Securing the Future: A Q&A with Cybersecurity Sales Executive Dave Thomas

We’re excited to welcome Dave Thomas, former Finite State sales leader to our team! With extensive experience across IT, operational technology (OT), and medical cybersecurity, Dave has a unique perspective on what CISOs look for in a security product. In this special Q&A, Dvir Reznik, our VP of Marketing, sat down with Dave to hear his insights on the future of cyber in 2025, what’s next for medical and OT security, and his journey in the industry.

Q1: Dave, can you share your background and what led you to cybersecurity?

I’ve been working in cybersecurity for over 20 years, with a focus on securing critical infrastructure, medical devices, and industrial environments. My journey started in 2004 when I saw firsthand how security gaps in critical systems could have real-world consequences. That realization drove me to specialize in cybersecurity, particularly in sectors where lives and essential services depend on strong protections.

Q2: You’ve worked across multiple industries, including medical, transportation, IIoT, and OT security. What makes these sectors particularly challenging from a cybersecurity perspective?

Medical and OT environments are unique because they prioritize safety and operational continuity over everything else. In a hospital, for example, you can’t just shut down a critical device to apply a security patch if it’s keeping someone alive. Similarly, in OT environments like manufacturing or energy, downtime can cost millions and impact supply chains. These constraints mean we have to rethink traditional IT security approaches – introducing segmentation, real-time monitoring, and compensating controls instead of relying solely on patching and updates.

Q3: As we head into 2025, what are the biggest cybersecurity trends you see emerging in medical and OT security?

There are a few key trends shaping the future:

1. The rise of AI-driven attacks and defenses – Attackers are using AI to automate threats, but defenders are also leveraging AI for anomaly detection and response.

2. Regulatory pressure and compliance enforcement – New regulations, such as Cyber Resilience Act (CRA), the Department of Commerce’s Ban on Chinese and Russian software, UN R155, HIPAA and others, will force organizations to strengthen their cybersecurity postures.

3. Increased focus on supply chain security – With more interconnected devices and software dependencies, supply chain attacks will remain a top concern (the ban on Chinese software is specifically addressed to Software Supply Chain Security).

4. Zero Trust adoption in OT and medical environments – Traditional perimeter security is no longer enough, and organizations are moving toward identity-based and micro-segmented approaches.

Q4: What cybersecurity risks do you think are still being underestimated?

I think legacy systems and third-party risks remain underappreciated. Many OT and medical environments are running outdated systems that are difficult to secure, and organizations often don’t have full visibility into the risks posed by third-party vendors. Additionally, insider threats – whether malicious or accidental, are often overlooked, even though they can cause significant damage.

Q5: You recently made a career move, ‘jumping ship’ to join us. What motivated your decision to join?

I wanted to be at the forefront of tackling cybersecurity challenges in the medical devices, IIoT, and Automotive industries. The opportunity to work with a team that’s driving real product security innovation was a big factor. Given the increasing regulatory and security pressures in OT and medical cybersecurity, I saw a chance to make a real impact.

Q6: If you could give one piece of advice to security leaders in medical and OT environments, what would it be?

Focus on visibility and resilience. You can’t protect what you can’t see, so having real-time insights into your assets, vulnerabilities, and threats is critical. At the same time, security shouldn’t come at the cost of operational uptime. Building resilience through segmentation, backups, and rapid incident response is just as important as prevention.

Q7: What excites you the most about cybersecurity this year?

The speed at which the industry is evolving. While attackers are becoming more sophisticated, defenders are getting smarter too – leveraging AI, automation, and proactive threat intelligence. It’s an arms race, but I believe we’re starting to gain the upper hand, especially with stronger collaboration between industries and governments.

Q8: Finally, any book or podcast recommendations?

I always recommend “Software Supply Chain Security” by Cassie Crosslie, The Cybersecurity Forum Initiative (CSFI), SANS Institute, and the numerous industry-specific cybersecurity conferences they are a great place to have peer-to-peer discussions and keep on top of the overall landscape.

Dave will be at S4x25 ICS and OT Security next week in Tampa, Florida, February 11-13. To connect with Dave at the Summit fill out the form.

Careers Form

Office Administrator

More articles that might interest you:

Navigating Software Security: A Maturity Model for Balancing Development and Business Priorities

Orcanos and C2A Security – Balancing Supply Chain Security with Time to Market in the Healthcare Industry

Shaping Risk Management in the Medical Device Industry – A Primer on ISO 14971:2019

Follow Us