Podcasts about iot security

Healthcare IoT systems are increasingly targeted by cyber threats, necessitating a shift in strategy from isolated, organization-specific responses to a collaborative, ecosystem-wide approach. James McCarthy sits down with vCISO and 30-year information assurance and cybersecurity veteran Jason Taule. Taule brings important insights into the challenges faced by healthcare providers due to regulatory pressures, financial constraints, and technological advancements, urging both manufacturers and providers to participate in a unified security effort. Emphasizing the critical need for proactivity,  Taule also calls for a balance between regulation and adaptability in safeguarding these critical infrastructures. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In episode 129 of Cybersecurity Where You Are, Sean Atkinson discusses best practices for embedding cybersecurity in project management. Here are some highlights from our episode:01:34. Elements for connecting the dots between cybersecurity risk assessment and project risk assessment03:06. How our conceptualization of a project changes under a zero trust implementation04:02. What security may look like in a Waterfall vs. Agile approach to project management06:26. The importance of resources and stakeholders in managing any project08:34. Scope creep and other challenges of embedding cybersecurity in project management15:45. How continuous monitoring and other best practices can help us to overcome these hurdles25:30. How cybersecurity can inform projects involving generative artificial intelligenceResourcesEpisode 105: Context in Cyber Risk QuantificationQuantitative Risk Analysis: Its Importance and ImplicationsHow Risk Quantification Tests Your Reasonable Cyber DefenseEpisode 44: A Zero Trust Framework Knows No EndHow to Construct a Sustainable GRC Program in 8 StepsEpisode 33: The Shift-Left of IoT Security to VendorsEpisode 120: How Contextual Awareness Drives AI GovernanceIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Matt Brown, Hardware Security Researcher, Bug Bounty Hunter, and Founder of Brown Fine Security, leaves nothing to the imagination in this conversation with host Eric Johansen on the world of embedded devices and cybersecurity. Matt shares his journey from childhood tinkering to professional vulnerability research, offering insights into the complexities of IoT attack surfaces, legacy system challenges, and real-world hacking experiences. The conversation covers everything from surprising device vulnerabilities to practical advice for aspiring IoT hackers, including why off-brand devices are a great starting point. Plus, Matt reveals some of the sketchy smart devices in his own home and why understanding your threat model is key to robust security. It's an unfiltered look into the intersection of curiosity, technology, and defense strategies in today's connected world.You may know Matt from his hit YouTube channel at https://www.youtube.com/@mattbrwn. If you like hardware, taking gear apart, and digging into what makes devices vulnerable, you're definitely going to want to give it a look. You can also find Matt Brown at the following places:brownfinesecurity.comlinkedin.com/in/mattbrwntwitter.com/nmatt0github.com/nmatt0reddit.com/user/mattbrwn0 Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

IoT security is the name of the game this week! My podcast guest is Sharon Hagi, Chief Security Officer of Silicon Labs. Sharon and I chat about the new cybersecurity labeling program called Cyber Trust Mark - the details of this program and the motivation behind its development. We also discuss the Connectivity Standards Alliance's Product Security Working Group and how it eases the challenges of complying with global product security requirements. Finally, we also explore benefits of silicon-rooted trust models and secure manufacturing in this arena and how Silicon Labs is furthering security in IoT devices. 

⬥GUEST⬥Sarah Fluchs, CTO at admeritia | CRA Expert Group at EU Commission | On LinkedIn: https://www.linkedin.com/in/sarah-fluchs/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥The European Commission's Cyber Resilience Act (CRA) introduces a regulatory framework designed to improve the security of digital products sold within the European Union. In a recent episode of Redefining CyberSecurity, host Sean Martin spoke with Sarah Fluchs, Chief Technology Officer at admeritia and a member of the CRA expert group at the EU Commission. Fluchs, who has spent her career in industrial control system cybersecurity, offers critical insights into what the CRA means for manufacturers, retailers, and consumers.A Broad Scope: More Than Just Industrial AutomationUnlike previous security regulations that focused on specific sectors, the CRA applies to virtually all digital products. Fluchs emphasizes that if a device is digital and sold in the EU, it likely falls under the CRA's requirements. From smartwatches and baby monitors to firewalls and industrial control systems, the regulation covers a wide array of consumer and business-facing products.The CRA also extends beyond just hardware—software and services required for product functionality (such as cloud-based components) are also in scope. This broad application is part of what makes the regulation so impactful. Manufacturers now face mandatory cybersecurity requirements that will shape product design, development, and post-sale support.What the CRA RequiresThe CRA introduces mandatory cybersecurity standards across the product lifecycle. Manufacturers will need to:Ensure products are free from known, exploitable vulnerabilities at the time of release.Implement security by design, considering cybersecurity from the earliest stages of product development.Provide security patches for the product's defined lifecycle, with a minimum of five years unless justified otherwise.Maintain a vulnerability disclosure process, ensuring consumers and authorities are informed of security risks.Include cybersecurity documentation, requiring manufacturers to provide detailed security instructions to users.Fluchs notes that these requirements align with established security best practices. For businesses already committed to cybersecurity, the CRA should feel like a structured extension of what they are already doing, rather than a disruptive change.Compliance Challenges: No Detailed Checklist YetOne of the biggest concerns among manufacturers is the lack of detailed compliance guidance. While other EU regulations provide extensive technical specifications, the CRA's security requirements span just one and a half pages. This ambiguity is intentional—it allows flexibility across different industries—but it also creates uncertainty.To address this, the EU will introduce harmonized standards to help manufacturers interpret the CRA. However, with tight deadlines, many of these standards may not be ready before enforcement begins. As a result, companies will need to conduct their own cybersecurity risk assessments and demonstrate due diligence in securing their products.The Impact on Critical Infrastructure and Industrial SystemsWhile the CRA is not specifically a critical infrastructure regulation, it has major implications for industrial environments. Operators of critical systems, such as utilities and manufacturing plants, will benefit from stronger security in the components they rely on.Fluchs highlights that many security gaps in industrial environments stem from weak product security. The CRA aims to fix this by ensuring that manufacturers, rather than operators, bear the responsibility for secure-by-design components. This shift could significantly reduce cybersecurity risks for organizations that rely on complex supply chains.A Security Milestone: Holding Manufacturers AccountableThe CRA represents a fundamental shift in cybersecurity responsibility. For the first time, manufacturers, importers, and retailers must guarantee the security of their products or risk being banned from selling in the EU.Fluchs points out that while the burden of compliance is significant, the benefits for consumers and businesses will be substantial. Security-conscious companies may even gain a competitive advantage, as customers start to prioritize products that meet CRA security standards.For those in the industry wondering how strictly the EU will enforce compliance, Fluchs reassures that the goal is not to punish manufacturers for small mistakes. Instead, the EU Commission aims to improve cybersecurity without unnecessary bureaucracy.The Bottom LineThe Cyber Resilience Act is set to reshape cybersecurity expectations for digital products. While manufacturers face new compliance challenges, consumers and businesses will benefit from stronger security measures, better vulnerability management, and increased transparency.Want to learn more? Listen to the full episode of Redefining CyberSecurity with Sean Martin and Sarah Fluchs to hear more insights into the CRA and what it means for the future of cybersecurity.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/sarah-fluchs_aaand-its-official-the-cyber-resilience-activity-7250162223493300224-zECA/Adopted CRA text: https://data.consilium.europa.eu/doc/document/PE-100-2023-INIT/en/pdfA list of Sarah's blog posts to get your CRA knowledge up to speed:1️⃣ Introduction to the CRA, the CE marking, and the regulatory ecosystem around it: https://fluchsfriction.medium.com/eu-cyber-resilience-act-9e092fffbd732️⃣ Explanation how the standards ("harmonised European norms, hEN") are defined that will detail the actual cybersecurity requirements in the CRA (2023): https://fluchsfriction.medium.com/what-cybersecurity-standards-will-products-in-the-eu-soon-have-to-meet-590854ba3c8c3️⃣ Overview of the essential requirements outlined in the CRA (2024): https://fluchsfriction.medium.com/what-the-cyber-resilience-act-requires-from-manufacturers-0ee0b917d2094️⃣ Overview of the global product security regulation landscape and how the CRA fits into it (2024): https://fluchsfriction.medium.com/product-security-regulation-in-2024-93ddc6dd89005️⃣ Good-practice example for the "information and instructions to the user," one of the central documentations that need to be written for CRA compliance and the only one that must be provided to the product's users (2024): https://fluchsfriction.medium.com/how-to-be-cra-compliant-and-make-your-critical-infrastructure-clients-happy-441ecd859f52⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity: 

