با برنامه Player FM !
پادکست هایی که ارزش شنیدن دارند
حمایت شده


Bringing CISA's Secure by Design Principles to OT Systems - Matthew Rogers - ASW #334
Manage episode 487923344 series 2794635
CISA has been championing Secure by Design principles. Many of the principles are universal, like adopting MFA and having opinionated defaults that reduce the need for hardening guides. Matthew Rogers talks about how the approach to Secure by Design has to be tailored for Operational Technology (OT) systems. These systems have strict requirements on safety and many of them rely on protocols that are four (or more!) decades old. He explains how the considerations in this space go far beyond just memory safety concerns.
Segment Resources:
- https://www.cisa.gov/sites/default/files/2025-01/joint-guide-secure-by-demand-priority-considerations-for-ot-owners-and-operators-508c_0.pdf
- https://www.youtube.com/watch?v=vHSXu1P4ZTo
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-334
352 قسمت
Manage episode 487923344 series 2794635
CISA has been championing Secure by Design principles. Many of the principles are universal, like adopting MFA and having opinionated defaults that reduce the need for hardening guides. Matthew Rogers talks about how the approach to Secure by Design has to be tailored for Operational Technology (OT) systems. These systems have strict requirements on safety and many of them rely on protocols that are four (or more!) decades old. He explains how the considerations in this space go far beyond just memory safety concerns.
Segment Resources:
- https://www.cisa.gov/sites/default/files/2025-01/joint-guide-secure-by-demand-priority-considerations-for-ot-owners-and-operators-508c_0.pdf
- https://www.youtube.com/watch?v=vHSXu1P4ZTo
Visit https://www.securityweekly.com/asw for all the latest episodes!
Show Notes: https://securityweekly.com/asw-334
352 قسمت
همه قسمت ها
×
1 Checking in on the State of Appsec in 2025 - Janet Worthington, Sandy Carielli - ASW #338 1:07:15

1 How Fuzzing Barcodes Raises the Bar for Secure Code - Artur Cygan - ASW #336 1:01:18

1 Threat Modeling With Good Questions and Without Checklists - Farshad Abasi - ASW #335 1:08:00

1 Bringing CISA's Secure by Design Principles to OT Systems - Matthew Rogers - ASW #334 1:09:09

1 AI in AppSec: Agentic Tools, Vibe Coding Risks & Securing Non-Human Identities - Mo Aboul-Magd, Shahar Man, Brian Fox, Mark Lambert - ASW #332 1:04:35

1 Appsec News & Interviews from RSAC on Identity and AI - Rami Saas, Charlotte Wylie - ASW #331 1:01:48

1 Secure Code Reviews, LLM Coding Assistants, and Trusting Code - Rey Bango, Karim Toubba, Gal Elbaz - ASW #330 1:09:38

1 AI Era, New Risks: How Data-Centric Security Reduces Emerging AppSec Threats - Vishal Gupta, Idan Plotnik - ASW #329 1:03:03

1 Managing Secrets - Vlad Matsiiako - ASW #327 1:03:03

1 More WAFs in Blocking Mode and More Security Headaches from LLMs - Sandy Carielli, Janet Worthington - ASW #326 1:14:45

1 In Search of Secure Design - ASW #325 1:07:36

1 Avoiding Appsec's Worst Practices - ASW #324 1:11:19



1 CISA's Secure by Design Principles, Pledge, and Progress - Jack Cable - ASW #321 1:13:50

1 Keeping Curl Successful and Secure Over the Decades - Daniel Stenberg - ASW #320 1:09:02

1 Developer Environments, Developer Experience, and Security - Dan Moore - ASW #319 1:10:21


1 Code Scanning That Works With Your Code - Scott Norberg - ASW #317 1:12:52

1 Threat Modeling That Helps the Business - Akira Brand, Sandy Carielli - ASW #316 1:11:39

1 Security the AI SDLC - Niv Braun - ASW #315 1:08:34

1 Discussing Useful Security Requirements with Developers - Ixchel Ruiz - ASW #313 1:07:41

1 DefectDojo and Bringing Quality Appsec Tools to Small Appsec Teams - Greg Anderson - ASW #312 1:07:10

1 Applying Usability and Transparency to Security - Hannah Sutor - ASW #311 1:09:42

1 Adding Observability with OpenTelemetry - Adriana Villela - ASW #309 1:10:55

1 Biometric Frontiers: Unlocking The Future Of Engagement - Andras Cser, Enza Iannopollo - ASW #308 1:10:32

1 Modernizing AppSec - Melinda Marks - ASW #307 1:09:29

1 Bug bounties, vulnerability disclosure, PTaaS, fractional pentesting - Grant McCracken - ASW #306 1:05:35

1 Making TLS More Secure, Lessons from IPv6, LLMs Finding Vulns - Arnab Bose, Shiven Ramji - ASW #305 1:22:48

1 The Complexities, Configurations, and Challenges in Cloud Security - Scott Piper - ASW #304 1:17:25

1 The Future of Zed Attack Proxy - Simon Bennetts, Ori Bendet - ASW #302 1:12:35

1 More Car Hacks, CUPS Vulns, Microsoft's SFI, Memory Safety, Password Complexity - Farshad Abasi - ASW #301 45:57

1 Vulnerable APIs and Bot Attacks: Two Interconnected, Growing Security Threats - David Holmes - ASW #300 1:07:51

1 Bringing Secure Coding Concepts to Developers - Dustin Lehr - ASW #299 1:02:26



1 Changing the Course of IoT's Future from Its Insecure Past - Paddy Harrington - ASW #297 1:04:28

1 The Fallout and Lessons Learned from the CrowdStrike Fiasco - Shimon Modi, Jeff Pollard, Allie Mellen, Boaz Barzel - ASW #296 1:21:54

1 When Appsec Needs to Start Small - Kalyani Pawar, Danny Jenkins, Nikos Kiourtis - ASW #295 1:08:53

1 Building Successful Security Champions Programs - Marisa Fagan - ASW #294 1:10:17
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.