IoT Security Foundation Conference 2016
SPEAKER PRESENTATIONS
click on speaker picture to download their presentation and see their abstract and biography
Strategic Track Presentations
“What will Security Standards and Certification Look Like Ten Years from Now?”
Ross Anderson, Professor of Security Engineering, University of Cambridge
Ross Anderson, University of Cambridge
Click Here to Download Ross’ Presentation
Ross John Anderson, FRS, FREng, is a researcher, writer, and industry consultant in security engineering. He is Professor of Security Engineering at the Computer Laboratory, University of Cambridge where he is part of the Security Group. Anderson’s research interests are in security, cryptology, dependability and technology policy.
In cryptography, he designed with Eli Biham the BEAR, LION and Tiger cryptographic primitives, and co-wrote with Biham and Lars Knudsen the block cipher Serpent, one of the finalists in the Advanced Encryption Standard (AES) competition. He has also discovered weaknesses in the FISH cipher and designed the stream cipher Pike. In 1998, Anderson founded the Foundation for Information Policy Research, a think tank and lobbying group on information-technology policy. Anderson is also a founder of the UK-Crypto mailing list and the economics of security research domain.
He is well-known among Cambridge academics as an outspoken defender of academic freedoms, intellectual property and other matters of university politics. He is engaged in the ″Campaign for Cambridge Freedoms″ and has been an elected member of Cambridge University Council since 2002. In January 2004, the student newspaper Varsity declared Anderson to be Cambridge University’s “most powerful person”.
Anderson was elected a Fellow of the Royal Society (FRS) and a Fellow of the Royal Academy of Engineering (FREng) in 2009.
“What Will Security Standard and Certification Look Like Ten Years from Now?”
The “embedded systems” of 20 years ago became “things that think” a decade ago; the hype is now about the “Internet of Things” and no doubt by 2026 the marketing folks will have come up with a fresh slogan. However several trends are now visible as computers and communications find their way into all sorts of devices.
First, security is mostly an aspect of safety; indeed most European languages use the same word for both (Sicherheit, surete, seguridad, sicurezza…).
Second, although there are some cross-cutting technical standards (such as for crypto algorithms and protocols) and operational norms (such as the disclosure of breaches and vulnerabilities), these are by no means enough. Just as we don’t rely on product liability law to ensure car safety but have a large body of regulation around testing and type approval, so also we have a growing body of standards and regulation around the security of everything from tachographs to smart meters.
Third, as regulators in fields from electric power distribution to healthcare realise they have to start thinking about malice as well as error and mischance, security standards and certification will continue to get ever more complex. We have already seen conflicts between policy goals; cars today are easy to steal because of crypto export restrictions in the 1990s when their remote key entry systems were being designed.
Fourth, the computer industry’s freewheeling approach will not translate well to industries such as energy and healthcare where certification and liability are taken very seriously; so complexity and conflicts can’t always just be optimistically waved away.
Finally, the predatory business models that characterise the IT industry will spread, adding competition policy and consumer protection issues to the mix. The likely outcome is an ever more complex regulatory environment for many industries — and one which the UK will be ever less able to shape if the brexit vote leads to Britain abandoning the Single Market.
“I Trust 72.4% of People, How Many Things Should I Trust?”
Mike Westmacott, Principal Cybersecurity Consultant at Thales
Mike Westmacott, Thales
Click Here to Download Mike’s Presentation
Mike works in the technical domain of the cyber security practice and operates broadly on the same basis as an attacker. He has conducted hundreds of penetration tests and audits against a wide variety of systems and targets, combined with activities such as secure code review, reverse engineering and wireless assessment. This experience has given Mike a deep understanding of both how security is developed within a system and also how vulnerabilities can be exploited. Mike is a CREST Registered Tester, CREST Certified Network Intrusion Analyst (CCNIA) and has performed breach assessments in a wide variety of different industry sectors including finance, eCommerce, EU and UK government, and aerospace.
