fbpx

Episode 39: Paul Konikowski on Investing in Cybersecurity & Culture

Highlights From This Episode…

  • Bring up security early in the process. IT is often treated as an afterthought in AV.
  • Assess the impact of each device being comprised. 
  • Consider access for each device. Who? How? Why?  Least resource or least route?
  • Consider if network connectivity is really needed for each device.
  • Perform role-playing to get better perspective of what a malicious actor could do.
  • Assess if users can accidentally cause a security breach, such as plugging in unknown USB sticks.
  • VLAN headers can be spoofed and should not be considered a security mechanism.
  • Close unused ports on all devices.
  • Enable device logging and monitor the logs for suspicious activity.
  • Consider messaging direction per device and disable a device’s ability to send or receive messages if not needed.
  • Being able to demonstrate internal security practices may reduce liability should an incident arise. *This is not legal advice 🙂
  • Create a culture of security awareness in your organisation through policies, training and compliance testing.
  • Perform internal and possibly public code reviews.  
  • Track data check-in and check-outs.
  • Incentivize reporting vulnerabilities through rewards programs.
  • AV as a cyber target is increasing in popularity.

Mentioned In This Episode…

Episode 36: Josh Srago On The Legal Side Of Bandwidth & Default Passwords

Highlights From This Episode…

  • 2015 Open Internet Bill Protects Browser Based Internet Traffic, but excludes VPN’s, Hardware Codecs and IoT Devices
  • Relying on the internet to provide a service introduces a 3rd party (the ISP). Contracts should consider reflecting this.
  • The California requirement for no default passwords goes into effect January 1st, 2020.

Mentioned In This Episode…

TEECOM, Zoom, Barco Overture, Utelolgy, Extron, University Of California Merced, Santa Clara University, 

Contact

Follow Josh on twitter @jsrago

Visit his website http://soundreason.org.

Episode 33: Dr. Jonathan Butts & Billy Rios On Cyber Security, Public Safety & The Layers Of Defense

I have the honour of having two cyber security experts on the show today.

Dr Jonathan Butts is a retired Air Force officer who among many other roles served as Research Director at the Air Force Center for Cyberspace Research.

Billy Rios has held security positions with companies like Ernst & Young, Verisign and Microsoft. He probably had one of the coolest sounding job titles as Google’s Security Ninja.
Both Jonathan and Billy are currently Managing Partners at QED Secure Solutions, whose mission it is to advance Cyber Security and Critical Infrastructure Protection.

Highlights From This Episode

  • Anyone can purchase hardware or software and spend as much time as they can afford learning how it works
  • There are three layers of security, The Vendor, The Systems Integrator and The Technology Owner
  • All three parties need to work together to create a secure solution – it is a team game
  • One defensive strategy is identifying critical systems and segmenting them from other systems
  • The biggest security weaknesses are usually in the system configuration
  • Security exploits can include Terrorist Threats, Public Safety, Critical Data Breaches and Unauthorized Usage of Computing Cycles
  • The public safety aspect of the IoT may spur some regulations for security requirements
  • Using a third party IoT platform does not shift risk away from stakeholders
  • Raising awareness among Management and Leadership Stakeholders is the best way to make security a priority

Mentioned In This Episode

QED Secure Solutions, IBM, War Games, Microsoft, Google, Sochi Winter Games, Crestron, Defcon, BlackHat Conference, Department Of Homeland Security, Microsoft IoT, Amazon IoT, Ubuntu Core

Episode 29: Bruno Napoli On Not Selling Technology And The Dangers Of Smart Homes

Bruno Napoli has a background in the Home Cinema scene in Paris, France. Which over the years, evolved into luxury smart home integration. He is a columnist for Smart Integrations Mag and served as co-founder of Krika, a remote monitoring platform for integrated AV and smart home systems.

Highlights From This Episode

  • Custom Installers may resist remote network monitoring because they are forced to use the network – they’d rather be doing AV.
  • Even if the value proposition is clear, the market may still not adopt it – this is the life of an entrepreneur.
  • End users should be informed that is their responsibility to keep network devices up to date – or offered a service contract.
  • Start the conversation with service and maintenance instead of features
  • Communicate to the customer that you will be there for them and you are not a sales sniper (one shot, one kill, next customer).
  • Residential installers should team up with IT companies to service the network.
  • Controlling home systems has safety repercussions that are often overlooked.

Mentioned In This Episode

Krika, Kaleidescape, CEPro, ihiji, Domotz, Oversee, Snap AV, Backpack, Packedge, Control4, Crestron