@BEERISAC: CPS/ICS Security Podcast Playlist

Follow @BEERISAC: CPS/ICS Security Podcast Playlist
Share on
Copy link to clipboard

A curated playlist of Cyber-Physical Systems and ICS Cyber Security related podcast episodes [any language] by ICS Security enthusiasts. Contact Anton Shipulin / @shipulin_anton on Twitter if something is missing.

Anton Shipulin / Listen Notes


    • Aug 10, 2025 LATEST EPISODE
    • daily NEW EPISODES
    • 37m AVG DURATION
    • 2,157 EPISODES


    Search for episodes from @BEERISAC: CPS/ICS Security Podcast Playlist with a specific topic:

    Latest episodes from @BEERISAC: CPS/ICS Security Podcast Playlist

    S1 E5: Incident Response in ICS/OT/SCADA

    Play Episode Listen Later Aug 10, 2025 24:50


    Podcast: Simply ICS CyberEpisode: S1 E5: Incident Response in ICS/OT/SCADAPub date: 2025-04-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationHow does Incident Response in ICS/OT/SCADA work? In this episode of Simply ICS Cyber, Don and Tom welcome Kai Thomsen, Director of Global Incident Response Services at Dragos.Join us as we answer the questions below and provide more insight into how IR works in OCS, OT, and SCADA:- Is DFIR the same on the OT side as the IT side?- What are some of the challenges the OT DFIR team faces?- In an organization, who is responsible for OT incident response?- What are table tops, how should you conduct them?- What are some table top exercises?- How do you get into OT DFIR?Discover the Dragos 2025 YIR Report: https://www.dragos.com/ot-cybersecurity-year-in-reviewConnect with Kai on LinkedIn: https://www.linkedin.com/in/kai-thomsen-a635b21b7Check out the Incident Response Table top resources below:- CISA Tabletop Exercise Packages (CTEPs)- CISA ICS Training- Dean Parson's ICS Incident Response Tabletops- Lenny Zeltser Cheat Sheets and Presentations- NERC's Grid Security Exercise (GridEx) - MITRE Cyber Exercise Playbook- Black Hills Information Security (BHIS) Backdoors and Breaches ICS/OT Deck- Center for Internet Security, Tabletop Exercises – Six Scenarios to Help Prepare Your Cybersecurity Team- Red Canary: Are You Using Tabletop Simulations to Improve Your Information Security Program?- Dragos: Preparing for Industrial Cyber Response Tookit- Dragos: Preparing for Incident Handling and Response in ICS- Dragos Tabletop Exercise- ICS4ICS Incident Command System for Industrial Control Systems- European Network for Cyber Security (ENCS) Red Team – Blue Team TrainingJoin us every other Wednesday for Season 1 of the Simply ICS Cyber podcast, with your hosts, Don C. Weber and Tom VanNorman.Connect with your hosts on LinkedIn:- Don linkedin.com/in/cutaway- Tom linkedin.com/in/thomasvannorman=========================Simply Cyber empowers people who want a rewarding cybersecurity career=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/SocialsThe podcast and artwork embedded on this page are from Simply Cyber Media Group, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    S1 E4: What are the 5 ICS Cybersecurity Controls?

    Play Episode Listen Later Aug 9, 2025 20:23


    Podcast: Simply ICS CyberEpisode: S1 E4: What are the 5 ICS Cybersecurity Controls?Pub date: 2025-04-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Tom and Don host special guest Michael Hilken, Cyber Physical Engineer at Grimm. The trio review and discuss the Five ICS Cybersecurity Critical Controls. Links from this episode:- Michael Hilken: https://www.linkedin.com/in/michael-hilken/- SANS Whitepaper on the The Five ICS Cybersecurity Critical Controls: https://www.sans.org/white-papers/five-ics-cybersecurity-critical-controls/ - Dragos 2025 OT Cybersecurity Report - 8th Annual Year in Review: https://www.dragos.com/ot-cybersecurity-year-in-review/  Join us every other Wednesday for Season 1 of the Simply ICS Cyber podcast, with your hosts, Don C. Weber and Tom VanNorman.Connect with your hosts on LinkedIn:- Don https://www.linkedin.com/in/cutaway- Tom https://www.linkedin.com/in/thomasvannorman=========================Simply Cyber empowers people who want a rewarding cybersecurity career=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/Socials=========================The podcast and artwork embedded on this page are from Simply Cyber Media Group, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Noam Moshe on Hacking Video Surveillance

    Play Episode Listen Later Aug 9, 2025 27:50


    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Noam Moshe on Hacking Video SurveillancePub date: 2025-08-07Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationNoam Moshe, Research Director for Claroty Team82, joins the Nexus Podcast live at the Black Hat Briefings in Las Vegas to discuss research that was presented here on the security of a popular video surveillance platform manufactured by Axis Communications. Moshe describes how Team82 examined the proprietary protocol supporting Axis servers and clients (camera) and uncovered four vulnerabilities that could be chained to eventually gain pre-authentication remote-code execution. Moshe explains Team82's research process, the risks to users, and the successful disclosure process with Axis Communication that resulted in prompt patches available for the servers and camera platforms. Read Team82's research blog hereListen and subscribe to the Nexus PodcastThe podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    S1 E3: Critical Infrastructure vs. Everything Else

    Play Episode Listen Later Aug 9, 2025 22:07


    Podcast: Simply ICS CyberEpisode: S1 E3: Critical Infrastructure vs. Everything ElsePub date: 2025-03-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Simply ICS Cyber, Don and Tom interview Gus Serino, water sector expert and Owner at I&C Secure, Inc.Listen in as we will answer the following questions:- What is Critical Infrastructure?- What are other types of Industrial and Automation?- Is cybersecurity different between the two?Links from this episode:- Gus Serino LinkedIn: https://www.linkedin.com/in/gusserino/- Instrumentation & Control Secure, Inc.: https://www.iandcsecure.com/- S4Events - Water Sector Cyber Risk with Gus Serino: https://www.youtube.com/watch?v=ScigBpXIjggJoin us every other Wednesday for Season 1 of the Simply ICS Cyber podcast, with your hosts, Don C. Weber and Tom VanNorman.Connect with your hosts on LinkedIn:- Don https://www.linkedin.com/in/cutaway- Tom https://www.linkedin.com/in/thomasvannorman=========================Simply Cyber empowers people who want a rewarding cybersecurity career=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/Socials=========================The podcast and artwork embedded on this page are from Simply Cyber Media Group, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Shaya Feedman Ex Head of Information Security @Porsche Digital about cars functional safety & cyber

    Play Episode Listen Later Aug 9, 2025 41:54


    Podcast: ICS Cyber Talks PodcastEpisode: Shaya Feedman Ex Head of Information Security @Porsche Digital about cars functional safety & cyberPub date: 2025-08-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationכשאתם נכנסים לרכב שלכם כמה מחשבה אתם מקדישים לעובדה שאתם בתוך דאטה-סנטר עצום, איך מתמודדים בטיחותית וסייברית עם מפעל שיש בו עשרות רבות ולעיתים מאות מחשבים עם שתי רשתות תקשורת שלפחות אחת מוגדרת כקריטית וכול זה ממוזער ונדחס לרכב אחד אין ספק שבטיחות והגנת סייבר בתעשיית הרכב היא אחד האתגרים הקשיים שיש החל משלב התכנון, דרך שרשרת אספקה ועד הרכב עצמו. נחשון פינקו מארח את שייע פידמן עד לאחרונה מנהל מרכז הפיתוח והגנת הסייבר בפורשה דיגיטל בשיחה על הגנת סייבר בעולם ייצור הרכבים והרכבים עצמם. ועוד כמה מיידעים לגבי הרכבים שלכם שכנראה לא ידעתם When you get into your car, how much thought do you give to the fact that you are inside a huge data center, how do you deal with safety and cyber security with a factory that has dozens and sometimes hundreds of computers with two communication networks, at least one of which defined as critical, and all of this is minimized and compressed into one car? There is no doubt that safety and cybersecurity in the automotive industry are among the most difficult challenges, from the planning stage, through the supply chain, to the vehicle itself. Nachshon Pincu hosts Shaya Feedman, until recently the Head of Information Security at Porsche Digital, in a conversation about cybersecurity in the world of vehicle manufacturing and the vehicles themselves. And some more information about your cars that you probably didn't know  The podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    S1 E2: How to get started in ICS, OT and SCADA