“I Trust 72.4% of People, How Many Things Should I Trust?”
Our daily interactions with one another are deeply entrenched in trust. As humans we build our individual trust relationships based on evidence and our internal and group notions of who is and isn’t trustworthy. How do we extend that trust into the digital world? What is it that forms digital trust between two computers? How do we interact across those two different realms?
This talk is for anyone who has ever said “I don’t trust that [expletive] machine!”. We will take a brief look at how human trust works, and then investigate the digital world and the different ways that trust can be implemented in the IoT. The question of whether human-computer trust (and vice-versa) can truly be realised will be raised, and consider if trust is a saleable commodity.
Craig Heath, Franklin Heath
Click Here to Download Craig’s Presentation
Craig Heath has worked in computer security since 1988, on UNIX, enterprise Java, mobile, and embedded device platforms. He provides independent security consultancy, as well as chairing the IoT Security Foundation’s Working Group 4 and volunteering at Bletchley Park. Craig is the author of several computer security publications, including the book “Symbian OS Platform Security”.
“The Future of IoT Security and “Cybercrime”
Starting from trends in computer security and computer-enabled crime over the past 30 years and more, this talk covers current concerns over the security of Internet of Things devices, and considers the likely outcome over the next 5 to 10 years. It’s clear that things are changing quickly, and right now we are hearing many voices of doom, but at the same time there are some reasons to be hopeful; on balance, will the world be a safer or a riskier place in years to come?
Martin Borrett, IBM
Click Here to Download Martin’s Presentation
Martin Borrett is an IBM Distinguished Engineer and CTO IBM Security Europe. He advises at the most senior level in clients on policy, business, technical and architectural issues associated with security. Martin leads IBM’s Security Blueprint work and is co-author of the IBM Redbooks “Introducing the IBM Security Framework and IBM Security Blueprint to Realize Business-Driven Security” and “Understanding SOA Security”. He is Chairman of the European IBM Security Board of Advisors, member of the Royal Society’s Cybersecurity Research Steering Group, represents IBM at GFCE, is a Fellow of the British Computer Society, a Chartered Engineer (CEng) and member of the IET. Martin has a passion for sailing and has represented Great Britain; he is also a keen tennis player.
“Protecting the Connected Car”
The intelligent, connected vehicle becomes another actor in the world of the Internet-of-Things. It must access resources that require data protection, validate the integrity of the device and provide a secure and unified consumer experience across web, mobile and in-vehicle platforms. Today’s consumer wants a seamless experience with their digital preferences but they also want it to be secure.
As consumers’ enthusiasm for mobility and commerce services grows, industry executives need to create a secure vehicle. One of the biggest challenges is to integrate the plethora of interfaces, existing or new ones, and to design security in from the start. Security, while still at its beginning for the connected vehicle, is a fundamental prerequisite to paving the way toward autonomous driving.
We will discuss how the consumer’s desire for a complete digital experience impacts security. How to handle security and data privacy over the vehicle lifecycle and the role and ability of the automotive industry to design and build a secure vehicle.
“The roles and goals of identity management in future Smart Cities”
Gert Botha, Chief Executive Officer at Hive Technology
Gert Botha, Hiving Technology
Click Here to Download Gert’s Presentation
Gert Botha is the CEO and one of the founding team members of Hive Technology — the Dubai based technology innovation, consulting and wireless identification company that launched the world’s first single wireless identification technology. He is a seasoned management and technology consultant with 25 years diverse experience in the Public and Private sectors across various industries and countries.
Gert has spent the last 5 years’ side by side with the inventor of the technology, Terry Ashwin, aligning Hive’s Single Identification Technology to exactly what the market requires to address the identification of people and objects as the world migrates to a totally connected world where technology becomes pervasive.
He stays abreast of technology trends and consults with CIO’s, CMO’s & CEO’s on technology strategy and how to use technology to innovate client service delivery.