⬥GUEST⬥Sarah Fluchs, CTO at admeritia | CRA Expert Group at EU Commission | On LinkedIn: https://www.linkedin.com/in/sarah-fluchs/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber] | On ITSPmagazine: https://www.itspmagazine.com/sean-martin⬥EPISODE NOTES⬥The European Commission's Cyber Resilience Act (CRA) introduces a regulatory framework designed to improve the security of digital products sold within the European Union. In a recent episode of Redefining CyberSecurity, host Sean Martin spoke with Sarah Fluchs, Chief Technology Officer at admeritia and a member of the CRA expert group at the EU Commission. Fluchs, who has spent her career in industrial control system cybersecurity, offers critical insights into what the CRA means for manufacturers, retailers, and consumers.A Broad Scope: More Than Just Industrial AutomationUnlike previous security regulations that focused on specific sectors, the CRA applies to virtually all digital products. Fluchs emphasizes that if a device is digital and sold in the EU, it likely falls under the CRA's requirements. From smartwatches and baby monitors to firewalls and industrial control systems, the regulation covers a wide array of consumer and business-facing products.The CRA also extends beyond just hardware—software and services required for product functionality (such as cloud-based components) are also in scope. This broad application is part of what makes the regulation so impactful. Manufacturers now face mandatory cybersecurity requirements that will shape product design, development, and post-sale support.What the CRA RequiresThe CRA introduces mandatory cybersecurity standards across the product lifecycle. Manufacturers will need to:Ensure products are free from known, exploitable vulnerabilities at the time of release.Implement security by design, considering cybersecurity from the earliest stages of product development.Provide security patches for the product's defined lifecycle, with a minimum of five years unless justified otherwise.Maintain a vulnerability disclosure process, ensuring consumers and authorities are informed of security risks.Include cybersecurity documentation, requiring manufacturers to provide detailed security instructions to users.Fluchs notes that these requirements align with established security best practices. For businesses already committed to cybersecurity, the CRA should feel like a structured extension of what they are already doing, rather than a disruptive change.Compliance Challenges: No Detailed Checklist YetOne of the biggest concerns among manufacturers is the lack of detailed compliance guidance. While other EU regulations provide extensive technical specifications, the CRA's security requirements span just one and a half pages. This ambiguity is intentional—it allows flexibility across different industries—but it also creates uncertainty.To address this, the EU will introduce harmonized standards to help manufacturers interpret the CRA. However, with tight deadlines, many of these standards may not be ready before enforcement begins. As a result, companies will need to conduct their own cybersecurity risk assessments and demonstrate due diligence in securing their products.The Impact on Critical Infrastructure and Industrial SystemsWhile the CRA is not specifically a critical infrastructure regulation, it has major implications for industrial environments. Operators of critical systems, such as utilities and manufacturing plants, will benefit from stronger security in the components they rely on.Fluchs highlights that many security gaps in industrial environments stem from weak product security. The CRA aims to fix this by ensuring that manufacturers, rather than operators, bear the responsibility for secure-by-design components. This shift could significantly reduce cybersecurity risks for organizations that rely on complex supply chains.A Security Milestone: Holding Manufacturers AccountableThe CRA represents a fundamental shift in cybersecurity responsibility. For the first time, manufacturers, importers, and retailers must guarantee the security of their products or risk being banned from selling in the EU.Fluchs points out that while the burden of compliance is significant, the benefits for consumers and businesses will be substantial. Security-conscious companies may even gain a competitive advantage, as customers start to prioritize products that meet CRA security standards.For those in the industry wondering how strictly the EU will enforce compliance, Fluchs reassures that the goal is not to punish manufacturers for small mistakes. Instead, the EU Commission aims to improve cybersecurity without unnecessary bureaucracy.The Bottom LineThe Cyber Resilience Act is set to reshape cybersecurity expectations for digital products. While manufacturers face new compliance challenges, consumers and businesses will benefit from stronger security measures, better vulnerability management, and increased transparency.Want to learn more? Listen to the full episode of Redefining CyberSecurity with Sean Martin and Sarah Fluchs to hear more insights into the CRA and what it means for the future of cybersecurity.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Post: https://www.linkedin.com/posts/sarah-fluchs_aaand-its-official-the-cyber-resilience-activity-7250162223493300224-zECA/Adopted CRA text: https://data.consilium.europa.eu/doc/document/PE-100-2023-INIT/en/pdfA list of Sarah's blog posts to get your CRA knowledge up to speed:1️⃣ Introduction to the CRA, the CE marking, and the regulatory ecosystem around it: https://fluchsfriction.medium.com/eu-cyber-resilience-act-9e092fffbd732️⃣ Explanation how the standards ("harmonised European norms, hEN") are defined that will detail the actual cybersecurity requirements in the CRA (2023): https://fluchsfriction.medium.com/what-cybersecurity-standards-will-products-in-the-eu-soon-have-to-meet-590854ba3c8c3️⃣ Overview of the essential requirements outlined in the CRA (2024): https://fluchsfriction.medium.com/what-the-cyber-resilience-act-requires-from-manufacturers-0ee0b917d2094️⃣ Overview of the global product security regulation landscape and how the CRA fits into it (2024): https://fluchsfriction.medium.com/product-security-regulation-in-2024-93ddc6dd89005️⃣ Good-practice example for the "information and instructions to the user," one of the central documentations that need to be written for CRA compliance and the only one that must be provided to the product's users (2024): https://fluchsfriction.medium.com/how-to-be-cra-compliant-and-make-your-critical-infrastructure-clients-happy-441ecd859f52⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity: 