    Play Episode Listen Later Aug 8, 2025 24:24


    Podcast: Simply ICS CyberEpisode: S1 E2: How to get started in ICS, OT and SCADAPub date: 2025-03-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn episode 2 of Simply ICS Cyber, we answer the following questions for those interested in starting a career in ICS (industrial control systems), OT (operational technology):- What is Capex vs Opex? And, why does it matter when getting a job?- What is the compensation versus actual pay?- What does the OT side consider as important skills?- How are the rising FTE and consultant wages affecting winning ICS/OT work? Links to learn more about ICS, OT, SCADA:- ICS Village: https://www.icsvillage.com - Contact ICS Village: https://www.icsvillage.com/contact-us - NICE Framework (Find OT in the Competency Areas): https://niccs.cisa.gov/workforce-development/nice-framework - SANS ICS NICE: https://www.sans.org/nice-framework/industrial-control-systems Join us every other Wednesday for Season 1 of the Simply ICS Cyber podcast, with your hosts, Don C. Weber and Tom VanNorman.Connect with your hosts on LinkedIn:- Don https://www.linkedin.com/in/cutaway - Tom https://www.linkedin.com/in/thomasvannorman =========================Simply Cyber empowers people who want a rewarding cybersecurity career=========================All the ways to connect with Simply Cyber https://SimplyCyber.io/Socials=========================The podcast and artwork embedded on this page are from Simply Cyber Media Group, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    EP 68: Hacking Cruise Ships and Data Centers

    Play Episode Listen Later Aug 8, 2025 33:21


    Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 68: Hacking Cruise Ships and Data CentersPub date: 2025-08-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThis is a story where one maritime company found multiple vendors maintaining unrestricted VPN access to systems across a cruise vessel, exposing safety-critical functions to potential compromise. Bill Moore, CEO of Xona Systems, returns to Error Code to talk about how that company and others, such as data center operators, are recognizing their latent multiple-vendor OT exposure and learning how to address it today.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    When the Plant Can't Stop: Securing Systems That Never Sleep

    Play Episode Listen Later Aug 7, 2025 33:18


    Podcast: Industrial Cybersecurity InsiderEpisode: When the Plant Can't Stop: Securing Systems That Never SleepPub date: 2025-08-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Industrial Cybersecurity Insider, Craig Duckworth sits down with Ian Bramson, VP of Global Industrial Cybersecurity at Black & Veatch, to explore what it really takes to secure complex industrial systems. Whether you're retrofitting legacy brownfield environments or designing cybersecurity into greenfield builds, Ian unpacks the foundational questions every organization must answer:What do you need to protect? Where are your holes? Can you see what's happening and respond if something goes wrong? From AI-enabled attackers to real-time asset visibility, he shares actionable insights on risk management, OT monitoring, and why leaders must begin treating cybersecurity like safety, not just an IT function. Whether you're managing a water treatment plant, a power plant, or smart transportation infrastructure, this conversation delivers clarity in complexity - and guidance for what to do next.Chapters:00:00:00 - Uncovering Hidden Dangers in Remote Access00:00:59 - Meet Ian Bramson: Defending the World's Most Critical Systems00:02:58 - Why Critical Infrastructure Is Everyone's Business00:03:30 - Power and Water: The Frontlines of Cyber Defense00:09:07 - Decoding NERC CIP: What You Really Need to Know00:10:38 - Walking the Tightrope Between Compliance and True Security00:17:01 - Proven Cybersecurity Tactics That Actually Work00:22:50 - AI in Cybersecurity: Game-Changer or New Threat?00:24:47 - How Public and Private Sectors Tackle Cyber Risk Differently00:29:31 - Ian Bramson's Final Playbook for Today's CISOsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    S1 E1: Intro to ICS, OT, and SCADA

    Play Episode Listen Later Aug 6, 2025 30:21


    Podcast: Simply ICS CyberEpisode: S1 E1: Intro to ICS, OT, and SCADAPub date: 2025-02-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome to the first episode of Simply ICS Cyber! Tune in every other Wednesday for new episodes premiering at 9:30 AM ET.Learn more about what to expect in this episode below:- Who are Don and Tom?- What are industrial and automation controls and why are they important?- What are these terms? ICS, OT, 62443, countermeasures, PLC, DCS- Why is cybersecurity different in OT versus IT?Join us every other Wednesday for Season 1 of the Simply ICS Cyber podcast, with your hosts, Don C. Weber and Tom VanNorman.Connect with your hosts on LinkedIn:- Don https://www.linkedin.com/in/cutaway- Tom https://www.linkedin.com/in/thomasvannorman=========================Simply Cyber empowers people who want a rewarding cybersecurity career=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/Socials=========================The podcast and artwork embedded on this page are from Simply Cyber Media Group, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    How to Maximize the ROI at Cybersecurity Conferences

    Play Episode Listen Later Aug 5, 2025 28:34


    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: How to Maximize the ROI at Cybersecurity ConferencesPub date: 2025-08-04Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome back to Protect It All, the podcast where host Aaron Crow goes beyond the basics of OT to explore the dynamic intersection of IT and OT cybersecurity. In this episode, Aaron takes us inside a hacker summer camp in Las Vegas - home to industry giants Black Hat and DEFCON, where tens of thousands of security professionals gather each year.  Drawing from his years of experience attending these events, Aaron unpacks the good, the bad, and the ugly of the conference circuit: from the value of in-person networking and the buzz of vendor events, to the challenges of ROI, overwhelming hype, and the evolving role of sponsors. Plus, he shares hard-won tips for making the most of Vegas - including how to find your tribe, engage meaningfully with vendors, and stay cool (literally and figuratively) amidst the chaos.  Whether you're a first-timer or a seasoned attendee, this episode is packed with honest insights and actionable advice to help you navigate the ever-evolving world of cybersecurity conferences. Key Moments:  03:05 Networking's Importance in Vegas 08:29 Evaluating Black Hat Conference ROI 12:17 "CISOs' Discreet Presence at Vendor Events" 13:22 Buzzword Overload at Conferences 18:40 Relationship-Driven Sales Strategy 21:02 Balancing Conference Costs and Value 25:44 "Prioritize Genuine Leads Only" 27:05 Enhancing Cybersecurity Events Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Long Conversation: OT and IT - Convergence, Integration, and Separation?

    Play Episode Listen Later Aug 4, 2025 92:33


    Podcast: Unsolicited Response (LS 33 · TOP 5% what is this?)Episode: Long Conversation: OT and IT - Convergence, Integration, and Separation?Pub date: 2025-07-30Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationFew topics get as much heat as the current, future, and ideal relationship between OT and IT. One of the first posts someone just discovering OT makes is how OT is different than IT. As you dig deeper into OT you find an increasing case of the technology, processes, and even the people being similar to IT. In this 90 minute long conversation format, we will try to bring some enlightenment to this question with a specially curated group of 9 S4x25 attendees.   About The Long Conversation Format  Two people begin the discussion on stage. After 10 minutes a third person will tap one of the participants on the shoulder and replace them in the conversation. This continues for the 90 minutes. Participants are on stage for 20 minutes talking to two different people for 10 minutes each.The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Breaking Down Barriers: Making IoT and Hardware Hacking Accessible to All with Andrew Bellini

    Play Episode Listen Later Aug 2, 2025 31:51


    Podcast: IoT Security Podcast (LS 25 · TOP 10% what is this?)Episode: Breaking Down Barriers: Making IoT and Hardware Hacking Accessible to All with Andrew BelliniPub date: 2025-07-29Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThe episode centers on the challenges and opportunities in IoT and OT security, with insights from technical content creator, hardware hacker, and educator Andrew Bellini. It highlights the often-overlooked vulnerabilities of industrial and consumer IoT devices, emphasizing the accessibility of hardware hacking and the need for practical, low-cost educational resources, covering hands-on learning, industry anecdotes, recommendations for securing environments, and advice for newcomers interested in hardware security. Let's connect about IoT Security!Follow Phillip Wylie at https://www.linkedin.com/in/phillipwyliehttps://youtube.com/@phillipwylieThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    The Lawyer's View: Strategic Lessons in Cybersecurity and Incident Response

