@BEERISAC: CPS/ICS Security Podcast Playlist

Follow @BEERISAC: CPS/ICS Security Podcast Playlist
Share on
Copy link to clipboard

A curated playlist of Cyber-Physical Systems and ICS Cyber Security related podcast episodes [any language] by ICS Security enthusiasts. Contact Anton Shipulin / @shipulin_anton on Twitter if something is missing.

Anton Shipulin / Listen Notes


    • Jul 30, 2025 LATEST EPISODE
    • daily NEW EPISODES
    • 37m AVG DURATION
    • 2,142 EPISODES


    Search for episodes from @BEERISAC: CPS/ICS Security Podcast Playlist with a specific topic:

    Latest episodes from @BEERISAC: CPS/ICS Security Podcast Playlist

    NIS2 and the Cyber Resilience Act (CRA) [The Industrial Security Podcast]

    Play Episode Listen Later Jul 30, 2025 53:55


    Podcast: The Industrial Security Podcast (LS 36 · TOP 3% what is this?)Episode: NIS2 and the Cyber Resilience Act (CRA) [The Industrial Security Podcast]Pub date: 2025-07-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationNIS2 legislation is late in many EU countries, and the new CRA applies to most suppliers of industrial / OT computerized and software products to the EU. Christina Kiefer, attorney at reuschlaw, walks us through what's new and what it means for vendors, as well as for owner / operators.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Dan Berte on Solar Grid and IoT Vulnerabilities

    Play Episode Listen Later Jul 29, 2025 32:21


    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Dan Berte on Solar Grid and IoT VulnerabilitiesPub date: 2025-07-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDan Berte, director of IoT security at Bitdefender, joins the Nexus Podcast to join his team's ongoing research into the security of solar grid inverters and three serious vulnerabilities uncovered in the popular Deye Solarman management platform.Dan discusses his team's research, the disclosure process, and the implications on green energy initiatives overall. With the growing popularity of these platforms, Berte cautions that attackers are going to continue to analyze their security for weaknesses and attempt to exploit them. Listen to the Nexus Podcast on your favorite podcast platform. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    EP 67: Collateral Damage

    Play Episode Listen Later Jul 26, 2025 23:27


    Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 67: Collateral DamagePub date: 2025-07-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOperational technology (OT) systems are no longer limited to nation-states; criminal groups and hacktivists now actively target these systems, often driven by financial or ideological motives. Kurt Gaudette, Vice President of Intelligence and Services at Dragos, explains why these systems might not even be the primary targets.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    The Double-Edged Sword of AI in Cybersecurity and Critical Infrastructure

    Play Episode Listen Later Jul 24, 2025 21:57


    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: The Double-Edged Sword of AI in Cybersecurity and Critical InfrastructurePub date: 2025-07-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this solo episode, host Aaron Crow takes us on a fast-paced journey through the latest critical developments in both IT and OT cybersecurity. Aaron breaks down the month's most pressing zero-day exploits, including high-profile attacks on Microsoft SharePoint and CrushFTP, and explores the implications of rapidly evolving threats - especially as attackers leverage AI for faster, more innovative hacks. But it's not all doom and gloom: Aaron dives into how AI is also becoming a game-changer for defense, from Google's use of AI agents to spot vulnerabilities ahead of attackers, to the promise (and dangers) of deepfake technology. He discusses new policy moves, like the FCC's proposal to ban Chinese tech in undersea internet cables and the US Coast Guard's push for cyber resilience in maritime infrastructure. Throughout the episode, Aaron offers strategic advice for organizations of all sizes - from patch management and digital twins to incident response plans designed for today's AI-driven threat landscape. Whether you're in cyber, tech, critical infrastructure, or just want to stay a step ahead, this episode is packed with actionable insights and timely analysis to boost your cyber resilience. Plug in for a conversation that's equal parts eye-opening and empowering! Key Moments;  01:20 High-Level Tactical Briefing 05:31 Digital Twin for System Security 09:39 Dual Role of Tools 12:00 Emergency Procedures Reminder 14:24 Challenges in OT System Integration 18:32 Deep Fake Detection and Response 20:12 "AI Persistence and Impact" Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Plant-Level Cyber Risk: Who's Actually Responsible?

    Play Episode Listen Later Jul 23, 2025 30:45


    Podcast: Industrial Cybersecurity InsiderEpisode: Plant-Level Cyber Risk: Who's Actually Responsible?Pub date: 2025-07-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino Busalachi and Craig Duckworth tackle one of the most overlooked threats in cybersecurity: the number of industrial vendors and system integrators in manufacturing environments. The conversation addresses the relationship and communication gap between IT and the teams responsible for designing and supporting industrial control systems. They emphasize the need for improved governance, enhanced vendor accountability, and clear ownership of cyber risk. Whether you're a CISO, CIO, or VP of Engineering, this episode offers actionable insight into bridging the IT/OT divide, securing plant floors, and building a cybersecurity strategy that works at the edge of your business.Chapters:00:00:00 - Kicking Off: Why Transparency in Cyber Matters00:00:43 - Who's Talking? Meet Craig & Dino00:01:05 - The Big Question: What's IT's Role in Industrial Security?00:01:35 - When Too Many Vendors = Chaos00:02:37 - How to Actually Secure OT Environments00:03:46 - Choosing the Right Partners (and Asking the Right Questions)00:12:37 - Why Cyber Teams Need Plant Floor Time00:14:24 - Getting Smarter: Use External Experts & Vendor Summits00:18:22 - IT Meets OT: Closing the Culture Gap00:30:03 - What Now? Practical Next Steps for CISOsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Vivek Ponnada on the Ongoing Maturity of OT Security

    Play Episode Listen Later Jul 22, 2025 35:55


    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Vivek Ponnada on the Ongoing Maturity of OT SecurityPub date: 2025-07-21Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT cybersecurity veteran Vivek Ponnada, SVP Growth & Strategy at Frenos, joins the Nexus Podcast to lend his expertise on the areas where he is seeing the most maturity and rapid evolution in the practice. Vivek explains the growing demand for contextual information to supplement the data organizations have around their known assets and vulnerabilities, for example. He also explains current risk prioritization and mitigation strategies, and how advanced technologies fit into the OT security landscape. Listen to the Nexus Podcast on your favorite podcast platform. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Vulnerability Overload: Making Prioritization Work in the Real World

    Play Episode Listen Later Jul 21, 2025 35:36


    Podcast: Critical Assets PodcastEpisode: Vulnerability Overload: Making Prioritization Work in the Real WorldPub date: 2025-07-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Patrick Miller speaks with Kylie McClanahan, CTO at Bastazo, about the practical (and often messy) realities of patch and vulnerability management in operational technology (OT) environments. Kylie shares grounded insights into patching challenges, the gaps between IT and OT remediation cycles, and the real-world implications of relying too heavily on scoring systems like CVSS.The conversation covers CISA's Known Exploited Vulnerabilities (KEV) catalog, exploring how it's being used (and possibly misused) in prioritization workflows, and where the disconnects lie between policy directives and operational feasibility. Kylie also critiques the current state of vendor responsiveness, machine-readable vulnerability disclosure (CSAF), and the importance of asset and exposure awareness.This episode is essential listening for practitioners wrestling with patching fatigue, program prioritization, and the tradeoffs between theoretical vulnerability data and applied security outcomes in critical infrastructure environments.Links:CISA KEV: https://www.cisa.gov/known-exploited-vulnerabilitiesCISA vulnrichment: https://github.com/cisagov/vulnrichmentVulnrichment, Year One: https://www.youtube.com/watch?v=g5pSVMnWD7kCISA SSVC: https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvcCarnegie Mellon SSVC: https://certcc.github.io/SSVC/CSAF: https://www.csaf.io/VulnCheck KEV: https://vulncheck.com/kevKylie McLanahan on LinkedIn: https://www.linkedin.com/in/kyliemcclanahan/Bastazo: https://bastazo.comThe podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Können Systeme zur Angriffserkennung zum Sicherheitsrisiko werden? | OT Security Made Simple

    Play Episode Listen Later Jul 19, 2025 23:49


    Podcast: OT Security Made SimpleEpisode: Können Systeme zur Angriffserkennung zum Sicherheitsrisiko werden? | OT Security Made SimplePub date: 2025-07-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationManuel Atug, Geschäftsführer der HiSolutions und Mitgründer der unabhängigen AG Kritis, hinterfragt kritisch und aus eigener Erfahrung, was ein SzA leisten muss, wie gut es um deren eigene Sicherheit steht und wie Anbietern aus dem nichteuropäischen Ausland mit den Daten umgehen. Als Bonus erfahren wir endlich, wo sein Social-Media-Handle HonkHase herkommt.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    The C-Suite's Role in Industrial Cybersecurity

    Play Episode Listen Later Jul 18, 2025 25:11


    Podcast: Industrial Cybersecurity InsiderEpisode: The C-Suite's Role in Industrial CybersecurityPub date: 2025-07-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Craig Duckworth and Dino Busalachi discuss the critical role of the C-suite in fortifying manufacturing environments against cyber threats. They discuss the unique challenges that manufacturing organizations face. Their conversation reinforces the importance of executive teams understanding and actively engaging in industrial OT cybersecurity strategies. With compelling arguments for a more involved C-suite, Craig and Dino explore the intersection of cybersecurity and operational efficiency. They emphasize the need for leadership to understand and lead the charge to ensure security for industrial control systems. This episode serves as a wake-up call for executives to embrace their role in protecting their companies from potential adverse events. This episode highlights the fact that cybersecurity is not just an IT issue but a foundational aspect of modern business resilience.Chapters:00:00:00 - Meet Dino and Craig00:01:47 - Deciphering Cybersecurity's Extensive Influence on Manufacturing Dynamics00:03:29 - Unpacking the Costs: The Stark Reality of Ignoring Cybersecurity00:04:08 - The Interplay Between Cyber Insurance, Liability, and Organizational Security00:05:07 - Charting the Course: Fundamental Actions for Cyber Resilience00:07:35 - Implementing Cybersecurity Measures: A Tactical Overview for Manufacturing Leaders00:10:54 - The Imperative of Continuous Monitoring in Mitigating Cyber Risks00:14:11 - Bridging the Divide: Fostering Collaboration Between IT and OT Teams00:17:06 - Cultivating Cyber-Aware Culture: Integrating Security into the Manufacturing DNA00:20:01 - Forward Momentum: Strategic Insights for Executive Leadership on Cybersecurity00:24:28 - Reflecting on the Imperatives of Cybersecurity in the Manufacturing SectorLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Gil Groskop VP Technology & Digital Transformation @Mekorot on moving tech forward & cyber by design

    Play Episode Listen Later Jul 17, 2025 54:22


    Podcast: ICS Cyber Talks PodcastEpisode: Gil Groskop VP Technology & Digital Transformation @Mekorot on moving tech forward & cyber by designPub date: 2025-07-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationפעמים אנחנו שוכחים שמים הם חלק מתעשיית המזון, האחריות של אספקת מים היא לא רק ברציפות האספקה בכול תנאי אלא גם עמידה בדרישות האיכות. בישראל קיימות שתי חברות תשתית גדולות כאשר מקורות היא אחת מהן עם אלפי אתרים ומערכות בקרה שפרוסות על פני כול המדינה. הצורך לאחד בין ביטחון פיזי לביטחון סייבר יחד עם הזרמת מידע בזמן אמת עד לאחרון העובדים היא אתגר שדורש תכנון ארוך טווח ומשאבים נחשון פינקו מארח את גיל גרוסקופ סמנכ"ל הטכנולוגיות והטרנספורמציה הדיגיטלית של חברת מקורות בשיחה על השינוי המז'ורי תפיסתי בכול הקשור לטכנולוגיה והגנת הסייבר בחברה בשנים האחרונות מה האתגר הטכנולוגי והאנושי שבהחלפת מערכות ישנות באלפי אתרים איך מגייסים את ההנהלה והדירקטוריון לתמוך בנושא הסייבר וההשקעות הנדרשות איך מנהלים עשרות פרויקטים גדולים בו זמנית והחשיבות של הגישה שיש לתת ביטוי לסייבר בכול שלב ועודThe podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Building IoT Trust: Budgeting, Community, and the Hacker Mindset with Ted Harrington

    Play Episode Listen Later Jul 15, 2025 32:14


    Podcast: IoT Security Podcast (LS 25 · TOP 10% what is this?)Episode: Building IoT Trust: Budgeting, Community, and the Hacker Mindset with Ted HarringtonPub date: 2025-07-14Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationTed Harrington (Founder of IoT Village, Executive Partner for Independent Security Evaluators, Author, Speaker, and Podcaster) examines the ongoing challenges and progress in IoT security, emphasizing how community initiatives, the hacker mindset, and business-oriented communication can drive real change in the industry. Ted and Phil Wylie discuss practical strategies for justifying security budgets to management, the value of offensive security, and the important role of education and community in strengthening defenses. Also highlighted are how IoT security is both improving and facing growing risks due to rapid expansion, and why viewing security as a competitive advantage is vital for organizations. Let's connect about IoT Security!Follow Phillip Wylie at https://www.linkedin.com/in/phillipwyliehttps://youtube.com/@phillipwylieThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Powering the Future: The Overlooked Cyber Risks in Our Expanding Electric Grid

    Play Episode Listen Later Jul 14, 2025 23:10


    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Powering the Future: The Overlooked Cyber Risks in Our Expanding Electric GridPub date: 2025-07-14Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow gets into one of the most pressing issues facing our future power grid: the explosive impact of AI, electric vehicles, and data centers on energy demand and what happens when cybersecurity gets left out of the equation.  As Texas and other states stare down a projected 50% surge in peak energy load by 2030, Aaron shares firsthand insights from his decades in the power utility industry and raises urgent questions about how we're building the next generation of critical infrastructure. From the logistical nightmare of charging a million electric cars in urban apartment complexes to the cold reality that most new power plants are being commissioned without cybersecurity in mind, Aaron pulls back the curtain on missed opportunities and potential threats.  Why isn't OT security part of major DOE planning reports? Who's responsible for managing cyber risks in this rapidly evolving landscape? And what's at stake if we don't build security into our systems from day one? If you're in IT, OT, operations, or simply care about keeping the lights on in our data-driven world, this is a conversation you don't want to miss. Tune in as Aaron calls for a united front: making cybersecurity a non-negotiable priority in the grid transformation ahead.   Key Moments:  01:12 "Urgent Power Capacity Boost by 2030" 05:21 Electric Car Charging Challenges 08:59 System Vulnerabilities and Design Flaws 10:01 Cybersecurity: Everyone's Responsibility 15:20 Complexity of Grid Black Start Process 18:53 Urgency in Tech and Power Security Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Network Duct Tape [The Industrial Security Podcast]

    Play Episode Listen Later Jul 12, 2025 64:25


    Podcast: The Industrial Security Podcast (LS 36 · TOP 3% what is this?)Episode: Network Duct Tape [The Industrial Security Podcast]Pub date: 2025-07-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationHundreds of subsystems with the same IP addresses? Thousands of legacy devices with no modern encryption or other security? Constant, acquisitions of facilities "all over the place" network-wise and security-wise? What most of us need is "network duct tape". Tom Sego of Blastwave shows us how their "duct tape" works.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    EP 66: Secure only the OT code that actually runs

    Play Episode Listen Later Jul 11, 2025 23:11


    Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 66: Secure only the OT code that actually runsPub date: 2025-07-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationMany organizations spend valuable security resources fixing vulnerabilities in code that never actually runs—an inefficient and often unnecessary effort. Jeff Williams, CTO and founder at Contrast Security, says that 62% of open source libraries included in software are never even loaded into memory, let alone executed. This means only 38% of libraries are typically active and worth prioritizing. The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Hiring for the Frontlines of Critical Infrastructure with Nathaniel Smith

    Play Episode Listen Later Jul 9, 2025 35:51


    Podcast: Bites & Bytes PodcastEpisode: Hiring for the Frontlines of Critical Infrastructure with Nathaniel SmithPub date: 2025-07-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhat does it take to build a cybersecurity workforce capable of protecting the systems that keep the lights on and food on our plates? In this episode, host Kristin Demoranville is joined by Nathaniel Smith, Co-Founder and VP at SR2, a purpose-driven recruitment firm. Nathaniel, who specializes in hiring OT/ICS, brings over 14 years of recruiting experience and a refreshing dose of honesty to the challenges of hiring in critical infrastructure. Together, they explore what makes a strong Operational Technology (OT) candidate, why culture fit matters as much as technical skills, and how broken hiring processes often keep the best people out. For sectors like food and agriculture, where operational technology is directly tied to safety, production, and public trust, getting the right people into the right roles isn't just important. It's essential. --------------- Show Notes: Mike Holcomb's Episode (here) SEC Ruling on Disclosure of Cyber Incidents (here)

    Breaking Down the IT-OT Wall: Why IT Cybersecurity Tools Fail on the Plant Floor

    Play Episode Listen Later Jul 9, 2025 24:25


    Podcast: Industrial Cybersecurity InsiderEpisode: Breaking Down the IT-OT Wall: Why IT Cybersecurity Tools Fail on the Plant FloorPub date: 2025-07-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino Busalachi and Craig Duckworth tackle a critical disconnect plaguing industrial organizations: the disconnect in understanding and communication between IT and OT regarding industrial cybersecurity. While some IT departments are investing in OT cybersecurity platforms, 85% of the data these tools collect is designed for OT teams to act upon. Unfortunately, plant floor personnel, system integrators, and OEMs working in these environments rarely get access to dashboards, asset inventories, or vulnerability reports.Organizations must move beyond the "oil and water" mentality between IT and OT. This means involving plant personnel in cybersecurity decisions, sharing data with trusted partners who "build the cars" (not just buy them), and recognizing that effective OT security requires collaboration with the people who live and breathe on the plant floor every day.Bottom Line: If you're not sharing cybersecurity data with your system integrators, OEMs, and plant operations teams, you're not practicing true IT-OT convergence. You're missing critical opportunities to improve your security posture where it matters most.Chapters:00:00:00 - Why Local Collaboration is Critical for Cybersecurity Success00:01:07 - Meet Dino and Craig: Experts in IT/OT Integration00:01:49 - Unpacking the Challenges of IT/OT Convergence00:02:28 - Why IT and OT Teams Often Struggle to Align00:04:48 - Building Collaborative Frameworks for Stronger Cybersecurity00:07:33 - The Role of CIOs and CISOs in Driving Change00:08:44 - Navigating the Complexities of Diverse Plant Environments00:10:23 - Partnering with Vendors to Enhance Security Outcomes00:11:16 - Key Questions to Evaluate System Integrators Effectively00:16:35 - Using Tabletop Exercises to Align IT and OT Teams00:22:20 - Closing Thoughts: Bridging the Divide for Unified CybersecurityLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    How AI Became the Ultimate Cybersecurity Blind Spot: Understanding the Microsoft 365 Copilot Vulnerability

    Play Episode Listen Later Jul 8, 2025 17:55


    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: How AI Became the Ultimate Cybersecurity Blind Spot: Understanding the Microsoft 365 Copilot VulnerabilityPub date: 2025-07-07Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow dives deep into the fast-evolving world of AI automation and its impact on cybersecurity. Aaron breaks down practical, real-world ways security professionals can leverage AI to streamline their workflows without breaking data loss prevention policies or putting proprietary information at risk.  From drafting reports and playbooks to automating repetitive tasks and managing vulnerability data, Aaron offers actionable advice for using both public AI tools like ChatGPT and more advanced private AI models. He also addresses common fears CISOs and business leaders have about unsanctioned AI use in the workplace and shares tips for staying safe and compliant while taking advantage of AI's efficiencies.  Whether you're in a large enterprise or a lean team with limited resources, you'll come away with a fresh perspective on how to use AI responsibly to work smarter and protect your organization. Plus, Aaron invites listeners to share their own creative AI use cases and lessons learned. Let's jump in and explore how to protect it all as AI advances. Key Moments :  01:20 AI's Rising Role in Media 03:22 Guidelines for Using AI Safely 07:06 "AI Integration and Automation Strategies" 10:03 Automating Windows Management Tasks 14:29 Exploring AI for Personal Tasks Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    The System Integrator's Role in Supporting OT Security

    Play Episode Listen Later Jul 4, 2025 32:38


    Podcast: Industrial Cybersecurity InsiderEpisode: The System Integrator's Role in Supporting OT SecurityPub date: 2025-07-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Craig Duckworth and Dino Busalachi discuss the critical but often overlooked or misunderstood role of system integrators (SIs) in industrial cybersecurity.Key Issues Identified:Organizations typically work with multiple specialized integrators across different facilities and systemsSome SIs lack cybersecurity expertise, focusing primarily on equipment functionalityEquipment can remain connected to networks for decades, with ownership and oversight changing hands over timeSystem integrators must exercise proper IT coordination to implement remote access solutions effectivelyRecommendations:IT and OT teams should collaborate more closely with system integrators on cybersecurity planningOrganizations need to evaluate their SIs' cybersecurity capabilities and partnershipsConsider standardizing on integrators with demonstrated cybersecurity practices and vendor certificationsApply the same due diligence used for IT vendor selection to OT system integratorsBottom Line: System integrators are essential partners in executing industrial cybersecurity strategies and protection. Organizations must actively engage them in security conversations and ensure they have the necessary skills and partnerships to implement secure solutions for their plant environments from the start.Chapters:00:00:00 - Real-World Ransomware Hits the Plant Floor00:00:52 - Meet the System Integrators Shaping Your OT Plant Floor Security00:01:17 - What System Integrators Really Do (and Don't)00:04:13 - Remote Access: The Hidden Backdoor Nobody Sees00:08:34 - Why Ongoing Monitoring Is Non-Negotiable00:13:30 - How to Pick the Right System Integrator For Your Operations00:26:17 - Building Strong Partnerships with Your IntegratorsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    The Evolution of Procurement in OT Security | OT Security Made Simple

    Play Episode Listen Later Jul 3, 2025 23:31


    Podcast: OT Security Made SimpleEpisode: The Evolution of Procurement in OT Security | OT Security Made SimplePub date: 2025-07-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of OT Security Made Simple, Klaus Mochalski and Søren Knudsen discuss the evolving landscape of OT security in light of current geopolitical tensions. They explore how procurement processes have shifted, the importance of evaluating a broader range of security solutions, and the risks associated with relying on specific vendors. The conversation emphasizes the need for organizations to conduct thorough research and consider local providers to mitigate risks effectively.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    How to Harness AI Without Breaking Security or Corporate Policies

    Play Episode Listen Later Jul 1, 2025 15:46


    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: How to Harness AI Without Breaking Security or Corporate PoliciesPub date: 2025-06-30Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow dives deep into the fast-evolving world of AI automation and its impact on cybersecurity. Aaron breaks down practical, real-world ways security professionals can leverage AI to streamline their workflows without breaking data loss prevention policies or putting proprietary information at risk.  From drafting reports and playbooks to automating repetitive tasks and managing vulnerability data, Aaron offers actionable advice for using both public AI tools like ChatGPT and more advanced private AI models. He also addresses common fears CISOs and business leaders have about unsanctioned AI use in the workplace and shares tips for staying safe and compliant while taking advantage of AI's efficiencies.  Whether you're in a large enterprise or a lean team with limited resources, you'll come away with a fresh perspective on how to use AI responsibly to work smarter and protect your organization. Plus, Aaron invites listeners to share their own creative AI use cases and lessons learned. Let's jump in and explore how to protect it all as AI advances. Key Moments :  01:20 AI's Rising Role in Media 03:22 Guidelines for Using AI Safely 07:06 "AI Integration and Automation Strategies" 10:03 Automating Windows Management Tasks 14:29 Exploring AI for Personal Tasks Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Pedro Umbelino on Exploiting ATG Devices in Fuel Storage

    Play Episode Listen Later Jun 29, 2025 27:14


    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Pedro Umbelino on Exploiting ATG Devices in Fuel StoragePub date: 2025-06-29Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationPedro Umbelino, Principal Research Scientist at Bitsight Technologies, joins the Nexus Podcast to discuss his team's research into Automatic Tank Gauge (ATG) systems and how they uncovered 11 vulnerabilities in ATGs manufactured by five different vendors. ATG systems are an industrial control system that monitors fuel levels inside storage tanks, including those at gasoline stations, military bases, hospitals, airports, and elsewhere. ATGs track fuel levels, and are meant to detect leaks, help with inventory management, and are key in regulatory compliance efforts.The vulnerabilities uncovered by Pedro and his team expose these systems to catastrophic risks, from environmental hazards to significant economic losses, including physical damage.Worse yet is that these systems are old and challenging to update. Read Bitsight's research here.Listen to the Nexus Podcast on your favorite podcast platform. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    EP 65: Hacking Critical Infrastructure Through Supply Chains

    Play Episode Listen Later Jun 28, 2025 30:22


    Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 65: Hacking Critical Infrastructure Through Supply ChainsPub date: 2025-06-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCritical Infrastructure software lacks the strict liability standards found in industries like automotive manufacturing, leading to minimal accountability for insecure products when they get exploited.  Alex Santos, CEO of Fortress Information Security, explains how they're typically hired by buyers of ICS equipment—such as utilities—to assess and mitigate supply chain risks, including working with OEMs to improve security.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    When IT Cyber Events Bring Down the Plant Floor

    Play Episode Listen Later Jun 27, 2025 29:47


    Podcast: Industrial Cybersecurity InsiderEpisode: When IT Cyber Events Bring Down the Plant FloorPub date: 2025-06-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCraig and Dino break down how cyberattacks that start in traditional IT systems can shut down entire manufacturing production lines, leading to massive financial losses. Using real-world examples like UNFI's $500 million drop in market value in 60 hours, they explain how overlooked connections between IT and the OT plant floor are often the weakest links. You'll hear why simply installing firewalls isn't enough, how organizational silos between IT and operations cause major blind spots, and what it really takes to secure industrial equipment. Whether you're in leadership, technology, or operations, this episode will change how you think about cyber risk and business continuity in connected environments.Chapters:00:00:00 - Introduction: Where Responsibility Ends and Authority Doesn't Begin00:01:08 - Meet Your Guides: Dino & Craig On the Frontlines00:01:14 - When Cyber Hits the Plant Floor00:01:28 - Real-World Wake-Up: The Unify IT Incident00:02:36 - The Gaps No One's Watching in OT Security00:03:18 - How Org Structure Can Make or Break Cyber Defense00:04:03 - Plugging in OT Visibility: IDS in Action00:04:43 - Who's Really Calling the Shots—Corporate or the Plant?00:07:02 - IT-OT Convergence: What Leaders Must Understand00:13:14 - Building Cyber Defense That Actually Works00:15:25 - Recovery Starts Before the Breach00:17:37 - Why IT Alone Can't Fix OT Problems00:24:55 - Just Getting Started? Here's What to Do First00:28:33 - Final Word: You Can't Secure OT AloneLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Driving OT Security Innovation: AI, Risk Reduction, and the Future of Critical Infrastructure

    Play Episode Listen Later Jun 26, 2025 68:02


    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Driving OT Security Innovation: AI, Risk Reduction, and the Future of Critical InfrastructurePub date: 2025-06-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome back to Protect It All! In this episode, host Aaron Crow sits down with longtime friend and OT cybersecurity veteran Brian Proctor for a deep dive into the current state—and future—of the OT cyber landscape. Together, they trade stories from the front lines, reflecting on how their early experiences as asset owners shaped their passion for innovation and helping critical infrastructure run safely and securely. Brian, whose career spans roles from OT engineer to startup co-founder, opens up about his journey—highlighting his drive to push the boundaries of traditional OT security and the evolution of key industry technologies. The conversation explores everything from the persistent lack of innovation in OT, to AI's growing role in tackling the daunting challenges of risk reduction, visibility, and scaling assessments across sprawling environments. If you've ever wondered how new tech like AI is reshaping industrial cybersecurity, why “we've always done it this way” just doesn't cut it anymore, or how organizations can realistically stay ahead without breaking the bank, this episode delivers honest insights, practical advice, and a look toward an exciting, if sometimes daunting, future. So grab your headphones and settle in as Aaron and Brian share stories, hot takes, and strategies designed to protect it all—because in critical infrastructure, the stakes have never been higher. Key Moments:  06:45 OT Cyber Industry Evolution 11:57 Evolving Challenges in OT Security 19:34 Bridging the OT Security Skills Gap 21:54 Enhancing OT Security Understanding 30:46 AI Model Security Challenges 34:26 Rapid Scaling for Site Assessments 40:56 Simulating Cyber Threat Responses 47:19 Operational Priorities: Equipment vs. Cyber Tools 49:30 Focus on Meaningful Security Metrics 56:30 Rapid AI Adoption vs. Internet 01:02:12 Cybersecurity: Small Targets are Vulnerable About the guest :  Brian Proctor is a cybersecurity leader with over 20 years of experience protecting critical infrastructure across energy, industrial automation, and operational technology sectors. As the co-founder and CEO of Frenos, he empowers critical infrastructure operators to proactively secure their environments against evolving cyber threats. Brian built his foundation in ICS/OT cybersecurity during his 13+ year tenure at two progressive California Investor Owned Utilities, San Diego Gas & Electric and Southern California Edison serving the 2nd and 8th largest cities in the United States. He managed a team of 15 security engineers and researchers across 150+ projects, established OT security roadmaps, and co-invented an R&D Magazine Top 100 award-winning GPS anti-spoofing mitigation technology that earned him a patent. Brian has published IEEE papers on security monitoring, served as Critical Infrastructure Co-Chair for Securing Our eCity, and regularly speaks at conferences to educate and build the ICS/OT cybersecurity community. He holds technical certifications including GICSP, CISSP, and CRISC, along with a Business Administration degree from the University of San Diego. Links:  https://frenos.io/services - Learn more about Optica, the industry's first tech-enabled rapid OT visibility service  https://frenos.io/autonomous-ot-security-assessment-platform - Learn more about how to automate OT security risk assessments Connect Brian : https://www.linkedin.com/in/brianproctor67/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    4/4 Desenlace incorporando ciberseguridad en el diseño de tecnología industrial

    Play Episode Listen Later Jun 25, 2025 18:13


    Podcast: Casos de Ciberseguridad IndustrialEpisode: 4/4 Desenlace incorporando ciberseguridad en el diseño de tecnología industrialPub date: 2025-06-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn este episodio se muestran recomendaciones para quien esté empezando a considerar la ciberseguridad como parte del desarrollo de una nueva tecnología y cambios estructurales o culturales necesarios para seguir avanzando.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Steven Sim on OT-ISAC and the State of Information Sharing

    Play Episode Listen Later Jun 24, 2025 43:08


    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Steven Sim on OT-ISAC and the State of Information SharingPub date: 2025-06-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSteven Sim, Chair of the OT-ISAC Advisory Committee, joins the Nexus Podcast to catch us up on the ISAC's activities, and some of the upcoming community-driven initiatives sponsored by the group. Steven shares the processes by which member organizations share incident, threat, and vulnerability information. He also discusses how member organizations contribute and participate in discussions and events that level up the maturity of cybersecurity practices within OT asset-heavy enterprises. Listen to the Nexus Podcast on your favorite podcast platform.The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    AI-Native OT Security with FRENOS' Harry Thomas and Colin Murphy

    Play Episode Listen Later Jun 23, 2025 38:27


    Podcast: Secure Insights with NDK CyberEpisode: AI-Native OT Security with FRENOS' Harry Thomas and Colin MurphyPub date: 2025-06-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSend us a textThis week on Secure Insights, we're joined by FRENOS Founder Harry Thomas and Chief Hacking Officer Colin Murphy. Frenos is an innovative organisation revolutionising OT security through the use of AI and next-generation tech. In this episode, we shine a light on some of the most overlooked challenges in the OT space, exploring whether the traditional ways of assessing risk still hold up, and how scalable the Frenos approach really is. We dive into what's working, what's not, and where the future of OT security is headed. From critical vulnerabilities to smarter, AI-driven solutions, we unpack it all giving you real insight into where businesses are falling short, where they're leading the charge, and what needs to change to secure our infrastructure for the long haul.Get in touch with host James hereGet in touch with Harry here.Get in touch with Colin here.The podcast and artwork embedded on this page are from NDK Cyber, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Wer ist für die Cybersicherheit der Windparks verantwortlich? | OT Security Made Simple

    Play Episode Listen Later Jun 22, 2025 25:09


    Podcast: OT Security Made SimpleEpisode: Wer ist für die Cybersicherheit der Windparks verantwortlich? | OT Security Made SimplePub date: 2025-06-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationMohamed Harrou erklärt als OT-Sicherheitsingenieur beim Energieversorger Amprion den Mehrwert von OT-Sicherheit in Windparks und PV-Anlagen. Mit seinem 12 Jahren Erfahrung im Bereich erneuerbarer Energieanlagen liefert er praxisnahe Einblicke zu den technologischen und organisatorischen Herausforderungen moderner Windparks und gibt eine überraschende und eher beunruhigende Antwort auf die Frage nach den Verantwortlichkeiten. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Sarah Fluchs on the Cyber Resilience Act

    Play Episode Listen Later Jun 21, 2025 37:46


    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Sarah Fluchs on the Cyber Resilience ActPub date: 2025-06-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCybersecurity and technology expert Sarah Fluchs joins the 100th episode of the Nexus Podcast to discuss the EU's Cyber Resilience Act and what it means for manufacturers of "products with digital elements" as they aim toward a 2027 compliance deadline. Sarah provides her insight on the regulation's essential requirements, its focus on secure-by-design and overall cyber resilience of products, and the milestones manufacturers need to hit as their compliance efforts get under way. Sarah also discusses her thought leadership and work in bringing cybersecurity to engineers, asset operators, and other non-security teams. It's important, she says, to eliminate cybersecurity's innate complexity and bring these concepts to engineers and others on their terms. Listen to the Nexus Podcast on your favorite podcast platform.The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Credibility, not Likelihood [The Industrial Security Podcast]

    Play Episode Listen Later Jun 20, 2025 53:05


    Podcast: The Industrial Security Podcast (LS 36 · TOP 3% what is this?)Episode: Credibility, not Likelihood [The Industrial Security Podcast]Pub date: 2025-06-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSafety defines cybersecurity - Kenneth Titlestad of Omny joins us to explore safety, risk, likelihood, credibility, and deterministic / unhackable cyber defenses - a lot of it in the context of Norwegian offshore platforms.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    When CISOs Inherit the Plant Floor: What Happens Next?

    Play Episode Listen Later Jun 19, 2025 28:50


    Podcast: Industrial Cybersecurity InsiderEpisode: When CISOs Inherit the Plant Floor: What Happens Next?Pub date: 2025-06-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhat happens when the CISO inherits responsibility for the security of the plant floor?Dino and Craig discuss a growing trend: CISOs are being expected to oversee cybersecurity for industrial plant floors. Unfortunately, they don't have the background to effectively take on this responsibility.A perpetuating trend exists where cybersecurity leaders are expected to protect factories and industrial assets without the authority, tools, or support to do so effectively.In this conversation, Dino and Craig explain why traditional IT security approaches don't work in these environments, and how things like outdated equipment, disconnected systems, and outside vendors make the challenge even harder. From weak remote access tools to the confusion around who actually manages plant security, this episode shines a light on the hidden risks most companies overlook.Whether you're in IT, operations, or a leadership role, you'll walk away with a better understanding of how to approach cybersecurity in complex industrial settings.You'll also gain insights into the steps you can take to protect your people, your technology, and your bottom line.Chapters:00:00:00 - Kicking Off: Smart Tool Choices Start Here00:01:02 - When CISOs Inherit the Factory Floor00:02:17 - Making Friends with OEMs and Integrators00:04:47 - Why OT Security Is a Whole Different Beast00:08:50 - Cyber Budgets: Where's the Money Really Coming From?00:13:10 - How to Actually Roll Out Security in the Plant00:18:35 - VPNs Aren't Enough: Fixing Remote Access00:24:42 - What OT Incident Response Really Looks Like00:27:17 - Wrapping It Up: Strategy, Buy-In, and What's NextLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Inside OT Penetration Testing: Red Teaming, Risks, and Real-World Lessons for Critical Infrastructure with Justin Searle

    Play Episode Listen Later Jun 18, 2025 54:21


    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Inside OT Penetration Testing: Red Teaming, Risks, and Real-World Lessons for Critical Infrastructure with Justin SearlePub date: 2025-06-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow sits down with OT security expert Justin Searle, Director of ICS Security at InGuardians, for a deep dive into the ever-evolving world of OT and IT cybersecurity.  With over 25 years of experience, ranging from hands-on engineering and water treatment facilities to red-team penetration testing on critical infrastructures such as airports and power plants, Justin brings a wealth of insight and real-world anecdotes. This episode unpacks what it really takes to assess and secure operational technology environments. Whether you're a C-suite executive, a seasoned cyber pro, or brand new to OT security, you'll hear why network expertise, cross-team trust, and careful, collaborative engagement with engineers are so crucial when testing high-stakes environments. Aaron and Justin also discuss how the industry has matured, the importance of dedicated OT cybersecurity teams, and why practical, people-first approaches make all the difference, especially when lives, reliability, and national infrastructure are on the line. Get ready for actionable advice, hard-earned lessons from the field, and a candid look at both the progress and the ongoing challenges in protecting our most critical systems.   Key Moments:  05:55 Breaking Into Cybersecurity Without Classes 09:26 Production Environment Security Testing 13:28 Credential Evaluation and Light Probing 14:33 Firewall Misconfiguration Comedy 19:14 Dedicated OT Cybersecurity Professionals 20:50 "Prioritize Reliability Over Latest Features" 24:18 "IT-OT Convergence Challenges" 29:04 Patching Program and OT Security 32:08 Complexity of OT Environments 35:45 Dress-Code Trust in Industry 38:23 Legacy System Security Challenges 42:15 OT Cybersecurity for IT Professionals 43:40 "Building Rapport with Food" 47:59 Future OT Cyber Risks and Readiness 51:30 Skill Building for Tech Professionals   About the Guest :  Justin Searle is the Director of ICS Security at InGuardians, specializing in ICS security architecture design and penetration testing.  He led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played critical roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP).     Justin has taught hacking techniques, forensics, networking, and intrusion detection courses for multiple universities, corporations, and security conferences.  His current courses at SANS and Black Hat are among the world's most attended ICS cybersecurity courses.  Justin is currently a Senior Instructor for the SANS Institute and a faculty member at IANS. In addition to electric power industry conferences, he frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, HITBSecConf, Brucon, Shmoocon, Toorcon, Nullcon, Hardware.io, and AusCERT.     Justin leads prominent open-source projects, including The Control Thing Platform, Samurai Web Testing Framework (SamuraiWTF), and Samurai Security Testing Framework for Utilities (SamuraiSTFU).  He has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), Web Application Penetration Tester (GWAPT), and GIAC Industrial Control Security Professional (GICSP)   How to connect Justin:  https://www.controlthings.io https://www.linkedin.com/in/meeas/ Email: justin@controlthings.io Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    3/4 Acciones Incorporando ciberseguridad en el diseño de tecnología industrial

    Play Episode Listen Later Jun 17, 2025 16:23


    Podcast: Casos de Ciberseguridad IndustrialEpisode: 3/4 Acciones Incorporando ciberseguridad en el diseño de tecnología industrialPub date: 2025-06-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn este episodio se muestran las medidas o buenas prácticas para implementar la ciberseguridad durante el diseño, implementación y puesta en marcha de tecnologías además de herramientas o metodologías que se utilizan.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Reflections from the Front Lines of Industrial Cyber Failures

    Play Episode Listen Later Jun 16, 2025 21:58


    Podcast: Industrial Cybersecurity InsiderEpisode: Reflections from the Front Lines of Industrial Cyber FailuresPub date: 2025-06-12Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this rewind episode, cybersecurity leaders revisit some of the hardest-hitting truths about protecting critical infrastructure in an increasingly converged IT/OT world. This conversation explores the disconnect between IT theory and OT reality, from the real-world fallout of the CrowdStrike disruption to the challenges of virtual patching, insider threats, and the cloud's role on the plant floor. The discussion exposes how legacy systems, poor collaboration, alert fatigue, and vendor dependency continue to sabotage industrial cybersecurity. They discuss tactical strategies for improving, from asset inventory and patching hygiene to choosing the right partners and walking the plant floor.Chapters:00:00:00 - Cyber threats are moving faster than your patch cycle00:00:47 - Crowdstrike, Virtual Patching and Industrial OT Environments with Debbie Lay, TXOne Networks00:07:48 - The #1 Myth Putting Your Industrial OT Assets at Risk00:15:01 - Patch Management and Software Updates: IT versus OTLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Modern SCADA: ensuring safety, relevance and convenience

    Play Episode Listen Later Jun 14, 2025 13:51


    Podcast: Control Amplified: The Process Automation Podcast (LS 25 · TOP 10% what is this?)Episode: Modern SCADA: ensuring safety, relevance and conveniencePub date: 2025-06-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSCADA applications are responsible for far more than facilitating real-time process monitoring and alarm management. The process history they compile over time is critical to providing the data-driven insights that industry relies on when optimizing their systems to control costs, maximize uptime and increase the life of infrastructure. Modern SCADA systems must ensure data is safe, relevant and easily shareable with a company's own team or third-party reporting solutions, business systems and artificial intelligence (AI) platforms. Control Amplified talked to Chris Little, media relations director, Trihedral Engineering, about straightforward principles to ensure that your SCADA data is ready to go to work.The podcast and artwork embedded on this page are from ControlGlobal, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    EP 64: Volt Typhoon

    Play Episode Listen Later Jun 13, 2025 43:44


    Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 64: Volt TyphoonPub date: 2025-06-10Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhile cybersecurity threats targeting critical infrastructure, particularly focusing on the vulnerabilities of operational technology (OT) and industrial control systems (ICS).mostly originate on the business or IT side, there's increasing concern about attacks crossing into OT, which could result in catastrophic consequences, especially in centralized systems like utilities. Michael Welch,  managing director from MorganFranklin Cyber, discusses how Volt Typhoon and other attacks are living off the land, and lying in wait.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Episode 314 Deep Dive: Imran Husain | Cybersecurity Threats in the Manufacturing World

    Play Episode Listen Later Jun 13, 2025 41:00


    Podcast: KBKAST (LS 31 · TOP 5% what is this?)Episode: Episode 314 Deep Dive: Imran Husain | Cybersecurity Threats in the Manufacturing WorldPub date: 2025-06-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, we sit down with Imran Husain, Chief Information Security Officer at MillerKnoll, as he discusses the evolving landscape of cybersecurity threats in the manufacturing sector. Imran explores the challenges that arise as manufacturing increasingly integrates with online technologies and IoT, highlighting the unique vulnerabilities posed by legacy systems and operational technology (OT). He shares insights on high-profile incidents like the Norsk Hydro ransomware attack, emphasizing the importance of cyber resilience, data backup, and incident recovery. Imran also offers a candid look at why critical tasks like backing up data are often neglected, the complexities of securing aging infrastructure, and the need for creative solutions such as network segmentation and IT/OT convergence. A dedicated and trusted senior Cyber security professional, Imran Husain has over 22 years of Fortune 1000 experience that covers a broad array of domains which includes risk management, cloud security, SecDevOps, AI Security and OT Cyber practices. A critical, action-oriented leader Imran brings strategic and technical expertise with a proven ability to build cyber program to be proactive in their threat detection, identifying and engaging in critical areas to the business while upholding their security posture. He specializes in Manufacturing and Supply Chain Distribution focusing on how to best use security controls and processes to maximize coverage and reduce risk in a complex multi-faceted environment. A skilled communicator and change agent with bias to action who cultivates an environment of learning and creative thinking, Imran champions open communication and collaboration to empower and inspire teams to exceed in their respective cyber commitments. He is currently the Global Chief Information Security Officer (CISO) at MillerKnoll, a publicly traded American company that produces office furniture, equipment, and home furnishings.The podcast and artwork embedded on this page are from KBI.Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Breaking In to Break Things: Practical Paths to Hardware Hacking and IoT Security

    Play Episode Listen Later Jun 12, 2025 33:14


    Podcast: IoT Security Podcast (LS 24 · TOP 10% what is this?)Episode: Breaking In to Break Things: Practical Paths to Hardware Hacking and IoT SecurityPub date: 2025-06-10Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationHash Salehi, Reserve Engineer and Founder of RECESSIM, joins host Philip Wylie to demystify the world of hardware hacking and security, highlighting niche but critical vulnerability research in IoT and embedded devices. Through recounting his own experiences, from customizing low-cost fault injection attacks on automotive microprocessors to reverse engineering smart meters, Hash shares both successes and frustrations from the front lines of hands-on security assessment. The conversation aims to inspire and equip listeners who want to explore or deepen their understanding of hardware security by surfacing resources, communities, and the mindset necessary to uncover vulnerabilities beyond software.Links:http://www.recessim.com/https://wiki.recessim.com/https://www.youtube.com/c/RECESSIM Let's connect about IoT Security!Follow Phillip Wylie at https://www.linkedin.com/in/phillipwyliehttps://youtube.com/@phillipwylieThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Old Systems, New Threats

    Play Episode Listen Later Jun 12, 2025 31:09


    Podcast: Hack the Plant (LS 35 · TOP 3% what is this?)Episode: Old Systems, New ThreatsPub date: 2025-06-10Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationBryson Bort is joined by Jim Montgomery, Director, Industrial Cybersecurity Solutions at TXOne Networks. TXOne provides network-based and endpoint-based products to tackle security vulnerabilities across industrial environments. With decades of IT security experience, Jim now leads TXOne's work protecting Operational Technology environments across critical sectors like automotive, oil and gas, pharma, manufacturing, and semiconductors.How can we defend against threats that are already embedded within our systems? What are the most immediate and significant risks facing our critical infrastructure today? And how can operators begin to secure their networks? “Let's start with the basics. Let's start with understanding. Let's start with making it hard to get into your environment, and let's start discouraging that type of behavior from attacking your environment,” Jim said. Join us for this and more on this episode of Hack the Plan[e]t. The views and opinions expressed in this podcast represent those of the speaker, and do not necessarily represent the views and opinions of their employers. Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology.The podcast and artwork embedded on this page are from Bryson Bort, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    From Y2K to 2038: Uncovering Time Bombs in OT and ICS Systems with Pedro Umbelino

    Play Episode Listen Later Jun 11, 2025 67:03


    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: From Y2K to 2038: Uncovering Time Bombs in OT and ICS Systems with Pedro UmbelinoPub date: 2025-06-09Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Protect It All, host Aaron Crow welcomes Pedro Umbelino, Principal Research Scientist at BitSight, for an insightful and lively conversation recorded shortly after they met at RSA. Pedro shares stories of his early days in computing, from scavenging parts as a kid to teaching himself programming on a ZX Spectrum. The discussion quickly dives into critical cybersecurity issues across the interconnected worlds of IT and OT, focusing on dramatic vulnerabilities in Automatic Tank Gauges (ATGs) at gas stations—exposing ways attackers could cause significant physical damage and even spark major operational disruptions, all through insecure legacy protocols.   Pedro also brings attention to a ticking time bomb: the “Year 2038” problem, where millions (if not billions) of 32-bit systems might fail due to an epoch time rollover—an issue that could have consequences reminiscent of Y2K, but on a potentially broader scale, especially for OT and critical infrastructure.   Throughout the episode, Aaron and Pedro share practical strategies, lessons from the field, and the sobering reminder that many of these vulnerabilities are still lurking below the surface. The conversation highlights the importance of awareness, collaboration across industry and ISPs, and a proactive approach to understanding and hardening both new and legacy systems. Whether you're an OT engineer, a security researcher, or just curious about what it means to truly “protect it all,” this episode offers a fascinating look at the evolving landscape of digital and physical security risks.   Key Moments: 06:37 Letting Go of Old Memories 15:12 Refueling Spill Risks Concern Technicians 17:37 Understanding Risks Beyond Fear 23:24 Internet Exposure Risks for OT Devices 32:17 Global Cyber Incident Response Challenges 35:30 Legacy System Challenges 39:19 Unidentified Cyber Assets Risk 48:41 "Understanding the Apocalypse Project's Challenges" 49:31 Testing System Vulnerabilities at Scale 55:12 Tech Vulnerabilities Analogous to Y2K 01:03:08 Challenges in OT Modernization   About the Guest: Pedro Umbelino currently holds the position of Principal Research Scientist at Bitsight Technologies and brings over a decade of experience in dedicated security research. ⁤His eclectic curiosity has led to the uncovering of vulnerabilities spanning a gamut of technologies, highlighting critical issues in multiple devices and software, ranging from your everyday smartphone to household smart vacuums, from the intricacies of HTTP servers to the nuances of NFC radio frequencies, from vehicle GPS trackers to protocol-level denial of service attacks.  Pedro is committed to advancing cybersecurity knowledge and has shared his findings at prominent conferences, including Bsides Lisbon, DEF CON, Hack.lu and RSA. How to connect Pedro : LinkedIn: https://www.linkedin.com/in/pedroumbelino/X: https://x.com/kripthorWebsite: https://www.bitsight.com/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    2/4 Análisis Incorporando ciberseguridad en el diseño de tecnología industrial

    Play Episode Listen Later Jun 9, 2025 22:18


    Podcast: Casos de Ciberseguridad IndustrialEpisode: 2/4 Análisis Incorporando ciberseguridad en el diseño de tecnología industrialPub date: 2025-06-09Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSe analiza cuáles son los principales momentos del ciclo de vida del desarrollo de una tecnología industrial y cuándo se debe incorporar la ciberseguridad y otros requisitos.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    What Every CISO Gets Wrong About OT Security

    Play Episode Listen Later Jun 6, 2025 20:51


    Podcast: Industrial Cybersecurity InsiderEpisode: What Every CISO Gets Wrong About OT SecurityPub date: 2025-06-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino and Craig tackle one of the most misunderstood topics in industrial cybersecurity: IT/OT convergence. But is it truly convergence or more of a collision? Drawing from real-world experiences, they challenge the idea that OT is a “shadow IT group” and argue that operational technology deserves distinct governance, funding, and strategic influence. From secure-by-design to system integrators' evolving role, this conversation is a call to action for CISOs, CIOs, and engineering leaders to rethink how they build cybersecurity partnerships across the plant floor.Chapters:00:00:00 - Opening Shot: Who's Really in Charge—CIOs or the Plant Floor?00:00:57 - Collision Course: IT and OT Can't Keep Dodging Each Other00:01:52 - Two Worlds, One Mission: Why OT Isn't Just “IT in a Hard Hat”00:04:07 - When Convergence Fails: What's Missing in the Middle00:05:54 - Breaking Silos: Why Cybersecurity Demands True Collaboration00:08:22 - Real Talk: What Cyber Protection Looks Like on the Plant Floor00:10:46 - OT's Tipping Point: Will the Next Move Come from IT, or the Shop Floor?00:17:32 - Your Move: What Leaders Must Do Next (Before It's Too Late)Links And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    What do we need to deter insider threats? | OT Security Made Simple

    Play Episode Listen Later Jun 5, 2025 27:29


    Podcast: OT Security Made SimpleEpisode: What do we need to deter insider threats? | OT Security Made SimplePub date: 2025-06-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationMandana White, CEO of Smart Grid Forums, talks about the rise of insider threats to a company's cybersecurity and what it has to do with the cost-of-living crisis as well as the Western Robin Hood mentality. Diving a bit into societal psychology and politics there might even be a bit to learn from – of all places – Dubai to get IT and OT cybersecurity working in both companies and society.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Building Trust and Bridging the Gap in OT and IT Cybersecurity

    Play Episode Listen Later Jun 4, 2025 60:38


    Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Building Trust and Bridging the Gap in OT and IT CybersecurityPub date: 2025-06-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow sits down with Dean Parsons, one of the most recognized names in the OT and industrial control systems (ICS) security world, for a candid and insightful conversation.   Join Aaron and Dean as they explore what it truly takes to bridge the worlds of IT and OT. Drawing from decades of industry experience, their discussion covers everything from building trust across teams, to the superpower of understanding both operational technology and cybersecurity. Expect real-world stories, practical advice on breaking into OT cybersecurity, and memorable lessons from the plant floor to the boardroom.   They also break down what makes OT security fundamentally different from traditional IT approaches, why risk-based strategies are essential, and how building relationships, sometimes over donuts and coffee—can be just as important as deploying firewalls and patching systems. Whether you're new to ICS and OT security, or a seasoned defender looking for fresh perspective, this episode brings actionable tips, honest assessments, and inspiration to help you better protect what matters most.   So grab your hard hat (and maybe a box of donuts!), and get ready for a masterclass on collaboration, building skills, and why trust is the real currency in the fight to secure our critical infrastructure.   Key Moments:    05:32 Listening Over Speaking in Legacy Spaces 07:01 IT Security Teamwork and Trust 11:21 Cost-Efficient ICS Security Solutions 15:42 Converging Skill Sets in IT Security 17:36 OT vs IT: Different Risks 22:28 Prioritizing Post-Assessment Actions 23:20 Prioritize SANS ICS Critical Controls 29:31 Engineering Perspective on Critical Assets 30:47 Detecting Misuse of Control Systems 35:52 Collaborative Incident Response Dynamics 39:03 Remote Hydroelectric Plant Journey 40:45 Building Trust with Baked Goods 44:55 "Safety Crucial in Facility Disruptions" 48:50 ICS Security: Closing Safety Gaps 53:37 Enhancing ICS Security Controls 57:18 "ICS Summit and LinkedIn Activities"   About the guest :  Dean is the CEO and Principal Consultant of ICS Defense Force and brings over 20 years of technical and management experience to the classroom. He has worked in both Information Technology and Industrial Control System (ICS) Cyber Defense in critical infrastructure sectors such as telecommunications, electric generation, transmission, distribution, and oil & gas refineries, storage, and distribution, and water management. Dean is an ambassador for defending industrial systems and an advocate for the safety, reliability, and cyber protection of critical infrastructure. His mission as an instructor is to empower each of his students, and he earnestly preaches that “Defense is Do-able!”    Over the course of his career, Dean's accomplishments include establishing entire ICS security programs for critical infrastructure sectors, successfully conducting industrial-grade incident response and tabletops, ICS digital forensics, and ICS/OT Cybersecurity assessments across multiple sectors. As a SANS Principal Instructor, Dean teaches ICS515: ICS Visibility, Detection, and Response, is a co-author of the SANS Course ICS418: ICS Security Essentials for Managers and an author of SANS ICS Engineer Technical Awareness Training. Dean is a member of the SANS GIAC Advisory Board and holds many cybersecurity professional certifications including the GICSP, GRID, GSLC, and GCIA, as well as the CISSP®, and holds a BS in computer science. When not in the field, Dean spends tine chasing icebergs off the coast of Newfoundland on a jetski, or writing electric 80s inspired electronic music in this band Arcade Knights.   Resources Mentioned:  5 ICS Cybersecurity Critical Controls: https://www.sans.org/white-papers/five-ics-cybersecurity-critical-controls/ SANS ICS Cybersecurity Summit: https://www.sans.org/cyber-security-training-events/ics-security-summit-2025/ How to connect Dean:  https://www.linkedin.com/in/dean-parsons-cybersecurity/ https://www.sans.org/profiles/dean-parsons/ Dean's Book: https://www.amazon.com/ICS-Cybersecurity-Field-Manual-EXCLUSIVE/dp/B0CGG6GMHW/   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Episode 298: The Blackout, Critical Infrastructures, and Cybersecurity

    Play Episode Listen Later Jun 3, 2025 6:17


    Podcast: CiberAfterWork: ciberseguridad en Capital RadioEpisode: Episode 298: The Blackout, Critical Infrastructures, and CybersecurityPub date: 2025-06-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThis episode discusses the major power blackout in Spain, analyzing if it could have been caused by a cyberattack, although market consensus discards this possibility. It also reflects on the vulnerability of critical infrastructures to such events. The program also details the rapid appearance of cyber scams related to the blackout, demonstrating the adaptability of cybercriminals. Subsequently, the program presents a DNS-based security solution (Flash Start) to protect web browsing in companies and on devices, emphasizing its ease of installation and customization. Finally, it reports on a ransomware cyberattack on the Ayuntamiento de Badajoz and the dismantling by the FBI of a "Fishing as a Service" platform, highlighting the importance of prevention, detection, and response in cybersecurity. Twitter: @ciberafterwork Instagram: @ciberafterwork Panda Security: https://www.pandasecurity.com/es/ +info: https://psaneme.com/ https://bitlifemedia.com/ https://www.vapasec.com/ VAPASEC https://www.vapasec.com/ https://www.vapasec.com/webprotection/The podcast and artwork embedded on this page are from psaneme, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Episodio 298: El Apagón, las Infraestructuras Críticas y la Ciberseguridad

    Play Episode Listen Later Jun 3, 2025 52:39


    Podcast: CiberAfterWork: ciberseguridad en Capital RadioEpisode: Episodio 298: El Apagón, las Infraestructuras Críticas y la CiberseguridadPub date: 2025-06-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn este episodio se habla del gran apagón que sufrió España y se analiza si pudo haber sido causado por un ciberataque, aunque el consenso del mercado lo descarta, y reflexionando sobre la vulnerabilidad de las infraestructuras críticas ante tales eventos. También se detalla la rápida aparición de ciberestafas relacionadas con el apagón, demostrando la adaptabilidad de los ciberdelincuentes. Posteriormente, el programa presenta una solución de seguridad basada en DNS para proteger la navegación web en empresas y dispositivos, enfatizando su facilidad de instalación y personalización. Finalmente, se informa sobre un ciberataque de ransomware al Ayuntamiento de Badajoz y el desmantelamiento por parte del FBI de una plataforma de "Fishing as a Service", resaltando la importancia de la prevención, detección y respuesta en ciberseguridad. Twitter: @ciberafterwork Instagram: @ciberafterwork Panda Security: https://www.pandasecurity.com/es/ +info: https://psaneme.com/ https://bitlifemedia.com/ https://www.vapasec.com/ VAPASEC https://www.vapasec.com/ https://www.vapasec.com/webprotection/The podcast and artwork embedded on this page are from psaneme, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    1/4 Contexto Incorporando ciberseguridad en el diseño de tecnología industrial

    Play Episode Listen Later Jun 2, 2025 19:39


    Podcast: Casos de Ciberseguridad IndustrialEpisode: 1/4 Contexto Incorporando ciberseguridad en el diseño de tecnología industrialPub date: 2025-06-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn este episodio se presenta el contexto del caso: datos del entrevistado y cuál es el contexto del entorno y cuáles son los desafíos de incorporar ciberseguridad en el desarrollo de las tecnologías.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Conserva #38 con Maria Penilla (ZIUR) - CRA (Cyber Resilience Act).

    Play Episode Listen Later Jun 1, 2025 30:23


    Podcast: Conservas Guillén by Trend MicroEpisode: Conserva #38 con Maria Penilla (ZIUR) - CRA (Cyber Resilience Act).Pub date: 2025-05-29Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn Conservas Guillén abrimos una nueva lata para hablar con María Penilla (Directora General de la Fundación ZIUR, Centro de Ciberseguridad Industrial de Gipuzkoa) para hablar de la CRA (Cyber Resilience Act) y como desde la Fundación están ayudando al tejido empresarial / industrial de Guipuzkoa y Euskadi. Conservaciones de 30 minutos, aproximadamente, en lenguaje entendible y coloquial.The podcast and artwork embedded on this page are from Trend Micro Iberia, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Megan Stifel on the Impact of the Ransomware Task Force

    Play Episode Listen Later May 31, 2025 29:48


    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Megan Stifel on the Impact of the Ransomware Task ForcePub date: 2025-05-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationMegan Stifel, Chief Strategy Officer for the Institute for Security and Technology, joins the Nexus Podcast to discuss the four years of progress and challenges experienced by the Ransomware Task Force. The RTF was created days before the Colonial Pipeline ransomware incident and in a landmark report, laid out 48 recommendations to the industry that included a framework for critical infrastructure organizations that could help deter and disrupt the operations of ransomware gangs. Stifel covers the growth of the task force and which the of the 48 recommendations have been tackled and which remain. Listen and subscribe to the Nexus Podcast on your favorite platform.The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    EP 63: Chief Hacking Officer

    Play Episode Listen Later May 30, 2025 27:04


    Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 63: Chief Hacking OfficerPub date: 2025-05-27Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThis is a story about a Chief Hacking Officer who draws on his expertise in physical and virtual security assessments—along with some intuitive AI-driven coding—to safeguard Operational Technology. Colin Murphy of Frenos and Mitnick Security talks about how some of his early assessment work with Kevin Mitnick is helping him with OT security today.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    OT Security in Hindsight: Visibility, Authority, and the Executive Disconnect

    Play Episode Listen Later May 29, 2025 29:45


    Podcast: Industrial Cybersecurity InsiderEpisode: OT Security in Hindsight: Visibility, Authority, and the Executive DisconnectPub date: 2025-05-27Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this special rewind edition of Industrial Cybersecurity Insider, we revisit some of the most powerful insights shared on how to elevate OT cybersecurity across complex, distributed environments. From budget allocation strategies to disaster recovery frameworks and the nuances of executive engagement, this episode distills frontline lessons into a compact, high-impact listen. Whether you're navigating remote access risks, managing hybrid architectures, or striving to align plant managers with corporate cybersecurity goals, these reflections are a roadmap for driving resilience and maturity in your OT security strategy.Chapters:00:00:00 - Rewind Kickoff: From Blind Spots to Bold Predictions00:00:46 - The A-Z of Industrial Cybersecurity for OT Environments with Industry Expert Bryson Bort00:10:57 - Gartner, DOGE, and the Future of OT Cybersecurity Policy00:21:38 - Uncovering Blind Spots in OT CybersecurityLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Claim @BEERISAC: CPS/ICS Security Podcast Playlist

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel