POPULARITY
3 episodes with aaron guzman
2 episodes with aaron guzman
2 episodes with aaron guzman
The current state of IoT security and privacy may look different to many people, businesses, and governments. This discrepancy could be a problem. With so many different viewpoints, it can be challenging to raise the bar and protect society from the technologies they are using.In this episode with security researcher and privacy advocate, David Rogers, we explore how organizations can leverage the work legislators and industry standards bodies such as ETSI are producing to help their operations (product development, IT operations, security operations, and more) bring consumer devices to market with security and privacy built in. We even discuss the value of translating codes of practice into multiple languages to help bridge the gap and remove the barriers to gaining traction with best practices around the world.Also, there's a lot that goes into create a standard that get published or a bill that gets passed into law. That journey, the way different individuals look at it, write, and translate it into something can actually be applied — and then audited and enforced — can be very tricky. For example, if the law includes the word "timely," what does that actually mean in practice? David and I get to discuss this a bit as well, as this is something that may not be well understood.There's a shout-out to Aaron Guzman [@scriptingxss] re: the work he and others are doing at the Cloud Security Alliance [@CloudSA] and OWASP [@OWASP].Have a listen.____________________________GuestDavid RogersFounder and CEO at Copper Horse Ltd [@copperhorseuk]On LinkedIn | https://www.linkedin.com/in/davidrogersuk/On Twitter | https://twitter.com/drogersuk____________________________This Episode's SponsorsImperva: https://itspm.ag/imperva277117988Asgardeo | https://itspm.ag/asgardeo-by-wso2-u8vcAre you interested in sponsoring an ITSPmagazine Channel?
The current state of IoT security and privacy may look different to many people, businesses, and governments. This discrepancy could be a problem. With so many different viewpoints, it can be challenging to raise the bar and protect society from the technologies they are using.In this episode with security researcher and privacy advocate, David Rogers, we explore how organizations can leverage the work legislators and industry standards bodies such as ETSI are producing to help their operations (product development, IT operations, security operations, and more) bring consumer devices to market with security and privacy built in. We even discuss the value of translating codes of practice into multiple languages to help bridge the gap and remove the barriers to gaining traction with best practices around the world.Also, there's a lot that goes into create a standard that get published or a bill that gets passed into law. That journey, the way different individuals look at it, write, and translate it into something can actually be applied — and then audited and enforced — can be very tricky. For example, if the law includes the word "timely," what does that actually mean in practice? David and I get to discuss this a bit as well, as this is something that may not be well understood.There's a shout-out to Aaron Guzman [@scriptingxss] re: the work he and others are doing at the Cloud Security Alliance [@CloudSA] and OWASP [@OWASP].Have a listen.____________________________GuestDavid RogersFounder and CEO at Copper Horse Ltd [@copperhorseuk]On LinkedIn | https://www.linkedin.com/in/davidrogersuk/On Twitter | https://twitter.com/drogersuk____________________________This Episode's SponsorsImperva: https://itspm.ag/imperva277117988Asgardeo | https://itspm.ag/asgardeo-by-wso2-u8vcAre you interested in sponsoring an ITSPmagazine Channel?
Vickie Li, developer evangelist at ShiftLeft interviews car hacker and IoT security expert Aaron Guzman about his experience hacking Subaru cars, and how we can improve IoT security through regulation, policies, and education.
