Video Hub | Finite State

Security Expertise Videos

Product Security On Demand

Experience the future of product security through our immersive video content. From Al-powered analysis to real-world case studies, discover how industry leaders protect their digital assets.

113 results

•
AI in Cybersecurity(18 Videos)

How AI and Supply Chain Risk Are Shaping IoT Security

Generative AI is changing the threat landscape with faster malware development, deepfakes, and highly convincing phishing. Combined with stricter supp...

AI and the Future of SBOMs

Discover how AI is reshaping SBOMs and software security, driving smarter triage, deeper reachability analysis, and helping navigate rising regulatory...

artificial intelligence

AI Autonomy vs Oversight

Discover how AI agents are reshaping human roles—and why it’s time to rethink your place as the orchestrator of intelligent systems.

artificial intelligence

AI Hallucinations Explained

Learn strategies to make your LLM outputs as reliable as your human experts.

artificial intelligence

AI: The Secret Weapon for Product Security Compliance at Finite State

Discover how Finite State uses AI to tackle the toughest part of compliance, so security teams can stay focused on protecting products and meeting glo...

AI's Context Challenge

Discover why AI can’t “one-shot” your entire codebase and how better prompts, tools, and human guidance unlock its real power in finding security flaw...

artificial intelligence

AI's Role in Navigating Global Product Security Regulations

Discover how AI is becoming essential for managing exploding regulatory demands in product security, helping teams bridge the gap between scarce human...

artificial intelligence

Balancing Security and AI

Explore how organizations can safely adopt AI for product security—even in critical infrastructure—by balancing cloud trust, data governance, and emer...

artificial intelligence

Beyond the Scan: How AI Adds Real Value in Product Security Workflows

Explore why simply dropping binaries into AI won’t find all your vulnerabilities, and how Finite State uses AI to tackle the massive work that happens...

artificial intelligence

How AI Is Slashing the Workload in Software Supply Chain Security

Learn how LLMs are revolutionizing vulnerability triage and remediation guidance, cutting manual effort by 90% and allowing security teams to focus on...

artificial intelligence

How AI Transforms Vulnerability and Exploit Detection

See how generative AI replaces manual threat intel review, turning mountains of human-written reports into actionable signatures for faster, smarter v...

artificial intelligence

How Finite State Is Supercharging Security with AI

See how Finite State harnesses AI to cut vulnerability triage workloads by up to 90% and automate tedious compliance documentation—freeing security te...

artificial intelligence

How to Get Meaningful Risk Scores from AI

Find out why AI risk assessments are only as good as the context you provide and how giving LLMs deeper product and threat insights drives smarter, sa...

artificial intelligence

How Tool-Enabled AI Is Transforming Cybersecurity

See how giving AI tools supercharges its capabilities and why this evolution is poised to revolutionize cybersecurity and software supply chain securi...

artificial intelligence

SBOMs, AI, and the Real Work

Learn why SBOMs are far more complex than a nutrition label and how Finite State is using AI to transform SBOM analysis, triage, and remediation into ...

artificial intelligence

Smarter Ways to Prioritize Vulnerabilities

Learn how combining graph analysis with AI can pinpoint which vulnerabilities are truly exploitable so you can focus remediation efforts where they ma...

artificial intelligence

Why Finding Software Vulnerabilities Still Needs More Than AI Alone

Discover why LLMs can’t simply “read binaries” to find vulnerabilities and how combining them with specialized tools unlocks real value in software se...

artificial intelligence

Why Security Still Needs Tools, Context, and Smart Integration

Unpack the real strengths—and limits—of LLMs in security, and learn how combining them with purpose-built tools unlocks powerful insights for finding ...

artificial intelligence

•
Compliance & Regulations(38 Videos)

Why Bottom-Up Vulnerability Management Breaks at Scale

Bottom-up vulnerability tracking works for small teams—but breaks at scale. Learn how fragmentation impacts prioritization, compliance, and security r...

Breaking Down Silos in Product Security and Compliance

Siloed teams and one-off tools create outdated compliance. Learn why connected device security needs a continuous, cross-functional workflow.

Why Controls-Only Compliance Fails Connected Device Security

Controls assessments and gap analyses aren’t enough. Learn why compliance must connect security controls to real firmware, releases, and shipped softw...

Compliance Is an Artificial Adversary—Unless You Tie It to What You Ship

Regulations like the EU CRA demand proof—but real risk lives in releases, firmware, and code. Learn how to connect vulnerabilities to continuous compl...

Precision Over Panic: How to Focus on Real Risk for CRA Compliance

Dario Lobozzo from Finite State presents a comprehensive approach to CRA (Cyber Resilience Act) compliance, addressing the challenges organizations fa...

Why Regulated Industries Choose Finite State

Automotive, medical device, and telecom manufacturers face strict regulatory demands—and high stakes. In this video, Mike Hatherall, Lead Solutions Ar...

Why CRA Compliance Is So Challenging for Manufacturers

The EU CRA introduces sweeping new responsibilities for connected product manufacturers—but most aren’t ready. In this clip, Dario Lobozzo, GM of EMEA...

Solving the CRA Puzzle: A Layered Approach to Compliance

CRA compliance isn’t one-size-fits-all—especially for manufacturers of software-defined products. In this clip, Dario Lobozzo, GM of EMEA at Finite St...

Automating CRA Vulnerability Reporting for Real Business Impact

Dario Lobozzo, GM of EMEA at Finite State, describes the “holy grail” of CRA compliance: automated, scalable vulnerability reporting. In this clip, he...

CRA Flips the Script on Vulnerability Management

Vulnerability disclosure is nothing new—but CRA introduces a new twist: retroactive reporting. In this clip, Dario Lobozzo, GM of EMEA at Finite State...

The Beauty of the SBOM: Why It’s Essential for CRA Compliance

In this clip, Dario Lobozzo, GM of EMEA at Finite State, lays out the true value of SBOMs in modern product security—enabling visibility, context, and...

From 26,000 Vulnerabilities to 300: CRA Certification for Legacy Products

What happens when you have a legacy product—already in the field, five years on the market—and now you have to certify it for CRA? Learn how layering ...

Go Beyond CRA: Why Forward-Thinking OEMs Aim Higher

CRA is the baseline—but many forward-looking manufacturers aren’t stopping there. In this clip, Dario Lobozzo, GM of EMEA at Finite State, explains wh...

Accelerating CRA Readiness: Start Small, Move Fast

General Manager of EMEA Dario Lobozzo outlines a low-effort, high-impact strategy for getting started with CRA compliance. From rapid product risk ide...

Building a Scalable CRA Vulnerability Disclosure Program

Dario Lobozzo, GM of EMEA at Finite State, shares what it really takes to run a successful CRA vulnerability disclosure program: communication across ...

Why CRA’s Coordinated Vulnerability Disclosure Requirement Matters

Unpack the complexity of meeting CRA’s Coordinated Vulnerability Disclosure (CVD) requirements, including why CVD success requires deep visibility int...

Avoiding CRA Pitfalls: Don’t Wait to Fix What’s Broken

Dario Lobozzo, GM of EMEA at Finite State, calls out a common but costly mistake in CRA compliance planning: treating assessments and remediation as s...

CRA Readiness Isn’t a Checkbox—It’s a Long-Term Strategy

Treating CRA compliance as a one-time, checkbox exercise is a recipe for failure. While you may get through your first audit with spreadsheets and man...

Why Pen Testing Is Functionally Required for Cybersecurity Compliance

Pen testing may not be named in every regulation, but it’s essential to prove your security controls work.

Are You Impacted by the Connected Vehicle Rule?

Many OEMs, suppliers, and aftermarket companies may be affected by the CVR - here’s what you need to do now.

What It Takes to Secure a Specific Authorization Under the CVR

Understand how to secure a specific authorization under the CVR—and what cybersecurity evidence you’ll need—to increase your chances of acceptance.

Will the DoC Enforce the CVR Strictly from Day One?

Experts weigh in on how enforcement of the CVR might unfold—and why early flexibility could be on the table.

Why You Can’t Just “Approve” a Supplier Anymore

The Connected Vehicle Rule demands component-level scrutiny, especially with multi-region suppliers and JV structures.

Making the Legacy Software Carve-Out Work

Learn what it takes to remain compliant with the CVR, including codebase transfers and strict developer restrictions.

Firmware Exclusions and the Legacy Carve-Out: What Changed from the Draft Rule?

Learn how the final Connected Vehicle Rule narrows firmware definitions and creates a software carve-out that requires careful planning.

What’s In Scope (and What’s Not) Under the Connected Vehicle Rule

Understand how to determine what hardware and software falls under VCS and ADS requirements for the Connected Vehicle Rule.

Jurisdiction, Control, Direction: What Triggers Coverage Under the Connected Vehicle Rule?

Understand the blurry line companies must navigate to assess China or Russia-linked entities.

How Disruptive Is the Connected Vehicle Rule?

Experts explain why this regulation is unlike anything the automotive industry has faced before.

