I’m very pleased to announce Reid Wightman is returning to Digital Bond after a couple of years at IOActive.
Reid will be leading a new division, Digital Bond Labs. He will write soon on what Labs is and what it will do, but let me talk about the reason we formed Labs.
The most popular service in our Consulting division is asset owner assessments. Here we look at the ICS in terms of good security practices and known vulnerabilities, and we provide prioritized recommendations based on efficient risk reduction. We will do some fuzzing, random data and smart, on interesting ICS ports and protocols, but in general we are not hunting for new vulnerabilities for most clients. I don’t believe that asset owners should pay for finding new vulns in vendor products, and getting the vendor to fix latent vulnerabilities would rarely rate high on the prioritized list for most asset owners.
Increasingly we are being asked by vendors to test and assess their products as part of their security development lifecycle prior to release. This is a very different skill set of firmware and hardware analysis as well as developing semi-custom tools for each assessment. Quite frankly, Reid was the best we have ever had at doing this type of work. So it is great to have him back to do this work.
But we wanted more than just to add back his talents. We wanted to develop a team of talent in this area to collaborate and learn from each other. Even in this narrow field that are areas of expertise, background and skills. We also wanted this team to be able to focus on this type of security work, rather than find the low hanging fruit in ICS installations (weak security perimeters, no endpoint security, default credentials, …).
So we were able to entice Reid to come back to form Digital Bond Labs … and he is hiring.