There are many talks given at conferences, such as the OWASP-themed session Aaron Guzman gave during DEF CON 29 in the BioHacking village. And, yes, these talks mean a lot to the hacking community — perhaps more than we realize. After we discuss the BioHacking village a bit, this episode gets very real as Aaron and Marco speak the truth._______________________GuestsAaron GuzmanOn Twitter
These days, everything is connected to the internet. Whether it's your car, your light bulbs, your microwave, your pacemaker, or your cochlear implant, it's all being run and dictated by the internet. And with that brings a whole new set of concerns. Where you used to just have to worry about keeping your bank account secure, or your home wifi network secure, now all of a sudden you have to worry about your car or your pacemaker being hacked? How do we even go about categorizing all the IoT devices, and how do we protect them? On this episode of Virtual CISO, I chat with Aaron Guzman, who in addition to being the Product Security Lead at Cisco Meraki, is also the Project Lead for the IOT Security Verification Standard (ISVS) at the OWASP Foundation. And if that wasn't enough, he's the author of a number of books on IoT, including IoT Penetration Testing Cookbook. He was kind enough to talk about: - OWASP - What the ISVS is - Who ISVS is intended for - And, how ISVS is categorized To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here. If you don't use Apple Podcasts, you can find all our episodes here.
The internet of things is taking off. IoT is bringing new innovations across the board… But it's also bringing a new set of vulnerabilities. If you're looking to make sure you're secure in the world of IoT, I can't think of anybody better to talk to than Aaron Guzman, Co Chair of the IoT Working Group, and John Yeoh, Global Vice President of Research, at Cloud Security Alliance. So, in the latest episode of the Virtual CISO Podcast, I do exactly that. We discuss (among MANY other things): - What CSA is and the guidance they offer developers and IoT consumers - The work they are doing in IoT - What implications 5G has for their work To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here. If you don't use Apple Podcasts, you can find all our episodes here.
Trichotillomania is a very harmful disease and can be very dangerous if not taken care of properly.
Welcome to Episode 44 of the Among Women “Espresso Shot”– a short strong coffee break of faith sharing and teaching from Pat Gohn. Today’s topic: The Beatitudes - "Blessed are who are persecuted for righteousness sake, for theirs is the kingdom of heaven. In this espresso shot, I examine the final Beatitude in this series from Matthew 5:10: "Blessed are who are persecuted for righteousness sake, for theirs is the kingdom of heaven." This is the last podcast in a 9-podcast series devoted to reviewing the eight Beatitudes that open Jesus' Sermon on the Mount in the Gospel of Matthew. In this podcast, as with the previous ones in this series, I'm examining how this important beatitude not only reflects Jesus and his lived experience, but it also has import for the Christian life, while it very obviously points us toward heaven. Links for this episode: Previous podcasts in the Beatitudes series: AW Espresso Shot 43: Blessed are the peacemakers AW Espresso Shot 42: Blessed are the pure in heart AW Espresso Shot 41: Blessed are the merciful AW Espresso Shot 40: Blessed are those who hunger and thirst for righteousness AW Espresso Shot 39: Blessed are the meek AW Espresso Shot 38: Blessed are those who mourn AW Espresso Shot 37: Blessed are the poor in spirit AW Espresso Shot 36: An overview of the Beatitudes Reminders: You can now listen to Among Women on iHeart Radio and the iHeart Radio app. Send your comments to Pat Gohn at amongwomenpodcast@me.com, or to the Among Women podcast facebook page. Or follow Pat on Twitter at @PatGohn or @among_women. If you like what we do here at Among Women, please promote this podcast in your social media circles, in your church bulletin, or leave a positive review and rating over on our iTunes page. Photo by Aaron Guzman on Unsplash
Aaron Guzman specializes in IoT, embedded, and automotive security. Aaron is the Co-Author of “IoT Penetration Testing Cookbook”. He helps lead both OWASP’s Embedded Application Security and Internet of Things projects; providing practical guidance for addressing top security vulnerabilities to the embedded and IoT community. Aaron joins us to explore IoTGoat. IoTGoat is a deliberately [...] The post Aaron Guzman — IoTGoat appeared first on Security Journey Podcasts.
In today’s episode, Sean Martin connects with Aaron Guzman and Daniel Miessler to take a look at the new edition of the OWASP Top 10 for the Internet of Things. This project, which began in 2014, contains a lot of work related to identifying the risks, vulnerabilities and controls necessary to safely deploy and use Internet-connected devices at work, at home and in society. Aaron and Daniel walk us through the top 10 list, giving us some insight into each item and how it can have an impact on how things are built, implemented and broken. While the goal of the IoT top 10 is to simplify the view for these 3 target audiences (builders, implementers, breakers), the surrounding project elements within the OWASP environment and some of the partner projects outside of the OWASP ecosystem can really make a difference in how we approach IoT security moving forward.
intro CFP for Bsides Barcelona is open! https://bsides.barcelona Aaron Guzman: @scriptingxss https://www.computerweekly.com/news/252443777/Global-IoT-security-standard-remains-elusive https://www.owasp.org/index.php/IoT_Attack_Surface_Areas https://scriptingxss.gitbooks.io/embedded-appsec-best-practices//executive_summary/9_usage_of_data_collection_and_storage_-_privacy.html OWASP SLACK: https://owasp.slack.com/ https://www.owasp.org/images/7/79/OWASP_2018_IoT_Top10_Final.jpg Team of 10 or so… list of “do’s and don’ts” Sub-projects? Embedded systems, car hacking Embedded applications best practices? *potential show* Standards: https://xkcd.com/927/ CCPA: https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act California SB-327: https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327 How did you decide on the initial criteria? Weak, Guessable, or Hardcoded passwords Insecure Network Services Insecure Ecosystem interfaces Lack of Secure Update mechanism Use of insecure or outdated components Insufficient Privacy Mechanisms Insecure data transfer and storage Lack of device management Insecure default settings Lack of physical hardening 2014 OWASP IoT list: https://www.owasp.org/index.php/Top_10_IoT_Vulnerabilities_(2014) 2014 list: I1 Insecure Web Interface I2 Insufficient Authentication/Authorization I3 Insecure Network Services I4 Lack of Transport Encryption I5 Privacy Concerns I6 Insecure Cloud Interface I7 Insecure Mobile Interface I8 Insufficient Security Configurability I9 Insecure Software/Firmware I10 Poor Physical Security BrakeSec Episode on ASVS http://traffic.libsyn.com/brakeingsecurity/2015-046_ASVS_with_Bill_Sempf.mp3 OWASP SLACK: https://owasp.slack.com/ What didn’t make the list? How do we get Devs onboard with these? How does someone interested get involved with OWASP Iot working group? https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-security-best-practices https://www.iiconsortium.org/pdf/SMM_Description_and_Intended_Use_2018-04-09.pdf https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL_v2-dg11.pdf https://api.ctia.org/wp-content/uploads/2018/08/CTIA-IoT-Cybersecurity-Certification-Test-Plan-V1_0.pdf https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/747977/Mapping_of_IoT__Security_Recommendations_Guidance_and_Standards_to_CoP_Oct_2018.pdf https://www.mocana.com/news/mocana-xilinx-avnet-infineon-and-microsoft-join-forces-to-secure-industrial-control-and-iot-devices https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf Check out our Store on Teepub! https://brakesec.com/store Join us on our #Slack Channel! Send a request to @brakesec on Twitter or email bds.podcast@gmail.com #Brakesec Store!:https://www.teepublic.com/user/bdspodcast #Spotify: https://brakesec.com/spotifyBDS #RSS: https://brakesec.com/BrakesecRSS #Youtube Channel: http://www.youtube.com/c/BDSPodcast #iTunes Store Link: https://brakesec.com/BDSiTunes #Google Play Store: https://brakesec.com/BDS-GooglePlay Our main site: https://brakesec.com/bdswebsite #iHeartRadio App: https://brakesec.com/iHeartBrakesec #SoundCloud: https://brakesec.com/SoundcloudBrakesec Comments, Questions, Feedback: bds.podcast@gmail.com Support Brakeing Down Security Podcast by using our #Paypal: https://brakesec.com/PaypalBDS OR our #Patreon https://brakesec.com/BDSPatreon #Twitter: @brakesec @boettcherpwned @bryanbrake @infosystir #Player.FM : https://brakesec.com/BDS-PlayerFM #Stitcher Network: https://brakesec.com/BrakeSecStitcher #TuneIn Radio App: https://brakesec.com/TuneInBrakesec
Aaron Guzman: @scriptingxss https://www.computerweekly.com/news/252443777/Global-IoT-security-standard-remains-elusive https://www.owasp.org/index.php/IoT_Attack_Surface_Areas https://scriptingxss.gitbooks.io/embedded-appsec-best-practices//executive_summary/9_usage_of_data_collection_and_storage_-_privacy.html OWASP SLACK: https://owasp.slack.com/ https://www.owasp.org/images/7/79/OWASP_2018_IoT_Top10_Final.jpg Team of 10 or so… list of “do’s and don’ts” Sub-projects? Embedded systems, car hacking Embedded applications best practices? *potential show* Standards: https://xkcd.com/927/ CCPA: https://en.wikipedia.org/wiki/California_Consumer_Privacy_Act California SB-327: https://leginfo.legislature.ca.gov/faces/billNavClient.xhtml?bill_id=201720180SB327 How did you decide on the initial criteria? Weak, Guessable, or Hardcoded passwords Insecure Network Services Insecure Ecosystem interfaces Lack of Secure Update mechanism Use of insecure or outdated components Insufficient Privacy Mechanisms Insecure data transfer and storage Lack of device management Insecure default settings Lack of physical hardening 2014 OWASP IoT list: https://www.owasp.org/index.php/Top_10_IoT_Vulnerabilities_(2014) 2014 list: I1 Insecure Web Interface I2 Insufficient Authentication/Authorization I3 Insecure Network Services I4 Lack of Transport Encryption I5 Privacy Concerns I6 Insecure Cloud Interface I7 Insecure Mobile Interface I8 Insufficient Security Configurability I9 Insecure Software/Firmware I10 Poor Physical Security BrakeSec Episode on ASVS http://traffic.libsyn.com/brakeingsecurity/2015-046_ASVS_with_Bill_Sempf.mp3 OWASP SLACK: https://owasp.slack.com/ What didn’t make the list? How do we get Devs onboard with these? How does someone interested get involved with OWASP Iot working group? https://docs.microsoft.com/en-us/azure/iot-fundamentals/iot-security-best-practices https://www.iiconsortium.org/pdf/SMM_Description_and_Intended_Use_2018-04-09.pdf https://www.dhs.gov/sites/default/files/publications/Strategic_Principles_for_Securing_the_Internet_of_Things-2016-1115-FINAL_v2-dg11.pdf https://api.ctia.org/wp-content/uploads/2018/08/CTIA-IoT-Cybersecurity-Certification-Test-Plan-V1_0.pdf https://assets.publishing.service.gov.uk/government/uploads/system/uploads/attachment_data/file/747977/Mapping_of_IoT__Security_Recommendations_Guidance_and_Standards_to_CoP_Oct_2018.pdf https://www.mocana.com/news/mocana-xilinx-avnet-infineon-and-microsoft-join-forces-to-secure-industrial-control-and-iot-devices https://www.microsoft.com/en-us/research/wp-content/uploads/2017/03/SevenPropertiesofHighlySecureDevices.pdf
Detta är ett intervjuavsnitt inspelat under SecurityFest 2017. Avsnittet innehåller tre intervjuer med Dave Lewis, Steve Lord och Aaron Guzman, tre av talarna under konferensen. Timestamps för intervjuer: 0:00 Dave Lewis, 8:20 Steve Lord, 22:45 Aaron Guzman.
Bugcrowd's Jason Haddix interviews Aaron Guzman, security researcher and consultant at SecureWorks about his recent connected vehicle research.
© 2020-2025 Ivy Podcast Discovery LLC
