Everand Logo

Welcome to Everand!

  • Discover this podcast and so much more

    Podcasts are free to enjoy without a subscription. We also offer ebooks, audiobooks, and so much more for just $11.99/month.

    OT Security - Huxley Barbee - ASW #259

    OT Security - Huxley Barbee - ASW #259

    FromApplication Security Weekly (Video)

    Start listeningView podcast show

    OT Security - Huxley Barbee - ASW #259

    FromApplication Security Weekly (Video)

    ratings:
    Length:
    40 minutes
    Released:
    Oct 17, 2023
    Format:
    Podcast episode

    Description

    It's no surprise that OT security has fared poorly over the last 30+ years. To many appsec folks, these systems have uncommon programming languages, unfamiliar hardware, and brittle networking stacks. They also tend to have different threat scenarios. Many of these systems are designed, successfully, to maintain availability. But when a port scan can freeze or crash a device, that availability seems like it hasn't put enough consideration into adversarial environments. We chat about the common failures of OT design and discuss a few ways that systems designed today might still be secure 30 years from now. Segment Resources: https://linktr.ee/huxley_barbee BSidesNYC: LinkedIn: https://www.linkedin.com/company/bsidesnyc/ Mastodon: https://infosec.exchange/@BSidesNYC runZero has a tool that can safely discover your entire OT network: Free trial: https://www.runzero.com/try/signup/ Show Notes: https://securityweekly.com/asw-259
    Released:
    Oct 17, 2023
    Format:
    Podcast episode

    Titles in the series (100)

    Application Security Weekly decrypts development for the Security Professional - exploring how to inject security into their organization’s Software Development Lifecycle (SDLC) in a fluid and transparent way; Learn the tools, techniques, and processes necessary to move at the speed of DevOps (even if you aren’t a DevOps shop yet). The target audience for Application Security Weekly spans the gamut of Security Engineers and Practitioners that need to level-up their skills in the Application Security space - as well as enabling “Cyber Curious” developers to get involved in the Application Security process at their organizations. To a lesser extent, we hope to arm Security Managers and Executives with the knowledge to be conversational in the realm of DevOps - and to provide the right questions to ask their colleagues in development, along with the metrics to think critically about the answers they receive.