Product Security Teams: How the Heck Do You Run Them? - with Josh Corman
Release Date: 04/25/2022
Cybersecurity Ratings: A New Dawn in IoT or Just Another Day? with Larry Pesce, Product Security Research and Analysis Director, Finite State
IoT: The Internet of Threats
On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and Larry Pesce (Finite State Director of Product Security Research and Analysis) delve into the recently announced U.S. Cyber Trust Mark, a cybersecurity labeling program for IoT devices - a long-anticipated directive of Executive Order 14028. Larry and Eric explore how, in contrast to static ratings like ENERGY STAR, this dynamic IoT security score will attempt to reflect the continually evolving landscape of cybersecurity threats and controls. They delve into the efficacy of this voluntary labeling...
info_outline
AI and Cybersecurity: A Love Story or Security Nightmare? Pass the Popcorn, Please! with Alexander Fleischer
IoT: The Internet of Threats
In the latest episode of IoT: The Internet of Threats, podcast host Eric Greenwald sat down with guest Alexander Fleischer for a thought-provoking dialogue. They delved deep into the escalating symbiosis between artificial intelligence (AI) and cybersecurity. Fleischer elaborated on the rapid and complex evolution of AI, particularly in relation to its increasing role in cybersecurity procedures. The conversation also extended to the potential implications of AI on the future job market and the nature of human-AI interactions. A significant portion of the discussion was dedicated to the...
info_outline
How Big is Your Data? The Increasing Demand for Detailed, Actionable Information in Cybersecurity, with Dino Boukouris, Founder and Managing Director, Momentum Cyber
IoT: The Internet of Threats
In this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and Dino Boukouris, Founder and Managing Director of Momentum Cyber, delve into the increasing demand for detailed, actionable data in providing cybersecurity services. Eric and Dino scrutinize the role of regulations, assessing whether they inspire innovation or inadvertently stifle growth. They also examine the crucial part that data analytics and Software Bill of Materials (SBOM) play in today's risk management practices. Will the increased prevalence of AI and emerging regulations bring about significant...
info_outline
The FDA will soon require SBOMs for medical devices. Are you ready? with Larry Pesce, Product Security Research and Analysis Director, Finite State
IoT: The Internet of Threats
On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and Larry Pesce (Finite State Director of Product Security Research and Analysis) explore the FDA's new Refuse to Accept (RTA) decision process and what it means for successful premarket submissions of medical devices. Together, Larry and Eric examine how prepared the industry is for the coming changes and assess how medical device manufacturers may weigh the new risk-benefit calculus. Eric and Larry also look at how past cyberattacks lead companies to forge enduring changes in cybersecurity culture and controls...
info_outline
Coming Soon? Getting Sued for Crappy Software? with John Banghart, Senior Director for Cybersecurity Services, Venable LLP
IoT: The Internet of Threats
On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald meets up with John Banghart, Senior Director for Cybersecurity Services at Venable LLP, a law firm that provides cybersecurity and privacy risk management advisory to clients of all shapes and sizes across a wide variety of sectors. Venable also runs a called the Center for Cybersecurity Policy & Law that connects private-sector companies with government organizations to discuss policy and standards issues. John Banghart has nearly 30 years of federal government and private sector experience in...
info_outline
The SBOM Challenge: Wait ... there was a contest? Who won?? with Matt Wyckhouse, Founder & CEO of Finite State
IoT: The Internet of Threats
On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald interviews Matt Wyckhouse, Founder and CEO of Finite State. Throughout his career, Matt has spearheaded complex national security programs ranging from detection of malicious integrated circuits in the supply chain to next-generation intrusion detection systems for automotive systems. Matt directed numerous intelligence programs related to the security of embedded and IoT devices and has been a speaker on the subject at security events. Together, Eric and Matt revisit February's S4x23 event and its SBOM...
info_outline
So, What the Heck Are You Supposed to Do with an SBOM? with Dr. George Shea, Chief Technologist at the Foundation for Defense of Democracies
IoT: The Internet of Threats
On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald interviews Dr. George Shea, the Chief Technologist of the Transformative Cyber Innovation Lab (also known as the TCIL or the Lab) of the Foundation for Defense of Democracies (FDD), a nonprofit, nonpartisan 501(c)(3) research institute that concentrates on foreign policy and national security. George is also a member of the Operational Resilience Framework (ORF) Task Force, Cybersecurity Canon, and a contributor at The CyberWire. Together, Eric and George examine the continuous visibility that SBOM...
info_outline
What's Going on with ICS Security, and What's SBOM Got to Do with It? with Dale Peterson, ICS Security Catalyst and Founder of S4 Events
IoT: The Internet of Threats
On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald interviews Dale Peterson, a widely recognized name in the OT cybersecurity field and, specifically, in ICS (industrial control system) security. Dale is the founder of S4, the premiere event in ICS security. Dale created the event in 2007 to showcase the best offensive and defensive work in ICS security and to build connections within the industry. He founded Digital Bond, an ICS / SCADA cybersecurity consulting company in 1998 and serves as its CEO. Together, Eric and Dale examine the origins of...
info_outline
Mind of a Hacker, Role of a Defender, with Larry Pesce, Product Security Research and Analysis Director at Finite State
IoT: The Internet of Threats
On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald sits down with Larry Pesce, a lifelong tinkerer whose obsession with how things work led him to his role as Finite State's new Product Security and Analysis Director. Together they explore how Larry began his long and accomplished career as a pen tester and security and research expert. Eric and Larry also examine the pressure that lower production budgets impose on product security professionals, the questionable value of regulation as a catalyst to drive product security investment and improvements, and the...
info_outline
The Cyber Insurance Questionnaire: Please Tell Me There's Another Way!, with Davis Hake, Co-Founder of Resilience
IoT: The Internet of Threats
On this episode of the IoT: The Internet of Threats podcast, Davis Hake, Co-Founder of Resilience, joins podcast host Eric Greenwald to explore the cybersecurity insurance marketplace and how a startup insurer like Resilience can differentiate itself in the space. Eric and Davis discuss how the increasing frequency and severity of ransomware and supply chain attacks are driving increases in premiums, how insurers evaluate a company's cyber risk, and how they can guide companies to improve their cybersecurity ecosystems. Interview with Davis Hake Davis Hake co-founded...
info_outlineOn this week's episode of IoT: The Internet of Threats podcast, host Eric Greenwald discusses recent news in product and supply-chain cybersecurity with Nick and Sam, the Vidovich brothers. He interviews Joshua Corman, former Chief Strategist at CISA COVID Task Force and Founder of I am The Cavalry.
News Roundup:
This week's Weekly News Roundup covers:
- Assessing the difference between Spring4Shell and Log4j vulnerabilities
- New draft, bipartisan legislation that would require SBOMs for medical devices
Interview with Josh Corman:
Josh has worked in security for many years. His background includes a lot of in-depth work in cyber and physical security for medical devices.
Josh is also widely known as the godfather of the Software Bill of Materials (SBOM).
All of this experience led to his recent work with the government as the Chief Strategist for the CISA COVID Task Force.
On the episode, Josh and Eric discuss the key functions of a product security team and the critical leadership role of the Chief Product Security Officer.
Josh and Eric also discuss:
- How a world increasingly dependent on digital infrastructure can be protected
- Trends and forces that have made product security roles increasingly important
- General principles for prioritizing and accurately interpreting the severity of threat reports
- Guidance for teams that lack sufficient resources
- How to buy down more risk with fewer resources
Connect with Josh Corman: https://www.linkedin.com/in/joshcorman/
Learn more about I am The Cavalry at https://iamthecavalry.org/
Read up on the Health Care Industry Cybersecurity Task Force here: https://www.phe.gov/Preparedness/planning/CyberTF/Pages/default.aspx
Thank you for listening to this episode of IoT: The Internet of Threats podcast, powered by Finite State — the leading product security solution provider for connected devices and embedded systems.
If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.
To learn more about building out a robust product security program, protecting your connected devices, and complying with emerging supply-chain cybersecurity regulations and technical standards, visit https://finitestate.io/.