How to Exclude Components Under the CVR & Why It’s So Difficult

Learn what it really takes to identify, document, and verify component origins across your supply chain to comply with the Connected Vehicle Rule.

What Is the Connected Vehicle Rule?

A foundational overview of the rule’s scope, prohibitions, enforcement timeline, and supply chain impact.

Raising the Bar: What Compliance Now Expects From Your Security Program

Today’s regulatory expectations go far beyond shipping secure code. Discover what OEMs and suppliers must do to demonstrate ongoing security maturity.

Why the Cost of Compliance Is Far Less Than the Cost of Inaction

Global regulations aren’t just about fines—they impact market access. Learn why compliance is now a business-critical priority for IoT manufacturers.

Policy to Action: The Connected Vehicle Rule Webinar

Securing the Product Lifecycle: Building Global Compliance into IoT Development

AI: The Secret Weapon for Product Security Compliance at Finite State

Discover how Finite State uses AI to tackle the toughest part of compliance, so security teams can stay focused on protecting products and meeting glo...

Closing Security Gaps for CRA Compliance

See how the CRA pushes manufacturers to unify SBOMs, risk assessments, and vulnerability reporting in this soundbite from our Risk to Resilience webin...

Navigating Software Security and Compliance Challenges

Explore how companies meet security regulations through patching, vendor collaboration, or creative compensating controls when direct fixes aren’t fea...

Why Security Submissions Are Critical for Connected Medical Devices

Discover why getting security right the first time is essential for medical device approvals and how gaps in your submission can derail time-to-market...

•
Finite State Feature Focus(14 Videos)

How Finite State Reduces SDLC Complexity and Tool Sprawl

Tool sprawl, manual processes, and disconnected workflows are slowing down security and compliance teams across the software lifecycle. In this video,...

How Finite State Brings Security, Engineering & Compliance Together

Finite State is more than a scanner—it’s a unifying force across engineering, security, and compliance. In this video, Mike Hatherall, Lead Solutions ...

From Probability to Proof: EPSS + Reachability = Real ROI

Discover how combining EPSS with Finite State’s built-in reachability analysis takes you from “probable” to “provable” with smarter prioritization, fe...

Why “Secure by Design” Matters and How Finite State Makes It Real

Learn how Finite State’s platform accelerates analysis, powers precise threat modeling, and gives pen testers deep insight in minutes—not days.

Hardcoded Credentials: The Risks Developers Leave Behind

Default passwords and forgotten comments often remain buried in code—posing major risks for connected devices. Learn how Finite State helps uncover th...

Finding Clarity and Focus for Complex Embedded System Security

Discover how Finite State reveals what’s truly inside embedded systems and helps you prioritize the few vulnerabilities that matter most, so you can m...

product features

Finite State vs Legacy Tooling

Learn why legacy SCA tools focus on licensing while Finite State zeroes in on security, giving you real protection instead of just compliance checkbox...

product features

Finite State’s Policy Engine for Tailored Security Decisions

See how Finite State empowers you to customize security policies, automate enforcement, and align vulnerability management with your unique risk toler...

product features

How Finite State Analyzes Every Layer of Your Firmware

Learn how Finite State digs into all code—yours and your suppliers’—using advanced unpacking to deliver deep security insights and accurate SBOMs.

product features

How Finite State Reduces False Positives

See how Finite State uses precise binary fingerprints and real-time threat intel to pinpoint real issues and highlight what truly matters.

product features

How Finite State Tackles Binary Analysis Challenges

Learn how Finite State blends precise signature matching with probabilistic analysis to identify hidden components in binaries, even when package data...

product features

Integrating Finite State into Modern CI/CD Pipelines

Learn how Finite State’s CLI and APIs keep your pipelines fast and secure, so you can automate scans without slowing product delivery.

product features

Speeding Up Remediation

Discover how Finite State accelerates remediation by cutting false positives and helping teams zero in on real, high-priority security issues first.

product features

Unlock Your System's Secrets

See how Finite State helps you know what’s in your system, decide what to fix, and confidently share SBOMs with partners and regulators.

product features

Product Security(11 Videos)

Quick-Fire Security Questions with Mike Hatherall

In this rapid-fire Q&A, Mike Hatherall, Lead Solutions Architect at Finite State, tackles some of the most common challenges product security teams fa...

Advice for Building Scalable Product Security Programs

Mike Hatherall shares advice for security leaders building modern, scalable product security: start with a data model, align terms, and automate visib...

