How can an early interest in taking things apart lead to a career in penetration testing, connected device security, and, eventually, to Finite State?
How does OT product security compare to consumer IoT product security?
How do we make room for basic security fundamentals that prevent or mitigate vulnerabilities? And how do we make sure we remember to check for critical flaws before we seal the box on these devices?
On this episode of the IoT: The Internet of Threats podcast, we met with Larry Pesce, Finite State's new Product Security and Analysis Director and co-host of the long-running Paul's Security Weekly podcast, to:
Check out the discussion on this latest episode of IoT: The Internet of Threats podcast.
In this episode, Eric and Larry discuss:
Competitive pressures force many manufacturers to sell their connected devices on razor-thin profit margins that don't easily allow investment into often-invisible differentiators like product security. That is why it's often on the chopping block when trying to meet a price point. In consumer IoT, where manufacturers sometimes white-box a set of firmware across multiple manufacturers, multiple SKUs can all suffer the same endemic problems with vulnerable code.
How do we make room for basic security fundamentals that prevent or mitigate vulnerabilities? How do we make sure we remember to check for critical flaws before we seal the box on these devices?
On this episode of the IoT: The Internet of Threats podcast, Larry Pesce, Finite State's new Product Security and Analysis Director, joins me to explore how we make sure product security remains a priority when cost-cutting pressures mount.
Many products within OT networks were designed for 20- to 30-year lifespans, and those lifespans are expiring. With the rising likelihood that OT products may harbor serious security issues, how can an SBOM help? And should regulation play a role in helping security practitioners see its value?
Hear Larry Pesce, Finite State's new Product Security and Analysis Director, explain the value of the SBOM in OT environments and why it's a lot more than the check-box assigned to this valuable tool by some.
Since joining Finite State, Larry has been serving as a senior consultant, providing expert product security program design and development and IoT pen testing guidance and services to product security teams worldwide. He is also a Certified Instructor at the SANS Institute and has co-hosted the Paul's Security Weekly podcast since 2005. Before joining Finite State, Larry spent 15 years as a penetration tester (amongst his various roles) focused on healthcare, ICS/OT, wireless, and IoT/IIoT embedded devices. Larry holds several GIAC certifications and earned his B.S. in Computer Information Systems from Roger Williams University.
All episodes of Finite State’s “The Internet of Threats” podcast can be heard on Spotify, Apple Podcasts, and Google Podcasts.
Listen to this episode in its entirety below!