EPISODE 16: That’s illuminating! Protecting aberdeen’s iot street lights from cyber attacks!

This Episode we are joined by James Hall, developer and Founder of Parallex, a digital consultancy that focuses on ‘building better digital experiences together’. In this episode, That’s illuminating! Protecting Aberdeen’s IOT Street Lights from Cyber attacks! James shares his experience on securing public utilities, other IOT devices, how he ‘sells’ security as a value add to his stakeholders, and if Bug Bounties are actually worth doing! ————— In this Episode we cover: Agile means no documentation right? Wrong! While documentation is certainly lighter in agile teams, it doesn’t mean it is completely absent. But this lightweight style does bring its challenges and teams need to avoid keeping it all ‘in their head’ if they want security teams to understand what they are building and the security challenges that may come with that. James tells us about the danger of assuming prior knowledge and gives advice on how to test your documentation by giving it to the most junior member of the team and seeing if they can follow it. But while documentation is important we need to remember that… Shared documentation is not the same as shared knowledge. It is not enough to ensure that everyone on the team is aware of the security requirements. It is important to have open communication channels and encourage team members to ask questions and share their knowledge. Paired programming would help fill in the blind spots of any security issues there might be. It is important to acknowledge that there are things that we don’t know as developers and paired programming with a member of the security team can help fill in these gaps. By working together, team members can share their knowledge and learn from each other. Securing IOT devices is challenging because hardware manufacturers don’t have an incentive to make their products secure. This is a major challenge in securing IoT devices, and it is important to be aware of this when designing solutions that rely on IOT devices. Bringing risk to life is important otherwise people will ignore it. It is important to communicate the risks associated with cyber-attacks in a way that is easy to understand. —————— Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review. Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams. It really helps us spread the word and get high-quality guests, on future episodes.  We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’  Keywords: Cybersecurity, Aberdeen, IOT, street lights, cyber attacks, documentation, security needs, communication, paired programming, hardware manufacturers, risk, cyber attacks, PetNet, smart meter sec

Om Podcasten

Dive into “Compromising Positions”, the unique, new podcast designed to iron out the wrinkles in the relationship between cybersecurity teams and other tech professionals. We’re taking the ‘security as a blocker’ stereotype head-on, promoting a shared language and mutual understanding. We’ll turn those ‘compromising positions’ into ‘compromising solutions’, helping security pros and tech teams collaborate more effectively for a smoother, safer digital journey. Every week we will be joined by Developers, User Researchers, Designers, Product Owners, Data Scientists, Cloud Specialists, Scrum Masters, C-Suite Execs, AI/MI boffins, and many, many more non-security positions! This is a podcast aim to get you thinking about security without boring you to death! Join our two hosts, Lianne Potter, Cyber Anthropologist and Head of Security Operations at a major retailer and Jeff Watkins, CTO at XDesign for this informal, frank, and at times anarchic look at what people really think about cybersecurity in organisations and what cybersecurity people should ACTUALLY be doing.