was a partner in multiple private equity firms. Esti is also a licensed pilot, as shown in the fantastic videos she shares on social media.

Paul Cha is a cyber and product security leader, serving as the VP of Cybersecurity at LG Electronics Vehicle component Solutions. Paul held critical positions at Synopsis, Ford Motor Company, and Samsung prior to joining LG. We sat down with him to discuss LG VS' journey to becoming CSMS certified, his work with Cybellum, and learn from his many years of experience.

We sat down with the Cybellum Co-founder and CEO, to discuss the progress made in the product security world and Cybellum's transition from a tiny start-up into a global company that was bought by LG Electronics.

Adam Boulton, VP of Security Technologies at Cybellum, is one of the most experienced software security pros on the planet, with over 15 years of experience in security engineering. Among other things, he has more than 100 cybersecurity patents under his belt and is one of the leading experts in reverse engineering of device binaries in particular and product security in general. In this episode, he shares his experience and his tips on building a product security strategy and provides security lessons from the food and building industries.

The Global VP and GM of Cybersecurity at Honeywell shares his thoughts on the link between IT, OT, and Product Security, and shares how simplifying cybersecurity is key. Mirel spent over a decade embedded across varying domains, with global experience leading engineering, operations, marketing, and sales teams. He is an advisor and board member in multiple cybersecurity organizations and non-profits and is one of the trailblazers in the world of IT and OT cybersecurity.

We sat down with the Executive Director of Automotive-ISAC to discuss the power of community in the Automotive cybersecurity world and beyond. Faye has over 30 years of diverse experience in government and industry specializing in forensic chemistry, aviation, security, and networked systems. She's a key figure in today's Automotive cybersecurity world,

Adam is one the biggest threat modeling experts in the world, he is an advisor, a lecturer, a game designer, and the author of multiple books, including "Threat Modeling: Designing for Security". His latest book “Threats: What Every Engineer Should Learn From Star Wars” is available now: https://www.amazon.com/Threats-Every-Engineer-Should-Learn/dp/1119895162#:~:text=In%20Threats%3A%20What%20Every%20Engineer,how%20to%20develop%20secure%20systems.During our conversation, Adam mentioned a book by Csikszenmihality, which can be found here:https://www.amazon.com/Finding-Flow-Psychology-Engagement-Everyday-ebook/dp/B086SVQ1MJ/ref=sr_1_1?crid=132R6QL2KYRZU&keywords=finding+flow&qid=1675723854&sprefix=finding+flow%2Caps%2C166&sr=8-1He also mentioned a book called "Don't Bother Me Mom", which can be found here: https://www.amazon.com/Dont-Bother-Me-Mom-Im-Learning/dp/1557788588