
126: Shifting Left: Why Secure Software Starts at the Design Stage
From (CS)²AI Podcast Show: Control System Cyber Security by Derek Harp
February 4, 2025 · 35 min · Episode 126
About this episode
The episode discusses the importance of integrating security into software design for industrial control systems with expert Mehdi Tarrit Mirakhorli.
In this episode of the (CS)²AI Podcast, host Derek Harp welcomes Mehdi Tarrit Mirakhorli , Associate Professor at the University of Hawaii and a Cybersecurity Expert , to discuss Secure by Design—a fundamental shift in how we develop and deploy software in industrial control systems (ICS) and operational technology (OT). With over 15 years of R&D experience for DARPA, the Air Force, and DHS, Mehdi shares why modern software is inherently vulnerable and how we can learn from aviation, medical, and safety-critical industries to build resilient systems from the ground up. The conversation dives deep into the risks of insecure by design software, the challenges of implementing true security practices, and the role of government policies in shifting liability from users to vendors. Mehdi explains the importance of threat modeling, attack surface analysis, and secure architecture frameworks to mitigate cyber threats before they arise. He also highlights how software development must evolve beyond rapid deployment cycles to integrate security as a core design principle. If you’re an ICS professional, cybersecurity engineer, or software developer, this episode provides actionable…
People in this episode
Host: Derek Harp
Guest: Mehdi Tarrit Mirakhorli
Topics covered
- Secure by Design
- software development
- cybersecurity
- industrial control systems
- operational technology
- threat modeling
- security architecture
Keywords
- cybersecurity
- software vulnerabilities
- secure architecture
- threat modeling
- ICS
- OT
- proactive security
Mentioned in this episode
Organizations: University of Hawaii, DARPA, Air Force, DHS
More episodes of (CS)²AI Podcast Show: Control System Cyber Security
- 132: Solving Problems at Scale: Kenny Mesker on OT Cybersecurity Strategy, Risk, and Leadership · June 2, 2026 · 46 min
- 131: OT Monitoring & SOC and Incident Response — Lessons from the Field with Cambios Academy · February 4, 2026 · 43 min
- 130: S4’s “Connect” Theme Explained — Dale Peterson on OT Security’s Hyper-Connected Future · January 14, 2026 · 31 min
- 129: Why OT Cybersecurity Isn't a One-Tool Problem: Insights to be discussed at Level Zero · March 27, 2025 · 15 min
- 128: From the Pentagon to Public Safety: Lucian Niemeyer’s Mission to Secure OT · February 18, 2025 · 28 min
- 127: Unlocking the Power of Asset Inventory in OT Cybersecurity with Roya Gordon · February 11, 2025 · 24 min
Explore listener stats, chart rankings, contacts and more on the (CS)²AI Podcast Show: Control System Cyber Security podcast page.