Podcasts about ics ot

  • 26PODCASTS
  • 86EPISODES
  • 55mAVG DURATION
  • ?INFREQUENT EPISODES
  • Jun 16, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about ics ot

Latest podcast episodes about ics ot

Cybercrime Magazine Podcast
Unlocking Resilience. Cybersecurity Preparations For The Industrial Renaissance. Ron Brash, Exiger.

Cybercrime Magazine Podcast

Play Episode Listen Later Jun 16, 2025 22:53


Ron Brash is the Vice President of Industrial Cybersecurity at Exiger, where he leverages over a decade of experience in ICS/OT cybersecurity and embedded vulnerability research. In this episode, he joins host Scott Schober to discuss cybersecurity preparations for the industrial renaissance, including the evolution of threats in recent years, and more. Exiger is revolutionizing the way corporations, government agencies and banks navigate risk and compliance in their third-parties, supply chains and customers through its software and tech-enabled solutions. To learn more about our sponsor, visit https://exiger.com.

@BEERISAC: CPS/ICS Security Podcast Playlist
Network Monitoring in OT/ICS Environments with Stuart Bailey

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Mar 10, 2025 31:05


Podcast: HOU.SEC.CAST.Episode: Network Monitoring in OT/ICS Environments with Stuart BaileyPub date: 2025-03-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn today's episode Michael and Sam are catching up with Security Consulting Manager, ICS/OT at Accenture, Stuart Bailey! Stuart shares his journey from a career in social work to cybersecurity, the challenges of working on OT environments, and the importance of network monitoring for critical infrastructure. Things Mentioned:·      Romanian energy supplier Electrica hit by ransomware attack - https://www.bleepingcomputer.com/news/security/romanian-energy-supplier-electrica-hit-by-ransomware-attack/·      Stuart's talk - https://youtu.be/wI-7q1RSVZU?si=CaKziboHBHtyberhDo you have a question for the hosts? Reach out to us at podcast@houstonseccon.com Keep up with HOU.SEC.CON:·      LinkedIn·      Twitter·      Facebook·      Instagram·      YouTube·      BlueskyCheck out our other show:·      CyberSundayCheck out our Conferences and Events:·      HOU.SEC.CON.·      OT.SEC.CON.·      EXEC.SEC.CON.·      HSC User GroupSupport or apply to our Scholarship Program:·      TAB Cyber Foundation In this episode:·      Host: Michael Farnum·      Host: Sam Van Ryder·      Guest: Stuart Bailey·      Production and editing: Lauren Lynch·      Music by: August HoneyThe podcast and artwork embedded on this page are from Michael Farnum and Sam Van Ryder, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
The Intersection of AI, OT, and Cybersecurity with Sulaiman Alhasawi

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Mar 4, 2025 48:48


Podcast: PrOTect It All (LS 25 · TOP 10% what is this?)Episode: The Intersection of AI, OT, and Cybersecurity with Sulaiman AlhasawiPub date: 2025-03-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow is joined by Sulaiman Alhasawi, a cybersecurity expert based in Kuwait. Sulaiman shares his journey into OT security, beginning with his PhD research in Liverpool and leading to his creation of ICSrank.com, a search engine for OT devices.    The discussion gets into individuals' unique cybersecurity paths, emphasizing the importance of learning from diverse experiences. They explore the challenges asset owners face in understanding vulnerabilities, the role of AI in cybersecurity, and the international perspective on OT security.    Throughout the episode, Aaron and Sulaiman highlight the significance of community, knowledge sharing, and taking actionable steps to improve cybersecurity posture in critical infrastructure. Whether you're an industry veteran or a newcomer, this episode is packed with insights and practical advice to help you protect it all.   Key Moments:  01:10 Sharing Diverse Experiences 05:44 Simplifying Asset Management Challenges 08:15 Action Transforms Ideas to Value 11:44 Unexpected Targets in Cyber Attacks 13:20 "Obscurity Isn't Security" 16:50 Simplifying Cybersecurity Communication 21:12 Unintended Internet Exposure Risks 24:49 Podcasting for Community Impact 28:53 OT's Vital Role in Hospitals 32:26 Diverse Experiences in Power Plants 35:54 OT Data Integration Priorities 36:55 Prioritizing Safety Over Immediate Updates 42:10 Global Business Resource Allocation Challenges 46:08 Finding Our Podcast & Resources 47:25 Global Unity in Shared Struggles   About The Guest :    Sulaiman Alhasawi is an active researcher  in ICS/OT cybersecurity, with a PhD specializing in securing critical infrastructure. He is the founder of ICSrank.com, a platform dedicated to discovering and assessing security risks in Industrial Control Systems (ICS), Operational Technology (OT), and Industrial IoT. As the host of the ICS Arabia Podcast, Sulaiman brings together global experts to discuss cutting-edge topics in OT security, bridging the gap between research, industry, and real-world cyber threats. His latest research, "How to Find Water Systems on the Internet", was featured in SecurityWeek magazine, shedding light on OSINT techniques used to uncover vulnerable water infrastructure. (Read it here: https://zerontek.com/zt/2024/09/30/how-to-find-water-systems-on-the-internet-a-guide-to-ics-ot-osint/) Follow Sulaiman for insights on ICS/OT security, threat intelligence, and ethical hacking:   ICSrank Website: ICSrank.com ICS Arabia Podcast (X): https://www.youtube.com/@icsarabiapodcast Twitter (X): @alhasawi Linkedin : https://www.linkedin.com/in/alhasawi   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4  The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
From Navy to Consulting - Dan Ricci's Unique Perspective on Bridging Security Gaps

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Feb 11, 2025 72:29


Podcast: PrOTect It All (LS 25 · TOP 10% what is this?)Episode: From Navy to Consulting - Dan Ricci's Unique Perspective on Bridging Security GapsPub date: 2025-02-10Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crowe speaks to Dan Ricci, founder of the ICS Advisory Project, to delve into OT cybersecurity. Dan brings a wealth of experience from his time in the Navy, transitioning through various cybersecurity roles, and finally taking the leap to establish a platform that addresses the complex needs of critical infrastructure sectors.  In this conversation, they explore the genesis of the ICS Advisory Project, a tool designed to streamline vulnerability management for small to medium-sized organizations. Aaron and Dan also discuss the challenges of transitioning from military service to civilian cybersecurity roles, emphasizing the importance of mentorship, risk-taking, and continual self-improvement.  This episode offers valuable insights for anyone in the cybersecurity community and those looking to bridge the gap between IT and OT spheres. Join us as we explore strategies to enhance resilience and share lessons from the field. Key Moments:  09:17 Building Dashboards with Google Studio 14:41 Cybersecurity: Secondary Concern for Operators 20:48 Supporting Small Supply Chain Contributors 23:23  OT Cybersecurity Impact and Mentorship 27:48 Bridging Cybersecurity and Critical Sectors 34:16 Opportunities to Share Project Insights 38:24 Adapting Skills for Career Growth 45:58 Cyber Career Evolution and Growth 56:14 Leadership vs. Management Distinction 01:00:56 Relentless Daily Self-Improvement About the guest :  With over 28 years of Cybersecurity experience, Dan is the Senior Cybersecurity Consultant at Ampyx Cyber, leading engagements with Rural Cooperatives and Utilities to improve their Cybersecurity programs and protect critical infrastructure. In 2023, he founded Industrial Data Works to provide independent consulting and vulnerability intelligence API subscription services.   He is also the founder of the ICS Advisory Project, an open-source initiative to help small and medium-sized ICS asset owners across the 16 critical infrastructure sectors prioritize vulnerabilities and plan mitigation for their ICS/OT environments. He aims to provide free and accessible resources to secure critical infrastructure and protect the public.   Link to Industrial Data Works: https://www.industrialdataworks.com/ics-advisory-project-api   Links to ICS Advisory Project: https://www.icsadvisoryproject.com/   ICS Advisory Project Github Repository: https://github.com/icsadvprj/ICS-Advisory-Project   Receive ICS Advisory Project Weekly Summary Slides and Other CERT & Vendor Advisory Summaries in your email every Monday: https://docs.google.com/forms/d/e/1FAIpQLSfC490BHoCR4gHekZcMLBgbHMhUQZr7ZVYZG1OkaWdKGwH73g/viewform Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
ICS/OT Trends and the Food We Eat: A Conversation with Mike Holcomb

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Feb 3, 2025 54:50


Podcast: Bites & Bytes PodcastEpisode: ICS/OT Trends and the Food We Eat: A Conversation with Mike HolcombPub date: 2025-01-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome to the first episode of the second season of the Award-Winning Bites and Bytes Podcast!  In this episode, host Kristin Demoranville sits down with Mike Holcomb, Fellow of Cybersecurity and ICS/OT Cybersecurity Global Lead for Fluor.  With decades of experience, Mike secures some of the world's largest and most complex ICS/OT environments, from power plants and rail systems to manufacturing and refineries.  A passionate advocate for education and community, Mike has built cybersecurity programs, founded the Upstate SC ISSA Chapter, awarded the CyberSC'sC's MG Lester D. Eisner Award for Cyber Excellence in Leadership for the State of South Carolina, and leads the BSides Greenville & BSides ICS conferences.  Join Kristin and Mike as they discuss the evolving ICS/OT cybersecurity landscape, Mike's journey as a leader in the field, and the unique challenges facing critical infrastructure, including food and agriculture.  Mike also shares personal insights, including his favorite food memories and how cybersecurity connects to everyday systems like agriculture and transportation. Where to find Mike Holcomb: LinkedIn Website Youtube Github Newsletter _______________________________________________ Episode Key Highlights: (0:00:09) - Welcome and Introduction to Mike Holcomb (0:03:10) - Unique Food Combinations and Fun Food Memories (0:07:12) - Highlighting Food and Agriculture in OT Security (0:12:10) - Protecting Critical Infrastructure Systems Impacting Lives (0:17:18) - Food and Agriculture as Complex Critical Systems (0:23:13) - Behind the Scenes of Food Production and Transport (0:24:02) - Cyber Incidents Impacting Grocery Supply Chains (0:30:01) - Regional Food Safety Regulations and Challenges (0:35:10) - Educating Consumers About Food Systems (0:47:25) - Reflections on Community Building in Cybersecurity (0:53:37) - Final ThoughtsMike'ss Personal Message _______________________________________________ Upcoming Conferences:

Bare Knuckles and Brass Tacks
Cybersecurity for the Food Supply Chain

Bare Knuckles and Brass Tacks

Play Episode Listen Later Jan 20, 2025 42:28


Kristin Demoranville joins the show this week to talk securing the food supply chain as critical infrastructure, incidents' effect on the global economy, representation in ICS/OT, and more!George K and George A talk to Kristin about: Dispelling misconceptions about OT security The food industry as critical infrastructure The need for more diverse voices in OT/ICS security to drive innovation and better solutions How to break into OT securityPlus some raw honesty about being a woman founder in the space and building community despite the challenges.———

@BEERISAC: CPS/ICS Security Podcast Playlist
Building a Bridge Across the Divide: The Intersection of IT and OT Cybersecurity with Mike Holcomb

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Dec 8, 2024 51:21


Podcast: IoT Security PodcastEpisode: Building a Bridge Across the Divide: The Intersection of IT and OT Cybersecurity with Mike HolcombPub date: 2024-12-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEmphasizing the importance of collaboration and communication, Mike Holcomb shares his extensive experience and practical insights into securing ICS and IoT environments. Holcomb, ICS/OT cybersecurity global lead at Fluor, stresses mastering basic cybersecurity fundamentals and asset inventory, along with the nuances of integrating IT and OT security. The episode aims to bridge gaps between IT and OT teams to fortify defenses against sophisticated cyber threats.Listeners will gain valuable insights into critical takeaways, including:Real-World Impact of Cyber Attacks: Mike explains how high-profile incidents, such as Colonial Pipeline and Triton, highlighted the physical consequences of cyber threats, making clear that OT security is a top priority for critical infrastructure.Bridging the IT-OT Divide: The discussion underscores the need for IT and OT teams to collaborate, as a lack of communication and understanding can leave vulnerabilities open to exploitation.Achievable Defense Strategies: From basic network segmentation to secure remote access, Mike provides practical, accessible steps to strengthen ICS/OT security without overwhelming smaller teams. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
ICS/OT Cybersecurity: Events, Networking, and Industry Discussions with Mike Holcomb

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Dec 4, 2024 50:39


Podcast: PrOTect It All (LS 24 · TOP 10% what is this?)Episode: ICS/OT Cybersecurity: Events, Networking, and Industry Discussions with Mike HolcombPub date: 2024-12-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow is joined by special guest  Mike Holcomb to discuss the intricate realm of Industrial Control Systems and Operational Technology (ICS/OT) cybersecurity. The episode also spotlights the upcoming event B Sides ICS, an open and community-centric conference set to run alongside the prestigious S4 conference in Tampa.   Mike Holcomb provides insights into the much-anticipated ticket sales for the event and underscores the importance of submitting papers or presentations by the end of the year. The discussion emphasizes the significance of expertise in OT, cyber, and enterprise operations for top-level management and how events like B Sides ICS and S4 promote networking, learning, and professional development.   Listeners will gain a deeper understanding of the origins of B Sides events, the excitement surrounding B Sides ICS, and the impactful discussions and innovations poised to shape the future of ICS/OT cybersecurity. Whether the audience comprises newcomers or seasoned professionals, this episode offers valuable takeaways for everyone.   Key Moments:    00:00 Educating and supporting ICS & OT cybersecurity communities. 04:28 Passionate about learning and sharing cybersecurity knowledge. 08:59 B Sides: Global community-focused conference events. 10:43 Bringing B-Sides to Greenville increased attendance. 16:29 Promote diverse perspectives in OT cybersecurity. 19:01 Active Directory challenges in IT-OT integration. 21:07 Active Directory simplifies system management, poses risks. 28:57 Lean on IT for the correct Active Directory setup. 31:52 Availability is crucial in an OT environment. 34:14 Integrating IT and OT for enhanced cybersecurity collaboration. 36:16 IT and OT integration needs improvement. 40:54 Exploring cybersecurity in ICSOT across various sectors.   About the guest :    Mike Holcomb is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, one of the world's largest engineering, procurement, and construction companies. His current role provides him with the opportunity to work in securing some of the world's largest ICS/OT environments, from power plants and commuter rail to manufacturing facilities and refineries. He has his Masters degree in ICS/OT cybersecurity from the SANS Technology Institute. Additionally, he maintains cyber security and ICS/OT certifications such as the CISSP, GRID, GICSP, GCIP, GPEN, GCIH, ISA 62443, and more. He posts regularly on LinkedIn and YouTube to help others learn more about securing ICS/OT and critical infrastructure.   How to contact Mike:  Website : https://www.mikeholcomb.com/ Youtube :  https://www.youtube.com/@utilsec LinkedIn: https://www.linkedin.com/in/mikeholcomb/   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

IoT Security Podcast
Building a Bridge Across the Divide: The Intersection of IT and OT Cybersecurity with Mike Holcomb

IoT Security Podcast

Play Episode Listen Later Dec 3, 2024 51:21


Emphasizing the importance of collaboration and communication, Mike Holcomb shares his extensive experience and practical insights into securing ICS and IoT environments. Holcomb, ICS/OT cybersecurity global lead at Fluor, stresses mastering basic cybersecurity fundamentals and asset inventory, along with the nuances of integrating IT and OT security. The episode aims to bridge gaps between IT and OT teams to fortify defenses against sophisticated cyber threats.Listeners will gain valuable insights into critical takeaways, including:Real-World Impact of Cyber Attacks: Mike explains how high-profile incidents, such as Colonial Pipeline and Triton, highlighted the physical consequences of cyber threats, making clear that OT security is a top priority for critical infrastructure.Bridging the IT-OT Divide: The discussion underscores the need for IT and OT teams to collaborate, as a lack of communication and understanding can leave vulnerabilities open to exploitation.Achievable Defense Strategies: From basic network segmentation to secure remote access, Mike provides practical, accessible steps to strengthen ICS/OT security without overwhelming smaller teams. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Defence Connect Podcast
CYBER UNCUT: Preparing for attacks on ICS/OT infrastructure, with Dragos' Dawn Cappelli

Defence Connect Podcast

Play Episode Listen Later Nov 11, 2024 37:58


In this episode of the Cyber Uncut podcast, Dawn Cappelli, head of OT-CERT at Dragos, joins host Liam Garman to unpack how governments and the industry are responding to current and emerging ICS/OT threats. The pair begin the podcast by examining how operational technology is becoming more interconnected with the digital world and what emerging vulnerabilities providers should be aware of for the future. Cappelli and Garman then look into whether government regulations are keeping pace with evolving threats and whether artificial intelligence is transforming the world of operational technology. They wrap up the podcast by discussing some pertinent case studies, zero trust, and what the landscape of operational technology security will look like over the next decade. Enjoy the podcast, The Cyber Uncut team  

Cyber Security Uncut
Preparing for attacks on ICS/OT infrastructure, with Dragos' Dawn Cappelli

Cyber Security Uncut

Play Episode Listen Later Nov 8, 2024 37:58


In this episode of the Cyber Uncut podcast, Dawn Cappelli, head of OT-CERT at Dragos, joins host Liam Garman to unpack how governments and the industry are responding to current and emerging ICS/OT threats. The pair begin the podcast by examining how operational technology is becoming more interconnected with the digital world and what emerging vulnerabilities providers should be aware of for the future. Cappelli and Garman then look into whether government regulations are keeping pace with evolving threats and whether artificial intelligence is transforming the world of operational technology. They wrap up the podcast by discussing some pertinent case studies, zero trust, and what the landscape of operational technology security will look like over the next decade. Enjoy the podcast, The Cyber Uncut team  

Packet Pushers - Full Podcast Feed
PP035: What IT Should Know About Securing Industrial Systems

Packet Pushers - Full Podcast Feed

Play Episode Listen Later Oct 15, 2024 47:31


Industrial Control Systems (ICS) and Operational Technology (OT) used to stand apart from traditional IT. But those worlds are converging, and IT pros, including infosec teams and network engineers, need to become familiar with the operational challenges and quirks of ICS/OT systems. On today’s Packet Protector, guest Mike Holcomb demystifies ICS and OT for IT... Read more »

Packet Pushers - Fat Pipe
PP035: What IT Should Know About Securing Industrial Systems

Packet Pushers - Fat Pipe

Play Episode Listen Later Oct 15, 2024 47:31


Industrial Control Systems (ICS) and Operational Technology (OT) used to stand apart from traditional IT. But those worlds are converging, and IT pros, including infosec teams and network engineers, need to become familiar with the operational challenges and quirks of ICS/OT systems. On today’s Packet Protector, guest Mike Holcomb demystifies ICS and OT for IT... Read more »

@BEERISAC: CPS/ICS Security Podcast Playlist
Why Cybersecurity Matters: Protecting Our Food Supply from Digital Threats with Kristin Demoranville

