All Our Devices and Privacy on the Web – Deepika Gajaria, Scott Scheferman – ESW #234

Against the ubiquitous backdrop of Zero Trust initiatives, we have all come to accept the motto of “Verify, then trust”. Yet, here we are building an entire stack of Zero Trust enabled technologies, upon a broken implicit-trust foundation. Nowhere is this risk more apparent, than at the device and firmware level. Indeed this is why both nation-state and criminal actors have converged upon a strategy that combines supply chain attack dynamics, with readily exploitable devices. This allows them to impart maximum impact against victim organizations, and even those victim’s downstream partners and customers. In order to address this evolving threat, organizations must take back security control of their devices, and stop trusting the fox that has quite frankly, become the hen house.

This segment is sponsored by Eclypsuim.

Visit to learn more about them!

Data privacy and Web security teams are converging across enterprises and we are seeing more Privacy use cases like cookie banner consent and limiting data sharing (vendors like Facebook, Google etc. are capturing sensitive user data, accessing cameras, microphones, geolocation etc.) via security policies, under the security teams purview.

At Tala we offer a Privacy scan that gives enterprises a full view of which vendors have access to sensitive data and how this data is being shared. This in turn helps set the right security controls in place.

This segment is sponsored by Tala Security.

Visit to learn more about them! Visit for all the latest episodes!

Full Episode Show Notes

All Our Devices and Privacy on the Web


Deepika Gajaria

Deepika Gajaria – VP of Product at Tala Security

Deepika is responsible for product strategy and delivery at Tala. Working closely with our customers, she drives product direction and shapes the product roadmap to address their core needs.

Prior to Tala, Deepika was part of Cisco Jasper where she led the launch of IoT smart city applications. Her career in Product Management began at EMC, in the New Product Introduction team, working on key initiatives across the Storage and the Data Protection divisions.

Deepika has held diverse roles in her career: her first job out of school was in Research and Development of high voltage particle accelerator technology used in cancer therapy machines.

Scott Scheferman

Scott Scheferman – Principal Strategist at Eclypsium


Scott, aka “Shagghie” in the community, is a public speaker, thought leader and cyber strategist. With decades of cyber consulting in both Federal and Commercial domains, he brings strong opinions and insight into any topic covering cyber, privacy, AI/ML, or the intersections of these. Winner of the first defcon badge-hacking contest and a defcon music artist, he currently works to bring urgent awareness to the device and firmware attack surface now being readily exploited.


Matt Alderman

Matt Alderman – Executive Director at CyberRisk Alliance


Strategic Advisor at Automox, security consultant, and wizard of entrepreneurship.

Paul Asadoorian

Paul Asadoorian – Founder at Security Weekly


Paul Asadoorian is the founder of Security Weekly, which was acquired by CyberRisk Alliance. Paul spent time “in the trenches” implementing security programs for a lottery company and then a large university. Paul is offensive, having spent several years as a penetration tester. As Product Evangelist for Tenable Network Security, Paul built a library of materials on the topic of vulnerability management. When not hacking together embedded systems (or just plain hacking them) or coding silly projects in Python, Paul can be found researching his next set of headphones.