Stephen Cravey
Stephen Cravey is a seasoned IT Security Leader with a MScf in Information Security and a CISSP certification. His career in cybersecurity started in 1995 with a unique request to the NSA for educational materials, setting the stage for a diverse and impactful professional journey.
Currently, Stephen plays a key role at a leading consulting firm, where he helps organizations navigate complex cybersecurity, governance, and espionage challenges, including ISO 27001 and NIST 800-53 focused compliance remediation initiatives. His technical expertise covers a broad spectrum, from detailed system architecture to foundational electronic principles, always with an eye on practical application and human factor root cause issues.
His research has explored practical integration techniques for emerging technologies, reinforcing his ability to blend advanced concepts with real-world solutions. Stephen is particularly skilled at identifying risks and leading strategic initiatives that enhance security processes and implement robust technical solutions in dynamic settings.
Known for his ability to connect with both technical teams and executive leaders, Stephen effectively aligns technological strategies with business goals, helping organizations enhance their security posture for today's demanding environments.
Session
Ever wondered how your smart toothbrush or connected garden rock stays secure in our digital world? As the Internet of Things (IoT) brings connectivity to everyday objects—from cars to clothing—it's more important than ever to keep these devices safe from cyber threats. But here's the challenge: many IoT gadgets run on tiny chips called Systems on Chip (SoCs) that don't have the power of full-sized computers, making them uniquely vulnerable.
In this presentation, I'll guide you through the fascinating world of hardware/software binding—a key technique that ensures only authorized software runs on specific hardware. We'll explore how this practice helps protect IoT devices by linking software tightly to the hardware it runs on, preventing unauthorized code from sneaking in.
We'll look at different SoCs used in IoT devices, discuss SoC architecture, review the security methods provided (or not) by manufacturers, and dive into some cool techniques from research and industry. Don't worry if you're new to this—I'll break down the jargon and share practical insights from my own experiences in software development and security.
Plus, I'll introduce a handy questionnaire you can use when choosing SoCs for new products, helping you evaluate their security features with confidence. Whether you're just starting out in cybersecurity or simply curious about how to keep our connected world safe, this talk will give you the understanding and tools to make a real difference.