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Aug 29, 2024 66:59


Podcast: PrOTect It AllEpisode: Why Cybersecurity Matters: Protecting Our Food Supply from Digital Threats with Kristin DemoranvillePub date: 2024-08-26In this insightful episode of Protect It All, titled "Why Cybersecurity Matters: Protecting Our Food Supply from Digital Threats with Kristin Demoranville," host Aaron Crow and guest Kristin Demoranville tackle the critical yet often overlooked role of cybersecurity in the food and agriculture industry. Kristin stresses the need to shift from reactive to proactive cybersecurity measures to protect our complex food supply chains and ensure resilience. The discussion covers real-world cyber incidents like the ransomware attack on JBS meat company, emphasizing the human factors, financial misconceptions, and the necessity for robust incident response and business continuity plans. Listeners will also learn about the dangers of excessive reliance on technology and automation, the significance of water conservation, and the importance of integrating OT security in data centers. Through professional insights and personal anecdotes, Kristin highlights the crucial need for community support within the OT landscape. This episode offers a comprehensive look at the cultural and societal implications of cyber threats to our food supply, making it essential listening for anyone interested in the safety and security of the food industry. Key Moments: 00:10 Training and spreading awareness about operational technology. 10:21 Agriculture lacks attention; needs OT cybersecurity focus. 15:26 Security professionals foresee major food safety risk. 18:04 Supply chain issues during COVID highlight concerns. Regenerative farming and feeding the population. 24:04 ICS OT industry united in game proposal. 27:35 Designing systems must consider cyber risk implications. 34:11 Cybersecurity often an afterthought in many companies. 41:47 Respectful, supportive, and geeky cyber community advocate. 42:58 Texan upbringing shaped love for celebratory food. 51:10 Concern over CrowdStrike blaming and finger pointing. 57:16 Operator scans RFID tags from break room. 59:24 Resisting a wasteful task, leading to change. About the guest : Kristin Demoranville is the visionary founder and CEO of AnzenSage, a cybersecurity firm specializing in the food and agricultural industry. She also leads as the CEO and co-founder of AnzenOT, a groundbreaking SaaS OT Cybersecurity Risk Intelligence solution. With 26 years in the tech industry, Kristin seamlessly blends cybersecurity with food protection culture, always emphasizing the vital role of people and processes. Her extensive background—ranging from collaborating with Fortune 500 companies and various manufacturing sectors to studying gorilla behavior as part of her Environmental Management degree—gives her a unique and well-rounded perspective on cybersecurity and critical infrastructure. A published expert and in-demand speaker, Kristin is known for bridging the worlds of food protection and cybersecurity. She’s also the host of the Bites & Bytes Podcast, where she drives meaningful conversations between professionals across food, cybersecurity, and technology. Anzensage Website : https://www.anzensage.com/ AnzenOT Website : https://www.anzenot.com/ Bites and Bytes Podcast: https://www.bitesandbytespodcast.com/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.coThe podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Defence Connect Podcast
CYBER UNCUT: Making your ICS/OT environments cyber secure, with Dragos' Lesley Carhart

Defence Connect Podcast

Play Episode Listen Later Jul 22, 2024 45:02


In this episode of the Cyber Uncut podcast, Lesley Carhart, director of incident response for North America at Dragos, joins host Liam Garman to unpack how businesses can improve their ICS/OT cyber processes, before giving some tangible advice for business leaders on how they can build their incident response plans. The pair begin the podcast by unpacking some common and emerging threat trends being observed across ICS environments and how companies need to build a bridge between IT and OT teams to protect assets. Carhart then details why OT security is so immature relative to IT security and shares some practical steps that organisations must take to protect their ICS. The podcast wraps up with some tangible advice on how businesses can build incident response plans, ensuring that they can streamline the resumption of operations in the event of a cyber incident. Enjoy the podcast, The Cyber Uncut team

Cyber Security Uncut
Making your ICS/OT environments cyber secure, with Dragos' Lesley Carhart

Cyber Security Uncut

Play Episode Listen Later Jul 22, 2024 45:02


In this episode of the Cyber Uncut podcast, Lesley Carhart, director of incident response for North America at Dragos, joins host Liam Garman to unpack how businesses can improve their ICS/OT cyber processes, before giving some tangible advice for business leaders on how they can build their incident response plans. The pair begin the podcast by unpacking some common and emerging threat trends being observed across ICS environments and how companies need to build a bridge between IT and OT teams to protect assets. Carhart then details why OT security is so immature relative to IT security and shares some practical steps that organisations must take to protect their ICS. The podcast wraps up with some tangible advice on how businesses can build incident response plans, ensuring that they can streamline the resumption of operations in the event of a cyber incident. Enjoy the podcast, The Cyber Uncut team

@BEERISAC: CPS/ICS Security Podcast Playlist
Digging into regulatory compliance issues.

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jun 7, 2024 17:38


Podcast: Control Loop: The OT Cybersecurity Podcast (LS 35 · TOP 3% what is this?)Episode: Digging into regulatory compliance issues.Pub date: 2024-06-05UK will propose law to ban ransom payments for critical infrastructure entities. EPA outlines enforcement measures to protect water utilities against cyberattacks. Rockwell advises customers to disconnect ICS devices from the internet. Senator Vance asks CISA for information on Volt Typhoon. Guest Kimberly Graham of Dragos joins Dave to discuss regulatory compliance issues. Programming Note.Control Loop is going on a temporary hiatus. Thank you for being a loyal listener. N2K CyberWire will be back soon with more ICS/OT news and analysis that you rely on. Please stay tuned for more updates.Control Loop Audience Survey.Please take a moment to fill out our super quick survey. It's only 5 short questions. Thanks!Control Loop News Brief.UK will propose law to ban ransom payments for critical infrastructure entities.Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (The Record)EPA outlines enforcement measures to protect water utilities against cyberattacks.EPA Outlines Enforcement Measures to Help Prevent Cybersecurity Attacks and Protect the Nation's Drinking Water (Environmental Protection Agency)Rockwell advises customers to disconnect ICS devices from the internet.Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats (Rockwell Automation)Senator Vance asks CISA for information on Volt Typhoon.Senator Vance issues warning on China-backed Volt Typhoon threat to US critical infrastructure (Industrial Cyber)Control Loop Interview.Guest Kimberly Graham, Vice President of Product Management at Dragos, discussing regulatory compliance issues. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the N2K CyberWire website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
Digging into regulatory compliance issues.

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jun 7, 2024 17:38


Podcast: Control Loop: The OT Cybersecurity Podcast (LS 34 · TOP 3% what is this?)Episode: Digging into regulatory compliance issues.Pub date: 2024-06-05UK will propose law to ban ransom payments for critical infrastructure entities. EPA outlines enforcement measures to protect water utilities against cyberattacks. Rockwell advises customers to disconnect ICS devices from the internet. Senator Vance asks CISA for information on Volt Typhoon. Guest Kimberly Graham of Dragos joins Dave to discuss regulatory compliance issues. Programming Note.Control Loop is going on a temporary hiatus. Thank you for being a loyal listener. N2K CyberWire will be back soon with more ICS/OT news and analysis that you rely on. Please stay tuned for more updates.Control Loop Audience Survey.Please take a moment to fill out our super quick survey. It's only 5 short questions. Thanks!Control Loop News Brief.UK will propose law to ban ransom payments for critical infrastructure entities.Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (The Record)EPA outlines enforcement measures to protect water utilities against cyberattacks.EPA Outlines Enforcement Measures to Help Prevent Cybersecurity Attacks and Protect the Nation's Drinking Water (Environmental Protection Agency)Rockwell advises customers to disconnect ICS devices from the internet.Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats (Rockwell Automation)Senator Vance asks CISA for information on Volt Typhoon.Senator Vance issues warning on China-backed Volt Typhoon threat to US critical infrastructure (Industrial Cyber)Control Loop Interview.Guest Kimberly Graham, Vice President of Product Management at Dragos, discussing regulatory compliance issues. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the N2K CyberWire website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Control Loop: The OT Cybersecurity Podcast
Digging into regulatory compliance issues.

Control Loop: The OT Cybersecurity Podcast

Play Episode Listen Later Jun 5, 2024 17:38


UK will propose law to ban ransom payments for critical infrastructure entities. EPA outlines enforcement measures to protect water utilities against cyberattacks. Rockwell advises customers to disconnect ICS devices from the internet. Senator Vance asks CISA for information on Volt Typhoon. Guest Kimberly Graham of Dragos joins Dave to discuss regulatory compliance issues. Programming Note. Control Loop is going on a temporary hiatus. Thank you for being a loyal listener. N2K CyberWire will be back soon with more ICS/OT news and analysis that you rely on. Please stay tuned for more updates. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. It's only 5 short questions. Thanks! Control Loop News Brief. UK will propose law to ban ransom payments for critical infrastructure entities. Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (The Record) EPA outlines enforcement measures to protect water utilities against cyberattacks. EPA Outlines Enforcement Measures to Help Prevent Cybersecurity Attacks and Protect the Nation's Drinking Water (Environmental Protection Agency) Rockwell advises customers to disconnect ICS devices from the internet. Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats (Rockwell Automation) Senator Vance asks CISA for information on Volt Typhoon. Senator Vance issues warning on China-backed Volt Typhoon threat to US critical infrastructure (Industrial Cyber) Control Loop Interview. Guest Kimberly Graham, Vice President of Product Management at Dragos, discussing regulatory compliance issues.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the N2K CyberWire website.

Security Breach
Avoiding a 'Chicken Little' Cybersecurity Strategy

Security Breach

Play Episode Listen Later Mar 21, 2024 39:03


Threat intelligence is important, but why manufacturers should focus on risk factors first.When it comes to the industrial sector's ongoing cybersecurity challenges, we all know that there's more to defend, but what is most concerning is that we're not responding quickly enough to the expanding threat landscape. In case you needed proof, here are some of the recent stats from Dragos 2023 Year in Review Report. It found that:80 percent of industrial sector vulnerabilities reside deep within the ICS network, making them difficult to see and harder to kick out.53 percent of the advisories Dragos analyzed could cause both a loss of visibility and control.Ransomware attacks against industrial organizations increased by 50 percent last year, and Dragos tracked 28 percent more ransomware groups focused on the ICS/OT environment.Attacks were confirmed in 33 unique manufacturing sectors.74 percent of all vulnerability advisories had no mitigation strategy.I'm not going to promise solutions for all of these challenges, but we've definitely found a guy interested in trying. Scott Sarris is an Information Security, Compliance and Privacy Solutions Advisor at Aprio, a leading advisory and business consulting firm. Watch/listen as we discuss:Why OT could affectionately be known as "Old Tech".The political factors impacting IT/OT divisiveness in the industrial sector, but why Scott is optimistic about the progress being made in bringing the two segments together.Why cybersecurity planning and investments needs to start with assessing and prioritizing risk.How slowing down can help ramp up security efforts.Why dwelling or living-off-the-land attacks will escalate.To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. And if you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

@BEERISAC: CPS/ICS Security Podcast Playlist
Energizing Cybersecurity Careers: Workforce Development in OT/ICS

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Mar 5, 2024 68:23


Podcast: Critical Assets PodcastEpisode: Energizing Cybersecurity Careers: Workforce Development in OT/ICSPub date: 2024-03-03Join us for a discussion on Energizing Cybersecurity Careers: Workforce Development in the OT/ICS Community. Guests Cynthia Hsu and Erin Owens dive into the cybersecurity challenges facing Industrial Control Systems and Operational Technology asset owners. Through open conversations, we explore everything from skill gaps and career pathways to diversity, continuous learning, and the impact of new technologies. This session aims to provide insights into developing a skilled, diverse cybersecurity workforce – starting from the ground up – with a focus on practical strategies for professionals, educators, and anyone interested in the future of ICS/OT security.Show links:Cynthia Hsu LinkedIn profile https://www.linkedin.com/in/cynthiahsu33/Erin Owens LinkedIn profile https://www.linkedin.com/in/erinowens/DOE CESER Cybersecurity Training for the Utility Workforce, free 3-day ICS Cybersecurity training for electric and ONG utility staff. Next training event: Buffalo, NY, April 23-25, Register at: Eventleaf | Event Registration Software and Mobile Event Apps DOE CESER CyberStrikeTM professional cybersecurity training for operational technology environments: https://inl.gov/cyberstrike/· LIGHTS OUT – focus on Ukraine attacks· NEMESIS – focus on nation-state TTPs· STORMCLOUD – focus on renewable energy DOE CESER CyberForce® workforce development program for college students focused on building a pipeline of cyber professional candidates in operational technology cybersecurity: https://cyberforce.energy.gov/ Sandia National LaboratoryTracer FIRE (Forensic Incident Response Exercise): https://github.com/sandialabs/Tracer-FIRECenter for Cyber Defenders: https://www.sandia.gov/careers/career-possibilities/students-and-postdocs/internships-co-ops/institute-programs/titans-technical-internships-to-advance-national-security/titans-cyber/ Cyber Defense Center https://www.cyberdefensecenter.org/The podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
Energizing Cybersecurity Careers: Workforce Development in OT/ICS

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Mar 5, 2024 68:23


Podcast: Critical Assets PodcastEpisode: Energizing Cybersecurity Careers: Workforce Development in OT/ICSPub date: 2024-03-03Join us for a discussion on Energizing Cybersecurity Careers: Workforce Development in the OT/ICS Community. Guests Cynthia Hsu and Erin Owens dive into the cybersecurity challenges facing Industrial Control Systems and Operational Technology asset owners. Through open conversations, we explore everything from skill gaps and career pathways to diversity, continuous learning, and the impact of new technologies. This session aims to provide insights into developing a skilled, diverse cybersecurity workforce – starting from the ground up – with a focus on practical strategies for professionals, educators, and anyone interested in the future of ICS/OT security.Show links:Cynthia Hsu LinkedIn profile https://www.linkedin.com/in/cynthiahsu33/Erin Owens LinkedIn profile https://www.linkedin.com/in/erinowens/DOE CESER Cybersecurity Training for the Utility Workforce, free 3-day ICS Cybersecurity training for electric and ONG utility staff. Next training event: Buffalo, NY, April 23-25, Register at: Eventleaf | Event Registration Software and Mobile Event Apps DOE CESER CyberStrikeTM professional cybersecurity training for operational technology environments: https://inl.gov/cyberstrike/· LIGHTS OUT – focus on Ukraine attacks· NEMESIS – focus on nation-state TTPs· STORMCLOUD – focus on renewable energy DOE CESER CyberForce® workforce development program for college students focused on building a pipeline of cyber professional candidates in operational technology cybersecurity: https://cyberforce.energy.gov/ Sandia National LaboratoryTracer FIRE (Forensic Incident Response Exercise): https://github.com/sandialabs/Tracer-FIRECenter for Cyber Defenders: https://www.sandia.gov/careers/career-possibilities/students-and-postdocs/internships-co-ops/institute-programs/titans-technical-internships-to-advance-national-security/titans-cyber/ Cyber Defense Center https://www.cyberdefensecenter.org/The podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
Itay Yanovski & Nimrod Luria Founders @IO01 on OT Cyber-Physical System CPS for Visibility & Control

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Feb 15, 2024 62:53


Podcast: ICS Cyber Talks PodcastEpisode: Itay Yanovski & Nimrod Luria Founders @IO01 on OT Cyber-Physical System CPS for Visibility & ControlPub date: 2024-02-10נחשון פינקו מארח את איתי ינובסקי ונמרוד לוריא מייסדי אי אוו אפס אחד, שניהם ידועים בתעשיית הסייבר הישראלית כיזמים מצליחים עם סטארטאפים בתחום אבטחת הסייבר שלהם לאורך העשורים האחרונים, ועדיין משתדלים להיות מתחת לראדר, בשיחה על הגנת סייבר למערכות תפעוליות ועל החשיבות של הכשרה מעשית למי שרוצים להצטרף לתחום מהן מערכות סייבר-פיזיות (סי.פי.אס) מדוע על התעשייה לשנות את הלך הרוח שלה מנראות לנראות ובקרה מהו פתרון אבטחת הסייבר קדברה של אי אוו אפס אחד מהי החשיבות של הכשרה מעשית כצוות כחול וצוות אדום עבור אלו המעוניינים להיכנס לתעשיית אבטחת הסייבר ועוד Nachshon Pincu hosts Itay Yanovski and Nimrod Luria Co-Founders and CEOs at IO01. Both are well known in the Israeli cyber industry as successful Entrepreneurs with their cybersecurity startups for the last two decades, in a conversation about OT cybersecurity defense and the importance of hands-on training for ICS/OT cyber specialists. What is Cyber-Physical Systems (CPS)? Why must the industry change its mindset from only Visibility, aka IDS, to Visibility & Control? What is the CADABRA cybersecurity solution? What is the importance of hands-on training as a blue team & red team for those wishing to enter the OT cybersecurity industry? and moreThe podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
Itay Yanovski & Nimrod Luria Founders @IO01 on OT Cyber-Physical System CPS for Visibility & Control

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Feb 15, 2024 62:53


Podcast: ICS Cyber Talks PodcastEpisode: Itay Yanovski & Nimrod Luria Founders @IO01 on OT Cyber-Physical System CPS for Visibility & ControlPub date: 2024-02-10נחשון פינקו מארח את איתי ינובסקי ונמרוד לוריא מייסדי אי אוו אפס אחד, שניהם ידועים בתעשיית הסייבר הישראלית כיזמים מצליחים עם סטארטאפים בתחום אבטחת הסייבר שלהם לאורך העשורים האחרונים, ועדיין משתדלים להיות מתחת לראדר, בשיחה על הגנת סייבר למערכות תפעוליות ועל החשיבות של הכשרה מעשית למי שרוצים להצטרף לתחום מהן מערכות סייבר-פיזיות (סי.פי.אס) מדוע על התעשייה לשנות את הלך הרוח שלה מנראות לנראות ובקרה מהו פתרון אבטחת הסייבר קדברה של אי אוו אפס אחד מהי החשיבות של הכשרה מעשית כצוות כחול וצוות אדום עבור אלו המעוניינים להיכנס לתעשיית אבטחת הסייבר ועוד Nachshon Pincu hosts Itay Yanovski and Nimrod Luria Co-Founders and CEOs at IO01. Both are well known in the Israeli cyber industry as successful Entrepreneurs with their cybersecurity startups for the last two decades, in a conversation about OT cybersecurity defense and the importance of hands-on training for ICS/OT cyber specialists. What is Cyber-Physical Systems (CPS)? Why must the industry change its mindset from only Visibility, aka IDS, to Visibility & Control? What is the CADABRA cybersecurity solution? What is the importance of hands-on training as a blue team & red team for those wishing to enter the OT cybersecurity industry? and moreThe podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
Operational Technology disruptions: An eye on the water sector.