In this episode, host Eric Johansen welcomes Bill Lucas, Senior Director of Cybersecurity at Mastronardi Produce, to explore the evolving security challenges in agricultural IoT. With over sixteen years of experience across the automotive, healthcare, and tech industries, Bill brings a deep understanding of enterprise risk management, endpoint security, and cyber defense—now applied to one of the world's most critical industries: food production.Bill and Eric explore the unique cybersecurity risks in modern agriculture, from UV robots to robotic bees, and discuss how automation, sensor networks, and supply chain security play pivotal roles in securing these technologies. Bill also shares his personal career journey, offering valuable insights for professionals looking to strengthen their IoT security strategies.Join us for a compelling conversation about the intersection of innovation and cybersecurity in the agricultural sector—and what it takes to secure the future of connected farming. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Pochi giorni fa sui cieli fra la Germania e la Polonia è precipitato un pezzo di un Falcon9 di SpaceX e un detrito è stato trovato nelle campagne polacche. È solo l’ultimo caso di “spazzatura” spaziale che sta creando problemi in orbita e sulla terra. Luigi Bignami, giornalista ed esperto di Spazio, ci spiega quanto possono essere pericolosi questi detriti e come le aziende e le Agenzie Spaziali stanno affrontando il problema.Torniamo a occuparci di cybersecurity, in particolare del settore “embedded” che riguarda la sicurezza dei sempre più diffusi oggetti connessi. Enrico Pagliarini ne parla con Gianni Cuozzo, fondatore e AD di Exein, azienda italiana che si occupa di IoT Security e ha da poco firmato un importante contratto con la taiwanese MediaTek.Ci occupiamo di nuovo di Intelligenza Artificiale. In settimana ANCE, l’Associazione Nazionale Costruttori Edili, ha fatto il punto sulle opportunità per il settore delle costruzioni. Ne parliamo con Massimo Angelo Deldossi, vicepresidente Ance Tecnologia e innovazione e Denise Po, Innovation Manager di Pizzarotti S.p.A.Parliamo poi di una soluzione che aiuta le aziende a trovare i fornitori giusti in ambito professionale come ci spiega Lorenzo Danese, fondatore e AD di TimeFlow, startup che ha recentemente chiuso un round di investimento da 4 milioni di euro.E come sempre in Digital News le notizie di innovazione e tecnologia più importanti della settimana.

Podcast: IoT Security Podcast (LS 23 · TOP 10% what is this?)Episode: IoT Lessons We Learned in 2024Pub date: 2025-01-29Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhat did 2024 teach us about securing the IoT and OT landscape? In this special 2024 lookback episode, Alex Nehmy, Asia Pacific CTO at Phosphorus, revisits impactful moments from industry experts and IoT Security Podcast guests, including Jason Taule,  Patrick Gillespie,  Sean Tufts, Michael Lester, Joel Goins, Khris Woodring, Mike Holcomb, and John Threat who share their unique journeys and lessons-learned in the realm of IoT security and beyond. Reflecting on learnings from 2024 and looking ahead at 2025, the discussion spans...• Why remediation beats endless assessments in IoT security.• Overcoming challenges with legacy systems and device management.• Trends shaping the future of Cyber-Physical Systems.• The power of community in tackling cybersecurity risks. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

What did 2024 teach us about securing the IoT and OT landscape? In this special 2024 lookback episode, Alex Nehmy, Asia Pacific CTO at Phosphorus, revisits impactful moments from industry experts and IoT Security Podcast guests, including Jason Taule,  Patrick Gillespie,  Sean Tufts, Michael Lester, Joel Goins, Khris Woodring, Mike Holcomb, and John Threat who share their unique journeys and lessons-learned in the realm of IoT security and beyond. Reflecting on learnings from 2024 and looking ahead at 2025, the discussion spans...• Why remediation beats endless assessments in IoT security.• Overcoming challenges with legacy systems and device management.• Trends shaping the future of Cyber-Physical Systems.• The power of community in tackling cybersecurity risks. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Send us a textUnlock the secrets of voice security and communication evolution with Shon Gerber on the CISSP Cyber Training Podcast. We tackle the intriguing issue of Subaru's Starlink vulnerability, which Wired Magazine recently spotlighted. This flaw, affecting about a million vehicles, highlights the growing security challenges of IoT and connected vehicles, echoing similar vulnerabilities in other brands like Acura and Toyota. Tune in to discover how these incidents shape the landscape of cybersecurity in the automotive industry.Journey through the fascinating history of communication systems, from the hands-on days of telephone operators to the seamless digital networks we rely on today. Explore the transformation of circuit switch networks and the critical role played by SS7 systems, all while navigating the complex security risks they introduce, such as interception and eavesdropping. Gain insight into how technological progress has bridged global communication gaps and the essential awareness required to address the concomitant security implications.Our conversation takes a deep dive into the world of secure voice communications, examining the transition from traditional analog methods to modern VoIP technology. With threats like eavesdropping, man-in-the-middle attacks, and denial of service on SIP protocols, understanding the nuances of VoIP security is crucial. We also demystify social engineering tactics like vishing and phreaking, offering strategies to bolster defenses against these manipulative threats. Prepare to enhance your cybersecurity expertise and safeguard your systems with practical advice and cutting-edge information.Gain exclusive access to 360 FREE CISSP Practice Questions delivered directly to your inbox! Sign up at FreeCISSPQuestions.com and receive 30 expertly crafted practice questions every 15 days for the next 6 months—completely free! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

President Trump rolls back AI regulations and throws TikTok a lifeline. Attackers pose as Ukraine's CERT-UA tech support. A critical vulnerability is found in the Brave browser. Sophos observes hacking groups abusing Microsoft 365 services and exploiting default Microsoft Teams settings. Researchers uncover critical flaws in tunneling protocols. A breach exposes personal information of thousands of students and educators. Oracle patches 320 security vulnerabilities. Kaspersky reveals over a dozen vulnerabilities in a Mercedes-Benz infotainment system. Tim Starks from CyberScoop discusses executive orders on cybersecurity and the future of CISA. We preview coming episodes of Threat Vector.  Honesty isn't always the best policy.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On our Threat Vector podcast preview today:  IoT devices are everywhere, with billions deployed globally in industries like healthcare, manufacturing, and critical infrastructure. But this explosion of connectivity brings unprecedented security challenges. Host David Moulton speaks with Dr. May Wang, CTO of IoT Security at Palo Alto Networks, about how AI is transforming IoT security. Stay tuned for the full conversation this Thursday.  CyberWire Guest Our guest is Tim Starks from CyberScoop discussing executive orders on cybersecurity and the future of CISA. You can read Tim's article on the recent Biden EO here.   Selected Reading Trump revokes Biden executive order on addressing AI risks (Reuters) TikTok is back up in the US after Trump says he will extend deadline (Bleeping Computer) Hackers impersonate Ukraine's CERT to trick people into allowing computer access (The Record)  Brave Browser Vulnerability Let Malicious Website Mimic as Legitimate One (Cyber Security News)  Ransomware Groups Abuse Microsoft Services for Initial Access (SecurityWeek) Tunneling Flaws Put VPNs, CDNs and Routers at Risk Globally (Hackread) Students, Educators Impacted by PowerSchool Data Breach (SecurityWeek) Oracle To Address 320 Vulnerabilities in January Patch Update (Infosecurity Magazine) Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities (SecurityWeek) Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Device security and cryptography takes center stage in this week's Fish Fry podcast! My guest is Shahram Mossayebi, Founder & CEO at Crypto Quantique. Shahram and I chat about how Shahram's expertise in academia and IoT security vulnerabilities encouraged the creation of Crypto Quantique, the variety of device and IC security solutions offered by Crypto Quantique and how their software-based IoT security platform called QuarkLink helps help developers ensure compliance with connected device legislation.

