The Industrial Security Podcast

Follow The Industrial Security Podcast
Share on
Copy link to clipboard

Your lights are on, your car runs, because industrial systems work 24/7 to keep our lives ticking. But what happens when those systems—the very pillars of modern society—are threatened? Hosted by Nate Nelson and Andrew Ginter, The Industrial Security Pod

PI Media


    • May 20, 2025 LATEST EPISODE
    • monthly NEW EPISODES
    • 47m AVG DURATION
    • 139 EPISODES


    More podcasts from PI Media

    Search for episodes from The Industrial Security Podcast with a specific topic:

    Latest episodes from The Industrial Security Podcast

    Lessons Learned From Incident Response [The Industrial Security Podcast]

    Play Episode Listen Later May 20, 2025 50:41


    How did they get in? How did we find them when they got in? What can we do in future to clean up the mess faster? Chris Sistrunk reflects on a decades' industrial cyber incident response experience at Mandiant (Google).

    Experience & Challenges Using Asset Inventory Tools [The Industrial Security Podcast]

    Play Episode Listen Later Apr 21, 2025 36:27


    Asset inventory tools have become almost ubiquitous as main offerings or add-ons to OT security solutions. In this episode, Brian Derrico of Trident Cyber Partners walks us through what it's like to use these tools - different kinds of tools in different environments.

    Needles in Haystacks - Recruiting OT Incident Responders [The Industrial Security Podcast]

    Play Episode Listen Later Mar 17, 2025 56:06


    Industrial incidents can be cyber attacks, or equipment failures, or physical equipment leaking product because of metal fatigue or incorrect welds. OT incident responders need to know a lot. Doug Leece of Enbridge explores what is OT incident response and what you look for recruiting people into that role.

    Would You Rather Use a Control System That's Proven Correct? [The Industrial Security Podcast]

    Play Episode Listen Later Feb 24, 2025 52:56


    For safety-critical operations or for critical national infrastructures, would you rather base your system on a code that people have tested as best they can, or would you rather base your system on a platform that has been proven correct? Daly Brown and Nick Foubert of Metropolitan Technologies look at a new approach to designing OT systems.

    How to Embed 30 Years of Security Funding into Capital Budgets [The Industrial Security Podcast]

    Play Episode Listen Later Jan 27, 2025 56:00


    Most of us struggle to get funding for industrial cybersecurity. Ian Fleming of Deloitte explains how - because cybersecurity is essential to sustaining the value of industrial assets - how we can embed up to 20 or 30 years of cybersecurity budget into capital plans, rather than fight for budget every year.

    Insights into Nation State Threats [The Industrial Security Podcast]

    Play Episode Listen Later Dec 9, 2024 67:27


    Nation state threats are often portrayed as the "irresistible forces" of cyber threats, with little qualification. Joseph Price of Deloitte joins us to dig deeper - what are nation states capable of, what are they up to, and how should we interpret the information that is available to the public?

    OT Security Data Science - A better vulnerability database [The Industrial Security Podcast]

    Play Episode Listen Later Nov 20, 2024 34:46


    Security automation needs a machine-readable vulnerability database. Carmit Yadin of Device Total joins us to look at limitations of the widely-used National Vulnerability Database (NVD), and explore a new "data science" alternative.

    Driving Change - Cloud Systems and Japanese CCE [The Industrial Security Podcast]

    Play Episode Listen Later Oct 21, 2024 42:16


    Tomomi Ayoyama translated the book Countering Cyber Sabotage - Consequence-Driven, Cyber-Informed Engineering - to Japanese. Tomomi recalls the effort of translating CCE to Japanese and looks forward to applying CCE and OT security principles to industrial cloud systems at Cognite.

    Hitting Tens of Thousands of Vehicles At Once [The Industrial Security Podcast]

    Play Episode Listen Later Sep 23, 2024 35:38


    Compromise a cloud service and tens thousands of vehicles can be affected at once. Matt MacKinnon of Upstream Security walks us through the world of cloud security for connected vehicles, transport trucks, tractors, and other "stuff that moves."

    AI takes on polymorphic malware [The Industrial Security Podcast]

    Play Episode Listen Later Aug 5, 2024 48:12


    The bad guys keep getting better at what they do, and so must we defenders. Gary Southwell of Aria Cyber joins us to look at using AI to get ahead of constantly-changing malware.

