@BEERISAC: CPS/ICS Security Podcast Playlist

Follow @BEERISAC: CPS/ICS Security Podcast Playlist
Share on
Copy link to clipboard

A curated playlist of Cyber-Physical Systems and ICS Cyber Security related podcast episodes [any language] by ICS Security enthusiasts. Contact Anton Shipulin / @shipulin_anton on Twitter if something is missing.

Anton Shipulin / Listen Notes


    • Mar 10, 2026 LATEST EPISODE
    • daily NEW EPISODES
    • 37m AVG DURATION
    • 2,396 EPISODES


    Search for episodes from @BEERISAC: CPS/ICS Security Podcast Playlist with a specific topic:

    Latest episodes from @BEERISAC: CPS/ICS Security Podcast Playlist

    Dan Ricci on Four Years of the ICS Advisory Project

    Play Episode Listen Later Mar 10, 2026 28:58


    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Dan Ricci on Four Years of the ICS Advisory ProjectPub date: 2026-03-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIndustrial cybersecurity expert Dan Ricci, the founder and maintainer of the ICS Advisory Project, joins the Nexus Podcast to discuss the evolution of the industry's premier ICS and OT security advisory repository as it turns 4 years old. Dan talks about the impact of the project on OT security teams, the dashboards he's created to better parse the volume of data on the site, and unique use cases that asset owners and operators have for this critical information. Subscribe and listen to the Nexus Podcast here. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    EP 82: Kerberos in OT: RC4 Downgrade Attacks

    Play Episode Listen Later Mar 9, 2026 26:42


    Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 82: Kerberos in OT: RC4 Downgrade AttacksPub date: 2026-03-04Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationKerberos, a decades-old authentication protocol, creates hidden risks in OT environments. Dor Segal, security researcher team lead at Silverfort, discusses delegation abuse, cipher downgrade attacks, and person-in-the-middle threats—highlighting why legacy encryption, patching challenges, and operational constraints make identity security critical in industrial networks.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    The Blind Spots Putting Manufacturers at Risk: WEF 2026 Global Cybersecurity Outlook

    Play Episode Listen Later Mar 8, 2026 31:38


    Podcast: Industrial Cybersecurity InsiderEpisode: The Blind Spots Putting Manufacturers at Risk: WEF 2026 Global Cybersecurity OutlookPub date: 2026-03-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationLuRae Lumpkin, Producer of Industrial Cybersecurity Insider, sits down with industrial cybersecurity expert Dino Busalachi to break down the 2026 World Economic Forum Global Cybersecurity Outlook Report and what it really means for manufacturers. While the report surveyed nearly a thousand CEOs, CIOs, and CISOs, Dino reveals a critical blind spot: industrial control systems and OT environments are being left dangerously exposed. They discuss how AI is becoming a double-edged sword for attackers and defenders, why supply chain vulnerabilities remain unaddressed, the shocking lack of cybersecurity skills on plant floors, and why most companies still aren't conducting incident response exercises. Dino shares real-world insights from working in nearly 2,000 plants over four decades, explaining why IT and OT remain disconnected, how remote access creates massive security gaps, and why outdated equipment with decades-old vulnerabilities sits unpatched in critical manufacturing environments. The conversation reveals that while enterprises focus on IT security, the plant floor—where revenue is actually generated—remains critically vulnerable, with potentially catastrophic consequences for businesses, supply chains, and even national GDP. Chapters: (00:00:00) - Introduction and Overview of WEF 2026 Cybersecurity Report (00:01:00) - Where Cybersecurity Funding Actually Goes: IT vs OT Reality (00:03:00) - The Myth of Disconnected Legacy Equipment (00:05:00) - AI as a Double-Edged Sword in Industrial Environments (00:08:00) - The Vulnerability Crisis: Thousands of Unpatched Systems (00:09:00) - Third-Party and Supply Chain Security Gaps (00:12:00) - Remote Access: The Hidden Attack Vector (00:14:00) - Critical Supplier Dependencies and Decentralized OT (00:15:00) - The Skills Gap: Why Industrial Cybersecurity Expertise is Scarce (00:19:00) - The Shocking Truth About Incident Response Exercises (00:22:00) - Real-World Impact: When Manufacturers Get Hit (00:24:00) - Getting All Stakeholders in the Same Room (00:28:00) - Insurance vs Prevention: The True Cost of Cyber Incidents (00:29:00) - Final Thoughts: Who Should Own OT Cybersecurity? Links And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    NIS-2 kompakt: Was für Unternehmen zählt | OT Security Made Simple

    Play Episode Listen Later Mar 7, 2026 26:45


    Podcast: OT Security Made SimpleEpisode: NIS-2 kompakt: Was für Unternehmen zählt | OT Security Made SimplePub date: 2026-03-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationKlaus Mochalski und Rechtsanwalt sowie Partner Thomas Schmeding (BBH Consulting) klären die wichtigsten Fragen zu NIS-2: Wer ist durch die neuen Schwellenwerte betroffen? Welche Haftungsrisiken kommen auf die Geschäftsleitung zu und wie gelingt die Umsetzung? Ein Pflicht-Update zur Cybersicherheit.Mehr zum Thema OT Security Made simple findet Ihr auf rhebo.com oder schreibt uns mit Euren Ideen, Fragen oder Gastvorschlägen an podcast@rhebo.com.  The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    IT SOC vs OT SOC How & Why They're Different

    Play Episode Listen Later Mar 6, 2026 26:17


    Podcast: Industrial Cybersecurity InsiderEpisode: IT SOC vs OT SOC How & Why They're DifferentPub date: 2026-02-25Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCraig and Dino tackle the critical differences between IT and OT Security Operations Centers, revealing why traditional IT-centric SOCs are failing to protect manufacturing environments.Drawing from real-world examples, including a global beverage company that discovered they were only monitoring one-third of their OT assets, the hosts expose the fundamental disconnect between IT security teams and operational technology environments.They discuss why IT SOCs struggle with OT visibility, the challenges of asset inventory in dynamic manufacturing environments, and the critical importance of localization in security operations.The conversation covers practical barriers like line changeovers, PLC modifications, remote access vulnerabilities, and the need for OT-specific incident response protocols.Craig and Dino emphasize that effective OT security requires IT teams to become embedded in plant operations, working collaboratively with OEMs and system integrators, and understanding the unique operational context of manufacturing assets.This episode is essential listening for CISOs, plant managers, and security professionals trying to bridge the IT-OT security gap.Chapters:(00:00:00) - The Two-Thirds Problem: When Your SOC Can't See Your Plant Floor(00:01:00) - The OT SOC Asset Visibility Problem: A Case Study(00:03:00) - Why IT SOCs Can't Manage OT Assets(00:05:00) - Line Changeovers and Operational Context(00:07:00) - First Responders and Incident Response Challenges(00:10:00) - The WannaCry Response Gap(00:12:00) - Asset Inventory and Baseline Challenges(00:15:00) - Incident Response and Phone Trees(00:17:00) - Organizational Accountability Problems(00:19:00) - Greenfield Opportunities and Standardization(00:22:00) - The IT-OT Collaboration Challenge(00:24:00) - Think Global, Act Local: Embedding IT in PlantsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Safe AI Automation for Cybersecurity: Practical Workflows Without the Risk

    Play Episode Listen Later Mar 5, 2026 15:47


    Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: Safe AI Automation for Cybersecurity: Practical Workflows Without the RiskPub date: 2026-03-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAI can accelerate cybersecurity - or accidentally expose it. In this solo episode of Protect It All, host Aaron Crow breaks down how cybersecurity professionals can safely integrate AI into their IT and OT workflows. As tools like ChatGPT, Copilot, and enterprise AI platforms become part of daily operations, the question isn't whether to use AI - it's how to use it responsibly. Aaron moves beyond buzzwords to focus on practical, everyday applications: automating reports, summarizing threat intelligence, drafting policies, enhancing documentation, and streamlining repetitive tasks. At the same time, he tackles the real concerns leaders face - data privacy, compliance, policy alignment, and shadow AI risks. You'll learn: Where AI delivers immediate value in cybersecurity workflows How to automate without exposing proprietary or regulated data The difference between enterprise AI tools and public platforms How to align AI usage with corporate security policies Practical ways CISOs and analysts can boost productivity safely Why governance and awareness matter as much as innovation Whether you're leading a security program or working hands-on in IT or OT environments, this episode delivers actionable strategies to use AI smarter—not riskier. Tune in to learn how to automate with confidence and stay ahead of the curve—only on Protect It All. Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast   To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    4/4 Desenlace de Orquestando de la seguridad OT

