Protecting the integrity of the code inside products is a critical task today, when cybersecurity breaches represent such a significant threat to safety, profits and reputation across many industries, as well as public and non-profit sectors. Market forces are driving industries to pay more attention to the software running critical operations and beyond.
With news of supply-chain attacks becoming more common, it’s up to a specific group of practitioners to look after the security of code inside everything from the components of the power grid to that Wi-Fi nanny-cam in the nursery. That person is the product security executives (PSE), a role taking on more of the responsibility of addressing the risks posed by these attacks.
The skill set of the PSE combines engineering, cybersecurity, threat modeling, secure coding and risk management, among other disciplines. Unlike chief security officers (CSOs) or chief information security officers (CISOs), there is no established educational or career track for PSEs yet. That’s why we believe it is time to establish the PSE as its own category of security officer and give these professionals the recognition they deserve. Whether or not the title exists, we need to recognize the men and women on the front lines of this new discipline, honor their accomplishments and share their best practices with the industry.
A new annual competition aims to recognize these professionals who have delivered advancements in security for embedded or commercial software products. The Product Security Executive (PSE) of the year awards will be announced at the ISE West Summit and Awards event on 15 November 2022 in Dallas, Texas. The competition has been established by GrammaTech in partnership with T.E.N., founder of the Information Security Executive (ISE) of the year awards.
For the purposes of these awards, PSEs are defined as professionals primarily responsible for implementing and managing cybersecurity programs at all stages of the product lifecycle—overseeing software, firmware or products with embedded connectivity. These individuals are responsible for secure product design, risk and vulnerability management, incident response and standards and regulatory compliance.
Highlighting the significance of these awards, Edna Conway, VP, security, risk & compliance, for cloud infrastructure at Microsoft, and former CISO of Cisco, said, “In a world of increasingly autonomous products, from cars to appliances to robots, software has become the linchpin for maintaining the quality, security and safety of many devices. The role of Product Security Executive follows a similar trajectory we experienced when CISOs emerged from the IT-do-it-all position of CIO. With so much liability riding on the reliability of software used in both digital and physical products, this role is extremely under-recognized.”
The awards aim to encourage recognition of PSEs and enable the sharing of information and best practices, since PSEs are critical to the safe growth of the digital economy, especially as more processes are automated and digitalized. As Marci McCarthy, CEO and president of T.E.N., noted, devices in the internet of things now number in the billions and every device is at risk for cyberattacks. Bad guys are taking advantage of every opportunity to exploit product security vulnerabilities, so demand for product security has exploded among industries far afield from technology and software—everywhere from healthcare to automotive manufacturing.
The judges’ panel has been made up of experts with years of experience in the sector:
- Edna Conway, vice president, security & risk officer, cloud infrastructure at Microsoft, and a member of the executive committee of the U.S. Department of Homeland Security Task Force on ICT supply chain risk management.
- Malcolm Harkins, chief security & trust officer with Epiphany Systems, and the first CISO at Intel Corporation.
- Troy Rydman, senior practice leader- global strategic accounts, security, risk, & compliance for Amazon Web Services (AWS) and former cybersecurity executive with Silicon Valley Bank.
The nominations criteria being set by the awards committee are open to U.S.-based executives primarily responsible for product security with management and oversight, including executives with director, VP and CPSO titles. Nominees should be able to provide some metrics to demonstrate positive developments. The deadline for award nominations is 10 October 2022; there is no cost to enter. Winners will be announced on on embedded.com as the media partner for this event, and at the ISE West Summit and Awards event in Dallas, Texas.
As we evolve into an increasingly connected world, product security will be a growing concern. This new award competition is a way to recognize and raise awareness for the men and women who are leading the way forward in building security into the cyber-physical products we rely on every day.
Andrew Meyer is chief marketing officer for GrammaTech. Previously, Andrew led numerous software companies as CEO following an extensive career in B2B marketing at Websense, Financial Fitness Group, MSC Software, and Worksoft.
- Secure coding skills are vital to address embedded software security
- How software agents boost security and safety in Industry 4.0
- Top three tips for ensuring software supply chain security
- Software testing is crucial for embedded system safety and security