Welcome to Compromising Positions!

The tech podcast that asks non-cybersecurity professionals what we in the industry can do to make their lives easier and help make our organisations more prepared to face ever-changing human-centric cyber threats!

This Episode we are joined by James Hall, developer and Founder of Parallex, a digital consultancy that focuses on ‘building better digital experiences together’.

In this episode, That’s illuminating! Protecting Aberdeen’s IOT Street Lights from Cyber attacks! James shares his experience on securing public utilities, other IOT devices, how he ‘sells’ security as a value add to his stakeholders, and if Bug Bounties are actually worth doing!

—————

In this Episode we cover:

Agile means no documentation right? Wrong! While documentation is certainly lighter in agile teams, it doesn’t mean it is completely absent. But this lightweight style does bring its challenges and teams need to avoid keeping it all ‘in their head’ if they want security teams to understand what they are building and the security challenges that may come with that. James tells us about the danger of assuming prior knowledge and gives advice on how to test your documentation by giving it to the most junior member of the team and seeing if they can follow it. But while documentation is important we need to remember that…

Shared documentation is not the same as shared knowledge. It is not enough to ensure that everyone on the team is aware of the security requirements. It is important to have open communication channels and encourage team members to ask questions and share their knowledge.

Paired programming would help fill in the blind spots of any security issues there might be. It is important to acknowledge that there are things that we don’t know as developers and paired programming with a member of the security team can help fill in these gaps. By working together, team members can share their knowledge and learn from each other.

Securing IOT devices is challenging because hardware manufacturers don’t have an incentive to make their products secure. This is a major challenge in securing IoT devices, and it is important to be aware of this when designing solutions that rely on IOT devices.

Bringing risk to life is important otherwise people will ignore it. It is important to communicate the risks associated with cyber-attacks in a way that is easy to understand.

—————

Links to everything we discussed in this episode can be found in the show notes and if you liked the show, please do leave us a review.

Follow us on all good podcasting platforms and via our YouTube channel, and don't forget to share on LinkedIn and in your teams.

It really helps us spread the word and get high-quality guests, on future episodes.

We hope you enjoyed this episode - See you next time, keep secure, and don’t forget to ask yourself, ‘Am I the compromising position here?’

Visit www.compromisingpositions.co.uk for full show notes