Author: Paul

application code on screen

Spotlight Podcast: Fixing Supply Chain Hacks with Strong Device Identities

Supply chain hacks like ME Docs and ASUS aren’t inevitable. In this Spotlight Podcast, sponsored by Trusted Computing Group, I speak with Dennis Mattoon, a Principal Researcher at Microsoft Research and the Chairman of the Trusted Computing Group’s DICE Architectures Working Group* about how strong device identities for IoT endpoints can stop supply chain compromises.

Podcast Episode 141: Massive Data Breaches Just Keep Happening. We Talk about Why.

Countless Congressional hearings, 48 state data privacy laws and GDPR and mega breaches like the discovery of data on 500 million Facebook users just keep happening. Why? In this episode of the podcast, Paul is joined by experts from the firm BitSight and BigID to discuss why we can’t seem to stop the breaches.

Interview: securing the University using NIST’s Cyber Framework

College and university campuses are notoriously difficult to tame. In this one-on-one interview, I speak with Plamen Martinov, the Chief Information Security Officer for the Biological Sciences Division at the University of Chicago about how his organization has used NIST’s Cybersecurity Framework to create a security lingua franca at UChicago and improve the organization’s security posture.

CTSS MIT

Podcast Episode 140: passwords are dying. What will replace them?

Alpha-numeric passwords have been with us almost since the dawn of the computing age. But our guest this week, Phil Dunkelberger the CEO of Nok Nok Labs, says they’ve overstayed their welcome, and that the next few years may see them disappear altogether. We talk about what will replace them and how.

Podcast Episode 139: the State(s) of Right to Repair and API Insecurity on GitHub

In our latest podcast episode we’re joined by Kyle Wiens of iFixit to talk about right to repair legislation pending in 20 states. Also: Dmitry Sotnikov of 42Crunch joins us to talk about API insecurity on GitHub.