“The Roles and Goals of Identity Management in Future Smart Cities”
This presentation explores the ways the security of Smart Cities is being influenced by different forms of identification and their management.
In the digital world of IT there has been a lot of effort put into successful control of access and authentication through use of existing forms of identification.
But things need to get physical… In the IoT we need to be sure that the identities of the many Things are clear and defensible. And in Smart Cities there are many specific examples of “physical things” and services of value and the need for easy management of identities. To be “easy” identity management needs to include low cost and widely deployable technologies that can support the marginally profitable business models that are essential in the Smart City environment.
As physical identities become manageable for the people in our cities there are opportunities to make the Smart City not just a convenient and secure place but to change the focus towards serving the Smart Citizen.
Ian Phillips, Roke Manor
Click Here to Download Ian’s Presentation
Ian Phillips is a systems engineer and information security architect, working at Roke Manor Research part of the Chemring Group.
Building on years of experience developing complex communications systems from emerging standards to production prototypes, Ian is very interested in applying effective cyber security practices to emerging technology. He is passionate about integrating information security with good engineering so that security enables rather than obstructs capability.
Ian is a Chartered Engineer and holds qualifications in Information Risk Advice, Penetration Testing, Computer Forensics and Information Security Management.
“Grasping New Technology – Securely”
In this talk, Ian challenges the view that cyber security is the exclusive preserve of cyber security experts, and that by marrying domain knowledge and systems engineering with Information Assurance, security for emerging technologies, such as IOT, can be achieved whilst still grasping the benefits. Information security then becomes one of the enablers for adoption of new technology, and not a frustrating after-thought.
Historically information security has often been applied as an afterthought to new technology proposals, occurring after significant design decisions have been made, earning information assurance the reputation of being obstructive, frustrating users and developers alike. Through this talk Ian will show that by working with domain experts it is possible to establish an approach which marries key information assurance concepts with good systems engineering practice leading to an effective framework for delivering technology with information security.
IOT presents the world with exciting opportunities arising from the collective use of diverse connected information. These opportunities can only be fully realised if users are able to trust the information sources and processing. Information security is thus a key enabler, provided it is applied appropriately and effectively. The approach and framework outlined in this talk shows that this is a feasible aspiration.
Richard Marshall, Xitex
Click Here to Download Richard’s Presentation
Richard is Managing Consultant at Xitex Limited, which provides consultancy on defining and launching wired and wireless connected products with emphasis on creating secure IoT products and their secure supply chains. He has spent over 25 years in the electronics and communications sectors, having worked for Lucent Technologies, Sony, Cisco and also being a founding lead team member at startups Ubiquisys and nSine. At Ubiquisys and subsequently Cisco, after its acquisition of Ubiquisys in 2013, Richard was the Product Manager for their global cloud based activation system for 3G/4G small cells. This role being the security advocate, technology champion and secure manufacturing supply chain architect for the small cells manufactured in Europe and SE Asia.
Richard has held a variety of senior lead engineering roles in the wireless and consumer electronics sectors with a focus on embedded and FPGA-based platforms. In the last 25 years he has been involved in FPGA implementations for a range of applications including custom CDMA wireless and PCM processing, 1 bit DSD professional audio, petrochemical ‘down hole’ sensing, medical and industrial instruments. Aside from design of products Richard has been deeply involved with new product introduction in production in the UK, USA, Europe and SE Asia, always with a focus of ‘on line, on time’.
“How Not to be a Headline for IoT Security”
In our session we will consider some of the recent hacks that have made the headlines and consider how following our Security Framework and Best Practice Guides would have helped the affected companies avoid becoming IoT security headlines. We will also look at how our vulnerability disclosure guidelines assist adopters in handling vulnerability discoveries and their messaging.
