In this episode of Secured, host Cole Cornford interviews Bruce Large, a security architect and evangelist at Secolve, the OT security specialists in Australia. They discuss the importance of threat modelling in operational technology systems and the need for engineers to consider the potential for cyber attacks. Bruce also shares insights from the ISA/IEC 62443 series of standards, which provides guidelines for secure system development in OT. Additionally, they touch on the significance of unions in the tech industry and the benefits of joining organisations like Professionals Australia. Tune in for a fascinating conversation on application security and more.

1:25 - Bruce's professional background

2:40 - Defining "engineer" in different contexts

6:20 - Differences between computer engineers and civil engineers

8:20 - Threat modeling

12:40 - How we treat safety in software vs other industries

18:30 - Bruce: we should be encouraging lifelong learning

24:00 - ISA/IEC 62443 safety standard

29:00 - The Year 2038 Problem

34:20 - Unions & industrial relations

43:40 - Rapid fire questions

Summary

Paul McCarty is CEO and founder of SecureStack, a DevSecOps visibility & automation company, and GitLab's Red Team leader. Paul's been involved in software security in Australia for decades. In his conversation with Cole Cornford, Paul discusses how Australia's software security industry has changed since the early 2000's, whether security professionals aught to know how to code, and plenty more.

Timestamps

2:50 - Paul's career background

7:00 - Spicy take: people on LinkedIn are too blindly positive

10:00 - Understanding what went wrong when there's a breach

13:00 - Cole doesn't think "zero trust" is feasible

14:10 - Cole: maturity of cybersecurity in Aus is weak generally

16:00 - Cole hires for dev experience, not sec ops, because dev is harder to teach

18:30 - Aus market different to US, which has lots of software companies

21:50 - Paul: we've devalued the importance of operations

22:20 - The "holy trinity" of offensive security

26:30 - What percentage of ASX companies have a bug bounty program?

28:50 - Cole's free pizza exploit

31:00 - Got to be in security for the long haul

31:40 - The book that changed Paul's life

Mentioned in this episode:

Call for Feedback

Jay Hira is a cybersecurity director with 18 years of experience working in a variety of roles both in Australia and internationally. Today he is Director of Cyber Security: Financial Services at KPMG Australia, and Founder and Executive Director of MakeCyberSimple. In this conversation Jay and Cole Cornford avoid getting too deep into technical details, and instead discuss a zoomed out perspective on cybersecurity strategy for large organisations, how the current macroeconomic climate affects approaches to cybersecurity, tips for clear communication between technical and non-technical stakeholders, and plenty more.

Timestamps

1:40 - Advantages of generalisation vs specialisation

4:00 - Tips for communicating effectively to leaders

6:00 - Clarity comes from simplicity

9:30 - Importance of reporting structure in a large org

14:20 - Core foundations of a cyber strategy

20:00 - How current economic climate is affecting cybersecurity budgets

24:30 - How do you maintain intrinsic motivation?

27:00 - Work life balance

30:30 - Rapid fire questions

Mentioned in this episode:

Call for Feedback