(CS)²AI is the premier global non-profit workforce development organization supporting professionals of all levels charged with securing control systems. With over 25,000 members worldwide, we provide the platform for members to help members, foster mean
In this insightful episode of the (CS)²AI Podcast, host Derek Harp welcomes Jay Gignac, Vice President of Sales at FoxGuard Solutions, (CS)²AI Fellow and a passionate OT cybersecurity evangelist. The conversation centers around some of the most pressing challenges in the control systems industry—asset visibility, patch management, and community collaboration. Jay, who will be speaking at the upcoming Level Zero OT Cybersecurity Conference, offers expert-level advice for professionals navigating the complex world of operational technology security.Listeners will hear real-world examples of how OT differs from IT, particularly in areas like patching and compliance. Jay shares how asset discovery and lifecycle management remain fundamental hurdles, even after over a decade of cybersecurity initiatives. The discussion explores the nuances across industry verticals—energy, manufacturing, oil & gas—and underscores why tailored approaches are critical when securing diverse OT environments.This episode is a must-listen for OT professionals, cybersecurity leaders, and anyone attending Level Zero or looking to deepen their understanding of control systems security. Discover why collaboration, not just technology, is key to long-term success in the OT space. Whether you're an engineer, a procurement officer, or a seasoned CISO, there's valuable insight here for everyone working to protect the core of their company's operations.
Lucian Niemeyer, Chief Executive Officer of Building Cyber Security and former Assistant Secretary of Defense, joins Derek Harp to discuss the growing cyber risks to operational technology (OT) systems and the urgent need for proactive frameworks to protect public safety. Recorded live at Hack the Capitol 7.0, this episode delves into the vulnerabilities in smart buildings, connected infrastructure, and critical systems that could have life-threatening consequences if exploited.Lucian shares how his experience in national security shaped his focus on OT cybersecurity, emphasizing the physical impacts of cyberattacks on HVAC systems, elevators, and even water utilities. He introduces the concept of cyber commissioning, a process that ensures building systems are configured securely from the start. Lucian also explains how Building Cyber Security is creating industry-specific frameworks to help facility managers, building owners, and policymakers mitigate risks and reduce insurance liabilities.With increasing threats from ransomware, nation-states, and insider errors, this episode highlights why securing operational technology is critical to protecting both property and lives. Learn how Lucian's nonprofit is driving collaboration across industries to address this rapidly evolving threat landscape.
Roya Gordon, previously the Executive Industry Consultant - Operational Technology (OT) Cybersecurity at Hexagon Asset Lifecycle Intelligence and currently, is the Deputy CISO at ENGIE North America Inc., joins Derek Harp live from Hack the Capitol 7.0 to explore the evolving landscape of asset inventory in operational technology (OT). Roya breaks down the differences between asset visibility, inventory, and management, sharing her firsthand experiences from both passive and configuration-based methodologies.Roya highlights the critical role of asset inventory in building a strong OT cybersecurity foundation. From distinguishing between passive and active network monitoring to the importance of configuration management, she emphasizes how a multi-layered approach can offer comprehensive visibility and risk management. Roya also dives into why organizations often overlook configuration change management, and how integrating different solutions can optimize security efforts.Whether you're a seasoned OT professional or just starting your cybersecurity journey, this episode offers valuable insights into improving asset management, reducing risks, and fostering collaboration between vendors and operators.
In this episode of the (CS)²AI Podcast, host Derek Harp welcomes Mehdi Tarrit Mirakhorli, Associate Professor at the University of Hawaii and a Cybersecurity Expert, to discuss Secure by Design—a fundamental shift in how we develop and deploy software in industrial control systems (ICS) and operational technology (OT). With over 15 years of R&D experience for DARPA, the Air Force, and DHS, Mehdi shares why modern software is inherently vulnerable and how we can learn from aviation, medical, and safety-critical industries to build resilient systems from the ground up.The conversation dives deep into the risks of insecure by design software, the challenges of implementing true security practices, and the role of government policies in shifting liability from users to vendors. Mehdi explains the importance of threat modeling, attack surface analysis, and secure architecture frameworks to mitigate cyber threats before they arise. He also highlights how software development must evolve beyond rapid deployment cycles to integrate security as a core design principle.If you're an ICS professional, cybersecurity engineer, or software developer, this episode provides actionable insights on reducing vulnerabilities at scale, implementing proactive security measures, and preparing for the future of cyber threats. Subscribe now and stay ahead in the ever-evolving world of industrial cybersecurity!
Derek Harp welcomes Kyle McMillian, Product Security Officer at Siemens, to discuss the evolving landscape of software bill of materials (SBOMs) and their role in modern cybersecurity. Recorded live at Hack the Capitol 7.0, this conversation unpacks the challenges and opportunities posed by SBOMs in an industry grappling with legacy systems and modern threats.Kyle dives into the origins of SBOMs, their role in addressing vulnerabilities like Log4J, and their potential to transform procurement, risk management, and incident response. He emphasizes the importance of balancing transparency with practicality, noting that SBOMs are a starting point for broader cybersecurity conversations. With his unique perspective from a leading equipment manufacturer, Kyle shares insights into how SBOMs can help bridge the gap between IT and OT systems.This episode is essential for anyone looking to understand the future of cybersecurity and the critical role of SBOMs in securing industrial control systems. Learn how these tools can foster trust, streamline risk management, and improve collaboration across the industry.
Derek Harp sits down with Kenneth Warren, Staff OT and Offensive Security Engineer at GRIMM Cyber, to discuss how gamification and Capture the Flag (CTF) competitions are revolutionizing cybersecurity training. Recorded live at Hack the Capitol 7.0, this conversation explores how CTFs and cyber ranges create safe, hands-on environments for learning offensive and defensive cybersecurity skills.Kenneth explains how CTFs offer opportunities to tackle real-world scenarios, from navigating complex networks to interacting with industrial control protocols. Whether you're an experienced professional or a newcomer to the field, CTFs provide a unique way to build and refine your skills. He also highlights how gamification reaches audiences that traditional training might miss, making learning engaging and accessible.This episode provides insights into the growing role of gamified learning in cybersecurity and how it's inspiring the next generation of professionals. Discover how these competitions foster collaboration, creativity, and innovation in a rapidly evolving industry.
Derek Harp hosts Jeff Hahn, Project Manager at Idaho National Laboratory (INL), to discuss innovative approaches to training in the ICS and OT cybersecurity space. Recorded live at Hack the Capitol 7.0, Jeff shares insights into how INL's escape rooms provide hands-on, immersive learning experiences for professionals and students alike.The escape rooms integrate learning objectives from INL's renowned 301 Red Team/Blue Team training, transforming them into engaging, gamified challenges. These exercises offer participants a chance to simulate real-world scenarios, improve teamwork, and develop critical cybersecurity skills. Jeff also highlights the importance of bridging gaps between IT and OT teams through collaborative training initiatives.Whether you're a seasoned professional or a newcomer to the field, this episode explores how gamification and experiential education can help prepare the next generation of cybersecurity experts. Discover how these escape rooms are traveling the world, raising awareness, and making learning accessible to everyone.
Derek Harp welcomes Rob Shaughnessy, CEO of Cimetis, to discuss critical issues in the world of ICS and OT security, recorded live at Hack the Capitol 7.0. Rob dives into the vulnerabilities surrounding the development of innovative technologies, supply chain risks, and the evolving threat landscape posed by nation-state actors.The conversation highlights the growing need for transparency in supply chains, the legal gaps in cybersecurity requirements for technology companies, and the rise of services like ransomware-as-a-service, which lower the bar for cybercriminals. Rob also shares his perspective on education and workforce challenges in cybersecurity, emphasizing the importance of foundational skills and the risks of over-relying on influencer culture.Packed with actionable insights, this episode offers a nuanced look at the complexities of securing critical infrastructure, balancing innovation with security, and preparing for a more connected, yet vulnerable, future.
The intersection of cybersecurity and the food industry takes center stage as Kristin Demoranville, founder and CEO of Anson Sage and host of Bytes and Bites, joins Derek Harp at Hack the Capitol 7.0. This compelling conversation reveals how digital systems impact every aspect of the food supply chain, from farming and production to transportation and storage.Kristin highlights key vulnerabilities, including risks in automated farming equipment, robotic processing lines, and self-driving refrigerated trucks. She advocates for embedding cybersecurity into food safety practices to protect both trust and the integrity of what we eat. As the industry embraces groundbreaking innovations like AI and lab-grown food, addressing these challenges is more crucial than ever.Listeners will gain valuable insights into the urgent need for collaboration, awareness, and action to secure the systems that sustain our daily lives. This dialogue sheds light on the essential role of cybersecurity in ensuring a safe and reliable food supply for everyone.
In this episode of the (CS)²AI Podcast, host Derek Harp welcomes Jay Warren, co-founder of ResetCon, to discuss the intersection of cybersecurity research, critical infrastructure, and collaborative defense strategies. Recorded live at Hack the Capitol 7.0, this conversation highlights the pressing need to close gaps between academia, offensive researchers, and critical industries.Jay delves into the mission of ResetCon, an inaugural conference designed to connect academic researchers, defense experts, and key players from the civilian and commercial sectors. Together, they aim to anticipate emerging threats, mitigate risks, and reduce recovery times for critical systems. The discussion also explores the challenges of integrating IT and OT security teams, the importance of "cyber-informed engineering," and the need for secure-by-design principles.Listeners will gain insights into the future of cybersecurity, including lessons learned from DARPA research, the importance of bridging silos, and how to build more resilient systems. Don't miss this episode if you're passionate about protecting critical infrastructure and fostering innovation.
Our host Derek Harp sits down with Adam Robbie, Head of OT Threat Research at Palo Alto Networks, live from Hack the Capitol 7.0. Adam shares critical insights into emerging cybersecurity challenges within Operational Technology (OT) environments, including findings from Palo Alto's extensive OT threat landscape research.Listeners will hear about the top attack vectors impacting critical infrastructure: remote access vulnerabilities, supply chain risks, and lateral movement across networks. Adam discusses the importance of network segmentation, cross-team collaboration between IT and OT, and innovative tools like the Cyberwall, a hands-on demonstration environment showcasing real-world OT threats.Whether you're an OT security professional or new to the field, this episode delivers practical takeaways to enhance your cybersecurity strategies. Don't miss this engaging conversation focused on securing control systems and building stronger, collaborative defenses.
In this episode of the CS2AI Podcast, host Derek Harp dives deep into the evolving threats to national security and critical infrastructure with Mark Montgomery, Senior Fellow at the Foundation for Defense of Democracies. Recorded live at the Hack the Capitol 7.0 conference in Washington D.C., this episode sheds light on the increasing cyber vulnerabilities faced by the United States from nation-states like China and Russia, as well as criminal actors exploiting critical infrastructure. Mark shares his extensive experience and expertise, offering insights into how the U.S. government can better prepare and protect itself in the face of modern cyber threats.Mark discusses the significant mismatch between the capabilities of the Department of Defense and intelligence agencies, and the authorities of civilian federal agencies responsible for protecting sectors like power, water, and transportation. He also highlights the pressing issue of underperforming federal agencies tasked with safeguarding critical infrastructure, and the dire need for a comprehensive, bipartisan approach to cybersecurity legislation. With over 32 years in the U.S. Navy and years of policy work in the federal government, Mark offers a unique perspective on the future of cybersecurity and what needs to change to address these challenges effectively.One of the key takeaways from this episode is Mark's call for a more cohesive strategy to defend against cyber threats and protect public safety and economic productivity. Despite the ongoing challenges, there's a sense of hope as Mark emphasizes the bipartisan nature of cybersecurity solutions and the possibility of enacting meaningful changes. This conversation is essential for anyone involved in cybersecurity, national security, or government policy and provides crucial insights into the future of cyber defense in the United States.
Join Derek Harp and his guests from Rapid7—Lonnie Best, William Price, and Nicholas Butcher—as they delve into the critical challenges and exciting opportunities within the Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity landscape. Recorded live at Hack the Capitol 7.0, this episode highlights the growing demand for OT cybersecurity, innovative approaches to managing threats, and the evolving dynamics between IT and OT professionals.In this episode, the panel discusses real-world examples of managing ICS threats, the nuances of integrating OT into traditional IT security frameworks, and the importance of trust and communication in bridging gaps between teams. Learn how managed security services are adapting to meet the unique demands of OT environments and why collaboration across roles and expertise is essential.Whether you're a seasoned professional or new to the field, this episode offers actionable insights and inspiring stories that highlight the importance of securing critical infrastructure in today's evolving threat landscape. Visit cs2ai.org to learn more about resources, events, and professional development opportunities in OT and ICS cybersecurity.
In this episode of the CS²AI Podcast, host Derek Harp is joined by Lucian Niemeyer, CEO of Building Cybersecurity, for an enlightening discussion on the critical importance of protecting operational technology (OT) systems. Recorded at the Hack the Capitol 7.0 conference, Lucian emphasizes the increasing threats to critical infrastructure posed by nation-state actors and other adversaries, describing the current landscape as a "Sputnik moment" for cybersecurity.From vulnerabilities in water systems to the cyber-physical risks of modern vehicles, this conversation highlights the pressing need for a collective defense strategy. Lucian shares actionable insights on the roles of the private sector and national defense in addressing these challenges and calls for a bipartisan commitment to safeguard life-essential systems.If you're curious about how cybersecurity intersects with human safety and national security, this episode is a must-listen. Learn about proactive measures, emerging frameworks, and how you can contribute to strengthening our defenses.
Derek Harp hosts Virginia "Ginger" Wright, a program manager at Idaho National Laboratory, known for her pioneering work in cybersecurity for critical infrastructure. Ginger shares the history and importance of Cyber Informed Engineering (CIE) and how this engineering philosophy integrates safety protocols directly into the design of industrial systems, making them resilient against cyber threats. They discuss the origins of CIE in nuclear energy safety, the unique assets of Idaho National Laboratory, and the vital role engineers play in safeguarding critical infrastructure. Ginger also dives into practical resources like the Cyber Informed Engineering Implementation Guide, sharing how organizations and educators can adopt this methodology. Join us for insights into CIE's impact on the future of OT and ICS cybersecurity.
In this episode, host Derek Harp sits down with Bryson Bort and Tom Van Norman, co-founders of ICS Village and creators of Hack the Capitol. They discuss the origins and evolution of Hack the Capitol, now in its seventh year, and the conference's unique focus on bridging cybersecurity professionals with policy makers and industry leaders. They dive into the value of hands-on learning, the launch of Workforce Development Day, and the ongoing need for practical cybersecurity education and career opportunities for all. Bryson and Tom also highlight the significance of candor in the field and what attendees can look forward to at future conferences. Tune in for insights into the world of OT and ICS cybersecurity, hands-on training, and the importance of building community partnerships.
In this episode, the conversation centers on the critical role of operational technology (OT) security and the unique contributions of the S4 Conference. Dale Peterson shares his journey and insights into the challenges of underrepresentation in cybersecurity, especially for women and other groups, and highlights innovative scholarship initiatives aimed at bridging this gap. The discussion also delves into the evolving landscape of AI in cybersecurity, addressing both its potential and the complexities it brings. Listeners will gain valuable perspectives on managing cybersecurity risks, prioritizing investments, and developing effective recovery strategies in OT environments. As we look forward to S4 2025 in Tampa, Florida, this episode offers a glimpse into the future of cybersecurity and the importance of resilience in our systems
Today, we are thrilled to welcome Roya Gordon as our guest. Roya is an executive industry consultant specializing in operational technology, cybersecurity, and Hexagon. She is a military veteran, an accomplished technologist, and a prolific speaker in our industry. Her creativity knows no bounds, encompassing her passion for the arts and her love of opera and symphonies. She is also an avid traveler and a super fun person to have around.Roya brings a unique and engaging perspective to our discussion today. She shares her journey from a pre-law magnet program to becoming a skilled speaker in the Navy, highlighting the value of communication skills for conveying technical information to audiences and sharing the challenges and opportunities veterans face when breaking into the cybersecurity industry.Stay tuned as Roya shares her invaluable insights and experiences, offering guidance for veterans aspiring to enter the cybersecurity field. You will not want to miss the wisdom and stories Roya shares with us today.Show highlights:Roya shares her background as an army brat.Roya discusses her six-year experience in the Navy.How Roya gradually realized she was involved in technology through her Navy intelligence workRoya talks about her studies in international relations and national security after leaving the Navy and how she pivoted to studying cyber-warfareRoya landed a job as a security researcher at Idaho National Laboratory (INL) despite lacking an IT background.Roya talks about the foundational training she received in OT cybersecurity at INL. How advanced tools often get underutilized due to a lack of trained personnel Roya highlights the value of certifications. How non-technical roles like journalism and event planning can offer entryways into the cybersecurity space.Links and resources:(CS)²AI Derek Harp on LinkedInHexagonRoya Gordon on LinkedIn
We are thrilled to have Max Aulakh, the Founder and CEO of Ignyte Assurance Platform, joining us today. Max is a military veteran and motorcycle enthusiast who enjoys doing voluntary work. He is a prolific contributor to the cybersecurity community, always willing to be of service to others. When Max was three, his father applied for American citizenship at the US Embassy in India. It was an extremely long process, and after losing all hope, he and his family finally migrated to Oklahoma a decade later. Join us to learn how Max transitioned from the military to founding the successful Ignyte Assurance Platform. He also shares his views on regulations, discusses how AI has impacted the security field, and offers prudent and practical advice for anyone interested in pursuing a cybersecurity career. Stay tuned for today's candid and fascinating interview with Max Aulakh, the Founder and CEO of Ignyte.Show highlights:How Max's military experience led to his career in securityMax's Air Force mentor encouraged voluntary service.How working with the Department of Treasury, scrubbing hard drives, led to Max's interest in security.Max explains how his military experience instilled a service mindset beneficial for security roles.While in service, he attended the American Military University due to its flexible programs for deployed personnel.The challenges he faced transitioning from a services company to a product-based companyMax shares how he launched Ignyte in 2019/2020How Max assists companies with the Cybersecurity Maturity Model, particularly in thedefense sector.Why standardization and testing are essential in operational technologyMax shares his views on the potential of AILinks and resources:(CS)²AI Derek Harp on LinkedInIgnyte Assurance PlatformMax Aulakh on LinkedIn
We are delighted to have Mike Holcomb joining us on the show today.Mike is both a fellow and a cybersecurity director, and he currently serves as the ICS OT Cybersecurity Global Lead at Fluor, a massive multinational engineering and construction firm with over 40,000 employees. He has participated in many major building projects, and we are excited to learn from his extensive experience today. Stay tuned as Mike shares his insights and expertise.Show Highlights:Mike discusses the two years he spent in China building bowling alleysMike talks about his time teaching and consulting at a training company in San DiegoHow Mike had the opportunity to double his salary and work with the Navy SEALs during 9/11Mike discusses his experience working in IT securityMike explains that Fluor has built some of the largest control system environments in the world Mike discusses challenges in the energy sectorHow regulations impact cybersecurity in various industriesWhy cybersecurity regulations are essential within critical infrastructureMike discusses the challenge of aligning IT and OT cybersecurity teams Links and resources:(CS)²AI Derek Harp on LinkedInBridewellMichael Holcomb on LinkedInFluor
We are delighted to have Chase Richardson, the VP of Consulting at Bridewell, back on the show today. Bridewell boasts a rich history in industrials, offering comprehensive cybersecurity services across the entire cybersecurity spectrum, including operating technology. Recently, Bridewell came up with an insightful report on cybersecurity within the US critical infrastructure. In this episode, Chase dives into the current state of cybersecurity regulations in critical infrastructure and shares the details and origin of the upcoming Bridewell report, which falls squarely within the interest of CSAI. Tune in to learn more about this exciting project.Show highlights:How the attacks experienced by CISOs and cyber managers have decreased despite an increase in risk sentiment The challenges small and mid-sized airports face when implementing regulations due to their limited cybersecurity budgetsHow cybersecurity regulations in the US differ from those in the UKWhat is the link between IT and OT security?Why it is essential to implement a hybrid of IT and OT security measures to protect critical infrastructureWhy organizations need to comply with relevant cybersecurity standards and regulationsChase shares key findings and insights from Bridewell's upcoming cybersecurity report for critical infrastructure.Links and resources:(CS)²AI Derek Harp on LinkedInBridewellChase Richardson on LinkedIn
We are delighted to have Chase Richardson, Head of US Operations for Bridewell, and Martin Riley, Director of Managed Services for Bridewell, joining us today!We are changing things slightly for this episode, with Martin and Chase diving into how to integrate OT systems into your sim rather than presenting our regular biographical format. Their focus today is predominantly on the increasingly relevant topic of managing data across diverse platforms, particularly in OT applications. Join us as we explore this integration and unravel the challenges it presents.Show highlights:The evolution of cybersecurity technologyHow the industry struggles with integrating IoT and OT data into security simsWhy integrating separate systems into one platform is crucial for security teams How security and operational technology leadership teams convergeWhy hybrid teams are essential for managing cybersecurity risksThe importance of asset visibility and understanding the architecture for effectively implementing security solutions How AI and machine learning can help to reduce noise in security operationsWhy threat intelligence is essential for business risk and control validationThe importance of threat intelligence in the cybersecurity industryLinks and resources:(CS)²AI Chase Richardson on LinkedInMartin Riley on LinkedInBridewellDerek Harp on LinkedIn
We are thrilled to welcome Juan Carlos Buenano as our distinguished guest for today's episode of the CS2AI podcast! Carlos is the Chief Technology Officer for OT at Armis. He is a born technologist and an engineer by training. Beyond his professional endeavors, he embraces a life filled with adventure, enjoying many outdoor activities, including scuba diving, mountain biking, and exploring the scenic expanses of unspoiled nature. Carlos was born in Venezuela and grew up in a small town outside Caracas. After graduating as an electronic engineer in Venezuela, he traveled to Australia to learn English, fell in love with the country, the lifestyle, and the nature, and has lived there for the last 23 years.Carlos brings a unique perspective to today's show, shaped by his professional and personal experiences. Join us for an engaging discussion as he shares his wealth of experiences and insights and explains how he serves his community.Show Highlights:Carlos shares his journey to becoming an engineer in the energy industryHow his interest in control systems beganCarlos recounts his early cybersecurity experiences in industrial systems during the early 2000sThe importance of keeping operating systems up to date to prevent vulnerabilities and ensure reliabilityWhy it is essential to understand how technology works in both physical security and cybersecurityCarlos discusses the challenges of integrating cybersecurity into process control systemsCarlos offers advice for engineers who want to get into cybersecurityThe importance of mentorship and learning from others in their industryCarlos discusses the weekly open mic Ask Me Anything sessions he does at workLinks and resources:(CS)²AI Derek Harp on LinkedInCarlos Buenano on LinkedInArmis
We are delighted to have Ken Munro joining us from the UK today! Ken is a Partner and Co-founder of Pen Test Partners. He is a seasoned technologist, the founder of multiple ventures, a pilot, a skier, and a dynamic and adventurous contributor to our community. Ken brings a wealth of experience and expertise that promises to enrich our understanding of the evolving landscape in cybersecurity. In today's discussion, we dive into his remarkable career journey and explore his perspective on OT and ICS-related cybersecurity.Join us for this informative session with Ken as he shares his valuable perspectives.Show Highlights:Ken discusses his cybersecurity industry journeyHow Ken's past Air Force experience relates to his current work in cybersecurityThe benefits of telling a story when communicating complex conceptsKen shares a story to highlight the importance of safety and security within the aviation industryKen talks about the unique systems on board planes and their vulnerabilitiesHow the isolated protocols used in older aircraft systems are more robust and stable than the modern systemsHow even simple display systems can cause airport outagesKen shares his concerns about cybersecurity risks within cloud management platforms for industrial control systemsHow including contractual language for liability in procurement contracts can protect organizations against cybersecurity risksKen shares his thoughts on the future of the cybersecurity industryLinks and resources:(CS)²AI Derek Harp on LinkedInKen Munro on LinkedInPen TestPartners
We are excited to bring you another captivating industry leader interview today. In this episode, we interview Michelle Balderson, the Principal Security Architect at Issquared. Michelle is a seasoned professional. In addition to having extensive experience as an established contributor and leader within the industry, she is a technologist, devoted mother, wife, chef, and a true jack of all trades. Beyond her contributions to the industry, Michelle finds joy in the great outdoors, whether she is conquering hiking trails, setting up camp, or enjoying four-by-four adventures. In our discussion today, Michelle talks about her personal and professional journey, sharing insights she gained along the way and shedding light on the path that brought her to where she is in her current role as a security specialist.Join us as we dive into the rich reservoir of wisdom and experience that Michelle brings to the table.Show Highlights:How moving around a lot while growing up allowed Michelle to develop an excellent rapport with othersMichelle describes her first experience with technologyMichelle shares her experience of working at Fortinet and SonicWALLWork opportunities within the OT security spaceWhy a more holistic approach to security is neededThe importance of changing the culture within businesses to bridge the gap between different domains How empathy and active listening can drive business successMichelle discusses her role at IssquaredMichelle shares the advice she would give to her younger selfLinks and resources:(CS)²AI Derek Harp on LinkedInMichelle Balderson on LinkedInISSQUARED Inc.
Today, we are bringing you a fresh, new format called the Author Spotlight, where we focus on the authors within our community. We are delighted to launch the Author Spotlight by shining our light on Andrew Ginter, the VP of Industrial Security at Waterfall Security Solutions. Andrew has been a steadfast CS2AI supporter since its inception, dedicating considerable time to CS2AI initiatives, and Waterfall is one of our oldest sponsors. We are grateful to Andrew for generously sharing his insights and all the invaluable contributions he and his company, Waterfall, have made. Andrew's offerings include editing, reading, and committing much of his time to community projects. Join us today as we explore Andrew's wealth of wisdom and experience.Show HighlightsAndrew reflects on his writing process and discusses his new book, The Golden Black Book.Andrew talks about a new approach of combining cybersecurity and engineering to manage risk.How Andrew structured his book for a mixed audience of engineers and managersThe importance of using mathematical modeling when making cybersecurity decisions rather than relying on intuition or guessworkAndrew highlights the lack of cybersecurity expertise within industrial settings.How complex risks have created the need for a multi-faceted approach to cybersecurityAndrew emphasizes the importance of security by design within product development.Why it's essential to understand the broader definition of vulnerability Andrew discusses the challenges of writing a book on industrial cybersecurity Links and resources:(CS)²AI Derek Harp on LinkedInAndrew Ginter on LinkedInWaterfallSecurity
We are thrilled to have another exceptional guest on the show today!Ron Fabela is the Field Chief Technology Officer at Xona. He is a multifaceted individual who has been a stalwart contributor to the industry for many years. His impressive resume includes being an Industrial Security champion, a military veteran, and a technologist. Beyond his professional achievements, Ron is also a founder, a father, a husband, an astronomy expert interested in anything space-related, and, believe it or not, a goat herder. Ron has had a wealth of experiences, making him an all-around fascinating guest. Get ready for a long-overdue and truly insightful discussion with Ron Fabela!Show highlights:How Ron's interest in technology beganRon discusses his career in the military and talks about his cybersecurity trainingRon offers advice for young people The benefits of working for large organizations, doing internships, and doing volunteer workHow Ron progressed in his cybersecurity careerWhy no opportunity for exposure to systems and networks should ever get squanderedHow Ron's military experience shaped his approach to workRon shares insights on the challenges of consultingThe importance of having hobbies and passions outside of workRon talks about his role as a Field CTOHow the control systems cybersecurity industry has evolvedWhy it is essential to persevere with projects, even when facing challenges or the progress is slow Links and resources:(CS)²AI Derek Harp on LinkedInRon Fabela on LinkedInXona
We are delighted to have Bill Lawrence, the Chief Delivery Officer at Itegriti Corporation, joining us on the podcast today! For those unfamiliar with Bill, he is a well-rounded and multifaceted individual. He is a technologist, artist, and a loving father and husband, in addition to being a talented singer, Navy veteran, and pilot.Bill is known in the industry for his many achievements. In today's conversation, we unveil the various layers of his experiences and perspectives, and he shares insights into the unique facets that have defined his professional and personal journey. Stay tuned as we delve into the steps and milestones that have shaped Bill's dynamic career!Show highlights:How Bill started programming in the fourth or fifth gradeHow a movie inspire him to join the militaryBill shares some of his exciting fighter pilot experiences Bill's Naval Academy experiences included computer science studies and exposure to cybersecurityBill reflects on teaching cybersecurity at the Naval Academy How he transitioned in his career after quitting the Naval Academy Bill discusses his time spent as a project manager at NERCHow Grid X evolved and grewCybersecurity and compliance within the energy industryThe importance of reading books and applying them to life to make a positive impactWhy Bill finds quantum computing and AI exciting prospects Links and resources:(CS)²AI Derek Harp on LinkedInBill Lawrence on LinkedInItegritiCorporationBooks mentioned:The Ideal Team Player by Patrick Lencioni How to Be Perfect by Michael Perry
We are delighted to have another remarkable guest joining us on the podcast today! Dr. Jesus Molina, the Director of Industrial IoT at Waterfall Security Solutions, is a seasoned cybersecurity practitioner and well-known OT cybersecurity thought leader. He is a technologist and inventor driven by an insatiable curiosity. In addition to being a copious reader and an electrical engineer with a Master's degree and a Ph.D. in the field, Dr. Molina is a dedicated researcher, a sailor, an intrepid traveler, a compelling public speaker, and an ardent educator. Dr. Molina's passion for cybersecurity, particularly in the context of IoT and OT, is evident in everything he does. Join us today as we delve into the insights and experiences of this accomplished cybersecurity expert.Show highlights:Dr. Molina talks about his early life experiencesHow his interest in cybersecurity beganDr. Molina explains how he created a virus that infected every computer in his high schoolDr. Molina shares his experience of pursuing a Master's degree in the US after studying in SpainA valuable lesson learned about remaining cautious and protecting a group or organization after a security breachCybersecurity challenges and solutions in various industriesHow Dr. Molina discovered he could control every room in a hotel by exploiting a wireless network vulnerabilityDr. Molina shares a cautionary story about the importance of watching what you say around journalistsHow curiosity drives creativityDr. Molina discusses his views on the futureLinks and resources:(CS)²AI Derek Harp on LinkedInDr. Jesus Molina on LinkedInWaterfall Security Solutions
We are delighted to welcome Rob Dyson as our special guest for the 100th episode of the CS2AI podcast! Rob is the Global OT Security Services Leader for IBM. Beyond his corporate role, he is a military veteran, a tech enthusiast, a devoted father and husband, a proud grandfather, and an avid scuba diver. His extensive experience overseeing key service areas within an industry giant like IBM makes Rob an exceptional guest for this milestone podcast. He joins us today to share his insights on control systems, operating technology, and cybersecurity practices.Rob truly brings a wealth of knowledge and clarity to today's discussion. Stay tuned for more!Show highlights:How Rob's interest in technology influenced his desire to explore new things and push boundariesThe challenges of setting up a business continuity plan in a remote locationHow security measures have evolved from the early days of network security to modern-day cybersecurityThe importance of understanding the network for OT securityHow software developers can bring valuable skills to cybersecurity after mastering the fundamentals of networkingRob shares his insights on entrepreneurship in the cybersecurity spaceHow Rob got offered a job with IBM in 2012 after a quick and unexpected interview process Rob explains how he transitioned to full-time OT security work in 2016 Why is there a need for a different mindset and cultural understanding within the OT cybersecurity industry? Rob offers advice for people who have recently begun their career journeysLinks and resources:(CS)²AI Derek Harp on LinkedInRob Dyson on LinkedInIBM
We are delighted to have Gary Kessler joining us as our special guest for today's episode of the CS2AI podcast show! Gary is a multifaceted individual with a diverse array of interests. He has been involved in many different projects over time and has worn various hats under the umbrella of his company, Gary Kessler Associates. His impressive literary contributions include over 75 articles and three books, establishing him as a prolific authority on cybersecurity. He started his journey as a computer programmer and continues to embrace that today. He is a former EMT firefighter, a passionate outdoorsman, an avid cyclist, and an accomplished master scuba diver trainer. He also is a boat captain, a retired college professor, and a dedicated husband and father. Stay tuned for Gary's interesting backstory and fascinating insights on maritime cybersecurity!Show highlights:Gary shares his backstory and cybersecurity journey How Gary got into maritime cybersecuritySome early computer security vulnerabilities and hacking techniquesGary dives into current shipbuilding practicesSome potential maritime cybersecurity risks and threatsGary discusses his initial focal point with maritime cybersecurityCan a ship be hacked to gain potentially damaging data?Security by design and resilience in engineeringWhy bridge crews and officers have to be more technologically aware now than ever beforeLinks and resources:(CS)²AI Derek Harp on LinkedInGary Kessler on LinkedInGary KesslerAssociates
We are delighted to welcome Vincent Riou as our special guest for today's CS2AI podcast! Vincent is a distinguished figure within the cybersecurity industry who has profoundly impacted the field in recent years. He is a multifaceted individual with a passion for uniting people- even tens of thousands of individuals at times, for various causes. He is a French Navy veteran, a technologist, a founder, a dedicated father, a loving husband, a culinary artist, and above all, an all-around stand-up guy! Vincent has a wealth of knowledge to share with us today! He joins us to discuss some pertinent cybersecurity issues and concerns and the upcoming FIC event in Montreal on October 25th and 26th. Stay tuned for more!Show highlights:The story behind the FIC Conference that took place in Lille, France, just over a year agoWhy were the FIC events started?How cybersecurity is part of the fabric of every type of business organization, institution, and government bodyVincent explains why he organizes open events focusing on those who rely on the digital transformation of the worldVincent talks about the OT part of the Montreal event and explains how it started Vincent explains what comes first when he organizes an eventHow the Montreal event will differ from the event that took place in Lille last yearVincent pulls back the curtain to reveal how the big conferences work and what it is like to run themVincent shares his future vision for news conferences in North AmericaLinks and resources:(CS)²AI Derek Harp on LinkedInVincent Riou on LinkedInSAVE THE DATE FIC North America – October 25 and 26, 2023
Today, Derek Harp interviews Susan Peterson Sturm, the Chief Information Security Officer at Cognite. Susan is a Transformational Operational Technology leader with 20 years of experience in profitably scaling innovative software-based businesses, including automation, IIOT, and cyber security. She has a proven track record of growing and structuring early-stage, profitable digital software-driven P&Ls in excess of $150M. She specializes in change management, product management, M&A, and strategic alliances. Susan serves on advisory boards of Cognite, Innosphere Ventures & One Warm Coat. Susan is an incredible individual with vast experience! She's an empath, DEI champion, mentor, board advisor, and volunteer focused on poverty alleviation. In this episode, she discusses her background, talks to Derek about her professional journey, and offers helpful tips and advice.You won't want to miss this episode if you are considering a career in the cybersecurity space. Tune in to hear Susan's fascinating story and benefit from her years of experience in the security field. Show highlights:Susan talks about her studies.Her motivation for pivoting into energy after graduating from college.What she gained from her career in international affairs.Some of Susan's interesting roles early on in her career.The benefits of getting in-the-field experience.There are many different leadership paths to be chosen within the industry.What you can gain from working abroad with distributed teams.Where security first intersected with Susan's career.Why it's worth investing your time in networks.How being vulnerable can help you develop valuable relationships.The role mentorship has played in Susan's career.How Susan ended up in her current role as a CISO.Motherhood can be very challenging for women in senior roles. The importance of moving on from any workplace where you don't feel safe to express your needs.Links and resources:(CS)²AICogniteSusan Peterson Sturm on LinkedIn
Dr. Michael Chipley, the Founder and President of the PMC Group, is the guest for today's podcast.Dr. Chipley has over 30 years of consulting experience in the areas of Program and Project Management, Cybersecurity, Energy and Environmental (LEED, Energy Star, and Carbon Footprint); Critical Infrastructure Protection and Analysis; Building Information Modeling (BIM) Technology; Base Realignment and Closure (BRAC), and Emergency Management/Disaster Recovery. Dr. Chipley served 24 years as a Civil Engineer in the US Air Force and has been consulting since 2001. He is a former adjunct faculty member at George Mason University, where he taught the Infrastructure Security Engineering, Building Security, and Building Information Modeling courses.Dr. Chipley grew up on a farm in Oregon. He is a long-time contributor to cybersecurity for control systems, civil engineer, US Airforce veteran, husband, father, grandfather, outdoor enthusiast, and wine enthusiast. He joins Derek Harp today to discuss his military background and career journey and share his insights and advice. You will not want to miss this episode if you are leaving the military and considering a career in cybersecurity. Stay tuned to hear Dr. Chipley's story and benefit from his breadth of experience!Show highlights:What Dr. Chipley did and studied during the 24 years he spent in the military. Dr. Chipley talks about Shodan.io and what it can do.Some advice about skills and opportunities in the control systems space.How Dr. Chipley benefited from joining the military.Why you can never stop learning in the control systems world.Why women tend to excel in the cyber field.How students can find opportunities to join internship programs.Potential challenges that people in cybersecurity could face.Some of the projects with which Dr. Chipley is currently involved.What can young people do to add to their knowledge and education to increase their value five years from now?Links and resources:(CS)²AIThe PMC GroupMichael Chipley on LinkedIn
We are excited and very grateful to have David Pekoske, the current Administrator for the Transportation Security Administration (TSA), joining us today to share a closeout keynote he recently delivered. With a distinguished career spanning many years of dedicated service within the Coast Guard and the Department of Homeland Security, Administrator Pekoske has held various pivotal roles. Now, he stands at the helm of the Transportation Security Administration. With his wealth of experience and insights, this episode promises to offer a unique perspective on the challenges and innovations in transportation security. Stay tuned for more!Show highlights:What the TSA does for security beyond the aviation systemAdministrator Pekoske discusses cybersecurity measures for critical infrastructureWhat are the cybersecurity regulations for critical infrastructure?The importance of cybersecurity and the need for a coordinated response to cyber attacksWhich measures have been put in place for cybersecurity in the transportation sector?Cybersecurity regulations and complianceWhich cybersecurity measures in place for critical infrastructure? What should the regulator have a basic understanding of and be willing to do to achieve their goals?How insider threats within the aviation industryCybersecurity and workforce development in the aviation industryOptions for cybersecurity careers in the government and private sectorsLinks and resources:(CS)²AI Derek Harp on LinkedInDavid Pekoske on LinkedInTransportationSecurity Administration (TSA)
Derek is thrilled to have a true industry legend returning to the podcast today!Joe Weiss, the Managing Partner at Applied Control Solutions LLC, initially appeared on the show in episode 61. If you have not already done so, you can listen to that episode to learn more about his biography and personal journey. Joe's reputation in the industry precedes him, as he is among the select few who can honestly claim to have dedicated more time and expertise to the field of cybersecurity field than almost anyone else. His career includes tenures at renowned organizations, and he is the curator of one of the world's largest incident databases. As in the words of Paul Simon, there have been incidents, accidents, hints, and allegations, and Joe Weiss has been at the forefront of understanding and dissecting all of those challenges. Join us for a thought-provoking episode where we dive into the complexities of cyber incidents, attribution, and the ever-evolving landscape of industrial security. You are in for an enlightening conversation today, so stay tuned for more!Show highlights:The story of how Joe started his database Cybersecurity in the context of nuclear safety and control systemsJoe discusses his database of incidents, explaining how it provides valuable insights into the history of cybersecurity incidents.Control system cybersecurity incidents and their causes Cybersecurity threats and vulnerabilities in industrial control systemsThe importance of securing sensors and actuators in industrial control systemWhy do engineers need training on policies and procedures to address security concerns with field devices?Security issues within the industryJoe shares his frustration with the lack of progress in IoT security.Ways to live with insecure systems and even turn them into money-making machines for end usersWhy is Joe calling for a holistic approach to control systems?Links and resources:(CS)²AI Derek Harp on LinkedInJoe Weiss on LinkedInApplied ControlSolutions LLC
Derek is delighted to welcome Ron Gula of Gula Tech Adventures and Co-Founder of Tenable as the guest for today's show! His name is synonymous with innovation and expertise, and many listeners are bound to recognize the companies he has either birthed or influenced. Ron is originally from upstate New York. He was born in Rochester, grew up in Syracuse, and went to Clarkson University. He has had a multifaceted background and has worn many hats throughout his career. First and foremost, he is a technologist, with his roots tracing back to his formal training as an electrical engineer. He is also a programmer, founder, and CEO. Beyond his professional accomplishments, Ron is a military veteran after serving in the United States Air Force. He is a husband, father, podcasting enthusiast, masterful 3D animator, and scuba diver. He also indulges in cigar appreciation, holds roles as an investor, advisor, and board member across diverse ventures, and is a passionate champion of philanthropy. Today's conversation promises to be enlightening and inspiring! Stay tuned as we delve into the multifaceted tapestry of Ron's life and myriad experiences!Show highlights:How Ron became a hackerOne of Ron's worst experiencesThe importance of understanding the mission of a companyRon talks about Dragon, network security, and how Dragon got acquired by another companyRon shares his motivation for starting his business and explains how he did itRon shares his advice for doing a startupHow Ron and his business partner co-founded Tenable Why Ron called his company Gula Tech AdventuresWhat they do at Gula Tech Adventures Links and resources:(CS)²AI Derek Harp on LinkedInRon Gula on LinkedInGula Tech Adventures
Step into the cybersecurity world alongside Derek today as he brings you another riveting discussion with an esteemed expert! Rob Putman is the Global Manager of Cybersecurity Services at ABB Process Automation. At the core of his journey lies an unquenchable thirst for understanding that has fueled his prowess within the cybersecurity world and beyond. Apart from his impressive professional portfolio, his life encompasses interwoven threads of diverse experiences. He is a US Army veteran, a devoted father, a relentless technologist, a car enthusiast, an intrepid skier, adaring rock climber, and a masterful team builder. With Rob hailing from the scenic Bainbridge Island in Washington State, just beyond the heart of Seattle, his insatiable curiosity about the mechanics of the world ignited his trailblazing path. With a penchant for dismantling and deciphering, he embarked on a lifelong mission to unravel the inner workings of things, often charting unorthodox courses to unveil hidden truths. Rob's curiosity and unyielding quest for understanding demonstrate the boundless possibilities that emerge when dedication intersects with ingenuity. Join Derek in witnessing the blend of expertise and passion embodied by Rob's exceptional journey as he peels back the layers of his life and work. This episode will enrich your understanding of cybersecurity and illuminate the transformative power of unbridled curiosity and purpose-driven endeavors! Stay tuned for more!Show highlights:Rob shares his superhero backstory.The jobs Rob did early in his career.How Rob transitioned into the tech world.The benefits of being opportunistic.How Rob managed to stay connected with interesting people as they moved around.How did he get into industrial control?The importance of having a diverse workforce to protect critical and control systems.Building trust and building bridges within a company.The challenges Rob faces and something he has to think about continuously in his current role. Some sage advice from Rob.Links and resources:(CS)²AI Derek Harp on LinkedInRob Putman on LinkedInABB ProcessAutomation
In the captivating world of cybersecurity, where technology and innovation intersect to safeguard our digital landscapes, Derek is delighted to welcome today's distinguished guest, Chris Kirsch! Chris is a man of multifaceted talents and roles. In addition to being the Co-founder and CEO of runZero , he is also a husband, a runner, a social engineer, an unwavering devotee to cybersecurity, a seasoned member of various security ventures, and a chef specializing in the art of bread baking! With his company serving as a bridge to the operational technology community, Chris's journey is a tale that weaves through diverse geographies. He grew up and went to primary school in Germany. He then attended boarding school in Switzerland, after which he continued his education in the United Kingdom.As we journey through Chris's narrative, we dive into his role as a longstanding contributor to the cybersecurity landscape and his pivotal role in bridging the gap between the digital domain and operational technology. Join us as we delve into the diverse facets of the narrative of Chris Kirsch, a remarkable force in the cybersecurity world! You're bound to be enthralled by his unique story that intertwines his personal experiences with his unyielding commitment to the cybersecurity domain!Show highlights:Some lessons learned from PGP.Bridging the gap between hardware and software.How adding a second product to the sales process changes the hearts and minds of a sales team.Transitioning from working with crypto-geeks to hackers. (18:51)The value of cold-calling managers. (26:01)Two essential attitudes you can have to an acquisition.The benefits of being open and having conversations without expectations.Fingerprinting flaky devices.The importance of having a good inventory. Chris's advice to his younger self.Links and resources:(CS)²AI Derek Harp on LinkedInChris Kirsch on LinkedInRunZero
Step into the cybersecurity world with Derek Harp for another riveting episode of the CS2AI podcast show! Derek has welcomed a vast array of industry titans onto the podcast, and this episode is no exception!Today's show features Bryson Bort, the CEO and luminary Founder of Scythe. Bryson's influence spans the domains he has touched, nurtured, advised, and meticulously built from the ground up. As the creator of the renowned ICS Village and the driving force behind Grimm, his story is an intricate tapestry of innovation and impact. A military veteran from the US Army, a nurturing father, a culinary maestro hosting his own show, a kayaker, a relentless charity fundraiser, and an all-around exceptional individual, Bryson embodies a remarkable depth that will most certainly captivate all listeners! Bryson spent his formative years in Germany and the Soviet Union. His linguistic journey began with German, followed by immersion language programs to master English, which was crucial for his educational pursuits. He spent his early years in Berlin until 1988, then in Moscow until 1990. His journey eventually culminated in the United States during his teenage years.Grab a seat and tune in as Derek unravels the narrative that shaped the exceptional Bryson Bort!Show highlights:How Bryson got into cybersecurity.How Bryson learned that procurement is your best friend.The importance of building relationships and providing exceptional service.Bryson shares his recommendations for working with individuals with technical backgrounds and getting them on board. The importance of understanding the business and mission of the company you work for.How cybersecurity eventually took over Bryson's career path.How Bryson got the nickname, Grimm.Bryson talks about starting his company.Bryson shares some advice for taking on new ideas.Bryson explains what the ICS Village is all about.Links and resources:(CS)²AI Derek Harp on LinkedInBryson Bort on LinkedInScytheGRIMMEpisode 79 withMegan Sanford
In an ever-evolving world where progress accelerates exponentially, the pursuit of knowledge and an unwavering commitment to shaping a prosperous future have never been more vital.Today, we have the distinct honor of hosting a true trailblazer in the field of academia and industry as Dr. Barton Miller, the esteemed Vilas Distinguished Achievement Professor at the University of Wisconsin-Madison, joins Derek to share his passion, talk about what he does in the industry, and discuss how we can create a better tomorrow. Since first setting foot on the grounds of the prestigious Wisconsin-Madison University in 1984, Bart has spent nearly four decades at the forefront of research and innovation. With his roots in Southern California and his current abode in Johnson, his passion continues to burn as bright as the Californian sun he grew up under! Join us for an enlightening journey as Bart embarks on a riveting conversation, unraveling his unwavering passion, pioneering contributions in the industry, and vision for a brighter future! Get ready to delve into a world of cutting-edge ideas and explore how we can shape a promising future holding boundless potential!Show highlights: Bart shares his origin story. Why is it essential to get early exposure to control systems and focus on a specific area of interest?The value of resiliency and keeping systems up.What is plus-testing?Bart dives into how he uses terms like deep-fried security, crispy on the outside and juicy on the inside, when teaching.Examples of physical attacks on industrial systems. How did Bart get started in computer science? Bart explains fuzz-testing.The pros and cons of open source. Bart gets into his Introduction to Software Security course. Bart discusses something he has been looking at most recently- ransomware.Links and resources:(CS)²AI Derek Harp on LinkedInDr. Barton Miller on LinkedInUniversity of Wisconsin-Madison
Prepare yourself for another captivating episode of the CS2AI Podcast! Today, we feature an exclusive interview with Daniel Bardenstein, a former USG official turned entrepreneur. Having recently launched a groundbreaking start-up centered on the critical concept of SBOM, Daniel brings a wealth of insider knowledge and experience to the table! Daniel is the Co-founder and Chief Technology Officer of Manifest, a pioneering company specializing in comprehensive SBOM management. Their core mission is to facilitate organizations in embracing this innovative and relatively new concept with utmost simplicity and automation. Through their state-of-the-art solutions, Manifest empowers businesses to navigate the complexities of SBOM seamlessly, ushering in a new era of efficiency and ease.In today's riveting discussion, hosted by Bryson Bort, Daniel pulls back the curtain on what truly happens in the trenches of SBOM and unlocks the secrets to implementing his game-changing approach within organizations. If you have ever wondered what SBOM is all about and how it could transform the way in which your organization operates, this interview is a must-listen! Get ready to dive into the nitty-gritty of SBOM as Daniel spills the beans on what is happening in the thick of it, offering invaluable insights on how to begin implementing this cutting-edge technology within your organization, starting today!Fasten your seatbelt and gear up to elevate your cybersecurity game to unprecedented heights!Show highlights: What is an SBOM? Why SBOM is essential for asset owners. Two key ways to collect SBOMs.Integrating vulnerability management with asset management. Looking retroactively at legacy systems. How SBOM makes vulnerability management better. The importance of vulnerability management. How to get started with internal product security.How to get customers to take action. How long will it take to see value? Links and resources:(CS)²AI Derek Harp on LinkedInDaniel Bardenstein on LinkedInManifest
Get ready for another captivating interview with a true cybersecurity luminary!Joining Derek on the podcast today is the multi-talented Mike Radigan! Mike is a seasoned cyber risk advisor at Cisco with a diverse background and a knack for problem-solving.Mike's current role is impressive, and his entire journey has been nothing short of extraordinary! Renowned for his creativity and expertise, and with a background in electrical engineering, he has proven himself a formidable problem-solver. Beyond his professional pursuits, Mike is also an avid educator, a master networker, and a passionate connector within Ohio's business and security events. Additionally, he boasts a fascinating range of interests, from being a semi-retired basketball player to a devoted cigar enthusiast and dog lover. With Derek having been privileged to know Mike for years, today's interview promises to unveil intriguing insights and stories that will captivate cybersecurity enthusiasts and general audiences alike! Stay tuned to hear about Mike's fascinating journey and learn from his many years of cybersecurity experience!Show highlights:How Mike became interested in technology.When security first came into play at Cisco.The evolution of cybersecurity from the early days to today.Risk quantification and cybersecurity. The importance of reliability in cyber security. An agnostic model for defining how risk works.How are those models applied in OT environments?The importance of reliability in cyber security.Why risk is a derived value. Lessons learned from the DRC Organization. Links and resources:(CS)²AI Derek Harp on LinkedInMike Radigan on LinkedInCisco
You are in for a treat today because we have an extraordinary guest and true industry titan joining us!Omar Sherin is a renowned cybersecurity expert. He is a partner at Ernst and Young Digital Solutions and Cybersecurity and former director of OT Cybersecurity for the same prestigious firm. However, Omar is multifaceted, and his story goes beyond his professional achievements. He is also a founder, dedicated father, adventurous scuba diver, and an avid lover of cars and motorcycles! With his vast experience and diverse interests, Omar has traversed the realms of technology and exploration, making him a captivating and inspiring figure in the cybersecurity world. In today's discussion, he sheds light on his journey and delves into his remarkable contributions as a regional leader, sharing intriguing insights from his region of the world. He also gets into an exciting topic that lies ahead- prepping for the World Cup! Omar Sherin is not just a technologist but also a true adventurer and global citizen! Brace yourself for an enlightening conversation that transcends the boundaries of cybersecurity!Show highlights:How Omar got into cybersecurity.Two occurrences in Omar's life triggered his professional momentum.Omar discusses the incident that opened his eyes to the value of data.Why state-sponsored attacks require state-sponsored defenses.Omar shares his unique perspective on cybersecurity.How safety culture is embedded in cybersecurity.Omar talks about building an OT team in Africa.The ramifications of holding a world cup in Qatar.How to prepare for a major event.Why is cybersecurity a golden opportunity for young people?
Today, we are excited to share a riveting panel discussion on cybersecurity for Rails! We are honored to introduce our esteemed panelists, three remarkable individuals with a wealth of knowledge and expertise. Their diverse backgrounds and extensive experience in their respective domains make them invaluable contributors to today's discussion.Miki Shifman holds the esteemed positions of CTO and Co-founder of Cylus, a company wholly dedicated to cybersecurity. With an impressive career spanning over 15 years, his expertise encompasses cybersecurity research and development, as well as communications and embedded systems. For the past six years, he has been at the helm of Cylus, focusing on rail cybersecurity and actively participating as a member of global standardization groups, advocating for awareness and best practices. Recognized as part of Forbes 30 under 30, Miki also enjoys indulging in the strategic game of chess.Omar Sherin is a partner at EY. He leads the OT cybersecurity efforts for the MENA region. With an impressive 20-year track record in cybersecurity and a wealth of practical knowledge, his expertise extends to national security and the establishment of resilient infrastructures, including those within the rail systems. Jo Dalton is a seasoned cybersecurity professional with 17 years of comprehensive industry experience. Her versatile background encompasses various facets of the field, from business compliance to operational components, along with the groundbreaking research conducted at Pen Test Partners. Today's enlightening panel discussion will provide a comprehensive view of the transportation industry, focusing on the scenarios within the rail sector. Stay tuned for a thought-provoking exploration that will give you a broader perspective on railway transportation security.Show highlights:How the connected world has changed things.The complexity of the rail industry.Why do we need more detailed standards?Global regulations for critical infrastructure.How old is the technology in rail?Challenges to be faced in the next three years.The typical life cycle of a rail safety system.The importance of having multiple companies working together.Cyber resilience in the rail industry.The need for industry-driven regulation of security.Links and resources:(CS)²AI Derek Harp on LinkedInOmar Sherin on LinkedInErnst & Young (EY)Jo Dalton on LinkedInPen Test PartnersMiki Shifman on LinkedInCylus
Today, we have the pleasure of introducing two esteemed panelists poised to ignite our minds with their profound expertise on cybersecurity in the maritime sector. Gary Kessler and James Cabe are two remarkable individuals who will shed light on the vast spectrum of applications that intertwine maritime operations and the crucial realm of cybersecurity. Gary Kessler is a retired cybersecurity professor who has embraced diverse roles. With a remarkable career starting in the late 1970s, Gary has immersed himself in information security. However, his passion for maritime cyber has captivated his attention for the past five to six years. During the challenging times of the COVID-19 pandemic, Gary undertook a personal project close to his heart: writing a book on maritime cyber. Presently, he dedicates his life to exploring the depths of the water, both physically and intellectually, as he navigates the intricacies of cybersecurity in the maritime realm.James Cabe is a seasoned cybersecurity specialist. He hails from a background deeply rooted in the history of the industry. Having spent his formative years at BBN Planet, James carries a wealth of experience. He ventured into diverse sectors during his career, including retail, foreign national critical infrastructure, and the oil and gas industry. He is currently immersed in the IoT realm, spearheading his own startup focused on developing a chaos-resilient Human-Machine Interface (HMI) independent of Windows. While James acknowledges his comparatively lesser experience in the maritime domain, his expertise in the oil and gas sector, particularly in anchoring systems, vibration analysis, and mud logging, adds a unique perspective to this distinguished panel. In today's exhilarating exploration, we delve into the intricate world where technology meets the high seas and discover how safeguarding our industry has become paramount in the face of emerging digital challenges. The diverse backgrounds and perspectives of the panelists ensure an engaging and comprehensive discussion on the topic at hand.Stay tuned for an enlightening and dynamic conversation that promises to capture the essence of the maritime industry's cybersecurity landscape!Show highlights:The importance of cybersecurity in the maritime sector.Why maritime is essential for national security, defense, energy, food security, and economic security.Dealing with high-consequence events.The cost of retrofitting new technologies onto old ships.The push for autonomy on ships.The dangers of relying on digital information.The future of big boats and smart ships.The lack of resiliency in maritime systems.Automation and digitalization of the Maritime industry.Building a cyber safety culture.Links and resources:(CS)²AI Derek Harp on LinkedInGary Kessler on LinkedInGary Kessler AssociatesJames Cabe on LinkedInZPE Systems
We are delighted to welcome you to a riveting panel discussion on a subject at the intersection of technology, security, and the boundless skies! Today, we delve into the captivating realm of cyber security for aviation and aerospace! We are honored to introduce our three remarkable panelists, each of whom possesses a wealth of knowledge and expertise in their respective domain:Jonathan Pollet is a renowned figure at Red Tiger Security, known for his 22 years of dedicated work in OT and industrial control systems cybersecurity. Barbara Grofe hails from the esteemed Institute of Space and Cyber Research, where she specializes in space asset security and resiliency. Shawn Goudge is a seasoned professional who has made significant contributions to physical security in aviation globally while actively exploring the convergence of physical security and cybersecurity. This esteemed trio of experts joins forces to shed light on the vital connection between physical security and cybersecurity. Stay tuned for today's enlightening panel discussion on cyber security for aviation and aerospace that promises to unravel the intricacies of safeguarding our skies and beyond!Show highlights:Jonathan talks about a recent assessment of airport systems in Doha, Qatar.Why is cybersecurity very immature from the aerospace and satellite perspective? Who is responsible for OT cybersecurity at the airport?There is a lot of confusion within organizations about who is responsible for looking at threats.Why does cybersecurity legislation need to catch up?How physical and cybersecurity systems do not intertwine properly.Who is responsible for aviation security?Are satellites still easy to hack if they are sophisticated and compartmentalized?Do 5G and 6G pose specific risks for the aviation and aerospace sectors?The most common types of attacks on airlines.Barbara shares the key to addressing aerospace cybersecurity.Links and resources:(CS)²AI Derek Harp on LinkedInJonathan Pollet on LinkedInRed Tiger SecurityBarbara Grofe on LinkedInInstitute of Space and Cyber ResearchShawn Goudge on LinkedInThe Calgary Airport Authority
We are excited to welcome you to our eagerly anticipated panel discussion on the ever-evolving automotive and trucking industries! Today, we are privileged to host a remarkable trio of experts who will provide us with invaluable insights and diverse perspectives. We are delighted to introduce our esteemed panelists, Michael Clifford, Nikhil Bogam, and Antwan Banks. Each of these luminaries brings a unique perspective, promising a diverse and enlightening discussion that will unveil the inner workings of their respective organizations.Antwan Banks joined the National Motor Freight Traffic Association (NMFTA) about two months ago. His primary role is advocating for security practices as the industry advances into autonomous trucks, electric vehicles, and interconnected networks. With the overarching aim of safeguarding the welfare of motor carriers, Antwan's mission aligns with the NMFTA's dedication to fostering a thriving and secure environment within the motor freight industry.Nikhil Bogam is a seasoned professional with a remarkable career spanning 17 years in the automotive industry. He currently serves as a technical lead in functional safety and cybersecurity at Faurecia Forvia. With over six years dedicated to cybersecurity, Nikhil possesses a profound understanding of the intricate relationship between automotive technology and cybersecurity, recognizing its unique nature compared to conventional infrastructure security. He brings extensive expertise in the 21434 Standard, a recently published industry benchmark, and is actively involved in shaping forthcoming European regulations concerning automotive cybersecurity. Michael Clifford is a highly regarded professional and principal researcher in cybersecurity and privacy at Toyota Infotech Labs, the prestigious advanced research and development division of Toyota. With a unique focus on long-term projections, Michael engages in projects that anticipate developments a decade or more into the future. His responsibilities involve predicting and addressing security challenges for technologies that have yet to materialize. Moreover, Michael takes on a leadership role in a consortium of universities dedicated to cutting-edge cybersecurity research, encompassing a diverse range of domains such as security theory, cyber-physical attacks and defenses, and machine learning. His extensive expertise in cybersecurity research dates back to 1998, and his interests span a wide spectrum, including security, privacy, machine learning, autonomy, ad hoc networks, energy efficiency, engineering, transportation, manufacturing, and user-centric design. With a wealth of knowledge and a forward-thinking mindset, Michael plays a pivotal role in driving innovation and ensuring the security of future technologies.We invite you to join us as we embark on this compelling odyssey of knowledge and discovery and uncover the intricacies of the automotive and trucking industries and the remarkable visions that lie ahead. Stay tuned for more!Show highlights:The differences between trucking industrial control system cybersecurity and traditional cybersecurity.Michael shares his thoughts on electric vehicle (EV) charging stations.Security and privacy for autonomous vehicles.Why the automotive industry needs to think about problems that will occur.The evolution of the automotive industry.The future of security in the transportation industry.Does the automotive and trucking industry view federal rules as positive for cybersecurity or a hindrance?Looking at standards within the industry.Where automakers are, in terms of taking on cybersecurity for cars and trucks.How AI plays into the future of the automotive industry.Are common protocols and standards shared across the automotive industry?Can EVs be used to spread malicious...
Welcome to today's ground-breaking episode of the CS2AI podcast, where we have the privilege of hosting a dynamic duo of cybersecurity specialists who have dedicated their careers to protecting our critical infrastructure! Steve Mustard is a seasoned automation engineer from Houston, Texas, with a passion for securing automation and control systems. Having served as President of the International Society of Automation in 2021, his commitment to this field runs deep. Bob Radvanovsky is a true pioneer in industrial cybersecurity! He is the Co-founder of the renowned SCADASEC mailing list and the mastermind behind Project Shine. With his vast expertise in safeguarding control systems, IoT, and industrial IoT systems, Bob is currently at the forefront of fortifying our energy sector and protecting the grid. In this innovative episode, Steve Mustard, with his unwavering commitment to the field, and Bob Radvanovsky, a true trailblazer in industrial cybersecurity, share their wealth of knowledge and experience in securing automation and control systems. Stay tuned as Steve and Bob unravel the latest developments, challenges, and emerging trends in the ever-evolving world of cybersecurity!Show highlights:Why are we still having serious major incidents when there is so much awareness around cybersecurity?Bob talks about the idea behind Skidmark, his publically-accessible database for collecting information about industrial cybersecurity incidents.Staying up to date with cyber security.Why is there a disconnect between CEOs and operations?Managing cybersecurity on a risk basis.Problems with remote access.Do regulations actually help improve cybersecurity?Why must people who help people have an intimate understanding of the subject?What is a holistic approach to critical infrastructure?Simple things that can prevent egregious attacks.What can you expect from the fifth edition of Bob's book, Critical Infrastructure, Homeland Security, and Emergency Preparedness?Links and resources:(CS)²AI Derek Harp on LinkedInBob Radvanovsky on LinkedInSteve Mustard on LinkedIn
Derek is super excited to welcome a true trailblazer in the world of cybersecurity today!Jonathan Pollet is the Founder and Executive Director of Red Tiger Security. He is an invaluable pioneer and a long-time contributor to the cybersecurity community. He has been a guiding light for those who ventured into cybersecurity from traditional IP backgrounds over a decade ago. Red Tiger Security is a focused SCADA Security consultancy, training, and research firm dedicated to the resiliency of national critical infrastructure and mission-critical business systems that must be available on a 24x7 basis. Red Tiger Security has developed and implemented a 6-layer Vulnerability Assessment approach that encompasses both Physical and Cyber security for ICS (Industrial Control Systems).Hailing from the vibrant city of New Orleans, Louisiana, Jonathan's upbringing was shaped by the unwavering dedication of his single mother. Determined to pursue a path in electrical engineering, he tirelessly sought opportunities to secure a full scholarship, ultimately leading him to the doors of Louisiana State University. Fortunately, his efforts paid off, and he emerged holding a four-year degree at the age of 21. Growing up in the lively streets of New Orleans instilled in him a belief that anything is possible when met with resilience and a zest for life!With an illustrious background as a SCADA engineer, Jonathan has become an AI and OT security evangelist, leaving an indelible mark as an entrepreneur and business owner. In addition, he is also an instructor, speaker, scuba diver, and even a talented sax player!Join us as we uncover the extraordinary life of Jonathan Pollet, a multifaceted force shaping the landscape of cybersecurity!Show highlights:How Jonathan got started in digital process control.Jonathan shares a pivotal moment in his cybersecurity journey where he witnessed the entire system repeatedly crashing due to a network issue caused by a user in Australia attempting to draw a network diagram.Jonathan explains how he taught himself cybersecurity and became an advocate for it.What prompted him to create a course in cybersecurity?Jonathan dives into his transition from working for Chevron to becoming an entrepreneur.Why selling cybersecurity is not always easy.Is the industry waking up to the importance of cyber hygiene?How is OT learning from the IT world?Jonathan explains how things will become more and more connected in the future.Links and resources:(CS)²AI Derek Harp on LinkedInRed Tiger SecurityJonathan Pollet on LinkedInRed Tiger Security on LinkedIn
Derek is delighted to have a special guest calling in from Brussels today! Olivier De Visscher is the current Head of Railway Industrial Cybersecurity at the Expleo Group. He joins Derek to shed light on the importance of cybersecurity for the railway industry and discuss its implications for the future.With a total of 25 years of experience, Olivier has dedicated ten of those years to the field of Industrial Cybersecurity. He shares his expertise and promotes collaboration with the cybersecurity domain of the European Transportation sector. He remains closely connected to the railway community, including RU, IM, and the Industry, as it provides him with a valuable opportunity to work across different areas. Olivier continues to support various European initiatives in the field of railway cybersecurity.As we kick off our focus on transportation this month, starting with a series of events, seminars, and podcast episodes on May 17th, we could not be more excited to have Olivier joining us. With over 25 years of experience in IT and technology, Olivier brings a wealth of knowledge and expertise in railway systems and other industrial applications. Stay tuned to learn more about Olivier and his insights on railway cybersecurity!Show highlights:Olivier discusses his background in cybersecurity.What led Olivier to specialize in rail security?Olivier dives into the need for a new cybersecurity standard for rail.Why is cyber security so important in the transport sector?The importance of a cybersecurity approach in the safety case.Why you cannot protect against everything, especially when the threats are high-level.What is the tech refresh rate? Is ancient technology still in play?What is going uniquely well in the rail industry?Links and resources:(CS)²AI Derek Harp on LinkedInExpleo GroupOlivier De Visscher on LinkedIn