Podcast: IoT Security PodcastEpisode: A PLC Might Say "Oh No": Unlocking Comprehensive Asset Visibility with Enrique MartinezPub date: 2025-01-07Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host and xIoT security evangelist John Vecchi sits down with Enrique Martinez, OT/IoT Practice Lead at World Wide Technology (WWT), to explore the critical challenges and solutions in securing OT and IoT environments. Enrique shares his journey into cybersecurity, highlights the importance of asset visibility, and discusses how AI is transforming both defense and risk in the cyber-physical world.Key Topics Covered:The foundational importance of asset awareness and behavior analysis.How IT/OT convergence increases vulnerabilities and the need for layered security.Challenges in securing legacy systems and balancing risk with safety.How AI can enhance data analytics, decision-making, and security in OT.Practical insights on remediation and accelerating asset discovery.Featured Insights:“It all starts with asset awareness—knowing what you have and how it behaves is the first step to securing it.”“AI offers great potential for security, but with cyber-physical systems, safety and availability must always come first.” Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode, host and xIoT security evangelist John Vecchi sits down with Enrique Martinez, OT/IoT Practice Lead at World Wide Technology (WWT), to explore the critical challenges and solutions in securing OT and IoT environments. Enrique shares his journey into cybersecurity, highlights the importance of asset visibility, and discusses how AI is transforming both defense and risk in the cyber-physical world.Key Topics Covered:The foundational importance of asset awareness and behavior analysis.How IT/OT convergence increases vulnerabilities and the need for layered security.Challenges in securing legacy systems and balancing risk with safety.How AI can enhance data analytics, decision-making, and security in OT.Practical insights on remediation and accelerating asset discovery.Featured Insights:“It all starts with asset awareness—knowing what you have and how it behaves is the first step to securing it.”“AI offers great potential for security, but with cyber-physical systems, safety and availability must always come first.” Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Podcast: IoT Security PodcastEpisode: Strategies for Industrial Resilience: Insights from Mark MatteiPub date: 2024-12-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Mark Mattei, Global Director of Industrial Managed Security Services at 1898 & Company, unpacks the high-stakes challenges of protecting vital systems from sophisticated attacks. Host John Vecchi highlights the critical issues surrounding IoT and OT security within industrial critical infrastructure. From the importance of cybersecurity in industrial environments to the practical challenges of compliance and regulation and strategies for mitigating cybersecurity threats without compromising operational integrity, Mark shares key insights and actionable advice for operators in today's volatile security landscape.Listeners of this episode will hear about...The Growing Complexity of OT and IT Security Needs: Mark discusses the increasing sophistication of threats targeting critical infrastructure, including state-sponsored attacks and ransomware, and the complexities operators face in balancing security needs with uninterrupted operations. Challenges with Compliance and Budget Constraints: Critical infrastructure operators often face budgetary and regulatory challenges that limit their ability to invest in cybersecurity. Navigating mandates like NERC CIP and adapting to regulatory changes is essential but can detract from proactive security efforts. Building a Supportive Community: Mark encourages operators to reach out within the OT security community for advice and support. With limited experts in this field, sharing knowledge and collaborating can make a significant difference for smaller utilities and organizations facing resource constraints.  Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode, Mark Mattei, Global Director of Industrial Managed Security Services at 1898 & Company, unpacks the high-stakes challenges of protecting vital systems from sophisticated attacks. Host John Vecchi highlights the critical issues surrounding IoT and OT security within industrial critical infrastructure. From the importance of cybersecurity in industrial environments to the practical challenges of compliance and regulation and strategies for mitigating cybersecurity threats without compromising operational integrity, Mark shares key insights and actionable advice for operators in today's volatile security landscape.Listeners of this episode will hear about...The Growing Complexity of OT and IT Security Needs: Mark discusses the increasing sophistication of threats targeting critical infrastructure, including state-sponsored attacks and ransomware, and the complexities operators face in balancing security needs with uninterrupted operations. Challenges with Compliance and Budget Constraints: Critical infrastructure operators often face budgetary and regulatory challenges that limit their ability to invest in cybersecurity. Navigating mandates like NERC CIP and adapting to regulatory changes is essential but can detract from proactive security efforts. Building a Supportive Community: Mark encourages operators to reach out within the OT security community for advice and support. With limited experts in this field, sharing knowledge and collaborating can make a significant difference for smaller utilities and organizations facing resource constraints.  Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Podcast: IoT Security PodcastEpisode: Building a Bridge Across the Divide: The Intersection of IT and OT Cybersecurity with Mike HolcombPub date: 2024-12-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEmphasizing the importance of collaboration and communication, Mike Holcomb shares his extensive experience and practical insights into securing ICS and IoT environments. Holcomb, ICS/OT cybersecurity global lead at Fluor, stresses mastering basic cybersecurity fundamentals and asset inventory, along with the nuances of integrating IT and OT security. The episode aims to bridge gaps between IT and OT teams to fortify defenses against sophisticated cyber threats.Listeners will gain valuable insights into critical takeaways, including:Real-World Impact of Cyber Attacks: Mike explains how high-profile incidents, such as Colonial Pipeline and Triton, highlighted the physical consequences of cyber threats, making clear that OT security is a top priority for critical infrastructure.Bridging the IT-OT Divide: The discussion underscores the need for IT and OT teams to collaborate, as a lack of communication and understanding can leave vulnerabilities open to exploitation.Achievable Defense Strategies: From basic network segmentation to secure remote access, Mike provides practical, accessible steps to strengthen ICS/OT security without overwhelming smaller teams. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode of the IoT For All Podcast, Paul Savill, Global Practice Leader for Network and Edge Computing at Kyndryl, joins Ryan Chacon to discuss taking IoT security seriously. The conversation also covers the IT/OT divide, the challenges of IoT adoption, the security vulnerabilities of legacy infrastructure, the importance of strict security policies and training, the impact of new regulations, when it makes sense to have an in-house security team, strategies for businesses to enhance their security posture, and advice for companies on staying up-to-date with the latest cybersecurity threats. Kyndryl Readiness Report: https://www.kyndryl.com/us/en/about-us/news/readiness-report Paul Savill is the Global Practice Leader for Network and Edge Computing at Kyndryl. He came to Kyndryl from Lumen Technologies, where he was Senior Vice President of Product Management and Services. He has deep expertise across a range of network and edge domains, including edge/cloud, cloud connectivity, SD-WAN, optical networking, content delivery services, and IT services. Kyndryl is the world's largest IT infrastructure services provider, serving thousands of enterprise customers in more than 60 countries. The company designs, builds, manages, and modernizes the complex, mission-critical information systems that the world depends on every day. Discover more about IoT at https://www.iotforall.com Find IoT solutions: https://marketplace.iotforall.com More about Kyndryl: https://www.kyndryl.com Connect with Paul: https://www.linkedin.com/in/paul-savill-6162965/ Our sponsor: https://www.qoitech.com (00:00) Sponsor (00:34) Intro (00:44) Paul Savill and Kyndryl (03:44) Biggest challenges in IoT adoption (07:02) How has the IT/OT divide created security threats (08:37) Security threats of outdated hardware (10:39) How to secure your organization (13:40) How to know how secure you are (15:55) Staying up-to-date on security threats (17:39) When should security be brought in-house? (19:22) Learn more and follow up Subscribe on YouTube: https://bit.ly/2NlcEwm Join Our Newsletter: https://newsletter.iotforall.com Follow Us on Social: https://linktr.ee/iot4all