“Securing the Internet of Things – an Analyst’s View on the Market”
Aapo Markkanen, Principle Analyst at Machina Research
Aapo Markkanen, Machina Research
Click Here to Download Aapo’s Presentation
Aapo Markkanen is a Principal Analyst at Machina Research, where he studies various market and technology issues that will pave the way for, and shape up, tomorrow’s connected enterprise. He has a particular research interest in low-power communication technologies (including e.g. LPWA networks and competing mesh-based alternatives), the evolution of IoT security, as well as fog/edge computing and the associated IoT gateways.
Before joining Machina Research, Aapo worked as a Principal Analyst at ABI Research, where he led various research activities related to M2M, the Internet of Things, and big data.
Aapo holds BSc and MSc degrees in management studies from the University of Tampere, Finland.
“Securing the Internet of Things – an Analyst’s View on the Market”
Security has in the past year or so become possibly the hottest subject matter in the Internet of Things context. This presentation aims to provide an objective “analyst’s view” view on IoT security. Covering the topic on a relatively strategic level, it first walks through the key characteristics that make IoT security different from – and often more difficult than – the traditional, IT-centric cybersecurity, and discusses what they mean from the perspective of an IoT-driven enterprise. Explored are then also the technology areas that can be currently considered instrumental in implementing robust IoT security, as well as the ones that warrant attention in the longer term. Finally, the presentation highlights recent trends and developments in the vendor landscape.
Technical Track Presentations
“Why is IoT Security so Hard and What Can We Do About It? – Some Lessons from the Frontline…”
Nick Allott, CEO at NquiringMinds
Nick Allott, NquiringMinds
Click Here to Download Nick’s Presentation
Nick is CEO and Founder of NquiringMinds, an award-winning Technology Company specializing in IOT (Internet of Things), Cyber Security and Data Analytics.
Nick was formerly CTO of both WAC (Wholesale Application Community) and OMTP, both major international, industry joint ventures, which included all major Mobile Operators and handset manufactures. This followed a tenure as CTO of FastMobile, a VC invested startup acquired by RIM and Technical Director for Motorola’s European Internet division.
Before this Nick held various executive positions at Shell, Pearson Group, Dorling Kindersley and Neural Computer Sciences.
Nick has Degree and PhD in Artificial Intelligence.
“Why is IoT Security so Hard and What Can We Do About It? – Some Lessons from the Frontline…”
“In Silicon we Trust: How to Fix the Internet of Broken Things”
Cesare Garlati, Chief Security Strategist, prpl Foundation
Cesare Garlati, prpl Foundation
Click Here to Download Cesare’s Presentation
Cesare Garlati is an internationally renowned leader in information security. Former Vice President of mobile security at Trend Micro, Cesare currently serves as Chief Security Strategist at prpl Foundation and Co-chair of the Mobile Working Group at Cloud Security Alliance. Prior to Trend Micro, Mr. Garlati held director positions within leading mobility companies such as iPass, Smith Micro Software and WaveMarket. Prior to this, he was senior manager of product development at Oracle, where he led the development of Oracle’s first cloud application and many other modules of the Oracle E-Business Suite.
Cesare has been frequently quoted in the press, including such media outlets as The Economist, Financial Times, The Register, The Guardian, ZD Net, SC Magazine, Computing and CBS News. An accomplished public speaker, Cesare also has delivered presentations and highlighted speeches at many events, including the Mobile World Congress, Gartner Security Summits, IDC CIO Forums, CTIA Applications, CSA Congress and RSA Conferences.
Cesare is a Fellow of the Cloud Security Alliance, holds a Berkeley MBA, a BS in Computer Science and numerous professional certifications from Microsoft, Cisco and Sun.