    New Resource: Adapting IT Advice for OT [The Industrial Security Podcast]

    Play Episode Listen Later Jul 22, 2024 44:18


    The CIS Top 18 is widely used in IT, and Jack Bliss of 1898 & Co. has adapted that list for OT/industrial, adding a lot of industrial context and lists of related OT-centric tools and technology.

    Their own rail system, water treatment and more [The Industrial Security Podcast]

    Play Episode Listen Later Jul 2, 2024 52:58


    Airports really are small cities. Eric Vautier, CISO of all 3 Paris airports looks at what is an airport and how are thousands of airports changing because of NIS2 and the regulatory environment more generally.

    Rapid Recovery After an Attack [The Industrial Security Podcast]

    Play Episode Listen Later May 27, 2024 47:42


    Ransomware is the most common cyber attack causing OT outages - all Windows machines encrypted. What if we could "press a button" and have everything working again in seconds or minutes? Alex Yevtushenko of Salvador Technologies joins us to look at new technology for rapid recovery.

    CWE for Zero Days - not CVE [The Industrial Security Podcast]

    Play Episode Listen Later May 8, 2024 49:45


    The Mitre CWE - Common Weakness - database talks about kinds of problems that can show up in the future - future zero days - rather than CVE that talks about what vulnerabilities were discovered in the past. Susan Farrell walks us through the CWE and how both vendors and owners & operators use it.

    AI and Industrial Security in the Energy Transition [The Industrial Security Podcast]

    Play Episode Listen Later Apr 3, 2024 46:38


    AI is coming and industrial security is an issue. Join us as Leo Simonovich VP at Siemens Energy joins us to look at both in the context of the energy transition - burning fewer fuels to achieve the same industrial process goals.

    Evaluating network segmentation strength [The Industrial Security Podcast]

    Play Episode Listen Later Mar 12, 2024 51:15


    How hard is it for an attacker to dig around in my network? Robin Berthier of Network Perception joins us to look at new network segmentation evaluation and visualization technology that lets us see at a glance how much trouble, or not, we're in.

    Tractors to Table Tops - Industrial Security in the Industry of Human Consumables [The Industrial Security Podcast]

    Play Episode Listen Later Feb 26, 2024 70:09


    Precision farming is heavily automated, as are the "food factories" essential to feeding the world's population. Marcus Sachs at the McCrary Institute at Auburn University joins us to look at the threats, the challenges and opportunities to secure our food supplies from cyber risk.

    Cybersecurity in the AVEVA Enterprise SCADA Product - Going Deep [The Industrial Security Podcast]

    Play Episode Listen Later Feb 12, 2024 61:52


    From supply chain to Active Directory to segmentation designing security into ICS products is hard. Jake Hawkes walks us through how security gets built into AVEVA Enterprise SCADA.

    What's Next? A decision support tool for industrial security [The Industrial Security Podcast]

    Play Episode Listen Later Jan 29, 2024 36:04


    We have a security program, we have a risk assessment, we see gaps and we have a limited budget. How do we use that budget most effectively? Jørgen Hartig, CEO at SecuriOT joins us to look at a decision support tool to help answer the question.https://securiot.dk/securiot-irt

    USB Firmware Attacks [The Industrial Security Podcast]

    Play Episode Listen Later Jan 15, 2024 43:05


    You plug in a USB drive and your laptop starts smoking - nasty. Mario Prieto Sanlés of AuthUSB joins us to look at the nastiest of USB attacks, and what we can do about them.

    Managing Trust in Massive IIoT Systems [The Industrial Security Podcast]

    Play Episode Listen Later Jan 1, 2024 51:04


    Smart meters, smart cities and the IIoT - when thousands of systems of millions of low-power devices need to talk to each other, and talk between systems, managing trust is hard. Dr. Chris Gorog of BlockFrame walks us through the problem and the work BlockFrame and the University of Colorado have been doing to solve the problem.

    Making the Move into OT Security [The Industrial Security Podcast]

    Play Episode Listen Later Dec 12, 2023 48:47


    Moving from IT or engineering roles into OT security is harder than it should be. Mike Holcomb of Fluor has written eBooks & provides a newsletter to help people with that transition. In this episode, Mike reflects on his own evolution into OT security and gives advice to others looking at making the move.

    Building Trust to Cooperate - at the EE-ISAC [The Industrial Security Podcast]

    Play Episode Listen Later Nov 30, 2023 45:35


    Our enemies cooperate, and so must we. Aurelio Blanquet walks us through the activities of the European Energy ISAC, with a focus on building the trust that is essential to enabling the cooperation that we need to work together. Aurelio Blanquet - EE-ISAC Nov 21

    Failures of Imagination - from 9-11 to the Aurora test [The Industrial Security Podcast]

    Play Episode Listen Later Nov 14, 2023 55:17


    The industrial security initiative was triggered by the 9/11 attack on the World Trade Center. Aaron Turner, on the faculty at IANS Research, helped investigate laptop computers used by 9/11 attackers and joined up with Michael Assante to persuade government authorities to launch what has become today's industrial cybersecurity industry. Aaron takes us through the formative years - from 9/11 to the Aurora generator demonstration.

    Safety, Security and IEC 62443 in Building Automation [The Industrial Security Podcast]

    Play Episode Listen Later Oct 30, 2023 35:18


    Cybersecurity and IEC 62443 are increasingly relevant to building automation. Parking garages contain safety-critical CO2 sensors that control fans, the MGM breach is in the news and standards bodies are debating minimum security levels for different kinds of systems. Kyle Peters of Intelligent Buildings joins us to look at IEC 62443-2-1 style security assessments of modern buildings and what we can learn from those assessments.

    Physical Security Supports Cybersecurity [The Industrial Security Podcast]

    Play Episode Listen Later Oct 18, 2023 46:38


    Adversaries who can physically touch a target have a huge advantage when it comes to compromising that target. Mike Almeyda of Force5 joins us to look at tools for physical security that support cybersecurity, especially for the North American NERC CIP standards.

    Cybersecurity for Rail Systems - Harder than it sounds [The Industrial Security Podcast]

    Play Episode Listen Later Oct 3, 2023 50:56


    From aging equipment to regulators who must approve every patch, securing safety-critical rail systems is hard, but has to be done. Miki Shifman, CTO and Co-Founder at Cylus, joins us to talk about the problem and what many owners and operators are doing solution-wise.

    Demystifying Cyber Jobs - In the Energy Sector [The Industrial Security Podcast]

    Play Episode Listen Later Sep 18, 2023 47:50


    Job seekers say there are no OT security job postings. Hiring managers say nobody is applying to their posts. Amanda Theel and Eddy Mullins of Argonne National Labs walk us through recruiting issues, especially for fresh grads.

    Large Data Centers - more than just protecting information [The Industrial Security Podcast]

    Play Episode Listen Later Sep 4, 2023 43:14


    Data centers are critical information infrastructures, with a lot of associated physical infrastructure. Vlad-Gabriel Anghel of Data Center Dynamics Academy walks us through these very recent additions to critical infrastructures, and digs into industrial / OT security needs and solutions for the space.

    Active Defense in OT - how to make it work [The Industrial Security Podcast]

    Play Episode Listen Later Aug 1, 2023 38:03


    Active defense or "intrusion prevention" deep into industrial networks has long been thought of as not workable. Youssef Jad - CTO at CyVault - joins us to talk about a new approach to OT active defense that is designed for sensitive OT / industrial environments.

    Risk in Context - When to Patch, When to Let It Ride [The Industrial Security Podcast]

    Play Episode Listen Later Jul 5, 2023 43:23


    Patching is hard in many industrial / OT systems - the risk the new code poses to operations is comparable to the risk of a cyber attack. But - the vulnerability does not go away just because patching is hard. Rick Kaun, VP Solutions at Verve Industrial joins us to look at what to patch, when to patch, and automation to help make the whole process faster, easier and cheaper.

    Hacking the CANbus [The Industrial Security Podcast]

    Play Episode Listen Later Jun 19, 2023 52:35


    Modern automobiles contain hundreds of CPUs and a CANbus network or three connecting these devices. Thieves are hacking the CANbus to steal cars. Worse is possible. Ken Tindell, CTO at Canis joins us to look at the problem and at what the automobile industry is doing about these embedded control systems.

    Saving money and effort automating compliance [The Industrial Security Podcast]

    Play Episode Listen Later May 31, 2023 33:00


    NERC CIP, the new TSA pipeline and rail directives and other regulations can be very expensive - to comply with and to prove to an auditor that you comply. Kathryn Wagner of Assurx joins us to look at what and how we can automate this process to save time and money.

    How cyber fits into big-picture risk [The Industrial Security Podcast]

    Play Episode Listen Later May 17, 2023 46:59


    All physical processes involve risk - sometimes very big risk. Dr. Janaka Ruwanpura from the University of Calgary joins us to look at where cyber risks fit into the big picture of risk at industrial organizations, and at roles and responsibilities for managing risk throughout an organization.

    Six steps to integrating IT & OT in mining [The Industrial Security Podcast]

    Play Episode Listen Later May 2, 2023 46:44


    OT systems are critical to mining safety. Rob Labbe, the chair of the Metals and Mining ISAC joins us to look at six steps to integrating IT & OT networks and security programs in this very sensitive environment.

    Experience Using IEC 62443 Risk Assessments [The Industrial Security Podcast]

    Play Episode Listen Later Apr 17, 2023 54:53


    Risk assessments are a staple of industrial security programs. Paul Piotrowski, a Principal OT Cybersecurity Engineer at Shell, walks us through a deep dive into his experience using IEC 62443-3-2 risk assessments and the lessons he's learned, with lots of examples.

    Shining a Light into the Dark [The Industrial Security Podcast]

    Play Episode Listen Later Apr 3, 2023 46:39


    Getting an industrial site started on the cybersecurity road can be hard. Matthew Malone of Yokogawa joins us to look at strategies to shake loose funding, trigger conditions that can jump-start investments, and stumbling blocks and how to address them.

    Stakeholder-Specific Vulnerability Categorization (SSVC) [The Industrial Security Podcast]

    Play Episode Listen Later Mar 20, 2023 44:43


    SSVC is a new standard decision process for deciding what to do about new vulnerabilities and patches. Thomas Schmidt of the German BSI joins us to look at how SSVC decision trees work, and where and why to use them.

    Bridging industrial Cybersecurity Workforce Gaps [The Industrial Security Podcast]

    Play Episode Listen Later Mar 6, 2023 35:00


    Different kinds of organizations in different stages of their cybersecurity evolution need to look for different kinds of people to contribute to their industrial security programs. Jason Rivera a Director at Security Risk Advisors joins us to look at workforce capability gaps and different approaches needed to fill those gaps in different scenarios.

    #100 Engineering-Grade security in the US DOE Cyber Informed Engineering Strategy [The Industrial Security Podcast]

    Play Episode Listen Later Feb 20, 2023 48:35


    The new US Department of Energy Cyber Informed Engineering Strategy includes unhackable safeties, manual operations, and other engineering-grade protections, in addition to traditional cybersecurity. Join Cheri Caddy, USA Deputy Assistant Cyber Director as we look at a strategy to develop a discipline of security engineering.

    IIoT Firmware Visibility - Under the Hood [The Industrial Security Podcast]

    Play Episode Listen Later Feb 1, 2023 47:31


    Windows and Linux operating systems provide a lot of detail as to what software & versions of the operating system, applications & libraries are installed. Most firmware provides almost nothing - only a single firmware version number. Thomas Pace, Co-Founder and CEO of Netrise joins us to look at gaining visibility into industrial device firmware and vulnerabilities.

    Living at the Edge - Visibility into Edge Devices [The Industrial Security Podcast]

    Play Episode Listen Later Jan 16, 2023 53:57


    Industrial network monitoring and intrusion detection tend to start at the highest level networks - the ones closest to the IT network. Ron Fabella, CTO and Co-Founder of Synsaber joins us to look at the problem the other way around - at how important and how useful it is to monitor our lowest level networks - the edge networks closest to the physical process.

    Secure Software Development and a Zero Trust Supply Chain [The Industrial Security Podcast]

    Play Episode Listen Later Jan 2, 2023 50:34


    How does secure software development work for industrial products (SDLC) and what is a zero-trust supply chain? Gonda Lamberink of Fortress Information Security leads us on a deep dive of what's new in secure software development, and especially how supply chain security is impacting that lifecycle.

    Consequences Matter [The Industrial Security Podcast]

    Play Episode Listen Later Dec 12, 2022 45:13


    Worst-case consequences of compromise determine government and societal policies, so consequences matter, especially for critical infrastructure security. Danielle Jablanski, OT Cybersecurity Strategist at Nozomi Networks joins us to look at threats, consequences and policies for critical infrastructure security.

    Claim The Industrial Security Podcast

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel