EP 66: Secure only the OT code that actually runs

Error Code

Player FM - Internet Radio Done Right

הוסף לפני two שנים

תוכן מסופק על ידי Robert Vamosi. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Robert Vamosi או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

Before The Chorus

1
LIVE: Before the Chorus & Open Folk Present: In These Lines feat. Gaby Moreno, Lily Kershaw & James Spaite 33:58

לפני 11 ימים33:58

הפעל מאוחר יותר

רשימות

לייק

אהבתי

33:58

On June 25th 2025, in collaboration with Open Folk, we presented our first ever live interview event in Los Angeles. As Open Folk put it: "In These Lines is a live event where three artists each bring one song — not just to perform, but to explore. They sit down with Sofia Loporcaro, host of Before The Chorus, to talk about where the song came from, what it meant to write it, and what it still holds. Then they play it. Just the song, and the truth behind it." Find Open Folk on Instagram: @openfolkla Find Gaby on Spotify: https://open.spotify.com/artist/0K9pSmFx0kWESA9jqx8aCW?si=Wz4RUP88Qlm_RKs7QTLvWQ On Apple Music: https://music.apple.com/us/artist/gaby-moreno/472697737 Instagram: https://www.instagram.com/gaby_moreno/ Find Lily on Spotify: https://open.spotify.com/artist/0p0ksmwMDQlAM24TWKu4Ua?si=Bmdg-uIUTHu-zRUc_dqL3g On Apple Music: https://music.apple.com/us/artist/lily-kershaw/526884610 Instagram: https://www.instagram.com/lilykershaw/ Find James on Spotify: https://open.spotify.com/artist/3u50TPoLvMBXNT1KrLa3iT?si=OoLoq7ZTRZyUiytQcz0FsQ On Apple Music: https://music.apple.com/us/artist/james-spaite/905076868 Instagram: https://www.instagram.com/jamesspaite/ Subscribe: ⁠⁠⁠⁠⁠⁠⁠https://beforethechorus.bio.to/listen⁠⁠⁠⁠⁠⁠⁠ Sign up for our newsletter: ⁠⁠⁠⁠⁠⁠⁠https://www.beforethechorus.com/⁠⁠⁠⁠⁠⁠⁠ Follow on Instagram: ⁠⁠⁠⁠⁠⁠⁠@beforethechoruspodcast⁠⁠⁠⁠⁠⁠⁠ & ⁠⁠⁠⁠⁠⁠⁠@soundslikesofia⁠⁠⁠⁠⁠⁠⁠ About the podcast: Welcome to Before the Chorus , where we go beyond the sounds of our favourite songs to hear the stories of the artists who wrote them. Before a song is released, a record is produced, or a chorus is written, the musicians that write them think. A lot. They live. A lot. And they feel. A LOT. Hosted by award-winning interviewer Sofia Loporcaro, Before the Chorus explores the genuine human experiences behind the music. Sofia’s deep knowledge of music and personal journey with mental health help her connect with artists on a meaningful level. This is a space where fans connect with artists, and listeners from all walks of life feel seen through the stories that shape the music we love. About the host: Sofia Loporcaro is an award-winning interviewer and radio host who’s spent over 8 years helping musicians share their stories. She’s hosted shows for Amazing Radio, and Transmission Roundhouse. Now on Before the Chorus, she’s had the chance to host guests like Glass Animals, Feist, Madison Cunningham, Mick Jenkins, & Ru Paul's Drag Race winner Shea Couleé. Learn more about your ad choices. Visit megaphone.fm/adchoices…

לפני 18 ימים 23:11

MP3•בית הפרקים

Many organizations spend valuable security resources fixing vulnerabilities in code that never actually runs—an inefficient and often unnecessary effort. Jeff Williams, CTO and founder at Contrast Security, says that 62% of open source libraries included in software are never even loaded into memory, let alone executed. This means only 38% of libraries are typically active and worth prioritizing.

68 פרקים

#Tech #Robert Vamosi

Error Code

EP 66: Secure only the OT code that actually runs

Error Code

published לפני 18 ימים

שתפו

MP3•בית הפרקים

68 פרקים

#Tech #Robert Vamosi

כל הפרקים

Error Code

1
EP 67: Collateral Damage 23:27

לפני 4 ימים23:27

23:27

Operational technology (OT) systems are no longer limited to nation-states; criminal groups and hacktivists now actively target these systems, often driven by financial or ideological motives. Kurt Gaudette, Vice President of Intelligence and Services at Dragos, explains why these systems might not even be the primary targets.…

Error Code

1
EP 66: Secure only the OT code that actually runs 23:11

לפני 18 ימים23:11

23:11

Many organizations spend valuable security resources fixing vulnerabilities in code that never actually runs—an inefficient and often unnecessary effort. Jeff Williams, CTO and founder at Contrast Security , says that 62% of open source libraries included in software are never even loaded into memory, let alone executed. This means only 38% of libraries are typically active and worth prioritizing.…

Error Code

1
EP 65: Hacking Critical Infrastructure Through Supply Chains 30:22

לפני 4 weeks30:22

30:22

Critical Infrastructure software lacks the strict liability standards found in industries like automotive manufacturing, leading to minimal accountability for insecure products when they get exploited. Alex Santos, CEO of Fortress Information Security , explains how they’re typically hired by buyers of ICS equipment—such as utilities—to assess and mitigate supply chain risks, including working with OEMs to improve security.…

Error Code

1
EP 64: Volt Typhoon 43:44

לפני 7 weeks43:44

43:44

While cybersecurity threats targeting critical infrastructure, particularly focusing on the vulnerabilities of operational technology (OT) and industrial control systems (ICS).mostly originate on the business or IT side, there’s increasing concern about attacks crossing into OT, which could result in catastrophic consequences, especially in centralized systems like utilities. Michael Welch, managing director from MorganFranklin Cyber , discusses how Volt Typhoon and other attacks are living off the land, and lying in wait.…

Error Code

1
EP 63: Chief Hacking Officer 27:04

לפני 8 weeks27:04

27:04

This is a story about a Chief Hacking Officer who draws on his expertise in physical and virtual security assessments—along with some intuitive AI-driven coding—to safeguard Operational Technology. Colin Murphy of Frenos and Mitnick Security talks about how some of his early assessment work with Kevin Mitnick is helping him with OT security today.…

Error Code

1
EP 62: Defending the Unknown in OT Security 31:38

לפני 10 weeks31:38

31:38

ROI is always a tricky subject in cybersecurity. If you’re paying millions of dollars in securing your OT networks, you’d want to be able to show that it was worth it. Andrew Hural of UnderDefense talks about the need for continuous vigilance, risk management, and proactive defense, acknowledging both the human and technological elements in cybersecurity and how just because something didn’t happen doesn’t mean that it didn’t.…

Error Code

1
EP 61: Applying Zero Trust to OT systems 36:07

לפני 12 weeks36:07

36:07

Zero Trust is a security model based on default-deny policies and fine-grained access control governed by identity, authentication, and contextual signals. For RSAC 2025 , John Kindervag, Chief Evangelist of Illumio and the creator of Zero Trust, talks about introducing a "protect surface" into legacy OT systems —isolating critical data, applications, assets, or services into secure zones for targeted Zero Trust implementation.…

Error Code

1
EP 60: Hacking Solar Power Inverters 39:21

לפני 14 weeks39:21

39:21

Solar power systems are rapidly becoming essential elements of power grids throughout the world, especially in the US and EU. However, cybersecurity for these systems is often an afterthought, creating a growing risk to grid stability and availability. Daniel de Santos, Head of Research at Forescout , talks about his recent research into vulnerabilities associated with solar panel investors, how they might affect the power grid or the end-user, and what we can do about it.…

Error Code

1
EP 59: Automotive Hacking In Your Own Garage 36:15

לפני 16 weeks36:15

36:15

Gone are the days when you could repair your own car. Even ICE cars have more electronics than ever before. Alexander Pick is an independent hardware hacker specializing in automotive systems. He says if you start off small, like looking at ECUs, there’s a lot of great research yet to be done by both hobbyists and professionals alike.…

Error Code

1
EP 58: Hacking Office Supplies 45:42

לפני 18 weeks45:42

45:42

It’s becoming easier for criminals to use counterfeit or altered chips in common office products, such as printer toner cartridges, with the aim of espionage or simple financial gain. Tony Moor, Senior Director Of Silicon Lab Services For IOActive , explains how the hacking embedded silicon within common objects in our day to day lives is becoming more common, and what the consequences of this lack of security might mean.…

Error Code

1
EP 57: Strengthening Embedded Device Security with Cloud-Based SCADA 33:36

לפני 20 weeks33:36

33:36

Embedded devices need basic security measures like multi-factor authentication and unique credentials to reduce vulnerabilities and protect against cyber threats. Mauritz Botha, co-founder and CTO of XiO Inc., explains that cloud-based SCADA can update old systems and provide the visibility that’s currently missing.…

Error Code

1
EP 56: Hacking OT and ICS in the Era of Cloud and Automation 42:19

לפני 22 weeks42:19

42:19

As industrial enterprises lurch toward digital transformation and Industry 4.0, a new report looks at the security OT systems and finds it wanting. Grant Geyer, the Chief Strategy Officer for Claroty , talks about the findings from over one million devices in the field today, and what industries must do now to secure them.…

Error Code

1
EP 55: Building Secure Storage for Autonomous Vehicles 28:48

לפני 24 weeks28:48

28:48

I recently rode in a Waymo, Google’s self-driving taxi service, and it was fantastic. What if we took that vehicle off the safe roads of California and put it in a warzone like Ukraine? If it was captured, could the enemy get its data or its algorithms? Brent Hansen, Chief Growth Officer at Cigent, talks about the data risks associated with autonomous vehicles and remote servers, and how data security is essential in these in the field locations.…

Error Code

1
EP 54: From Cyber Chaos to Control: Lessons from a Kansas Water District 34:01

לפני 27 weeks34:01

34:01

Imagine your best worst day during a cyber attack. Can you switch to manual systems in case of a failure? Has your team practiced for that? Dave Gunter, OT Cybersecurity Director at Armexa , discusses how a water and waste water utility in Kansas responded correctly to a cyberattack in 2024 by falling back to manual and issuing clear, and concise press releases to assure the public that their water was safe to drink.…

Error Code

1
EP 53: Securing Smart OT Systems Already In The Field 31:17

לפני 28 weeks31:17

31:17

This is the story of how the security of OT devices in the field can be modernized virtual isolation in the cloud, adding both authentication and encryption into the mix. Bill Moore, founder and CEO of Xona, explains how you can virtualize the OT network and interact with it, adding 2FA and encryption to legacy systems already in the field.…

Error Code

1
EP 52: Hacking Cellular-Enabled IoT Devices 37:59

לפני 31 weeks37:59

37:59

This is the story of the secret life of cellular chips and why we need to mitigate against the unintended access they provide. Deral Heiland, Principal Security Research for IoT at Rapid 7 , describes a research project he presented at the IoT Village at DEF CON 32 where they compiled AT command manuals from various vendors, discovering unexpected functionalities, such as internal web services.…

Error Code

1
EP 51: Hacking High-Performance Race Cars 43:39

לפני 33 weeks43:39

43:39

When we think of IoT, we first think of our smart light bulbs, our smart TVs, our smart baby monitors. However, we don't typically associate IoT with high-performance race cars, and yet they collect terabytes of data each race. Austin Allen, Director of Solutions Architecture at Airlock Digital , discusses the growing presence of smart devices and the responsibility of securing them—should it be the developers who write the code, or the individuals who implement it?…

