RSAC Season Is Here. Your Certificates Expired Last Month скачать в хорошем качестве

RSAC Season Is Here. Your Certificates Expired Last Month

RSAC is coming, and I'll be there — so expect more conversations like this one dropping in the weeks ahead. But here's the thing: the most important security story this season isn't happening on the conference floor. It's already inside your network, running on devices most organizations barely think about. In this episode, I sit down with OmniTrust co-founders David Sequino and Bill Lattin to unpack what "trust" actually means when CPUs are embedded in everything: cars, medical devices, industrial controllers, payment terminals, routers, and the AI agents that are increasingly making decisions in the physical world, not just on a screen. We build the conversation from the ground up — starting at the silicon root of trust, then working through secure boot, operating systems, applications, and the network infrastructure that ties it all together. And we get specific about where organizations actually fail. Expired certificates on a switch that drop a VPN tunnel. Static credentials that never rotate. "Fix it later" thinking that simply does not survive contact with embedded and IoT environments. These aren't edge cases; they're common, and they're preventable. We also draw a line between certificate lifecycle management and identity lifecycle management — and make the case that passwords, secrets, cryptographic keys, and certificates cannot be managed in silos. They're one lifecycle. Treat them as separate problems and you'll have separate failures. The back half of the conversation puts AI under pressure. It can help defenders move faster, analyze more, and surface what matters. But it also hands attackers new tools: prompt injection, automated attack chains, and "vibe coding" that generates plausible-looking cryptographic implementations that don't actually hold up. Nuance matters in cryptography. Vibes do not. We close with what CISOs should be measuring right now: PKI posture, SBOM paired with a cryptographic bill of materials, and a credible roadmap toward post-quantum cryptography. Regulation like the EU Cyber Resiliency Act and DORA is raising the bar, and "we're working on it" isn't a compliance posture. Subscribe for more RSAC-ready conversations, share this with your security team, and leave a review if it was useful. And tell me: what's the weakest link in your chain of trust today?