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Feb 13, 2024 27:57


Podcast: Control Loop: The OT Cybersecurity Podcast (LS 34 · TOP 3% what is this?)Episode: Operational Technology disruptions: An eye on the water sector.Pub date: 2024-02-07Volt Typhoon targets US critical infrastructure. Ransomware attacks in the OT sector. Ransomware attack against Johnson Controls cost $27 million. Bill would add ICS security to President's Cup Cybersecurity Competition. Guest is Dragos CEO and Founder Robert M. Lee from the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob's opening statement before the committee. On the Learning Lab, we have the concluding part of a 2-part discussion on building community in OT that Dragos Mark Urban had with Dragos Strategic Accounts Director Sam Van Ryder. Control Loop News Brief.Volt Typhoon targets US critical infrastructure.Exclusive: US disabled Chinese hacking network targeting critical infrastructure (Reuters)Wray warns Chinese hackers are aiming to 'wreak havoc' on U.S. critical infrastructure (NPR)Ransomware attacks in the OT sector.Dragos Industrial Ransomware Analysis: Q4 2023 (Dragos)The Crisis of Convergence: OT/ICS Cybersecurity 2023 (TXOne Networks)Ransomware attack against Johnson Controls cost $27 million.Johnson Controls says ransomware attack cost $27 million, data stolen (BleepingComputer)Schneider Electric confirms ransomware attack.Schneider Electric confirms it was hit by ransomware attack (Silicon Republic)Energy giant Schneider Electric hit by Cactus ransomware attack (BleepingComputer)US sanctions Iranian officials for attacks on critical infrastructure.Treasury Sanctions Actors Responsible for Malicious Cyber Activities on Critical Infrastructure (OFAC)US House Energy Subcommittee holds hearing on cyberattacks against water infrastructure.US House Energy Subcommittee holds hearing on safeguarding drinking water infrastructure from cyberattacks (Industrial Cyber)Bill would add ICS security to President's Cup Cybersecurity Competition.Senate HSGAC Approves Cyber, Software Bills (Meritalk)Control Loop Interview.Dragos CEO and Founder Robert M. Lee testified at the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob's opening statement before the committee. The purpose of the hearing was to discuss threats to water and wastewater ICS/OT systems in the U.S. that have the potential to disrupt operations and pose safety risks and examine the steps needed to secure operational technology in the water sector. Read the press release. Watch the video of the hearing: Securing Operational Technology: A Deep Dive into the Water Sector. Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos Strategic Accounts Director Sam Van Ryder to conclude their discussion of building community in OT. Learn more about Hou.Sec.Con. Learn more about the Dragos Community Defense Program which provides free access to Dragos OT cybersecurity technology for qualifying utility providers to better protect their communities from potentially destructive cyber attacks.Control Loop Audience Survey.Please take a moment to fill out our super quick survey. Thanks!Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on N2K Networks website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
Operational Technology disruptions: An eye on the water sector.

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Feb 13, 2024 27:57


Podcast: Control Loop: The OT Cybersecurity Podcast (LS 35 · TOP 3% what is this?)Episode: Operational Technology disruptions: An eye on the water sector.Pub date: 2024-02-07Volt Typhoon targets US critical infrastructure. Ransomware attacks in the OT sector. Ransomware attack against Johnson Controls cost $27 million. Bill would add ICS security to President's Cup Cybersecurity Competition. Guest is Dragos CEO and Founder Robert M. Lee from the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob's opening statement before the committee. On the Learning Lab, we have the concluding part of a 2-part discussion on building community in OT that Dragos Mark Urban had with Dragos Strategic Accounts Director Sam Van Ryder. Control Loop News Brief.Volt Typhoon targets US critical infrastructure.Exclusive: US disabled Chinese hacking network targeting critical infrastructure (Reuters)Wray warns Chinese hackers are aiming to 'wreak havoc' on U.S. critical infrastructure (NPR)Ransomware attacks in the OT sector.Dragos Industrial Ransomware Analysis: Q4 2023 (Dragos)The Crisis of Convergence: OT/ICS Cybersecurity 2023 (TXOne Networks)Ransomware attack against Johnson Controls cost $27 million.Johnson Controls says ransomware attack cost $27 million, data stolen (BleepingComputer)Schneider Electric confirms ransomware attack.Schneider Electric confirms it was hit by ransomware attack (Silicon Republic)Energy giant Schneider Electric hit by Cactus ransomware attack (BleepingComputer)US sanctions Iranian officials for attacks on critical infrastructure.Treasury Sanctions Actors Responsible for Malicious Cyber Activities on Critical Infrastructure (OFAC)US House Energy Subcommittee holds hearing on cyberattacks against water infrastructure.US House Energy Subcommittee holds hearing on safeguarding drinking water infrastructure from cyberattacks (Industrial Cyber)Bill would add ICS security to President's Cup Cybersecurity Competition.Senate HSGAC Approves Cyber, Software Bills (Meritalk)Control Loop Interview.Dragos CEO and Founder Robert M. Lee testified at the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob's opening statement before the committee. The purpose of the hearing was to discuss threats to water and wastewater ICS/OT systems in the U.S. that have the potential to disrupt operations and pose safety risks and examine the steps needed to secure operational technology in the water sector. Read the press release. Watch the video of the hearing: Securing Operational Technology: A Deep Dive into the Water Sector. Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos Strategic Accounts Director Sam Van Ryder to conclude their discussion of building community in OT. Learn more about Hou.Sec.Con. Learn more about the Dragos Community Defense Program which provides free access to Dragos OT cybersecurity technology for qualifying utility providers to better protect their communities from potentially destructive cyber attacks.Control Loop Audience Survey.Please take a moment to fill out our super quick survey. Thanks!Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on N2K Networks website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

ICS Cyber Talks Podcast
Itay Yanovski & Nimrod Luria Founders @IO01 on OT Cyber-Physical System CPS for Visibility & Control

ICS Cyber Talks Podcast

Play Episode Listen Later Feb 10, 2024 62:53


נחשון פינקו מארח את איתי ינובסקי ונמרוד לוריא מייסדי אי אוו אפס אחד, שניהם ידועים בתעשיית הסייבר הישראלית כיזמים מצליחים עם סטארטאפים בתחום אבטחת הסייבר שלהם לאורך העשורים האחרונים, ועדיין משתדלים להיות מתחת לראדר, בשיחה על הגנת סייבר למערכות תפעוליות ועל החשיבות של הכשרה מעשית למי שרוצים להצטרף לתחום מהן מערכות סייבר-פיזיות (סי.פי.אס) מדוע על התעשייה לשנות את הלך הרוח שלה מנראות לנראות ובקרה מהו פתרון אבטחת הסייבר קדברה של אי אוו אפס אחד מהי החשיבות של הכשרה מעשית כצוות כחול וצוות אדום עבור אלו המעוניינים להיכנס לתעשיית אבטחת הסייבר ועוד Nachshon Pincu hosts Itay Yanovski and Nimrod Luria Co-Founders and CEOs at IO01. Both are well known in the Israeli cyber industry as successful Entrepreneurs with their cybersecurity startups for the last two decades, in a conversation about OT cybersecurity defense and the importance of hands-on training for ICS/OT cyber specialists. What is Cyber-Physical Systems (CPS)? Why must the industry change its mindset from only Visibility, aka IDS, to Visibility & Control? What is the CADABRA cybersecurity solution? What is the importance of hands-on training as a blue team & red team for those wishing to enter the OT cybersecurity industry? and more

Control Loop: The OT Cybersecurity Podcast
Operational Technology disruptions: An eye on the water sector.

Control Loop: The OT Cybersecurity Podcast

Play Episode Listen Later Feb 7, 2024 27:57


Volt Typhoon targets US critical infrastructure. Ransomware attacks in the OT sector. Ransomware attack against Johnson Controls cost $27 million. Bill would add ICS security to President's Cup Cybersecurity Competition. Guest is Dragos CEO and Founder Robert M. Lee from the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob's opening statement before the committee. On the Learning Lab, we have the concluding part of a 2-part discussion on building community in OT that Dragos Mark Urban had with Dragos Strategic Accounts Director Sam Van Ryder. Control Loop News Brief. Volt Typhoon targets US critical infrastructure. Exclusive: US disabled Chinese hacking network targeting critical infrastructure (Reuters) Wray warns Chinese hackers are aiming to 'wreak havoc' on U.S. critical infrastructure (NPR) Ransomware attacks in the OT sector. Dragos Industrial Ransomware Analysis: Q4 2023 (Dragos) The Crisis of Convergence: OT/ICS Cybersecurity 2023 (TXOne Networks) Ransomware attack against Johnson Controls cost $27 million. Johnson Controls says ransomware attack cost $27 million, data stolen (BleepingComputer) Schneider Electric confirms ransomware attack. Schneider Electric confirms it was hit by ransomware attack (Silicon Republic) Energy giant Schneider Electric hit by Cactus ransomware attack (BleepingComputer) US sanctions Iranian officials for attacks on critical infrastructure. Treasury Sanctions Actors Responsible for Malicious Cyber Activities on Critical Infrastructure (OFAC) US House Energy Subcommittee holds hearing on cyberattacks against water infrastructure. US House Energy Subcommittee holds hearing on safeguarding drinking water infrastructure from cyberattacks (Industrial Cyber) Bill would add ICS security to President's Cup Cybersecurity Competition. Senate HSGAC Approves Cyber, Software Bills (Meritalk) Control Loop Interview. Dragos CEO and Founder Robert M. Lee testified at the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob's opening statement before the committee. The purpose of the hearing was to discuss threats to water and wastewater ICS/OT systems in the U.S. that have the potential to disrupt operations and pose safety risks and examine the steps needed to secure operational technology in the water sector.  Read the press release. Watch the video of the hearing: Securing Operational Technology: A Deep Dive into the Water Sector.  Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Strategic Accounts Director Sam Van Ryder to conclude their discussion of building community in OT. Learn more about Hou.Sec.Con. Learn more about the Dragos Community Defense Program which provides free access to Dragos OT cybersecurity technology for qualifying utility providers to better protect their communities from potentially destructive cyber attacks. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website.

Manufacturing Hub
Ep. 140 - [Clint Bodungen] Hacking Exposed! ChatGPT for Cybersecurity Training, and More!

Manufacturing Hub

Play Episode Listen Later Dec 5, 2023 69:42


Clint Bodungen | Co-Founder / CEO @ ThreatGENClint Bodungen is a globally recognized cybersecurity professional and thought leader with over 25 years of experience (of which 20 years have been focused on ICS/OT cybersecurity). His journey in cybersecurity began at the age of eleven when he started programming on a Tandy 1200, and since then, his career has been nothing short of remarkable. A veteran of the United States Air Force, Clint has established himself as a prominent figure in the field, having worked for notable cybersecurity firms like Symantec, Industrial Defender, Booz Allen Hamilton, and Kaspersky Lab. His expertise extends to the impact of AI on cybersecurity, and he has played a pivotal role in addressing the industry's training and education gaps. Clint is renowned for his innovative approaches and has contributed to the field as the author of two books: the best seller, "Hacking Exposed: Industrial Control Systems," and the upcoming "ChatGPT for Cybersecurity Cookbook." He has written an array of articles, technical papers, and training courses, with a primary focus on cybersecurity vulnerability assessment, penetration testing/red teaming, and risk management. Even before the public emergence of generative AI and large language models (LLM), he had already developed a variety of cybersecurity tools and apps that leverage this technology. Over the past decade, Clint has been at the forefront of integrating gamification and AI applications into cybersecurity training. His dedication and innovation culminated in the creation of ThreatGEN® Red vs. Blue, the world's first online multiplayer cybersecurity game crafted to impart real-world cybersecurity skills. This flagship product marks Clint's foray as a pioneer in cybersecurity gamification, a testament to his progressive vision. Clint's enduring passion and goal are to redefine industry standards for cybersecurity education using computer gaming (gamification) and AI technology to present a revolutionary, engaging approach to this essential field, and set new precedents for effective and interactive learning.Clint rejoins Manufacturing Hub to shed some more light on hackers and what groups can do to learn more about cybersecurity.We'll get into Clint's new book: ChatGPT for Cybersecurity Cookbook.Plus, we'll check in on how Red vs. Blue continues to change about how we learn about cybersecurity.Thanks to Phoenix Contact USA for sponsoring this show and 100-year anniversary wishes. Connect with Us Clint Bodungen Vlad Romanov Dave Griffith Manufacturing Hub SolisPLC #manufacturing #automation #cybersecurity

@BEERISAC: CPS/ICS Security Podcast Playlist
Ron Brash: Understanding the Small Details to Define Risk

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Nov 25, 2023 55:36


Podcast: The PrOTect OT Cybersecurity Podcast (LS 29 · TOP 10% what is this?)Episode: Ron Brash: Understanding the Small Details to Define RiskPub date: 2023-11-23About Ron Brash: Ron Brash, a renowned figure in ICS/OT cybersecurity and embedded vulnerability research, garnered acclaim as the recipient of the Top 40 under 40 award for Engineering Leaders 2020 from Plant Engineering. Serving as the VP of Technical Research & Integrations at aDolus Technology Inc., Ron aligns his passion for ICS/OT security by leveraging his extensive experience in advising major asset owners across industries such as oil & gas, manufacturing, energy, and aviation. His notable achievements include playing a pivotal role in creating datasets for the S4 ICS Detection Challenges, reflecting his commitment to advancing industry standards and fostering innovation in cybersecurity.In this episode, Aaron and Ron Brash discuss:Understanding and managing vulnerabilities in OT systemsBalancing risk, detection, and recoveryExploring the intersection of cybersecurity, business risk, and vendor collaborationNavigating challenges in industrial networksKey Takeaways:In the complex world of industrial cybersecurity, understanding and managing vulnerabilities is like conducting a home inspection or maintaining a car—focus on what matters most, prioritize based on critical assets, and approach it with a measured, pragmatic strategy rather than panicking in the face of a long list of issues.Achieving zero incidents is an unrealistic goal, and the focus should shift towards proactive detection, deflection, and defense, along with a robust recovery plan, emphasizing the importance of people, processes, and technology, particularly in the context of evolving technologies and complex vendor landscapes.The key to cybersecurity success lies in translating technical intricacies into tangible business value, effectively correlating cyber and architectural considerations to business risk, as demonstrated by a strategic approach involving transparency, attestation, and collaboration with vendors, ultimately leading to improved security measures and operational efficiency.Navigating the challenges of aging industrial systems, transparency issues in software development, and evolving threat landscapes underscores the crucial importance of a collaborative community effort to ensure the resilience and security of critical infrastructure in the face of emerging threats."Some are very forward-leaning and some believe in the democratization of data, and some are more old school and don't want to share a thing. Within the realm of business, and to be truly fair, no business is homogenous. So, there are different business units that might be more modern and more open facing, and others that are like, don't touch this because you don't know what other industries we're working in." — Ron Brash Connect with Ron Brash: Email: ron.brash@adolus.comWebsite: www.adolus.comLinkedIn: https://www.linkedin.com/company/adolus & https://www.linkedin.com/in/ronbrash/Twitter: https://twitter.com/ron_brashConnect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
Ron Brash: Understanding the Small Details to Define Risk

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Nov 25, 2023 55:36


Podcast: The PrOTect OT Cybersecurity Podcast (LS 31 · TOP 5% what is this?)Episode: Ron Brash: Understanding the Small Details to Define RiskPub date: 2023-11-23About Ron Brash: Ron Brash, a renowned figure in ICS/OT cybersecurity and embedded vulnerability research, garnered acclaim as the recipient of the Top 40 under 40 award for Engineering Leaders 2020 from Plant Engineering. Serving as the VP of Technical Research & Integrations at aDolus Technology Inc., Ron aligns his passion for ICS/OT security by leveraging his extensive experience in advising major asset owners across industries such as oil & gas, manufacturing, energy, and aviation. His notable achievements include playing a pivotal role in creating datasets for the S4 ICS Detection Challenges, reflecting his commitment to advancing industry standards and fostering innovation in cybersecurity.In this episode, Aaron and Ron Brash discuss:Understanding and managing vulnerabilities in OT systemsBalancing risk, detection, and recoveryExploring the intersection of cybersecurity, business risk, and vendor collaborationNavigating challenges in industrial networksKey Takeaways:In the complex world of industrial cybersecurity, understanding and managing vulnerabilities is like conducting a home inspection or maintaining a car—focus on what matters most, prioritize based on critical assets, and approach it with a measured, pragmatic strategy rather than panicking in the face of a long list of issues.Achieving zero incidents is an unrealistic goal, and the focus should shift towards proactive detection, deflection, and defense, along with a robust recovery plan, emphasizing the importance of people, processes, and technology, particularly in the context of evolving technologies and complex vendor landscapes.The key to cybersecurity success lies in translating technical intricacies into tangible business value, effectively correlating cyber and architectural considerations to business risk, as demonstrated by a strategic approach involving transparency, attestation, and collaboration with vendors, ultimately leading to improved security measures and operational efficiency.Navigating the challenges of aging industrial systems, transparency issues in software development, and evolving threat landscapes underscores the crucial importance of a collaborative community effort to ensure the resilience and security of critical infrastructure in the face of emerging threats."Some are very forward-leaning and some believe in the democratization of data, and some are more old school and don't want to share a thing. Within the realm of business, and to be truly fair, no business is homogenous. So, there are different business units that might be more modern and more open facing, and others that are like, don't touch this because you don't know what other industries we're working in." — Ron Brash Connect with Ron Brash: Email: ron.brash@adolus.comWebsite: www.adolus.comLinkedIn: https://www.linkedin.com/company/adolus & https://www.linkedin.com/in/ronbrash/Twitter: https://twitter.com/ron_brashConnect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The PrOTect OT Cybersecurity Podcast
Ron Brash: Understanding the Small Details to Define Risk

The PrOTect OT Cybersecurity Podcast

Play Episode Listen Later Nov 23, 2023 55:36


About Ron Brash: Ron Brash, a renowned figure in ICS/OT cybersecurity and embedded vulnerability research, garnered acclaim as the recipient of the Top 40 under 40 award for Engineering Leaders 2020 from Plant Engineering. Serving as the VP of Technical Research & Integrations at aDolus Technology Inc., Ron aligns his passion for ICS/OT security by leveraging his extensive experience in advising major asset owners across industries such as oil & gas, manufacturing, energy, and aviation. His notable achievements include playing a pivotal role in creating datasets for the S4 ICS Detection Challenges, reflecting his commitment to advancing industry standards and fostering innovation in cybersecurity.In this episode, Aaron and Ron Brash discuss:Understanding and managing vulnerabilities in OT systemsBalancing risk, detection, and recoveryExploring the intersection of cybersecurity, business risk, and vendor collaborationNavigating challenges in industrial networksKey Takeaways:In the complex world of industrial cybersecurity, understanding and managing vulnerabilities is like conducting a home inspection or maintaining a car—focus on what matters most, prioritize based on critical assets, and approach it with a measured, pragmatic strategy rather than panicking in the face of a long list of issues.Achieving zero incidents is an unrealistic goal, and the focus should shift towards proactive detection, deflection, and defense, along with a robust recovery plan, emphasizing the importance of people, processes, and technology, particularly in the context of evolving technologies and complex vendor landscapes.The key to cybersecurity success lies in translating technical intricacies into tangible business value, effectively correlating cyber and architectural considerations to business risk, as demonstrated by a strategic approach involving transparency, attestation, and collaboration with vendors, ultimately leading to improved security measures and operational efficiency.Navigating the challenges of aging industrial systems, transparency issues in software development, and evolving threat landscapes underscores the crucial importance of a collaborative community effort to ensure the resilience and security of critical infrastructure in the face of emerging threats."Some are very forward-leaning and some believe in the democratization of data, and some are more old school and don't want to share a thing. Within the realm of business, and to be truly fair, no business is homogenous. So, there are different business units that might be more modern and more open facing, and others that are like, don't touch this because you don't know what other industries we're working in." — Ron Brash Connect with Ron Brash: Email: ron.brash@adolus.comWebsite: www.adolus.comLinkedIn: https://www.linkedin.com/company/adolus & https://www.linkedin.com/in/ronbrash/Twitter: https://twitter.com/ron_brashConnect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

@BEERISAC: CPS/ICS Security Podcast Playlist
Michael Holcomb: The Journey from IT to OT and Strengthening IT-OT Partnership

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Nov 20, 2023 49:05


Podcast: The PrOTect OT Cybersecurity Podcast (LS 31 · TOP 5% what is this?)Episode: Michael Holcomb: The Journey from IT to OT and Strengthening IT-OT PartnershipPub date: 2023-11-16About Michael Holcomb: Michael Holcomb is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, a prominent engineering, procurement, and construction company. In his current role, he focuses on securing vast ICS/OT environments, ranging from power plants and commuter rail to manufacturing facilities and refineries. Currently pursuing his Master's thesis on Programmable Logic Controllers' attack surface with the SANS Technology Institute, he holds multiple cyber security and ICS/OT certifications like CISSP, GRID, GICSP, GCIP, GPEN, GCIH, and ISA 62443. Beyond his professional endeavors, he founded the UpstateSC ISSA Chapter and BSides Greenville conference, and authored and taught cyber security courses at Greenville Technical College, earning him the CyberSC's MG Lester D. Eisner Award for Cyber Excellence in Leadership for South Carolina in 2023. In this episode, Aaron and Michael Holcomb discuss:○ Closing the IT-OT skills gap in cybersecurity○ Navigating the path to cybersecurity expertise○ The intersection of OT cybersecurity and networking○ The evolving landscape of OT cybersecurity Key Takeaways:○ Bridging the gap between IT professionals learning to think like engineers and OT specialists embracing cybersecurity not only enhances collaboration but also strengthens our ability to secure critical infrastructures, a journey that demands time, dedication, and a shared commitment to a safer digital future.○ Embracing a multidisciplinary approach and fostering collaboration between IT and OT professionals, along with hands-on experience and continuous learning, is the key to breaking into the rapidly evolving field of cybersecurity, transforming passion and knowledge into practical expertise.○ Mastering networking fundamentals is the key to bridging the gap between IT and engineering, enabling the design of resilient systems that prevent costly operational disruptions, and emphasizing the need for continuous learning and collaboration in this dynamic field.○ The integration of IT technologies into OT without adequate expertise has led to vulnerabilities; expecting OT professionals to handle cybersecurity is akin to asking a plumber to do electrical work. While progress is being made, the industry must prepare for a potentially catastrophic event to truly acknowledge the importance of cybersecurity in OT. "One of the things that's sad to me about the OT cybersecurity industry, and this even goes for folks that are new to the industry and even some of the old players that have been out there for 20, 30, maybe 40 years plus, is that there's still, in some respects, not a lot of concern around what it's going to take for people to take cybersecurity and OT seriously. And so there's going to be that event one day, where people are going to die, right? That is going to finally force people to take cybersecurity and OT seriously." — Michael Holcomb Connect with Michael Holcomb: Email: michael.holcomb@fluor.comWebsite: www.fluor.comLinkedIn: www.linkedin.com/in/mikeholcombYouTube: https://www.youtube.com/@utilsec Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120 Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
Michael Holcomb: The Journey from IT to OT and Strengthening IT-OT Partnership

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Nov 20, 2023 49:05


Podcast: The PrOTect OT Cybersecurity Podcast (LS 29 · TOP 10% what is this?)Episode: Michael Holcomb: The Journey from IT to OT and Strengthening IT-OT PartnershipPub date: 2023-11-16About Michael Holcomb: Michael Holcomb is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, a prominent engineering, procurement, and construction company. In his current role, he focuses on securing vast ICS/OT environments, ranging from power plants and commuter rail to manufacturing facilities and refineries. Currently pursuing his Master's thesis on Programmable Logic Controllers' attack surface with the SANS Technology Institute, he holds multiple cyber security and ICS/OT certifications like CISSP, GRID, GICSP, GCIP, GPEN, GCIH, and ISA 62443. Beyond his professional endeavors, he founded the UpstateSC ISSA Chapter and BSides Greenville conference, and authored and taught cyber security courses at Greenville Technical College, earning him the CyberSC's MG Lester D. Eisner Award for Cyber Excellence in Leadership for South Carolina in 2023. In this episode, Aaron and Michael Holcomb discuss:○ Closing the IT-OT skills gap in cybersecurity○ Navigating the path to cybersecurity expertise○ The intersection of OT cybersecurity and networking○ The evolving landscape of OT cybersecurity Key Takeaways:○ Bridging the gap between IT professionals learning to think like engineers and OT specialists embracing cybersecurity not only enhances collaboration but also strengthens our ability to secure critical infrastructures, a journey that demands time, dedication, and a shared commitment to a safer digital future.○ Embracing a multidisciplinary approach and fostering collaboration between IT and OT professionals, along with hands-on experience and continuous learning, is the key to breaking into the rapidly evolving field of cybersecurity, transforming passion and knowledge into practical expertise.○ Mastering networking fundamentals is the key to bridging the gap between IT and engineering, enabling the design of resilient systems that prevent costly operational disruptions, and emphasizing the need for continuous learning and collaboration in this dynamic field.○ The integration of IT technologies into OT without adequate expertise has led to vulnerabilities; expecting OT professionals to handle cybersecurity is akin to asking a plumber to do electrical work. While progress is being made, the industry must prepare for a potentially catastrophic event to truly acknowledge the importance of cybersecurity in OT. "One of the things that's sad to me about the OT cybersecurity industry, and this even goes for folks that are new to the industry and even some of the old players that have been out there for 20, 30, maybe 40 years plus, is that there's still, in some respects, not a lot of concern around what it's going to take for people to take cybersecurity and OT seriously. And so there's going to be that event one day, where people are going to die, right? That is going to finally force people to take cybersecurity and OT seriously." — Michael Holcomb Connect with Michael Holcomb: Email: michael.holcomb@fluor.comWebsite: www.fluor.comLinkedIn: www.linkedin.com/in/mikeholcombYouTube: https://www.youtube.com/@utilsec Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120 Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The PrOTect OT Cybersecurity Podcast
Michael Holcomb: The Journey from IT to OT and Strengthening IT-OT Partnership

The PrOTect OT Cybersecurity Podcast

Play Episode Listen Later Nov 16, 2023 49:05


About Michael Holcomb: Michael Holcomb is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, a prominent engineering, procurement, and construction company. In his current role, he focuses on securing vast ICS/OT environments, ranging from power plants and commuter rail to manufacturing facilities and refineries. Currently pursuing his Master's thesis on Programmable Logic Controllers' attack surface with the SANS Technology Institute, he holds multiple cyber security and ICS/OT certifications like CISSP, GRID, GICSP, GCIP, GPEN, GCIH, and ISA 62443. Beyond his professional endeavors, he founded the UpstateSC ISSA Chapter and BSides Greenville conference, and authored and taught cyber security courses at Greenville Technical College, earning him the CyberSC's MG Lester D. Eisner Award for Cyber Excellence in Leadership for South Carolina in 2023. In this episode, Aaron and Michael Holcomb discuss:○ Closing the IT-OT skills gap in cybersecurity○ Navigating the path to cybersecurity expertise○ The intersection of OT cybersecurity and networking○ The evolving landscape of OT cybersecurity Key Takeaways:○ Bridging the gap between IT professionals learning to think like engineers and OT specialists embracing cybersecurity not only enhances collaboration but also strengthens our ability to secure critical infrastructures, a journey that demands time, dedication, and a shared commitment to a safer digital future.○ Embracing a multidisciplinary approach and fostering collaboration between IT and OT professionals, along with hands-on experience and continuous learning, is the key to breaking into the rapidly evolving field of cybersecurity, transforming passion and knowledge into practical expertise.○ Mastering networking fundamentals is the key to bridging the gap between IT and engineering, enabling the design of resilient systems that prevent costly operational disruptions, and emphasizing the need for continuous learning and collaboration in this dynamic field.○ The integration of IT technologies into OT without adequate expertise has led to vulnerabilities; expecting OT professionals to handle cybersecurity is akin to asking a plumber to do electrical work. While progress is being made, the industry must prepare for a potentially catastrophic event to truly acknowledge the importance of cybersecurity in OT. "One of the things that's sad to me about the OT cybersecurity industry, and this even goes for folks that are new to the industry and even some of the old players that have been out there for 20, 30, maybe 40 years plus, is that there's still, in some respects, not a lot of concern around what it's going to take for people to take cybersecurity and OT seriously. And so there's going to be that event one day, where people are going to die, right? That is going to finally force people to take cybersecurity and OT seriously." — Michael Holcomb Connect with Michael Holcomb: Email: michael.holcomb@fluor.comWebsite: www.fluor.comLinkedIn: www.linkedin.com/in/mikeholcombYouTube: https://www.youtube.com/@utilsec Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120 Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

CERIAS Security Seminar Podcast
Wen Masters, Cyber Risk Analysis for Critical Infrastructure

CERIAS Security Seminar Podcast

Play Episode Listen Later Nov 8, 2023 39:03


 This is a hybrid event. Students are encouraged to attend in person: STEW 209. Operational technology (OT) and industrial control systems (ICS) need innovative cybersecurity solutions that go beyond compliance-based security controls in order to be more resilient against increasing cyber threats.  This talk describes MITRE Infrastructure Susceptibility Analysis (ISA) that helps ICS/OT organizations to effectively assess risk and prioritize mitigations. About the speaker: As a science and technology leader and strategist, Dr. Wen Masters' career has spanned 30+years with government, academia, R&D centers, and not-for-profit organizations, leading impactful science and technology research and development.                    Currently, Wen is Vice President for Cyber Technologies at the MITRE Corporation, a not-for-profit organization that manages six federally funded research and development centers with a mission to solve problems for a safer world. In this role, Wen drives MITRE's cybersecurity strategy, champions for MITRE's cybersecurity capabilities, and oversees MITRE's innovation centers with a team of 1,200 professionals developing innovative technologies that address the nation's toughest cyber challenges to deliver capabilities for sponsors and public.Before joining MITRE, Wen was Deputy Director of Research at Georgia Tech Research Institute.She oversaw research in data science, information science, communications, computational science and engineering, quantum information science, and cybersecurity.Prior to Georgia Tech, Wen spent more than two decades as a federal government civilian and a member of the Senior Executive Service of America at the Office of Naval Research (ONR) and the National Science Foundation (NSF). At NSF, she served as the Lead Program Director for the Math Priority Area and a Managing Director for two Mathematical Sciences Institutes. At ONR,she led the Navy's Integrated Science and Technology research and development portfolio in applied mathematics, computer science and engineering, information science, communications,machine learning and artificial intelligence, electronics, and electrical engineering, as well as their applications for war fighting capabilities and national security. For the impact of her efforts, the Navy honored Wen with many awards, including the Distinguished Civilian Service Medal, the highest honorary award given by the Secretary of the Navy.                    Before her long career in the federal government, Wen worked at the Jet Propulsion Laboratory in Pasadena, California where she was responsible for orbit determination for NASA's deep space exploration missions, including Magellan, Galileo, and Cassini.                    Wen is a member of the National Academy of Sciences Naval Studies Board, Board of Trustees of the UCLA Institute for Pure and Applied Mathematics, and External Advisory Board of the Texas A&M University Global Cyber Research Institute.

@BEERISAC: CPS/ICS Security Podcast Playlist
Ian Frist: Beyond Buzzwords, Building Effective Programs in OT Security

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Aug 25, 2023 50:51


Podcast: The PrOTect OT Cybersecurity Podcast (LS 29 · TOP 10% what is this?)Episode: Ian Frist: Beyond Buzzwords, Building Effective Programs in OT SecurityPub date: 2023-08-24About Ian Frist: Ian Frist is the Cybersecurity Compliance Program Director at Corning, boasting a MS in Cybersecurity. With a dynamic background spanning both private sector and government roles, Ian's expertise encompasses NIST, CIS, and CMMC frameworks. Currently leading Corning's compliance team within the cybersecurity group, Ian's journey ventured from accidental entry into ICS/OT through the National Guard, where even as a medic, he embraced the cyber realm. Transitioning into compliance and GRC, Ian's enduring passion for ICS/OT continues, evident through speaking engagements at prestigious events like SANS conferences, reflecting his commitment to both fields.In this episode, Aaron and Ian Frist discuss:Navigating compliance and cybersecurity in the changing landscape of OTBuilding effective cybersecurity programsIntegrating cybersecurity in OTImplementing effective asset management and inventory in manufacturingKey Takeaways:Compliance is shifting from a mere checkbox exercise to a powerful lever that compels organizations, including manufacturing and utilities, to elevate their OT cybersecurity by setting a baseline of controls and risk management strategies, bridging the gap between different industries' cybersecurity maturity levels while emphasizing the imperative to safeguard critical operations and infrastructure.In the complex landscape of cybersecurity, building a comprehensive program that understands and manages the unique assets, risks, and impact of your organization's operations is paramount, transcending mere reliance on tools and instead emphasizing a holistic approach to preparedness and response.Building redundancy and preparedness into systems is common practice, but the often overlooked key is to integrate cybersecurity understanding, people, processes, and technology from the start to truly fortify against a wide range of potential incidents and ensure resilient operations.Navigating the complexities of asset management and inventory in manufacturing requires acknowledging the need for an initial manual effort, understanding the limitations of automation tools, setting realistic and adaptable goals that balance compliance and risk, and embracing the ongoing commitment required for effective governance. "Don't fall for a buzzword, build a program. I think we're going to have to keep watching out for that moving forward." — Ian Frist Connect with Ian Frist: Website: https://www.corning.com/worldwide/en.htmlEmail: fristis@corning.comLinkedIn: https://www.linkedin.com/in/ian-frist-ms-cybersecurity-cissp-cmmc-pa-pi-3028a9181/Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

The PrOTect OT Cybersecurity Podcast
Ian Frist: Beyond Buzzwords, Building Effective Programs in OT Security

The PrOTect OT Cybersecurity Podcast

Play Episode Listen Later Aug 24, 2023 50:51


About Ian Frist: Ian Frist is the Cybersecurity Compliance Program Director at Corning, boasting a MS in Cybersecurity. With a dynamic background spanning both private sector and government roles, Ian's expertise encompasses NIST, CIS, and CMMC frameworks. Currently leading Corning's compliance team within the cybersecurity group, Ian's journey ventured from accidental entry into ICS/OT through the National Guard, where even as a medic, he embraced the cyber realm. Transitioning into compliance and GRC, Ian's enduring passion for ICS/OT continues, evident through speaking engagements at prestigious events like SANS conferences, reflecting his commitment to both fields.In this episode, Aaron and Ian Frist discuss:Navigating compliance and cybersecurity in the changing landscape of OTBuilding effective cybersecurity programsIntegrating cybersecurity in OTImplementing effective asset management and inventory in manufacturingKey Takeaways:Compliance is shifting from a mere checkbox exercise to a powerful lever that compels organizations, including manufacturing and utilities, to elevate their OT cybersecurity by setting a baseline of controls and risk management strategies, bridging the gap between different industries' cybersecurity maturity levels while emphasizing the imperative to safeguard critical operations and infrastructure.In the complex landscape of cybersecurity, building a comprehensive program that understands and manages the unique assets, risks, and impact of your organization's operations is paramount, transcending mere reliance on tools and instead emphasizing a holistic approach to preparedness and response.Building redundancy and preparedness into systems is common practice, but the often overlooked key is to integrate cybersecurity understanding, people, processes, and technology from the start to truly fortify against a wide range of potential incidents and ensure resilient operations.Navigating the complexities of asset management and inventory in manufacturing requires acknowledging the need for an initial manual effort, understanding the limitations of automation tools, setting realistic and adaptable goals that balance compliance and risk, and embracing the ongoing commitment required for effective governance. "Don't fall for a buzzword, build a program. I think we're going to have to keep watching out for that moving forward." — Ian Frist Connect with Ian Frist: Website: https://www.corning.com/worldwide/en.htmlEmail: fristis@corning.comLinkedIn: https://www.linkedin.com/in/ian-frist-ms-cybersecurity-cissp-cmmc-pa-pi-3028a9181/Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

@BEERISAC: CPS/ICS Security Podcast Playlist
Assaf Hazan VP Technologies @Kaspersky Israel about Kaspersky's ICS/OT cyber endpoint & PLC defense

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Aug 18, 2023 57:47


Podcast: ICS Cyber Talks PodcastEpisode: Assaf Hazan VP Technologies @Kaspersky Israel about Kaspersky's ICS/OT cyber endpoint & PLC defensePub date: 2023-08-16Nachshon Pincu hosts Assaf Hazan VP Technologies at Kaspersky Israel in a conversation about ICS/OT cyber defense. The difference between protecting IT and OT infrastructure. The need for safeguarding old and unsupported operating systems. Kaspersky's holistic defense point of view for ICS/OT. About the Kaspersky Company (history, disengagement from Russia, technology) What does it mean to protect computing in an OT environment, and how is it different from an IT environment? What is Kaspersky's holistic defense concept for OT, and how is this reflected in the protection controllers? Is it possible to install an agent on old-generation controllers? What is the future in the face of the development of new controllers that already have clear signs of computing? Examples of Kaspersky's activity with control manufacturers (firmware testing, certification, etc.) And more… נחשון פינקו מארח את אסף חזן, סמנכ"ל טכנולוגיות בקספרסקי ישראל בשיחה על הגנה על מערכות תפעוליות, הפערים והשוני בהגנה על סביבות מידע וסביבות תפעוליות, הצורך  בהמשך מתן הגנה למערכות הפעלה ישנות שאינו נתמכות ע"י היצרן והתפיסה ההוליסטית על חברת קספרסקי (היסטוריה וטכנולוגיה) מה המשמעות של הגנה על סביבות תפעוליות ובמה זה שונה מסביבת אי.טי מה תפיסת ההגנה ההוליסטית של קספרסקי לסביבות תפעוליות ואיך זה בא לידי ביטוי בהגנה גם על בקרים האם ניתן להתקין איג'נט על בקרים מהדור הישן מה העתיד מול התפתחות הבקרים החדשים שיש בהם כבר סממנים מובהקים של מחשוב דוגמאות לפעילות של קספרסקי מול יצרני הבקרה - בדיקות קושחה, הסמכות וכדומה ועוד  The podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

ICS Cyber Talks Podcast
Assaf Hazan VP Technologies @Kaspersky Israel about Kaspersky's ICS/OT cyber endpoint & PLC defense

