Finite State has hired Larry Pesce as its Product Security Research and Analysis Director. Pesce will serve as a senior consultant, providing expert guidance and services to product security teams worldwide, including product security program design and development, product red-teaming and penetration testing, software supply chain risk management, and vulnerability management.
Recent research from the Ponemon Institute indicates that six of every ten organizations find it increasingly difficult to quickly respond to new vulnerability disclosures that may impact their devices, a reality that becomes especially painful when zero-day vulnerabilities such as last month’s OpenSSL vulnerability surface.
“Sixty percent of IT and IT security practitioners report that their organizations lack the in-house expertise to stand up a strong security posture and 62% cite a lack of resources,” said Matt Wyckhouse, founder and CEO of Finite State, “I’m confident that, with Larry’s leadership and expertise, he will work closely with our customers to understand their needs, identify their product security gaps, and guide them toward solutions. As our Product Security Research and Analysis Director, Larry will act as an internal voice of our customers to help our product, engineering, R&D, and sales teams develop and deliver the solutions that our customers need right now.”
Pesce has held senior security and research positions at leading cybersecurity and IT services and consulting firms including InGuardians, and NWN Corporation. Earlier in his career, Pesce oversaw IS security at Care New England, a Rhode Island-based healthcare provider. An established cybersecurity thought leader, Pesce serves as a principal instructor and course author at the SANS Institute and has co-hosted the popular Paul’s Security Weekly podcast for more than 15 years.
“Embedded device security has been a passion of mine since the early 2000s. So long ago that it was well before the dawn of what we now refer to as IoT,” said Pesce. “I’m excited to bring my expertise to Finite State to help our customers utilize effective SBOMs, provide actionable results to issues [vulnerabilities], and affect the security of the IoT software supply chain in a positive manner.”
Pesce holds several GIAC certifications, including the Global Industrial Cyber Security Professional (GICSP), the GIAC Certified Incident Handler (GCIH), and the GIAC Assessing and Auditing Wireless Networks (GAWN) credentials. Pesce earned his B.S. in Computer Information Systems from Roger Williams University.