OT Security – Huxley Barbee – ASW #259
It's no surprise that OT security has fared poorly over the last 30+ years. To many appsec folks, these systems have uncommon programming languages, unfamiliar hardware, and brittle networking stacks. They also tend to have different threat scenarios. Many of these systems are designed, successfully, to maintain availability. But when a port scan can freeze or crash a device, that availability seems like it hasn't put enough consideration into adversarial environments. We chat about the common failures of OT design and discuss a few ways that systems designed today might still be secure 30 years from now.
Segment Resources: https://linktr.ee/huxley_barbee
BSidesNYC: LinkedIn: https://www.linkedin.com/company/bsidesnyc/ Mastodon: https://infosec.exchange/@BSidesNYC
runZero has a tool that can safely discover your entire OT network: Free trial: https://www.runzero.com/try/signup/
Announcements
Security Weekly Listeners: We are celebrating the milestone of reaching over 1,000 members of our CISO community. The Cybersecurity Collaboration Forum is a one-stop shop for executive collaboration comprised of CISOs across various industries. If you want to be part of this growing community of CISOs, join us as a member or technology partner. To learn more, visit: securityweekly.com/cybersecuritycollaboration
Guest
Huxley Barbee is the organizer for BSidesNYC and security evangelist at runZero. Huxley previously worked at Datadog, where he formulated their Cloud Security Platform. Earlier at Cisco, he led a team that automated SecOps and IR playbooks. He holds both the CISSP and CISM certifications.
Hosts
