Podcasts about ics ot

Podcast: ICS Arabia PodcastEpisode: Secure Deployment in OT | 57Pub date: 2025-12-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationJoined by Marco (Marc) Ayala on ICS Arabia Podcast

Podcast: ICS Arabia PodcastEpisode: Hands-On ICS/OT Testbeds | 18Pub date: 2025-11-26Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationJoin Us Dr. Sridhar Adepu from University of Bristol . as we delve into the Bristol University-developed testbed by The Bristol Cyber Security Group. We'll cover specifications, physical processes, software, cybersecurity, training, and explore the ICS/OT capture the flag (CTF) challenges conducted in this lab. The podcast and artwork embedded on this page are from ICS ARABIA PODCAST, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: ICS Arabia PodcastEpisode: Labshock | 51Pub date: 2025-11-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationZakhar has given the OT security community something truly special — LabShock, a free and open OT testbed that anyone can use to gain hands-on experience in ICS/OT cybersecurity. No hardware required. No excuses.The podcast and artwork embedded on this page are from ICS ARABIA PODCAST, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Simply ICS CyberEpisode: S2 E8: The Value of ICS & OT ExercisesPub date: 2025-11-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Simply ICS Cyber, Don and Tom welcome Sam Blaney, retired Chief Warrant Officer (CW3) from the Georgia National Guard and current cybersecurity professor at the University of North Georgia.Sam shares insights from his career building and leading Cyber Protection Team 170, his transition into teaching, and his continued work helping state and local governments strengthen cybersecurity.The conversation digs into Sam's recent experience coaching students at the Department of Energy CyberForce Competition, where the University of North Georgia team defended a simulated offshore drilling platform with both IT and OT components.Sam discusses what made the event realistic, how students approached identity and access management, OT network analysis, and what they learned about preparation, tooling, and industrial control system challenges.The group also explores:- Effective defense preparation for cyber competitions- Building and tuning SIEM tools for constrained environments- The value of exercises like CCDC and CyberShield- How multidisciplinary tabletops improve communication across organizations- The increasing role of AI in attack and defense, including the Anthropic AI-assisted malware research- Concerns about AI-driven automation, skill multiplier effects, and the importance of understanding fundamentalsResources:Sam Blaney: https://www.linkedin.com/in/samblaney65/University of North Georgia: https://ung.edu/DOE CyberForce Program: https://cyberforce.energy.gov/ US CyberCom: https://www.cybercom.mil/National Guard Cyber Defense Team: https://www.nationalguard.mil/Portals/31/Resources/Fact%20Sheets/Cyber%20Defense%20Team%202022.pdfNational Guard CyberShield: https://www.dvidshub.net/feature/CyberShield25Anthropic Malware Write-up: https://www.anthropic.com/news/disrupting-AI-espionage=========================

Podcast: ICS Arabia PodcastEpisode: Conversations on OT Cybersecurity with Anton Shipullin | 17Pub date: 2025-11-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationJoin Dr Sulaiman Alhasawi for an interesting conversation as he sits down with Anton Shipullin. In this interview, we delve into Anton's extensive experience and invaluable contributions to the community of ICS/OT cybersecurity. From his insights on OT cybersecurity in Russia to Dubai , we explore the multifaceted aspects of his journey.Anton has confounded BEERISAC podcast and RUSCADASEC.com and he has worked with international OT Cybersecurity companies , such as Kaspersky and Nozomi Networks. We touch upon his evangelism efforts, shedding light on how he spreads awareness about the significance of ICS/OT cybersecuritThe podcast and artwork embedded on this page are from ICS ARABIA PODCAST, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Simply ICS CyberEpisode: S2 E7: ICS/OT Security Operations CentersPub date: 2025-11-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThe growing need for visibility and response in industrial environments is driving more organizations to consider ICS/OT Security Operations Centers — but what does that actually look like for small and medium-sized operations?In this episode of Simply ICS Cyber, Don and Tom sit down with Dan Gunter, CEO and founder of Insane Cyber, to discuss how ICS/OT SOCs function, what data truly matters for monitoring, and how incident response changes when operators have (or don't have) the right information at hand.Drawing on experience from the Air Force CERT to founding an OT-focused security company, Dan shares a practical look at the realities of SOC implementation across industries — from utilities with limited staff to large-scale enterprises managing thousands of assets.Listeners will gain insight into how to start building visibility, selecting the right MSSP partners, and managing SOC fatigue — all while keeping industrial operations safe and resilient.⚙️ Tune in to learn how data, process, and people come together to make ICS/OT SOCs work in the real world.Connect with Dan on LinkedIn: https://www.linkedin.com/in/dan-gunter

Podcast: Simply ICS CyberEpisode: S2 E6: Keeping Up With ICS Threat IntelligencePub date: 2025-10-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThe industrial threat landscape never stands still — and neither can defenders. In this episode of Simply ICS Cyber, Don and Tom sit down with Joe Slowik, a globally recognized expert in cyber threat intelligence (CTI), detection engineering, and incident response for ICS, OT, and critical infrastructure environments.With over 15 years of experience spanning offensive operations, threat research, and leadership roles in both government and private sectors, Joe brings an unparalleled perspective on how adversaries target industrial systems — and how defenders can stay ahead.Listeners will hear how Joe's work connects cutting-edge artificial intelligence and detection development with the real-world challenges of protecting operational environments. His insights reveal where the next evolution of ICS threat intelligence is headed — and what teams should focus on now to stay resilient.⚙️ Tune in to learn how threat intelligence is evolving across industrial control systems and what it takes to keep pace in a rapidly changing landscape.Connect with Joe on LinkedIn: Joe Slowikhttps://www.linkedin.com/in/joe-slowik

Podcast: Simply ICS CyberEpisode: S2 E5: Evolving Vendor and Integrator Cybersecurity in ICS/OTPub date: 2025-10-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSelecting and managing ICS/OT cybersecurity vendors and integrators isn't just a procurement step - it's a strategic decision that shapes resilience, compliance, and long-term security outcomes. The best approach depends on organization size, resources, and security objectives.In this episode, Don and Tom are joined by Saltanat Mashirova, OT Cybersecurity Lead at CPX and OTCEP member with the Cyber Security Agency of Singapore. Salt brings deep global expertise across cybersecurity risk assessments (csHAZOP), ISA/IEC 62443 compliance, OT/ICS product development, governance, training, and the integration of both brownfield and greenfield assets.They'll also dive into how these challenges play out in industries like oil & gas, mining, energy, manufacturing, and more - where vendor and integrator choices can directly impact both safety and business outcomes.Salt shares her perspective as an industry-recognized leader, speaker, and award-winner (Top 40 Under 40 in Cybersecurity, SC Media “Women to Watch,” and more), with experience guiding global projects and engaging with everyone from engineers to CEOs.

Podcast: Simply ICS CyberEpisode: S2 E4: Industrial Security Alongside a WarzonePub date: 2025-09-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIndustrial control systems (ICS) and operational technology (OT) are the backbone of modern society—powering electricity, water, gas, communications, manufacturing, chemicals, and even medical technology. But what happens when these systems must be secured in the middle of a warzone?On this episode of Simply ICS Cyber, hosts Don C. Weber and Tom VanNorman sit down with special guest Patrick C. Miller, President & CEO of Ampyx Cyber, a company dedicated to protecting the industrial world.Learn more about:The challenges of defending critical infrastructure in conflict environmentsReal-world insights from one of the most experienced leaders in ICS/OT securityWhy these conversations are vital for the future of cybersecurityThis is a rare opportunity to hear experts break down industrial cybersecurity in the harshest conditions. Whether you're in IT, OT, or just want to understand the stakes, you'll walk away with practical lessons and a deeper appreciation of what's at risk.Connect with Patrick on LinkedIn: https://www.linkedin.com/in/millerpatrickc/Episode Links:-The 5 Critical Controls: https://www.sans.org/white-papers/five-ics-cybersecurity-critical-controls - KEV: https://www.cisa.gov/known-exploited-vulnerabilities

Podcast: Simply ICS CyberEpisode: Maritime Cybersecurity Threats & Critical InfrastructurePub date: 2025-09-10Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Simply ICS Cyber, co-hosts Don C. Weber and Tom VanNorman are joined by maritime and energy cybersecurity expert Marco (Marc) Ayala — vOT-CISO, Senior Principal Advisor for Energy, Oil, and Gas at the Cyber Infrastructure Protection Innovation Center (CIPIC), President of InfraGard Houston Members Alliance, and National Sector Chief of Energy for InfraGard.Marc has spent his career at the intersection of ICS/OT security, maritime operations, and critical infrastructure protection. His work includes advancing cybersecurity for the energy and oil & gas industries, driving innovation at CIPIC, and building collaborative bridges between public and private sectors to defend against nation-state and criminal threats.If you're interested in the challenges of maritime cyber resilience, industrial control systems, operational technology, or energy sector defense, this episode offers rare insights from one of the field's most active leaders.Connect with Marc on LinkedIn: https://www.linkedin.com/in/marco-marc-ayala-a3b26934Episode Links:InfraGuard: https://www.infragardnational.org/ISA Fellows: https://www.isa.org/membership/recognition/fellowsPort of Corpus Christi, Texas: https://portofcc.com/Port of Galveston, Texas: https://www.portofgalveston.com/Port of Houston, Texas: https://porthouston.com/

Podcast: Simply ICS CyberEpisode: S2 E2: Securing the Grid: Substation SecurityPub date: 2025-08-27Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Simply ICS Cyber, Don C. Weber and Tom VanNorman sit down with Chris Sistrunk to dive into the challenges and realities of Substation Security.  Chris, now a Technical Leader at ⁨Mandiant⁩ & Google Cloud Security, brings years of experience from his time at Entergy, where he specialized in Transmission & Distribution SCADA systems and cybersecurity labs. He's a recognized leader in ICS/OT security and an active contributor to the community through events like DEF CON's ⁨ICS Village⁩ and BEER-ISAC.  Join us as we discuss securing critical infrastructure, modern threats to substations, and what defenders need to know to stay ahead.  Tune in to get expert insights into protecting the grid.  Connect with Chris on LinkedIn: https://www.linkedin.com/in/chrissistrunk Episode Links: https://cloud.google.com/blog/topics/threat-intelligence/securing-protection-relays-modern-substations https://techcrunch.com/2025/07/14/mark-zuckerberg-says-meta-is-building-a-5gw-ai-data-center/ Connect with your hosts on LinkedIn:- Don https://linkedin.com/in/cutaway- Tom https://linkedin.com/in/thomasvannorman=========================Simply Cyber empowers people who want a rewarding cybersecurity career=========================Presented by Simply Cyber Media Group=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/SocialsThe podcast and artwork embedded on this page are from Simply Cyber Media Group, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Simply ICS CyberEpisode: S1 E5: Incident Response in ICS/OT/SCADAPub date: 2025-04-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationHow does Incident Response in ICS/OT/SCADA work? In this episode of Simply ICS Cyber, Don and Tom welcome Kai Thomsen, Director of Global Incident Response Services at Dragos.Join us as we answer the questions below and provide more insight into how IR works in OCS, OT, and SCADA:- Is DFIR the same on the OT side as the IT side?- What are some of the challenges the OT DFIR team faces?- In an organization, who is responsible for OT incident response?- What are table tops, how should you conduct them?- What are some table top exercises?- How do you get into OT DFIR?Discover the Dragos 2025 YIR Report: https://www.dragos.com/ot-cybersecurity-year-in-reviewConnect with Kai on LinkedIn: https://www.linkedin.com/in/kai-thomsen-a635b21b7Check out the Incident Response Table top resources below:- CISA Tabletop Exercise Packages (CTEPs)- CISA ICS Training- Dean Parson's ICS Incident Response Tabletops- Lenny Zeltser Cheat Sheets and Presentations- NERC's Grid Security Exercise (GridEx) - MITRE Cyber Exercise Playbook- Black Hills Information Security (BHIS) Backdoors and Breaches ICS/OT Deck- Center for Internet Security, Tabletop Exercises – Six Scenarios to Help Prepare Your Cybersecurity Team- Red Canary: Are You Using Tabletop Simulations to Improve Your Information Security Program?- Dragos: Preparing for Industrial Cyber Response Tookit- Dragos: Preparing for Incident Handling and Response in ICS- Dragos Tabletop Exercise- ICS4ICS Incident Command System for Industrial Control Systems- European Network for Cyber Security (ENCS) Red Team – Blue Team TrainingJoin us every other Wednesday for Season 1 of the Simply ICS Cyber podcast, with your hosts, Don C. Weber and Tom VanNorman.Connect with your hosts on LinkedIn:- Don linkedin.com/in/cutaway- Tom linkedin.com/in/thomasvannorman=========================Simply Cyber empowers people who want a rewarding cybersecurity career=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/SocialsThe podcast and artwork embedded on this page are from Simply Cyber Media Group, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Simply ICS CyberEpisode: S1 E2: How to get started in ICS, OT and SCADAPub date: 2025-03-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn episode 2 of Simply ICS Cyber, we answer the following questions for those interested in starting a career in ICS (industrial control systems), OT (operational technology):- What is Capex vs Opex? And, why does it matter when getting a job?- What is the compensation versus actual pay?- What does the OT side consider as important skills?- How are the rising FTE and consultant wages affecting winning ICS/OT work? Links to learn more about ICS, OT, SCADA:- ICS Village: https://www.icsvillage.com - Contact ICS Village: https://www.icsvillage.com/contact-us - NICE Framework (Find OT in the Competency Areas): https://niccs.cisa.gov/workforce-development/nice-framework - SANS ICS NICE: https://www.sans.org/nice-framework/industrial-control-systems Join us every other Wednesday for Season 1 of the Simply ICS Cyber podcast, with your hosts, Don C. Weber and Tom VanNorman.Connect with your hosts on LinkedIn:- Don https://www.linkedin.com/in/cutaway - Tom https://www.linkedin.com/in/thomasvannorman =========================Simply Cyber empowers people who want a rewarding cybersecurity career=========================All the ways to connect with Simply Cyber https://SimplyCyber.io/Socials=========================The podcast and artwork embedded on this page are from Simply Cyber Media Group, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Simply ICS CyberEpisode: S1 E1: Intro to ICS, OT, and SCADAPub date: 2025-02-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome to the first episode of Simply ICS Cyber! Tune in every other Wednesday for new episodes premiering at 9:30 AM ET.Learn more about what to expect in this episode below:- Who are Don and Tom?- What are industrial and automation controls and why are they important?- What are these terms? ICS, OT, 62443, countermeasures, PLC, DCS- Why is cybersecurity different in OT versus IT?Join us every other Wednesday for Season 1 of the Simply ICS Cyber podcast, with your hosts, Don C. Weber and Tom VanNorman.Connect with your hosts on LinkedIn:- Don https://www.linkedin.com/in/cutaway- Tom https://www.linkedin.com/in/thomasvannorman=========================Simply Cyber empowers people who want a rewarding cybersecurity career=========================All the ways to connect with Simply Cyberhttps://SimplyCyber.io/Socials=========================The podcast and artwork embedded on this page are from Simply Cyber Media Group, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Driving OT Security Innovation: AI, Risk Reduction, and the Future of Critical InfrastructurePub date: 2025-06-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome back to Protect It All! In this episode, host Aaron Crow sits down with longtime friend and OT cybersecurity veteran Brian Proctor for a deep dive into the current state—and future—of the OT cyber landscape. Together, they trade stories from the front lines, reflecting on how their early experiences as asset owners shaped their passion for innovation and helping critical infrastructure run safely and securely. Brian, whose career spans roles from OT engineer to startup co-founder, opens up about his journey—highlighting his drive to push the boundaries of traditional OT security and the evolution of key industry technologies. The conversation explores everything from the persistent lack of innovation in OT, to AI's growing role in tackling the daunting challenges of risk reduction, visibility, and scaling assessments across sprawling environments. If you've ever wondered how new tech like AI is reshaping industrial cybersecurity, why “we've always done it this way” just doesn't cut it anymore, or how organizations can realistically stay ahead without breaking the bank, this episode delivers honest insights, practical advice, and a look toward an exciting, if sometimes daunting, future. So grab your headphones and settle in as Aaron and Brian share stories, hot takes, and strategies designed to protect it all—because in critical infrastructure, the stakes have never been higher. Key Moments:  06:45 OT Cyber Industry Evolution 11:57 Evolving Challenges in OT Security 19:34 Bridging the OT Security Skills Gap 21:54 Enhancing OT Security Understanding 30:46 AI Model Security Challenges 34:26 Rapid Scaling for Site Assessments 40:56 Simulating Cyber Threat Responses 47:19 Operational Priorities: Equipment vs. Cyber Tools 49:30 Focus on Meaningful Security Metrics 56:30 Rapid AI Adoption vs. Internet 01:02:12 Cybersecurity: Small Targets are Vulnerable About the guest :  Brian Proctor is a cybersecurity leader with over 20 years of experience protecting critical infrastructure across energy, industrial automation, and operational technology sectors. As the co-founder and CEO of Frenos, he empowers critical infrastructure operators to proactively secure their environments against evolving cyber threats. Brian built his foundation in ICS/OT cybersecurity during his 13+ year tenure at two progressive California Investor Owned Utilities, San Diego Gas & Electric and Southern California Edison serving the 2nd and 8th largest cities in the United States. He managed a team of 15 security engineers and researchers across 150+ projects, established OT security roadmaps, and co-invented an R&D Magazine Top 100 award-winning GPS anti-spoofing mitigation technology that earned him a patent. Brian has published IEEE papers on security monitoring, served as Critical Infrastructure Co-Chair for Securing Our eCity, and regularly speaks at conferences to educate and build the ICS/OT cybersecurity community. He holds technical certifications including GICSP, CISSP, and CRISC, along with a Business Administration degree from the University of San Diego. Links:  https://frenos.io/services - Learn more about Optica, the industry's first tech-enabled rapid OT visibility service  https://frenos.io/autonomous-ot-security-assessment-platform - Learn more about how to automate OT security risk assessments Connect Brian : https://www.linkedin.com/in/brianproctor67/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Ron Brash is the Vice President of Industrial Cybersecurity at Exiger, where he leverages over a decade of experience in ICS/OT cybersecurity and embedded vulnerability research. In this episode, he joins host Scott Schober to discuss cybersecurity preparations for the industrial renaissance, including the evolution of threats in recent years, and more. Exiger is revolutionizing the way corporations, government agencies and banks navigate risk and compliance in their third-parties, supply chains and customers through its software and tech-enabled solutions. To learn more about our sponsor, visit https://exiger.com.

Podcast: HOU.SEC.CAST.Episode: Network Monitoring in OT/ICS Environments with Stuart BaileyPub date: 2025-03-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn today's episode Michael and Sam are catching up with Security Consulting Manager, ICS/OT at Accenture, Stuart Bailey! Stuart shares his journey from a career in social work to cybersecurity, the challenges of working on OT environments, and the importance of network monitoring for critical infrastructure. Things Mentioned:·      Romanian energy supplier Electrica hit by ransomware attack - https://www.bleepingcomputer.com/news/security/romanian-energy-supplier-electrica-hit-by-ransomware-attack/·      Stuart's talk - https://youtu.be/wI-7q1RSVZU?si=CaKziboHBHtyberhDo you have a question for the hosts? Reach out to us at podcast@houstonseccon.com Keep up with HOU.SEC.CON:·      LinkedIn·      Twitter·      Facebook·      Instagram·      YouTube·      BlueskyCheck out our other show:·      CyberSundayCheck out our Conferences and Events:·      HOU.SEC.CON.·      OT.SEC.CON.·      EXEC.SEC.CON.·      HSC User GroupSupport or apply to our Scholarship Program:·      TAB Cyber Foundation In this episode:·      Host: Michael Farnum·      Host: Sam Van Ryder·      Guest: Stuart Bailey·      Production and editing: Lauren Lynch·      Music by: August HoneyThe podcast and artwork embedded on this page are from Michael Farnum and Sam Van Ryder, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: PrOTect It All (LS 25 · TOP 10% what is this?)Episode: The Intersection of AI, OT, and Cybersecurity with Sulaiman AlhasawiPub date: 2025-03-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow is joined by Sulaiman Alhasawi, a cybersecurity expert based in Kuwait. Sulaiman shares his journey into OT security, beginning with his PhD research in Liverpool and leading to his creation of ICSrank.com, a search engine for OT devices.    The discussion gets into individuals' unique cybersecurity paths, emphasizing the importance of learning from diverse experiences. They explore the challenges asset owners face in understanding vulnerabilities, the role of AI in cybersecurity, and the international perspective on OT security.    Throughout the episode, Aaron and Sulaiman highlight the significance of community, knowledge sharing, and taking actionable steps to improve cybersecurity posture in critical infrastructure. Whether you're an industry veteran or a newcomer, this episode is packed with insights and practical advice to help you protect it all.   Key Moments:  01:10 Sharing Diverse Experiences 05:44 Simplifying Asset Management Challenges 08:15 Action Transforms Ideas to Value 11:44 Unexpected Targets in Cyber Attacks 13:20 "Obscurity Isn't Security" 16:50 Simplifying Cybersecurity Communication 21:12 Unintended Internet Exposure Risks 24:49 Podcasting for Community Impact 28:53 OT's Vital Role in Hospitals 32:26 Diverse Experiences in Power Plants 35:54 OT Data Integration Priorities 36:55 Prioritizing Safety Over Immediate Updates 42:10 Global Business Resource Allocation Challenges 46:08 Finding Our Podcast & Resources 47:25 Global Unity in Shared Struggles   About The Guest :    Sulaiman Alhasawi is an active researcher  in ICS/OT cybersecurity, with a PhD specializing in securing critical infrastructure. He is the founder of ICSrank.com, a platform dedicated to discovering and assessing security risks in Industrial Control Systems (ICS), Operational Technology (OT), and Industrial IoT. As the host of the ICS Arabia Podcast, Sulaiman brings together global experts to discuss cutting-edge topics in OT security, bridging the gap between research, industry, and real-world cyber threats. His latest research, "How to Find Water Systems on the Internet", was featured in SecurityWeek magazine, shedding light on OSINT techniques used to uncover vulnerable water infrastructure. (Read it here: https://zerontek.com/zt/2024/09/30/how-to-find-water-systems-on-the-internet-a-guide-to-ics-ot-osint/) Follow Sulaiman for insights on ICS/OT security, threat intelligence, and ethical hacking:   ICSrank Website: ICSrank.com ICS Arabia Podcast (X): https://www.youtube.com/@icsarabiapodcast Twitter (X): @alhasawi Linkedin : https://www.linkedin.com/in/alhasawi   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4  The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: PrOTect It All (LS 25 · TOP 10% what is this?)Episode: From Navy to Consulting - Dan Ricci's Unique Perspective on Bridging Security GapsPub date: 2025-02-10Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crowe speaks to Dan Ricci, founder of the ICS Advisory Project, to delve into OT cybersecurity. Dan brings a wealth of experience from his time in the Navy, transitioning through various cybersecurity roles, and finally taking the leap to establish a platform that addresses the complex needs of critical infrastructure sectors.  In this conversation, they explore the genesis of the ICS Advisory Project, a tool designed to streamline vulnerability management for small to medium-sized organizations. Aaron and Dan also discuss the challenges of transitioning from military service to civilian cybersecurity roles, emphasizing the importance of mentorship, risk-taking, and continual self-improvement.  This episode offers valuable insights for anyone in the cybersecurity community and those looking to bridge the gap between IT and OT spheres. Join us as we explore strategies to enhance resilience and share lessons from the field. Key Moments:  09:17 Building Dashboards with Google Studio 14:41 Cybersecurity: Secondary Concern for Operators 20:48 Supporting Small Supply Chain Contributors 23:23  OT Cybersecurity Impact and Mentorship 27:48 Bridging Cybersecurity and Critical Sectors 34:16 Opportunities to Share Project Insights 38:24 Adapting Skills for Career Growth 45:58 Cyber Career Evolution and Growth 56:14 Leadership vs. Management Distinction 01:00:56 Relentless Daily Self-Improvement About the guest :  With over 28 years of Cybersecurity experience, Dan is the Senior Cybersecurity Consultant at Ampyx Cyber, leading engagements with Rural Cooperatives and Utilities to improve their Cybersecurity programs and protect critical infrastructure. In 2023, he founded Industrial Data Works to provide independent consulting and vulnerability intelligence API subscription services.   He is also the founder of the ICS Advisory Project, an open-source initiative to help small and medium-sized ICS asset owners across the 16 critical infrastructure sectors prioritize vulnerabilities and plan mitigation for their ICS/OT environments. He aims to provide free and accessible resources to secure critical infrastructure and protect the public.   Link to Industrial Data Works: https://www.industrialdataworks.com/ics-advisory-project-api   Links to ICS Advisory Project: https://www.icsadvisoryproject.com/   ICS Advisory Project Github Repository: https://github.com/icsadvprj/ICS-Advisory-Project   Receive ICS Advisory Project Weekly Summary Slides and Other CERT & Vendor Advisory Summaries in your email every Monday: https://docs.google.com/forms/d/e/1FAIpQLSfC490BHoCR4gHekZcMLBgbHMhUQZr7ZVYZG1OkaWdKGwH73g/viewform Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Bites & Bytes PodcastEpisode: ICS/OT Trends and the Food We Eat: A Conversation with Mike HolcombPub date: 2025-01-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome to the first episode of the second season of the Award-Winning Bites and Bytes Podcast!  In this episode, host Kristin Demoranville sits down with Mike Holcomb, Fellow of Cybersecurity and ICS/OT Cybersecurity Global Lead for Fluor.  With decades of experience, Mike secures some of the world's largest and most complex ICS/OT environments, from power plants and rail systems to manufacturing and refineries.  A passionate advocate for education and community, Mike has built cybersecurity programs, founded the Upstate SC ISSA Chapter, awarded the CyberSC'sC's MG Lester D. Eisner Award for Cyber Excellence in Leadership for the State of South Carolina, and leads the BSides Greenville & BSides ICS conferences.  Join Kristin and Mike as they discuss the evolving ICS/OT cybersecurity landscape, Mike's journey as a leader in the field, and the unique challenges facing critical infrastructure, including food and agriculture.  Mike also shares personal insights, including his favorite food memories and how cybersecurity connects to everyday systems like agriculture and transportation. Where to find Mike Holcomb: LinkedIn Website Youtube Github Newsletter _______________________________________________ Episode Key Highlights: (0:00:09) - Welcome and Introduction to Mike Holcomb (0:03:10) - Unique Food Combinations and Fun Food Memories (0:07:12) - Highlighting Food and Agriculture in OT Security (0:12:10) - Protecting Critical Infrastructure Systems Impacting Lives (0:17:18) - Food and Agriculture as Complex Critical Systems (0:23:13) - Behind the Scenes of Food Production and Transport (0:24:02) - Cyber Incidents Impacting Grocery Supply Chains (0:30:01) - Regional Food Safety Regulations and Challenges (0:35:10) - Educating Consumers About Food Systems (0:47:25) - Reflections on Community Building in Cybersecurity (0:53:37) - Final ThoughtsMike'ss Personal Message _______________________________________________ Upcoming Conferences:

Kristin Demoranville joins the show this week to talk securing the food supply chain as critical infrastructure, incidents' effect on the global economy, representation in ICS/OT, and more!George K and George A talk to Kristin about: Dispelling misconceptions about OT security The food industry as critical infrastructure The need for more diverse voices in OT/ICS security to drive innovation and better solutions How to break into OT securityPlus some raw honesty about being a woman founder in the space and building community despite the challenges.———

Podcast: IoT Security PodcastEpisode: Building a Bridge Across the Divide: The Intersection of IT and OT Cybersecurity with Mike HolcombPub date: 2024-12-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEmphasizing the importance of collaboration and communication, Mike Holcomb shares his extensive experience and practical insights into securing ICS and IoT environments. Holcomb, ICS/OT cybersecurity global lead at Fluor, stresses mastering basic cybersecurity fundamentals and asset inventory, along with the nuances of integrating IT and OT security. The episode aims to bridge gaps between IT and OT teams to fortify defenses against sophisticated cyber threats.Listeners will gain valuable insights into critical takeaways, including:Real-World Impact of Cyber Attacks: Mike explains how high-profile incidents, such as Colonial Pipeline and Triton, highlighted the physical consequences of cyber threats, making clear that OT security is a top priority for critical infrastructure.Bridging the IT-OT Divide: The discussion underscores the need for IT and OT teams to collaborate, as a lack of communication and understanding can leave vulnerabilities open to exploitation.Achievable Defense Strategies: From basic network segmentation to secure remote access, Mike provides practical, accessible steps to strengthen ICS/OT security without overwhelming smaller teams. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: PrOTect It All (LS 24 · TOP 10% what is this?)Episode: ICS/OT Cybersecurity: Events, Networking, and Industry Discussions with Mike HolcombPub date: 2024-12-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow is joined by special guest  Mike Holcomb to discuss the intricate realm of Industrial Control Systems and Operational Technology (ICS/OT) cybersecurity. The episode also spotlights the upcoming event B Sides ICS, an open and community-centric conference set to run alongside the prestigious S4 conference in Tampa.   Mike Holcomb provides insights into the much-anticipated ticket sales for the event and underscores the importance of submitting papers or presentations by the end of the year. The discussion emphasizes the significance of expertise in OT, cyber, and enterprise operations for top-level management and how events like B Sides ICS and S4 promote networking, learning, and professional development.   Listeners will gain a deeper understanding of the origins of B Sides events, the excitement surrounding B Sides ICS, and the impactful discussions and innovations poised to shape the future of ICS/OT cybersecurity. Whether the audience comprises newcomers or seasoned professionals, this episode offers valuable takeaways for everyone.   Key Moments:    00:00 Educating and supporting ICS & OT cybersecurity communities. 04:28 Passionate about learning and sharing cybersecurity knowledge. 08:59 B Sides: Global community-focused conference events. 10:43 Bringing B-Sides to Greenville increased attendance. 16:29 Promote diverse perspectives in OT cybersecurity. 19:01 Active Directory challenges in IT-OT integration. 21:07 Active Directory simplifies system management, poses risks. 28:57 Lean on IT for the correct Active Directory setup. 31:52 Availability is crucial in an OT environment. 34:14 Integrating IT and OT for enhanced cybersecurity collaboration. 36:16 IT and OT integration needs improvement. 40:54 Exploring cybersecurity in ICSOT across various sectors.   About the guest :    Mike Holcomb is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, one of the world's largest engineering, procurement, and construction companies. His current role provides him with the opportunity to work in securing some of the world's largest ICS/OT environments, from power plants and commuter rail to manufacturing facilities and refineries. He has his Masters degree in ICS/OT cybersecurity from the SANS Technology Institute. Additionally, he maintains cyber security and ICS/OT certifications such as the CISSP, GRID, GICSP, GCIP, GPEN, GCIH, ISA 62443, and more. He posts regularly on LinkedIn and YouTube to help others learn more about securing ICS/OT and critical infrastructure.   How to contact Mike:  Website : https://www.mikeholcomb.com/ Youtube :  https://www.youtube.com/@utilsec LinkedIn: https://www.linkedin.com/in/mikeholcomb/   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Emphasizing the importance of collaboration and communication, Mike Holcomb shares his extensive experience and practical insights into securing ICS and IoT environments. Holcomb, ICS/OT cybersecurity global lead at Fluor, stresses mastering basic cybersecurity fundamentals and asset inventory, along with the nuances of integrating IT and OT security. The episode aims to bridge gaps between IT and OT teams to fortify defenses against sophisticated cyber threats.Listeners will gain valuable insights into critical takeaways, including:Real-World Impact of Cyber Attacks: Mike explains how high-profile incidents, such as Colonial Pipeline and Triton, highlighted the physical consequences of cyber threats, making clear that OT security is a top priority for critical infrastructure.Bridging the IT-OT Divide: The discussion underscores the need for IT and OT teams to collaborate, as a lack of communication and understanding can leave vulnerabilities open to exploitation.Achievable Defense Strategies: From basic network segmentation to secure remote access, Mike provides practical, accessible steps to strengthen ICS/OT security without overwhelming smaller teams. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode of the Cyber Uncut podcast, Dawn Cappelli, head of OT-CERT at Dragos, joins host Liam Garman to unpack how governments and the industry are responding to current and emerging ICS/OT threats. The pair begin the podcast by examining how operational technology is becoming more interconnected with the digital world and what emerging vulnerabilities providers should be aware of for the future. Cappelli and Garman then look into whether government regulations are keeping pace with evolving threats and whether artificial intelligence is transforming the world of operational technology. They wrap up the podcast by discussing some pertinent case studies, zero trust, and what the landscape of operational technology security will look like over the next decade. Enjoy the podcast, The Cyber Uncut team  

Industrial Control Systems (ICS) and Operational Technology (OT) used to stand apart from traditional IT. But those worlds are converging, and IT pros, including infosec teams and network engineers, need to become familiar with the operational challenges and quirks of ICS/OT systems. On today’s Packet Protector, guest Mike Holcomb demystifies ICS and OT for IT... Read more »

Industrial Control Systems (ICS) and Operational Technology (OT) used to stand apart from traditional IT. But those worlds are converging, and IT pros, including infosec teams and network engineers, need to become familiar with the operational challenges and quirks of ICS/OT systems. On today’s Packet Protector, guest Mike Holcomb demystifies ICS and OT for IT... Read more »

Podcast: PrOTect It AllEpisode: Why Cybersecurity Matters: Protecting Our Food Supply from Digital Threats with Kristin DemoranvillePub date: 2024-08-26In this insightful episode of Protect It All, titled "Why Cybersecurity Matters: Protecting Our Food Supply from Digital Threats with Kristin Demoranville," host Aaron Crow and guest Kristin Demoranville tackle the critical yet often overlooked role of cybersecurity in the food and agriculture industry. Kristin stresses the need to shift from reactive to proactive cybersecurity measures to protect our complex food supply chains and ensure resilience. The discussion covers real-world cyber incidents like the ransomware attack on JBS meat company, emphasizing the human factors, financial misconceptions, and the necessity for robust incident response and business continuity plans. Listeners will also learn about the dangers of excessive reliance on technology and automation, the significance of water conservation, and the importance of integrating OT security in data centers. Through professional insights and personal anecdotes, Kristin highlights the crucial need for community support within the OT landscape. This episode offers a comprehensive look at the cultural and societal implications of cyber threats to our food supply, making it essential listening for anyone interested in the safety and security of the food industry. Key Moments: 00:10 Training and spreading awareness about operational technology. 10:21 Agriculture lacks attention; needs OT cybersecurity focus. 15:26 Security professionals foresee major food safety risk. 18:04 Supply chain issues during COVID highlight concerns. Regenerative farming and feeding the population. 24:04 ICS OT industry united in game proposal. 27:35 Designing systems must consider cyber risk implications. 34:11 Cybersecurity often an afterthought in many companies. 41:47 Respectful, supportive, and geeky cyber community advocate. 42:58 Texan upbringing shaped love for celebratory food. 51:10 Concern over CrowdStrike blaming and finger pointing. 57:16 Operator scans RFID tags from break room. 59:24 Resisting a wasteful task, leading to change. About the guest : Kristin Demoranville is the visionary founder and CEO of AnzenSage, a cybersecurity firm specializing in the food and agricultural industry. She also leads as the CEO and co-founder of AnzenOT, a groundbreaking SaaS OT Cybersecurity Risk Intelligence solution. With 26 years in the tech industry, Kristin seamlessly blends cybersecurity with food protection culture, always emphasizing the vital role of people and processes. Her extensive background—ranging from collaborating with Fortune 500 companies and various manufacturing sectors to studying gorilla behavior as part of her Environmental Management degree—gives her a unique and well-rounded perspective on cybersecurity and critical infrastructure. A published expert and in-demand speaker, Kristin is known for bridging the worlds of food protection and cybersecurity. She’s also the host of the Bites & Bytes Podcast, where she drives meaningful conversations between professionals across food, cybersecurity, and technology. Anzensage Website : https://www.anzensage.com/ AnzenOT Website : https://www.anzenot.com/ Bites and Bytes Podcast: https://www.bitesandbytespodcast.com/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.coThe podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode of the Cyber Uncut podcast, Lesley Carhart, director of incident response for North America at Dragos, joins host Liam Garman to unpack how businesses can improve their ICS/OT cyber processes, before giving some tangible advice for business leaders on how they can build their incident response plans. The pair begin the podcast by unpacking some common and emerging threat trends being observed across ICS environments and how companies need to build a bridge between IT and OT teams to protect assets. Carhart then details why OT security is so immature relative to IT security and shares some practical steps that organisations must take to protect their ICS. The podcast wraps up with some tangible advice on how businesses can build incident response plans, ensuring that they can streamline the resumption of operations in the event of a cyber incident. Enjoy the podcast, The Cyber Uncut team

Podcast: Control Loop: The OT Cybersecurity Podcast (LS 34 · TOP 3% what is this?)Episode: Digging into regulatory compliance issues.Pub date: 2024-06-05UK will propose law to ban ransom payments for critical infrastructure entities. EPA outlines enforcement measures to protect water utilities against cyberattacks. Rockwell advises customers to disconnect ICS devices from the internet. Senator Vance asks CISA for information on Volt Typhoon. Guest Kimberly Graham of Dragos joins Dave to discuss regulatory compliance issues. Programming Note.Control Loop is going on a temporary hiatus. Thank you for being a loyal listener. N2K CyberWire will be back soon with more ICS/OT news and analysis that you rely on. Please stay tuned for more updates.Control Loop Audience Survey.Please take a moment to fill out our super quick survey. It's only 5 short questions. Thanks!Control Loop News Brief.UK will propose law to ban ransom payments for critical infrastructure entities.Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (The Record)EPA outlines enforcement measures to protect water utilities against cyberattacks.EPA Outlines Enforcement Measures to Help Prevent Cybersecurity Attacks and Protect the Nation's Drinking Water (Environmental Protection Agency)Rockwell advises customers to disconnect ICS devices from the internet.Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats (Rockwell Automation)Senator Vance asks CISA for information on Volt Typhoon.Senator Vance issues warning on China-backed Volt Typhoon threat to US critical infrastructure (Industrial Cyber)Control Loop Interview.Guest Kimberly Graham, Vice President of Product Management at Dragos, discussing regulatory compliance issues. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the N2K CyberWire website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Control Loop: The OT Cybersecurity Podcast (LS 35 · TOP 3% what is this?)Episode: Digging into regulatory compliance issues.Pub date: 2024-06-05UK will propose law to ban ransom payments for critical infrastructure entities. EPA outlines enforcement measures to protect water utilities against cyberattacks. Rockwell advises customers to disconnect ICS devices from the internet. Senator Vance asks CISA for information on Volt Typhoon. Guest Kimberly Graham of Dragos joins Dave to discuss regulatory compliance issues. Programming Note.Control Loop is going on a temporary hiatus. Thank you for being a loyal listener. N2K CyberWire will be back soon with more ICS/OT news and analysis that you rely on. Please stay tuned for more updates.Control Loop Audience Survey.Please take a moment to fill out our super quick survey. It's only 5 short questions. Thanks!Control Loop News Brief.UK will propose law to ban ransom payments for critical infrastructure entities.Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (The Record)EPA outlines enforcement measures to protect water utilities against cyberattacks.EPA Outlines Enforcement Measures to Help Prevent Cybersecurity Attacks and Protect the Nation's Drinking Water (Environmental Protection Agency)Rockwell advises customers to disconnect ICS devices from the internet.Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats (Rockwell Automation)Senator Vance asks CISA for information on Volt Typhoon.Senator Vance issues warning on China-backed Volt Typhoon threat to US critical infrastructure (Industrial Cyber)Control Loop Interview.Guest Kimberly Graham, Vice President of Product Management at Dragos, discussing regulatory compliance issues. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the N2K CyberWire website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

UK will propose law to ban ransom payments for critical infrastructure entities. EPA outlines enforcement measures to protect water utilities against cyberattacks. Rockwell advises customers to disconnect ICS devices from the internet. Senator Vance asks CISA for information on Volt Typhoon. Guest Kimberly Graham of Dragos joins Dave to discuss regulatory compliance issues. Programming Note. Control Loop is going on a temporary hiatus. Thank you for being a loyal listener. N2K CyberWire will be back soon with more ICS/OT news and analysis that you rely on. Please stay tuned for more updates. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. It's only 5 short questions. Thanks! Control Loop News Brief. UK will propose law to ban ransom payments for critical infrastructure entities. Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (The Record) EPA outlines enforcement measures to protect water utilities against cyberattacks. EPA Outlines Enforcement Measures to Help Prevent Cybersecurity Attacks and Protect the Nation's Drinking Water (Environmental Protection Agency) Rockwell advises customers to disconnect ICS devices from the internet. Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats (Rockwell Automation) Senator Vance asks CISA for information on Volt Typhoon. Senator Vance issues warning on China-backed Volt Typhoon threat to US critical infrastructure (Industrial Cyber) Control Loop Interview. Guest Kimberly Graham, Vice President of Product Management at Dragos, discussing regulatory compliance issues.  Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the N2K CyberWire website.

