In-brief: In this podcast, Dennis Fisher of onthewire.io and I talk about securing the Internet of Things.
Yesterday I had the opportunity to sit down for a great talk on the topic of securing the Internet of Things with my good friend and longtime security reporter Dennis Fisher. You can check out the podcast here. Also, we say the “s” word a couple times (that would be “s**t”). So if you listen to security podcasts with your kids, just be aware of that.
It’s a great talk – two longtime information security journalists talking about just how much our beat has changed in the last 10 years, as a whole universe of connected devices have come online.
Some good ideas worth noting:
- The cultural and skills gap that affects so many companies that are in the business of making connected devices or managing diverse infrastructure with traditional and non-traditional endpoints. We see this big time in verticals like energy, manufacturing, healthcare, etc.
- With the Consumer Electronics Show (CES) happening this week, we’re hearing a lot of “gee whiz” stories about cool new gear. What’s not said is that information security and data privacy are often way down on the list of priorities for these companies. Having your product ready to show off on the floor at CES? That’s a top priority!
- The need for evolution both within commercial firms and in the public sector such that companies are able to get in front of security issues in their environments (or products) rather than just reacting. This is, in essence, what Microsoft was able to do in the last 15 years, after Bill Gates now-famous Trustworthy Computing Memo. But it took years and millions (hundreds of millions?) of dollars to reorient that company around secure development and to build ties with the security community. Most software companies aren’t even there, let alone hardware companies that are backing into the software business.