RoguePacket
RootRouge
In 2017, hackers breached a casino’s network by pivoting through their internet connected fish tank sensor, stealing the customer's sensitive data. This multi-million dollar breach exposed core IoT pitfalls such as default credentials, flat networks that allow lateral movement, and insecure supply chains. This is the reality of unvetted IoT integrations, a single device can open up additional attack surfaces and become your weakest link. Yet enterprises keep deploying third-party IoT gear for efficiency often without thorough security reviews. In this talk, we’ll map the attack tree and uncover risks from hardware tampering, insecure protocols, cloud/API flaws, and supply-chain attacks. Then we’ll share a four phase shift-left process to bake in security from day one (1) Scope & threat modeling, (2) Vendor audits, (3) Device attestation, (4) Secure integration, so defenses align with attack vectors, turning ‘plug-and-play’ into ‘plug-and-prove.’
RoguePacket
Application and Product Security
I'm an experienced Security Engineer with a demonstrated history of working in the software and infrastructure security industry. Expertise includes designing and developing secure applications, browser security, IoT security, cryptography, penetration testing, cloud and infrastructure security, and implementing secure software development lifecycle.
RootRouge
Pentester, Security Enthusiast
I have 8 years of experience as a cybersecurity professional. I worked as a pentester and application security engineer. I hold certifications as GIAC Cloud Penetration Tester (GCPN) and Offensive Security Certified Professional (OSCP). My primary areas of interest are penetration testing, threat modeling, and product/application security.