“In Silicon we Trust – How to Fix the Internet of Broken Things”
In this live-demo session Cesare Garlati, Chief Security strategist at prpl Foundation and Co-Chair of the Mobile Working Group at Cloud Security Alliance, will address four key areas which have introduced serious weaknesses into the IoT: the myth of security through obscurity, connectivity, unsigned firmware, and system promiscuity. Mr. Garlati will then demonstrate a new approach to IoT security – based on open source software, hardware virtualization and interoperable protocols – that can address these vulnerabilities, which have already been shown to have potentially life-threatening consequences.
Geert-Jan Schrijen, Intrintic-ID
Click Here to Download Geert-Jan’s Presentation
Geert-Jan Schrijen received his Master’s degree in Electrical Engineering from the University of Twente in December 2000 on the topic of `active noise cancellation with multiple loudspeakers‘. In April 2001 he joined the security group of Philips Research in Eindhoven where he worked on digital rights management, low-power authentication protocols, private biometrics and Hardware Intrinsic Security™. Work on the latter topic resulted in the spin-off of Intrinsic-ID in October 2008.
As a senior algorithm designer within Intrinsic-ID, Geert-Jan focused on the development of signal processing algorithms and security architectures for hardware-intrinsic key storage systems. In 2012 Geert-Jan became responsible for all development and engineering work at Intrinsic-ID in his role of VP Engineering. In August 2016 he was appointed as CTO of the company.
“Authenticate Everything – Security for the IoT”
In a world where machines talk to other machines, authentication becomes ever more critical. Smart chips, from the sensor in your body or in the tires of your car to a powerful processor in a computer or in the Cloud, will interact in ways that are too complicated and unpredictable for humans to fully comprehend. Authentication ensures the origin and integrity of any data received or instructions sent. Secure authentication needs a foundation in the hardware of devices. A new approach based on Physical Unclonable Functions (PUF) provides a scalable and secure solution that can protect chips over their entire lifetime.
“Towards Effective Security Monitoring for IoT”
Siraj Shaikh, Founder & Chief Scientific Officer at CyberOwl
Siraj Shaikh, CyberOwl
Click Here to Download Siraj’s Presentation
Dr. Siraj Ahmed Shaikh is a Reader in Cyber Security at Coventry University. His research is concerned with systems security, essentially at the intersection of cyber security and systems engineering. He is also the founder and chief scientist at CyberOwl which is developing early warning systems for the cyberspace. He has published over seventy peer-reviewed publications and his work has been funded by EPSRC, MoD and RAEng. He is a Chartered Fellow of the BCS (FBCS CITP) and a Chartered Scientist (CSci). He is also the Vice-Chair of the TC6 on Communications Systems of the International Federation of Information Processing (IFIP).
“Towards Effective Security Monitoring for IoT”
Modern communication networks has its roots in connectivity and not accountability. Stealthy threats, lying low and slow, make it particularly difficult to monitor for increasingly multi-stage attacks designed to evade detection and defeat attribution. What is the future of network security monitoring in this post-attribution world? Could IoT security pose particular additional challenges of scale and complexity? We explore systematic deployment of target-centric sensing and early warning systems, reflecting on trends from both industry and academia.
Ralf Huuck, Synopsys
Click Here to Download Ralf’s Presentation
Dr Ralf Huuck is a Director and Senior Architect with Synopsys’ Software Integrity Group focusing on software security and automated compliance tools. Earlier Dr Huuck spent over 12 years as a software research leader with R&D lab NICTA and as a CEO with security tools company Red Lizard Software. Dr Huuck is an Adjunct Associate Professor with UNSW, Australia, and a renowned author and speaker with over 50 international publications.
“IoT: Attack of the Clone Army?”
Each product in the “Internet of Things” space consists of thousands if not millions of identical device creating unprecedented security threats to infrastructure manipulation, data loss and active denial-of-service attacks. In this talk we highlight why those device similarities lead to a vastly changed threat space compared to classical PC or even mobile system vulnerabilities. Moreover, we present a number of prevention strategies that can be cost-effectively deployed already during the software and hardware development phases of IoT products. This includes emerging software security analysis and scanning tools that help organizations to manage their in-house development as well as their overall IoT supply chain risks. We also outline the rise of new third-party standards and IoT certification activities that complement individual efforts for creating a more resilient IoT infrastructure.