Emphasizing the importance of collaboration and communication, Mike Holcomb shares his extensive experience and practical insights into securing ICS and IoT environments. Holcomb, ICS/OT cybersecurity global lead at Fluor, stresses mastering basic cybersecurity fundamentals and asset inventory, along with the nuances of integrating IT and OT security. The episode aims to bridge gaps between IT and OT teams to fortify defenses against sophisticated cyber threats.Listeners will gain valuable insights into critical takeaways, including:Real-World Impact of Cyber Attacks: Mike explains how high-profile incidents, such as Colonial Pipeline and Triton, highlighted the physical consequences of cyber threats, making clear that OT security is a top priority for critical infrastructure.Bridging the IT-OT Divide: The discussion underscores the need for IT and OT teams to collaborate, as a lack of communication and understanding can leave vulnerabilities open to exploitation.Achievable Defense Strategies: From basic network segmentation to secure remote access, Mike provides practical, accessible steps to strengthen ICS/OT security without overwhelming smaller teams. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Podcast: IoT Security PodcastEpisode: Critical Infrastructure Security: From Awareness to Action with Khris WoodringPub date: 2024-11-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationRecent years have seen a growing awareness of the vulnerabilities in our critical infrastructure to cyberattacks, particularly from nation-states like Russia, Iran, and China. In this episode of the IoT Security Podcast, host John Vecchi welcomes Khris Woodring, Senior Cybersecurity Architect at Syngenta, to explore the evolving challenges and opportunities in securing critical infrastructure. From his serendipitous journey into the field to actionable insights on workforce development, Khris shares how industries can overcome the persistent talent gap and drive proactive change in OT security.Key topics include:The unique challenges of bridging IT and OT security.Why workforce shortages hinder progress and how industry and academia can collaborate.The importance of standardizing roles, frameworks, and terminology.Stories of how early curiosity sparked a career in cybersecurity.Tune in for a passionate discussion on how to protect the systems that make modern life possible—and the steps we can take to secure a resilient future. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Recent years have seen a growing awareness of the vulnerabilities in our critical infrastructure to cyberattacks, particularly from nation-states like Russia, Iran, and China. In this episode of the IoT Security Podcast, host John Vecchi welcomes Khris Woodring, Senior Cybersecurity Architect at Syngenta, to explore the evolving challenges and opportunities in securing critical infrastructure. From his serendipitous journey into the field to actionable insights on workforce development, Khris shares how industries can overcome the persistent talent gap and drive proactive change in OT security.Key topics include:The unique challenges of bridging IT and OT security.Why workforce shortages hinder progress and how industry and academia can collaborate.The importance of standardizing roles, frameworks, and terminology.Stories of how early curiosity sparked a career in cybersecurity.Tune in for a passionate discussion on how to protect the systems that make modern life possible—and the steps we can take to secure a resilient future. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Guest: Chuck Brooks, President, Brooks ConsultingLinkedIn: https://www.linkedin.com/in/chuckbrooksTwitter: https://twitter.com/chuckdbrooksHost: Dr. Rebecca WynnOn ITSPmagazine  

In the enterprise security news, Some big fundings no less than 4 acquisitions Silencing the EDR silencers ghost jobs overinflated estimates on open cybersecurity jobs weaponizing Microsoft Copilot fun projects with disposable vapes All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-383

Podcast: IoT Security PodcastEpisode: Guarding the Gateways: Tackling IoT Vulnerabilities in Critical Systems with Joel GoinsPub date: 2024-11-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationBusinesses and government organizations have seen threats to critical US infrastructure on the rise in recent years, particularly within IoT and OT systems, posed by cyberattacks, notably from state actors like Iran. With that context, Joel Goins, a veteran of manufacturing, oil and gas, and OT security at large, talks with John Vecchi about the critical need for enhanced security measures for data centers and other vital components, the vulnerabilities present in IoT devices, and the essential steps companies must take to safeguard against both traditional and emerging cyber threats. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In the enterprise security news, Some big fundings no less than 4 acquisitions Silencing the EDR silencers ghost jobs overinflated estimates on open cybersecurity jobs weaponizing Microsoft Copilot fun projects with disposable vapes All that and more, on this episode of Enterprise Security Weekly. Show Notes: https://securityweekly.com/esw-383

Businesses and government organizations have seen threats to critical US infrastructure on the rise in recent years, particularly within IoT and OT systems, posed by cyberattacks, notably from state actors like Iran. With that context, Joel Goins, a veteran of manufacturing, oil and gas, and OT security at large, talks with John Vecchi about the critical need for enhanced security measures for data centers and other vital components, the vulnerabilities present in IoT devices, and the essential steps companies must take to safeguard against both traditional and emerging cyber threats. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode of FarmBits, Rana and Katie explore the role of IoT (Internet of Things) in enhancing agricultural security. From smart sensors and biophysical authentications, IoT technologies are transforming how farmers safeguard their crops and livestock. Learn how these innovative tools are being designed to provide real-time monitoring, prevent threats like theft, and ensure the integrity of food production. Join us as we discuss the future of IoT in securing sustainable and efficient farming practices with Dr. Nirnimesh Ghose, an assistant professor from UNL's school of computing. Contact Information: E-mail: nghose@unl.edu Website: https://cse.unl.edu/~nghose/ FarmBits Contact Information: E-Mail: farmbits@unl.edu Twitter: https://twitter.com/UNLFarmBits Facebook: https://www.facebook.com/UNLFarmBits Rana's LinkedIn: https://www.linkedin.com/in/rana-farrasati-945aa5141/ Katie's LinkedIn:https://www.linkedin.com/in/katie-bathke-a15082246/ Opinions expressed by the hosts and guests on this podcast are solely their own, and do not reflect the views of Nebraska Extension or the University of Nebraska - Lincoln.

A Hacker's Perspective on Vulnerable Civic Infrastructure In this episode, host Jim Love explores the vulnerabilities of civic infrastructure with cybersecurity expert Nick Aleks. They discuss how hackers view and exploit city systems, the dangers of default passwords and outdated firmware, and the risks associated with smart buildings and operational technology. Nick provides insights on how bad actors can leverage these weaknesses for massive attacks and offers recommendations for improving security through collaboration, proactive measures, and the incorporation of AI technologies. This enlightening discussion highlights the urgent need for better security practices in our increasingly connected urban environments. 00:00 Introduction and Context 00:18 Meet the Expert: Nick Aleks 00:51 A Hacker's Perspective on City Infrastructure 03:20 Penetration Testing and Vulnerabilities 04:26 Targeting Civic Infrastructure 20:30 Smart Buildings and IoT Security 25:12 Defensive Strategies and Collaboration 32:29 The Role of AI in Security 35:06 Conclusion and Final Thoughts

