IoT Security Podcast

Recent years have seen a growing awareness of the vulnerabilities in our critical infrastructure to cyberattacks, particularly from nation-states like Russia, Iran, and China. In this episode of the IoT Security Podcast, host John Vecchi welcomes Khris Woodring, Senior Cybersecurity Architect at Syngenta, to explore the evolving challenges and opportunities in securing critical infrastructure. From his serendipitous journey into the field to actionable insights on workforce development, Khris shares how industries can overcome the persistent talent gap and drive proactive change in OT security.Key topics include:The unique challenges of bridging IT and OT security.Why workforce shortages hinder progress and how industry and academia can collaborate.The importance of standardizing roles, frameworks, and terminology.Stories of how early curiosity sparked a career in cybersecurity.Tune in for a passionate discussion on how to protect the systems that make modern life possible—and the steps we can take to secure a resilient future. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Businesses and government organizations have seen threats to critical US infrastructure on the rise in recent years, particularly within IoT and OT systems, posed by cyberattacks, notably from state actors like Iran. With that context, Joel Goins, a veteran of manufacturing, oil and gas, and OT security at large, talks with John Vecchi about the critical need for enhanced security measures for data centers and other vital components, the vulnerabilities present in IoT devices, and the essential steps companies must take to safeguard against both traditional and emerging cyber threats. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Explore the intricate challenges and solutions in managing OT cybersecurity, particularly emphasizing the importance of active querying over passive deep packet inspection, with Michael Lester, Senior Product Security Engineer at Rockwell Automation! Lester underscores the necessity of segmenting networks, improving visibility, and fostering collaboration between IT and OT teams to mitigate risks and enhance security. His journey, from passionate mentorship to pursuing a PhD, exemplifies a commitment to advancing industrial cybersecurity frameworks and education. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, we're diving deep into the world of Operational Technology (OT) and IoT security, exploring the critical challenges and evolving threat landscape that are impacting sectors from manufacturing to critical infrastructure and healthcare. With insights from Patrick Gillespie, an OT expert at GuidePoint Security, we'll discuss the convergence of IT and OT systems, the risks introduced by COVID-19, and the advanced solutions from providers like Phosphorus that are combatting these threats. Patrick also sheds light on his personal journey from military service to a cybersecurity career, and the essential steps organizations should take to bolster their OT security, from embracing cyber hygiene to implementing robust security programs. Join us as we uncover the pressing issues facing IoT security today and how innovations are driving a safer, more secure operational environment. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Are you curious about the evolving world of cybersecurity, virtual CISOs, and their vital role in different industries? In this episode, Brian and John are joined by cross-vertical vCISO Jason Taule, who brings a wealth of experience and insights from his diverse career in the field as one of the first CISOs...ever. From working with federal agencies like NASA to serving as a virtual CISO for agriculture, heavy manufacturing, and healthcare organizations, Jason offers valuable perspectives on the unique security challenges faced across different sectors.Throughout the episode, Jason discusses the evolving role of the Chief Information Security Officer (CISO) in various industries. He highlights the intricacies of implementing cybersecurity measures in sectors like healthcare, where specific jargon and risks come into play.The conversation also goes into the complexities of managing operational technology (OT) and IoT security, emphasizing the need for improved third-party access control and a better understanding of firmware vulnerabilities. Additionally, the episode explores the impact of regulations, financial pressure, and the evolving threat landscape on organizations' engagement with security. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Sean Tufts is in the house, and we ask him to go all the way back. All the way. From his origins to the evolving challenges and security needs in IoT and OT environments, particularly in critical infrastructure. Your hosts, Brian Contos and John Vecchi, engage in a thought-provoking conversation with special guest Sean Tufts from Optiv. The discussion goes into Tufts' background, from his transition from an NFL player to a cybersecurity and critical infrastructure expert, to managing substantial programs at Optiv. Sean touches on the changing landscape of critical infrastructure, the challenges of IoT and OT security in the wake of COVID-19, and the evolving tactics in cyber attacks. He also shares insightful anonymized stories of cyber incidents, emphasizing the importance of effectively addressing vulnerabilities in IoT devices and legacy systems to mitigate risks. After listening to the episode, be sure to subscribe to the Phosphorus IoT Security Podcast to stay updated on evolving cybersecurity challenges and strategies in the IoT and OT space. Share this impactful episode with colleagues and peers involved in securing critical infrastructure to spark insightful conversations and proactive measures for vulnerability management. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Content Warning: This episode contains explicit language and references to criminal activity.In this episode, Brian and John are joined by a very special guest—John Threat, also known as John Lee, a veteran of the Great Hacker War and known as "Corrupt" from the early 90s hacking group MOD (Masters of Deception). We dive into the fascinating origins and culture of hacking, with John Threat sharing his experiences from the '80s all the way to the present day and the excitement of exploring and breaking into systems. The discussion also explores the evolution and loss of excitement in the hacking culture, the potential impact of AI and machine learning, and the changing threat landscape. From the deep camaraderie within hacking groups and the diversity of the MOD team in the 90s to the potential ethical and legal implications of new technologies, this episode is set to be a thought-provoking and riveting journey into the world of cybersecurity and hacking.You can follow John Threat on Instagram at @johnthreat or follow his work at http://www.rip.space and http://www.johnthreat.com. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

She's no slacker. Danielle Jablanski has been an "expert" — she hates that word — in nuclear policy analysis (the "original Cyber-Physical System"), energy research, and now Nozomi Networks, where she plays the crucial OT cybersecurity strategist role. John Vecchi and Brian Contos pick Danielle's brain on the ever- and never-changing trends and challenges, digging into the need for consequence-based security and collaboration between security professionals and OT engineers. The discussion also covers the growing concern about the security of IoT devices in OT environments, the importance of centralizing and managing security, addressing the issues surrounding legacy devices, and the evolving landscape of liability and insurance in cybersecurity.Key Topics Covered:1. Trends in cybersecurity and the importance of consequence-based security2. Concerns about the security of IoT devices in OT environments and the role of centralization and management3. Challenges with legacy devices in ICS and healthcare and the need for building controls and defense-in-depth4. Evolving conversations about liability and insurance in cybersecurityAfter tuning in to this episode, subscribe to the IoT Security Podcast, powered by Phosphorus, to stay informed about the latest trends and insights in IoT security. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Susan Peterson Sturm joins Brian Contos and John Vecchi on the IoT Security Podcast to discuss the importance of understanding specific features needed for different teams in IoT security. Susan Peterson Sturm has dedicated most of her career to the energy industry, where her expertise lies in asset optimization and energy market trading. However, it was her venture into product management that led her to the exciting field of OT security. Susan's journey in the industry spans approximately 15 years, and she feels privileged to have witnessed the growth and evolution of her peers throughout this time.In this episode, Susan, Brian, and John emphasize the need for change management, localization in factories, and the integration of cybersecurity measures into existing processes. The episode also touches on the challenges faced by CISOs, the importance of user feedback, and the need to quantify material cybersecurity risk. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Find the line between man and machine with John, Brian, and guest Len Noe, CyberArk technical evangelist. Len, the personification of transhumanism and the future of human-machine integration, host to a number of augmentations himself, is a self-taught cybersecurity expert with a unique background in the world of black hat and gray hat hacking. For most of his life, Len delved into the dark side of technology, breaking into computers and causing havoc. However, with the arrival of grandchildren, Len realized that he needed to change his ways. Recognizing that his skills were primarily focused on hacking, Len made the brave decision to use his expertise for good. He embarked on a new journey, putting his unique perspective on security to work for the good guys. Len transitioned from being a malicious hacker to becoming a cybersecurity professional, using his knowledge to defend against cyber threats and secure computer systems.Len shares his experiences and insights as someone who has embraced technological enhancements and implanted various devices in his own body. From RFID NFC chips to a mini-computer in their leg, Len takes us on a journey through the possibilities and challenges of this emerging field. Join us as we explore transhumanism's societal, theological, technological, moral, and medical implications. Get ready to dive deep into the possibilities of collaboration, the debates surrounding free will, and the potential benefits and drawbacks of these advanced technologies. Stay informed and open-minded about the advancements in technology and their potential impact on humanity. Share this episode with others to spark discussions on transhumanism, IoT security, and the future of technology. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

What is security? Our guest here, Patrick Benoit, Global CISO for Brinks, thinks about that a lot, working for a company with 165 years in the space. From reinforced stage coaches to the security today, there's a focus on the physical. In today's episode, John and Brian talk to Patrick Benoit about people and Things. People are the solution as well as the problem, as Patrick declares that breaches only happen for two reasons. Someone did something they were supposed to do, or someone didn’t do something they were supposed to do. There’s always a human component. Listen in as they hit on topics like:The evolving landscape of integrated security platforms and the importance of trust in team dynamics The challenges of breach reporting and materialityThe rising threat of ransomware attacks on IoT devicesThe fascinating potential of Generative AI for hackers And more on zero trust, IoT security standardization, and the role of CISOsGet ready for an information-packed episode that will illuminate the complexities and opportunities in the world of IoT security. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

The passion for cybersecurity can arise at any moment. For our guest Andres Andreu, he started his career in software engineering, but that path was not to be. His naturally (self-described) paranoid nature drove him to constantly think about potential vulnerabilities and how to protect against them. Andres was already performing tests on his software creations, and his career transitioned from software engineering to becoming a renowned figure in the world of security.Andres sheds light on a significant portion of the attack surface, including IoT, OT, IIoT, and IoMT cyber-physical systems in organizations across manufacturing, utilities, energy, healthcare, finance, retail, and logistics. He and hosts John and Brian delve into the difficulties of gaining visibility into these devices and understanding their posture and risk assessment.In this episode, learn about the limitations of traditional passive monitoring tools and the challenges faced when scanning industrial IoT devices for vulnerabilities. Andres emphasizes the importance of identifying and understanding these devices before implementing security measures.Andres shares insights into the difficulties of monitoring IoT devices, including the importance of careful firmware updates, the complexities of monitoring configurations in industrial control systems, and the vulnerabilities of older equipment.Join us as we delve into the world of IoT device security with Andres Andreu on this episode of the IoT Security Podcast. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Ron Kuriscak is here to share his extensive knowledge and experiences in the world of IoT security, and has he got some great stories! Ron brings over 20 years of experience in the field to the show. He's been in the trenches on a number of high-profile breaches, giving him a unique perspective on the challenges and importance of securing IoT devices.In our conversation, we dive deep on the role of the CISO, their relationships with other executives, and the evolving threat landscape, littered with unmonitored, unmanaged devices. Ron sheds light on the struggles faced by CISOs, as they juggle physical and data security responsibilities with different skill sets required for each. He also discusses the changing trend of CISOs reporting up through the legal chain of command or directly to the CEO for clearer communication and a better understanding of security matters.Then we delve into the world of breaches and the lessons Ron has learned along the way. From the importance of being prepared with a good partner by your side, to the challenges faced when seeking assistance from big entities, Ron shares his valuable insights on prevention, preparation, and engaging with the right partners.Furthermore, we explore the concept of being a "seesaw" in security, a topic rarely discussed in such detail before. Ron reflects on the ever-evolving role of security directors, the shift towards risk-driven approaches, and the need for effective communication and storytelling when presenting to boards and executives. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Huddled in a corner, away from the lights and sounds of the slots, John and Brian reminisce about the Black Hat USA conferences gone by and what trends and topics this one already holds. In this mini-sode on location, the dynamic duo discusses AI, xIoT, and the security of slots. But when you end up in Vegas yearly, you also inevitably get up to some non-work activities. Did you know you can rent and drive construction equipment?Let's get into Things on an extra mini-sode of the IoT Security Podcast! Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Over the past 17 years, Kelly Jackson Higgins, editor-in-chief at Dark Reading, has watched the cybersecurity industry explode. She brings a unique perspective to the podcast in discussion with Brian and John as they pick apart the challenges faced in industrial environments to the vulnerabilities in healthcare organizations. Just as the world of technology journalism has changed, so has Dark Reading and the way they approach the industry, the major players, and evolving conversations in the space. Kelly's unique position allows her to triage the firehose of information for us, focusing on ransomware and "the whole AI thing," and more. Throughout the conversation, we will explore the importance of visibility and monitoring of connected devices, the persistent issue of devices being connected to the public internet when they shouldn't be, and the need for collaboration between IT and OT teams. We will also delve into recent cyber threats, such as ransomware attacks and the concerning trend of ransomware as a service, shedding light on the advancement of technology and its impact on cybersecurity.Join us as we explore these critical topics with our expert guest, Kelly Jackson Higgins, and uncover the challenges, advancements, and solutions in the realm of IoT security. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

It's cyber all day, every day, with Chase Cunningham, Dr. Zero Trust himself. He joins John and Brian to delve into the complex and ever-evolving world of online security threats. With cyber-attacks becoming increasingly sophisticated and prevalent, understanding the strategies and technologies that can safeguard our digital assets has never been more crucial.Chase Cunningham, a seasoned cybersecurity professional, renowned author, and podcast host in his own right, joins us as our esteemed guest. With his extensive background in the industry, Chase brings a wealth of knowledge and insights to the table. From his time serving as a military strategist and chief cryptologic technician in the United States Navy to his current role as a prominent cybersecurity analyst, Chase has witnessed firsthand the evolving landscape of cyber threats and the strategies required to combat them.During the conversation, we explore various pressing topics, including the rise of nation-state cyber attacks, the growing importance of zero-trust architecture, the impact of artificial intelligence and machine learning on cybersecurity, and the critical role of individuals and organizations in safeguarding their digital identities.This episode should offer the listener valuable insights and practical advice from one of the industry's foremost experts. Join us as we unmask the complexities of cybersecurity and empower ourselves with the knowledge to stay one step ahead of potential threats.Listen to Chase Cunningham on DrZeroTrust here. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, Tammy Hawkins, a fraud specialist with over 20 years of experience, warns of the growing threat of cyberattacks on IoT devices and emphasizes the need for organizations and individuals to take proactive security measures. She offers critical advice and recommendations on how the audience — that's you! — can protect themselves against these cyber threats.In this episode, learn about:Delving into the world of IoT security threats and the risks they pose in our digital landscapeUnraveling the complexity of cybercriminal activity and how insiders contribute to security breachesRealizing the importance of taking a proactive approach to secure IoT devicesExamining the role of IoT devices in organizations and the potential risks they carryGaining insight into the necessity of staying informed and vigilant in the fight against cyber threatsBrian Contos and John Vecchi speak with Tammy Hawkins, a seasoned cybersecurity specialist whose career has taken her through various roles and industries. Starting in information security, Tammy transitioned to Mastercard, where her expertise lay in creating cutting-edge security products to fight the world’s best fraudsters. From there, she branched out into the gaming sector at Activision Blizzard, focusing on anti-toxicity solutions. Now, as the Director of Cybersecurity and Fraud at Intuit, Tammy is passionate about protecting small businesses and their software systems. With her comprehensive knowledge of IoT device security, Tammy's input is an invaluable asset to today's topic. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Brian and John sit down to the mic with Vignesa Moorthy. With a seasoned background in telecommunications and cybersecurity, Vignesa Moorthy is a forward-thinking innovator in the industry. Running a successful Singapore-based telco company, he has expanded operations across Southeast Asia and evolved his company's focus to cybersecurity services. With years of hands-on experience securing customer infrastructure, Vignesa has unparalleled knowledge of the key risks facing IoT infrastructure managers in today's rapidly advancing technology landscape. His expertise in managing IoT device vulnerabilities makes him an ideal speaker on this very subject.In this episode, you will hear about:Insights into Southeast Asia's cybersecurity landscape and the solutions implemented to combat threats.The indispensable role of data leak prevention and IoT infrastructure protection for ensuring data security.The explosive growth of IoT devices and the best practices to address inherent vulnerabilities.The importance of cooperation and ongoing education across stakeholders in the IoT domain.How staying alert and adaptable can be game-changers for businesses in cybersecurity.The pain of taking ineffective actions and not seeing results can be overwhelming. But don't lose hope. In this episode, we'll explore the best practices for managing IoT vulnerabilities and improving overall device security, giving you the peace of mind you deserve. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Are you tired of feeling helpless and exposed when using IoT devices? Have you been told to simply 'be careful' without any real solutions? In this episode, we get our ears on some expert insights and practical solutions to help you take control of your privacy. From understanding the risks and vulnerabilities to mastering cybersecurity challenges and envisioning a safer future - this episode is a must-listen for every privacy-conscious individual using IoT devices.In this episode, you will hear:Valuable insights into privacy risks and vulnerabilities within IoT devices and discover expert solutions to tackle them.The importance of increasing consumer awareness for preserving privacy while using IoT devices.The complexities of cybersecurity challenges and integrating security measures within IoT devices and regulations.The technical aspects of IoT devices, such as encryption, protocols, and shared infrastructure.Future plans by empowering users and cooperating with protection authorities and organizations for a more secure IoT environment.Our guest in this episode is Anna Maria Mandalari.Brian and John talk with Anna Maria Mandalari, a talented IoT privacy and security expert who has dedicated her career to understanding and addressing the vulnerabilities of IoT devices. Beginning her education journey in Italy, Anna specialized in Telematics before pursuing a Ph.D. in Internet measurements in Madrid. Her expertise in networking eventually led her to London's Imperial College, where she began focusing on IoT privacy and security. Now, Anna works at University College London, where she collaborates with other experts to develop innovative solutions for safeguarding consumer privacy in the IoT space. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, John and Brian talk with Mark Weatherford, a skilled cybersecurity veteran with a diverse background in both government and private sectors. Having held positions such as CISO for California and Colorado and serving in the Obama administration as the Deputy Under Secretary for Cybersecurity, Mark has a unique perspective on IoT security and critical infrastructure protection challenges. In addition to his government roles, Mark has ventured into the private sector, working with startups and as the Chief Security Officer at NERC. His expertise in IoT security is incredibly valuable for cybersecurity professionals looking to stay informed in this rapidly evolving field.Listen in for a conversation on:Navigating the complicated obstacles involved in securing IoT devices and defending crucial infrastructureIdentifying the underestimated hazards linked to the perception that air-gapped networks are entirely protected from breachesAcknowledging the powerful impact of education and awareness in tackling IoT security challengesRecognizing the importance of implementing more regulatory measures and policies for bolstering IoT device securityInvestigating the escalating threats of IoT attacks and the need for integrating security solutions within IoT devicesAs a cybersecurity professional, staying up-to-date on IoT security challenges is crucial to protecting critical infrastructure. Don't fall for the common misconceptions - Mark Weatherford will share the truth with John and Brian about the complex challenges of securing IoT devices and infrastructure. Stay informed and stay protected. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast