Podcast appearances and mentions of andy bochman

Podcast: Unsolicited Response (LS 33 · TOP 5% what is this?)Episode: The OT Cybersecurity / Climate Nexus with Andy BochmanPub date: 2023-08-16At S4x23 Andy Bochman gave a Main Stage performance on the OT Cybersecurity / Climate Nexus. It's a new idea and Dale wanted to dig into it and understand it better. The discussion looks at where there is a nexus/connection/overlap and where there may be parallel efforts where each side might learn from the other. Links Andy Bochman S4x23 Video Slide used in this episode Earlier episode with Dale and Andy discussing CCE S4x24 Call For PresentationsThe podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

At S4x23 Andy Bochman gave a Main Stage performance on the OT Cybersecurity / Climate Nexus. It's a new idea and Dale wanted to dig into it and understand it better. The discussion looks at where there is a nexus/connection/overlap and where there may be parallel efforts where each side might learn from the other. Links Andy Bochman S4x23 Video Slide used in this episode Earlier episode with Dale and Andy discussing CCE S4x24 Call For Presentations

This week, the Buzz presents a recorded session from our first ever Climate Change Summit, held on April 17th. This fireside chat features Edward Saltzberg, Executive Director of the Security and Sustainability Forum and Andy Bochman, Senior Grid Strategist at the Idaho National Laboratory. These two experts discuss vulnerability of infrastructure in a world that must adjust to climate change, geopolitics, and domestic terrorism. They acknowledge that traditional infrastructure is no longer sufficient to withstand the changing climate, as well as the political and security threats of the modern world.Subscribe on your favorite podcast platform to never miss an episode! For more from ACT-IAC, follow us on LinkedIn or visit http://www.actiac.org.

Andy Bochman is the Senior Grid Strategist-Defender for Idaho National Laboratory's National and Homeland Security directorate. In this role, Andy provides strategic guidance on topics at the intersection of grid security and climate resilience to INL leadership as well as senior U.S. and international government and industry leaders. Andy is a frequent speaker, writer, and trainer who has testified before the U.S. Senate Energy and Natural Resources Committee on energy infrastructure cybersecurity issues and before FERC on the maturity of smart grid cybersecurity standards. He has had recurring conversations on grid security matters with the Senate Select Committee on Intelligence and the National Security Council. In this OODAcast we discuss Andy's most recent book, Countering Cyber Sabotage: Introducing Consequence-based Cyber-Informed Engineering. This book introduces INL's new approach for defending against top-tier cyber adversaries. Watch as we learn how a hockey player transformed into a cybersecurity champion and author of one of the most important books for engineering for critical infrastructure defense.

Andy Bochman, Senior Grid Strategist, Idaho National Lab and Bob Stone, Business Manager, IBEW 2150, join host Kristin Gilkes to discuss a range of issues including preserving jobs and reliability in the coal to cleaner power transition, and how Andy's coined the term "global weirding." A must-listen episode that serves as a follow up to our recent conversation with Brent Ridge of Dairyland Power Cooperative about their exploration of nuclear energy.

For more from Andy Bochman, join us at Utility Analytics Summit 2022 in New Orleans, May 10-12. Andy will be delivering the closing keynote session on May 12. His session, “Predicting the Future to Protect What Matters Most" will marry state-of-the-art climate forecast data with an emerging methodology for prioritizing protective and adaptive actions based on consequence.As an added bonus, save 20% on registration with code UAIPOD. If you register before April 1, that's a total savings of over $350. This discount is exclusive to “Beyond the Data” listeners. Register with the discount today: https://www.utilityanalyticssummit.com/2022/register?code=UAIPOD

Podcast: Control System Cyber Security Association International: CS2AIEpisode: 14: Consequence-Driven, Cyber-Informed Engineering (CCE) with Sara Freeman and Andy BochmanPub date: 2021-11-23Today, Derek Harp, the host of (CS)²AI Podcast, shares an episode of the Author Spotlight that features practitioners and contributors who do great work and write books about new modalities, new systems of organization, and new thought processes. In this episode, Andy Bochman and Sarah Freeman, authors of Countering Cyber Sabotage- Introducing Consequence-Driven Cyber-Informed Engineering, join Derek to talk about their book. Sarah has been an Industrial Control Systems Cyber Security Analyst at The Idaho National Laboratory (The Lab) for the past eight years. She did not get there through the traditional computer or cyber security background, however. Sarah studied Intelligence and Security Studies, focusing on terrorism in Graduate School, and came into cyber security through Language Services by assisting with certain investigations and operations on the language side. That eventually transitioned into industrial control systems when she joined The Lab. Sarah has a unique understanding of different kinds of threat actors from some of the work she has done in the past. The Lab focuses on bringing in people with different backgrounds, like cyber security researchers, malware reverse engineers, and engineers. That is invaluable when talking about attacks specifically leveled against industrial control systems because some things translate well between traditional IT attacks while others are completely different. Bringing in different groups helps with much of their work. One of the first companies Andy ever worked for was an applications security company that eventually got bought by IBM. He was also involved in some startups and some consulting. At IBM, Andy matched his cyber security day job with his night job, moonlighting as a blogger on the DOD Energy Blog and the Smart Grid Security Blog. While at IBM, he asked if he could cover energy from a cyber point of view, and they agreed. From that point, it became clear that he would eventually end up at the Idaho National Laboratory, where he has been for the last seven years. Show highlights:Sarah is valuable to the community because of her knowledge of the spoken and written languages used in certain parts of the world. (4:28) The genesis of their book and the philosophy behind it. (7:51)From about 2003-2004, Idaho National Laboratory has focused on electric grid security. (16:16)Whatever first hits the people on the street and then ripples up to the people on The Hill brings about a new level of awareness. (19:37)Critical infrastructure is sure to be targeted, and once something has been targeted it will be compromised. (20:40)Putting security into the design stage is a different approach that is now evolving out of The Lab. (24:23)Many opportunities exist for adversaries to get in and turn things to their advantage after a new software product has been deployed and begins to interact with other networks. (29:49)What initially prompted Andy to write the book before Sarah came on board. (30:35)How Andy came up with the title of the book. (36:43)When espionage turns into sabotage. (39:04)How you can use the book. (40:25)A partner program and another version of the book, known as “Bootcamp” or “Partner Training” are also available. (41:13)People are tired of the status quo and would be willing to explore a new way. (44:43)The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Today, Derek Harp, the host of (CS)²AI Podcast, shares an episode of the Author Spotlight that features practitioners and contributors who do great work and write books about new modalities, new systems of organization, and new thought processes.  In this episode, Andy Bochman and Sarah Freeman, authors of Countering Cyber Sabotage- Introducing Consequence-Driven Cyber-Informed Engineering, join Derek to talk about their book.  Sarah has been an Industrial Control Systems Cyber Security Analyst at The Idaho National Laboratory (The Lab) for the past eight years. She did not get there through the traditional computer or cyber security background, however. Sarah studied Intelligence and Security Studies, focusing on terrorism in Graduate School, and came into cyber security through Language Services by assisting with certain investigations and operations on the language side. That eventually transitioned into industrial control systems when she joined The Lab.  Sarah has a unique understanding of different kinds of threat actors from some of the work she has done in the past. The Lab focuses on bringing in people with different backgrounds, like cyber security researchers, malware reverse engineers, and engineers. That is invaluable when talking about attacks specifically leveled against industrial control systems because some things translate well between traditional IT attacks while others are completely different. Bringing in different groups helps with much of their work.  One of the first companies Andy ever worked for was an applications security company that eventually got bought by IBM. He was also involved in some startups and some consulting. At IBM, Andy matched his cyber security day job with his night job, moonlighting as a blogger on the DOD Energy Blog and the Smart Grid Security Blog. While at IBM, he asked if he could cover energy from a cyber point of view, and they agreed. From that point, it became clear that he would eventually end up at the Idaho National Laboratory, where he has been for the last seven years.  Show highlights: Sarah is valuable to the community because of her knowledge of the spoken and written languages used in certain parts of the world. (4:28)  The genesis of their book and the philosophy behind it. (7:51) From about 2003-2004, Idaho National Laboratory has focused on electric grid security. (16:16) Whatever first hits the people on the street and then ripples up to the people on The Hill brings about a new level of awareness. (19:37) Critical infrastructure is sure to be targeted, and once something has been targeted it will be compromised. (20:40) Putting security into the design stage is a different approach that is now evolving out of The Lab. (24:23) Many opportunities exist for adversaries to get in and turn things to their advantage after a new software product has been deployed and begins to interact with other networks. (29:49) What initially prompted Andy to write the book before Sarah came on board. (30:35) How Andy came up with the title of the book. (36:43) When espionage turns into sabotage. (39:04) How you can use the book. (40:25) A partner program and another version of the book, known as “Bootcamp” or “Partner Training” are also available. (41:13) People are tired of the status quo and would be willing to explore a new way. (44:43) Mentioned in this episode: Join CS2AI Join the largest organization for cybersecurity professionals. Membership has its benefits! We keep you up to date on the latest cybersecurity news and education. https://cs2ai.captivate.fm/cs2ai (Preroll Membership) Our Sponsors: We'd like to thank our sponsors for their faithful support of this podcast. Without their support we would not be able to bring you this valuable content. We'd appreciate it if you would support these companies because they support us! Network Perception Waterfall Security Tripwire KPMG Cyber

Why you should listen:Hackers are targeting critical infrastructure and there's an urgent need for smarter cybersecurity defenses to protect Operational Technology. The best practices to defend against attacks on utilities.Why there is no such thing as “taking down the whole US grid.”Five Key Quotes: “How can you secure what you don't even know you have? If you don't even know what you have down to some level of detail...you're not going to be in a good position to defend it.”  - Andy Bochman “The most senior person with the word cyber in their title ideally is at least at the VP level.” - Andy Bochman “You have to not only understand how the attacker can gain access to your network but ultimately gain access to the accounts that are most valuable – where are those crown jewel accounts?” - Sarah Freeman“IT and OT needs to be merged …the problem is cyber is here to stay and everybody needs to take part in this security process.” - Sarah Freeman“The government is most interested in who conducted the attack... The fact that there are two parties here with differing interests is a core issue.” - Sarah FreemanRelated Links:Countering Cyber Sabotage: Introducing Consequence-Driven, Cyber-Informed Engineering (CCE) 1st Editionhttps://hbr.org/2018/05/internet-insecurityhttps://medium.com/cxo-magazine/the-missing-chief-security-officer-11979a54fbf9https://www.synack.com/LinkedIn: Andy BochmanSarah FreemanTwitter:@andybochman

Andy Bochman of Idaho National labs describes CCE, a new methodology for industrial security with a focus on mission assurance, which means different things in different industries️

Podcast: Unsolicited Response PodcastEpisode: Flawed ICS MantrasPub date: 2018-10-18I’m trying something a bit different in this short 22 minute episode. I rant about two flawed ICS mantras that are gaining traction and detract from useful discussions, and there is an overview of the S4x19 agenda and OnRamp training. 1:47 Mantra: “If you are in critical infrastructure, you will be targeted. If you are targeted, you will be compromised”. Andy Bochman and others at INL. This is pure FUD, and I explain a more reasonable and helpful adaptation of this. 14:06 Mantra: If it isn’t secure, it isn’t safe. Not necessarily FUD, but just wrong and could have asset owners chasing down security issues that don’t impact safety. Also, are you ever going to make the claim that something is secure? Links S4x19 Agenda S4x19 OnRamp Training This episode was sponsored by CyberX. Founded by military cyber experts with nation-state expertise defending critical infrastructure, CyberX has developed an end-to-end platform for continuous ICS threat monitoring and risk mitigation. Check out the CyberX Executive Guide to the NIS Directive.The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Unsolicited Response PodcastEpisode: CCE with Andy Bochman of INLPub date: 2018-07-18Andy Bochman with INL joins me to discuss their Consequence-Driven, Cyber-Informed Engineering methodology (CCE). It is appealing because it places emphasis on the often neglected consequence part of the risk equation. I think you'll hear me struggling to make sense of some of the concepts in the CCE and questioning a number of the underlying precepts and value of stages of the methodology. One of the reasons is there is limited info out on what CCE is, and this podcast should clarify CCE to some degree.   This episode was sponsored by CyberX. Founded by military cyber experts with nation-state expertise defending critical infrastructure, CyberX has developed an end-to-end platform for continuous ICS threat monitoring and risk mitigation. Check out the CyberX Global ICS and IIoT Risk Report and my podcast from last year on the report with Phil Neray.  The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

I’m trying something a bit different in this short 22 minute episode. I rant about two flawed ICS mantras that are gaining traction and detract from useful discussions, and there is an overview of the S4x19 agenda and OnRamp training. 1:47 Mantra: “If you are in critical infrastructure, you will be targeted. If you are targeted, you will be compromised”. Andy Bochman and others at INL. This is pure FUD, and I explain a more reasonable and helpful adaptation of this. 14:06 Mantra: If it isn’t secure, it isn’t safe. Not necessarily FUD, but just wrong and could have asset owners chasing down security issues that don’t impact safety. Also, are you ever going to make the claim that something is secure? Links S4x19 Agenda S4x19 OnRamp Training This episode was sponsored by CyberX. Founded by military cyber experts with nation-state expertise defending critical infrastructure, CyberX has developed an end-to-end platform for continuous ICS threat monitoring and risk mitigation. Check out the CyberX Executive Guide to the NIS Directive.

Andy Bochman with INL joins me to discuss their Consequence-Driven, Cyber-Informed Engineering methodology (CCE). It is appealing because it places emphasis on the often neglected consequence part of the risk equation. I think you'll hear me struggling to make sense of some of the concepts in the CCE and questioning a number of the underlying precepts and value of stages of the methodology. One of the reasons is there is limited info out on what CCE is, and this podcast should clarify CCE to some degree.   This episode was sponsored by CyberX. Founded by military cyber experts with nation-state expertise defending critical infrastructure, CyberX has developed an end-to-end platform for continuous ICS threat monitoring and risk mitigation. Check out the CyberX Global ICS and IIoT Risk Report and my podcast from last year on the report with Phil Neray.  

Andy Bochman is senior grid strategist for Idaho National Lab’s National and Homeland Security directorate. Today we’re discussing the research the INL has been doing, developing new approaches to protecting mission critical systems.

Andy Bochman is senior grid strategist for Idaho National Lab’s National and Homeland Security directorate. Today we’re discussing the research the INL has been doing, developing new approaches to protecting mission critical systems. The CyberWire's Research Saturday is presented by the Hewlett Foundation Cyber Initiative. Thanks to our sponsor Enveil, closing the last gap in data security.

Building on its recent addition of Cobol scanning capabilities, IBM announced its partnership with a leading provider of SAP ABAP security scanning tools, Virtual Forge. In this podcast IBM and Virtual Forge will describe the capabilities of their combined offering, including use cases, success stories and how to get started. Markus Schumacher and Andy Bochman, speakers.