At Torc, safeguarding safety-critical systems from evolving cybersecurity threats isn’t just a priority—it’s a core
mission.
At the helm of this mission is Michael Maass, the Director of Product Cybersecurity and Principal Product
Cybersecurity Architect, whose career reflects a deep dedication to building secure technologies, strong teams,
and forward-thinking strategy.
A Career Rooted in Cybersecurity Excellence
Michael brings over 20 years of cybersecurity experience to the table—17 of those spent specifically on
securing companies, products, and safety-critical systems. His background bridges the technical and strategic:
from writing low-level software in x86 assembly, C/C++, and Java, to leading cross-functional security teams
and developing ways to build security into products.
Throughout his career, Michael has helped companies adopt cutting-edge practices that meet both technical and
compliance requirements. His passion lies in one of the most complex and important areas of modern
technology: developing secure, safety-critical cyber-physical systems that can stand up to real-world threats
and regulatory scrutiny.
Building Secure Teams and Culture
Michael’s leadership extends beyond technology. He’s spent years building and nurturing top-tier cybersecurity
teams in the automotive space, ensuring they not only have deep technical skills but also understand the
broader impact of their work. His ability to communicate with executives, regulators, and external stakeholders
makes him a rare bridge between engineering and compliance—a necessity in today’s high-stakes
cybersecurity environment.
Leading Cybersecurity at Torc Robotics
At Torc, Michael wears two hats: he acts as both Principal Product Cybersecurity Architect and the Director of
Product Cybersecurity. In these roles, he leads efforts to embed cybersecurity into every stage of product
development for autonomous vehicles—systems that must operate safely and securely in the unpredictable real
world.
His leadership ensures that cybersecurity is an integral part of a product’s full lifecycle, ranging from inception
to product retirement.
Penetration Testing: Red Teaming for the Right Reasons
One of the key tools in Michael’s cybersecurity arsenal is penetration testing—a technique that simulates real-
world attacks in order to find and fix vulnerabilities before bad actors can find and exploit them.
“Penetration testing is essentially where someone with hacking skills applies those skills to a particular target,
with the goal of efficiently finding vulnerabilities and identifying hardening opportunities,” Michael explains.
Penetration testing is a process within the A Versatile Cybersecurity Development Lifecycle (AVCDL), an open
source document set crafted by Charles Wilson, Cybersecurity Architect at Torc, Michael, and cybersecurity
engineers at Torc and other companies, for use by the autonomous vehicle industry and any other creating
safety-critical cyber physical systems. This structured lifecycle ensures that every aspect of the product, from
hardware to software, is rigorously vetted for cybersecurity risks and those risks are addressed.
Penetration testing is just one part of a broader cybersecurity strategy. While penetration testing is often
spotlighted because it’s exciting and accessible, it’s important to note that a secure cybersecurity platform
includes a comprehensive set of practices. Many of these, while equally critical, are less known unless you’re
deeply immersed in the domain.
Still, penetration testing stands out as an illustrative example of how Torc’s structured lifecycle ensures that
every aspect of an autonomous vehicle product—from hardware to software—is rigorously vetted for
cybersecurity risks.
Inside the Penetration Testing Process
As Michael says, no two penetration tests are the same, but most follow six general steps:
- Pre-Engagement: Define the target, set objectives, and establish boundaries.
- Reconnaissance: Gather data on the system using both passive and active techniques.
- Threat Simulation: Emulate the tactics of real-world threat actors.
- Exploitation: Attempt to breach the system, identifying weak points.
- Analysis: Assess findings and potential business impact.
- Reporting & Recommendations: Share results and collaborate on mitigation strategies.
In a real-world example of a penetration test on a lidar system, Michael shared that safety and security go
hand-in-hand. Both components must work together to ensure the strength of a system. During this particular
lidar test, Michael pointed out that analog attacks, while harmful, aren’t necessarily as impactful as system-level
exploits.
Michael’s Vision for Secure Autonomy
Michael’s ultimate goal is to create technology that’s secure, reliable, and compliant—all while enabling
innovation. His work ensures that Torc’s systems are ready not just for today’s challenges, but that the larger
autonomous vehicle industry is ready to face tomorrow.
As Michael says, a rising tide lifts all boats. At Torc, that philosophy is core to how cybersecurity is
approached—not just as a competitive advantage, but as a shared responsibility across the industry. That’s why
Torc is pushing forward with tools like the AVCDL. By making this framework visible and accessible, Torc aims to
help everyone build safer, more secure, and more compliant products.
“I’m passionate about developing secure, safety-critical systems that balance innovation with acceptable
liability and compliance,” he says. In an industry where trust is everything, that mission is more vital than ever.
With decades of experience and a passion for securing the future of mobility, Michael Maass is helping to
shape the next generation of cybersecurity in autonomous vehicles. Through strategic leadership, technical
expertise, and a commitment to continual improvement, he’s ensuring that Torc stays ahead of the curve—
keeping systems safe, secure, and ready for the road ahead.