    Play Episode Listen Later Aug 1, 2025 32:14


    Podcast: Industrial Cybersecurity InsiderEpisode: The Lawyer's View: Strategic Lessons in Cybersecurity and Incident ResponsePub date: 2025-07-29Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCraig Duckworth sits down with seasoned attorney and cyber crisis strategist Josh Cook, founder of Left of Boom Consulting. Together, they explore the pivotal role of proactive preparation in cybersecurity especially for mid-market and industrial organizations navigating today's hyper-connected, AI-augmented threat landscape. Josh shares hard-earned insights from decades of incident response leadership, emphasizing why building your cyber playbook before the attack is critical. From legal implications and executive missteps to the psychological attributes needed in your incident command post, this conversation is a masterclass in cyber resilience and proactive protection by design.Chapters:00:00:00 – Kicking Off with Chaos: Why Incident Response Matters00:01:02 – Enter Josh Cook: Legal Strategist Turned Cyber Commander00:01:18 – War Stories and Wisdom: Josh's Journey to Left of Boom00:02:38 – Planning Beats Panic: Mastering the Art of Pre-Incident Prep00:04:17 – Assembling the A-Team: Who Belongs in Your Cyber War Room00:09:07 – AI at the Front Lines: Friend, Foe, or Something in Between?00:12:42 – Industrial Chaos: What's Really Holding Cybersecurity Back00:16:07 – Boardroom to Shop Floor: Why the C-Suite Can't Stay Silent00:25:18 – No Secrets Here: Transparency and the Power of Telling the Truth00:29:08 – Parting Shots: Josh's Battle-Tested Advice for ResilienceLinks And Resources:Josh Cook on LinkedInWebsiteWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Bei der OT-Sicherheit ist der Staat in der Pflicht | OT Security Made Simple

    Play Episode Listen Later Aug 1, 2025 22:58


    Podcast: OT Security Made SimpleEpisode: Bei der OT-Sicherheit ist der Staat in der Pflicht | OT Security Made SimplePub date: 2025-07-29Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCybertech-Influencer und Experte für Cybersicherheit und Maschinenbau Olaf Classen spricht über Cybersicherheit als Wettbewerbs- und Standortvorteil und warum gerade deutsche und europäische Unternehmen ihre Expertise im Engineering Richtung Cybersicherheit ausbauen sollten. Er plädiert für staatliche Förderung (und nicht nur Regulierung) und dafür, Cybersicherheit und digitale Souveränität als gesamtgesellschaftliches und europäisches Projekt zu behandeln.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Lessons Learned in OT Security: Regulation, Collaboration, and the Rise of AI Threats with Kam Chumley-Soltani

    Play Episode Listen Later Jul 31, 2025 53:50


    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Lessons Learned in OT Security: Regulation, Collaboration, and the Rise of AI Threats with Kam Chumley-SoltaniPub date: 2025-07-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow is joined by Kam Chumley-Soltani, Director of OT Security at Armis, for a candid conversation that dives into the ever-evolving landscape of OT (operational technology) and IT cybersecurity. After several rescheduling attempts across time zones and even parking lots, Aaron and Kam finally sit down to share their frontline experiences and insights from the world of critical infrastructure security. From the increasing visibility of OT threats and the surge in regulatory requirements, to the convergence of IT and OT teams, they dig into what's driving organizations to prioritize real-time visibility, risk management, and collaboration. Kam reflects on his diverse background in the military, at Cisco, Dragos, and now Armis, while Aaron draws on decades of experience leading teams across power plants and utilities in Texas. They both underscore the importance of people, process, and technology - reminding us that even the best tools are only as valuable as the teams that wield them. The discussion explores the challenges smaller utilities face, balancing regulation with limited resources, and the need for cyber-informed engineering from the very start. Plus, they look ahead at the role of AI in cybersecurity, the daisy-chain effects of infrastructure attacks, and the importance of community and continuous learning in keeping ahead of the curve. Whether you're a cybersecurity veteran, just breaking into OT, or simply want to understand why your electricity bill matters, this episode is packed with anecdotes, practical advice, and a few laughs. So pull up a chair and get ready to protect it all! Key Moments:  03:18 Cybersecurity Developments and Regulatory Changes 06:33 Demand for Consulting and Assessments 09:51 Future of Regulation and Community 13:06 Regulating Small Utilities Challenges 16:41 Cybersecurity in Critical Infrastructure 19:43 Simplifying Complex Issues for All 26:12 Embracing AI in Cybersecurity 27:39 "Embrace Challenges, Educate Yourself" 30:14 Cybersecurity Threats to Infrastructure 34:29 Evaluating Automated Alerting Systems 39:38 Controlled Network Configuration Risks 42:10 Underfunded Team: Multi-Skill Necessity 45:31 "Collective Progress and Contribution" 48:13 "Geopolitical Threats to Infrastructure" About the guest :  Kam Chumley-Soltani serves as the Director of OT Solutions Engineering for the U.S. Public Sector at Armis, where he specializes in industrial cybersecurity. His expertise lies in designing secure and resilient network architectures for critical infrastructure environments. Previously, Kam led Cisco's OT Solutions Engineering team for the entire U.S. Public Sector, delivering end-to-end solutions across IoT/OT security, network architecture, diverse RF wireless deployments, embedded systems, and edge computing. He has guided numerous global enterprises, federal agencies, and SLED organizations in architecting solutions that incorporate robust networking, cybersecurity controls, advanced threat detection, and proactive vulnerability management. A Navy veteran, Kam served as a flight systems engineer and mission operations planner. He holds a B.S. in Cyber Operations from the United States Naval Academy, an M.S. in Cybersecurity from Brown University, and an M.B.A. from Northwestern University's Kellogg School of Management. He is currently pursuing his Doctor of Engineering (D.Eng.) in AI/ML from George Washington University.  How to connect Kam:  Linkedin: https://www.linkedin.com/in/kam-chumley-soltani/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    NIS2 and the Cyber Resilience Act (CRA) [The Industrial Security Podcast]

    Play Episode Listen Later Jul 30, 2025 53:55


    Podcast: The Industrial Security Podcast (LS 36 · TOP 3% what is this?)Episode: NIS2 and the Cyber Resilience Act (CRA) [The Industrial Security Podcast]Pub date: 2025-07-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationNIS2 legislation is late in many EU countries, and the new CRA applies to most suppliers of industrial / OT computerized and software products to the EU. Christina Kiefer, attorney at reuschlaw, walks us through what's new and what it means for vendors, as well as for owner / operators.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Dan Berte on Solar Grid and IoT Vulnerabilities

    Play Episode Listen Later Jul 29, 2025 32:21


    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Dan Berte on Solar Grid and IoT VulnerabilitiesPub date: 2025-07-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDan Berte, director of IoT security at Bitdefender, joins the Nexus Podcast to join his team's ongoing research into the security of solar grid inverters and three serious vulnerabilities uncovered in the popular Deye Solarman management platform.Dan discusses his team's research, the disclosure process, and the implications on green energy initiatives overall. With the growing popularity of these platforms, Berte cautions that attackers are going to continue to analyze their security for weaknesses and attempt to exploit them. Listen to the Nexus Podcast on your favorite podcast platform. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    EP 67: Collateral Damage

    Play Episode Listen Later Jul 26, 2025 23:27


    Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 67: Collateral DamagePub date: 2025-07-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOperational technology (OT) systems are no longer limited to nation-states; criminal groups and hacktivists now actively target these systems, often driven by financial or ideological motives. Kurt Gaudette, Vice President of Intelligence and Services at Dragos, explains why these systems might not even be the primary targets.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    The Double-Edged Sword of AI in Cybersecurity and Critical Infrastructure

    Play Episode Listen Later Jul 24, 2025 21:57


    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: The Double-Edged Sword of AI in Cybersecurity and Critical InfrastructurePub date: 2025-07-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this solo episode, host Aaron Crow takes us on a fast-paced journey through the latest critical developments in both IT and OT cybersecurity. Aaron breaks down the month's most pressing zero-day exploits, including high-profile attacks on Microsoft SharePoint and CrushFTP, and explores the implications of rapidly evolving threats - especially as attackers leverage AI for faster, more innovative hacks. But it's not all doom and gloom: Aaron dives into how AI is also becoming a game-changer for defense, from Google's use of AI agents to spot vulnerabilities ahead of attackers, to the promise (and dangers) of deepfake technology. He discusses new policy moves, like the FCC's proposal to ban Chinese tech in undersea internet cables and the US Coast Guard's push for cyber resilience in maritime infrastructure. Throughout the episode, Aaron offers strategic advice for organizations of all sizes - from patch management and digital twins to incident response plans designed for today's AI-driven threat landscape. Whether you're in cyber, tech, critical infrastructure, or just want to stay a step ahead, this episode is packed with actionable insights and timely analysis to boost your cyber resilience. Plug in for a conversation that's equal parts eye-opening and empowering! Key Moments;  01:20 High-Level Tactical Briefing 05:31 Digital Twin for System Security 09:39 Dual Role of Tools 12:00 Emergency Procedures Reminder 14:24 Challenges in OT System Integration 18:32 Deep Fake Detection and Response 20:12 "AI Persistence and Impact" Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Plant-Level Cyber Risk: Who's Actually Responsible?

    Play Episode Listen Later Jul 23, 2025 30:45


    Podcast: Industrial Cybersecurity InsiderEpisode: Plant-Level Cyber Risk: Who's Actually Responsible?Pub date: 2025-07-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino Busalachi and Craig Duckworth tackle one of the most overlooked threats in cybersecurity: the number of industrial vendors and system integrators in manufacturing environments. The conversation addresses the relationship and communication gap between IT and the teams responsible for designing and supporting industrial control systems. They emphasize the need for improved governance, enhanced vendor accountability, and clear ownership of cyber risk. Whether you're a CISO, CIO, or VP of Engineering, this episode offers actionable insight into bridging the IT/OT divide, securing plant floors, and building a cybersecurity strategy that works at the edge of your business.Chapters:00:00:00 - Kicking Off: Why Transparency in Cyber Matters00:00:43 - Who's Talking? Meet Craig & Dino00:01:05 - The Big Question: What's IT's Role in Industrial Security?00:01:35 - When Too Many Vendors = Chaos00:02:37 - How to Actually Secure OT Environments00:03:46 - Choosing the Right Partners (and Asking the Right Questions)00:12:37 - Why Cyber Teams Need Plant Floor Time00:14:24 - Getting Smarter: Use External Experts & Vendor Summits00:18:22 - IT Meets OT: Closing the Culture Gap00:30:03 - What Now? Practical Next Steps for CISOsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Vivek Ponnada on the Ongoing Maturity of OT Security

    Play Episode Listen Later Jul 22, 2025 35:55


    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Vivek Ponnada on the Ongoing Maturity of OT SecurityPub date: 2025-07-21Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT cybersecurity veteran Vivek Ponnada, SVP Growth & Strategy at Frenos, joins the Nexus Podcast to lend his expertise on the areas where he is seeing the most maturity and rapid evolution in the practice. Vivek explains the growing demand for contextual information to supplement the data organizations have around their known assets and vulnerabilities, for example. He also explains current risk prioritization and mitigation strategies, and how advanced technologies fit into the OT security landscape. Listen to the Nexus Podcast on your favorite podcast platform. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Vulnerability Overload: Making Prioritization Work in the Real World

    Play Episode Listen Later Jul 21, 2025 35:36


    Podcast: Critical Assets PodcastEpisode: Vulnerability Overload: Making Prioritization Work in the Real WorldPub date: 2025-07-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Patrick Miller speaks with Kylie McClanahan, CTO at Bastazo, about the practical (and often messy) realities of patch and vulnerability management in operational technology (OT) environments. Kylie shares grounded insights into patching challenges, the gaps between IT and OT remediation cycles, and the real-world implications of relying too heavily on scoring systems like CVSS.The conversation covers CISA's Known Exploited Vulnerabilities (KEV) catalog, exploring how it's being used (and possibly misused) in prioritization workflows, and where the disconnects lie between policy directives and operational feasibility. Kylie also critiques the current state of vendor responsiveness, machine-readable vulnerability disclosure (CSAF), and the importance of asset and exposure awareness.This episode is essential listening for practitioners wrestling with patching fatigue, program prioritization, and the tradeoffs between theoretical vulnerability data and applied security outcomes in critical infrastructure environments.Links:CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilitiesCISA vulnrichment: https://github.com/cisagov/vulnrichmentVulnrichment, Year One: https://www.youtube.com/watch?v=g5pSVMnWD7kCISA SSVC: https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvcCarnegie Mellon SSVC: https://certcc.github.io/SSVC/CSAF: https://www.csaf.io/VulnCheck KEV: https://vulncheck.com/kevKylie McLanahan on LinkedIn: https://www.linkedin.com/in/kyliemcclanahan/Bastazo: https://bastazo.comThe podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Können Systeme zur Angriffserkennung zum Sicherheitsrisiko werden? | OT Security Made Simple

    Play Episode Listen Later Jul 19, 2025 23:49


    Podcast: OT Security Made SimpleEpisode: Können Systeme zur Angriffserkennung zum Sicherheitsrisiko werden? | OT Security Made SimplePub date: 2025-07-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationManuel Atug, Geschäftsführer der HiSolutions und Mitgründer der unabhängigen AG Kritis, hinterfragt kritisch und aus eigener Erfahrung, was ein SzA leisten muss, wie gut es um deren eigene Sicherheit steht und wie Anbietern aus dem nichteuropäischen Ausland mit den Daten umgehen. Als Bonus erfahren wir endlich, wo sein Social-Media-Handle HonkHase herkommt.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    The C-Suite's Role in Industrial Cybersecurity

    Play Episode Listen Later Jul 18, 2025 25:11


    Podcast: Industrial Cybersecurity InsiderEpisode: The C-Suite's Role in Industrial CybersecurityPub date: 2025-07-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Craig Duckworth and Dino Busalachi discuss the critical role of the C-suite in fortifying manufacturing environments against cyber threats. They discuss the unique challenges that manufacturing organizations face. Their conversation reinforces the importance of executive teams understanding and actively engaging in industrial OT cybersecurity strategies. With compelling arguments for a more involved C-suite, Craig and Dino explore the intersection of cybersecurity and operational efficiency. They emphasize the need for leadership to understand and lead the charge to ensure security for industrial control systems. This episode serves as a wake-up call for executives to embrace their role in protecting their companies from potential adverse events. This episode highlights the fact that cybersecurity is not just an IT issue but a foundational aspect of modern business resilience.Chapters:00:00:00 - Meet Dino and Craig00:01:47 - Deciphering Cybersecurity's Extensive Influence on Manufacturing Dynamics00:03:29 - Unpacking the Costs: The Stark Reality of Ignoring Cybersecurity00:04:08 - The Interplay Between Cyber Insurance, Liability, and Organizational Security00:05:07 - Charting the Course: Fundamental Actions for Cyber Resilience00:07:35 - Implementing Cybersecurity Measures: A Tactical Overview for Manufacturing Leaders00:10:54 - The Imperative of Continuous Monitoring in Mitigating Cyber Risks00:14:11 - Bridging the Divide: Fostering Collaboration Between IT and OT Teams00:17:06 - Cultivating Cyber-Aware Culture: Integrating Security into the Manufacturing DNA00:20:01 - Forward Momentum: Strategic Insights for Executive Leadership on Cybersecurity00:24:28 - Reflecting on the Imperatives of Cybersecurity in the Manufacturing SectorLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Gil Groskop VP Technology & Digital Transformation @Mekorot on moving tech forward & cyber by design