Error Code

1
EP 50: Keeping The Lights On In Ukraine 44:07

לפני 35 weeks44:07

44:07

What would happen if your GPS signal were jammed? It would impact more than just navigation – you'd also lose access to financial data and power. Joe Marshall, Senior IoT Strategist and Threat Researcher at Cisco Talos , discusses an innovative solution to maintain the country's power grid operations in the event of GPS jamming, whether it's a precautionary measure or an act of war.…

Error Code

1
EP 49: Hacking Android-Based ICS Devices 39:27

לפני 37 weeks39:27

39:27

Cybercriminal tactics against ICS include direct threats against individuals for MFA credentials, sometimes escalating to physical violence if they won’t share. Jim Coyle, US Public Sector CTO for Lookout , warns about the increasing use of Android in critical Industrial Control Systems (ICS), such as HVAC systems, and how stealing MFA tokens from mobile devices could affect critical services like healthcare, finance, and water supply, depending on the goals of the attackers.…

Error Code

1
EP 48: The New Insider Threat: Hacking Corporate Office Devices 40:51

לפני 39 weeks40:51

40:51

If smart buildings are vulnerable to hacking, what about smart offices? Even devices like printers and lighting systems could give an attacker a way in. John Terrill, CSO at Phosphorus , recalls a moment while working at a hedge fund when he found himself in a room filled with priceless art. He realized that the security cameras safeguarding these artworks were operating on outdated software, potentially containing known vulnerabilities.…

Error Code

1
EP 47: Hacking Smart Buildings 41:53

לפני 41 weeks41:53

41:53

If you are in IT, you are probably not thinking about the risks associated with the Otis Elevator or the Coke machine. Maybe you should. Chester Wisnieski, the director and global field CTO at Sophos , points out that IoT devices, big and small, create an outsized threat to any organization. And that’s why IoT vendors need to secure these devices, even if they only “phone home” for more Coke. If they’re on your network, they need to be secured.…

Error Code

1
EP 46: Hacking Israeli-made Water Treatment Devices In Pennsylvania 33:34

לפני 43 weeks33:34

33:34

Political hacktivism once mainly focused on website defacement. Now it has shifted to targeting physical devices, affecting critical infrastructure such as water treatment plants. At Black Hat USA 2024, Noam Moshe from Claroty highlighted how the HMIs in PLC devices from Israeli manufacturers may be susceptible to political attacks by nation-state actors using unknown vulnerabilities in the PComm protocol.…

Error Code

1
EP 45: Laser Fault Injections on a Shoestring Budget 32:35

לפני 45 weeks32:35

32:35

What if you could build your own embedded security tools, glitching devices for a fraction of the cost that you might expect. Like having a $150,000 laser setup for less than $500. A talk at Black Hat USA 2024 says you can. Sam Beaumont (Panth13r), Director of Transportation, mobility and cyber physical systems at NetSPI , and Larry Trowell (patch), Director of hardware embedded systems at NetSPI , along with a team of others, say that you can. Their talk, Laser Beams & Light Streams: Letting Hackers Go Pew Pew, Building Affordable Light-Based Hardware Security Tooling, should be a wake up call for all IoT and OT device vendors who should defend our IoT and OT devices, even against the unlikely attacks. Because soon enough, those attacks will become likely.…

Error Code

1
EP 44: Performing Security Assessments on ICS systems 34:16

לפני 47 weeks34:16

34:16

Too few vulnerabilities in industrial control systems (ICS) are assigned CVEs because of client non-disclosure agreements. This results in repeatedly discovering the same vulnerabilities for different clients, especially in critical infrastructure. Don C. Weber from IOActive shares his experiences as an ICS security professional and suggests improvements, including following the SANS best practices for ICS security..…

Error Code

1
EP 43: Hacking Large-Scale Off-Grid Solar Systems and Other Consumer IoT Devices 50:45

לפני 49 weeks50:45

50:45

At DEF CON 32, in the ICS village, researchers disclosed vulnerabilities in home and commercial solar panel systems that could potentially disrupt the grid. Dan Berte, Director of IoT security for Bitdefender , discusses his more than a decade in IoT, how the vendor maturity often isn’t there for our smart TVs or even for our solar panels, so reporting vulnerabilities sometimes goes nowhere. That doesn’t stop defenders like Dan, who, along with his team, work hard to change and to educate the industry.…

Error Code

1
EP 42: OT-CERT 34:23

לפני 51 weeks34:23

34:23

The resources available at small utilities are scarce, and that’s a big problem because small water, gas, and electric facilities are increasingly under attack. Dawn Capelli of Dragos is the Director of OT-CERT, an independent organization that provides free resources to educate and even protect small and medium sized utilities from attack.…

Error Code

1
EP 41: Firmware SBOMs, Zero Trust, And IoT Truth Bombs 41:26

לפני 1 year41:26

41:26

For the last twenty years we’ve invested in software security without parallel development in firmware security. Why is that? Tom Pace, co-founder and CEO of NetRise , returns to Error Code to discuss the need for firmware software bills of materials, and why Zero Trust is a great idea yet so poorly implemented. As in Episode 30, Tom is a straight shooter, imparting necessary truth bombs about our industry. Fortunately he’s optimistic about our future.…

Error Code

1
EP 40: Hacking IoT Surveillance Cameras For Espionage Operations 28:27

לפני 1 year28:27

28:27

That camera above your head might not seem like a good foreign target, yet in the Ukraine there’s evidence of Russian-backed hackers passively counting the number of foreign aid workers at the local train stations. Andrew Hural of UnderDefense talks about the need to secure everything around a person, everything around an organization, and everything around a nation because every one can be a target.…

Error Code

1
EP 39: Hacking Water Systems and the OT Skills Gap 40:20

לפני 1 year40:20

40:20

A critical skills gap in Operational Technology security could have a real effect on your water supply and other areas of the critical infrastructures. Christopher Walcutt from DirectDefense explains how the IT OT convergence, and the lack of understanding of what OT systems are, might be contributing to the spate of water systems attacks in 2024.…

Error Code

1
EP 38: Regulating OT Data Breaches And Ransomware Reporting 42:50

לפני 1 year42:50

42:50

When critical infrastructure is shut down due to ransomware or some other malicious attack, who gets notified and when? Chris Warner, from GuidePoint Security , discusses the upcoming Cyber Incident Reporting for Critical Infrastructure Act or CIRCIA and what it will mean for critical infrastructure organizations.…

ברוכים הבאים אל Player FM!

Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.

תקשיבו ל-500+ נושאים

דומה לError Code

Microsoft Office Home 2024 | Classic Apps: Word, Excel, PowerPoint | One-Time Purchase for 1 PC/MAC | Instant Download | Formerly Home & Student 2021 [PC/Mac Online Code]

Bounty Quick Size Paper Towels, White, 8 Family Rolls = 20 Regular Rolls (Packaging May Vary)

Amazon eGift Card - Bright Balloons (Animated)

פודקאסטים ששווה להאזין

Error Code « » EP 66: Secure only the OT code that actually runs

EP 66: Secure only the OT code that actually runs

פודקאסטים ששווה להאזין

ברוכים הבאים אל Player FM!

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

Buckingham Nicks (Amazon Exclusive)

Ernie Ball Regular Slinky Nickel Wound Electric Guitar Strings, 10-46 Gauge (P02221)

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

דומה לError Code

מדריך עזר מהיר

Error Code « »
EP 66: Secure only the OT code that actually runs