As we are building our Training Academy, a program of courses specifically aimed at sharing embedded systems security intelligence, we understand a vendor dilemma: security is a priority, but, hey, no one needs a secure product if it’s twelve months late to the market. Software vulnerabilities are more common and frequently exploited while hardware vulnerabilities frequently lead to a full compromise of a device. Quite often a costly revision of a board is required to address them.
What is the solution then? For each project the combination of engineering and business challenges is unique. Security expertise applied at every step of development, from design to final approval is recommended. But in the end the quality of a product relies on the skills and talent of the development team. The first step towards robust security is thus empowering your product teams with practical security intelligence.
Years of long-term security evaluation relationships with our customers prove that knowledge of attack methods by development teams improves security. Being experts on the hardware and the software that defines embedded system security, we are ready to share this knowledge. This is the idea behind our Embedded Systems Security Training.
The Embedded Systems Security course
The Embedded Systems Security training offers a practical introduction to security for embedded system developers. To lay the foundations for understanding embedded systems security, we use a three-step approach.
First, you get a solid, technical grasp of the typical components present on an embedded system and the functioning of an embedded system.
Next, we look at an embedded system from the perspective on an attacker who aims to compromise the assets. You learn how to identify relevant assets, determine the most likely attack paths and refine this attack path, by discovering tooling available to an attacker.
Finally, we discuss defense which is the most sophisticated and complex view of an embedded system. Creating a defense strategy requires not only to understand how a system works or how an attacker would compromise an asset but also to have the ability to prioritize defense according to risk, time, cost, surface, etc. As a result, participants understand the defense mechanisms that can be immediately applied to their own projects.
The upcoming Embedded Systems Security training is scheduled for September 2017, and we still have a few seats available. Click here to learn more about this training and sign up. Visit the Training Academy website to learn more about our overall academic offer.