    Play Episode Listen Later Jul 17, 2025 54:22


    Podcast: ICS Cyber Talks PodcastEpisode: Gil Groskop VP Technology & Digital Transformation @Mekorot on moving tech forward & cyber by designPub date: 2025-07-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationפעמים אנחנו שוכחים שמים הם חלק מתעשיית המזון, האחריות של אספקת מים היא לא רק ברציפות האספקה בכול תנאי אלא גם עמידה בדרישות האיכות. בישראל קיימות שתי חברות תשתית גדולות כאשר מקורות היא אחת מהן עם אלפי אתרים ומערכות בקרה שפרוסות על פני כול המדינה. הצורך לאחד בין ביטחון פיזי לביטחון סייבר יחד עם הזרמת מידע בזמן אמת עד לאחרון העובדים היא אתגר שדורש תכנון ארוך טווח ומשאבים נחשון פינקו מארח את גיל גרוסקופ סמנכ"ל הטכנולוגיות והטרנספורמציה הדיגיטלית של חברת מקורות בשיחה על השינוי המז'ורי תפיסתי בכול הקשור לטכנולוגיה והגנת הסייבר בחברה בשנים האחרונות מה האתגר הטכנולוגי והאנושי שבהחלפת מערכות ישנות באלפי אתרים איך מגייסים את ההנהלה והדירקטוריון לתמוך בנושא הסייבר וההשקעות הנדרשות איך מנהלים עשרות פרויקטים גדולים בו זמנית והחשיבות של הגישה שיש לתת ביטוי לסייבר בכול שלב ועודThe podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Building IoT Trust: Budgeting, Community, and the Hacker Mindset with Ted Harrington

    Play Episode Listen Later Jul 15, 2025 32:14


    Podcast: IoT Security Podcast (LS 25 · TOP 10% what is this?)Episode: Building IoT Trust: Budgeting, Community, and the Hacker Mindset with Ted HarringtonPub date: 2025-07-14Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationTed Harrington (Founder of IoT Village, Executive Partner for Independent Security Evaluators, Author, Speaker, and Podcaster) examines the ongoing challenges and progress in IoT security, emphasizing how community initiatives, the hacker mindset, and business-oriented communication can drive real change in the industry. Ted and Phil Wylie discuss practical strategies for justifying security budgets to management, the value of offensive security, and the important role of education and community in strengthening defenses. Also highlighted are how IoT security is both improving and facing growing risks due to rapid expansion, and why viewing security as a competitive advantage is vital for organizations. Let's connect about IoT Security!Follow Phillip Wylie at https://www.linkedin.com/in/phillipwyliehttps://youtube.com/@phillipwylieThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Powering the Future: The Overlooked Cyber Risks in Our Expanding Electric Grid

    Play Episode Listen Later Jul 14, 2025 23:10


    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Powering the Future: The Overlooked Cyber Risks in Our Expanding Electric GridPub date: 2025-07-14Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow gets into one of the most pressing issues facing our future power grid: the explosive impact of AI, electric vehicles, and data centers on energy demand and what happens when cybersecurity gets left out of the equation.  As Texas and other states stare down a projected 50% surge in peak energy load by 2030, Aaron shares firsthand insights from his decades in the power utility industry and raises urgent questions about how we're building the next generation of critical infrastructure. From the logistical nightmare of charging a million electric cars in urban apartment complexes to the cold reality that most new power plants are being commissioned without cybersecurity in mind, Aaron pulls back the curtain on missed opportunities and potential threats.  Why isn't OT security part of major DOE planning reports? Who's responsible for managing cyber risks in this rapidly evolving landscape? And what's at stake if we don't build security into our systems from day one? If you're in IT, OT, operations, or simply care about keeping the lights on in our data-driven world, this is a conversation you don't want to miss. Tune in as Aaron calls for a united front: making cybersecurity a non-negotiable priority in the grid transformation ahead.   Key Moments:  01:12 "Urgent Power Capacity Boost by 2030" 05:21 Electric Car Charging Challenges 08:59 System Vulnerabilities and Design Flaws 10:01 Cybersecurity: Everyone's Responsibility 15:20 Complexity of Grid Black Start Process 18:53 Urgency in Tech and Power Security Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Network Duct Tape [The Industrial Security Podcast]

    Play Episode Listen Later Jul 12, 2025 64:25


    Podcast: The Industrial Security Podcast (LS 36 · TOP 3% what is this?)Episode: Network Duct Tape [The Industrial Security Podcast]Pub date: 2025-07-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationHundreds of subsystems with the same IP addresses? Thousands of legacy devices with no modern encryption or other security? Constant, acquisitions of facilities "all over the place" network-wise and security-wise? What most of us need is "network duct tape". Tom Sego of Blastwave shows us how their "duct tape" works.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    EP 66: Secure only the OT code that actually runs

    Play Episode Listen Later Jul 11, 2025 23:11


    Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 66: Secure only the OT code that actually runsPub date: 2025-07-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationMany organizations spend valuable security resources fixing vulnerabilities in code that never actually runs—an inefficient and often unnecessary effort. Jeff Williams, CTO and founder at Contrast Security, says that 62% of open source libraries included in software are never even loaded into memory, let alone executed. This means only 38% of libraries are typically active and worth prioritizing. The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Hiring for the Frontlines of Critical Infrastructure with Nathaniel Smith

    Play Episode Listen Later Jul 9, 2025 35:51


    Podcast: Bites & Bytes PodcastEpisode: Hiring for the Frontlines of Critical Infrastructure with Nathaniel SmithPub date: 2025-07-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhat does it take to build a cybersecurity workforce capable of protecting the systems that keep the lights on and food on our plates? In this episode, host Kristin Demoranville is joined by Nathaniel Smith, Co-Founder and VP at SR2, a purpose-driven recruitment firm. Nathaniel, who specializes in hiring OT/ICS, brings over 14 years of recruiting experience and a refreshing dose of honesty to the challenges of hiring in critical infrastructure. Together, they explore what makes a strong Operational Technology (OT) candidate, why culture fit matters as much as technical skills, and how broken hiring processes often keep the best people out. For sectors like food and agriculture, where operational technology is directly tied to safety, production, and public trust, getting the right people into the right roles isn't just important. It's essential. --------------- Show Notes: Mike Holcomb's Episode (here) SEC Ruling on Disclosure of Cyber Incidents (here)

    Breaking Down the IT-OT Wall: Why IT Cybersecurity Tools Fail on the Plant Floor

    Play Episode Listen Later Jul 9, 2025 24:25


    Podcast: Industrial Cybersecurity InsiderEpisode: Breaking Down the IT-OT Wall: Why IT Cybersecurity Tools Fail on the Plant FloorPub date: 2025-07-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino Busalachi and Craig Duckworth tackle a critical disconnect plaguing industrial organizations: the disconnect in understanding and communication between IT and OT regarding industrial cybersecurity. While some IT departments are investing in OT cybersecurity platforms, 85% of the data these tools collect is designed for OT teams to act upon. Unfortunately, plant floor personnel, system integrators, and OEMs working in these environments rarely get access to dashboards, asset inventories, or vulnerability reports.Organizations must move beyond the "oil and water" mentality between IT and OT. This means involving plant personnel in cybersecurity decisions, sharing data with trusted partners who "build the cars" (not just buy them), and recognizing that effective OT security requires collaboration with the people who live and breathe on the plant floor every day.Bottom Line: If you're not sharing cybersecurity data with your system integrators, OEMs, and plant operations teams, you're not practicing true IT-OT convergence. You're missing critical opportunities to improve your security posture where it matters most.Chapters:00:00:00 - Why Local Collaboration is Critical for Cybersecurity Success00:01:07 - Meet Dino and Craig: Experts in IT/OT Integration00:01:49 - Unpacking the Challenges of IT/OT Convergence00:02:28 - Why IT and OT Teams Often Struggle to Align00:04:48 - Building Collaborative Frameworks for Stronger Cybersecurity00:07:33 - The Role of CIOs and CISOs in Driving Change00:08:44 - Navigating the Complexities of Diverse Plant Environments00:10:23 - Partnering with Vendors to Enhance Security Outcomes00:11:16 - Key Questions to Evaluate System Integrators Effectively00:16:35 - Using Tabletop Exercises to Align IT and OT Teams00:22:20 - Closing Thoughts: Bridging the Divide for Unified CybersecurityLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    How AI Became the Ultimate Cybersecurity Blind Spot: Understanding the Microsoft 365 Copilot Vulnerability

    Play Episode Listen Later Jul 8, 2025 17:55


    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: How AI Became the Ultimate Cybersecurity Blind Spot: Understanding the Microsoft 365 Copilot VulnerabilityPub date: 2025-07-07Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow dives deep into the fast-evolving world of AI automation and its impact on cybersecurity. Aaron breaks down practical, real-world ways security professionals can leverage AI to streamline their workflows without breaking data loss prevention policies or putting proprietary information at risk.  From drafting reports and playbooks to automating repetitive tasks and managing vulnerability data, Aaron offers actionable advice for using both public AI tools like ChatGPT and more advanced private AI models. He also addresses common fears CISOs and business leaders have about unsanctioned AI use in the workplace and shares tips for staying safe and compliant while taking advantage of AI's efficiencies.  Whether you're in a large enterprise or a lean team with limited resources, you'll come away with a fresh perspective on how to use AI responsibly to work smarter and protect your organization. Plus, Aaron invites listeners to share their own creative AI use cases and lessons learned. Let's jump in and explore how to protect it all as AI advances. Key Moments :  01:20 AI's Rising Role in Media 03:22 Guidelines for Using AI Safely 07:06 "AI Integration and Automation Strategies" 10:03 Automating Windows Management Tasks 14:29 Exploring AI for Personal Tasks Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    The System Integrator's Role in Supporting OT Security

    Play Episode Listen Later Jul 4, 2025 32:38


    Podcast: Industrial Cybersecurity InsiderEpisode: The System Integrator's Role in Supporting OT SecurityPub date: 2025-07-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Craig Duckworth and Dino Busalachi discuss the critical but often overlooked or misunderstood role of system integrators (SIs) in industrial cybersecurity.Key Issues Identified:Organizations typically work with multiple specialized integrators across different facilities and systemsSome SIs lack cybersecurity expertise, focusing primarily on equipment functionalityEquipment can remain connected to networks for decades, with ownership and oversight changing hands over timeSystem integrators must exercise proper IT coordination to implement remote access solutions effectivelyRecommendations:IT and OT teams should collaborate more closely with system integrators on cybersecurity planningOrganizations need to evaluate their SIs' cybersecurity capabilities and partnershipsConsider standardizing on integrators with demonstrated cybersecurity practices and vendor certificationsApply the same due diligence used for IT vendor selection to OT system integratorsBottom Line: System integrators are essential partners in executing industrial cybersecurity strategies and protection. Organizations must actively engage them in security conversations and ensure they have the necessary skills and partnerships to implement secure solutions for their plant environments from the start.Chapters:00:00:00 - Real-World Ransomware Hits the Plant Floor00:00:52 - Meet the System Integrators Shaping Your OT Plant Floor Security00:01:17 - What System Integrators Really Do (and Don't)00:04:13 - Remote Access: The Hidden Backdoor Nobody Sees00:08:34 - Why Ongoing Monitoring Is Non-Negotiable00:13:30 - How to Pick the Right System Integrator For Your Operations00:26:17 - Building Strong Partnerships with Your IntegratorsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    The Evolution of Procurement in OT Security | OT Security Made Simple

    Play Episode Listen Later Jul 3, 2025 23:31


    Podcast: OT Security Made SimpleEpisode: The Evolution of Procurement in OT Security | OT Security Made SimplePub date: 2025-07-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of OT Security Made Simple, Klaus Mochalski and Søren Knudsen discuss the evolving landscape of OT security in light of current geopolitical tensions. They explore how procurement processes have shifted, the importance of evaluating a broader range of security solutions, and the risks associated with relying on specific vendors. The conversation emphasizes the need for organizations to conduct thorough research and consider local providers to mitigate risks effectively.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    How to Harness AI Without Breaking Security or Corporate Policies

    Play Episode Listen Later Jul 1, 2025 15:46


    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: How to Harness AI Without Breaking Security or Corporate PoliciesPub date: 2025-06-30Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow dives deep into the fast-evolving world of AI automation and its impact on cybersecurity. Aaron breaks down practical, real-world ways security professionals can leverage AI to streamline their workflows without breaking data loss prevention policies or putting proprietary information at risk.  From drafting reports and playbooks to automating repetitive tasks and managing vulnerability data, Aaron offers actionable advice for using both public AI tools like ChatGPT and more advanced private AI models. He also addresses common fears CISOs and business leaders have about unsanctioned AI use in the workplace and shares tips for staying safe and compliant while taking advantage of AI's efficiencies.  Whether you're in a large enterprise or a lean team with limited resources, you'll come away with a fresh perspective on how to use AI responsibly to work smarter and protect your organization. Plus, Aaron invites listeners to share their own creative AI use cases and lessons learned. Let's jump in and explore how to protect it all as AI advances. Key Moments :  01:20 AI's Rising Role in Media 03:22 Guidelines for Using AI Safely 07:06 "AI Integration and Automation Strategies" 10:03 Automating Windows Management Tasks 14:29 Exploring AI for Personal Tasks Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Pedro Umbelino on Exploiting ATG Devices in Fuel Storage

    Play Episode Listen Later Jun 29, 2025 27:14


    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Pedro Umbelino on Exploiting ATG Devices in Fuel StoragePub date: 2025-06-29Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationPedro Umbelino, Principal Research Scientist at Bitsight Technologies, joins the Nexus Podcast to discuss his team's research into Automatic Tank Gauge (ATG) systems and how they uncovered 11 vulnerabilities in ATGs manufactured by five different vendors. ATG systems are an industrial control system that monitors fuel levels inside storage tanks, including those at gasoline stations, military bases, hospitals, airports, and elsewhere. ATGs track fuel levels, and are meant to detect leaks, help with inventory management, and are key in regulatory compliance efforts.The vulnerabilities uncovered by Pedro and his team expose these systems to catastrophic risks, from environmental hazards to significant economic losses, including physical damage.Worse yet is that these systems are old and challenging to update. Read Bitsight's research here.Listen to the Nexus Podcast on your favorite podcast platform. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    EP 65: Hacking Critical Infrastructure Through Supply Chains

    Play Episode Listen Later Jun 28, 2025 30:22


    Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 65: Hacking Critical Infrastructure Through Supply ChainsPub date: 2025-06-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCritical Infrastructure software lacks the strict liability standards found in industries like automotive manufacturing, leading to minimal accountability for insecure products when they get exploited.  Alex Santos, CEO of Fortress Information Security, explains how they're typically hired by buyers of ICS equipment—such as utilities—to assess and mitigate supply chain risks, including working with OEMs to improve security.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    When IT Cyber Events Bring Down the Plant Floor

    Play Episode Listen Later Jun 27, 2025 29:47


    Podcast: Industrial Cybersecurity InsiderEpisode: When IT Cyber Events Bring Down the Plant FloorPub date: 2025-06-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCraig and Dino break down how cyberattacks that start in traditional IT systems can shut down entire manufacturing production lines, leading to massive financial losses. Using real-world examples like UNFI's $500 million drop in market value in 60 hours, they explain how overlooked connections between IT and the OT plant floor are often the weakest links. You'll hear why simply installing firewalls isn't enough, how organizational silos between IT and operations cause major blind spots, and what it really takes to secure industrial equipment. Whether you're in leadership, technology, or operations, this episode will change how you think about cyber risk and business continuity in connected environments.Chapters:00:00:00 - Introduction: Where Responsibility Ends and Authority Doesn't Begin00:01:08 - Meet Your Guides: Dino & Craig On the Frontlines00:01:14 - When Cyber Hits the Plant Floor00:01:28 - Real-World Wake-Up: The Unify IT Incident00:02:36 - The Gaps No One's Watching in OT Security00:03:18 - How Org Structure Can Make or Break Cyber Defense00:04:03 - Plugging in OT Visibility: IDS in Action00:04:43 - Who's Really Calling the Shots—Corporate or the Plant?00:07:02 - IT-OT Convergence: What Leaders Must Understand00:13:14 - Building Cyber Defense That Actually Works00:15:25 - Recovery Starts Before the Breach00:17:37 - Why IT Alone Can't Fix OT Problems00:24:55 - Just Getting Started? Here's What to Do First00:28:33 - Final Word: You Can't Secure OT AloneLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Driving OT Security Innovation: AI, Risk Reduction, and the Future of Critical Infrastructure

    Play Episode Listen Later Jun 26, 2025 68:02


    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Driving OT Security Innovation: AI, Risk Reduction, and the Future of Critical InfrastructurePub date: 2025-06-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome back to Protect It All! In this episode, host Aaron Crow sits down with longtime friend and OT cybersecurity veteran Brian Proctor for a deep dive into the current state—and future—of the OT cyber landscape. Together, they trade stories from the front lines, reflecting on how their early experiences as asset owners shaped their passion for innovation and helping critical infrastructure run safely and securely. Brian, whose career spans roles from OT engineer to startup co-founder, opens up about his journey—highlighting his drive to push the boundaries of traditional OT security and the evolution of key industry technologies. The conversation explores everything from the persistent lack of innovation in OT, to AI's growing role in tackling the daunting challenges of risk reduction, visibility, and scaling assessments across sprawling environments. If you've ever wondered how new tech like AI is reshaping industrial cybersecurity, why “we've always done it this way” just doesn't cut it anymore, or how organizations can realistically stay ahead without breaking the bank, this episode delivers honest insights, practical advice, and a look toward an exciting, if sometimes daunting, future. So grab your headphones and settle in as Aaron and Brian share stories, hot takes, and strategies designed to protect it all—because in critical infrastructure, the stakes have never been higher. Key Moments:  06:45 OT Cyber Industry Evolution 11:57 Evolving Challenges in OT Security 19:34 Bridging the OT Security Skills Gap 21:54 Enhancing OT Security Understanding 30:46 AI Model Security Challenges 34:26 Rapid Scaling for Site Assessments 40:56 Simulating Cyber Threat Responses 47:19 Operational Priorities: Equipment vs. Cyber Tools 49:30 Focus on Meaningful Security Metrics 56:30 Rapid AI Adoption vs. Internet 01:02:12 Cybersecurity: Small Targets are Vulnerable About the guest :  Brian Proctor is a cybersecurity leader with over 20 years of experience protecting critical infrastructure across energy, industrial automation, and operational technology sectors. As the co-founder and CEO of Frenos, he empowers critical infrastructure operators to proactively secure their environments against evolving cyber threats. Brian built his foundation in ICS/OT cybersecurity during his 13+ year tenure at two progressive California Investor Owned Utilities, San Diego Gas & Electric and Southern California Edison serving the 2nd and 8th largest cities in the United States. He managed a team of 15 security engineers and researchers across 150+ projects, established OT security roadmaps, and co-invented an R&D Magazine Top 100 award-winning GPS anti-spoofing mitigation technology that earned him a patent. Brian has published IEEE papers on security monitoring, served as Critical Infrastructure Co-Chair for Securing Our eCity, and regularly speaks at conferences to educate and build the ICS/OT cybersecurity community. He holds technical certifications including GICSP, CISSP, and CRISC, along with a Business Administration degree from the University of San Diego. Links:  https://frenos.io/services - Learn more about Optica, the industry's first tech-enabled rapid OT visibility service  https://frenos.io/autonomous-ot-security-assessment-platform - Learn more about how to automate OT security risk assessments Connect Brian : https://www.linkedin.com/in/brianproctor67/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    4/4 Desenlace incorporando ciberseguridad en el diseño de tecnología industrial

    Play Episode Listen Later Jun 25, 2025 18:13


    Podcast: Casos de Ciberseguridad IndustrialEpisode: 4/4 Desenlace incorporando ciberseguridad en el diseño de tecnología industrialPub date: 2025-06-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn este episodio se muestran recomendaciones para quien esté empezando a considerar la ciberseguridad como parte del desarrollo de una nueva tecnología y cambios estructurales o culturales necesarios para seguir avanzando.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Steven Sim on OT-ISAC and the State of Information Sharing

    Play Episode Listen Later Jun 24, 2025 43:08


    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Steven Sim on OT-ISAC and the State of Information SharingPub date: 2025-06-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSteven Sim, Chair of the OT-ISAC Advisory Committee, joins the Nexus Podcast to catch us up on the ISAC's activities, and some of the upcoming community-driven initiatives sponsored by the group. Steven shares the processes by which member organizations share incident, threat, and vulnerability information. He also discusses how member organizations contribute and participate in discussions and events that level up the maturity of cybersecurity practices within OT asset-heavy enterprises. Listen to the Nexus Podcast on your favorite podcast platform.The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    AI-Native OT Security with FRENOS' Harry Thomas and Colin Murphy

    Play Episode Listen Later Jun 23, 2025 38:27


    Podcast: Secure Insights with NDK CyberEpisode: AI-Native OT Security with FRENOS' Harry Thomas and Colin MurphyPub date: 2025-06-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSend us a textThis week on Secure Insights, we're joined by FRENOS Founder Harry Thomas and Chief Hacking Officer Colin Murphy. Frenos is an innovative organisation revolutionising OT security through the use of AI and next-generation tech. In this episode, we shine a light on some of the most overlooked challenges in the OT space, exploring whether the traditional ways of assessing risk still hold up, and how scalable the Frenos approach really is. We dive into what's working, what's not, and where the future of OT security is headed. From critical vulnerabilities to smarter, AI-driven solutions, we unpack it all giving you real insight into where businesses are falling short, where they're leading the charge, and what needs to change to secure our infrastructure for the long haul.Get in touch with host James hereGet in touch with Harry here.Get in touch with Colin here.The podcast and artwork embedded on this page are from NDK Cyber, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Wer ist für die Cybersicherheit der Windparks verantwortlich? | OT Security Made Simple

    Play Episode Listen Later Jun 22, 2025 25:09


    Podcast: OT Security Made SimpleEpisode: Wer ist für die Cybersicherheit der Windparks verantwortlich? | OT Security Made SimplePub date: 2025-06-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationMohamed Harrou erklärt als OT-Sicherheitsingenieur beim Energieversorger Amprion den Mehrwert von OT-Sicherheit in Windparks und PV-Anlagen. Mit seinem 12 Jahren Erfahrung im Bereich erneuerbarer Energieanlagen liefert er praxisnahe Einblicke zu den technologischen und organisatorischen Herausforderungen moderner Windparks und gibt eine überraschende und eher beunruhigende Antwort auf die Frage nach den Verantwortlichkeiten. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Sarah Fluchs on the Cyber Resilience Act

    Play Episode Listen Later Jun 21, 2025 37:46


    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Sarah Fluchs on the Cyber Resilience ActPub date: 2025-06-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCybersecurity and technology expert Sarah Fluchs joins the 100th episode of the Nexus Podcast to discuss the EU's Cyber Resilience Act and what it means for manufacturers of "products with digital elements" as they aim toward a 2027 compliance deadline. Sarah provides her insight on the regulation's essential requirements, its focus on secure-by-design and overall cyber resilience of products, and the milestones manufacturers need to hit as their compliance efforts get under way. Sarah also discusses her thought leadership and work in bringing cybersecurity to engineers, asset operators, and other non-security teams. It's important, she says, to eliminate cybersecurity's innate complexity and bring these concepts to engineers and others on their terms. Listen to the Nexus Podcast on your favorite podcast platform.The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Credibility, not Likelihood [The Industrial Security Podcast]

    Play Episode Listen Later Jun 20, 2025 53:05


    Podcast: The Industrial Security Podcast (LS 36 · TOP 3% what is this?)Episode: Credibility, not Likelihood [The Industrial Security Podcast]Pub date: 2025-06-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSafety defines cybersecurity - Kenneth Titlestad of Omny joins us to explore safety, risk, likelihood, credibility, and deterministic / unhackable cyber defenses - a lot of it in the context of Norwegian offshore platforms.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    When CISOs Inherit the Plant Floor: What Happens Next?

