Third-party risk, Hardware Security, Patch Management, Zero trust, Blue Team

All Our Devices Aren’t Belong 2 Us – Scott Scheferman – RSA21 #3

May 19, 2021

Sponsored By

sponsor Visit https://securityweekly.com/eclypsium for more information!

Against the ubiquitous backdrop of Zero Trust initiatives, we have all come to accept the motto of “Verify, then trust”. Yet, here we are building an entire stack of Zero Trust enabled technologies, upon a broken implicit-trust foundation. Nowhere is this risk more apparent, than at the device and firmware level. Indeed this is why both nation-state and criminal actors have converged upon a strategy that combines supply chain attack dynamics, with readily exploitable devices. This allows them to impart maximum impact against victim organizations, and even those victim’s downstream partners and customers. In order to address this evolving threat, organizations must take back security control of their devices, and stop trusting the fox that has quite frankly, become the hen house.

https://eclypsium.com/firmware-threat-report/

https://eclypsium.com/2020/07/21/device-integrity-and-the-zero-trust-framework/
https://eclypsium.com/2021/01/14/assessing-enterprise-firmware-security-risk-in-2021/

This segment is sponsored by Eclypsium.

Visit https://securityweekly.com/eclypsium to learn more about them!

Full Episode Show Notes

All Our Devices Aren't Belong 2 Us

Guests

Scott Scheferman

Scott Scheferman - Principal Strategist at Eclypsium

@transhackerism

Scott, aka "Shagghie" in the community, is a public speaker, thought leader and cyber strategist. With decades of cyber consulting in both Federal and Commercial domains, he brings strong opinions and insight into any topic covering cyber, privacy, AI/ML, or the intersections of these. Winner of the first defcon badge-hacking contest and a defcon music artist, he currently works to bring urgent awareness to the device and firmware attack surface now being readily exploited.

Hosts

Paul Asadoorian

Paul Asadoorian - Founder at Security Weekly

@securityweekly

Paul Asadoorian is the founder of Security Weekly, which was acquired by CyberRisk Alliance. Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.

prestitial ad