Podcast: Critical Assets PodcastEpisode: Energizing Cybersecurity Careers: Workforce Development in OT/ICSPub date: 2024-03-03Join us for a discussion on Energizing Cybersecurity Careers: Workforce Development in the OT/ICS Community. Guests Cynthia Hsu and Erin Owens dive into the cybersecurity challenges facing Industrial Control Systems and Operational Technology asset owners. Through open conversations, we explore everything from skill gaps and career pathways to diversity, continuous learning, and the impact of new technologies. This session aims to provide insights into developing a skilled, diverse cybersecurity workforce – starting from the ground up – with a focus on practical strategies for professionals, educators, and anyone interested in the future of ICS/OT security.Show links:Cynthia Hsu LinkedIn profile https://www.linkedin.com/in/cynthiahsu33/Erin Owens LinkedIn profile https://www.linkedin.com/in/erinowens/DOE CESER Cybersecurity Training for the Utility Workforce, free 3-day ICS Cybersecurity training for electric and ONG utility staff. Next training event: Buffalo, NY, April 23-25, Register at: Eventleaf | Event Registration Software and Mobile Event Apps DOE CESER CyberStrikeTM professional cybersecurity training for operational technology environments: https://inl.gov/cyberstrike/· LIGHTS OUT – focus on Ukraine attacks· NEMESIS – focus on nation-state TTPs· STORMCLOUD – focus on renewable energy DOE CESER CyberForce® workforce development program for college students focused on building a pipeline of cyber professional candidates in operational technology cybersecurity: https://cyberforce.energy.gov/ Sandia National LaboratoryTracer FIRE (Forensic Incident Response Exercise): https://github.com/sandialabs/Tracer-FIRECenter for Cyber Defenders: https://www.sandia.gov/careers/career-possibilities/students-and-postdocs/internships-co-ops/institute-programs/titans-technical-internships-to-advance-national-security/titans-cyber/ Cyber Defense Center https://www.cyberdefensecenter.org/The podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Critical Assets PodcastEpisode: Energizing Cybersecurity Careers: Workforce Development in OT/ICSPub date: 2024-03-03Join us for a discussion on Energizing Cybersecurity Careers: Workforce Development in the OT/ICS Community. Guests Cynthia Hsu and Erin Owens dive into the cybersecurity challenges facing Industrial Control Systems and Operational Technology asset owners. Through open conversations, we explore everything from skill gaps and career pathways to diversity, continuous learning, and the impact of new technologies. This session aims to provide insights into developing a skilled, diverse cybersecurity workforce – starting from the ground up – with a focus on practical strategies for professionals, educators, and anyone interested in the future of ICS/OT security.Show links:Cynthia Hsu LinkedIn profile https://www.linkedin.com/in/cynthiahsu33/Erin Owens LinkedIn profile https://www.linkedin.com/in/erinowens/DOE CESER Cybersecurity Training for the Utility Workforce, free 3-day ICS Cybersecurity training for electric and ONG utility staff. Next training event: Buffalo, NY, April 23-25, Register at: Eventleaf | Event Registration Software and Mobile Event Apps DOE CESER CyberStrikeTM professional cybersecurity training for operational technology environments: https://inl.gov/cyberstrike/· LIGHTS OUT – focus on Ukraine attacks· NEMESIS – focus on nation-state TTPs· STORMCLOUD – focus on renewable energy DOE CESER CyberForce® workforce development program for college students focused on building a pipeline of cyber professional candidates in operational technology cybersecurity: https://cyberforce.energy.gov/ Sandia National LaboratoryTracer FIRE (Forensic Incident Response Exercise): https://github.com/sandialabs/Tracer-FIRECenter for Cyber Defenders: https://www.sandia.gov/careers/career-possibilities/students-and-postdocs/internships-co-ops/institute-programs/titans-technical-internships-to-advance-national-security/titans-cyber/ Cyber Defense Center https://www.cyberdefensecenter.org/The podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: ICS Cyber Talks PodcastEpisode: Itay Yanovski & Nimrod Luria Founders @IO01 on OT Cyber-Physical System CPS for Visibility & ControlPub date: 2024-02-10נחשון פינקו מארח את איתי ינובסקי ונמרוד לוריא מייסדי אי אוו אפס אחד, שניהם ידועים בתעשיית הסייבר הישראלית כיזמים מצליחים עם סטארטאפים בתחום אבטחת הסייבר שלהם לאורך העשורים האחרונים, ועדיין משתדלים להיות מתחת לראדר, בשיחה על הגנת סייבר למערכות תפעוליות ועל החשיבות של הכשרה מעשית למי שרוצים להצטרף לתחום מהן מערכות סייבר-פיזיות (סי.פי.אס) מדוע על התעשייה לשנות את הלך הרוח שלה מנראות לנראות ובקרה מהו פתרון אבטחת הסייבר קדברה של אי אוו אפס אחד מהי החשיבות של הכשרה מעשית כצוות כחול וצוות אדום עבור אלו המעוניינים להיכנס לתעשיית אבטחת הסייבר ועוד Nachshon Pincu hosts Itay Yanovski and Nimrod Luria Co-Founders and CEOs at IO01. Both are well known in the Israeli cyber industry as successful Entrepreneurs with their cybersecurity startups for the last two decades, in a conversation about OT cybersecurity defense and the importance of hands-on training for ICS/OT cyber specialists. What is Cyber-Physical Systems (CPS)? Why must the industry change its mindset from only Visibility, aka IDS, to Visibility & Control? What is the CADABRA cybersecurity solution? What is the importance of hands-on training as a blue team & red team for those wishing to enter the OT cybersecurity industry? and moreThe podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: ICS Cyber Talks PodcastEpisode: Itay Yanovski & Nimrod Luria Founders @IO01 on OT Cyber-Physical System CPS for Visibility & ControlPub date: 2024-02-10נחשון פינקו מארח את איתי ינובסקי ונמרוד לוריא מייסדי אי אוו אפס אחד, שניהם ידועים בתעשיית הסייבר הישראלית כיזמים מצליחים עם סטארטאפים בתחום אבטחת הסייבר שלהם לאורך העשורים האחרונים, ועדיין משתדלים להיות מתחת לראדר, בשיחה על הגנת סייבר למערכות תפעוליות ועל החשיבות של הכשרה מעשית למי שרוצים להצטרף לתחום מהן מערכות סייבר-פיזיות (סי.פי.אס) מדוע על התעשייה לשנות את הלך הרוח שלה מנראות לנראות ובקרה מהו פתרון אבטחת הסייבר קדברה של אי אוו אפס אחד מהי החשיבות של הכשרה מעשית כצוות כחול וצוות אדום עבור אלו המעוניינים להיכנס לתעשיית אבטחת הסייבר ועוד Nachshon Pincu hosts Itay Yanovski and Nimrod Luria Co-Founders and CEOs at IO01. Both are well known in the Israeli cyber industry as successful Entrepreneurs with their cybersecurity startups for the last two decades, in a conversation about OT cybersecurity defense and the importance of hands-on training for ICS/OT cyber specialists. What is Cyber-Physical Systems (CPS)? Why must the industry change its mindset from only Visibility, aka IDS, to Visibility & Control? What is the CADABRA cybersecurity solution? What is the importance of hands-on training as a blue team & red team for those wishing to enter the OT cybersecurity industry? and moreThe podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Control Loop: The OT Cybersecurity Podcast (LS 35 · TOP 3% what is this?)Episode: Operational Technology disruptions: An eye on the water sector.Pub date: 2024-02-07Volt Typhoon targets US critical infrastructure. Ransomware attacks in the OT sector. Ransomware attack against Johnson Controls cost $27 million. Bill would add ICS security to President's Cup Cybersecurity Competition. Guest is Dragos CEO and Founder Robert M. Lee from the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob's opening statement before the committee. On the Learning Lab, we have the concluding part of a 2-part discussion on building community in OT that Dragos Mark Urban had with Dragos Strategic Accounts Director Sam Van Ryder. Control Loop News Brief.Volt Typhoon targets US critical infrastructure.Exclusive: US disabled Chinese hacking network targeting critical infrastructure (Reuters)Wray warns Chinese hackers are aiming to 'wreak havoc' on U.S. critical infrastructure (NPR)Ransomware attacks in the OT sector.Dragos Industrial Ransomware Analysis: Q4 2023 (Dragos)The Crisis of Convergence: OT/ICS Cybersecurity 2023 (TXOne Networks)Ransomware attack against Johnson Controls cost $27 million.Johnson Controls says ransomware attack cost $27 million, data stolen (BleepingComputer)Schneider Electric confirms ransomware attack.Schneider Electric confirms it was hit by ransomware attack (Silicon Republic)Energy giant Schneider Electric hit by Cactus ransomware attack (BleepingComputer)US sanctions Iranian officials for attacks on critical infrastructure.Treasury Sanctions Actors Responsible for Malicious Cyber Activities on Critical Infrastructure (OFAC)US House Energy Subcommittee holds hearing on cyberattacks against water infrastructure.US House Energy Subcommittee holds hearing on safeguarding drinking water infrastructure from cyberattacks (Industrial Cyber)Bill would add ICS security to President's Cup Cybersecurity Competition.Senate HSGAC Approves Cyber, Software Bills (Meritalk)Control Loop Interview.Dragos CEO and Founder Robert M. Lee testified at the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob's opening statement before the committee. The purpose of the hearing was to discuss threats to water and wastewater ICS/OT systems in the U.S. that have the potential to disrupt operations and pose safety risks and examine the steps needed to secure operational technology in the water sector. Read the press release. Watch the video of the hearing: Securing Operational Technology: A Deep Dive into the Water Sector. Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos Strategic Accounts Director Sam Van Ryder to conclude their discussion of building community in OT. Learn more about Hou.Sec.Con. Learn more about the Dragos Community Defense Program which provides free access to Dragos OT cybersecurity technology for qualifying utility providers to better protect their communities from potentially destructive cyber attacks.Control Loop Audience Survey.Please take a moment to fill out our super quick survey. Thanks!Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on N2K Networks website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Control Loop: The OT Cybersecurity Podcast (LS 34 · TOP 3% what is this?)Episode: Operational Technology disruptions: An eye on the water sector.Pub date: 2024-02-07Volt Typhoon targets US critical infrastructure. Ransomware attacks in the OT sector. Ransomware attack against Johnson Controls cost $27 million. Bill would add ICS security to President's Cup Cybersecurity Competition. Guest is Dragos CEO and Founder Robert M. Lee from the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob's opening statement before the committee. On the Learning Lab, we have the concluding part of a 2-part discussion on building community in OT that Dragos Mark Urban had with Dragos Strategic Accounts Director Sam Van Ryder. Control Loop News Brief.Volt Typhoon targets US critical infrastructure.Exclusive: US disabled Chinese hacking network targeting critical infrastructure (Reuters)Wray warns Chinese hackers are aiming to 'wreak havoc' on U.S. critical infrastructure (NPR)Ransomware attacks in the OT sector.Dragos Industrial Ransomware Analysis: Q4 2023 (Dragos)The Crisis of Convergence: OT/ICS Cybersecurity 2023 (TXOne Networks)Ransomware attack against Johnson Controls cost $27 million.Johnson Controls says ransomware attack cost $27 million, data stolen (BleepingComputer)Schneider Electric confirms ransomware attack.Schneider Electric confirms it was hit by ransomware attack (Silicon Republic)Energy giant Schneider Electric hit by Cactus ransomware attack (BleepingComputer)US sanctions Iranian officials for attacks on critical infrastructure.Treasury Sanctions Actors Responsible for Malicious Cyber Activities on Critical Infrastructure (OFAC)US House Energy Subcommittee holds hearing on cyberattacks against water infrastructure.US House Energy Subcommittee holds hearing on safeguarding drinking water infrastructure from cyberattacks (Industrial Cyber)Bill would add ICS security to President's Cup Cybersecurity Competition.Senate HSGAC Approves Cyber, Software Bills (Meritalk)Control Loop Interview.Dragos CEO and Founder Robert M. Lee testified at the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob's opening statement before the committee. The purpose of the hearing was to discuss threats to water and wastewater ICS/OT systems in the U.S. that have the potential to disrupt operations and pose safety risks and examine the steps needed to secure operational technology in the water sector. Read the press release. Watch the video of the hearing: Securing Operational Technology: A Deep Dive into the Water Sector. Control Loop Learning Lab.On the Learning Lab, Mark Urban is joined by Dragos Strategic Accounts Director Sam Van Ryder to conclude their discussion of building community in OT. Learn more about Hou.Sec.Con. Learn more about the Dragos Community Defense Program which provides free access to Dragos OT cybersecurity technology for qualifying utility providers to better protect their communities from potentially destructive cyber attacks.Control Loop Audience Survey.Please take a moment to fill out our super quick survey. Thanks!Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on N2K Networks website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Volt Typhoon targets US critical infrastructure. Ransomware attacks in the OT sector. Ransomware attack against Johnson Controls cost $27 million. Bill would add ICS security to President's Cup Cybersecurity Competition. Guest is Dragos CEO and Founder Robert M. Lee from the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob's opening statement before the committee. On the Learning Lab, we have the concluding part of a 2-part discussion on building community in OT that Dragos Mark Urban had with Dragos Strategic Accounts Director Sam Van Ryder. Control Loop News Brief. Volt Typhoon targets US critical infrastructure. Exclusive: US disabled Chinese hacking network targeting critical infrastructure (Reuters) Wray warns Chinese hackers are aiming to 'wreak havoc' on U.S. critical infrastructure (NPR) Ransomware attacks in the OT sector. Dragos Industrial Ransomware Analysis: Q4 2023 (Dragos) The Crisis of Convergence: OT/ICS Cybersecurity 2023 (TXOne Networks) Ransomware attack against Johnson Controls cost $27 million. Johnson Controls says ransomware attack cost $27 million, data stolen (BleepingComputer) Schneider Electric confirms ransomware attack. Schneider Electric confirms it was hit by ransomware attack (Silicon Republic) Energy giant Schneider Electric hit by Cactus ransomware attack (BleepingComputer) US sanctions Iranian officials for attacks on critical infrastructure. Treasury Sanctions Actors Responsible for Malicious Cyber Activities on Critical Infrastructure (OFAC) US House Energy Subcommittee holds hearing on cyberattacks against water infrastructure. US House Energy Subcommittee holds hearing on safeguarding drinking water infrastructure from cyberattacks (Industrial Cyber) Bill would add ICS security to President's Cup Cybersecurity Competition. Senate HSGAC Approves Cyber, Software Bills (Meritalk) Control Loop Interview. Dragos CEO and Founder Robert M. Lee testified at the hearing before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection on February 6, 2024. We share Rob's opening statement before the committee. The purpose of the hearing was to discuss threats to water and wastewater ICS/OT systems in the U.S. that have the potential to disrupt operations and pose safety risks and examine the steps needed to secure operational technology in the water sector.  Read the press release. Watch the video of the hearing: Securing Operational Technology: A Deep Dive into the Water Sector.  Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos Strategic Accounts Director Sam Van Ryder to conclude their discussion of building community in OT. Learn more about Hou.Sec.Con. Learn more about the Dragos Community Defense Program which provides free access to Dragos OT cybersecurity technology for qualifying utility providers to better protect their communities from potentially destructive cyber attacks. Control Loop Audience Survey. Please take a moment to fill out our super quick survey. Thanks! Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on N2K Networks website.

Clint Bodungen | Co-Founder / CEO @ ThreatGENClint Bodungen is a globally recognized cybersecurity professional and thought leader with over 25 years of experience (of which 20 years have been focused on ICS/OT cybersecurity). His journey in cybersecurity began at the age of eleven when he started programming on a Tandy 1200, and since then, his career has been nothing short of remarkable. A veteran of the United States Air Force, Clint has established himself as a prominent figure in the field, having worked for notable cybersecurity firms like Symantec, Industrial Defender, Booz Allen Hamilton, and Kaspersky Lab. His expertise extends to the impact of AI on cybersecurity, and he has played a pivotal role in addressing the industry's training and education gaps. Clint is renowned for his innovative approaches and has contributed to the field as the author of two books: the best seller, "Hacking Exposed: Industrial Control Systems," and the upcoming "ChatGPT for Cybersecurity Cookbook." He has written an array of articles, technical papers, and training courses, with a primary focus on cybersecurity vulnerability assessment, penetration testing/red teaming, and risk management. Even before the public emergence of generative AI and large language models (LLM), he had already developed a variety of cybersecurity tools and apps that leverage this technology. Over the past decade, Clint has been at the forefront of integrating gamification and AI applications into cybersecurity training. His dedication and innovation culminated in the creation of ThreatGEN® Red vs. Blue, the world's first online multiplayer cybersecurity game crafted to impart real-world cybersecurity skills. This flagship product marks Clint's foray as a pioneer in cybersecurity gamification, a testament to his progressive vision. Clint's enduring passion and goal are to redefine industry standards for cybersecurity education using computer gaming (gamification) and AI technology to present a revolutionary, engaging approach to this essential field, and set new precedents for effective and interactive learning.Clint rejoins Manufacturing Hub to shed some more light on hackers and what groups can do to learn more about cybersecurity.We'll get into Clint's new book: ChatGPT for Cybersecurity Cookbook.Plus, we'll check in on how Red vs. Blue continues to change about how we learn about cybersecurity.Thanks to Phoenix Contact USA for sponsoring this show and 100-year anniversary wishes. Connect with Us Clint Bodungen Vlad Romanov Dave Griffith Manufacturing Hub SolisPLC #manufacturing #automation #cybersecurity

Podcast: The PrOTect OT Cybersecurity Podcast (LS 31 · TOP 5% what is this?)Episode: Ron Brash: Understanding the Small Details to Define RiskPub date: 2023-11-23About Ron Brash: Ron Brash, a renowned figure in ICS/OT cybersecurity and embedded vulnerability research, garnered acclaim as the recipient of the Top 40 under 40 award for Engineering Leaders 2020 from Plant Engineering. Serving as the VP of Technical Research & Integrations at aDolus Technology Inc., Ron aligns his passion for ICS/OT security by leveraging his extensive experience in advising major asset owners across industries such as oil & gas, manufacturing, energy, and aviation. His notable achievements include playing a pivotal role in creating datasets for the S4 ICS Detection Challenges, reflecting his commitment to advancing industry standards and fostering innovation in cybersecurity.In this episode, Aaron and Ron Brash discuss:Understanding and managing vulnerabilities in OT systemsBalancing risk, detection, and recoveryExploring the intersection of cybersecurity, business risk, and vendor collaborationNavigating challenges in industrial networksKey Takeaways:In the complex world of industrial cybersecurity, understanding and managing vulnerabilities is like conducting a home inspection or maintaining a car—focus on what matters most, prioritize based on critical assets, and approach it with a measured, pragmatic strategy rather than panicking in the face of a long list of issues.Achieving zero incidents is an unrealistic goal, and the focus should shift towards proactive detection, deflection, and defense, along with a robust recovery plan, emphasizing the importance of people, processes, and technology, particularly in the context of evolving technologies and complex vendor landscapes.The key to cybersecurity success lies in translating technical intricacies into tangible business value, effectively correlating cyber and architectural considerations to business risk, as demonstrated by a strategic approach involving transparency, attestation, and collaboration with vendors, ultimately leading to improved security measures and operational efficiency.Navigating the challenges of aging industrial systems, transparency issues in software development, and evolving threat landscapes underscores the crucial importance of a collaborative community effort to ensure the resilience and security of critical infrastructure in the face of emerging threats."Some are very forward-leaning and some believe in the democratization of data, and some are more old school and don't want to share a thing. Within the realm of business, and to be truly fair, no business is homogenous. So, there are different business units that might be more modern and more open facing, and others that are like, don't touch this because you don't know what other industries we're working in." — Ron Brash Connect with Ron Brash: Email: ron.brash@adolus.comWebsite: www.adolus.comLinkedIn: https://www.linkedin.com/company/adolus & https://www.linkedin.com/in/ronbrash/Twitter: https://twitter.com/ron_brashConnect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: The PrOTect OT Cybersecurity Podcast (LS 29 · TOP 10% what is this?)Episode: Ron Brash: Understanding the Small Details to Define RiskPub date: 2023-11-23About Ron Brash: Ron Brash, a renowned figure in ICS/OT cybersecurity and embedded vulnerability research, garnered acclaim as the recipient of the Top 40 under 40 award for Engineering Leaders 2020 from Plant Engineering. Serving as the VP of Technical Research & Integrations at aDolus Technology Inc., Ron aligns his passion for ICS/OT security by leveraging his extensive experience in advising major asset owners across industries such as oil & gas, manufacturing, energy, and aviation. His notable achievements include playing a pivotal role in creating datasets for the S4 ICS Detection Challenges, reflecting his commitment to advancing industry standards and fostering innovation in cybersecurity.In this episode, Aaron and Ron Brash discuss:Understanding and managing vulnerabilities in OT systemsBalancing risk, detection, and recoveryExploring the intersection of cybersecurity, business risk, and vendor collaborationNavigating challenges in industrial networksKey Takeaways:In the complex world of industrial cybersecurity, understanding and managing vulnerabilities is like conducting a home inspection or maintaining a car—focus on what matters most, prioritize based on critical assets, and approach it with a measured, pragmatic strategy rather than panicking in the face of a long list of issues.Achieving zero incidents is an unrealistic goal, and the focus should shift towards proactive detection, deflection, and defense, along with a robust recovery plan, emphasizing the importance of people, processes, and technology, particularly in the context of evolving technologies and complex vendor landscapes.The key to cybersecurity success lies in translating technical intricacies into tangible business value, effectively correlating cyber and architectural considerations to business risk, as demonstrated by a strategic approach involving transparency, attestation, and collaboration with vendors, ultimately leading to improved security measures and operational efficiency.Navigating the challenges of aging industrial systems, transparency issues in software development, and evolving threat landscapes underscores the crucial importance of a collaborative community effort to ensure the resilience and security of critical infrastructure in the face of emerging threats."Some are very forward-leaning and some believe in the democratization of data, and some are more old school and don't want to share a thing. Within the realm of business, and to be truly fair, no business is homogenous. So, there are different business units that might be more modern and more open facing, and others that are like, don't touch this because you don't know what other industries we're working in." — Ron Brash Connect with Ron Brash: Email: ron.brash@adolus.comWebsite: www.adolus.comLinkedIn: https://www.linkedin.com/company/adolus & https://www.linkedin.com/in/ronbrash/Twitter: https://twitter.com/ron_brashConnect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

About Ron Brash: Ron Brash, a renowned figure in ICS/OT cybersecurity and embedded vulnerability research, garnered acclaim as the recipient of the Top 40 under 40 award for Engineering Leaders 2020 from Plant Engineering. Serving as the VP of Technical Research & Integrations at aDolus Technology Inc., Ron aligns his passion for ICS/OT security by leveraging his extensive experience in advising major asset owners across industries such as oil & gas, manufacturing, energy, and aviation. His notable achievements include playing a pivotal role in creating datasets for the S4 ICS Detection Challenges, reflecting his commitment to advancing industry standards and fostering innovation in cybersecurity.In this episode, Aaron and Ron Brash discuss:Understanding and managing vulnerabilities in OT systemsBalancing risk, detection, and recoveryExploring the intersection of cybersecurity, business risk, and vendor collaborationNavigating challenges in industrial networksKey Takeaways:In the complex world of industrial cybersecurity, understanding and managing vulnerabilities is like conducting a home inspection or maintaining a car—focus on what matters most, prioritize based on critical assets, and approach it with a measured, pragmatic strategy rather than panicking in the face of a long list of issues.Achieving zero incidents is an unrealistic goal, and the focus should shift towards proactive detection, deflection, and defense, along with a robust recovery plan, emphasizing the importance of people, processes, and technology, particularly in the context of evolving technologies and complex vendor landscapes.The key to cybersecurity success lies in translating technical intricacies into tangible business value, effectively correlating cyber and architectural considerations to business risk, as demonstrated by a strategic approach involving transparency, attestation, and collaboration with vendors, ultimately leading to improved security measures and operational efficiency.Navigating the challenges of aging industrial systems, transparency issues in software development, and evolving threat landscapes underscores the crucial importance of a collaborative community effort to ensure the resilience and security of critical infrastructure in the face of emerging threats."Some are very forward-leaning and some believe in the democratization of data, and some are more old school and don't want to share a thing. Within the realm of business, and to be truly fair, no business is homogenous. So, there are different business units that might be more modern and more open facing, and others that are like, don't touch this because you don't know what other industries we're working in." — Ron Brash Connect with Ron Brash: Email: ron.brash@adolus.comWebsite: www.adolus.comLinkedIn: https://www.linkedin.com/company/adolus & https://www.linkedin.com/in/ronbrash/Twitter: https://twitter.com/ron_brashConnect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

Podcast: The PrOTect OT Cybersecurity Podcast (LS 31 · TOP 5% what is this?)Episode: Michael Holcomb: The Journey from IT to OT and Strengthening IT-OT PartnershipPub date: 2023-11-16About Michael Holcomb: Michael Holcomb is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, a prominent engineering, procurement, and construction company. In his current role, he focuses on securing vast ICS/OT environments, ranging from power plants and commuter rail to manufacturing facilities and refineries. Currently pursuing his Master's thesis on Programmable Logic Controllers' attack surface with the SANS Technology Institute, he holds multiple cyber security and ICS/OT certifications like CISSP, GRID, GICSP, GCIP, GPEN, GCIH, and ISA 62443. Beyond his professional endeavors, he founded the UpstateSC ISSA Chapter and BSides Greenville conference, and authored and taught cyber security courses at Greenville Technical College, earning him the CyberSC's MG Lester D. Eisner Award for Cyber Excellence in Leadership for South Carolina in 2023. In this episode, Aaron and Michael Holcomb discuss:○ Closing the IT-OT skills gap in cybersecurity○ Navigating the path to cybersecurity expertise○ The intersection of OT cybersecurity and networking○ The evolving landscape of OT cybersecurity Key Takeaways:○ Bridging the gap between IT professionals learning to think like engineers and OT specialists embracing cybersecurity not only enhances collaboration but also strengthens our ability to secure critical infrastructures, a journey that demands time, dedication, and a shared commitment to a safer digital future.○ Embracing a multidisciplinary approach and fostering collaboration between IT and OT professionals, along with hands-on experience and continuous learning, is the key to breaking into the rapidly evolving field of cybersecurity, transforming passion and knowledge into practical expertise.○ Mastering networking fundamentals is the key to bridging the gap between IT and engineering, enabling the design of resilient systems that prevent costly operational disruptions, and emphasizing the need for continuous learning and collaboration in this dynamic field.○ The integration of IT technologies into OT without adequate expertise has led to vulnerabilities; expecting OT professionals to handle cybersecurity is akin to asking a plumber to do electrical work. While progress is being made, the industry must prepare for a potentially catastrophic event to truly acknowledge the importance of cybersecurity in OT. "One of the things that's sad to me about the OT cybersecurity industry, and this even goes for folks that are new to the industry and even some of the old players that have been out there for 20, 30, maybe 40 years plus, is that there's still, in some respects, not a lot of concern around what it's going to take for people to take cybersecurity and OT seriously. And so there's going to be that event one day, where people are going to die, right? That is going to finally force people to take cybersecurity and OT seriously." — Michael Holcomb Connect with Michael Holcomb: Email: michael.holcomb@fluor.comWebsite: www.fluor.comLinkedIn: www.linkedin.com/in/mikeholcombYouTube: https://www.youtube.com/@utilsec Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120 Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: The PrOTect OT Cybersecurity Podcast (LS 29 · TOP 10% what is this?)Episode: Michael Holcomb: The Journey from IT to OT and Strengthening IT-OT PartnershipPub date: 2023-11-16About Michael Holcomb: Michael Holcomb is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, a prominent engineering, procurement, and construction company. In his current role, he focuses on securing vast ICS/OT environments, ranging from power plants and commuter rail to manufacturing facilities and refineries. Currently pursuing his Master's thesis on Programmable Logic Controllers' attack surface with the SANS Technology Institute, he holds multiple cyber security and ICS/OT certifications like CISSP, GRID, GICSP, GCIP, GPEN, GCIH, and ISA 62443. Beyond his professional endeavors, he founded the UpstateSC ISSA Chapter and BSides Greenville conference, and authored and taught cyber security courses at Greenville Technical College, earning him the CyberSC's MG Lester D. Eisner Award for Cyber Excellence in Leadership for South Carolina in 2023. In this episode, Aaron and Michael Holcomb discuss:○ Closing the IT-OT skills gap in cybersecurity○ Navigating the path to cybersecurity expertise○ The intersection of OT cybersecurity and networking○ The evolving landscape of OT cybersecurity Key Takeaways:○ Bridging the gap between IT professionals learning to think like engineers and OT specialists embracing cybersecurity not only enhances collaboration but also strengthens our ability to secure critical infrastructures, a journey that demands time, dedication, and a shared commitment to a safer digital future.○ Embracing a multidisciplinary approach and fostering collaboration between IT and OT professionals, along with hands-on experience and continuous learning, is the key to breaking into the rapidly evolving field of cybersecurity, transforming passion and knowledge into practical expertise.○ Mastering networking fundamentals is the key to bridging the gap between IT and engineering, enabling the design of resilient systems that prevent costly operational disruptions, and emphasizing the need for continuous learning and collaboration in this dynamic field.○ The integration of IT technologies into OT without adequate expertise has led to vulnerabilities; expecting OT professionals to handle cybersecurity is akin to asking a plumber to do electrical work. While progress is being made, the industry must prepare for a potentially catastrophic event to truly acknowledge the importance of cybersecurity in OT. "One of the things that's sad to me about the OT cybersecurity industry, and this even goes for folks that are new to the industry and even some of the old players that have been out there for 20, 30, maybe 40 years plus, is that there's still, in some respects, not a lot of concern around what it's going to take for people to take cybersecurity and OT seriously. And so there's going to be that event one day, where people are going to die, right? That is going to finally force people to take cybersecurity and OT seriously." — Michael Holcomb Connect with Michael Holcomb: Email: michael.holcomb@fluor.comWebsite: www.fluor.comLinkedIn: www.linkedin.com/in/mikeholcombYouTube: https://www.youtube.com/@utilsec Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120 Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

About Michael Holcomb: Michael Holcomb is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, a prominent engineering, procurement, and construction company. In his current role, he focuses on securing vast ICS/OT environments, ranging from power plants and commuter rail to manufacturing facilities and refineries. Currently pursuing his Master's thesis on Programmable Logic Controllers' attack surface with the SANS Technology Institute, he holds multiple cyber security and ICS/OT certifications like CISSP, GRID, GICSP, GCIP, GPEN, GCIH, and ISA 62443. Beyond his professional endeavors, he founded the UpstateSC ISSA Chapter and BSides Greenville conference, and authored and taught cyber security courses at Greenville Technical College, earning him the CyberSC's MG Lester D. Eisner Award for Cyber Excellence in Leadership for South Carolina in 2023. In this episode, Aaron and Michael Holcomb discuss:○ Closing the IT-OT skills gap in cybersecurity○ Navigating the path to cybersecurity expertise○ The intersection of OT cybersecurity and networking○ The evolving landscape of OT cybersecurity Key Takeaways:○ Bridging the gap between IT professionals learning to think like engineers and OT specialists embracing cybersecurity not only enhances collaboration but also strengthens our ability to secure critical infrastructures, a journey that demands time, dedication, and a shared commitment to a safer digital future.○ Embracing a multidisciplinary approach and fostering collaboration between IT and OT professionals, along with hands-on experience and continuous learning, is the key to breaking into the rapidly evolving field of cybersecurity, transforming passion and knowledge into practical expertise.○ Mastering networking fundamentals is the key to bridging the gap between IT and engineering, enabling the design of resilient systems that prevent costly operational disruptions, and emphasizing the need for continuous learning and collaboration in this dynamic field.○ The integration of IT technologies into OT without adequate expertise has led to vulnerabilities; expecting OT professionals to handle cybersecurity is akin to asking a plumber to do electrical work. While progress is being made, the industry must prepare for a potentially catastrophic event to truly acknowledge the importance of cybersecurity in OT. "One of the things that's sad to me about the OT cybersecurity industry, and this even goes for folks that are new to the industry and even some of the old players that have been out there for 20, 30, maybe 40 years plus, is that there's still, in some respects, not a lot of concern around what it's going to take for people to take cybersecurity and OT seriously. And so there's going to be that event one day, where people are going to die, right? That is going to finally force people to take cybersecurity and OT seriously." — Michael Holcomb Connect with Michael Holcomb: Email: michael.holcomb@fluor.comWebsite: www.fluor.comLinkedIn: www.linkedin.com/in/mikeholcombYouTube: https://www.youtube.com/@utilsec Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120 Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

About Ian Frist: Ian Frist is the Cybersecurity Compliance Program Director at Corning, boasting a MS in Cybersecurity. With a dynamic background spanning both private sector and government roles, Ian's expertise encompasses NIST, CIS, and CMMC frameworks. Currently leading Corning's compliance team within the cybersecurity group, Ian's journey ventured from accidental entry into ICS/OT through the National Guard, where even as a medic, he embraced the cyber realm. Transitioning into compliance and GRC, Ian's enduring passion for ICS/OT continues, evident through speaking engagements at prestigious events like SANS conferences, reflecting his commitment to both fields.In this episode, Aaron and Ian Frist discuss:Navigating compliance and cybersecurity in the changing landscape of OTBuilding effective cybersecurity programsIntegrating cybersecurity in OTImplementing effective asset management and inventory in manufacturingKey Takeaways:Compliance is shifting from a mere checkbox exercise to a powerful lever that compels organizations, including manufacturing and utilities, to elevate their OT cybersecurity by setting a baseline of controls and risk management strategies, bridging the gap between different industries' cybersecurity maturity levels while emphasizing the imperative to safeguard critical operations and infrastructure.In the complex landscape of cybersecurity, building a comprehensive program that understands and manages the unique assets, risks, and impact of your organization's operations is paramount, transcending mere reliance on tools and instead emphasizing a holistic approach to preparedness and response.Building redundancy and preparedness into systems is common practice, but the often overlooked key is to integrate cybersecurity understanding, people, processes, and technology from the start to truly fortify against a wide range of potential incidents and ensure resilient operations.Navigating the complexities of asset management and inventory in manufacturing requires acknowledging the need for an initial manual effort, understanding the limitations of automation tools, setting realistic and adaptable goals that balance compliance and risk, and embracing the ongoing commitment required for effective governance. "Don't fall for a buzzword, build a program. I think we're going to have to keep watching out for that moving forward." — Ian Frist Connect with Ian Frist: Website: https://www.corning.com/worldwide/en.htmlEmail: fristis@corning.comLinkedIn: https://www.linkedin.com/in/ian-frist-ms-cybersecurity-cissp-cmmc-pa-pi-3028a9181/Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and Larry Pesce (Finite State Director of Product Security Research and Analysis) delve into the recently announced U.S. Cyber Trust Mark, a cybersecurity labeling program for IoT devices - a long-anticipated directive of Executive Order 14028.   Larry and Eric explore how, in contrast to static ratings like ENERGY STAR, this dynamic IoT security score will attempt to reflect the continually evolving landscape of cybersecurity threats and controls. They delve into the efficacy of this voluntary labeling program: Will consumers use it? Will manufacturers comply (and raise prices) or ignore it?   Together, Larry and Eric discuss the initial criteria for assigning these security scores and the user-friendly implementation strategies like QR codes. They also tackle the implications of this program on various connected devices, from baby monitors to solar panels, analyzing whether this voluntary program will see widespread adoption across various industries with varied potential risks (from privacy violations to deadly fires).   In the discussion, Larry turns the tables and asks Eric about the FCC's unexpected role in enforcing IoT labeling compliance and how this labeling initiative aligns with the broader trend towards transparency and accountability in device security regulation and progress.    Interview with Larry Pesce    Since joining Finite State, Larry has been providing expert product security program design and development as well as IoT pen testing services and guidance to product security teams worldwide. He is also a Certified Instructor at the SANS Institute and has co-hosted the Paul's Security Weekly podcast since 2005. Before joining Finite State, Larry spent 15 years as a penetration tester (among other various roles) focused on healthcare, ICS/OT, wireless, and IoT/IIoT embedded devices. Larry holds several GIAC certifications and earned his B.S. in Computer Information Systems from Roger Williams University.    Join in on this insightful discussion where Eric and Larry consider: Similarities and differences between the IoT labeling and ENERGY STAR rating programs  The need to reflect the ever-changing nature of cybersecurity risk and controls within cybersecurity scores  How, and how much, consumers will actually use the score and value higher-rated devices Criteria considered when assigning the scores and where labels will appear  The varying impacts of a voluntary IoT labeling program on consumer vs. industrial connected device cybersecurity The surprising role of the FCC as the enforcing regulator for IoT labeling compliance   Find Larry on LinkedIn: Larry Pesce: https://linkedin.com/in/larrypesce   Learn more about Finite State: https://finitestate.io/   Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/    

Mark Hyman of Verge Management Group joins Dale to discuss the big 3 stories of Q2 along with their win, fail and predication. Big Stories The OT Security Layoffs (Mark is a recruiter specialized in ICS/OT security) Still No US National Cyber Director? The Merck NotPetya Insurance Claim Ruling Plus they both have a win, fail and prediction at the end.

On this episode of the IoT: The Internet of Threats podcast, host Eric Greenwald and Larry Pesce (Finite State Director of Product Security Research and Analysis) explore the FDA's new Refuse to Accept (RTA) decision process and what it means for successful premarket submissions of medical devices. Together, Larry and Eric examine how prepared the industry is for the coming changes and assess how medical device manufacturers may weigh the new risk-benefit calculus. Eric and Larry also look at how past cyberattacks lead companies to forge enduring changes in cybersecurity culture and controls and discuss whether these regulatory changes will bring about significant improvements in securing connected medical devices.    Interview with Larry Pesce    Since joining Finite State, Larry has been providing expert product security program design and development as well as IoT pen testing guidance and services to product security teams worldwide. He is also a Certified Instructor at the SANS Institute and has co-hosted the Paul's Security Weekly podcast since 2005. Before joining Finite State, Larry spent 15 years as a penetration tester (among other various roles) focused on healthcare, ICS/OT, wireless, and IoT/IIoT embedded devices. Larry holds several GIAC certifications and earned his B.S. in Computer Information Systems from Roger Williams University.    In this episode, Eric and Larry discuss the: FDA's new Refuse-To-Accept (RTA) decision authority and what it means for SBOMs and the premarket submissions of medical devices Whether the medical device sector is adequately prepared for these changes How the new regulations may alter the liability vs. risk tolerance question for medical device manufacturers The extent to which the FDA will rigorously enforce the new premarket submission requirements The potential qualitative difference this new regulation may bring to the the overall security of medical devices How cyberattacks often lead companies to make meaningful, lasting changes in their cybersecurity practices   Find Larry on LinkedIn: Larry Pesce: https://linkedin.com/in/larrypesce   Learn more about Finite State: https://finitestate.io/   Thank you for listening to this episode of the IoT: The Internet of Threats podcast, powered by Finite State — the leading supply chain cyber-security solution provider for connected devices and embedded systems.   If you enjoyed this episode, click subscribe to stay connected and leave a review to get the word out about the podcast.   To learn more about building a robust software supply chain security program, protecting your connected devices, and complying with emerging regulations and technical standards, visit https://finitestate.io/