    Play Episode Listen Later Jun 19, 2025 28:50


    Podcast: Industrial Cybersecurity InsiderEpisode: When CISOs Inherit the Plant Floor: What Happens Next?Pub date: 2025-06-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhat happens when the CISO inherits responsibility for the security of the plant floor?Dino and Craig discuss a growing trend: CISOs are being expected to oversee cybersecurity for industrial plant floors. Unfortunately, they don't have the background to effectively take on this responsibility.A perpetuating trend exists where cybersecurity leaders are expected to protect factories and industrial assets without the authority, tools, or support to do so effectively.In this conversation, Dino and Craig explain why traditional IT security approaches don't work in these environments, and how things like outdated equipment, disconnected systems, and outside vendors make the challenge even harder. From weak remote access tools to the confusion around who actually manages plant security, this episode shines a light on the hidden risks most companies overlook.Whether you're in IT, operations, or a leadership role, you'll walk away with a better understanding of how to approach cybersecurity in complex industrial settings.You'll also gain insights into the steps you can take to protect your people, your technology, and your bottom line.Chapters:00:00:00 - Kicking Off: Smart Tool Choices Start Here00:01:02 - When CISOs Inherit the Factory Floor00:02:17 - Making Friends with OEMs and Integrators00:04:47 - Why OT Security Is a Whole Different Beast00:08:50 - Cyber Budgets: Where's the Money Really Coming From?00:13:10 - How to Actually Roll Out Security in the Plant00:18:35 - VPNs Aren't Enough: Fixing Remote Access00:24:42 - What OT Incident Response Really Looks Like00:27:17 - Wrapping It Up: Strategy, Buy-In, and What's NextLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Inside OT Penetration Testing: Red Teaming, Risks, and Real-World Lessons for Critical Infrastructure with Justin Searle

    Play Episode Listen Later Jun 18, 2025 54:21


    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Inside OT Penetration Testing: Red Teaming, Risks, and Real-World Lessons for Critical Infrastructure with Justin SearlePub date: 2025-06-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow sits down with OT security expert Justin Searle, Director of ICS Security at InGuardians, for a deep dive into the ever-evolving world of OT and IT cybersecurity.  With over 25 years of experience, ranging from hands-on engineering and water treatment facilities to red-team penetration testing on critical infrastructures such as airports and power plants, Justin brings a wealth of insight and real-world anecdotes. This episode unpacks what it really takes to assess and secure operational technology environments. Whether you're a C-suite executive, a seasoned cyber pro, or brand new to OT security, you'll hear why network expertise, cross-team trust, and careful, collaborative engagement with engineers are so crucial when testing high-stakes environments. Aaron and Justin also discuss how the industry has matured, the importance of dedicated OT cybersecurity teams, and why practical, people-first approaches make all the difference, especially when lives, reliability, and national infrastructure are on the line. Get ready for actionable advice, hard-earned lessons from the field, and a candid look at both the progress and the ongoing challenges in protecting our most critical systems.   Key Moments:  05:55 Breaking Into Cybersecurity Without Classes 09:26 Production Environment Security Testing 13:28 Credential Evaluation and Light Probing 14:33 Firewall Misconfiguration Comedy 19:14 Dedicated OT Cybersecurity Professionals 20:50 "Prioritize Reliability Over Latest Features" 24:18 "IT-OT Convergence Challenges" 29:04 Patching Program and OT Security 32:08 Complexity of OT Environments 35:45 Dress-Code Trust in Industry 38:23 Legacy System Security Challenges 42:15 OT Cybersecurity for IT Professionals 43:40 "Building Rapport with Food" 47:59 Future OT Cyber Risks and Readiness 51:30 Skill Building for Tech Professionals   About the Guest :  Justin Searle is the Director of ICS Security at InGuardians, specializing in ICS security architecture design and penetration testing.  He led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played critical roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP).     Justin has taught hacking techniques, forensics, networking, and intrusion detection courses for multiple universities, corporations, and security conferences.  His current courses at SANS and Black Hat are among the world's most attended ICS cybersecurity courses.  Justin is currently a Senior Instructor for the SANS Institute and a faculty member at IANS. In addition to electric power industry conferences, he frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, HITBSecConf, Brucon, Shmoocon, Toorcon, Nullcon, Hardware.io, and AusCERT.     Justin leads prominent open-source projects, including The Control Thing Platform, Samurai Web Testing Framework (SamuraiWTF), and Samurai Security Testing Framework for Utilities (SamuraiSTFU).  He has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), Web Application Penetration Tester (GWAPT), and GIAC Industrial Control Security Professional (GICSP)   How to connect Justin:  https://www.controlthings.io https://www.linkedin.com/in/meeas/ Email: justin@controlthings.io Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    3/4 Acciones Incorporando ciberseguridad en el diseño de tecnología industrial

    Play Episode Listen Later Jun 17, 2025 16:23


    Podcast: Casos de Ciberseguridad IndustrialEpisode: 3/4 Acciones Incorporando ciberseguridad en el diseño de tecnología industrialPub date: 2025-06-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn este episodio se muestran las medidas o buenas prácticas para implementar la ciberseguridad durante el diseño, implementación y puesta en marcha de tecnologías además de herramientas o metodologías que se utilizan.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Reflections from the Front Lines of Industrial Cyber Failures

    Play Episode Listen Later Jun 16, 2025 21:58


    Podcast: Industrial Cybersecurity InsiderEpisode: Reflections from the Front Lines of Industrial Cyber FailuresPub date: 2025-06-12Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this rewind episode, cybersecurity leaders revisit some of the hardest-hitting truths about protecting critical infrastructure in an increasingly converged IT/OT world. This conversation explores the disconnect between IT theory and OT reality, from the real-world fallout of the CrowdStrike disruption to the challenges of virtual patching, insider threats, and the cloud's role on the plant floor. The discussion exposes how legacy systems, poor collaboration, alert fatigue, and vendor dependency continue to sabotage industrial cybersecurity. They discuss tactical strategies for improving, from asset inventory and patching hygiene to choosing the right partners and walking the plant floor.Chapters:00:00:00 - Cyber threats are moving faster than your patch cycle00:00:47 - Crowdstrike, Virtual Patching and Industrial OT Environments with Debbie Lay, TXOne Networks00:07:48 - The #1 Myth Putting Your Industrial OT Assets at Risk00:15:01 - Patch Management and Software Updates: IT versus OTLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Modern SCADA: ensuring safety, relevance and convenience

    Play Episode Listen Later Jun 14, 2025 13:51


    Podcast: Control Amplified: The Process Automation Podcast (LS 25 · TOP 10% what is this?)Episode: Modern SCADA: ensuring safety, relevance and conveniencePub date: 2025-06-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSCADA applications are responsible for far more than facilitating real-time process monitoring and alarm management. The process history they compile over time is critical to providing the data-driven insights that industry relies on when optimizing their systems to control costs, maximize uptime and increase the life of infrastructure. Modern SCADA systems must ensure data is safe, relevant and easily shareable with a company's own team or third-party reporting solutions, business systems and artificial intelligence (AI) platforms. Control Amplified talked to Chris Little, media relations director, Trihedral Engineering, about straightforward principles to ensure that your SCADA data is ready to go to work.The podcast and artwork embedded on this page are from ControlGlobal, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    EP 64: Volt Typhoon

    Play Episode Listen Later Jun 13, 2025 43:44


    Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 64: Volt TyphoonPub date: 2025-06-10Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhile cybersecurity threats targeting critical infrastructure, particularly focusing on the vulnerabilities of operational technology (OT) and industrial control systems (ICS).mostly originate on the business or IT side, there's increasing concern about attacks crossing into OT, which could result in catastrophic consequences, especially in centralized systems like utilities. Michael Welch,  managing director from MorganFranklin Cyber, discusses how Volt Typhoon and other attacks are living off the land, and lying in wait.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Claim @BEERISAC: CPS/ICS Security Podcast Playlist

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel