IoT & Embedded Security Assessments and Training

IoT & Embedded Security: Little Things. Big Things. Big Threats.

Little & Big Things. Massive Threats.

On top of the usual threats to IT networks,applications, and cloud services, IoTdevices create an expanded, distributed attack surface.

To stayahead of threats, our IoT Center of Excellenceconducts ongoing research on chipsets, Real-Time OSs(RTOS), and deployment platforms for all connected“things” – from medical devices to robotics andconsumer electronics.

We use this expertise to help clients like Honeywell,Qualcomm, Citgo, and Motorola reduce risk through security-focused design, testing, and training.

Full Stack Security Analysis

Full Stack Security Analysis

At the physical, communications, and software layer

These methodical assessments help determine if attackers can bypassauthentication controls, program devices, or tamper with data.

  • Review architecture and create threat models
  • Attack the physical device and extract firmware
  • Exploit mobile applications in use
  • Find weak or unprotected Web APIs
  • Assess attack surface and cloud infrastructure/services

IoT Training

IoT Security Training

for Builders, Operators and Defenders

Our progressive training covers the full spectrum of IoTsoftware assurance, from security design best practices todefensive coding and protecting infrastructure. We also have coverage for related technologies like Blockchain, Mobile, API, and the Cloud.

Fix your Skill, Technology and Process Gaps!

Unrivaled IoT Expertise

Our strong crypto, embedded, communication protocol,and software analysis skills are put tothe test on set-top boxes, personalentertainment devices, andtransactional kiosks.

We’ve conducted assessments for avariety of IoT systems, including:

  • Tablet that interfaces with a power grid
  • Sprinkler systems
  • Cloud-based printers
  • Point of Sale (PoS) and  breathalyzers devices
  • PLC and mobile phone firmware drivers
  • Thales Hardware Security Module(HSM)
  • Information kiosks
  • Wireless interfaces and OBD port for a connected motorcycle platform

Geoff Vaughan, Principal Security Engineer

IoT Center of Excellence (CoE) Lead

Geoff Vaughan

Security Engineer Manager

Geoff is an Application & IT Security expert helping companies secure software and devices throughout all stages of development. He specializes in finding exploitable vulnerabilities in software applications as well as reverse engineering binaries to locate vulnerable code.