“Industrial IoT Security Issues and Solutions”
Chris Shire, Business Development Manager at Infineon
Chris Shire, Infineon
Click Here to Download Chris’ Presentation
Chris Shire has a background in security technologies and semiconductor hardware. He joined Infineon (then Siemens) Chipcard & Security business line in 1998, with many years experience in the industry. His current focus of activity is with projects in the IOT, mobile,identity, transport ticketing and payment sectors. He is active in helping to set standards for the UK, and establish new security solutions.
Chris is an active member of the IET, UK Smart Card Club and has been a guest lecturer for several years on the RHUL Msc course for Smart Card Security. He has written several articles on security technology and contributed to textbooks on the subject.
“Industrial IoT Security Issues and Solutions”
In 2016 the number of installations of industrial IoT systems is growing fast, but so are the number of attacks. This presentation will discuss a few high profile attacks, identify their types and possible countermeasures. Industrial systems often are being connected to the Internet of Things after installation. This presentation will also discuss what steps should be taken with legacy systems to improve their security, with some examples including FPGA SoC based designs and industrial routers.
Paul Wilson, MAOSCO
Click Here to Download Paul’s Presentation
Paul Wilson joined the MULTOS Consortium, MAOSCO, as Commercial Manager in 2016 bringing with him seventeen years’ experience in smart cards. His career has also spanned the electroplating industry and Royal Navy engineering. His previous six years consisted of business development, promoting and selling smartcard products and solutions. His role at MAOSCO is relationship management of the MULTOS consortium and strategic business development for the MULTOS technology.
“Multos Providing Appropriate Trust for IoT Devices”
The hype around IoT continues to build. However the issue of adequately securing these connected devices is too often glossed over in all the speculation and excitement about what they will be able to do for us in the future.
Paul Wilson, the Commercial Manager of the MULTOS Consortium (www.multos.com) discusses the important topics of device authenticity and integrity as well as data integrity and privacy and how MULTOS, an open and trusted industry standard employed in the world of payments and ID can be employed to solve these issues. Importantly he will show how this can be done without having to re-invent the wheel, or indeed spend huge amounts of money on supporting infrastructure and services.
In particular he explains how the unique features of the MULTOS operating system and its supporting eco-system can easily be employed to ensure complete lifecycle security. The talk will include demonstrations or a short video clip of MULTOS secured devices in action and how they can be easily provisioned in the field.
“Surely your thing doesn’t need a wire! How to choose an IoT Radio Access Network”
Joe Milbourn, Senior Consultant at The Technology Partnership
Joe Milbourn, The Technology Partnership
Click Here to Download Joe’s Presentation
Joe is a senior consultant at TTP focused primarily in the modelling, simulation, and prototyping of complex systems. Recent projects have included: connected computer vision systems for applications including the precise measurement of athlete position and analysis of road traffic movement; large scale monitoring and analysis of buildings and industrial installations; the development of very low power sensors connected via low-power, long-range, IoT RANs.
During and after his doctoral studies Joe worked for Verigy, a leading manufacturer of semiconductor test equipment. Joe has a MEng in Computers, Electronics, and Communications from the University of Bath and received his PhD in modelling redundant repair structures for DRAM from the University of Durham.
“Surely your Thing Doesn’t Need a Wire! How to Choose an IoT RAN”
Secure, robust, and resilient networks require a secure, robust, and resilient radio access network (unless you can use a wire). Choosing the most suitable RAN depends not only on these important attributes but also on the range, bandwidth, cost, and geographical coverage provided. In this talk we’ll develop criteria for choosing a network and apply those criteria to a number of real products.
