Mind of a Hacker, Role of a Defender, with Larry Pesce, Product Security Research and Analysis Director at Finite State

Written By Ryan Owen

On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald sits down with Larry Pesce, a lifelong tinkerer whose obsession with how things work led him to his role as Finite State's new Product Security and Analysis Director. Together they explore how Larry began his long and accomplished career as a pen tester and security and research expert. Eric and Larry also examine the pressure that lower production budgets impose on product security professionals, the questionable value of regulation as a catalyst to drive product security investment and improvements, and the potential role SBOMs can play in cybersecurity.  


Interview with Larry Pesce 

 

Since joining Finite State, Larry has been serving as a senior consultant, providing expert product security program design and development and IoT pen testing guidance and services to product security teams worldwide. He is also a Certified Instructor at the SANS Institute and has co-hosted the Paul's Security Weekly podcast since 2005. Before joining Finite State, Larry spent 15 years as a penetration tester (amongst his various roles) focused on healthcare, ICS/OT, wireless, and IoT/IIoT embedded devices. Larry holds several GIAC certifications and earned his B.S. in Computer Information Systems from Roger Williams University. 


In this episode, Eric and Larry discuss:

  • What it was like to pioneer the Paul's Security Weekly podcast in the early days of podcasting (and co-hosting the show for the last 17 years!)

  • How Larry's early interest in taking things apart led to a career in embedded device security and, eventually, to Finite State

  • How the drive to lower production costs pressures manufacturers to sacrifice invisible differentiators like product security

  • Whether regulation can serve as an effective mechanism in encouraging product security improvements

  • How companies can work to overcome the complexities of product security programs

  • The SBOM as a product security tool and whether it could also be a roadmap attackers can use to target your connected device ecosystem


Find Larry on LinkedIn:

Larry Pesce: https://www.linkedin.com/in/larry-pesce-6715b73/

 

Learn more about Finite State: https://finitestate.io/


Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.

 

If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.

 

To learn more about building a robust product security program, protecting your connected devices, and complying with emerging regulations and technical standards, visithttps://finitestate.io/

Ryan Owen
Previous

What's Going on with ICS Security, and What's SBOM Got to Do with It? with Dale Peterson, ICS Security Catalyst and Founder of S4 Events
Next

The Cyber Insurance Questionnaire: Please Tell Me There's Another Way!, with Davis Hake, Co-Founder of Resilience