A Hacker's Perspective on Vulnerable Civic Infrastructure In this episode, host Jim Love explores the vulnerabilities of civic infrastructure with cybersecurity expert Nick Aleks. They discuss how hackers view and exploit city systems, the dangers of default passwords and outdated firmware, and the risks associated with smart buildings and operational technology. Nick provides insights on how bad actors can leverage these weaknesses for massive attacks and offers recommendations for improving security through collaboration, proactive measures, and the incorporation of AI technologies. This enlightening discussion highlights the urgent need for better security practices in our increasingly connected urban environments. 00:00 Introduction and Context 00:18 Meet the Expert: Nick Aleks 00:51 A Hacker's Perspective on City Infrastructure 03:20 Penetration Testing and Vulnerabilities 04:26 Targeting Civic Infrastructure 20:30 Smart Buildings and IoT Security 25:12 Defensive Strategies and Collaboration 32:29 The Role of AI in Security 35:06 Conclusion and Final Thoughts

In this episode of the Security Swarm Podcast, host Andy Syrewicze and our regular guest, Paul Schnackenburg, provide a comprehensive overview of the Microsoft Defender ecosystem. They cover the various Defender products, including:  Defender for Endpoint - Microsoft's enterprise endpoint security solution with different licensing tiers  Defender for Identity - Cloud-based threat detection for on-premises Active Directory  Defender Vulnerability Management - Inventory and risk assessment of software on endpoints  Defender for IoT - Security for Internet of Things and operational technology environments  Defender for Cloud - Cloud security for Azure, AWS, and GCP resources  And Others!  They also discuss the "Defender adjacent" services like Microsoft Entra (identity), Microsoft Purview (data security/governance), and Microsoft Defender for Cloud Apps (CASB).  A key focus of the discussion is the complexity and management challenges that come with this expansive Defender suite. The host and the guest note the large number of different management portals, the difficulty of adequately configuring and leveraging all the features, and the need for dedicated security teams to utilize these enterprise-grade tools fully.   Further down the line, Andy and Paul explore the significant value that third-party security solutions can provide in augmenting or simplifying the M365 security experience. They highlight how third-party tools can offer easier deployment, management, and specialized capabilities that may be outside the core focus of the broader Defender ecosystem, thereby enhancing the overall security posture of an organization.   Overall, this episode takes a deep dive into the Microsoft Defender landscape, exploring the pros and cons of the comprehensive suite and offering insights on how organizations can optimize their security with a mix of Microsoft and third-party solutions.  CTA: Overwhelmed by the complexity of the Microsoft Defender ecosystem? Simplify your Microsoft 365 security, risk management, governance, compliance, and backup with 365 Total Protection by Hornetsecurity.  Key Takeaways:  The Microsoft Defender ecosystem has grown significantly beyond the basic antivirus/anti-malware solution, now encompassing a wide range of security products and services across endpoints, cloud, identity, and more.  Navigating the Defender suite can be challenging due to the sheer number of products, overlapping features, and disparate management portals, especially for smaller organizations without dedicated security teams.  Licensing for Defender products can be complex, with different SKUs (P1, P2, Business Premium, E3, E5) offering varying levels of functionality and requiring careful evaluation to ensure the right fit.  Third-party security solutions can provide value by offering simplified management, enhanced detection capabilities, and avoiding over-dependence on a single vendor (Microsoft) for an organization's security needs.  Proper configuration and ongoing optimization of Defender tools is difficult and time consuming, leaving the full potential of the suite to enterprises with dedicated security teams.  Microsoft Defender XDR (Extended Detection and Response) aims to integrate Defender products into a more cohesive security platform. Still, it requires significant resources and expertise to implement effectively.  Timestamps:  (02:00) Overview of the Microsoft Defender ecosystem  (07:00) Differences between Microsoft Defender for Endpoint P1, P2, and Business Premium  (13:00) Explanation of Microsoft Defender for Identity and its on-premises vs cloud components  (19:00) Discussion of Microsoft Defender Vulnerability Management and its challenges for small/medium businesses  (32:00) Value that third-party security solutions can provide compared to the Microsoft Defender suite  Episode Resources:  Security Swarm Episode on M365 Security Licensing

Guest: Abraham Aranguren, Managing Director at 7ASecurity [@7aSecurity]On LinkedIn | https://www.linkedin.com/in/abrahamaranguren/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesIn this On Location episode recorded in Lisbon at the OWASP AppSec Global event, Sean Martin engages in a comprehensive discussion with Abraham Aranguren, a cybersecurity trainer skilled at hacking IoT, iOS, and Android devices. The conversation delves into the intricacies of mobile application security, touching on both the technical and procedural aspects that organizations must consider to build and maintain secure apps.Abraham Aranguren, known for his expertise in cybersecurity training, shares compelling insights into identifying IoT vulnerabilities without physically having the device. By reverse engineering applications, one can uncover potential security flaws and understand how apps communicate with their IoT counterparts. For instance, Aranguren describes exercises where students analyze mobile apps to reveal hardcoded passwords and unsecured Wi-Fi connections used to manage devices like drones.A significant portion of the discussion revolves around real-world examples of security lapses in mobile applications. Aranguren details an incident involving a Chinese government app that harvests personal data from users' phones, highlighting the serious privacy implications of such vulnerabilities. Another poignant example is Hong Kong's COVID-19 contact-tracing app, which stored sensitive user information insecurely, revealing how even high-budget applications can suffer from critical security flaws if not properly tested.Sean Martin, drawing from his background in software quality assurance, emphasizes the importance of establishing clear, repeatable processes and workflows to ensure security measures are consistently applied throughout the development and deployment phases. He and Aranguren agree that while developers need to be educated in secure coding practices, organizations must also implement robust processes, including code reviews, automated tools for static analysis, and third-party audits to identify and rectify potential vulnerabilities.Aranguren stresses the value of pentests, noting that organizations often show significant improvement over multiple tests. He shares experiences of clients who, after several engagements, greatly reduced the number of exploitable vulnerabilities. Regular, comprehensive testing, combined with a proactive approach to fixing identified issues, helps create a robust security posture, ultimately making applications harder to exploit and dissuading potential attackers.For businesses developing apps, this episode underscores the necessity of integrating security from the ground up, continuously educating developers, enforcing centralized security controls, and utilizing pentests as a tool for both validation and education. The ultimate goal is to make applications resilient enough to deter attackers, ensuring both the business and its users are protected.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our OWASP AppSec Global Lisbon 2024 coverage: https://www.itspmagazine.com/owasp-global-2024-lisbon-application-security-event-coverage-in-portugalOn YouTube:

Christin Cifaldi, Director of Product Development & Analytics, joins us on today's podcast to discuss the concept of the internet of things (IoT) in technology. What is the IoT, and what are its benefits and risks? Listen in to learn more.

