I speak regularly to audiences from 100-1000+ on security and privacy topics. Interested? Please get in touch or learn more.

Next Up

Line up of robots with one upside down

AtlSecCon // The Paradox of Cybersecurity in Operational Technologies

IoT has moved beyond kettles, thermostats, and doorbells. Operational technologies (otherwise known as IIoT) like tractors, factories, healthcare devices, and even robots are helping to enable the fourth industrial revolution.

Companies that embrace these changes will lead the charge. Those that don’t will fall behind. These technologies lead to exciting new designs, leveraging the latest and greatest buzzword-laden offerings. Build on a clean slate, and you can drive strong security concepts into every layer of the system.

Unfortunately, these designs don’t get implemented in the real world. The real world of operational technology is messy. It’s dealing with years and years of technology decisions made with wildly different threat models. It’s trying to match technologies built with 20-year lifespans with defences that need to be updated minute-by-minute.

In this talk, we’ll examine the reality of operational technology deployments. How do we match modern cybersecurity practices with decades-old technologies and regulations? Can we? You’ll come away with a better appreciation of the challenges involved in securing operational technologies.


Industrial robot working. #roguerobots

SXSW // Rogue Robots and the Potential for Cyberattack

Most people think that robots are either limited to lab experiments or to humanoid robots ready to start an uprising against the humans. Movies, TV, and sci-fi have shaped how we think of robots.

The reality is starkly different and more advanced than you think. In this talk, we examine the current state of industrial robots and the cybersecurity challenges they face.

Mark presenting to the audience. Slide displaying on the side displaying risk ratings for application components spilt screen on the right

AWS re:Invent 2017 // Securing Serverless Applications Step-by-step

Serverless applications let you focus on solving the problem at hand. Gone are most of the worries of traditional solutions. No more support code. No more building out infrastructure to deliver your application. This means you have to do less and get more in return. It also means traditional approaches to security aren’t even possible

This talk tackles the specific steps you need to take to build security into the fabric of these application within the AWS Cloud.

Mark presenting to the audience. Slide displaying on the side with, 'The state of serverless security is strong...maybe' displayed spilt screen on the right

ServerlessConf NYC // The State of Serverless Security

Serverless designs are changing the way we write applications. Removing most of the burden of operations and allowing a focus purely on the solution at hand. Unfortunately—at the same time—these designs have also challenged the fundamentals of cybersecurity. When you control none of the infrastructure and have minimal access to the code running your solution, how can you apply security controls?

In this keynote, we looked at this question and more.

Other talks in 2017