Diana Kelley is Executive Security Advisor to IBM Security and manages the IBM Security Newsroom. As ESA she leverages her 25+ years of cyber risk and security experience to provide advice and guidance to CISOs and security professionals. She is a regular contributor to SecurityIntelligence, X-Force Research and a co-author of IBM’s “Securing the C-Suite” study. She is a faculty member with IANS Research and serves on the Advisory Board for InfoSec World, Structure Security and the Content Committee for the Executive Women’s Forum. She was an IEEE “Rock Star of Risk” in 2016 and speaks frequently at major conferences including: TED, RSA, CyberTech, CompuTex, and InfoSec World and has been quoted as a cybersecurity expert in many publications including: NYTimes, TIME, MSNBC.com, Information Security Magazine and The Wall Street Journal. She co-authored the book Cryptographic Libraries for Developers, and wrote the chapter on “PKI and Directories” for the PKI: Wiley Tech Brief and is a confirmed guest lecturer for Boston College’s Master of Science in Cybersecurity program.
There’s no shortage of scary headlines bold facing about how scary IoT risks can be. But there’s nothing like walking through a real-world example to drive home not only the risks but also the very real fact that secure design and proper planning can be the difference between disaster and deflecting. In this talk we’ll first take attendees through a tour of an actual ethical pen-test where X-Force researchers were able to penetrate a central Building Automation Server and we provide steps along the path that could have been taken to prevent the test from succeeding. Next we’ll cover a model for IoT and talk about how to get started with a threat modeling mindset when designing and implementing IoT solutions. Finally we’ll take a look forward at how new technologies like blockchain may be able to help us make our IoT based supply chain more resistant to attack and exploit.