Explore the intricate challenges and solutions in managing OT cybersecurity, particularly emphasizing the importance of active querying over passive deep packet inspection, with Michael Lester, Senior Product Security Engineer at Rockwell Automation! Lester underscores the necessity of segmenting networks, improving visibility, and fostering collaboration between IT and OT teams to mitigate risks and enhance security. His journey, from passionate mentorship to pursuing a PhD, exemplifies a commitment to advancing industrial cybersecurity frameworks and education. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Podcast: IoT Security PodcastEpisode: Navigating the Convergence: Securing OT in a Connected WorldPub date: 2024-05-14In this episode, we're diving deep into the world of Operational Technology (OT) and IoT security, exploring the critical challenges and evolving threat landscape that are impacting sectors from manufacturing to critical infrastructure and healthcare. With insights from Patrick Gillespie, an OT expert at GuidePoint Security, we'll discuss the convergence of IT and OT systems, the risks introduced by COVID-19, and the advanced solutions from providers like Phosphorus that are combatting these threats. Patrick also sheds light on his personal journey from military service to a cybersecurity career, and the essential steps organizations should take to bolster their OT security, from embracing cyber hygiene to implementing robust security programs. Join us as we uncover the pressing issues facing IoT security today and how innovations are driving a safer, more secure operational environment. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: IoT Security PodcastEpisode: Navigating the Convergence: Securing OT in a Connected WorldPub date: 2024-05-14In this episode, we're diving deep into the world of Operational Technology (OT) and IoT security, exploring the critical challenges and evolving threat landscape that are impacting sectors from manufacturing to critical infrastructure and healthcare. With insights from Patrick Gillespie, an OT expert at GuidePoint Security, we'll discuss the convergence of IT and OT systems, the risks introduced by COVID-19, and the advanced solutions from providers like Phosphorus that are combatting these threats. Patrick also sheds light on his personal journey from military service to a cybersecurity career, and the essential steps organizations should take to bolster their OT security, from embracing cyber hygiene to implementing robust security programs. Join us as we uncover the pressing issues facing IoT security today and how innovations are driving a safer, more secure operational environment. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode, we're diving deep into the world of Operational Technology (OT) and IoT security, exploring the critical challenges and evolving threat landscape that are impacting sectors from manufacturing to critical infrastructure and healthcare. With insights from Patrick Gillespie, an OT expert at GuidePoint Security, we'll discuss the convergence of IT and OT systems, the risks introduced by COVID-19, and the advanced solutions from providers like Phosphorus that are combatting these threats. Patrick also sheds light on his personal journey from military service to a cybersecurity career, and the essential steps organizations should take to bolster their OT security, from embracing cyber hygiene to implementing robust security programs. Join us as we uncover the pressing issues facing IoT security today and how innovations are driving a safer, more secure operational environment. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Discover cutting-edge IoT cybersecurity strategies with insights from expert Eric Johansen. Join us as we delve into the world of IoT cybersecurity with Eric Johansen from Phosphorus. Eric discusses the challenges and solutions for managing IoT devices at scale, the critical importance of asset inventory, and the significant risks posed by outdated technology. This episode is perfect for IT pros, cybersecurity experts, and business leaders looking to enhance their cybersecurity knowledge. In this episode, we'll cover: Managing IoT devices at scale: Best practices and solutions The importance of asset inventory in IoT security Identifying and mitigating risks from outdated technology Real-world examples of IoT vulnerabilities Innovative solutions from Phosphorus for IoT security Eric Johansen's insights provide valuable knowledge for anyone involved in managing and securing connected devices. Don't miss this episode for practical advice and expert perspectives on tackling IoT security challenges. #IoT #Cybersecurity #TechTrends #OTSecurity #SmartDevices #IoTSecurity #TechInnovation 

Following audience responses to Pod 107 with Jason Blake, Secarma Jen Williams has circled back to do a deeper dive into the PSTI legislation and IoT devices. With the legislation going live at the end of April, any manufacturers that have not yet found a successful route to show compliance should listen to this podcast which goes into finer detail with Jason Blake. As IASME's IOT scheme manager, Jason shares a selection of ways to navigate the legislation and he and Jen discuss the ways to approach an accreditation that will also help any business and their devices to improve on the journey. They also look at the wider implications around unsecured internet devices and the likelihood that governing bodies will levy some large fines early on to impress the importance of complying on manufacturers. For more information regarding IOT and the PSTI legislation you can check out the resources section of the secarma.com website at https://secarma.com/resources/iot-and-psti/

Guest: ✨ Jason Nurse, Reader in Cyber Security, University of Kent, UK [@UniKent]On LinkedIn | https://www.linkedin.com/in/jasonrcnurseOn Twitter | https://twitter.com/jasonnurse____________________________Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli_____________________________This Episode's SponsorsBlackCloak

In episode 80 of Cybersecurity Where You Are, co-host Tony Sager is once again joined by Philip Reitinger, President and CEO of Global Cyber Alliance. Together, they continue their discussion around Common Good Cyber. Tony and Philip begin by recapping the events of the Common Good Cyber Workshop on February 26–27, 2024. From there, they explore the perspective of IT companies and governments in supporting common good solutions for the cybersecurity industry. They conclude their conversation by looking to the future of Common Good Cyber and explaining how you can get involved. ResourcesFollow Philip on LinkedInCommon Good Cyber Workshop: February 26–27, 2024Episode 75: How GenAI Continues to Reshape CybersecurityEpisode 60: Guiding Vendors to IoT Security by DesignEstablishing Essential Cyber HygieneIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

Join us on The Audit for a critical examination of cybersecurity's latest frontiers: threats to our water system and the push for global IoT security standards.  In this episode, our team of cybersecurity experts, Eric Brown and Nick Mellum, dissect the Biden administration's recent warnings about cyber-attacks on U.S. water utilities and delve into the newly announced IoT device security specifications by The Cloud Security Alliance (CSA). From nation-state actors targeting essential infrastructure to the complexities of securing IoT devices in your home, this discussion offers invaluable insights into safeguarding our digital and physical worlds. What You'll Learn: The significance of recent cybersecurity warnings regarding the water sector. The importance of a unified cybersecurity standard for IoT devices. Strategies for securing IoT devices within corporate and home networks. The role of cybersecurity in ensuring the safety and reliability of essential public utilities. 