    Play Episode Listen Later Mar 4, 2026 11:18


    Podcast: Casos de Ciberseguridad IndustrialEpisode: 4/4 Desenlace de Orquestando de la seguridad OTPub date: 2026-03-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn este episodio se exploran las capacidades futuras que necesitarán los responsables de ciberseguridad OT para orquestar y no solo reaccionar. Analiza cómo convertir NIS2 e IEC 62443 en motores de madurez y no en una carga. Propone el primer paso realista para avanzar hacia la orquestación de la seguridad OT.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    OT Security/business resilience, lack of incentives for securing software & the news - Ben Worthy - ESW #448

    Play Episode Listen Later Mar 4, 2026 114:09


    Podcast: Security Weekly Podcast Network (Audio) (LS 47 · TOP 1% what is this?)Episode: OT Security/business resilience, lack of incentives for securing software & the news - Ben Worthy - ESW #448Pub date: 2026-03-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationInterview - Ben Worthy from Airbus Protect The current state of OT security and business resilience In this episode of Enterprise Security Weekly, we sit down with Ben Worthy, OT Security Specialist at Airbus Protect, to explore the evolving landscape of business resilience in safety-critical sectors. With over 25 years of experience across aerospace, nuclear, water, oil & gas, and other industries, Ben shares insights on how organizations are adapting to the surge in disruptive cyberattacks—from ransomware targeting operational technology to GPS spoofing and supply chain incidents. We discuss major cases including the Boeing/LockBit ransom demand, the Jaguar Land Rover production shutdown, and the SITA passenger data breach, examining how aviation and other critical infrastructure sectors are separating safety risk from business continuity risk. Ben also breaks down the regulatory changes reshaping the industry, including EASA's October 2025 and February 2026 deadlines that tie cyber assurance directly to safety oversight, and what ENISA's latest numbers reveal about hacktivism and ransomware trends. Whether you're in aviation, nuclear, or any safety-critical sector, this conversation offers practical lessons on building resilience that keeps operations moving while addressing threats in real time. This segment is sponsored by Airbus Protect. Visit https://securityweekly.com/airbusprotect to learn more about them! Topic: Where are the business incentives to build secure products and software? "It's the right thing to do," so of course businesses will make their products secure, right? Well, it turns out that breaches and vulnerabilities don't traditionally hurt financial performance all that much. Stocks recover, insurance covers the bulks of the losses, fines are paid, and lawsuits are settled. Most businesses can comfortably absorb the impact, so the threat of reputational harm or financial losses just aren't slowing them down. In the case of Ivanti, where the reputational harm was extreme, the company's companies continue to get hacked as critical vulnerabilities keep getting discovered in their products. https://www.bloomberg.com/news/features/2026-02-19/vpn-used-by-us-government-failed-to-stop-china-state-sponsored-hackers In this topic segment, we don't aim to provide solutions to this problem, just the awareness that ethics, doing the right thing, and even signing the Secure by Design pledge don't seem to be enough to change vendor behavior when it comes to securing products. The Weekly Enterprise Security News Finally, in the enterprise security news, RSA Innovation Sandbox hot takes Did AI solve cyber? fundings and acquisitions a free app to warn you about smart glasses deep thoughts about OpenClaw replacing US tech with EU equivalents is hard should you turn off dependabot? accidentally taking over 7000 robot vacuums the director of AI Safety at Meta loses her email somehow should you go back to using a blackberry? All that and more, on this episode of Enterprise Security Weekly. Visit https://www.securityweekly.com/esw for all the latest episodes! Show Notes: https://securityweekly.com/esw-448The podcast and artwork embedded on this page are from Security Weekly Productions, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Dan Gunter on Creating Malicious OT Test Data to Train Security Tools

    Play Episode Listen Later Mar 2, 2026 27:18


    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Dan Gunter on Creating Malicious OT Test Data to Train Security ToolsPub date: 2026-03-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationInsane Cyber CEO and founder Dan Gunter joins the Nexus Podcast in an episode recorded live at the S4 Conference in Miami. Dan explains a process for generating malicous OT data in order to test the efficacy of an organization's intrusion detection and other security products. Generating such data has its barriers, but it's crucial, he said, in order to train products and security analysts how to spot malicious and anomalous traffic. Dan talks about using emulators and achieving success on a relatively small budget. Subscribe and listen to the Nexus Podcast here. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    From NIST to Nation-State: Securing Embedded Systems through Compliance and Trust

    Play Episode Listen Later Mar 2, 2026 32:54


    Podcast: Exploited: The Cyber Truth Episode: From NIST to Nation-State: Securing Embedded Systems through Compliance and TrustPub date: 2026-02-26Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Cordell Robinson, CEO of Brownstone Consulting, to explore how security frameworks like NIST 800-53 are evolving from paperwork exercises into real drivers of security maturity. From continuous monitoring and secure-by-design development to Software Bills of Materials (SBOMs) and vulnerability transparency, the conversation examines what it takes to build trust in embedded and operational technology (OT) systems, especially as regulators sharpen their focus and nation-state threats grow more sophisticated. Together, they explore: Why compliance should cover people, processes, and technology—not just policiesHow NIST frameworks are shifting from checklists to operational rigorThe growing importance of SBOMs in supply chain transparencyHow AI is reshaping both cyber defense and attacker capabilityWhat new regulatory pressure (including the EU Cyber Resilience Act) means for manufacturers Whether you build embedded systems, ship software to government agencies, or manage critical infrastructure, this episode offers practical insight into building compliance programs that strengthen security and earn trust.The podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    How ABB Is Digitally Transforming Legacy Control Systems Without Disrupting Production

    Play Episode Listen Later Mar 1, 2026 19:04


    Podcast: Automation World Gets Your Questions Answered (LS 26 · TOP 10% what is this?)Episode: How ABB Is Digitally Transforming Legacy Control Systems Without Disrupting ProductionPub date: 2026-02-27Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, we connect with Stefan Basenach, senior vice president of automation technology at ABB, to learn how ABB's new dual-environment architecture, called Automation Extended, enables the integration of AI, predictive maintenance and cybersecurity upgrades while protecting reliable core control functions in the distributed control system.The podcast and artwork embedded on this page are from Automation World, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Episode 62: The hidden phase of industrial cyberattacks and how to spot it early

    Play Episode Listen Later Feb 28, 2026 26:24


    Podcast: Digitalization Tech TalksEpisode: Episode 62: The hidden phase of industrial cyberattacks and how to spot it earlyPub date: 2026-02-26Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn the 62nd episode of Digitalization Tech Talks, hosts Jonas Norinder and Don Mack kick off a two‑part series on the evolving state of industrial cybersecurity. They uncover what's really happening inside OT networks long before a cyber incident hits the plant floor including why over 80% of adversary behavior occurs months before impact, why air‑gaps no longer provide real protection, and how legacy vulnerabilities continue to be actively exploited. As guest Adam Robbie puts it “OT security is no longer a hidden problem — it's a visibility problem.” This episode is essential listening for anyone navigating IT/OT convergence, looking for ways to improve industrial defenses, or preparing for emerging cyber risks. The insights come directly from a new white paper supported by a commercial and research partnership between Palo Alto Networks and Siemens, together with Idaho National Labs as the third-party research partner. Show Notes:Research Paper (S4 Conference): Intelligence-Driven Active Defense Report 2026 (https://sie.ag/416Tgm)Website (Palo Alto): OT Security Insights 2025 (https://sie.ag/2ZcgDY)Website (US Department of Energy): Cybersecurity for the Operational Technology Environment (https://sie.ag/5p9z6a)Website (Siemens): Industrial cybersecurity solutions | Siemens (https://sie.ag/4HJ8L4) Contact us:Adam Robbie email (arobbie@paloaltonetworks.com), LinkedIn (https://www.linkedin.com/in/adamrobbie/)Tilo Pinkert email (tilo.pinkert@siemens.com), LinkedIn (https://www.linkedin.com/in/tilopinkert/)Priyanjan Sharma email (priyanjan.sharma@siemens.com), LinkedIn (https://www.linkedin.com/in/priyanjansharma/) Don Mack email (mack.donald@siemens.com)Jonas Norinder email (jonas.norinder@siemens.com)The podcast and artwork embedded on this page are from Siemens, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Mike Holcomb on the Intersection of Hacktivists, State Actors

    Play Episode Listen Later Feb 27, 2026 28:19


    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Mike Holcomb on the Intersection of Hacktivists, State ActorsPub date: 2026-02-25Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationMike Holcomb joins the Nexus Podcast to discuss a Converged Actor Framework he developed and presented at the S4 Conference. The framework delineates  groups such as hacktivists and state threat actors based on the impact and frequency of their activity. State actors are leveraging hacktivist groups with greater frequency, and this convergence must be considered as defenders tasked with protecting OT and cyber-physical systems strategize around security. Subscribe and listen to the Nexus Podcast here. Subscribe to Mike Holcomb's YouTube channel here.The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Brass Tacks S2E01 – Cyber Conflict and the Risk to Critical Infrastructure

    Play Episode Listen Later Feb 25, 2026 22:01


    Podcast: Fortinet Cybersecurity Podcast (LS 26 · TOP 10% what is this?)Episode: Brass Tacks S2E01 – Cyber Conflict and the Risk to Critical InfrastructurePub date: 2026-02-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCyber attacks are used to strain states, disrupt power grids, and shake public trust. In this episode, Annita Sciacovelli, Cybersecurity Advisor and Professor of International Law at the University of Bari, explains how digital attacks target essential services, why societies are the pressure point, and how international law draws the line between cyber operations and armed response. Watch or listen to the episode, and read the blog to dig deeper into the legal and societal impact. Read the Fortinet blog: https://www.fortinet.com/blog/industry-trends/when-cyber-conflict-targets-society Watch on YouTube: https://www.youtube.com/watch?v=WGnJHB5NdAwThe podcast and artwork embedded on this page are from Fortinet Cybersecurity Podcast, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    The Danger of IT, OT, Medical Device Cyber Turf Wars

    Play Episode Listen Later Feb 25, 2026 25:24


    Podcast: Government Information Security Podcast (LS 27 · TOP 10% what is this?)Episode: The Danger of IT, OT, Medical Device Cyber Turf WarsPub date: 2026-02-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhat often appears to be turf wars between healthcare technology management, facilities OT staff, IT departments and security teams are often the result of unclear ownership and accountability for device security. And that presents safety risks to patients, says Mohamed Waqas, CTO of Armis.The podcast and artwork embedded on this page are from GovInfoSecurity.com, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Compliance Isn't Security: NERC CIP 15 and the Real Gaps in OT Network Monitoring

    Play Episode Listen Later Feb 24, 2026 23:15


    Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: Compliance Isn't Security: NERC CIP 15 and the Real Gaps in OT Network MonitoringPub date: 2026-02-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationPassing an audit doesn't mean you're secure. In this episode of Protect It All, host Aaron Crow dives into one of the biggest misconceptions in operational technology: the belief that compliance equals protection. Using NERC CIP 15 as a real-world case study, Aaron explores why meeting regulatory requirements is only the starting point - not the finish line. A major focus of this conversation is OT network monitoring, especially the often-overlooked east-west traffic inside your environment. Many organizations monitor perimeter traffic while internal blind spots remain wide open. You'll learn: Why compliance frameworks don't automatically create security The real challenges of implementing NERC CIP 15 at scale Why internal network visibility (east-west monitoring) matters How to establish meaningful baselines in legacy OT environments The difference between audit success and operational resilience Why architecture, tooling, and skilled personnel must work together Whether you're working in utilities, manufacturing, or critical infrastructure, this episode provides practical guidance on how to move beyond checklists and build security programs that truly reduce risk. Tune in to learn how to transform compliance requirements into real operational protection - only on Protect It All. Key Moments:  00:00 OT Security Blind Spots 05:15 "OT Security and Monitoring Challenges" 10:41 Aging Switches and Monitoring Challenges 13:16 OT Protocols and Infrastructure Challenges 15:42 "IT vs OT: Complexity Challenges" 18:03 "Balancing Compliance and Security" 21:57 Securing Critical Infrastructure Spaces Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast   To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    3/4 Acciones de Orquestando de la seguridad OT

    Play Episode Listen Later Feb 24, 2026 12:17


    Podcast: Casos de Ciberseguridad IndustrialEpisode: 3/4 Acciones de Orquestando de la seguridad OTPub date: 2026-02-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn este episodio se abordan retos reales de integrar la seguridad OT y los errores más comunes en ese proceso. Aborda cómo la automatización del cumplimiento libera a los equipos para tareas de mayor valor. Explica cómo la remediación basada en esfuerzo e impacto cambia la forma de trabajar de OT y seguridad.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Warum die Integration von Security Events in Leitwarten entscheidend ist | OT Security Made Simple

    Play Episode Listen Later Feb 22, 2026 25:15


    Podcast: OT Security Made SimpleEpisode: Warum die Integration von Security Events in Leitwarten entscheidend ist | OT Security Made SimplePub date: 2026-02-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDirk Lüders, Director of Marketing & Sales International bei Jungmann Systemtechnik, spricht mit Host Klaus Mochalski über seine mehrjährigen Erfahrungen als Turnkey-Solution-Anbieter für Leitwarten, welche Vorteile KVM-Systeme bieten und was für Herausforderungen durch verstaubte DOS-Altlasten sowie streng regulierte Maustreiber entstehen. Mehr zum Thema OT Security Made simple findet Ihr auf rhebo.com oder schreibt uns mit Euren Ideen, Fragen oder Gastvorschlägen an ⁠podcast@rhebo.com⁠. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    EP 81: Root of Trust: Why Security Now Starts in Silicon

    Play Episode Listen Later Feb 21, 2026 34:35


    Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 81: Root of Trust: Why Security Now Starts in SiliconPub date: 2026-02-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationRising software complexity in safety-critical industries is forcing cybersecurity requirements on systems previously not thought about before.  David Sequino, CEO of OmniTrust (formerly ISS), talks about the need to secure digital certificates on life critical systems like cars and planes and the challenges in doing so.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Your OT Cybersecurity Strategy Is Failing: Here's Why

    Play Episode Listen Later Feb 20, 2026 30:02


    Podcast: Industrial Cybersecurity InsiderEpisode: Your OT Cybersecurity Strategy Is Failing: Here's WhyPub date: 2026-02-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDino and Craig reunite to tackle the shifts occuring in industrial cybersecurity in 2026.They discuss how OT-focused IDS software companies are shifting away from managed services to partner with systems integrators who understand the plant floor.The conversation explores the challenges manufacturers face—from aging infrastructure spanning decades to flat layer-2 networks that give remote vendors unrestricted access.They emphasize that IT departments cannot effectively manage OT assets they don't own or understand, especially when dealing with equipment older than their cybersecurity staff.The episode covers the pitfalls of penetration testing in live manufacturing environments, the reality of shadow IT versus shadow OT, and why EDR solutions struggle in control system environments.Dino and Craig stress the importance of treating cybersecurity as a marathon rather than a sprint, starting with basic asset inventory and microsegmentation.They call on manufacturing leaders to stop deferring to IT for OT security, attend industry-specific conferences like S4X26, and partner with systems integrators who have deep automation expertise.With threats mounting, the time for action is now—not next quarter.Chapters:(00:00:00) - Welcome & What We've Been Up To(00:00:48) - The Big Shift: Why OT IDS Companies Are Backing Away From Managed Services(00:03:00) - The Shelfware Problem: When Security Tools Sit Unused(00:04:12) - Why Pen Testing Can Be Disruptive (or Dangerous) in Manufacturing Environments(00:05:54) - The Reality of Legacy Infrastructure: Equipment Older Than Your Cybersecurity Team(00:07:43) - Who Can Actually Patch Your Control Systems?(00:09:04) - Supply Chain Vulnerabilities: You're Only as Strong as Your Weakest Link(00:11:01) - The Last Mile Challenge: Asset Inventory, Microsegmentation & Starting Small(00:13:55) - The Shelfware to Tool-Switching Problem: Why Companies Are Reconsidering Their First Choice(00:16:18) - Shadow IT vs. Shadow OT: Who Really Owns Plant Floor Security?(00:19:00) - Why EDR Struggles in Control System Environments(00:21:35) - Time to Step Up: Why Manufacturing Leaders Can't Defer to IT Anymore(00:23:00) - Where to Learn: S4, Automation Fair, and Why You Need to Attend Industry Conferences(00:25:00) - Finding the Right Partner: Systems Integrators Who Speak Automation and Cybersecurity(00:27:00) - Final Thoughts: The Time for Action Is NowLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    OT Cybersecurity That Works: Tabletop Exercises, Critical Controls & Building Trust

    Play Episode Listen Later Feb 19, 2026 59:02


    Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: OT Cybersecurity That Works: Tabletop Exercises, Critical Controls & Building TrustPub date: 2026-02-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationYou can't secure OT environments with checklists alone - you secure them with trust, clarity, and focused action. In this episode of Protect It All, host Aaron Crow sits down with OT security expert Dean Parsons to unpack what actually improves cybersecurity maturity in manufacturing, water, and wastewater environments. From remote access blind spots to outdated network architecture, they explore the practical gaps many organizations face - and how to fix them without massive budgets. A central theme? Tabletop exercises. Not as a compliance checkbox - but as a powerful tool to build collaboration between IT and OT teams, clarify roles, and stress-test real incident response plans before a crisis hits. You'll learn: Why tabletop exercises accelerate OT maturity The importance of trust between engineers and IT teams How focusing on the SANS 5 Critical Controls drives meaningful progress Why visibility and architecture matter more than shiny tools How to improve OT security without overwhelming teams or budgets The human and process factors that determine response success Whether you're leading OT security, managing critical infrastructure, or trying to bridge IT and engineering teams, this episode delivers practical, experience-backed strategies you can implement immediately. Tune in to learn how to strengthen OT security through people, process, and purposeful action - only on Protect It All. Key Moments:  03:57 "Improved IT-OT Collaboration Tabletops" 08:57 "ICS Security Priorities" 12:16 "Accelerating ICS Cybersecurity Programs" 15:07 Trusted Expertise Builds Credibility 17:28 "Engineering Role in Incident Response" 20:53 "Cybersecurity: Tabletops Gain Traction" 26:34 "Control Systems, Protocol Abuse Insights" 27:51 Secure Architecture Enables Network Visibility 33:07 "Targeted Network Monitoring Essentials" 35:23 Prioritize Critical Assets Strategically 37:50 "Bridging IT and OT Expertise" 41:56 Critical Infrastructure Security Risks 44:30 ICS Leadership and Threat Strategy 48:14 "Power Plant Walkthrough Insights" 52:02 Critical Cyber Asset Management 57:29 "SANS Courses: Essential and Valuable" About the guest :  Dean Parsons is a SANS Principal Instructor and the CEO and Principal Consultant of ICS Defense Force. Over the past two decades, Dean has built and led industrial cyber defense programs, conducted incident response and digital forensics in live plants and partnered with operators and engineers to maintain both safety and uptime across major industrial sectors. He helps organizations align investment and policy decisions with operational priorities, developing risk metrics and tabletop exercises that unify operations, engineering, and cybersecurity so organizations in any industrial sector can prioritize and measure what matters. How to connect Dean : https://www.linkedin.com/in/dean-parsons-cybersecurity Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast   To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Systems Engineering for Survival: A Physician's Guide to Emergency Management

    Play Episode Listen Later Feb 18, 2026 30:26


    Podcast: Hack the Plant (LS 35 · TOP 3% what is this?)Episode: Systems Engineering for Survival: A Physician's Guide to Emergency ManagementPub date: 2026-02-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOur host Bryson Bort welcomes Dr. Natalie Sullivan, Medical Director of the Emergency Response Medical Group and an emergency medicine physician at a D.C. area hospital. Trained in EMS and disaster and operational medicine, Natalie turned her attention to the critical intersection of clinical medicine, patient safety, and cybersecurity resilience after experiencing a prolonged ransomware attack on a major hospital. Dr. Sullivan lays out the disaster preparedness cycle, and the many vectors of risks for hospitals. How does a cyberattack on one hospital lead to increased cardiac arrest mortality at the hospital three blocks away? Why is a generation of "digital native" doctors a hidden vulnerability in an analog emergency? And what happens when a hospital's reliance on these "tightly coupled" systems—like water, power, and the Medical IoT—collapses during a ransomware event?“We are critical infrastructure, but we're deeply, deeply dependent on the surrounding critical infrastructure,” Dr. Sullivan said. Join us for this and more on this episode of Hack the Plan[e]t. The views and opinions expressed in this podcast represent those of the speaker, and do not necessarily represent the views and opinions of their employers. Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology. The podcast and artwork embedded on this page are from Bryson Bort, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    2/4 Análisis de Orquestando de la seguridad OT

    Play Episode Listen Later Feb 18, 2026 12:24


    Podcast: Casos de Ciberseguridad IndustrialEpisode: 2/4 Análisis de Orquestando de la seguridad OTPub date: 2026-02-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn este episodio se analiza la diferencia entre mostrar información y facilitar decisiones reales en ciberseguridad OT. Aborda cómo priorizar el riesgo por impacto operativo y de negocio sin generar alarmismo. Explica por qué el exceso de alertas y ruido puede ser más peligroso que la falta de visibilidad.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    AI Boosts Functional Safety

    Play Episode Listen Later Feb 17, 2026 24:34


    Podcast: Today with ISSSourceEpisode: AI Boosts Functional SafetyPub date: 2026-02-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationFacing a serious crunch of safety experts leaving the manufacturing industry and not enough coming in to fill the void, and add in a complex and more connected digital environment, the sector could use a technological boost. Artificial intelligence could be the answer.The podcast and artwork embedded on this page are from Gregory Hale, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    CISA's Matthew Rogers on Secure OT Protocol Communication

    Play Episode Listen Later Feb 17, 2026 38:04


    Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: CISA's Matthew Rogers on Secure OT Protocol CommunicationPub date: 2026-02-15Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationMatthew Rogers, ICS Cybersecurity Lead at the Cybersecurity Infrastructure and Security Agency (CISA) joins the Nexus Podcast to discuss new guidance published by the agency to help manufacturers and asset owners move toward more secure OT communication protocols. Legacy protocols that contain little to no basic security capabilities are still prevalent in OT environments today. Rogers explains the risk and why manufacturers should begin their journey away from proprietary protocols and toward open standards. According to CISA's guidance, operators want authentication and integrity capabilities to protect process data, but need to understand the value and business impact of doing so. Download CISA's guidance here. Subscribe and listen to the Nexus Podcast here. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Danielle Jablanski on Food & Ag, OT Security & Everything in Between

    Play Episode Listen Later Feb 16, 2026 84:45


    Podcast: Bites and Bytes PodcastEpisode: Danielle Jablanski on Food & Ag, OT Security & Everything in BetweenPub date: 2026-02-12Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDanielle Jablanski isn't your typical OT security expert… she studied genocide in Rwanda, analyzed future water wars for her master's thesis, and once received a phishing text inviting her to eat grilled crocodile on the beach. Now leading STV's OT cybersecurity consulting program and teaching at both Middlebury Institute and Dallas College, Danielle brings policy depth, technical expertise, and genuine curiosity to oneof the most wide-ranging conversations we've ever had.We chase every rabbit worth chasing, smart greenhouses, vulnerabilities, food monopolies, insects, data integrity risks, geopolitics, and how food travels. Danielle shares lessons from nuclear security, explains why compromised data is scarier than loss of control, and makes the case for why more security pros should care about what ends up on our plates.This is exactly how Kristin and Danielle talk when the mics aren't rolling… except this time they were.---------------Episode Key Highlights00:01:03 — Creative Phishing Texts00:10:27 — How Kristin and Danielle Met00:17:08 — Insects and the Food Chain00:28:05 — Monopolies and Single Points of Failure00:30:32 — Rat Trap Sensors vs. Robot Pickers00:33:46 — Centralization Risk00:44:25 — Data Integrity vs. Loss of Control00:55:30 — Food as Critical Infrastructure01:06:30 — Global Supply Chain and Ports01:15:45 — China, Soybeans, and Soft Power---------------

    #120: Use of Deception Solutions in Energy Sector Cybersecurity

    Play Episode Listen Later Feb 14, 2026 9:02


    Podcast: Energy TalksEpisode: #120: Use of Deception Solutions in Energy Sector CybersecurityPub date: 2026-02-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDiscover how digital twins of online infrastructure can be used to fool attackers In this episode of Energy Talks, host Simon Rommer, OT Security Consultant at OMICRON, and his guest. Christoph Kukovic, Chief Information Security Officer at Verbund AG, Austria's leading energy company and one of the largest producers of hydroelectricity in Europe, discuss the critical roles of IT and OT in power systems cybersecurity, focusing on the use of deception solutions. Deception solutions aim to create realistic online environments for attackers. The idea is to challenge them with a digital twin of the online infrastructure so that they attack the deception solution instead of the real infrastructure. Christoph shares his insights with Simon into his personal cybersecurity journey, the challenges faced in implementing innovative cybersecurity measures, and the development of his company's own deception solutions. The conversation delves into the importance of collaboration, the need for realistic simulations, the difference between honeypot and deception solutions, and testing deception solutions in real-world scenarios. Get more information about OT cybersecurity for power grids . We welcome your questions and feedback. Simply send us an email to podcast@omicronenergy.com. Please join us to listen to the next episode of Energy Talks.The podcast and artwork embedded on this page are from OMICRON electronics GmbH, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    The OT Mistakes Attackers Count On—And How to Fix Them Before They Do

    Play Episode Listen Later Feb 13, 2026 31:16


    Podcast: Exploited: The Cyber Truth Episode: The OT Mistakes Attackers Count On—And How to Fix Them Before They DoPub date: 2026-02-12Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joseph M. Saunders and OT/ICS security expert Mike Holcomb, founder of UTILSEC, for a candid discussion about the weaknesses attackers exploit inside industrial environments. Mike shares what he repeatedly finds during assessments of large OT and ICS networks: no effective firewall between IT and OT, flat networks with little segmentation, stale Windows domains, shared engineering credentials, exposed HMIs, and OT protocols that will accept commands from any reachable host. He explains how attackers move from IT into OT using familiar enterprise techniques before pivoting into PLCs, RTUs, safety systems, and historians. Joe outlines why secure-by-design practices, higher software quality, and “secure by demand” procurement are critical to long-term resilience—especially as cloud connectivity and AI accelerate modernization in industrial environments. Together, they explore: Why a missing or misconfigured IT/OT firewall remains the most common and dangerous gapHow micro-segmentation and unidirectional architectures reduce blast radiusThe risks of web-enabled HMIs and long-lived legacy systemsWhy monitoring PLC programming traffic and historian queries mattersHow the Cyber Resilience Act is reshaping accountability for OT vendors If you're responsible for industrial operations, plant uptime, or product security, this episode shows how attackers actually move through OT environments—and how to eliminate the mistakes they depend on.The podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Former NSA now Founder & CTO Breaks Cybersecurity Down: Satellites to Manufacturing

    Play Episode Listen Later Feb 12, 2026 33:41


    Podcast: Industrial Cybersecurity InsiderEpisode: Former NSA now Founder & CTO Breaks Cybersecurity Down: Satellites to ManufacturingPub date: 2026-02-10Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDino sits down with Dick Wilkinson, CTO and co-founder of Proof Labs, to explore the intersection of space technology and industrial cybersecurity.Dick shares his 20-year journey in the U.S. Army with the National Security Agency, transitioning from signals intelligence to becoming a CISO for critical infrastructure organizations, including New Mexico's Supreme Court and the Albuquerque water authority.The conversation dives deep into the challenges of securing satellite systems with onboard intrusion detection and the persistent gap between IT and OT security teams. We also explore why the "castle wall" perimeter security model is dangerously outdated.Dick reveals how AI is lowering the barrier to entry for both attackers and defenders, and discusses the real-world applications of satellite communications in oil and gas operations.He also introduces a revolutionary physical layer-one air gap device called Goldilock Secure, which could transform how we protect remote industrial assets.This episode is essential listening for CISOs, CTOs, and security leaders looking to understand emerging threats in space-based infrastructure and practical solutions for securing distributed industrial environments.Chapters:(00:00:00) - Dick's Journey: From NSA to Space Cybersecurity(00:04:32) - What is Proof Labs and Why Space Security Matters(00:08:15) - Satellites as OT Assets: Oil, Gas, and Critical Infrastructure(00:12:47) - How Onboard Intrusion Detection Works in Spacecraft(00:16:23) - The Castle Wall Problem: Moving Beyond Perimeter Security(00:19:41) - IT vs OT: Bridging the Gap in Manufacturing Cybersecurity(00:24:18) - AI's Impact: Lowering the Barrier for Attackers and Defenders(00:27:35) - The Visibility Challenge: Why Most Plants Don't Know Their Assets(00:30:12) - Goldilock Firebreak: A Physical Air Gap Device That Changes Everything(00:35:20) - Real-World Applications for Remote Industrial Asset ProtectionLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Dick Wilkinson on LinkedInProof Labs WebsiteIndustrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Pen Testing Reality Check: Why Cybersecurity Fundamentals Still Matter More Than AI

    Play Episode Listen Later Feb 11, 2026 33:37


    Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: Pen Testing Reality Check: Why Cybersecurity Fundamentals Still Matter More Than AIPub date: 2026-02-09Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationShiny tools don't break attackers in basic mistakes. In Episode 92 of Protect It All, host Aaron Crow sits down with Corey LeBleu, founder of Relix Security and seasoned penetration tester, for a candid look at what actually causes organizations to get compromised and why fundamentals still matter more than the latest security trends. Drawing from years of red-team and penetration-testing experience, Corey shares real stories from the field: forgotten printers, unmanaged IoT devices, legacy systems no one owns anymore, and misconfigurations hiding in plain sight. Together, Aaron and Corey unpack why asset visibility, patching, and change management continue to be the weakest links - even as AI and automation enter the security conversation. You'll learn: Why old printers, IoT devices, and “temporary” systems are prime attack paths What most organizations misunderstand about pen testing and red teaming How poor asset inventory and change management undermine security programs The real risks behind shadow IT and unmanaged tools Where AI helps in pen testing and where experience still wins Why mastering the basics beats chasing new security gadgets every time Whether you're a security professional, IT leader, or someone looking to break into cybersecurity, this episode delivers practical, no-nonsense lessons from the front lines - focused on what actually reduces risk. Tune in to hear why cybersecurity success still starts with the fundamentals - only on Protect It All. Key Moments:  03:57 Critical Infrastructure: Finding Vulnerabilities 06:44 "Cyber Risks from Hidden Devices" 11:25 Cybersecurity: Focus on Basics 16:09 Complex Systems Demand Continuous Testing 18:17 Understanding Complex System Security 22:54 "Testing: External vs. Internal" 24:12 Enterprise Challenges with AI Integration 27:40 AI Lowers Barriers for Hacking About the guest :  Corey LeBleu has built a career around application security testing, becoming deeply involved in integrating vulnerability assessments throughout the software testing lifecycle. Noticing shifts in industry practices, Corey observed major international financial institutions moving to routinely pentest every application- even legacy IBM systems - leading the way in robust cybersecurity practices. In contrast, Corey also highlights the challenges faced by manufacturing, where operational technology often suffers from outdated, vulnerable systems. Corey's experience showcases the evolving landscape of application security, emphasizing the need for continuous testing and vigilance across diverse industries. How to connect Corey : https://www.linkedin.com/in/coreylebleu/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast   To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    1/4 Contexto de Orquestando la seguridad OT

    Play Episode Listen Later Feb 10, 2026 11:49


    Podcast: Casos de Ciberseguridad IndustrialEpisode: 1/4 Contexto de Orquestando la seguridad OTPub date: 2026-02-09Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn este episodio se aborda el paso de la detección a la orquestación como principal reto de la seguridad OT. Se analiza cómo se puede perder el control del riesgo pese a tener muchas herramientas de seguridad. Destaca que en entornos IT/OT/IoT la complejidad organizativa suele ser la más subestimada.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Idan Flek CCO & IT @Orot Energy - Managing cyber risk on critical infrastructure from the CxO view

    Play Episode Listen Later Feb 9, 2026 45:59


    Podcast: ICS Cyber Talks PodcastEpisode: Idan Flek CCO & IT @Orot Energy - Managing cyber risk on critical infrastructure from the CxO viewPub date: 2026-02-04Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationניהול סייבר הוא הרבה דברים שהם מעבר להגנה, היכולת לעבוד מול כלל הגורמים בחברה ממשתמשי הקצה בנושא מודעות סייבר, דרך יצירת מרחב עבודה ושיתוף פעולה של גורמי מקצוע האחרים כגון: ניהול סיכונים, המחלקה המשפטית, מערכות המידע והרשימה עוד ארוכה. כול זה עוד לפני הצורך לתת מענה להיבטים העסקיים ועבודה שוטפת מול הנהלה ודירקטוריון. הפעם בקשתי לפתוח את נושא ההנהלה בצורה רחבה יותר, מה קורה שאתה מקבל/לוקח עליך כסמנכ"ל את האחריות הניהולית למערכות המידע של החברה וכפל כפלים בחברה שהיא תשתיות קריטיות תחת רגולציות קשיחות. נחשון פינקו מארח את עידן פלק סמנכ"ל הסחר ומערכות המידע של קבוצת אורות אנרגיה בשיחה על ראיית המנהל לאחר שנתיים וחצי מאז שלקח על עצמו את האחריות למערכות המידע ללא שום ידע בתחום. ההתמודדות עם מלחמה שהאתרי הייצור של החברה הם מטרה ברורה לתקיפה פיזית וקיברנטית. ניהול סיכונים בנית צוות העבודה במסגרת ההנהלה הבכירה והדירקטוריון גיבוש תקציב תחת "שמיכה קצרה" וסדר עדיפויות ועוד Cyber management is about much more than just protection. It's the ability to work with every entity in the company, from end-users on cyber awareness to creating a collaborative workspace with other professionals, such as risk management, legal, IT, and more. All of this is even before addressing business aspects and ongoing work with senior management and the Board of Directors This time, I wanted to explore the management aspect more broadly: what happens when you, as a VP, take on the administrative responsibility for the company's information systems, especially in a critical infrastructure company under strict regulation Nachshon Pincu hosts Idan Flek, VP Chief Commercial Officer and Information Systems at the Orot Energy Group, for a conversation from a manager's perspective, two and a half years after taking on IT responsibilities with no prior knowledge of the field. Dealing with a war where the company's production sites are clear targets for physical and cyber attacks Risk management Building a team Prioritizing cyber within senior management and the Board formulating a budget under a 'short blanket' and shifting priorities and moreThe podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    131: OT Monitoring & SOC and Incident Response — Lessons from the Field with Cambios Academy

    Play Episode Listen Later Feb 8, 2026 42:58


    Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: 131: OT Monitoring & SOC and Incident Response — Lessons from the Field with Cambios AcademyPub date: 2026-02-04Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of the (CS)²AI Podcast, host Derek Harp is joined by Jonathan Pollet, Marc Visser, and Bryan Singer for a deep-dive Q&A discussion following CS2AI's January 21st community event on OT Monitoring, SOC operations, and Incident Response. Drawing on decades of hands-on experience across industrial environments worldwide, the panel expands on questions that couldn't be fully addressed during the live sessions.The conversation explores why OT monitoring and SOC capabilities must come before incident response, and how poor network architecture, lack of visibility, and organizational silos continue to undermine response efforts when incidents occur. Jonathan outlines the architectural foundations required to support effective detection, response, and recovery, while Marc emphasizes the practical realities of implementing OT monitoring—from working with factory engineers to reducing alert fatigue and building usable SOC workflows.Bryan brings the incident responder's perspective, sharing real-world insights from global OT incidents, including prolonged dwell times, ransomware impacts on production, and why organizations without proper segmentation and monitoring often experience the most severe and prolonged outages. The discussion also tackles common questions around Fusion SOCs vs. dedicated OT SOCs, the human challenges of translating OT data into actionable intelligence, and what asset owners should realistically expect from incident response retainers.This episode is a must-listen for OT practitioners, security leaders, and asset owners looking to move beyond theory and understand what actually works in the field. Whether you are just beginning your OT monitoring journey or refining mature SOC and IR capabilities, this discussion offers practical guidance rooted in real operational experience.The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    What's going on with manufacturing OT security? | OT Security Made Simple

    Play Episode Listen Later Feb 7, 2026 22:53


    Podcast: OT Security Made SimpleEpisode: What's going on with manufacturing OT security? | OT Security Made SimplePub date: 2026-02-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT security researcher Ben Book takes an unapologetic view on the state of OT security in manufacturing. He doesn't blame anybody but provides a clear analysis of business dynamics and offers what many lack when talking OT security solutions: the right questions. You can find more information on OT Security Made Simple at rhebo.com or send us your ideas, questions, or guest suggestions at podcast@rhebo.com. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    The IT-OT Knowledge Gap Costing Organizations Millions

    Play Episode Listen Later Feb 6, 2026 22:09


    Podcast: Industrial Cybersecurity InsiderEpisode: The IT-OT Knowledge Gap Costing Organizations MillionsPub date: 2026-02-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationDino sits down with Adeel Shaikh Muhammad, a Dubai-based cybersecurity expert and researcher with 16+ years in IT and OT security. They dive into why IT and OT teams still can't communicate effectively. The conversation reveals why most CISOs struggle to secure manufacturing environments. Adeel shares real-world insights from securing industrial systems across the Middle East, Africa, and Asia. They tackle the implementation gap in OT SOCs and why legacy systems remain vulnerable. The discussion covers third-party access risks, OEM warranty restrictions, and system integrator challenges. AI might finally solve IT-OT convergence by acting as a translator between these worlds. But first, organizations need to master the fundamentals: asset inventory, vulnerability management, and network segmentation. Most companies still haven't nailed these basics in their industrial environments. This conversation cuts through the hype to focus on what actually works.Chapters:(00:00:00) - 16 Years in Cybersecurity: Why CISOs Don't Know What a PLC Is(00:01:48) - Career Journey: From IT to OT Cybersecurity Focus(00:02:48) - Books on AI Transforming Security Operations Centers(00:04:44) - The Implementation Gap: Challenges Building OT SOCs(00:06:40) - The IT-OT Cultural Divide and Missing Communication(00:08:40) - Why the OT Ecosystem Must Proactively Bring Cybersecurity Tools(00:10:00) - Can IT-OT Convergence Actually Happen?(00:11:00) - AI as the Bridge: The Black Box Solution for IT-OT Communication(00:12:42) - Legacy Systems Reality: Windows 7 Running $5M Equipment(00:14:00) - OT Cybersecurity Conferences: S4, Intersec, and Rockwell Automation Fair(00:16:00) - Market Consolidation: Who's Been Acquired in OT Security(00:17:48) - Back to Basics: Asset Inventory, Vulnerabilities, and Network Segmentation(00:18:40) - Third-Party Access Control and OEM Warranty Restrictions(00:20:40) - Why We Can't Ignore Asset Inventory and Segmentation in OT AnymoreLinks And Resources:Adeel Shaikh Muhammad on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    EP 80: The Dangers of White Label Devices

    Play Episode Listen Later Feb 5, 2026 38:03


    Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 80: The Dangers of White Label DevicesPub date: 2026-02-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationMany devices on modern networks aren't what their labels claim. This episode, Rob King, Director of Applied Security Research at runZero, explores white-labeled surveillance and IoT hardware, why some vendors are banned by governments, and how hidden risks can spread across enterprises. Discovery, device fingerprinting, and protocol analysis reveal what's really connected—and why knowing your true inventory is now essential for security, compliance, and trust.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    OT Remote Access After COVID: Why IT Tools Fail and What Critical Infrastructure Needs Now

    Play Episode Listen Later Feb 4, 2026 49:30


    Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: OT Remote Access After COVID: Why IT Tools Fail and What Critical Infrastructure Needs NowPub date: 2026-02-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationRemote access transformed overnight - and OT environments are still feeling the impact. In this episode of Protect It All, host Aaron Crow is joined by Steve Rutherford, VP of Sales at Hyperport and former military officer, for a candid conversation on how secure remote access in operational technology (OT) has evolved - and where it's heading next. They unpack how COVID accelerated remote connectivity across critical infrastructure, why many traditional IT security tools fall short in OT environments, and what protection really looks like when safety, reliability, and uptime are non-negotiable. Drawing from military discipline and frontline OT experience, Steve shares a grounded perspective on managing risk in environments where failure has physical-world consequences. You'll learn: How COVID permanently changed OT remote access expectations Why IT-first security approaches don't translate well to OT The role of layered access controls and policy-driven permissions How dynamic access and trust scoring are reshaping OT security Where IT/OT convergence helps - and where it creates new risk What leaders must prioritize to balance access, safety, and resilience If you're responsible for enabling remote access while protecting critical operations, this episode delivers real-world insight, practical guidance, and a forward-looking view of OT cybersecurity. Tune in to understand what secure OT access really requires in today's threat landscape- only on Protect It All. Key Moments:  00:00 Securing Critical Infrastructure Access 03:59 "OT Mindset: Defense and Offense" 07:26 "Remote Access Challenges in Operations" 11:45 "Challenges in OT-IT Integration" 16:07 Authority Must Match Responsibility 18:23 Simplifying OT Authentication Challenges 21:53 "Dynamic Trust Scoring with AI" 24:05 "Access Control and Segmentation" 28:57 "Secure Access Without Overreach" 33:12 "Left of Boom Awareness" 35:56 OT Security and Local Control 39:35 "Driving Early Adoption Awareness" 41:54 "Proactive Support for Critical Infrastructure" 45:52 "Remote Work Enhances Team Efficiency" 47:17 "Exciting Tech for Cybersecurity" About the guest : Steve Rutherford is a former U.S. Army officer and aviator who transitioned his mission-driven mindset from military service to protecting critical infrastructure through operational technology (OT) security. After exploring multiple industries, Steve found a natural alignment between military operations and OT environments - where safety, reliability, and uptime are non-negotiable. Today, he works in secure user access for OT, helping organizations protect the systems that power modern life. How to connect steve :  Website : https://hyperport.io/ Linkedin: https://www.linkedin.com/in/steverutherford1/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast  To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    4/4 Desenlace en Monitorización de seguridad OT con telemetría del proceso

    Play Episode Listen Later Feb 4, 2026 10:12


    Podcast: Casos de Ciberseguridad IndustrialEpisode: 4/4 Desenlace en Monitorización de seguridad OT con telemetría del procesoPub date: 2026-02-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEste episodio aborda el impacto real observado en reducción de incidentes y decisiones preventivas, la evolución futura de la seguridad OT basada en señales de proceso y el consejo clave para responsables de ciberseguridad industrial.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Policy Pulse: Regulatory Roundtable - NERC CIP, Cybersecurity Strategy, AI & Electric Sector

    Play Episode Listen Later Feb 3, 2026 62:05


    Podcast: Critical Assets PodcastEpisode: Policy Pulse: Regulatory Roundtable - NERC CIP, Cybersecurity Strategy, AI & Electric SectorPub date: 2026-02-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome to the Policy Pulse Panel, a new monthly series within the Critical Assets Podcast. Hosted by Patrick Miller (Ampyx Cyber), Earl Shockley (CEO, Inpowerd), and Joy Ditto (CEO, Joy Ditto Consulting), this recurring panel dives into the most significant policy shifts and regulatory developments impacting critical infrastructure, operational technology (OT), and industrial cybersecurity. Each month, we unpack emerging legislation, agency actions, and standards updates - connecting the dots between policy and the practical realities faced by asset owners, utilities, vendors, and government partners. If you're trying to stay ahead of your auditors and your legislators, this is your monthly must-listen.https://ampyxcyber.com/podcast/policy-pulse-regulatory-roundtable-nerc-cip-cybersecurity-strategy-ai-electric-sectorThe podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Medical Devices Exposed | 29

    Play Episode Listen Later Feb 3, 2026 42:21


    Podcast: ICS Arabia PodcastEpisode: Medical Devices Exposed | 29Pub date: 2026-01-31Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode , I'm joined by Alessio Rosas, an OT cybersecurity expert from Italy, to dive deep into the world of medical devices and the potential risks they face when exposed to the internet.The podcast and artwork embedded on this page are from ICS ARABIA PODCAST, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    FAT/SAT for ICS/OT: Break Early, Build Secure | 70

    Play Episode Listen Later Feb 2, 2026 71:13


    Podcast: ICS Arabia PodcastEpisode: FAT/SAT for ICS/OT: Break Early, Build Secure | 70Pub date: 2026-01-31Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWe're excited to host Dieter Sarrazyn , Industrial Security Advisor and Founder of Secudea — a specialist in SCADA/ICS/OT cybersecurity, IEC 62443, and FAT/SAT security validation.In this episode, we dive into:

    A destructive cyberattack in Poland raises NATO 'red-line' questions

    Play Episode Listen Later Feb 1, 2026 173:22


    Podcast: Three Buddy Problem (LS 39 · TOP 2% what is this?)Episode: A destructive cyberattack in Poland raises NATO 'red-line' questionsPub date: 2026-01-30Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarization(Presented by Material Security: We protect your company's most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.) Three Buddy Problem - Episode 83: Poland's CERT documents a rare, explicit wiper attack on civilians in a NATO country, including detailed attribution of a Russian government op targeting the electric grid in the heart of winter. We examine why this crosses a long-avoided threshold, why attribution suddenly matters again, and what it says about pre-positioned access, vendor insecurity, and the shrinking gap between cyber operations and acts of war. Plus, another Fortinet fiasco, a new batch of Ivanti zero-days under attack, an emergency patch from Microsoft and the return of the mysterious KasperSekrets account. Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.Links:Transcript (unedited, AI-generated)Material Security (Use Cases)ESET DynoWiper update: Technical analysis and attributionPoland CERT on Russian wiper attacksPoland blames two Ukrainians allegedly working for Russia for railway blastBritain's New Spy Chief Has a New MissionTwo New Ivanti 0days ExploitedMicrosoft ships emergency Office patch to thwart attacksAnalysis of Single Sign-On Abuse on FortiOSFortinet PSIRT: Administrative FortiCloud SSO authentication bypassDiverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088WhatsApp Strict Account SettingsChina Executes 11 People Linked to Cyberscam Centers in MyanmarSingapore to start caning for scammersGermany on hacking attacks: "We will strike back, including abroad"Acting CISA chief uploaded sensitive files into a public version of ChatGPTTLP BLACKLABScon 2026KasperSekretsThe podcast and artwork embedded on this page are from Security Conversations, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Embedded Industrial Security: The Network-Native Advantage

    Play Episode Listen Later Jan 31, 2026 27:33


    Podcast: SecurityWeek Podcast Series - Cybersecurity InsightsEpisode: Embedded Industrial Security: The Network-Native AdvantagePub date: 2026-01-29Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAndrew McPhee, Industrial IoT Security Solution Manager at Cisco, joins the SecurityWeek podcast and dives into why traditional monitoring and SPAN-based approaches fail to deliver true visibility in industrial environments, and how network-native security embeds inspection, segmentation, and protection directly into the network. We discuss real-world implementation challenges, economic tradeoffs, and how to move from visibility to action without disrupting operations.  (Want to continue the discussion? Contact Cisco.)Follow SecurityWeek on LinkedInThe podcast and artwork embedded on this page are from SecurityWeek, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Ramy Nahum CEO & owner @Triple C veteran of Israeli IT infrastructure industry on BCP, recovery & backup

    Play Episode Listen Later Jan 31, 2026 45:38


    Podcast: ICS Cyber Talks PodcastEpisode: Ramy Nahum CEO & owner @Triple C veteran of Israeli IT infrastructure industry on BCP, recovery & backupPub date: 2026-01-30Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationנושא ההתאוששות מכשל מערכות ו/או אירוע סייבר דורש הכנה אפקטיבית שמתחילה בגיבוש תוכנית המשכיות עסקית (ביי.סיי.פיי) ותוכנית להתאוששות מאסון (דיי. אר. פיי) המגדירות תפקידים ושלבי פעולה ברורים בזמן אמת. נדבך מרכזי בהכנה הוא יישום מערך גיבויים אוטומטי ומבוזר (כולל גיבויים "קרים" המנותקים מהרשת הראשית) ובדיקת תקינותם באופן תקופתי. בנוסף, על הארגון לקיים תרגולים המדמים תרחישי קיצון בקנה מידה משמעותי ממפגשים עם ארגונים רבים נראה שיש חוסר הבנה על ההבדל בין דיי.אר וגיבוי, תרומה משמעותית לבלבול הזה מגיע מכיוון יצרני תוכנות הגיבוי והמעבר להתאוששות וגיבוי בענן. הפרק הזה הוא חובה לכול מנכ"ל, מנהל מערכות מידע ומנהל אבטחת מידע ונועד לעשות סדר במונחים והפעולות השונות נחשון פינקו מארח את רמי נחום המנכ"ל והבעלים של חברת טריפל סי מוותיקי התחום בישראל, בשיחה על התאוששות, גיבוי וכול מה שביניהם. מה ההבדל בין אתר התאוששות לבין מערכת גיבויים מתי מספיק גיבוי באמצעי איחסון אלקטרונים ומתי מומלץ להוסיף גם קלטות כגיבוי קר (מבחינתי תמיד!) למה נדרש לבצע תרגולים בקנה מידה גדול ולא רק ע"ג שרת או שניים ומספר קטן של משתמשים למה נדרש לבדוק גיבויים באופן שוטף ועודThe podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Opportunistic by Default: How OT gets pulled into the blast radius

    Play Episode Listen Later Jan 30, 2026 34:21


    Podcast: Safe Mode Podcast (LS 25 · TOP 10% what is this?)Episode: Opportunistic by Default: How OT gets pulled into the blast radiusPub date: 2026-01-29Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Safe Mode, we look at how opportunistic campaigns—often starting as loud disruption like DDoS—can probe for weak points and, in some cases, move closer to operational technology and industrial control systems. Using a recent Justice Department case tied to pro‑Russia hacktivist groups as a jumping-off point, we discuss what this pattern says about the OT threat landscape in 2025, from remote access and trust boundaries to engineering workflows and data integrity risk. Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, joins to explain what defenders should prioritize now to keep “noise” from becoming real-world operational impact.The podcast and artwork embedded on this page are from Safe Mode Podcast, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Balancing Speed and Security: The Open Source Dilemma in Embedded Development

    Play Episode Listen Later Jan 30, 2026 29:30


    Podcast: Exploited: The Cyber Truth Episode: Balancing Speed and Security: The Open Source Dilemma in Embedded DevelopmentPub date: 2026-01-29Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder and CEO Joseph M. Saunders and embedded systems expert Elecia White, host of Embedded.fm and author of Making Embedded Systems, to discuss the trade-offs of using open source in embedded development. The conversation goes beyond debates about “open vs. proprietary” to explore how a single library can quietly introduce sprawling dependency chains, unclear maintenance responsibilities, licensing obligations, and long-term security exposure,  especially in devices expected to operate for years or decades. Elecia and Joe share guidance for using open source intentionally, including how to set guardrails early, limit dependency blast radius, and design systems that can respond when vulnerabilities emerge, even when patching isn't easy. Together, they cover: Why embedded teams don't get burned by open source, they get burned by unexamined dependenciesHow transitive dependencies and “helpful” packages quietly expand attack surfaceWhy professionalism, documentation, and disclosure practices signal trustworthy projectsWhy build-time SBOMs matter more than after-the-fact analysisHow Secure by Design thinking reduces reliance on emergency patching For embedded engineers, product leaders, and security teams balancing delivery pressure with long-lived risk, this episode offers advice for using open source without inheriting future incidents.The podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    design security balancing speed dilemma open source embedded listen notes sboms elecia embedded development paul ducklin elecia white
    OT.SEC.CAST – The OT.SEC.CON. Podcast with Mike Holcomb

    Play Episode Listen Later Jan 29, 2026 32:52


    Podcast: CYBR.SEC.CAST (LS 25 · TOP 10% what is this?)Episode: OT.SEC.CAST – The OT.SEC.CON. Podcast with Mike HolcombPub date: 2026-01-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThis week, Michael and Sam chat with educator, founder, and OT.SEC.CON. opening keynote speaker Mike Holcomb! They discuss his free, in-person training coming up on March 31 in Houston, how - like many others - the movie War Games played a role in his journey into the cybersecurity industry, and how his focus has shifted toward OT/ICS security education.Things Mentioned:Mike's site - https://www.mikeholcomb.com/Mike's YouTube Channel - https://www.youtube.com/@utilsecBSides ICS - https://www.bsidesics.org/Sign up for Mike's free class on March 31, 2026 when you sign up for OT.SEC.CON. - https://www.xcdsystem.com/cybrseccommunity/attendee/index.cfm?ID=DwWuEm5Register for Jeremiah Grossman's Webinar - https://www.cybrsecmedia.com/webinar/Do you have a question for the hosts? Reach out to us at media@cscgroupllc.com Keep up with CYBR.SEC.CON.:LinkedInXFacebookInstagramKeep up with CYBR.SEC.Media:LinkedInXFacebookInstagramCheck out our Conferences and Events:CYBR.SEC.CON.OT.SEC.CON.CYBR.HAK.CON.EXEC.SEC.CON.CSC User GroupSupport or apply to our Scholarship Program:TAB Cyber FoundationSubscribe to the podcast: AppleSpotifyListen to our other show:CYBR.HAK.CAST In this episode:Host: Michael FarnumHost: Sam Van RyderGuest: Mike HolcombProduction and editing: Lauren AndrusMusic by: August HoneyThe podcast and artwork embedded on this page are from CYBR.SEC.Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    The Patching Gap Putting Industrial Operations at Risk: IT vs OT

    Play Episode Listen Later Jan 28, 2026 26:25


    Podcast: Industrial Cybersecurity InsiderEpisode: The Patching Gap Putting Industrial Operations at Risk: IT vs OTPub date: 2026-01-27Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCraig and Dino tackle one of industrial cybersecurity's most critical challenges in this Rewind episode: the massive gap between IT and OT patching strategies. IT organizations patch constantly—think Patch Tuesday. OT environments rarely patch at all, creating dangerous vulnerability gaps across connected networks. The hosts explore why this disconnect exists. Production floor downtime costs are astronomical, making patching a risky business decision. OEM restrictions complicate matters further. Many vendors won't support systems or warranties after unauthorized updates. Managing decades-old equipment alongside modern systems creates another layer of complexity. Legacy PLCs weren't designed with patching in mind. The consequences of not patching are mounting. Insurance companies are tightening requirements and regulatory pressures are intensifying. Craig and Dino offer practical solutions that don't require shutting down production lines. Virtual patching technologies can protect legacy control systems without traditional software updates. The hosts emphasize the urgent need for IT-OT collaboration. All stakeholders—including OEMs and system integrators—must be part of strategic cybersecurity conversations. This episode is essential listening for CISOs, plant managers, and anyone responsible for protecting industrial operations. The connected world isn't waiting for OT to catch up. Chapters:00:00:00 - Introduction to Patching Challenges00:01:08 - IT vs OT Patching: Key Differences00:02:55 - Understanding the Cost of Downtime in OT00:03:32 - Overcoming Challenges with Legacy Systems00:05:21 - Navigating OEMs and Safety Concerns00:06:45 - The Role of Safety in OT Patching00:08:52 - Exploring Virtual Patching Solutions00:13:11 - Enhancing Vendor Collaboration and Risk Management00:16:48 - Impact of Mergers and Acquisitions on Cybersecurity00:18:33 - Addressing Insurance and Compliance Issues00:20:12 - Significant Consequences of Not Patching00:23:14 - Building an Effective Collaborative Cybersecurity Strategy00:24:03 - Conclusion and Actionable InsightsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    3/4 Acciones en Monitorización de seguridad OT con telemetría del proceso

    Play Episode Listen Later Jan 27, 2026 9:16


    Podcast: Casos de Ciberseguridad IndustrialEpisode: 3/4 Acciones en Monitorización de seguridad OT con telemetría del procesoPub date: 2026-01-26Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEste episodio trata de las acciones prácticas: los primeros pasos para iniciar un proyecto de telemetría aplicada a la seguridad, la conexión con equipos de operación y mantenimiento, y el papel de los proveedores de automatización.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Safety Services Provide an Answer

    Play Episode Listen Later Jan 26, 2026 28:56


    Podcast: Today with ISSSourceEpisode: Safety Services Provide an AnswerPub date: 2026-01-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWe are going through an advancing digital age, no one can deny that. Data is coming at workers from all directions. There is great knowledge in that data, but who has the time to sort through it, after all, we have to keep making product and keep the process moving safe and sound. For safety and functional safety, manufacturers need to manage data and be able to identify trends to understand all levels of risk. That is where safety services can come into playThe podcast and artwork embedded on this page are from Gregory Hale, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    EP 79: Ignore OT Security At Your Own Peril

    Play Episode Listen Later Jan 25, 2026 38:25


    Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 79: Ignore OT Security At Your Own PerilPub date: 2026-01-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThe growing importance of OT security, highlighting overlooked risks in critical infrastructure, legacy systems, and supply chains. Through real-world examples, Eric Durr, Chief Product Officer at Tenable, shows why OT security differs from IT, emphasizing visibility, resilience, and risk prioritization to protect safety, operations, and business continuity.  The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

    Claim @BEERISAC: CPS/ICS Security Podcast Playlist

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel