17 Jun IoT Security Assessment – Black Hat, White Hat or Gray?
Episode 56
Black hat, white hat… gray hat? What does it all mean? In this context, the different colored hats refer to the different approaches to testing the cyber security of your IT, or in our case, IoT infrastructure. In this episode of the IoT Show I speak with Paul Jauregui about pen testing and other things you need to know about when working with an external security assessment firm.
In this episode of the IoT Business Show, I speak with Paul Jauregui about pen testing and other things you need to know about when working with an external security assessment firm.
Paul is a member of Praetorian’s founding team where he is responsible for all aspects of marketing, branding, and communications. His work has been featured on Fortune, Forbes, NBC News, BusinessWeek, and TechCrunch.
One of the most effective techniques used by external cyber security assessment firms is called Pen Testing. Pen testing, or penetration testing, is a set of ethical hacking techniques designed to expose vulnerabilities in the data network. If you attempt to hack into the IoT system without any more information than the typical bad actor, you are acting like you’re wearing a black hat and are working on a black box. If you are given the backstory and all the resources of an internal team, then you are wearing a white hat and working on a white box. A grey hat, according to me, is when you do a little of both, starting with a black hat and then switching it off for a white one. This third approach is often the most effective but it depends on your needs. What and how you test will dictate the color hat to put on.
Here’s What We’ll Cover in this Episode
- Data as an asset class that needs to be managed and protected.
- The different forms of penetration testing.
- The discovery and reconnaissance phases of pen testing and how much information is freely available online.
- The time and money typically required to do a cyber security assessment.
- Relating security spend to potential loss.
- What you need to do before engaging with a security assessment firm.
Mentioned in this Episode and Other Useful Links
Support this Podcast
If you have been enjoying this podcast, there are a few ways you can support it:
- Share it on social by clicking on the widget on the left or bottom of the page.
- Click here to open iTunes and leave a one-click review or write your thoughts.
- Consider becoming a Certified IoT Professional by enrolling in the ICIP online training program.
Ways to Subscribe to the IoT Business Show
Like what you hear? Subscribe to get each episode delivered to your device via iTunes, Spotify, Google Play, Stitcher Radio or RSS (non-iTunes feed).
Have an opinion? Join the discussion in our LinkedIn group
Have you used an external cyber security assessment firm? And if so, what was your experience?
Click here if you have an opinion on this podcast or want to see the opinion of others