OT: Segmented Today, Breached Tomorrow – HD Moore – RSAC26 #2

This episode is sponsored by
Full Segment Notes
Key Moments
  • 0:00 - – RSAC 2026 Interview with runZero CEO HD Moore
  • 0:37 - – What runZero Does: Agentless Asset Discovery Explained
  • 01:08 - – Continuous Asset Inventory & Why Delta Changes Matter
  • 01:29 - – Finding Security Gaps (Missing EDR, Vulnerability Coverage)
  • 02:06 - – OT Security vs IT: Why Infrastructure is Changing
  • 03:15 - – Network Segmentation Risks in OT & ICS Environments
  • 03:48 - – Detecting Hidden Network Bridges & Multi-Homed Devices
  • 04:59 - – Why Shadow IT is the Biggest Security Weakness
  • 06:46 - – Asset Inventory Challenges & Agent-Based Limitations
  • 07:41 - – Device Fingerprinting vs Traditional Vulnerability Scanning
  • 07:50 - – Safe, Low-Impact Network Discovery Techniques
  • 08:30 - – New Features: Attack Graphs & Network Topology Mapping
  • 09:18 - – Discovering Hidden OT Devices via Serial & Backplane Access
  • 10:13 - – Critical Infrastructure Risks: HVAC, Fire, and Safety Systems
  • 11:23 - – Visualizing Attack Paths & Lateral Movement Risks
  • 12:08 - – Hidden Network Interfaces & Unexpected Attack Surfaces
  • 13:16 - – Identifying Unknown Internet Entry Points & Exposures
  • 13:52 - – External Attack Surface Mapping from Internal Data
  • 14:41 - – Why Asset Inventory (CIS Control 1) Still Fails
  • 15:01 - – Context Matters: Understanding What Devices Actually Are
Guest
CEO and Founder at runZero

HD Moore is a pioneer of the cybersecurity industry who has dedicated his career to vulnerability research, network discovery, and software development since the 1990s. He is most recognized for creating Metasploit and is a passionate advocate for open-source software and vulnerability disclosure.

HD serves as the CEO and founder of runZero, which provides a single source of truth for exposure management across your total attack surface. Delivering in-depth visibility into every asset and exposure, runZero helps you mitigate risks faster, meet compliance requirements, and ensure you continuously discover critical insights that others miss — including unknown and unmanageable devices and elusive exposures that evade traditional tools.

Prior to founding runZero, HD held leadership positions at Atredis Partners, Rapid7, and BreakingPoint. HD has also been a frequent speaker at industry events such as Black Hat and DEF CON. HD’s professional journey began with exploring telephone networks, developing exploits for the Department of Defense, and hacking into financial institution networks.

Stay in the Know, No Smoke and Mirrors – Join Our Newsletter

You can skip this ad in 5 seconds