How Product Security Workflows Are Evolving Globally

Global regulations—from the EU CRA to the FDA’s cybersecurity mandate—are transforming product security workflows. In this video, Mike Hatherall, Lead...

Why Linking SBOMs, Vulnerabilities & Compliance Data Matters

In this video, Mike Hatherall, Lead Solutions Architect at Finite State, explains the power of unifying these elements in a single platform. When ever...

How to Align Legal, Security & Engineering on the Same Risk Data

In this video, Mike Hatherall, Lead Solutions Architect at Finite State, explains how a unified platform can deliver shared data in tailored ways—so e...

What a Unified Software Risk Picture Really Looks Like

What would it take to align engineering, security, and legal teams around a single understanding of product risk? In this video, Mike Hatherall, Lead ...

What Happens When Teams Use Different Tools for SBOMs and Vulnerability Data?

When engineering, security, and compliance teams use different tools—and each relies on their own “source of truth”—vulnerability management falls apa...

Breaking Silos Between Engineering, Security, and Compliance

Mike Hatherall, Lead Solutions Architect at Finite State, has worked with product security teams across Europe and around the world. In this video, he...

Navigating the Complexity of IoT Device Vulnerability: The Future State of Medical Device Security

Watch this On-Demand Health-ISAC panel discussion to understand how industry leaders are addressing the emerging challenge of protecting IoT devices.

AI: The Secret Weapon for Product Security Compliance at Finite State

Discover how Finite State uses AI to tackle the toughest part of compliance, so security teams can stay focused on protecting products and meeting glo...

Navigating Software Security and Compliance Challenges

Explore how companies meet security regulations through patching, vendor collaboration, or creative compensating controls when direct fixes aren’t fea...

SBOM Management(8 Videos)

Quick-Fire Security Questions with Mike Hatherall

In this rapid-fire Q&A, Mike Hatherall, Lead Solutions Architect at Finite State, tackles some of the most common challenges product security teams fa...

How Finite State Brings Security, Engineering & Compliance Together

Finite State is more than a scanner—it’s a unifying force across engineering, security, and compliance. In this video, Mike Hatherall, Lead Solutions ...

What Happens When Teams Use Different Tools for SBOMs and Vulnerability Data?

When engineering, security, and compliance teams use different tools—and each relies on their own “source of truth”—vulnerability management falls apa...

What Makes a Quality SBOM? It Depends on Who's Asking.

SBOM quality isn’t a fixed standard—it depends on who's requesting it and how it's being used. In this clip, Dario Lobozzo, GM of EMEA at Finite State...

Validating Third-Party SBOMs: Trust, Verify, Comply

As CRA and industry standards like UN R155 and ISO/SAE 21434 push supply chain security to the forefront, validating third-party SBOMs is no longer op...

Why SBOMs Are the Key to Meeting Compliance Capabilities

Learn how SBOMs enable core compliance capabilities like inventory, risk assessment, and ongoing vulnerability monitoring—without being named explicit...

SBOM Verification: Ensuring Quality & Trust in Final Software Builds

Explore why verifying SBOMs against final software builds is crucial for quality and trust and how emerging standards will strengthen supply chain tra...

software bill of materials

Spotting SBOM Flaws

Learn how missing dependency details signal an incomplete SBOM and why digging deeper is crucial for true software supply chain security.

software bill of materials

•
Software Supply Chain Security(22 Videos)

IoT Security Is Improving—but Risk Is Still Growing

Despite real progress, the rapid growth of devices and threats is outpacing the industry’s ability to secure them. In this clip, Robert Kelley reflect...

IoT Security Advice: Assume Breach. Plan for What Comes Next.

Stop assuming your device won’t be compromised & start planning for what happens when it is. Learn why defense in depth, credential revocation & real ...

Build for Failure, Not Perfection

With new mandates like the EU RED and Cyber Resilience Act raising the bar, manufacturers must purpose-build devices with security in mind from day on...

Why Cybersecurity Isn’t One-Size-Fits-All

Security checklists might offer structure but rigid 1-size-fits-all approaches fall short. Cybersecurity must be context-driven not just compliance-dr...

The Hidden Risk in IoT: Insecure Cloud Connections

Securing the device-to-cloud channel is vital to the trust model of connected systems. From rollback attacks and weak TLS to hardcoded tokens and deni...

The Hidden Cost of Being First to Market

In the push to be first, security often gets sidelined—leaving critical vulnerabilities behind.

Top 3 IoT Security Gaps Today

From development to deployment, critical security oversights still plague the IoT ecosystem. Hear why retrofitting security after launch is costly—and...

Why Embedded Devices Struggle with Security

Embedded devices operate under intense resource constraints—leaving little room for robust cybersecurity protections. In this clip, Robert Kelley unpa...

Why So Many IoT Devices Remain Unpatched — Even with Secure OTA Updates

Robert Kelley explains how inconsistent update practices and missing lifecycle guarantees leave IoT devices exposed—even as security matures.

Building Security Culture: Language, Mission, and Partnership

Driving security across product teams starts with shared language, a customer-centric mission, and a partnership mindset—not policing.

Start Where You Are: The Journey Toward a Secure Product Lifecycle

Perfect isn’t the goal—progress is. Discover why incremental improvements are key to maturing your product security posture and achieving compliance.

Component Aging: The Hidden Risk You Can Actually Control

Proactively managing aging components can drastically reduce downstream risk and remediation effort. Here’s why it matters—and how to operationalize i...

Securing the Release: Pen Testing, Patch Management, and Compliance in Practice

Explore practical best practices for secure releases, artifact distribution, and post-market operations aligned with global IoT security standards.

Security by Design: Building Compliance Into Every Stage

From planning and vendor assessments to secure builds and SBOM creation, see how to embed compliance into every phase of your product development life...

Modern IRT: Seeing the Unseen in Firmware with a Multi-Layered Security Approach

Discover why modern incident response demands end-to-end visibility, scanning code, binaries, and firmware, to secure what’s often hidden in plain sig...

software security

Modernizing Software Supply Chain Security

Hear Roland's practical advice for product security leaders on modernizing supply chain security.

software security

Shifting Security Left Across Your Organization

Learn how moving security earlier in development, integrating automation, and engaging more teams helps organizations transition from reactive complia...

software security

The Biggest Misconception in Supply Chain Security

Learn why blaming upstream components isn’t enough and why owning security for all your product’s parts is critical to protect customers and your bran...

software security

The Hidden Risk of Precompiled Binaries

Discover why relying on vendor binaries leaves you blind and how binary analysis reveals what’s really inside to secure your products.

software security

Untangling Supply Chains

Explore how complex layers of open and closed source components create hidden supply chain risks and why visibility into every vendor’s dependencies m...

software security

Zero Trust & IoT: Prepare for Breaches & Verify Everything

Learn why breaches are inevitable—and how regular risk assessments and layered defenses are key to building zero trust security for IoT systems.

software security

Sans ICS 2022 Jason Ortiz Presentation - Finite State

•
Vulnerability Management(8 Videos)

Quick-Fire Security Questions with Mike Hatherall

In this rapid-fire Q&A, Mike Hatherall, Lead Solutions Architect at Finite State, tackles some of the most common challenges product security teams fa...

What a Unified Software Risk Picture Really Looks Like

What would it take to align engineering, security, and legal teams around a single understanding of product risk? In this video, Mike Hatherall, Lead ...

What Happens When Teams Use Different Tools for SBOMs and Vulnerability Data?

When engineering, security, and compliance teams use different tools—and each relies on their own “source of truth”—vulnerability management falls apa...

How Silos Complicate Vulnerability and Compliance Management

When engineering, security, and compliance teams don’t share a single source of truth, product security suffers. In this video, Mike Hatherall, Lead S...

Most IoT Breaches Aren’t Zero-Days—They’re Trust Failures

IoT devices often fail not from rare exploits but from trusting the wrong code, inputs, or components. Learn why securing your own code isn’t enough &...

IoT Security Isn’t Just About the Device

Real security means understanding the entire ecosystem—firmware, cloud APIs, mobile apps, local interfaces, and everything in between. Learn why you’r...

When Should You Run a Pen Test? Here’s the Real Answer

With regulations across industries like automotive & medical, regular pen testing, discover why ethical hackers are your best defense against real one...

Risk-Based Security: How to Focus on What’s Real, Reachable, and Exploitable

Not all vulnerabilities are created equal. See how KEVs, weaponized exploits, and reachability analysis can help you prioritize real-world risk.

Finite State is the Product Security Automation Platform that functions as an autonomous Product Security OS: design → verify → prove, grounded in what you ship.

Platform

Platform Overview

Ground Truth Inventory

Exploitability-Based Prioritization

Design-Time Architecture Security

Automated Evidence-Backed Compliance

Solutions

Device Manufacturers

Medical Devices

Energy & Utilities

Resources

Resource Library

Webinars & Videos

Company

Media Inquiries

© 2026 Finite State. All rights reserved.

Privacy Policy Terms of Use Customer Terms and Conditions