Guests: Linda Gray Martin, Vice President at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/linda-gray-martin-223708/On Twitter | https://twitter.com/LindaJaneGrayBritta Glade, Senior Director, Content & Curation at RSA Conference [@RSAConference]On LinkedIn | https://www.linkedin.com/in/britta-glade-5251003/On Twitter | https://twitter.com/brittaglade____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesWelcome to the kickoff of our comprehensive coverage for RSA Conference 2024, a pivotal gathering that unites minds from all corners of cybersecurity under one expansive theme: The Art of Possible. This year, we're breaking down the walls of impossibility, bringing the power of imagination, humanity, innovation and community into the realm of cybersecurity and beyond.The Fabric of CreativityIn an engaging exchange between the On Location Coverages hosts Sean Martin and Marco Ciappelli, the conversation begins with a reflection on what's possible. Martin and Ciappelli, in a funny exchange bring forth the concept of the "plausible impossible," a creative doctrine that pushes the boundaries of our imagination and challenges the limits of reality. This theme strongly correlates with this year's RSA Conference, focused on exploring the myriad potentials within the cybersecurity landscape.Tradition Meets InnovationA tradition that Sean and Marco hold dear is the annual inclusion of Linda Gray Martin and Britta Glade, central figures in the orchestration of the RSA Conference. Their participation signifies the commencement of a profound exploration into cybersecurity trends, themes, and innovative ideas set to shape the future. The conversation warmly unfolds to welcome these pivotal voices, shedding light on the central theme, "The Art of Possible," and its implications for the global cybersecurity community.Bridging Ideas and ImplementationThe discourse navigates through various aspects of the conference, from keynote speakers to new tracks, emphasizing the commitment to diversity, advancement, and community. With over 2,700 submissions and a broad spectrum of sessions, the RSA Conference stands as a testament to what becomes attainable when different minds unite in pursuit of a shared vision.Among the highlights, Linda Gray Martin and Britta Glade touch upon the essence of community at the conference, illustrating how collective effort can transcend traditional barriers, fostering innovation and progress. The introduction of new programs, such as the Next Stage Expo, reaffirms the conference's dedication to nurturing growth at every level, providing a stepping stone for emerging companies.Forging Ahead: The Exploration ContinuesAs we venture closer to RSA Conference 2024, set against the backdrop of San Francisco's iconic Moscone Center, the anticipation builds for what promises to be an extraordinary congregation of cybersecurity's brightest. From groundbreaking keynotes by industry visionaries to immersive track sessions that traverse the unknown, the conference is a beacon for those eager to explore the vastness of what's achievable.A Journey AwaitsFor newcomers and veterans alike, RSA Conference 2024 is more than an event; it's an expedition into the heart of innovation, an opportunity to witness the unfolding of the art of possible firsthand. With thoughtful preparation and an open mind, attendees are poised to discover insights that could redefine the trajectory of cybersecurity and beyond.As we inch closer to May 2024, the excitement is palpable, with much left to uncover. This year's RSA Conference is not just a event; it's a convergence of ideas, a celebration of potential, and most importantly, a gathering of a community that believes fiercely in the art of turning the impossible into the possible.Join us, as we step into a realm where imagination meets reality, at RSA Conference 2024.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageOn YouTube:

Medical devices are an essential element of patient care. They're also network-connected devices that need resilient connectivity and security. On today's Tech Bytes we examine the challenges of supporting and securing connected medical devices, including threats, vulnerabilities, and regulatory frameworks. We'll also discuss strategies and best practices to manage medical device risks and ensure the... Read more »

Medical devices are an essential element of patient care. They're also network-connected devices that need resilient connectivity and security. On today's Tech Bytes we examine the challenges of supporting and securing connected medical devices, including threats, vulnerabilities, and regulatory frameworks. We'll also discuss strategies and best practices to manage medical device risks and ensure the... Read more »

Medical devices are an essential element of patient care. They're also network-connected devices that need resilient connectivity and security. On today's Tech Bytes we examine the challenges of supporting and securing connected medical devices, including threats, vulnerabilities, and regulatory frameworks. We'll also discuss strategies and best practices to manage medical device risks and ensure the... Read more »

In episode 77 of Cybersecurity Where You Are, co-hosts Sean Atkinson and Tony Sager are joined by Roger Grimes, Data-Driven Defense Evangelist at KnowBe4. Together, they discuss how to use data to inform your decision-making in cybersecurity. They begin by discussing the cybersecurity industry's lack of maturity in its use of data. From there, they explore the risks of not using data to make cybersecurity decisions. In Tony's words, the cybersecurity industry doesn't have to accept "perfection is the enemy of the good" as its paradigm. When we understand the data with which we can work, we can frame the information in a way to strengthen the cybersecurity posture of our respective organizations.ResourcesFollow Roger on LinkedInA Data-Driven Computer Security Defense: THE Computer Security Defense You Should Be UsingCybersecurity at Scale: Piercing the Fog of MoreKnown Exploited Vulnerabilities CatalogEpisode 60: Guiding Vendors to IoT Security by DesignEpisode 75: How GenAI Continues to Reshape CybersecurityFighting Phishing: Everything You Can Do to Fight Social Engineering and PhishingIf you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing podcast@cisecurity.org.

In this edition of The Future of Cybersecurity Newsletter, we explore how CISOs can enhance their cybersecurity strategies by adopting aviation survivability fundamentals. This approach offers a fresh perspective on risk assessment, system resilience, and continuous improvement, drawing parallels between the structured rigor of aviation safety and the dynamic field of cybersecurity.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

Join us in this episode as we dive into the intricacies of breaking down silos within teams. We'll examine the unique challenges these silos pose in diverse and international contexts, exploring how they impact collaboration, innovation, and threat response.Additionally, gain valuable insights and strategies for navigating team dynamics in predominantly male-dominated fields.About Our GuestWith over two decades of information security and cybersecurity experience, I am the CEO and founder of AnzenSage, a cybersecurity advisory consultancy that specializes in security risk resilience for the food sector. My mission is to help food businesses protect their data, people, and processes from cyber threats while aligning with their strategic objectives and regulatory requirements.I am also a recognized thought leader and speaker in the cybersecurity industry, with a focus on Operational Technology (OT) and IoT Security. I have delivered presentations and panels at various events, such as S4, ICS2, and Industrial Cybersecurity Conference, and contributed to white papers, TV, magazine articles, and various podcasts. In my previous roles, I have led global teams for Fortune 500 companies, providing trusted advice and innovative solutions for cybersecurity challenges. I am passionate about sharing my knowledge and insights with others, and mentoring the next generation of cybersecurity professionals. In my free time, I enjoy photography and travelling.The Toxic Leadership PodcastInstagram: @ToxicLeadershipPodcast Dr. Kevin Sansberry II is a behavioral scientist and executive coach with expertise in toxic leadership, human capital strategy, and creating inclusive cultures of belonging to enhance organization performance. Over the years, Kevin has focused on providing research-informed solutions in various settings such as higher education, nonprofit, sales, and corporate environments. Follow KEVRA: The Culture Company on Linkedin to keep up with your favorite behavioral scientist, Dr. Sansberry. At KEVRA: The Culture Company, we partner to effectively evolve your organizational culture by focusing on competency development, best practices, and leading research to deliver systemic and innovative solutions for company success. Have a question for Dr. Sansberry? Visit askdrkev.com to send your leadership and organizational-related questions. Love the show? Subscribe, rate, review & share! https://thetoxicleadershippodcast.com/

Can I force my Maps application to keep the same route without modifying it? Why am I receiving an error 431 when visiting a webpage on my browser? And Rod Pyle talks about the recent eclipse, and Chris Marquardt joins us to review the prolonged photo assignment review of "Adorable"! The satellites of the future are heading to space right now. Leo shows off the Pixel 8 Pro phone he just recently got. NFL Sunday Ticket draws about 1.3 million fans to YouTube. Can I swap in a new drive into my Plex server setup when it's been backed up with a copy of my old drive used on the server? How can I keep the same route on my GPS application without having Google Maps change it? Rod Pyle and the Annular Solar Eclipse. How often should I update my phone? Should I be concerned with my phone's security when traveling overseas? What's the difference between cybersecurity and privacy? Chris Marquardt and the Photo Assignment review of "Adorable." What is "Error 431", and why am I getting it on a specific browser? Why are livestreams not playing on my Samsung Smart TV? Should I use a separate network for my security cameras, lights, and other smart home accessories for the best IoT security? Hosts: Leo Laporte and Mikah Sargent Guests: Rod Pyle and Chris Marquardt Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit Show notes and links for this episode are available at: https://twit.tv/shows/ask-the-tech-guys/episodes/1996 Download or subscribe to this show at: https://twit.tv/shows/ask-the-tech-guys Sponsors: Melissa.com/twit GO.ACILEARNING.COM/TWIT