ICS Cyber Talks Podcast

Play Episode Listen Later Aug 16, 2023 57:47


Nachshon Pincu hosts Assaf Hazan VP Technologies at Kaspersky Israel in a conversation about ICS/OT cyber defense. The difference between protecting IT and OT infrastructure. The need for safeguarding old and unsupported operating systems. Kaspersky's holistic defense point of view for ICS/OT. About the Kaspersky Company (history, disengagement from Russia, technology) What does it mean to protect computing in an OT environment, and how is it different from an IT environment? What is Kaspersky's holistic defense concept for OT, and how is this reflected in the protection controllers? Is it possible to install an agent on old-generation controllers? What is the future in the face of the development of new controllers that already have clear signs of computing? Examples of Kaspersky's activity with control manufacturers (firmware testing, certification, etc.) And more… נחשון פינקו מארח את אסף חזן, סמנכ"ל טכנולוגיות בקספרסקי ישראל בשיחה על הגנה על מערכות תפעוליות, הפערים והשוני בהגנה על סביבות מידע וסביבות תפעוליות, הצורך  בהמשך מתן הגנה למערכות הפעלה ישנות שאינו נתמכות ע"י היצרן והתפיסה ההוליסטית על חברת קספרסקי (היסטוריה וטכנולוגיה) מה המשמעות של הגנה על סביבות תפעוליות ובמה זה שונה מסביבת אי.טי מה תפיסת ההגנה ההוליסטית של קספרסקי לסביבות תפעוליות ואיך זה בא לידי ביטוי בהגנה גם על בקרים האם ניתן להתקין איג'נט על בקרים מהדור הישן מה העתיד מול התפתחות הבקרים החדשים שיש בהם כבר סממנים מובהקים של מחשוב דוגמאות לפעילות של קספרסקי מול יצרני הבקרה - בדיקות קושחה, הסמכות וכדומה ועוד  

IoT: The Internet of Threats
Cybersecurity Ratings: A New Dawn in IoT or Just Another Day? with Larry Pesce, Product Security Research and Analysis Director, Finite State

IoT: The Internet of Threats

Play Episode Listen Later Jul 28, 2023 27:53


On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and Larry Pesce (Finite State Director of Product Security Research and Analysis) delve into the recently announced U.S. Cyber Trust Mark, a cybersecurity labeling program for IoT devices - a long-anticipated directive of Executive Order 14028.   Larry and Eric explore how, in contrast to static ratings like ENERGY STAR, this dynamic IoT security score will attempt to reflect the continually evolving landscape of cybersecurity threats and controls. They delve into the efficacy of this voluntary labeling program: Will consumers use it? Will manufacturers comply (and raise prices) or ignore it?   Together, Larry and Eric discuss the initial criteria for assigning these security scores and the user-friendly implementation strategies like QR codes. They also tackle the implications of this program on various connected devices, from baby monitors to solar panels, analyzing whether this voluntary program will see widespread adoption across various industries with varied potential risks (from privacy violations to deadly fires).   In the discussion, Larry turns the tables and asks Eric about the FCC's unexpected role in enforcing IoT labeling compliance and how this labeling initiative aligns with the broader trend towards transparency and accountability in device security regulation and progress.    Interview with Larry Pesce    Since joining Finite State, Larry has been providing expert product security program design and development as well as IoT pen testing services and guidance to product security teams worldwide. He is also a Certified Instructor at the SANS Institute and has co-hosted the Paul's Security Weekly podcast since 2005. Before joining Finite State, Larry spent 15 years as a penetration tester (among other various roles) focused on healthcare, ICS/OT, wireless, and IoT/IIoT embedded devices. Larry holds several GIAC certifications and earned his B.S. in Computer Information Systems from Roger Williams University.    Join in on this insightful discussion where Eric and Larry consider: Similarities and differences between the IoT labeling and ENERGY STAR rating programs  The need to reflect the ever-changing nature of cybersecurity risk and controls within cybersecurity scores  How, and how much, consumers will actually use the score and value higher-rated devices Criteria considered when assigning the scores and where labels will appear  The varying impacts of a voluntary IoT labeling program on consumer vs. industrial connected device cybersecurity The surprising role of the FCC as the enforcing regulator for IoT labeling compliance   Find Larry on LinkedIn: Larry Pesce: https://linkedin.com/in/larrypesce   Learn more about Finite State: https://finitestate.io/   Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/    

@BEERISAC: CPS/ICS Security Podcast Playlist
ICS Security Quarter In Review Q2-2023

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jul 11, 2023 60:24


Podcast: Unsolicited Response (LS 33 · TOP 5% what is this?)Episode: ICS Security Quarter In Review Q2-2023Pub date: 2023-07-05Mark Hyman of Verge Management Group joins Dale to discuss the big 3 stories of Q2 along with their win, fail and predication. Big Stories The OT Security Layoffs (Mark is a recruiter specialized in ICS/OT security) Still No US National Cyber Director? The Merck NotPetya Insurance Claim Ruling Plus they both have a win, fail and prediction at the end.The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Unsolicited Response Podcast
ICS Security Quarter In Review Q2-2023

Unsolicited Response Podcast

Play Episode Listen Later Jul 5, 2023 60:24


Mark Hyman of Verge Management Group joins Dale to discuss the big 3 stories of Q2 along with their win, fail and predication. Big Stories The OT Security Layoffs (Mark is a recruiter specialized in ICS/OT security) Still No US National Cyber Director? The Merck NotPetya Insurance Claim Ruling Plus they both have a win, fail and prediction at the end.

@BEERISAC: CPS/ICS Security Podcast Playlist
Cyber Edu 4: May Brooks-Kempler Director @CRS ISC2 Instructor CISSP & HCISPP about CyberSec training

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jun 18, 2023 63:11


Podcast: ICS Cyber Talks PodcastEpisode: Cyber Edu 4: May Brooks-Kempler Director @CRS ISC2 Instructor CISSP & HCISPP about CyberSec trainingPub date: 2023-06-17נחשון פינקו ומלי בר מארחים את מיי (מיטל) ברוקס קמפלר דירקטורית בחברת סייבר באבו דאבי, יועצת, מרצה ומכשירה וותיקה לסיסויים למבחני אי.אס.סי בריבוע מה הם האתגרים של הכשרת סייבר בישראל מה המסלול הנכון למי שרוצה להיכנס לתחום הסייבר בישראל עלויות ההכשרה לסייבר מהווה לא פעם חסם להתמקצעות. מדובר בהרבה אלפי שקלים עד עשרות אלפי שקלים. מדובר בנושא "כואב" ולא פשוט למי שאין את האמצעים, האם קיימת דרך לחסוך חלק מהעלויות? את מראשוני/ות העוסקים בהכשרה להסמכות סייבר בינלאומיות בישראל. מעבר לתעודה, האם יש ערך מוסף לקורס שעוסקים באתגרים של הכשרת לסייבר הנושא מועצם פי כמה וכמה שמגיעים לנושא הכשרת סייבר לסביבות תפעוליות.  מאיפה מתחילים ומה לדעתך הדרישות המקדמיות ממי שרוצה ללמוד ולהיכנס לתחום הסייבר בכלל ומערכות תפעוליות בפרט Nachshon Pincu and Mally Bar co-hosting May (Maytal) Brooks-Kempler, Director at Cyber Range Solutions inc (CRS) and ISC2 Instructor for CISSP ו& HCISPP. Discussing Cyber Security Education and training. Cyber training in Israel, what are the challenges? What do you think is the right path for those who want to enter the cyber field in Israel? The costs of cyber training are often a barrier to professionalization. It is about many thousands of shekels to tens of thousands of shekels, and it is a "painful" issue and not easy for those who don't have the means. Is there a way to save some of the costs? You are among the first to train for the CISSP exams in Israel and have invested a lot in the subject. Beyond the test and the certificate, is there any added value to the course? We said that there are challenges in cyber training. The issue is often intensified in ICS/OT cyber training. Where do you start, and what are the preliminary requirements for those who want to study and enter the field? And moreThe podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

ICS Cyber Talks Podcast
Cyber Edu 4: May Brooks-Kempler Director @CRS ISC2 Instructor CISSP & HCISPP about CyberSec training

ICS Cyber Talks Podcast

Play Episode Listen Later Jun 17, 2023 63:11


נחשון פינקו ומלי בר מארחים את מיי (מיטל) ברוקס קמפלר דירקטורית בחברת סייבר באבו דאבי, יועצת, מרצה ומכשירה וותיקה לסיסויים למבחני אי.אס.סי בריבוע מה הם האתגרים של הכשרת סייבר בישראל מה המסלול הנכון למי שרוצה להיכנס לתחום הסייבר בישראל עלויות ההכשרה לסייבר מהווה לא פעם חסם להתמקצעות. מדובר בהרבה אלפי שקלים עד עשרות אלפי שקלים. מדובר בנושא "כואב" ולא פשוט למי שאין את האמצעים, האם קיימת דרך לחסוך חלק מהעלויות? את מראשוני/ות העוסקים בהכשרה להסמכות סייבר בינלאומיות בישראל. מעבר לתעודה, האם יש ערך מוסף לקורס שעוסקים באתגרים של הכשרת לסייבר הנושא מועצם פי כמה וכמה שמגיעים לנושא הכשרת סייבר לסביבות תפעוליות.  מאיפה מתחילים ומה לדעתך הדרישות המקדמיות ממי שרוצה ללמוד ולהיכנס לתחום הסייבר בכלל ומערכות תפעוליות בפרט Nachshon Pincu and Mally Bar co-hosting May (Maytal) Brooks-Kempler, Director at Cyber Range Solutions inc (CRS) and ISC2 Instructor for CISSP ו& HCISPP. Discussing Cyber Security Education and training. Cyber training in Israel, what are the challenges? What do you think is the right path for those who want to enter the cyber field in Israel? The costs of cyber training are often a barrier to professionalization. It is about many thousands of shekels to tens of thousands of shekels, and it is a "painful" issue and not easy for those who don't have the means. Is there a way to save some of the costs? You are among the first to train for the CISSP exams in Israel and have invested a lot in the subject. Beyond the test and the certificate, is there any added value to the course? We said that there are challenges in cyber training. The issue is often intensified in ICS/OT cyber training. Where do you start, and what are the preliminary requirements for those who want to study and enter the field? And more

Coffee Talk with SURGe
Coffee Talk with SURGe: 2022-APR-19 MS-RPC Vulnerability, Lazarus, Pipedream

Coffee Talk with SURGe

Play Episode Listen Later Jun 14, 2023 31:53


Grab a cup of coffee and join Ryan Kovar, Audra Streetman, and Mick Baccio for another episode of Coffee Talk with SURGe. You can watch the episode livestream here.    This week the team from Splunk discussed the latest security news, including the MS-RPC vulnerability CVE 2022 26809, a CISA alert about the North Korean state-sponsored Lazarus Group, and Sunday's 60 Minutes episode on the threat of Russian cyberattacks targeting U.S. critical infrastructure. Mick and Ryan also competed in a 60 second charity challenge to explain why Americans should be concerned about the potential for a Russian cyberattack targeting U.S. critical infrastructure. Links: SURGe website SANS Webinar on MS-RPC Vulnerability This week's charity  CISA Alert about Lazarus State Dept. $5M Reward CISA Alert about ICS/OT malware tools SURGe/Splunk Security Presentations at .conf22 Splunk OT Security Add-On

InfosecTrain
What is ICS/OT Cybersecurity? | IT vs OT | OT Communication Protocols

InfosecTrain

Play Episode Listen Later May 29, 2023 169:01


OT (Operational Technology)/ICS (Industrial Control System) is an ever-changing and evolving field that needs to adapt defense strategies continually to meet new challenges and threats—all the while maintaining the safety and reliability of facility operations. This two-day masterclass will help attendees know more about ICS/OT terminologies and enhance awareness regarding the ICS/OT system. Thank you for watching this video, For more details or free demo with our expert write into us at sales@infosectrain.com ➡️ Agenda for the Webinar

InfosecTrain
OT Network Architecture | OT Cybersecurity Controls | Introduction to ICS/OT Pentesting

InfosecTrain

Play Episode Listen Later May 29, 2023 188:16


OT (Operational Technology)/ICS (Industrial Control System) is an ever-changing and evolving field that needs to adapt defense strategies continually to meet new challenges and threats—all the while maintaining the safety and reliability of facility operations. This two-day masterclass will help attendees know more about ICS/OT terminologies and enhance awareness regarding the ICS/OT system. Thank you for watching this video, For more details or free demo with our expert write into us at sales@infosectrain.com ➡️ Agenda for the Webinar

IoT: The Internet of Threats
The FDA will soon require SBOMs for medical devices. Are you ready? with Larry Pesce, Product Security Research and Analysis Director, Finite State

IoT: The Internet of Threats

Play Episode Listen Later May 22, 2023 20:59


On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and Larry Pesce (Finite State Director of Product Security Research and Analysis) explore the FDA's new Refuse to Accept (RTA) decision process and what it means for successful premarket submissions of medical devices. Together, Larry and Eric examine how prepared the industry is for the coming changes and assess how medical device manufacturers may weigh the new risk-benefit calculus. Eric and Larry also look at how past cyberattacks lead companies to forge enduring changes in cybersecurity culture and controls and discuss whether these regulatory changes will bring about significant improvements in securing connected medical devices.    Interview with Larry Pesce    Since joining Finite State, Larry has been providing expert product security program design and development as well as IoT pen testing guidance and services to product security teams worldwide. He is also a Certified Instructor at the SANS Institute and has co-hosted the Paul's Security Weekly podcast since 2005. Before joining Finite State, Larry spent 15 years as a penetration tester (among other various roles) focused on healthcare, ICS/OT, wireless, and IoT/IIoT embedded devices. Larry holds several GIAC certifications and earned his B.S. in Computer Information Systems from Roger Williams University.    In this episode, Eric and Larry discuss the: FDA's new Refuse-To-Accept (RTA) decision authority and what it means for SBOMs and the premarket submissions of medical devices Whether the medical device sector is adequately prepared for these changes How the new regulations may alter the liability vs. risk tolerance question for medical device manufacturers The extent to which the FDA will rigorously enforce the new premarket submission requirements The potential qualitative difference this new regulation may bring to the the overall security of medical devices How cyberattacks often lead companies to make meaningful, lasting changes in their cybersecurity practices   Find Larry on LinkedIn: Larry Pesce: https://linkedin.com/in/larrypesce   Learn more about Finite State: https://finitestate.io/   Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/  

@BEERISAC: CPS/ICS Security Podcast Playlist
Breaking into the OT Cybersecurity Field

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later May 14, 2023 42:26


Podcast: Critical Assets PodcastEpisode: Breaking into the OT Cybersecurity FieldPub date: 2023-05-11Hear from an experienced ICS/OT Security Manager, Gabe Agboruche, on how to enter or upskill into the ICS/OT cybersecurity field. He answers questions such as… What training is available? What are the biggest obstacles? What are some common job roles? What are the best paying job roles? We also cover the asset owner's perspective on how they can obtain and retain new cybersecurity professionals.SHOW LINKS:Gabe Agboruche LinkedIn ProfileGabe's YouTube channel - Struggle SecurityMalware Traffic AnalysisFree Network EmulatorsICSVillageICS Village Youtube ChannelSans ICS Free ResourcesSANS ICS ConceptsDNP3 SimulatorsScapyCompTIA (Security+ and Network+ certifications)The podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
Zion Harel and Leonid Cooperman Founders & Co-CEOs @IXDen on different OT Cyber & Operation approach

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later May 4, 2023 34:48


Podcast: ICS Cyber Talks PodcastEpisode: Zion Harel and Leonid Cooperman Founders & Co-CEOs @IXDen on different OT Cyber & Operation approachPub date: 2023-05-02Nachshon Pincu hosts Zion Harel and Leonid Cooperman, Founders & Co-CEOs at IXDen, discussing ICS/OT cyber security and continuous operation in the industrial environment. Overview of the OT cyber situation in 2023. IXDen business card. IXDen solution and how it differs from other solutions and approaches in the OT cyber defense market? And more… נחשון פינקו מארח את ציון הראל ולאוניד קופרמן המייסדים והמנכ"לים המשותפים בחברת אי.אקס.דן בשיחה על גישות מתקדמות להגנת סייבר והמשכיות תפעולית בסביבות תעשייתיות סקירה של מצב הסייבר לסביבות תפעוליות ב 2023 חברת אי.אקס.דן כרטיס ביקור הפתרון שמציעה החברה ובמה שונה הגישה מחברות אחרות בשוק ההגנה על סביבות תפעוליות ועודThe podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

ICS Cyber Talks Podcast
Zion Harel and Leonid Cooperman Founders & Co-CEOs @IXDen on different OT Cyber & Operation approach

ICS Cyber Talks Podcast

Play Episode Listen Later May 2, 2023 34:48


Nachshon Pincu hosts Zion Harel and Leonid Cooperman, Founders & Co-CEOs at IXDen, discussing ICS/OT cyber security and continuous operation in the industrial environment. Overview of the OT cyber situation in 2023. IXDen business card. IXDen solution and how it differs from other solutions and approaches in the OT cyber defense market? And more… נחשון פינקו מארח את ציון הראל ולאוניד קופרמן המייסדים והמנכ"לים המשותפים בחברת אי.אקס.דן בשיחה על גישות מתקדמות להגנת סייבר והמשכיות תפעולית בסביבות תעשייתיות סקירה של מצב הסייבר לסביבות תפעוליות ב 2023 חברת אי.אקס.דן כרטיס ביקור הפתרון שמציעה החברה ובמה שונה הגישה מחברות אחרות בשוק ההגנה על סביבות תפעוליות ועוד

Control System Cyber Security Association International: (CS)²AI
79: Achieving Leadership Roles in an Early Cybersecurity Career with Megan Samford

Control System Cyber Security Association International: (CS)²AI

Play Episode Listen Later Apr 25, 2023 44:42


Derek is delighted to have Megan Samford joining him today!Megan is an executive experienced in Product Security programs, ICS/OT, PSIRTs, Threat Intel, and Critical Infrastructure Protection. She is currently the VP and Chief Product Security Officer of Energy Management at Schneider Electric.Megan is a well-rounded and fascinating person! In addition to being a cyber-emergency manager, she is a critical infrastructure protection hero, the founder of many things, a mother, a rock hunter, and a genealogy enthusiast! She loves shopping, interior design, and cars-specifically 300zx!In today's episode, Megan tells her story, discusses her career trajectory, and shares her experience, insight, advice, and free resources for anyone considering a career in cybersecurity.Show highlights:How Megan's mother helped Megan grow into her full potential.Megan talks about being part of the first graduating class of the world's first accredited degree program in Homeland Security and Emergency Preparedness at Virginia University.How Megan gained a core foundation for critical infrastructure while doing an internship at the governor's office in 2007.Megan discusses her first encounter with policy work and explains how much she loved it.Megan talks about being promoted to leading critical infrastructure for the Commonwealth of Virginia when she was only twenty-six.What Megan did that allowed her to get promoted to lead critical infrastructure for the Commonwealth of Virginia at only twenty-six years of age.Why do people like working with Megan professionally?How Megan got to work at GE, and how she ended up working at Schneider Electric.Megan dives into the work she does with ICS4ICS.Megan shares free resources via ICS4ICS for FEMA online incident command system training.Links and resources:(CS)²AI Derek Harp on LinkedInSchneider ElectricMegan Samford on LinkedInICS4ICS training

@BEERISAC: CPS/ICS Security Podcast Playlist
79: Achieving Leadership Roles in an Early Cybersecurity Career with Megan Samford

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Apr 25, 2023 45:48


Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: 79: Achieving Leadership Roles in an Early Cybersecurity Career with Megan SamfordPub date: 2023-04-25Derek is delighted to have Megan Samford joining him today!Megan is an executive experienced in Product Security programs, ICS/OT, PSIRTs, Threat Intel, and Critical Infrastructure Protection. She is currently the VP and Chief Product Security Officer of Energy Management at Schneider Electric.Megan is a well-rounded and fascinating person! In addition to being a cyber-emergency manager, she is a critical infrastructure protection hero, the founder of many things, a mother, a rock hunter, and a genealogy enthusiast! She loves shopping, interior design, and cars-specifically 300zx!In today's episode, Megan tells her story, discusses her career trajectory, and shares her experience, insight, advice, and free resources for anyone considering a career in cybersecurity.Show highlights:How Megan's mother helped Megan grow into her full potential.Megan talks about being part of the first graduating class of the world's first accredited degree program in Homeland Security and Emergency Preparedness at Virginia University.How Megan gained a core foundation for critical infrastructure while doing an internship at the governor's office in 2007.Megan discusses her first encounter with policy work and explains how much she loved it.Megan talks about being promoted to leading critical infrastructure for the Commonwealth of Virginia when she was only twenty-six.What Megan did that allowed her to get promoted to lead critical infrastructure for the Commonwealth of Virginia at only twenty-six years of age.Why do people like working with Megan professionally?How Megan got to work at GE, and how she ended up working at Schneider Electric.Megan dives into the work she does with ICS4ICS.Megan shares free resources via ICS4ICS for FEMA online incident command system training.Links and resources:(CS)²AI Derek Harp on LinkedInSchneider ElectricMegan Samford on LinkedInICS4ICS trainingMentioned in this episode:Join CS2AIJoin the largest organization for cybersecurity professionals. Membership has its benefits! We keep you up to date on the latest cybersecurity news and education. Preroll MembershipOur Sponsors:We'd like to thank our sponsors for their faithful support of this podcast. Without their support we would not be able to bring you this valuable content. We'd appreciate it if you would support these companies because they support us! Network Perception Waterfall Security Tripwire KPMG CyberThe podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
Rafael Maman, VP OT Security @Sygnia, about heading from the past to the future of OT cyber security

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Apr 11, 2023 62:09


Podcast: ICS Cyber Talks PodcastEpisode: Rafael Maman, VP OT Security @Sygnia, about heading from the past to the future of OT cyber securityPub date: 2023-04-06Nachshon Pincu hosts Rafael (Rafi) Maman, VP of OT Security @Sygnia. An OT cyber security evangelist and for many an OT cyber Goro. Rafi's article "The Future of OT Security" (https://blog.sygnia.co/the-future-of-ot-security) changed how cyber pros look at the cyber modules we are used to working with. What are OPAF and O-PAS? 1. You have been in the ICS/OT cyber industry for many years. What significant changes have taken place over the years? 2. Sygnia is a well-known IR and red teaming (RT) company. What is your actual role in Sygnia? 3. A summary and the highlight of the article "The Future of OT Security." 4. Some of our community describe this article as provocative why? 5. Where are we heading as OT security defenders? How do you think our industry will look in the coming years? And more...The podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
76: A (CS)2AI Fellows Panel: S4 Takeaways and a Look Ahead at Our industry

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Apr 8, 2023 91:19


Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: 76: A (CS)2AI Fellows Panel: S4 Takeaways and a Look Ahead at Our industryPub date: 2023-04-04Today, Chris Blask, the Vice President of Strategy at Cybeats, and Patrick Miller, the CEO at Ampere, join Derek in an online seminar stimulated by a blog article Patrick wrote just after the last S4 conference.Chris and Patrick are both (CS)²AI fellows who have attended many S4 events. In today's online session, they review the latest S4 conference. They dive into various topics important for the industrial security and OT security communities, answer questions from listeners, and discuss the future of the cybersecurity industry.S4 is one of the longest-standing annual cybersecurity conferences focused on control systems, OT, and ICS. Dale Petersen is the founder, creator, and MC of the S4 conferences.Show highlights:Chris shares a main takeaway from this year's S4 event.How technology is changing.Why more people are needed to make cybersecurity work going forward.Question: Are discussions of wireless security growing or declining at the conference? Is there a session (or sessions) dedicated to wireless yet?Question: Within all OT and IT cybersecurity professionals, what would be the ratio of OT cybersecurity real professionals? Why it is normal and expected not to know the answer to some things, and how to find the answer if there is something you don't know.Question: Tribal knowledge is a real threat to OT/ICS security. The aging workforce in OT engineering is part of this problem. What is the best way for organizations to address this challenge?Chris and Patrick share their thoughts on executives taking the risk of solving ICS/OT security issues.Question: What are your thoughts on Ford applying for a patent on a car that can repossess itself?Chris and Patrick discuss metrics, risk management, and cyber insurance.Patrick and Chris dive into diversity, equity, and inclusion in the OT space.Question: When will we get past the notion that ICS pen-testing has to be a separate category?Question: Looking forward, what would you foresee as the big themes of S4/24?Mentioned in this episode:Join CS2AIJoin the largest organization for cybersecurity professionals. Membership has its benefits! We keep you up to date on the latest cybersecurity news and education. Preroll MembershipOur Sponsors:We'd like to thank our sponsors for their faithful support of this podcast. Without their support we would not be able to bring you this valuable content. We'd appreciate it if you would support these companies because they support us! Network Perception Waterfall Security Tripwire KPMG CyberThe podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

ICS Cyber Talks Podcast
Rafael Maman, VP OT Security @Sygnia, about heading from the past to the future of OT cyber security

ICS Cyber Talks Podcast

Play Episode Listen Later Apr 6, 2023 62:09


Nachshon Pincu hosts Rafael (Rafi) Maman, VP of OT Security @Sygnia. An OT cyber security evangelist and for many an OT cyber Goro. Rafi's article "The Future of OT Security" (https://blog.sygnia.co/the-future-of-ot-security) changed how cyber pros look at the cyber modules we are used to working with. What are OPAF and O-PAS? 1. You have been in the ICS/OT cyber industry for many years. What significant changes have taken place over the years? 2. Sygnia is a well-known IR and red teaming (RT) company. What is your actual role in Sygnia? 3. A summary and the highlight of the article "The Future of OT Security." 4. Some of our community describe this article as provocative why? 5. Where are we heading as OT security defenders? How do you think our industry will look in the coming years? And more...

Control System Cyber Security Association International: (CS)²AI
76: A (CS)2AI Fellows Panel: S4 Takeaways and a Look Ahead at Our industry

Control System Cyber Security Association International: (CS)²AI

Play Episode Listen Later Apr 4, 2023 90:14


Today, Chris Blask, the Vice President of Strategy at Cybeats, and Patrick Miller, the CEO at Ampere, join Derek in an online seminar stimulated by a blog article Patrick wrote just after the last S4 conference.Chris and Patrick are both (CS)²AI fellows who have attended many S4 events. In today's online session, they review the latest S4 conference. They dive into various topics important for the industrial security and OT security communities, answer questions from listeners, and discuss the future of the cybersecurity industry.S4 is one of the longest-standing annual cybersecurity conferences focused on control systems, OT, and ICS. Dale Petersen is the founder, creator, and MC of the S4 conferences.Show highlights:Chris shares a main takeaway from this year's S4 event.How technology is changing.Why more people are needed to make cybersecurity work going forward.Question: Are discussions of wireless security growing or declining at the conference? Is there a session (or sessions) dedicated to wireless yet?Question: Within all OT and IT cybersecurity professionals, what would be the ratio of OT cybersecurity real professionals? Why it is normal and expected not to know the answer to some things, and how to find the answer if there is something you don't know.Question: Tribal knowledge is a real threat to OT/ICS security. The aging workforce in OT engineering is part of this problem. What is the best way for organizations to address this challenge?Chris and Patrick share their thoughts on executives taking the risk of solving ICS/OT security issues.Question: What are your thoughts on Ford applying for a patent on a car that can repossess itself?Chris and Patrick discuss metrics, risk management, and cyber insurance.Patrick and Chris dive into diversity, equity, and inclusion in the OT space.Question: When will we get past the notion that ICS pen-testing has to be a separate category?Question: Looking forward, what would you foresee as the big themes of S4/24?

Defence Connect Podcast
CYBER SECURITY UNCUT: Defending Australia's critical infrastructure, with Robert Lee, chief executive officer and co-founder of Dragos

Defence Connect Podcast

Play Episode Listen Later Feb 20, 2023 47:50


In this episode of the Cyber Security Uncut podcast, Robert Lee, chief executive officer and co-founder of ICS/OT technology provider Dragos, joins Phil Tarrant and Major General (Ret'd) Dr Marcus Thompson to analyse the threat of cyber breaches on national infrastructure. The podcast begins unpacking Lee's passion for defending critical civilian infrastructure, before assessing whether Australian companies are prepared to defend their systems from sophisticated state-based attackers. Lee then unpacks the corporate, economic, and physical risks of a cyber attack on Australian infrastructure — from board members being held liable for breaches through to the physical destruction of energy sources. Lee, Thompson, and Tarrant then discuss the myth of isolated systems, observing that industrial systems are almost always connected to a broader network and not immune from penetration. Wrapping up the podcast, Lee provides fundamental lessons to business leaders and discusses how Dragos helps keep businesses safe. To learn more about Dragos and recent ICS/OT trends, you can visit the Dragos Year in Review 2022 here. Enjoy the podcast, The Cyber Security Uncut team

Cyber Security Uncut
Defending Australia's critical infrastructure, with Robert Lee, chief executive officer and co-founder of Dragos

Cyber Security Uncut

Play Episode Listen Later Feb 17, 2023 47:50


In this episode of the Cyber Security Uncut podcast, Robert Lee, chief executive officer and co-founder of ICS/OT technology provider Dragos, joins Phil Tarrant and Major General (Ret'd) Dr Marcus Thompson to analyse the threat of cyber breaches on national infrastructure. The podcast begins unpacking Lee's passion for defending critical civilian infrastructure, before assessing whether Australian companies are prepared to defend their systems from sophisticated state-based attackers. Lee then unpacks the corporate, economic, and physical risks of a cyber attack on Australian infrastructure — from board members being held liable for breaches through to the physical destruction of energy sources. Lee, Thompson, and Tarrant then discuss the myth of isolated systems, observing that industrial systems are almost always connected to a broader network and not immune from penetration. Wrapping up the podcast, Lee provides fundamental lessons to business leaders and discusses how Dragos helps keep businesses safe. To learn more about Dragos and recent ICS/OT trends, you can visit the Dragos Year in Review 2022 here. Enjoy the podcast, The Cyber Security Uncut team

@BEERISAC: CPS/ICS Security Podcast Playlist

Podcast: Control Loop: The OT Cybersecurity Podcast (LS 33 · TOP 5% what is this?)Episode: Insight from the ISACs.Pub date: 2023-02-08Multiple strains of Russian wiper malware are targeting entities in Ukraine. A high-severity command injection vulnerability affects Cisco devices. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. And US Congressman Andrew Garbarino will serve as the new Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection. In Part 2 of 2 in our interview segment from Dragos' Ask the ISACs discussion led by Dawn Cappelli, Dragos' Head of OT-CERT, panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC return. In the Learning Lab, Dragos' VP Product & Industry Market Strategy Mark Urban concludes his discussion with Lesley Carhart, Dragos' Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. Control Loop News Brief.Russian wiper malware targets Ukraine.Russia's Sandworm hackers blamed in fresh Ukraine malware attack (CyberScoop)APT Activity Report for T3 2022 (ESET)Cyber ​​attack on the Ukrinform information and communication system (CERT-UA)Command injection vulnerability affects Cisco devices.When Pwning Cisco, Persistence is Key - When Pwning Supply Chain, Cisco is Key (Trellix)Cisco IOx Application Hosting Environment Command Injection Vulnerability (Cisco)Congressman Andrew Garbarino to serve as Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection.Garbarino Selected To Chair Cybersecurity Subcommittee (Office of Andrew Garbarino)IoT supply chain threatened by exploitation of Realtek Jungle SDK vulnerability.Network Security Trends: August-October 2022 (Unit 42)Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats (Unit 42)Control Loop Interview.The interview is the second part from Dragos' Ask the ISACs discussion led by Dawn Cappelli, Dragos' Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. Control Loop Learning Lab.In Part 2 of 2, Dragos' VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos' Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the CyberWire's website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Control Loop: The OT Cybersecurity Podcast

Multiple strains of Russian wiper malware are targeting entities in Ukraine. A high-severity command injection vulnerability affects Cisco devices. The IoT supply chain is threatened by exploitation of Realtek Jungle SDK vulnerability. And US Congressman Andrew Garbarino will serve as the new Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection. In Part 2 of 2 in our interview segment from Dragos' Ask the ISACs discussion led by Dawn Cappelli, Dragos' Head of OT-CERT, panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC return. In the Learning Lab, Dragos' VP Product & Industry Market Strategy Mark Urban concludes his discussion with Lesley Carhart, Dragos' Director of Incident Response for North America, about creating an ICS/OT specific incident response plan.  Control Loop News Brief. Russian wiper malware targets Ukraine. Russia's Sandworm hackers blamed in fresh Ukraine malware attack (CyberScoop) APT Activity Report for T3 2022 (ESET) Cyber ​​attack on the Ukrinform information and communication system (CERT-UA) Command injection vulnerability affects Cisco devices. When Pwning Cisco, Persistence is Key - When Pwning Supply Chain, Cisco is Key (Trellix) Cisco IOx Application Hosting Environment Command Injection Vulnerability (Cisco) Congressman Andrew Garbarino to serve as Chairman of the Subcommittee on Cybersecurity and Infrastructure Protection. Garbarino Selected To Chair Cybersecurity Subcommittee (Office of Andrew Garbarino) IoT supply chain threatened by exploitation of Realtek Jungle SDK vulnerability. Network Security Trends: August-October 2022 (Unit 42) Realtek SDK Vulnerability Attacks Highlight IoT Supply Chain Threats (Unit 42) Control Loop Interview. The interview is the second part from Dragos' Ask the ISACs discussion led by Dawn Cappelli, Dragos' Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC.  Control Loop Learning Lab. In Part 2 of 2, Dragos' VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos' Director of Incident Response for North America, about creating an ICS/OT specific incident response plan.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website.

@BEERISAC: CPS/ICS Security Podcast Playlist
ICS/OT incident response plans: Don't get caught unprepared.

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jan 26, 2023 40:18


Podcast: Control Loop: The OT Cybersecurity Podcast (LS 33 · TOP 5% what is this?)Episode: ICS/OT incident response plans: Don't get caught unprepared.Pub date: 2023-01-25The NOTAM outage was reportedly caused by a corrupted file. The World Economic forum sees geopolitical instability as a source of cyber risk. The Copper Mountain Mining Corporation is working to recover its IT systems following a ransomware attack. DNV's fleet management software sustains a ransomware attack. Ukrainian hacktivists conducted DDoS attacks against Iranian sites. And a cyberattack against a Nunavut power utility.Our interview segment is part one of two from Dragos' Ask the ISACs discussion led by Dawn Cappelli, Dragos' Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. On part 1 of 2 in the Learning Lab, Dragos' VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos' Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. Control Loop News Brief.NOTAM outage appears to have been caused by a system error.US Aviation System Meltdown Tied to Corrupted Digital File (Bloomberg)Here's the latest on the NOTAM outage that caused flight delays and cancellations (NPR)The WEF's Cybersecurity Outlook for 2023.Global Cybersecurity Outlook 2023 (World Economic Forum)Mining company resumes operations after ransomware attack.Copper Mountain Mining Provides Operational Update on Ransomware Attack (Copper Mountain Mining Corporation)DNV's fleet management software sustains ransomware attack.Cyber-attack on ShipManager servers – update (DNV)Ukrainian hacktivists conduct DDoS against Iranian sites.Iranian websites impacted by pro-Ukraine DDoS attacks (SC Media)Iran's support of Russia draws attention of pro-Ukraine hackers (The Record)Cyberattack hits Nunavut energy company's IT systems.Quilliq Energy Corporation Impacted by a Cyberseurity Incident (QEC)Premier comments on QEC cyber-security incident (Nunavut Department of Executive and Intergovernmental Affairs)Control Loop Interview.The interview is part one of two from Dragos' Ask the ISACs discussion led by Dawn Cappelli, Dragos' Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. Control Loop Learning Lab.In Part 1 of 2, Dragos' VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos' Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Control Loop: The OT Cybersecurity Podcast
ICS/OT incident response plans: Don't get caught unprepared.

Control Loop: The OT Cybersecurity Podcast

Play Episode Listen Later Jan 25, 2023 40:18


The NOTAM outage was reportedly caused by a corrupted file. The World Economic forum sees geopolitical instability as a source of cyber risk. The Copper Mountain Mining Corporation is working to recover its IT systems following a ransomware attack. DNV's fleet management software sustains a ransomware attack. Ukrainian hacktivists conducted DDoS attacks against Iranian sites. And a cyberattack against a Nunavut power utility.Our interview segment is part one of two from Dragos' Ask the ISACs discussion led by Dawn Cappelli, Dragos' Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC. On part 1 of 2 in the Learning Lab, Dragos' VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos' Director of Incident Response for North America, about creating an ICS/OT specific incident response plan.  Control Loop News Brief. NOTAM outage appears to have been caused by a system error. US Aviation System Meltdown Tied to Corrupted Digital File (Bloomberg) Here's the latest on the NOTAM outage that caused flight delays and cancellations (NPR) The WEF's Cybersecurity Outlook for 2023. Global Cybersecurity Outlook 2023 (World Economic Forum) Mining company resumes operations after ransomware attack. Copper Mountain Mining Provides Operational Update on Ransomware Attack (Copper Mountain Mining Corporation) DNV's fleet management software sustains ransomware attack. Cyber-attack on ShipManager servers – update (DNV) Ukrainian hacktivists conduct DDoS against Iranian sites. Iranian websites impacted by pro-Ukraine DDoS attacks (SC Media) Iran's support of Russia draws attention of pro-Ukraine hackers (The Record) Cyberattack hits Nunavut energy company's IT systems. Quilliq Energy Corporation Impacted by a Cyberseurity Incident (QEC) Premier comments on QEC cyber-security incident (Nunavut Department of Executive and Intergovernmental Affairs) Control Loop Interview. The interview is part one of two from Dragos' Ask the ISACs discussion led by Dawn Cappelli, Dragos' Head of OT-CERT, with panelists Tim Chase from the MFG-ISAC, Eugene Kipniss from MS-ISAC, Jennifer Lyn Walker from Water ISAC, and Matt Duncan from E-ISAC.  Control Loop Learning Lab. In Part 1 of 2, Dragos' VP Product & Industry Market Strategy Mark Urban speaks with Lesley Carhart, Dragos' Director of Incident Response for North America, about creating an ICS/OT specific incident response plan. 

