ioXt Intelligence: A Q&A with Jameson Hyde, Technical Director of Hardware and Embedded Systems at NCC Group
ioXt Intelligence: A Q&A with Jameson Hyde, Technical Director of Hardware and Embedded Systems at NCC Group
By: Grace Burkard, director of operations at ioXt Alliance
Our new Q&A blog series, ioXt Intelligence, features interviews about current IoT security topics and the future of IoT security with thought leaders and influencers across the IoT industry.
In this edition, we’re featuring Jameson Hyde, Technical Director of Hardware and Embedded Systems at NCC Group. NCC Group is a member of the ioXt Authorized Labs and one of the world's leading cyber security service providers helping businesses identify, assess, mitigate and respond to the cyber security risks they face.
1) Can you tell us more about NCC Group? What services and solutions do you provide?
NCC Group is a global expert in cyber security and risk mitigation operating across multiple sectors, geographies and technologies. We assess, develop and manage cyber threats across our increasingly connected society. We are a worldwide team of over 2,400 experts providing end-to-end strong security solutions to our partners from governments, technology giants, financial institutions and expanding businesses.
We know that the risks associated with organizations, products, and users are dependent on what needs to be protected. We help our clients achieve an optimal level of security based on their individual circumstances. With respect to IoT, that applies to all aspects of a product, be it cloud services, mobile applications, and of course embedded devices. NCC Group can engage at all stages of product development including architecture and design, component selection, supply chain, manufacturing, and of course implementation review services whether white-box, black-box, or something in between, all tailored to the security needs of our clients. Beyond technical delivery, we seek to help navigate the impact of time, cost, and stress to our clients to arrive at actionable, meaningful, and context-aware guidance.
2) Why did you join ioXt Alliance?
NCC Group joined ioXt Alliance because we recognized the need for a global standard and have a shared goal to build a safer IoT world. Additionally, we’ve had several clients asking for a publicly approachable methodology for baseline security assessments. Our considerable experience in developing practical security requirements for complex embedded systems was a natural fit with the alliance’s goals of creating generalized assessment profiles for various device classes.
3) What type of impact do you see NCC Group making in the realm of cybersecurity in the future?
The impact is three-pronged: Raise the bar for security, enable clients to address critical threats, and guide clients as they grow in their security maturity. The priority we place on research, training, and community involvement seeks to raise the bar in an ever-changing security landscape. Simultaneously, our broad range of service offerings and partnerships with our clients allow us to focus on the most critical threats uniquely applicable to a given client and its users. Finally, where applicable, our post-sales support and ongoing client relationships allow us to minimize the impact of incidents, apply guidance to future products, and keep the bar high long after a particular product has shipped.
4) What’s the most important development happening in the IoT/cybersecurity industry and what does that mean for IoT devices and/or consumers?
It's difficult to identify a single development. The growing security awareness and expectations among users, and increased legislated minimum requirements — especially those related to physical security, user privacy, and software maintenance — benefit them significantly. There's of course the implicit assurance that those expectations are met, but intangibly, it also pushes OEMs to have the security conversation earlier in the project, encouraging a secure-by-design product.
Conversely, there is the sheer growth of internet-connected devices with respect to the growing number of devices, expansion into various commercial, industrial, and medical spaces, and the increased complexity of use cases and threat models. With this comes both increased risk and need for security requirements that meet the needs of the user.
To capture a bit of that complexity, we write about some of the important subtleties here.
5) What inspires you most in the work that you do?
User-focused security underlies all our efforts. Specifically, we hold paramount the value of the user being aware of how a product is managing their sensitive data and assets, and giving them the agency to control that with sensible defaults to protect both themselves and the infrastructure that they're using. This has seen a great deal of recent attention and will continue to be important with the growth of internet-connected products. As those connections and assets continue to change and enter new industries, so too does the threat landscape and the accompanying security expectations.