“The Realities of Maintaining a Secure Software Supply Chain”
Christine Gadsby, Director of Security Response at Blackberry
`
Christine Gadsby, Blackberry
Click Here to Download Christine’s Presentation
Christine Gadsby is the Director of BlackBerry’s global Product Security Incident Response Team (PSIRT). This highly respected team monitors the security threat landscape and responds rapidly to emerging threats for all of BlackBerry’s products and services and those of its’ subsidiaries.
Christine is passionate about vulnerability management and driving patching within complicated and complex systems. She played a critical role in creating BlackBerry’s 30-day Android patching strategy, Customer Advisory program, and leads BlackBerry’s open source software vulnerability management strategy. She has presented security response strategies and services to several high assurance governments including the NSA, CESG, CSE, and GCHQ as well as several enterprise organizations. She has contributed to publications such as CSO magazine and Dark Reading and has spoken as an industry expert at several security industry conferences including Black Hat. She sits on several boards of industry response organizations and programs. She holds a Bachelors of Science degree in Information Technology and in Business Management from Western Governors University.
“The Realities of Maintaining a Secure Software Supply Chain” – Co-Presented with Adam Boulton
The monitoring and management of IoT devices in Enterprise and consumer spaces is a multi-faceted security minefield. With consumer demand for product innovation, increased faster time to market, and the pressures of investment in secure software development vendors are being pushed to breaking points. Nowhere do we see this as a bigger challenge than with connected vehicles, combining both safety and security critical systems. This presents an entirely new challenge to the Enterprise with issues maintaining real time security patching for these critical systems.
BlackBerry has a huge portfolio of embedded devices and IoT solutions. From our handset heritage through to QNX connected vehicles and BlackBerry RADAR, BlackBerry Cybersecurity Services are sharing their experience and expertise in building safety and security critical systems. They will explore the challenges associated with security patch management for in-market products and services.
“The Realities of Maintaining a Secure Software Supply Chain”
Adam Boulton, Senior VP of Security Technology at Blackberry
Adam Boulton, Blackberry
Click Here to Download Adam’s Presentation
Adam Boulton is a highly experienced technology security professional and Executive, with over 12 years’ experience within security engineering. Adam is employed as the Senior Vice President of Security Technology.
Adam graduated from Sheffield Hallam University in 2005 with a 1st Class BSc (Hons) in Software Engineering. Since graduating Adam has worked in security industry in a variety of technical roles from reverse engineering, to wide ranging security assessments and secure software development. He has been an individual contributor on a wide range of technologies, securing both security and safety critical systems. He has gained experience and a deep working knowledge of international product management and business development expertise in the fast moving Smartphone and secure mobile application space. In addition, Adam provides the strategic direction for BlackBerry Cybersecurity services and delivers security assessments to high assurance markets.
His accolades include ISC2 Certified Information Systems Security Professional (CISSP), Certified Cloud Security Professional (CCSP), Certified Secure Software Lifecycle Professional (CSSLP), Qualified Security Team Member (QSTM), CyberScheme Team Member (CSTM) and Oracle Certified Java Associate (OCJA) and ISO 27001 Lead Auditor.
“The Realities of Maintaining a Secure Software Supply Chain” – Co-Presented with Christine Gadsby
The monitoring and management of IoT devices in Enterprise and consumer spaces is a multi-faceted security minefield. With consumer demand for product innovation, increased faster time to market, and the pressures of investment in secure software development vendors are being pushed to breaking points. Nowhere do we see this as a bigger challenge than with connected vehicles, combining both safety and security critical systems. This presents an entirely new challenge to the Enterprise with issues maintaining real time security patching for these critical systems.
BlackBerry has a huge portfolio of embedded devices and IoT solutions. From our handset heritage through to QNX connected vehicles and BlackBerry RADAR, BlackBerry Cybersecurity Services are sharing their experience and expertise in building safety and security critical systems. They will explore the challenges associated with security patch management for in-market products and services.