IoT: The Internet of Threats
Mind of a Hacker, Role of a Defender, with Larry Pesce, Product Security Research and Analysis Director at Finite State

IoT: The Internet of Threats

Play Episode Listen Later Nov 30, 2022 22:53


On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald sits down with Larry Pesce, a lifelong tinkerer whose obsession with how things work led him to his role as Finite State's new Product Security and Analysis Director. Together they explore how Larry began his long and accomplished career as a pen tester and security and research expert. Eric and Larry also examine the pressure that lower production budgets impose on product security professionals, the questionable value of regulation as a catalyst to drive product security investment and improvements, and the potential role SBOMs can play in cybersecurity.     Interview with Larry Pesce    Since joining Finite State, Larry has been serving as a senior consultant, providing expert product security program design and development and IoT pen testing guidance and services to product security teams worldwide. He is also a Certified Instructor at the SANS Institute and has co-hosted the Paul's Security Weekly podcast since 2005. Before joining Finite State, Larry spent 15 years as a penetration tester (amongst his various roles) focused on healthcare, ICS/OT, wireless, and IoT/IIoT embedded devices. Larry holds several GIAC certifications and earned his B.S. in Computer Information Systems from Roger Williams University.    In this episode, Eric and Larry discuss: What it was like to pioneer the Paul's Security Weekly podcast in the early days of podcasting (and co-hosting the show for the last 17 years!) How Larry's early interest in taking things apart led to a career in embedded device security and, eventually, to Finite State How the drive to lower production costs pressures manufacturers to sacrifice invisible differentiators like product security Whether regulation can serve as an effective mechanism in encouraging product security improvements How companies can work to overcome the complexities of product security programs The SBOM as a product security tool and whether it could also be a roadmap attackers can use to target your connected device ecosystem   Find Larry on LinkedIn: Larry Pesce: https://www.linkedin.com/in/larry-pesce-6715b73/   Learn more about Finite State: https://finitestate.io/   Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust product security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/

Chemical Processing Minute Clinic
Podcast: Cybersecurity Requires Teamwork And Dispelling The Air Gap Myth

Chemical Processing Minute Clinic

Play Episode Listen Later Oct 26, 2022 15:34


In this final episode of our three-part cybersecurity series with Matt Malone, ICS/OT cybersecurity consultant at Yokogawa, we talk about team strategy and old notions.  

@BEERISAC: CPS/ICS Security Podcast Playlist
52: Cybersecurity Careers, Educational Requirements and Resume Advice with Ron Brash

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Oct 5, 2022 59:04


Podcast: Control System Cyber Security Association International: (CS)²AIEpisode: 52: Cybersecurity Careers, Educational Requirements and Resume Advice with Ron BrashPub date: 2022-10-04Today, Ron Brash joins Derek Harp for another great episode in the series on security leaders! Ron is the VP of Technical Research and Integrations at aDolus Technology. Ron Brash is a household name when it comes to ICS/OT cybersecurity and embedded vulnerability research. He was instrumental in creating the datasets for the S4 ICS Detection Challenges, received the Top 40 under 40 award for Engineering Leaders 2020 from Plant Engineering, was an embedded developer at Tofino Security, advised several large asset owners in a variety of industries for OT security, and brought several products to market, including consumer neuroscience devices and several industrial networking appliances.Ron grew up in a rainforest on Vancouver Island, on the west coast of Canada. He is a problem-solver, a wake-boarder, a mini-Chihuahua-owner, a do-it-yourselfer, a geek, a sharer of information, and an all-around adventurous guy with water sports. In this episode of the (CS)²AI Podcast, he shares his backstory, discusses his career path, and talks about what he is doing in the industry. He also offers some nuggets of advice around sequential education and degrees, sound resume advice, and some great career tips. You will not want to miss this episode if you are considering starting a career in cybersecurity or breaking into that industry and want to know the best way to approach your education. Stay tuned for more!Show highlights:Ron talks about where he comes from and shares his backstory. What he learned from his first paid job, working in a pizza shop.Ron's parents had computers for their business, so that was where his first intersection with technology happened. He got into technology because he joined a tech program at his local university that put gifted high school students into certificate and diploma programs for free.Ron knew he had to protect himself by planning and starting to save early on.Ron's ICS career started after a chance encounter with Eric Byres, one of the grandfathers of cybersecurity.It is important to separate your personal life from your professional life.Ron shares how he approached his education. A resume tip to better your chances in interviews, and some great career tips. Ron discusses the best way to approach university education and explains what your job is when you do a master's degree.What he gained from getting his master's degree.Some advice for people considering sequential education and degrees to further their careers.The benefits of doing a SWOT analysis before embarking on a specific career path.Ron dives into giving and receiving mentorship.Some advice for anyone doing a startup.How to set yourself up for a successful future.The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Control System Cyber Security Association International: (CS)²AI
52: Cybersecurity Careers, Educational Requirements and Resume Advice with Ron Brash

Control System Cyber Security Association International: (CS)²AI

Play Episode Listen Later Oct 4, 2022 60:09


Today, Ron Brash joins Derek Harp for another great episode in the series on security leaders! Ron is the VP of Technical Research and Integrations at aDolus Technology.  Ron Brash is a household name when it comes to ICS/OT cybersecurity and embedded vulnerability research. He was instrumental in creating the datasets for the S4 ICS Detection Challenges, received the Top 40 under 40 award for Engineering Leaders 2020 from Plant Engineering, was an embedded developer at Tofino Security, advised several large asset owners in a variety of industries for OT security, and brought several products to market, including consumer neuroscience devices and several industrial networking appliances. Ron grew up in a rainforest on Vancouver Island, on the west coast of Canada. He is a problem-solver, a wake-boarder, a mini-Chihuahua-owner, a do-it-yourselfer, a geek, a sharer of information, and an all-around adventurous guy with water sports.  In this episode of the (CS)²AI Podcast, he shares his backstory, discusses his career path, and talks about what he is doing in the industry. He also offers some nuggets of advice around sequential education and degrees, sound resume advice, and some great career tips.  You will not want to miss this episode if you are considering starting a career in cybersecurity or breaking into that industry and want to know the best way to approach your education. Stay tuned for more! Show highlights: Ron talks about where he comes from and shares his backstory.  What he learned from his first paid job, working in a pizza shop. Ron's parents had computers for their business, so that was where his first intersection with technology happened.  He got into technology because he joined a tech program at his local university that put gifted high school students into certificate and diploma programs for free. Ron knew he had to protect himself by planning and starting to save early on. Ron's ICS career started after a chance encounter with Eric Byres, one of the grandfathers of cybersecurity. It is important to separate your personal life from your professional life. Ron shares how he approached his education.  A resume tip to better your chances in interviews, and some great career tips.  Ron discusses the best way to approach university education and explains what your job is when you do a master's degree. What he gained from getting his master's degree. Some advice for people considering sequential education and degrees to further their careers. The benefits of doing a SWOT analysis before embarking on a specific career path. Ron dives into giving and receiving mentorship. Some advice for anyone doing a startup. How to set yourself up for a successful future. Mentioned in this episode: Our Sponsors: We'd like to thank our sponsors for their faithful support of this podcast. Without their support we would not be able to bring you this valuable content. We'd appreciate it if you would support these companies because they support us! Network Perception Waterfall Security Tripwire KPMG Cyber Join CS2AI Join the largest organization for cybersecurity professionals. Membership has its benefits! We keep you up to date on the latest cybersecurity news and education. https://cs2ai.captivate.fm/cs2ai (Preroll Membership)

Defence Connect Podcast
CYBER SECURITY UNCUT: Strengthening ICS/OT resilience against ransomware, with Dr Tom Winston

Defence Connect Podcast

Play Episode Listen Later Aug 22, 2022 42:54


In this episode of the Cyber Security Uncut podcast, Dr Tom Winston, director of intelligence content at Dragos joins host Liam Garman to discuss the latest ransomware trends in the ICS/OT market and how companies can better build risk assessments to protect their businesses. The podcast begins with a discussion regarding Dr Winston's risk assessment white paper, and how to enhance communication between IT and OT systems to improve resilience against ransomware. The pair then discuss the Dragos platform and how it helps protect OT from ransomware groups. The podcast then continues with an analysis into recent victimology trends within the cyber security industry, including new and emerging threat actors. Dragos' latest insight into ransomware as part of the Cyber Security Connect Ransomware Week can be found here, and Dr Winston's analysis risk assessment white paper can be found here. The recent Cyber Security Uncut episode with Conor McLaren, senior threat intelligence analyst at Dragos, can be found here. Enjoy the podcast, The Cyber Security Uncut team

Cyber Security Uncut
Strengthening ICS/OT resilience against ransomware, with Dr Tom Winston

Cyber Security Uncut

Play Episode Listen Later Aug 22, 2022 42:54


In this episode of the Cyber Security Uncut podcast, Dr Tom Winston, director of intelligence content at Dragos joins host Liam Garman to discuss the latest ransomware trends in the ICS/OT market and how companies can better build risk assessments to protect their businesses. The podcast begins with a discussion regarding Dr Winston's risk assessment white paper, and how to enhance communication between IT and OT systems to improve resilience against ransomware. The pair then discuss the Dragos platform and how it helps protect OT from ransomware groups. The podcast then continues with an analysis into recent victimology trends within the cyber security industry, including new and emerging threat actors. Dragos' latest insight into ransomware as part of the Cyber Security Connect Ransomware Week can be found here, and Dr Winston's analysis risk assessment white paper can be found here.   The recent Cyber Security Uncut episode with Conor McLaren, senior threat intelligence analyst at Dragos, can be found here.    Enjoy the podcast,   The Cyber Security Uncut team

ICS Cyber Talks Podcast
Chris Roberts ”Dr. dark web,” CISO and Senior Director @Boom Supersonic, on cyber defense tactics

ICS Cyber Talks Podcast

Play Episode Listen Later Jul 4, 2022 61:30


Nachshon Pincu hosts Chris Roberts, “Dr dark web,” CISO, and Senior Director at Boom Supersonic. A worldwide leader in cyber security for over three decades, in a conversation about industrial cyber security defense. Why is a cyber defense, first of all, tactics? Hackers are lazy, and why is ICS/OT so easy to attack? How the C level and board of directors should deal with cyber security? Why should you always ask one more question? And more

ICS Cyber Talks Podcast
Jasmine Tal-Badash head of OT cybersecurity @ICL group about cyber challenges at global manufacture

ICS Cyber Talks Podcast

Play Episode Listen Later Jun 18, 2022 42:37


נחשון פינקו מארח את יסמין טל בדש מנחת סייבר למערכות תפעוליות בקבוצת אי.סי.אל בשיחה על אתגרי הסייבר שעומדים בפני חברה יצרנית גלובלית. מדוע יש מיעוט בולט של נשים בסייבר למערכות תפעוליות? מה היתרון של הגעה לעולם הסייבר התפעולי מרצפת הייצור? מה הם הטרנדים של הסייבר בעולם התפעולי בשנת 2022, ומה הטכנולוגיות החסרות שיתוף הפעולה בין צוותי הסייבר והתשתיות באי.סי.אל הוא מהטובים שראיתי, איך בונים כזה שיתוף פעולה Nachshon Pincu hosts Jasmine Tal-Badash, head of OT cybersecurity at ICL group, in a conversation about cyber challenges in global manufacturing. Why is there a lack of women in OT cyber security? What is the advance of starting on the manufacturing floor and moving only then to ICS/OT cybersecurity? What are the trends of cyber OT in 2022, and what technologies are missing on the cyber side? The collaboration between the OT cyber and infrastructure teams in ICL is unique. How do you build such cooperation?

ICS Cyber Talks Podcast
Shimri Vachter south EU Cyber Business Growth @Cisco, on holistic cyber approach, OT & supply chains

ICS Cyber Talks Podcast

Play Episode Listen Later Jun 9, 2022 39:09


נחשון פינקו מארח את שימרי וכטר מוביל תחום גידול עסקי לדרום אירופה בסיסקו בשיחה על התפיסה ההוליסטית בהגנת סייבר ופעילות החברה בתחום הסייבר במיוחד לעולמות התפעולים. אתגרי הסייבר העומדים בפני העולם התעשייתי ואיך הפכו שרשראות אספקה לאויב הגדול של הסייבר? ועוד Nachshon Pincu hosts Shimri Vachter, business growth in Southern Europe at Cisco, in a conversation about the holistic approach to cyber defense. Cisco's activities in cybersecurity and the focus on ICS/OT operations protection. The Cyber challenges facing the Industrial world and how did Supply Chains Become the Great Enemy of Cyber? And more

Cyber Security Uncut
The future of ICS/OT cyber security, with Dragos' Conor McLaren

Cyber Security Uncut

Play Episode Listen Later May 24, 2022 46:06


In this special Cyber Resilience Week episode of the Cyber Security Uncut podcast, senior threat intelligence analyst at Dragos, Conor McLaren, joins host Liam Garman to unpack emerging cyber threats in the industrial control systems and operational technology sector. The podcast begins by discussing Dragos' recent expansion into Australia and how building robust ICS/OT cyber security practices is essential for defending civilisation against malicious actors. The pair continues by analysing the newly discovered ICS malware framework dubbed PIPEDREAM, a highly flexible toolset that is capable of causing disruption, degradation, and possibly even destruction depending on the associated targets and environment. McLaren then provides an assessment of the theoretical applications of PIPEDREAM to potentially threaten ICS/OT functions across multiple industries and geographies. The podcast wraps up by discussing future threats to ICS/OT, with McLaren providing key recommendations to organisations to protect their business operations. Enjoy the podcast, The Cyber Security Uncut team

ICS Cyber Talks Podcast
Tomer Harari Owner & CEO @Meptagon, a WW leader in erecting smart factories, about industry & cybersec תומר הררי הבעלים והמנכ”ל של קבוצת מפטגון מהמובילות בהקמת מפעלים תהליכים על תע

ICS Cyber Talks Podcast

Play Episode Listen Later May 10, 2022 54:26


נחשון פינקו מארח את תומר הררי הבעלים ומנכ"ל קבוצת מפטגון מהמובילות העולמיות בהקמת מפעלים לתעשייה התהליכית בשיחה על המעבר מתעשייה מסורתית לתעשיות חכמות מבוססות אוטומציה מלאה ורובוטיקה. כיצד תהליך התחזקות השימוש ברובוטיקה ואוטומציה בתעשייה המסורתית עומד אל מול התגברות תופעות של מתקפות סייבר, מצוקת כוח האדם בתחום בכלל ומומחי סייבר למערכות מבוקרות בפרט. השיקולים מאחורי הקמת חטיבת האינטגרציה לסייבר ושרותים מנוהלים במפטגון ועוד Nachshon Pincu hosts Tomer Harari, owner and CEO of the Meptagon Group, one of the world leaders in erecting smart factories, in a conversation about the transition from a traditional industry to smart industries based on total automation and robotics. How is the process of strengthening the use of robotics and automation in the traditional industry affected by cyber-attacks? The shortage of workforce in the field in general and cyber experts for ICS/OT in particular. The considerations behind the establishment of the Cyber Integration Division and managed services (MSSP) in Meptagon and more

ICS Cyber Talks Podcast
Yigal Gueta, founder and CEO @SCADASUDO, one of the first to engage ICS/OT cyber about past/present/future

ICS Cyber Talks Podcast

Play Episode Listen Later Apr 28, 2022 64:00


הפרק שעוסק כול כולו בהגנת סייבר למערכות מבוקרות נחשון פינקו מארח את יגאל גויטע המקים והמנכ"ל של סקדהסודו, מראשוני העוסקים בתחום אבטחת סייבר למערכות מבוקרות ותשתיות קריטיות. הראיון עוסק בתפיסה ההוליסטית של הגנת מערכות מבוקרות, חשיבות הההגנה על שרשרת האספקה, מדוע יש "להלבין" ולבדוק ציוד עוד בטרם הוא מוכנס לרשת התפעולית, חשיבות השימוש ב MSSP ובמיוחד לרשתות תפעוליות. המשמעות של כניסת הענן לעולם התפעולי והצורך בשינוי התפיסה של מערכות סגורות All about protecting controlled systems (ICS/OT/IioT) Nachshon Pincu hosts Yigal Gueta, the founder and CEO @Scadasudo, one of the first to engage in cyber security for controlled systems and critical infrastructure. The interview deals with the holistic view of cybersecurity for controlled systems, the importance of protecting the supply chain, why it's a must to DISARM and test equipment before implemented into the operational network, and the importance of using MSSP especially in operational networks. The operational cloud is part of industry 4.0, and way it is a game-changer in the perception of "Air gapped" infrastructure.

Manufacturing Hub
Ep. 50 - [Clint Bodungen] Cybersecurity & Gamification to Industrial Cybersecurity.

Manufacturing Hub

Play Episode Listen Later Mar 3, 2022 69:02


Guest BioClint is a world-renowned industrial cybersecurity expert, public speaker, published author, and cybersecurity gamification pioneer. He is the lead author of Hacking Exposed: Industrial Control Systems, and creator of the ThreatGEN® Red vs. Blue cybersecurity gamification platform. He is a United States Air Force veteran, has been a cybersecurity professional for more than 25 years, and is an active part of the cybersecurity community, especially in ICS/OT (BEER-ISAC #046). Focusing exclusively on ICS/OT cybersecurity since 2003, he has helped many of the world's largest energy companies, worked for cybersecurity companies such as Symantec, Kaspersky Lab, and Industrial Defender, and has published multiple technical papers and training courses on ICS/OT cybersecurity vulnerability assessment, penetration testing, and risk management. Clint hopes to revolutionize the industry approach to cybersecurity education and help usher in the next generation of cybersecurity professionals, using gamification. His flagship product, ThreatGEN® Red vs. Blue, is the world's first online multiplayer cybersecurity computer game, designed to teach real-world cybersecurity.Main Discussion Points- Industrial Cybersecurity- Gamification of Cybersecurity Awareness- Building Knowledge in CybersecurityTheme: Industrial CybersecurityManufacturing Hub Episode 50.Special thanks to our sponsors Phoenix Contact for the support.The mGuard family from Phoenix Contact is designed to provide cybersecurity protection and network resilience in all rugged and industrial environments.  Combining features of a stateful-packet-inspection firewall, NAT Router, and an end-point security appliance, the mGuards were engineered to be both IT and OT friendly.  With features such as Firewall Assistant and Easy Protect mode, the mGuards are simple to configure securely while still providing unassailable protection for your critical assets. Relevant Ressources- DEF CON Groups | https://forum.defcon.org/social-groups- AWASP Foundation | https://owasp.org/- InfraGard | https://www.infragard.org/Recommended Materials- BEERISAC Podcast | https://podcasts.apple.com/us/podcast/beerisac-ot-ics-security-podcast-playlist/id1459741251- Industrial Cybersecurity: Efficiently secure critical infrastructure systems 1st Edition | https://amzn.to/3tv7Rcu- Industrial Cybersecurity: Efficiently monitor the cybersecurity posture of your ICS environment, 2nd Edition | https://amzn.to/3hSxUFvConnect with UsClint Bodungen | https://www.linkedin.com/in/clintb/Vlad Romanov | https://www.linkedin.com/in/vladromanov/Dave Griffith | https://www.linkedin.com/in/davegriffith23/Manufacturing Hub | https://www.linkedin.com/company/manufacturing-hub-podcast/Let Us Know What You ThinkIf you enjoyed the show, it would mean the world to us if you could leave us a review: https://podcasts.apple.com/us/podcast/manufacturing-hub/id1546805573#manufacturing #automation #cybersecurity

Paul's Security Weekly
Sous Vide Your Spam - PSW #729

Paul's Security Weekly

Play Episode Listen Later Feb 25, 2022 196:02


This week, we start the show off with the Security News for this week: Unskilled hacker linked to years of attacks on aviation, transport sectors, The Elite Hackers of the FSB, Bionic Eyes Go Dark, Herpaderping, & more! Next up, we welcome Chris Sistrunk, Technical Manager of ICS/OT at Mandiant, for an interview about Blaming Stuxnet! Last up, a pre-recorded interview featuring Josh Corman!   Show Notes: https://securityweekly.com/psw729 Segment Resources: Presentations: https://www.slideshare.net/chrissistrunk   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Paul's Security Weekly (Podcast-Only)
Sous Vide Your Spam - PSW #729

Paul's Security Weekly (Podcast-Only)

Play Episode Listen Later Feb 25, 2022 196:02


This week, we start the show off with the Security News for this week: Unskilled hacker linked to years of attacks on aviation, transport sectors, The Elite Hackers of the FSB, Bionic Eyes Go Dark, Herpaderping, & more! Next up, we welcome Chris Sistrunk, Technical Manager of ICS/OT at Mandiant, for an interview about Blaming Stuxnet! Last up, a pre-recorded interview featuring Josh Corman!   Show Notes: https://securityweekly.com/psw729 Segment Resources: Presentations: https://www.slideshare.net/chrissistrunk   Visit https://www.securityweekly.com/psw for all the latest episodes! Visit https://securityweekly.com/acm to sign up for a demo or buy our AI Hunter! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

@BEERISAC: CPS/ICS Security Podcast Playlist
Episode 306 - Assessing Risk in ICS Environments

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jan 24, 2022 35:47


Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2.5% what is this?)Episode: Episode 306 - Assessing Risk in ICS EnvironmentsPub date: 2022-01-23Ransomware has captured the attention of many due to its far-reaching impacts on industrial control systems (ICS). Once a problem that only affected IT infrastructure, ransomware that now targets ICS / OT can significantly impact or even shut-down control processing, logistics, distribution, and delivery of critical goods. We speak with Dr. Tom Winston, Director of Intelligence with Dragos Inc, based in Virginia. Dr. Winston is a Cyber Security subject matter expert focused on threats to critical infrastructure (ICS/SCADA) systems, as well as foreign cyber threat intelligence and threat analysis. Tom has extensive public and private sector experience in IT/OT threat environments to include hunting, detection engineering and reverse engineering. Tom has extensive experience in mobile devices, removable/fixed media digital forensics. Tom is also a seasoned manager of people, technology, projects, and programs. Multilingual, and with extensive experience in international relations, intelligence, and foreign policy analysis. Dr Winston has extensive private and public sector experience in IT/OT threat environments to include hunting, detection engineering and reverse engineering. Formerly, a highly sought after and award-winning professor Dr Winston was an undergraduate and graduate student advocate and champion; student success is critical - not just in school, but after graduation as well. He built cyber security engineers one student at a time and continues to assist them even well past their graduation by providing career and other professional guidance.Recorded 18 January 2022 courtesy of Dragos.To view the video version visit https://mysecuritymarketplace.com/av-media/assessing-risk-in-ics-environments/Further readingBlog post – Tom WinstonAssessing Ransomware Risk in IT and OT Environmentshttps://www.dragos.com/blog/industry-news/assessing-ransomware-risk-in-it-and-ot-environments/Blog post – DragosAssessment of Ransomware Event at US Pipeline Operatorhttps://www.dragos.com/blog/industry-news/assessment-of-ransomware-event-at-u-s-pipeline-operator/Blog post – Sergio CaltagironeRecent Ransomware Attacks against Governments and Critical Infrastructurehttps://www.dragos.com/blog/industry-news/recent-ransomware-attacks-against-governments-and-critical-infrastructure/Webinar recording – Tom WinstonProtect your ICS environments from Ransomware with Risk Assessmentshttps://www.dragos.com/resource/protect-your-ics-environment-from-ransomware/#ICS #OTcybersecurity #cybersecurity #insiderthreatThe podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Cyber Security Weekly Podcast
Episode 306 - Assessing Risk in ICS Environments

Cyber Security Weekly Podcast

Play Episode Listen Later Jan 23, 2022


Ransomware has captured the attention of many due to its far-reaching impacts on industrial control systems (ICS). Once a problem that only affected IT infrastructure, ransomware that now targets ICS / OT can significantly impact or even shut-down control processing, logistics, distribution, and delivery of critical goods. We speak with Dr. Tom Winston, Director of Intelligence with Dragos Inc, based in Virginia. Dr. Winston is a Cyber Security subject matter expert focused on threats to critical infrastructure (ICS/SCADA) systems, as well as foreign cyber threat intelligence and threat analysis. Tom has extensive public and private sector experience in IT/OT threat environments to include hunting, detection engineering and reverse engineering. Tom has extensive experience in mobile devices, removable/fixed media digital forensics. Tom is also a seasoned manager of people, technology, projects, and programs. Multilingual, and with extensive experience in international relations, intelligence, and foreign policy analysis. Dr Winston has extensive private and public sector experience in IT/OT threat environments to include hunting, detection engineering and reverse engineering. Formerly, a highly sought after and award-winning professor Dr Winston was an undergraduate and graduate student advocate and champion; student success is critical - not just in school, but after graduation as well. He built cyber security engineers one student at a time and continues to assist them even well past their graduation by providing career and other professional guidance.Recorded 18 January 2022 courtesy of Dragos.To view the video version visit https://mysecuritymarketplace.com/av-media/assessing-risk-in-ics-environments/Further readingBlog post – Tom WinstonAssessing Ransomware Risk in IT and OT Environmentshttps://www.dragos.com/blog/industry-news/assessing-ransomware-risk-in-it-and-ot-environments/Blog post – DragosAssessment of Ransomware Event at US Pipeline Operatorhttps://www.dragos.com/blog/industry-news/assessment-of-ransomware-event-at-u-s-pipeline-operator/Blog post – Sergio CaltagironeRecent Ransomware Attacks against Governments and Critical Infrastructurehttps://www.dragos.com/blog/industry-news/recent-ransomware-attacks-against-governments-and-critical-infrastructure/Webinar recording – Tom WinstonProtect your ICS environments from Ransomware with Risk Assessmentshttps://www.dragos.com/resource/protect-your-ics-environment-from-ransomware/#ICS #OTcybersecurity #cybersecurity #insiderthreat

Simply Cyber
Everything ICS / OT Cybersecurity with Clint Bodungen

Simply Cyber

Play Episode Listen Later Dec 11, 2021 64:07


In this interview we are talking with ICS/OT cybersecurity expert Clint Bodungen (who is also the author of the best selling book "Hacking Exposed: ICS") about the industrial control system and operational technology world of cybersecurity.

Control System Cyber Security Association International: (CS)²AI
15: Running a Successful Cyber Security Company with Clint Bodungen

Control System Cyber Security Association International: (CS)²AI

Play Episode Listen Later Nov 30, 2021 70:37


Today, Derek Harp is excited to have Clint Bodungen, the Founder and CEO of ThreatGEN, joining him for an episode of the Security Leader interview series. Clint is an inspiring and creative individual who has been working in the cybersecurity industry for more than 25 years. He is a founder, entrepreneur, gamer, game designer, teacher, researcher, professor, martial artist, and father.  Clint Bodungen is the lead author of Hacking Exposed: Industrial Control Systems and creator of the ThreatGEN® Red vs. Blue cybersecurity gamification platform. He is a United States Air Force veteran and an active part of the cybersecurity community. Since 2003, his focus has been exclusively on ICS/OT cybersecurity, and he has helped many of the world's largest energy companies. Clint has worked for Symantec, Kaspersky Lab, and Industrial Defender and has published many technical papers and training courses on ICS/OT cybersecurity vulnerability assessment, penetration testing, and risk management. While growing up, Clint was both technically inclined and artistic. He wanted to study commercial art and graphic design but started studying theatre and movie special effects instead. After a while, he switched to studying art, and soon after that, he quit his studies to join the Air Force. While in the military, he was allowed to learn about computers and computer security.  In today's episode of the (CS)²AI Podcast, Clint tells his inspiring story and shares some great nuggets of advice for getting ahead in your career, finding opportunities, and running a successful company! He talks about his love of gaming and other interests while growing up. He discusses his studies, joining the Air Force, mentorship, the turning point in his career when he learned about industrial systems for the first time, and the process of writing his book, Hacking Exposed: Industrial Control Systems.  Stay tuned! You won't want to miss this nugget-filled and inspiring episode!  Show highlights: Clint's love of games and technology started when his family got an Atari in the early 1980s. (5:28) His mom introduced him to one of her co-workers, a programmer. That got him interested in programming. (6:54) Deciding to quit studying art and join the Air Force. (10:23) What made Clint decide to join the military? (12:13) Clint got the opportunity to start working on internet networks and learn about computers and computer security in 1995, while in the military. (15:26) Clint and his colleague became interested in hacking in the mid-1990s. (16:27) Clint talks about what prompted him to leave the military and discusses what he would have done differently today. (18:38) Clint shares some nuggets of advice for anyone considering a career in computer security or technology. (22:45) Much of what we learn comes from experience rather than books or classrooms. (25:40) Clint talks about mentorship and how he got mentored by a hacker. (29:05) The turning point in Clint's career was when he got the opportunity to cross-train and write intrusion detection system codes with some of the developers at Symantec. (38:34) When Clint learned about industrial systems for the first time. (42:00) Writing papers and sharing his knowledge gave Clint a lot of exposure and the opportunity to give something back to his community. (47:53) Clint talks about the process of writing his book, Hacking Exposed: Industrial Control Systems. (52:02) Clint shares some of the nuggets he learned along the way in his career. (1:03:38) Mentioned in this episode: Our Sponsors: We'd like to thank our sponsors for their faithful support of this podcast. Without their support we would not be able to bring you this valuable content. We'd appreciate it if you would support these companies because they support us! Network Perception Waterfall Security Tripwire KPMG Cyber Join CS2AI Join the largest organization for cybersecurity professionals.

@BEERISAC: CPS/ICS Security Podcast Playlist
15: Running a Successful CyberSecurity Company with Clint Bodungen

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Nov 30, 2021 69:23


Podcast: Control System Cyber Security Association International: CS2AIEpisode: 15: Running a Successful CyberSecurity Company with Clint BodungenPub date: 2021-11-30Today, Derek Harp is excited to have Clint Bodungen, the Founder and CEO of ThreatGEN, joining him for an episode of the Security Leader interview series. Clint is an inspiring and creative individual who has been working in the cybersecurity industry for more than 25 years. He is a founder, entrepreneur, gamer, game designer, teacher, researcher, professor, martial artist, and father. Clint Bodungen is the lead author of Hacking Exposed: Industrial Control Systems and creator of the ThreatGEN® Red vs. Blue cybersecurity gamification platform. He is a United States Air Force veteran and an active part of the cybersecurity community. Since 2003, his focus has been exclusively on ICS/OT cybersecurity, and he has helped many of the world's largest energy companies. Clint has worked for Symantec, Kaspersky Lab, and Industrial Defender and has published many technical papers and training courses on ICS/OT cybersecurity vulnerability assessment, penetration testing, and risk management.While growing up, Clint was both technically inclined and artistic. He wanted to study commercial art and graphic design but started studying theatre and movie special effects instead. After a while, he switched to studying art, and soon after that, he quit his studies to join the Air Force. While in the military, he was allowed to learn about computers and computer security. In today's episode of the (CS)²AI Podcast, Clint tells his inspiring story and shares some great nuggets of advice for getting ahead in your career, finding opportunities, and running a successful company! He talks about his love of gaming and other interests while growing up. He discusses his studies, joining the Air Force, mentorship, the turning point in his career when he learned about industrial systems for the first time, and the process of writing his book, Hacking Exposed: Industrial Control Systems. Stay tuned! You won't want to miss this nugget-filled and inspiring episode! Show highlights:Clint's love of games and technology started when his family got an Atari in the early 1980s. (5:28)His mom introduced him to one of her co-workers, a programmer. That got him interested in programming. (6:54)Deciding to quit studying art and join the Air Force. (10:23)What made Clint decide to join the military? (12:13)Clint got the opportunity to start working on internet networks and learn about computers and computer security in 1995, while in the military. (15:26)Clint and his colleague became interested in hacking in the mid-1990s. (16:27)Clint talks about what prompted him to leave the military and discusses what he would have done differently today. (18:38)Clint shares some nuggets of advice for anyone considering a career in computer security or technology. (22:45)Much of what we learn comes from experience rather than books or classrooms. (25:40)Clint talks about mentorship and how he got mentored by a hacker. (29:05)The turning point in Clint's career was when he got the opportunity to cross-train and write intrusion detection system codes with some of the developers at Symantec. (38:34)When Clint learned about industrial systems for the first time. (42:00)Writing papers and sharing his knowledge gave Clint a lot of exposure and the opportunity to give something back to his community. (47:53)Clint talks about the process of writing his book, Hacking Exposed: Industrial Control Systems. (52:02)Clint shares some of the nuggets he learned along the way in his career. (1:03:38)The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

InSecurity
Clint Bodungen and Brian Proctor: How At Risk is our Critical Infrastructure?

InSecurity

Play Episode Listen Later Sep 8, 2021 59:17


      On this Very Special Episode, Matt Stephenson brings in ThreatGEN Founder/CEO and Hacking Exposed: Industrial Control Systems author Clint Bodungen alongside Forescout Technologies Inc. Principal OT Strategist Brian Proctor for a sit-down. We take a hard look at the state of security for Operational Technology, Blue and Red teaming for OT, the cybersecurity Skills Gap and a few other things.     About Clint Bodungen Clint Bodungen (@R1ngZer0) is a world-renowned industrial cybersecurity expert, public speaker, published author, and cybersecurity gamification pioneer. He is the lead author of Hacking Exposed: Industrial Control Systems, and creator of the ThreatGEN Red vs. Blue cybersecurity gamification platform. He is a United States Air Force veteran, has been a cybersecurity professional for more than 25 years, and is an active part of the cybersecurity community, especially in ICS/OT (BEER-ISAC #046). Focusing exclusively on ICS/OT cybersecurity since 2003, he has helped many of the world's largest energy companies, worked for cybersecurity companies such as Symantec, Kaspersky Lab, and Industrial Defender, and has published multiple technical papers and training courses on ICS/OT cybersecurity vulnerability assessment, penetration testing, and risk management.   Clint hopes to revolutionize the industry approach to cybersecurity education, and help usher in the next generation of cybersecurity professionals, using gamification. His flagship product, ThreatGEN Red vs. Blue, is the world's first online multiplayer cybersecurity computer game, designed to teach real-world cybersecurity.     About Brian Proctor Brian Proctor (@brianproctor67) is the Principal OT Strategist at Forescout. He spent the majority of his previous professional life as an ICS/SCADA cybersecurity engineer and cybersecurity team lead working for two progressive California Investor Owned Utilities (IOUs). In joined an ICS security startup which was then acquired by Forescout Technologies. Brian jumped to the vendor side to promote the benefits ICS/SCADA/DCS threat detection, network security monitoring, and visualization capabilities can bring critical infrastructure asset owners. He is passionate about helping the ICS security community in any way possible and trying to make a difference for the greater good of our industry and country.     About Matt Stephenson Matt Stephenson (@packmatt73) leads the Social Media team at Forescout, which puts me in front of people all over the world. Prior to joining Forescout, I hosted podcasts, videos and live events all over the world which put me with experts on every corner of the cybersecurity landscape. The new No Name Security Podcast will continue and expand upon that tradition as we seak out the leading minds in the security industry as well as those may break things every now again. And… just for fun, there will be some wildcard guests as well.   In 10 years in the ecosystem of Data Protection and Cybersecurity I have toured the world extolling the virtues of Artificial Intelligence and Machine Learning and how, when applied to information security, these technologies can wrong-foot the bad guys. Prior to the COVID shutdown, I was on the road over 100 days a year doing live malware demonstrations for audiences from San Diego to DC to London to Abu Dhabi to Singapore to Sydney. One of the funniest things I've ever been a part of was blowing up a live instance of NotPetya 6 hours after the news broke... in Washington DC... directly across the street from FBI HQ... as soon as we activated it a parade of police cars with sirens blaring roared past the building we were in. I'm pretty sure they weren't there for us, but you never know...   Whether at in person events, live virtual events or podcasting, I get to interview interesting people doing interesting things all over the world of cybersecurity and the extended world of hacking. Sometimes, that means hacking elections or the coffee supply chain... other times that means social manipulation or the sovereign wealth fund of a national economy.   Wherever I go, my job is all about talking with the people who build, manage or wreck the systems that we have put in place to make the world go round...   If you tuned in to any of my previous podcasts, there's great news! The No Name Security Podcast is here! I will be bringing the same kind of energy and array of guests you know and love. Best part? We're still at the same spot. You can find it at Spotify, Apple, Amazon Music & Audible as well as, GooglePlay, Gaana, Himalaya, I Heart Radio and wherever you get your podcasts!   Make sure you Subscribe, Rate and Review!

MarketScale Technology
Parabellum: OT Security Starts with Visibility, Solving Technology and Organizational Blindspots

MarketScale Technology

Play Episode Listen Later Apr 28, 2020 50:45


In this webinar from February 2019, Sharon Rosenman, Cyberbit's VP of Marketing was joined by Alon Nachmany, Cyberbit ICS Security Expert, and Cecil Pineda, former CISO of DFW Airport and CISO/Managing Director of Cyber Watch Systems. This webinar took participants through an overview of OT visibility and challenges, presented a CISO Case Study on managing a converged IT/OT network, provided approaches to securing IT/OT environments, presented a case study on smart building security project, and wrapped up with a Q&A session. Nachmany discussed visibility and the OT security challenge. He mentioned several examples of major attacks on ICS / OT systems from 2013-2018. Pineda discussed his prior experience working in cyber security at DFW airport and laid out the numerous systems at risk. “Think of the airport cyber security, not just the cybersecurity side, the IT and the OT side; it's almost like an orchestra, everything has to be in synch with each other," Pineda said. Pineda continued his presentation by presenting the technical challenges of multiple IT, OT and IoT Systems in a typical airport, and how he and his team addressed those challenges. Next, Rosenman and Nachmany covered Securing the Converged IT/OT Environment. Nachmany walked through several key steps, which included: Enhancing IT Security, revisiting network architecture, obtaining full OT visibility, creating a baseline for OT anomaly, and consolidating OT and IT incident management with SOA. The webinar concluded with a Q&A session with all three speakers.