POPULARITY
Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
In this episode of The Gate 15 Interview, Andy Jabbour speaks with Jeri Rogish and Mitchell Freddura, both with the Cybersecurity and Infrastructure Security Agency (CISA) and CISA's Joint Cyber Defense Collaborative (JCDC). Jeri serves as Deputy Chief of JCDC's Product Development Section and Mitch serves in the Partnerships Office. Jeri on LinkedIn. Mitch on LinkedIn. For further information about participating, email cisa.jcdc@cisa.dhs.gov. Discussed in the podcast: Jeri & Mitch's Backgrounds. JCDC background. How the JCDC is “uniting the global cyber community.” Best practices to support a “coordinated defensive cyber posture.” “Implementing comprehensive, whole-of-nation cyber defense plans” to address risks, coordinate action, and build national resilience. Building a joint understanding of challenges and opportunities for our nation's cyber defense. Networks of networks & private-public partnership The NCIRP Public Comment period coming soon! We play Three Questions and talk moments from high school, favorite foods, big hearts and sports teams no one wants to hear about… Selected links: Joint Cyber Defense Collaborative (JCDC) CISA Launches New Joint Cyber Defense Collaborative (05 Aug 2021) JCDC Success Stories | CISA JCDC Artificial Intelligence Cyber Tabletop Exercise Series Shaping the legacy of partnership between government and private sector globally: JCDC Cybersecurity Resources for High-Risk Communities JCDC Builds Foundation for Pipelines Cyber Defense Planning Effort Additional resources: 2024 JCDC Priorities Enhanced Visibility and Hardening Guidance for Communications Infrastructure PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure Living off the Land (LoTL) Guidance Cybersecurity Resources for High-Risk Communities | CISA Securing Open Source Software in Operational Technology | CISA Improving Security of Open Source Software in Operational Technology and Industrial Control Systems
Podcast: PrOTect It All (LS 24 · TOP 10% what is this?)Episode: ICS/OT Cybersecurity: Events, Networking, and Industry Discussions with Mike HolcombPub date: 2024-12-02Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow is joined by special guest Mike Holcomb to discuss the intricate realm of Industrial Control Systems and Operational Technology (ICS/OT) cybersecurity. The episode also spotlights the upcoming event B Sides ICS, an open and community-centric conference set to run alongside the prestigious S4 conference in Tampa. Mike Holcomb provides insights into the much-anticipated ticket sales for the event and underscores the importance of submitting papers or presentations by the end of the year. The discussion emphasizes the significance of expertise in OT, cyber, and enterprise operations for top-level management and how events like B Sides ICS and S4 promote networking, learning, and professional development. Listeners will gain a deeper understanding of the origins of B Sides events, the excitement surrounding B Sides ICS, and the impactful discussions and innovations poised to shape the future of ICS/OT cybersecurity. Whether the audience comprises newcomers or seasoned professionals, this episode offers valuable takeaways for everyone. Key Moments: 00:00 Educating and supporting ICS & OT cybersecurity communities. 04:28 Passionate about learning and sharing cybersecurity knowledge. 08:59 B Sides: Global community-focused conference events. 10:43 Bringing B-Sides to Greenville increased attendance. 16:29 Promote diverse perspectives in OT cybersecurity. 19:01 Active Directory challenges in IT-OT integration. 21:07 Active Directory simplifies system management, poses risks. 28:57 Lean on IT for the correct Active Directory setup. 31:52 Availability is crucial in an OT environment. 34:14 Integrating IT and OT for enhanced cybersecurity collaboration. 36:16 IT and OT integration needs improvement. 40:54 Exploring cybersecurity in ICSOT across various sectors. About the guest : Mike Holcomb is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, one of the world's largest engineering, procurement, and construction companies. His current role provides him with the opportunity to work in securing some of the world's largest ICS/OT environments, from power plants and commuter rail to manufacturing facilities and refineries. He has his Masters degree in ICS/OT cybersecurity from the SANS Technology Institute. Additionally, he maintains cyber security and ICS/OT certifications such as the CISSP, GRID, GICSP, GCIP, GPEN, GCIH, ISA 62443, and more. He posts regularly on LinkedIn and YouTube to help others learn more about securing ICS/OT and critical infrastructure. How to contact Mike: Website : https://www.mikeholcomb.com/ Youtube : https://www.youtube.com/@utilsec LinkedIn: https://www.linkedin.com/in/mikeholcomb/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Recent years have been pivotal in the field of Industrial Control Systems (ICS) security, with a large number of high-profile attacks exposing the lack of a design-for-security initiative in ICS. The evolution of ICS abstracting the control logic to a purely software level hosted on a generic OS, combined with hyperconnectivity and the integration of popular open source libraries providing advanced features, have expanded the ICS attack surface by increasing the entry points and by allowing traditional software vulnerabilities to be repurposed to the ICS domain. In this seminar, we will shed light to the security landscape of modern ICS, dissecting firmware from the dominant vendors and motivating the need of employing appropriate vulnerability assessment tools. We will present methodologies for blackbox fuzzing of modern ICS, both directly using the device and by using the development software. We will then proceed with methodologies on hotpatching, since ICS cannot be easily restarted in order to patch any discovered vulnerabilities. We will demonstrate our proposed methodologies on various critical infrastructure testbeds. About the speaker: Michail (Mihalis) Maniatakos is an Associate Professor of Electrical and Computer Engineering at New York University (NYU) Abu Dhabi, UAE, and a Research Associate Professor at the NYU Tandon School of Engineering, New York, USA. He is the Director of the MoMA Laboratory (nyuad.nyu.edu/momalab), NYU Abu Dhabi. He received his Ph.D. in Electrical Engineering, as well as M.Sc., M.Phil. degrees from Yale University. He also received the B.Sc. and M.Sc. degrees in Computer Science and Embedded Systems, respectively, from the University of Piraeus, Greece. His research interests, funded by industrial partners, the US government, and the UAE government include privacy-preserving computation and industrial control systems security.
In this episode of Hashtag Trending The Weekend Edition, host Jim Love invites a panel of cybersecurity experts, including Terry Cutler from Cyology Labs, David Shipley from Beauceron Security, and Mike Walters from Action One, to discuss the recent CrowdStrike incident. The panel examines the details of how an update caused widespread IT disruptions, affecting millions of devices globally. They delve into testing practices, risk assessment, and the importance of phased deployment to prevent such massive outages in the future. The conversation also touches on industrial control systems vulnerabilities and the broader implications of relying on single-vendor solutions. Tune in to gain insights into the largest IT disruption to date and what it means for future cybersecurity practices. 00:00 Introduction and Panel Setup 01:11 Discussing the Wiz Purchase 04:39 Modbus Story and Industrial Control Systems 10:30 CrowdStrike Incident Analysis 21:08 Visualizing the Impact of System Failures 21:31 Handling Disruptions and Financial Responsibility 22:07 Personal Stories and Broader Implications 23:19 Applauding Quick Responses and Future Strategies 24:18 Implementing Phased Rollouts 26:07 Challenges in Cybersecurity Updates 28:22 Lessons from the CrowdStrike Incident 29:05 The Role of Government and Market Dynamics 29:51 Testing and Risk Assessments 31:04 Simplifying Cybersecurity and Disaster Recovery 31:57 Concluding Thoughts and Lessons Learned 39:55 Final Wrap-Up and Acknowledgements
In today's episode, we explore US sanctions on Russian hacktivists from the Cyber Army of Russia Reborn (CARR) for cyberattacks on critical infrastructure and Google's surprising decision to halt phasing out third-party cookies in Chrome. We also explore the emergence of the new ICS malware 'FrostyGoop' targeting critical infrastructure and a Telegram zero-day vulnerability dubbed 'EvilVideo' that enabled attackers to disguise malicious Android APKs as video files. 00:00 - Intro 01:14 - Google Retains Third-Party Cookies in Chrome 03:01 - Telegram Flaw 04:34 - Frosty Goop 05:58 - US Sanctions Russian Hackers US sanctions Russian hacktivists who breached water facilities: https://www.bleepingcomputer.com/news/security/us-sanctions-russian-hacktivists-who-breached-water-facilities/ Google Abandons Plan to Phase Out Third-Party Cookies in Chrome: https://thehackernews.com/2024/07/google-abandons-plan-to-phase-out-third.html New ICS Malware 'FrostyGoop' Targeting Critical Infrastructure: https://thehackernews.com/2024/07/new-ics-malware-frostygoop-targeting.html Telegram zero-day allowed sending malicious Android APKs as videos: https://www.bleepingcomputer.com/news/security/telegram-zero-day-allowed-sending-malicious-android-apks-as-videos/ Video Episode: https://youtu.be/AHs5yEhPSS8 Sign up for digestible cyber news delivered to your inbox: https://news.thedailydecrypt.com Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags: Sanctions, Russian cybercriminals, US government, Cyber Army of Russia Reborn, Google, cookies, privacy, user-choice prompt, regulatory challenges, Dragos, FrostyGoop, malware, Modbus TCP, Industrial Control Systems, critical infrastructure, Telegram, EvilVideo, Android, ESET, zero-day, cybersecurity news Search Phrases: What are today's top cybersecurity news stories? Impact of US sanctions on Russian cybercriminals Google's user-choice prompt for privacy Cyber Army of Russia Reborn attacks on US facilities Protecting Industrial Control Systems from malware Dragos FrostyGoop malware attack in Ukraine Details on Telegram EvilVideo vulnerability Steps to safeguard Android devices from malware US government response to cyber threats How ESET discovered Telegram EvilVideo flaw
Podcast: Cyber Work (LS 42 · TOP 1.5% what is this?)Episode: How to get started in industrial control systems cybersecurity | Guest Robin BerthierPub date: 2024-04-22Today on Cyber Work, we are talking operational technology, or OT, security with guest, Robin Berthier of Network Perception. From his earliest studies to his time as an academic researcher, Berthier has dedicated his career to securing the intersection between operational technology and network security, with some pretty imaginative solutions to show for it. In today's episode, Berthier explains why modern OT security means thinking more about the mechanics of the machinery than the swiftness of the software solutions, the big conversation that infrastructure and ICS Security need to have about nation-state attackers (and finally are having!) and Berthier's best piece of career advice turns into some excellent thoughts on the importance of maintaining your network… and I don't mean routing and switching!0:00 - Industrial control systems cybersecurity1:54 - How Robin Berthier got into tech3:38 - Majoring in cybersecurity 4:55 - Intrusion detection systems 9:18 - Mechanical and cybersecurity tools12:33 Launching Network Perception17:03 - Current state of ICS and OT infrastructure20:24 - Cyberattacks on industrial control systems28:35 -Skills needed to work in industrial control systems35:19 - Where are ICS security jobs?36:39 - Getting into local OT systems37:55 - Skills gaps in ICS39:21 - Best piece of career advice41:01 - Cultivating a work network43:28 - What is Network Perception?45:27 - Learn more about Robin Berthier45:58 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.The podcast and artwork embedded on this page are from Infosec, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Cyber Work (LS 42 · TOP 1.5% what is this?)Episode: How to get started in industrial control systems cybersecurity | Guest Robin BerthierPub date: 2024-04-22Today on Cyber Work, we are talking operational technology, or OT, security with guest, Robin Berthier of Network Perception. From his earliest studies to his time as an academic researcher, Berthier has dedicated his career to securing the intersection between operational technology and network security, with some pretty imaginative solutions to show for it. In today's episode, Berthier explains why modern OT security means thinking more about the mechanics of the machinery than the swiftness of the software solutions, the big conversation that infrastructure and ICS Security need to have about nation-state attackers (and finally are having!) and Berthier's best piece of career advice turns into some excellent thoughts on the importance of maintaining your network… and I don't mean routing and switching!0:00 - Industrial control systems cybersecurity1:54 - How Robin Berthier got into tech3:38 - Majoring in cybersecurity 4:55 - Intrusion detection systems 9:18 - Mechanical and cybersecurity tools12:33 Launching Network Perception17:03 - Current state of ICS and OT infrastructure20:24 - Cyberattacks on industrial control systems28:35 -Skills needed to work in industrial control systems35:19 - Where are ICS security jobs?36:39 - Getting into local OT systems37:55 - Skills gaps in ICS39:21 - Best piece of career advice41:01 - Cultivating a work network43:28 - What is Network Perception?45:27 - Learn more about Robin Berthier45:58 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.The podcast and artwork embedded on this page are from Infosec, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Today on Cyber Work, we are talking operational technology, or OT, security with guest, Robin Berthier of Network Perception. From his earliest studies to his time as an academic researcher, Berthier has dedicated his career to securing the intersection between operational technology and network security, with some pretty imaginative solutions to show for it. In today's episode, Berthier explains why modern OT security means thinking more about the mechanics of the machinery than the swiftness of the software solutions, the big conversation that infrastructure and ICS Security need to have about nation-state attackers (and finally are having!) and Berthier's best piece of career advice turns into some excellent thoughts on the importance of maintaining your network… and I don't mean routing and switching!0:00 - Industrial control systems cybersecurity1:54 - How Robin Berthier got into tech3:38 - Majoring in cybersecurity 4:55 - Intrusion detection systems 9:18 - Mechanical and cybersecurity tools12:33 Launching Network Perception17:03 - Current state of ICS and OT infrastructure20:24 - Cyberattacks on industrial control systems28:35 -Skills needed to work in industrial control systems35:19 - Where are ICS security jobs?36:39 - Getting into local OT systems37:55 - Skills gaps in ICS39:21 - Best piece of career advice41:01 - Cultivating a work network43:28 - What is Network Perception?45:27 - Learn more about Robin Berthier45:58 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
In this episode of the Cyber Uncut podcast, Ben Miller, chief information security officer at Dragos, joins host Liam Garman to unpack the increasing number of ransomware attacks directed towards industrial organisations and how OT/ICS operators can better protect their assets. The pair begin by unpacking how threat groups have adapted their TTPs to attack modern industrial organisations and how ransomware attacks on manufacturers continue to disrupt global supply chains. Miller then details how OT/ICS operators can strengthen their cyber security posture and how the industry can better collaborate to enhance cyber resilience. The podcast wraps up by unpacking how Dragos enhances the threat detection and response strategies of industrial operators and what the future of OT cyber security looks like. Enjoy the podcast, The Cyber Uncut team
In this episode of the Cyber Uncut podcast, Ben Miller, chief information security officer at Dragos, joins host Liam Garman to unpack the increasing number of ransomware attacks directed towards industrial organizations and how OT/ICS operators can better protect their assets. The pair begin by unpacking how threat groups have adapted their TTPs to attack modern industrial organisations and how ransomware attacks on manufacturers continue to disrupt global supply chains. Miller then details how OT/ICS operators can strengthen their cyber security posture and how the industry can better collaborate to enhance cyber resilience. The podcast wraps up by unpacking how Dragos enhances the threat detection and response strategies of industrial operators and what the future of OT cyber security looks like. Enjoy the podcast, The Cyber Uncut team
Podcast: Cyber Work (LS 42 · TOP 1.5% what is this?)Episode: Modern industrial control system security issues | Guest Thomas PacePub date: 2024-04-01Thomas Pace of NetRise talks about industrial control systems security. We'll learn about Pace's time in the United States Marine Corps in cyber-intelligence, his move to forensics and then ICS and why the greatest asset a security professional can have is the ability to find, clearly see and create narratives. I always find ICS professionals to be fascinating, and Pace took us down some new paths, so if you're also interested in ICS Security, keep it here for today's episode of Cyber Work!0:00 - Industrial Control Systems security 1:39 - How Pace got into cybersecurity 4:31 - The speed of cybersecurity's change5:20 - Pace's career in cyber intelligence 10:08 - Importance of cybersecurity analysis10:55 - Current state of ICS and infrastructure security in the U.S.25:22 - How to work in ICS security 32:52 - Manufacturing security issues 38:00 - Security risks for cranes40:51 - Best ICS security advice 44:09 - Best cybersecurity career advice46:15 - What is NetRise?47:40 - Learn more about Pace48:25 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.The podcast and artwork embedded on this page are from Infosec, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Cyber Work (LS 42 · TOP 1.5% what is this?)Episode: Modern industrial control system security issues | Guest Thomas PacePub date: 2024-04-01Thomas Pace of NetRise talks about industrial control systems security. We'll learn about Pace's time in the United States Marine Corps in cyber-intelligence, his move to forensics and then ICS and why the greatest asset a security professional can have is the ability to find, clearly see and create narratives. I always find ICS professionals to be fascinating, and Pace took us down some new paths, so if you're also interested in ICS Security, keep it here for today's episode of Cyber Work!0:00 - Industrial Control Systems security 1:39 - How Pace got into cybersecurity 4:31 - The speed of cybersecurity's change5:20 - Pace's career in cyber intelligence 10:08 - Importance of cybersecurity analysis10:55 - Current state of ICS and infrastructure security in the U.S.25:22 - How to work in ICS security 32:52 - Manufacturing security issues 38:00 - Security risks for cranes40:51 - Best ICS security advice 44:09 - Best cybersecurity career advice46:15 - What is NetRise?47:40 - Learn more about Pace48:25 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.The podcast and artwork embedded on this page are from Infosec, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Thomas Pace of NetRise talks about industrial control systems security. We'll learn about Pace's time in the United States Marine Corps in cyber-intelligence, his move to forensics and then ICS and why the greatest asset a security professional can have is the ability to find, clearly see and create narratives. I always find ICS professionals to be fascinating, and Pace took us down some new paths, so if you're also interested in ICS Security, keep it here for today's episode of Cyber Work!0:00 - Industrial Control Systems security 1:39 - How Pace got into cybersecurity 4:31 - The speed of cybersecurity's change5:20 - Pace's career in cyber intelligence 10:08 - Importance of cybersecurity analysis10:55 - Current state of ICS and infrastructure security in the U.S.25:22 - How to work in ICS security 32:52 - Manufacturing security issues 38:00 - Security risks for cranes40:51 - Best ICS security advice 44:09 - Best cybersecurity career advice46:15 - What is NetRise?47:40 - Learn more about Pace48:25 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
Podcast: Critical Assets PodcastEpisode: Energizing Cybersecurity Careers: Workforce Development in OT/ICSPub date: 2024-03-03Join us for a discussion on Energizing Cybersecurity Careers: Workforce Development in the OT/ICS Community. Guests Cynthia Hsu and Erin Owens dive into the cybersecurity challenges facing Industrial Control Systems and Operational Technology asset owners. Through open conversations, we explore everything from skill gaps and career pathways to diversity, continuous learning, and the impact of new technologies. This session aims to provide insights into developing a skilled, diverse cybersecurity workforce – starting from the ground up – with a focus on practical strategies for professionals, educators, and anyone interested in the future of ICS/OT security.Show links:Cynthia Hsu LinkedIn profile https://www.linkedin.com/in/cynthiahsu33/Erin Owens LinkedIn profile https://www.linkedin.com/in/erinowens/DOE CESER Cybersecurity Training for the Utility Workforce, free 3-day ICS Cybersecurity training for electric and ONG utility staff. Next training event: Buffalo, NY, April 23-25, Register at: Eventleaf | Event Registration Software and Mobile Event Apps DOE CESER CyberStrikeTM professional cybersecurity training for operational technology environments: https://inl.gov/cyberstrike/· LIGHTS OUT – focus on Ukraine attacks· NEMESIS – focus on nation-state TTPs· STORMCLOUD – focus on renewable energy DOE CESER CyberForce® workforce development program for college students focused on building a pipeline of cyber professional candidates in operational technology cybersecurity: https://cyberforce.energy.gov/ Sandia National LaboratoryTracer FIRE (Forensic Incident Response Exercise): https://github.com/sandialabs/Tracer-FIRECenter for Cyber Defenders: https://www.sandia.gov/careers/career-possibilities/students-and-postdocs/internships-co-ops/institute-programs/titans-technical-internships-to-advance-national-security/titans-cyber/ Cyber Defense Center https://www.cyberdefensecenter.org/The podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Critical Assets PodcastEpisode: Energizing Cybersecurity Careers: Workforce Development in OT/ICSPub date: 2024-03-03Join us for a discussion on Energizing Cybersecurity Careers: Workforce Development in the OT/ICS Community. Guests Cynthia Hsu and Erin Owens dive into the cybersecurity challenges facing Industrial Control Systems and Operational Technology asset owners. Through open conversations, we explore everything from skill gaps and career pathways to diversity, continuous learning, and the impact of new technologies. This session aims to provide insights into developing a skilled, diverse cybersecurity workforce – starting from the ground up – with a focus on practical strategies for professionals, educators, and anyone interested in the future of ICS/OT security.Show links:Cynthia Hsu LinkedIn profile https://www.linkedin.com/in/cynthiahsu33/Erin Owens LinkedIn profile https://www.linkedin.com/in/erinowens/DOE CESER Cybersecurity Training for the Utility Workforce, free 3-day ICS Cybersecurity training for electric and ONG utility staff. Next training event: Buffalo, NY, April 23-25, Register at: Eventleaf | Event Registration Software and Mobile Event Apps DOE CESER CyberStrikeTM professional cybersecurity training for operational technology environments: https://inl.gov/cyberstrike/· LIGHTS OUT – focus on Ukraine attacks· NEMESIS – focus on nation-state TTPs· STORMCLOUD – focus on renewable energy DOE CESER CyberForce® workforce development program for college students focused on building a pipeline of cyber professional candidates in operational technology cybersecurity: https://cyberforce.energy.gov/ Sandia National LaboratoryTracer FIRE (Forensic Incident Response Exercise): https://github.com/sandialabs/Tracer-FIRECenter for Cyber Defenders: https://www.sandia.gov/careers/career-possibilities/students-and-postdocs/internships-co-ops/institute-programs/titans-technical-internships-to-advance-national-security/titans-cyber/ Cyber Defense Center https://www.cyberdefensecenter.org/The podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Join us as we dive into the current state of cybersecurity for the manufacturing industry. Todd, our esteemed COO & CISO, and Nate, our Director of Cybersecurity & vCISO, share valuable insights on why manufacturing has become a tempting target for cyber threats and the unique challenges this industry faces. Discover common blind spots and the emerging technologies that pose risks to manufacturing, including smart tools. Our experts also discuss best practices like MFA, EDR, PAM, and risk assessment, along with future trends that can benefit manufacturing. Tune in now to safeguard your operations!Resources: Critical Manufacturing SectorCISA Industrial Control Systems Security OfferingsCybersecurity Practices for Industrial Control Systems
Podcast: The PrOTect OT Cybersecurity Podcast (LS 29 · TOP 10% what is this?)Episode: Thomas VanNorman: ICS Security Takes a Village - Building an OT Security CommunityPub date: 2023-12-07About Thomas VanNorman: Thomas VanNorman, a seasoned professional with almost three decades of experience in OT, is currently leading the CyPhy Product group at GRIMM. His primary focus involves securing Industrial Control Systems and networking within this domain. Additionally, Tom is a co-founder of the ICS Village, a 501(c)(3) non-profit organization dedicated to Control System security and awareness, where he has volunteered for almost a decade. Tom retired from the Air National Guard after serving in Cyber Warfare Operations, capping off a diverse career that included working on airplane control systems for 12 years.In this episode, Aaron and Thomas VanNorman discuss:Starting up The ICS VillageNavigating the world of industrial control systemsAddressing the unique challenges of OT securityThe chicken and egg dilemma in industrial cybersecurityInsights from recent SEC actions and the role of CISOs in risk acceptanceKey Takeaways:The ICS Village, founded eight years ago, focuses on educating and raising awareness about industrial control systems (ICS) and their security, using conferences, events, and roadshows to provide hands-on experiences, non-sales discussions, and tabletop exercises, with a mission to bridge knowledge gaps, address terminology variations, and emphasize the importance of both old and new threats in the ICS space.Addressing cybersecurity challenges in the OT space, particularly with aging technology, requires a unique approach due to potential impacts on production and safety, leading to the launch of a four-year apprenticeship program initially targeting veterans to bridge the skills gap.Navigating the challenges of cybersecurity in industrial settings requires a blend of technical expertise, an understanding of operational processes, and effective risk communication, as demonstrated by the importance of bridging the gap between IT and OT and addressing vulnerabilities in a context-specific manner.In the ever-evolving landscape of cybersecurity, the role of CISOs is becoming increasingly crucial, with recent legal actions targeting them personally; however, it's essential to recognize that CISOs often lack the executive power to make decisions, highlighting the need for a shift in organizational dynamics and a deeper understanding of the risks being accepted."Our role as technologists is to explain the facts: Why does this matter? What happens if you fix it? What happens if you don't fix it? It may cost millions of dollars to fix it. It might be for an air handler that operates the warehouse, which doesn't matter much. Or it could be an air handler for that warehouse that does matter because it has to be climate-controlled. Things go south quickly. It's the same piece of hardware, the same piece of technology, but with different applications." — Thomas VanNorman Connect with Thomas VanNorman: Email: tom@icsvillage.comWebsite: https://www.icsvillage.com/LinkedIn: https://www.linkedin.com/in/thomasvannorman/Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: The PrOTect OT Cybersecurity Podcast (LS 31 · TOP 5% what is this?)Episode: Thomas VanNorman: ICS Security Takes a Village - Building an OT Security CommunityPub date: 2023-12-07About Thomas VanNorman: Thomas VanNorman, a seasoned professional with almost three decades of experience in OT, is currently leading the CyPhy Product group at GRIMM. His primary focus involves securing Industrial Control Systems and networking within this domain. Additionally, Tom is a co-founder of the ICS Village, a 501(c)(3) non-profit organization dedicated to Control System security and awareness, where he has volunteered for almost a decade. Tom retired from the Air National Guard after serving in Cyber Warfare Operations, capping off a diverse career that included working on airplane control systems for 12 years.In this episode, Aaron and Thomas VanNorman discuss:Starting up The ICS VillageNavigating the world of industrial control systemsAddressing the unique challenges of OT securityThe chicken and egg dilemma in industrial cybersecurityInsights from recent SEC actions and the role of CISOs in risk acceptanceKey Takeaways:The ICS Village, founded eight years ago, focuses on educating and raising awareness about industrial control systems (ICS) and their security, using conferences, events, and roadshows to provide hands-on experiences, non-sales discussions, and tabletop exercises, with a mission to bridge knowledge gaps, address terminology variations, and emphasize the importance of both old and new threats in the ICS space.Addressing cybersecurity challenges in the OT space, particularly with aging technology, requires a unique approach due to potential impacts on production and safety, leading to the launch of a four-year apprenticeship program initially targeting veterans to bridge the skills gap.Navigating the challenges of cybersecurity in industrial settings requires a blend of technical expertise, an understanding of operational processes, and effective risk communication, as demonstrated by the importance of bridging the gap between IT and OT and addressing vulnerabilities in a context-specific manner.In the ever-evolving landscape of cybersecurity, the role of CISOs is becoming increasingly crucial, with recent legal actions targeting them personally; however, it's essential to recognize that CISOs often lack the executive power to make decisions, highlighting the need for a shift in organizational dynamics and a deeper understanding of the risks being accepted."Our role as technologists is to explain the facts: Why does this matter? What happens if you fix it? What happens if you don't fix it? It may cost millions of dollars to fix it. It might be for an air handler that operates the warehouse, which doesn't matter much. Or it could be an air handler for that warehouse that does matter because it has to be climate-controlled. Things go south quickly. It's the same piece of hardware, the same piece of technology, but with different applications." — Thomas VanNorman Connect with Thomas VanNorman: Email: tom@icsvillage.comWebsite: https://www.icsvillage.com/LinkedIn: https://www.linkedin.com/in/thomasvannorman/Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it. The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
About Thomas VanNorman: Thomas VanNorman, a seasoned professional with almost three decades of experience in OT, is currently leading the CyPhy Product group at GRIMM. His primary focus involves securing Industrial Control Systems and networking within this domain. Additionally, Tom is a co-founder of the ICS Village, a 501(c)(3) non-profit organization dedicated to Control System security and awareness, where he has volunteered for almost a decade. Tom retired from the Air National Guard after serving in Cyber Warfare Operations, capping off a diverse career that included working on airplane control systems for 12 years.In this episode, Aaron and Thomas VanNorman discuss:Starting up The ICS VillageNavigating the world of industrial control systemsAddressing the unique challenges of OT securityThe chicken and egg dilemma in industrial cybersecurityInsights from recent SEC actions and the role of CISOs in risk acceptanceKey Takeaways:The ICS Village, founded eight years ago, focuses on educating and raising awareness about industrial control systems (ICS) and their security, using conferences, events, and roadshows to provide hands-on experiences, non-sales discussions, and tabletop exercises, with a mission to bridge knowledge gaps, address terminology variations, and emphasize the importance of both old and new threats in the ICS space.Addressing cybersecurity challenges in the OT space, particularly with aging technology, requires a unique approach due to potential impacts on production and safety, leading to the launch of a four-year apprenticeship program initially targeting veterans to bridge the skills gap.Navigating the challenges of cybersecurity in industrial settings requires a blend of technical expertise, an understanding of operational processes, and effective risk communication, as demonstrated by the importance of bridging the gap between IT and OT and addressing vulnerabilities in a context-specific manner.In the ever-evolving landscape of cybersecurity, the role of CISOs is becoming increasingly crucial, with recent legal actions targeting them personally; however, it's essential to recognize that CISOs often lack the executive power to make decisions, highlighting the need for a shift in organizational dynamics and a deeper understanding of the risks being accepted."Our role as technologists is to explain the facts: Why does this matter? What happens if you fix it? What happens if you don't fix it? It may cost millions of dollars to fix it. It might be for an air handler that operates the warehouse, which doesn't matter much. Or it could be an air handler for that warehouse that does matter because it has to be climate-controlled. Things go south quickly. It's the same piece of hardware, the same piece of technology, but with different applications." — Thomas VanNorman Connect with Thomas VanNorman: Email: tom@icsvillage.comWebsite: https://www.icsvillage.com/LinkedIn: https://www.linkedin.com/in/thomasvannorman/Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.
We're kicking off a mini-series on the Transatlantic Cable Podcast, where our crew dives into the world of critical infrastructure with the team from Industrial Control Systems (ICS) research team to talk about research, new developments and upcoming events. The very first episode the team sit down with Evgeny Goncharov and Vladimir Dashchenko to talk about some of their latest research. The first piece of a look at data for Industrial Control Systems for H1, whilst the second was a deep dive into upcoming Internet Of Things threats for 2023. If you'd like to hear more about this, be sure to subscribe. Overview of IoT threats in 2023 Threat landscape for industrial automation systems. Statistics for H1 2023
Dragos, a company building software to secure the control systems for manufacturing and industrial equipment, has raised $74 million in a Series D round extension led by WestCap.
Podcast: Cyber Work (LS 42 · TOP 1.5% what is this?)Episode: ICS security, Blue Team Con and security work in the Air Force Reserve | Guest Lesley CarhartPub date: 2023-08-21Lesley Carhart of Dragos, also known as Hack4Pancakes on social media, is a lifelong breaker and builder of things, and their insights on the deep mechanics of Industrial Control Systems are an absolute must-hear for any of you even considering this space. Carhart also talks about their keynote at this year's Blue Team Con, the differences between incident response in the military vs. the private sector, and why standard cybersecurity studies won't take you as far in ICS as it will to learn how train track switchers work. Seriously, this is one of the best episodes I've ever been a part of, and I can't wait for you to hear it! – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - ICS security 3:40 - Getting started in cybersecurity 9:13 - The early days of the internet11:05 - Air Force cybersecurity 12:50 - Military cybersecurity training 15:00 - Incident response work at Motorolla18:40 - Technical director of incident response23:30 - State of ICS39:13 - Starting work in ICS41:57 - Keynote speaker at Blue Team Con46:46 - Bringing diversity into ICS53:46 - Outro About InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.The podcast and artwork embedded on this page are from Infosec, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Lesley Carhart of Dragos, also known as Hack4Pancakes on social media, is a lifelong breaker and builder of things, and their insights on the deep mechanics of Industrial Control Systems are an absolute must-hear for any of you even considering this space. Carhart also talks about their keynote at this year's Blue Team Con, the differences between incident response in the military vs. the private sector, and why standard cybersecurity studies won't take you as far in ICS as it will to learn how train track switchers work. Seriously, this is one of the best episodes I've ever been a part of, and I can't wait for you to hear it! – Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast0:00 - ICS security 3:40 - Getting started in cybersecurity 9:13 - The early days of the internet11:05 - Air Force cybersecurity 12:50 - Military cybersecurity training 15:00 - Incident response work at Motorolla18:40 - Technical director of incident response23:30 - State of ICS39:13 - Starting work in ICS41:57 - Keynote speaker at Blue Team Con46:46 - Bringing diversity into ICS53:46 - Outro About InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.
Welcome to Cyber Briefing, the newsletter that informs you about the latest cybersecurity advisories, alerts, incidents and news every weekday.
Security Jobs Industrial Control Systems Dragos' top Cybersecurity recruiter JOSH FULLMER joins Cyber Crime Junkies in the studio to discuss security jobs industrial control systems and what employers want in cybersecurity. Topics: what employers want in cybersecurity careers, what employers want in cybersecurity, new approaches to enter cyber security, new approaches to enter cybersecurity, how red team exercises help you stay protected, how transition fro military into cybersecurity today, How start a career in cybersecurity today, effective communication for security internally in business, security best practices for business, how to choose the right bootcamps, How To Select The Right BootCamps, new approaches to enter the cybersecurity field, how can we spot fraud in business, where to start cyber security career, how to have effective communication internally in business, best ways to keep up to date on security news. CHECK OUT THE FULL DISCUSSION VIDEO HERE: https://youtu.be/LIbfIx6BVy4 Connect with Josh directly: https://www.linkedin.com/in/josh-fullmer/ Full VIDEO Link:
GuestsSteve Luczynski, Senior Manager / Critical Infrastructure Security, Accenture Federal Services [@Accenture] and Chairman of the Board for the Aerospace Village [@secureaerospace]On LinkedIn | https://www.linkedin.com/in/steveluczynski/On Twitter | https://twitter.com/cyberpilot22Henry Danielson, Adjunct Professor/Lecturer, Cal Poly College of Liberal Arts [@CalPolyCLA], Technical Advisor, California Polytechnic State University California Cybersecurity Institute [@CalPolyCCI], and Volunteer at Aerospace Village [@secureaerospace]On LinkedIn | https://www.linkedin.com/in/henry-danielson-43a61213/On Twitter | https://twitter.com/hdanielsonAt Cal Poly | https://cci.calpoly.edu/about-cci/staff____________________________Hosts:Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________This Episode's SponsorsBlackCloak | https://itspm.ag/itspbcweb____________________________Episode Notes"Discover the exciting world of the Aerospace Village at RSA Conference 2023, and dive into hands-on experiences with cybersecurity experts and cutting-edge technology." Welcome to ITSPmagazine's RSA Conference 2023 coverage, where we dive into the world of cybersecurity and engage with experts in a week full of fun and exciting activities. We're on the road to RSA Conference 2023 in San Francisco, and one event we can't miss is the Sandbox, specifically the Aerospace Village. In this podcast episode, we're joined by our good friends Steve Luczynski and Henry Danielson from the Aerospace Village to discuss what's in store for us at this year's conference.The Aerospace Village is a small nonprofit run by volunteers from around the world, aiming to build relationships between government, industry, security researchers, and hackers, inspire people to join the cybersecurity workforce, and promote awareness in the aviation and space sectors. This year, RSA Conference 2023 features a Sandbox where attendees can interact with the latest technical hands-on experiences, learn from experts, and explore what's happening in the cybersecurity world.In this episode, our guests discuss the various partners and activities in the Aerospace Village, such as CT Cubed's drone quadcopter simulation in AR and VR experience, IntelleGenesis's runway lighting scenario demonstration, and Boeing's continuous security level maintenance activity. You'll also get a chance to try out a real Airbus simulator, courtesy of pen test partners, to understand the potential vulnerabilities in electronic flight bags and their impact on pilot operations.Join us for an exciting, fun-filled week at RSA Conference 2023, where you can learn, network, and discover the latest trends in cybersecurity. Don't miss out on this unique opportunity to interact with experts, explore cutting-edge technologies, and immerse yourself in the world of aerospace cybersecurity. Be sure to listen, share, and subscribe to ITSPmagazine's podcast for more exciting episodes and insights from the RSA Conference 2023!____________________________ResourcesLearn more, explore the agenda, and register for RSA Conference: https://itspm.ag/rsa-cordbw____________________________Catch the video here: https://www.youtube.com/watch?v=Htvn7AkCJSsFor more RSAC Conference Coverage podcast and video episodes visit: https://www.itspmagazine.com/rsa-conference-usa-2023-rsac-san-francisco-usa-cybersecurity-event-coverageAre you interested in telling your story in connection with RSA Conference by sponsoring our coverage?
Control System Cyber Security Association International: (CS)²AI
Today, Derek Harp interviews Michael Schroeder, the Founder, CEO, and Director of OT, FRCS, and ICS Security at 3 Territory Solutions. Michael leads an organization that conceptualizes, develops, and implements cybersecurity standards and policies for Facility-Related Control Systems, Medical Devices, Industrial Control Systems, PIT and PIT Systems, Operational Technologies, and most generally, the Internet of Things. They are passionate, challenge the status quo, innovate, and fail forward.Michael was born and raised in Pittsburgh, Pennsylvania. He is a long-time contributor to the cybersecurity space. In the early years, he was a Chapter Board Member in the Washington DC Chapter of the Control System Cyber Security Association International. He is also a father, husband, entrepreneur, engineer, project manager, traveler, and race-car driver. He joins Derek today to discuss his education and career path, talk about what he does today, and offer advice for anyone considering a career in cybersecurity.Show highlights:Michael explains what drew him toward the discipline of engineering and why he decided to study mechanical engineering.Michael discusses what he did after graduating from Pennsylvania State University.How Michael jumped from engineering and working in construction to cybersecurity in 2015.Why should you leave jobs with professionalism and strive to keep the doors open?Michael explains why his stint working at a large company was so short.Michael shares his motivation for starting his own company and gets into the genesis process.How Michael chose the name 3 Territory Solutions.Michael shares some insight for entrepreneurs. How Michael built his career by taking advantage of opportunities as they presented themselves.Michael offers advice for people coming into the cybersecurity space.The role mentorship has played in Michael's career path.Links and resources:(CS)²AIMichael Schroeder on LinkedIn3 Territory Solutions
Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: 66: Become a Cybersecurity Entrepreneur with Michael SchroederPub date: 2023-01-24Today, Derek Harp interviews Michael Schroeder, the Founder, CEO, and Director of OT, FRCS, and ICS Security at 3 Territory Solutions. Michael leads an organization that conceptualizes, develops, and implements cybersecurity standards and policies for Facility-Related Control Systems, Medical Devices, Industrial Control Systems, PIT and PIT Systems, Operational Technologies, and most generally, the Internet of Things. They are passionate, challenge the status quo, innovate, and fail forward.Michael was born and raised in Pittsburgh, Pennsylvania. He is a long-time contributor to the cybersecurity space. In the early years, he was a Chapter Board Member in the Washington DC Chapter of the Control System Cyber Security Association International. He is also a father, husband, entrepreneur, engineer, project manager, traveler, and race-car driver. He joins Derek today to discuss his education and career path, talk about what he does today, and offer advice for anyone considering a career in cybersecurity.Show highlights:Michael explains what drew him toward the discipline of engineering and why he decided to study mechanical engineering.Michael discusses what he did after graduating from Pennsylvania State University.How Michael jumped from engineering and working in construction to cybersecurity in 2015.Why should you leave jobs with professionalism and strive to keep the doors open?Michael explains why his stint working at a large company was so short.Michael shares his motivation for starting his own company and gets into the genesis process.How Michael chose the name 3 Territory Solutions.Michael shares some insight for entrepreneurs. How Michael built his career by taking advantage of opportunities as they presented themselves.Michael offers advice for people coming into the cybersecurity space.The role mentorship has played in Michael's career path.Links and resources:(CS)²AIMichael Schroeder on LinkedIn3 Territory SolutionsMentioned in this episode:Our Sponsors:We'd like to thank our sponsors for their faithful support of this podcast. Without their support we would not be able to bring you this valuable content. We'd appreciate it if you would support these companies because they support us! Network Perception Waterfall Security Tripwire KPMG CyberJoin CS2AIJoin the largest organization for cybersecurity professionals. Membership has its benefits! We keep you up to date on the latest cybersecurity news and education. Preroll MembershipThe podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Hack the Plant (LS 32 · TOP 5% what is this?)Episode: Threats to Industrial Control SystemsPub date: 2022-11-07“What's been most concerning is the rise of wiper malware. Threat actors are no longer interested in hey we're going to lock up all of your data. We're going to encrypt everything and force you to pay a ransom and then maybe give you the decryption key. Now with wiper malware they're just completely wiping it. … This year there's been a total of 5 wiper malwares that has been targeting critical infrastructure. So I think everyone should be very aware of that.” -Roya Gordon For today's episode, I'm joined by Roya Gordon and Danielle Jablanski of Nozomi Networks, a firm that does inventory and situational awareness for operational technology industrial control systems. We discuss Nozomi's research, the key kinds of threat intelligence globally, and the kinds of regulation that are needed in today's landscape of emerging threats to critical infrastructure. What emerging kinds of cyber attacks are the most troublesome? Join us to learn more.The podcast and artwork embedded on this page are from Bryson Bort, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Schweitzer Drive (LS 34 · TOP 3% what is this?)Episode: Securing Industrial Control Systems Amid Increased RiskPub date: 2022-08-05Industrial control systems (ICSs) across industries have experienced increased security risk in the last decade, and those within the electric power system are no exception. In this episode, Dave Whitehead talks with ICS cybersecurity expert Dale Peterson about today's threat landscape and where ICS asset owners should focus their efforts to address this risk.The podcast and artwork embedded on this page are from Schweitzer Engineering Laboratories, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Industrial control systems (ICSs) across industries have experienced increased security risk in the last decade, and those within the electric power system are no exception. In this episode, Dave Whitehead talks with ICS cybersecurity expert Dale Peterson about today's threat landscape and where ICS asset owners should focus their efforts to address this risk.
Podcast: Cyber Security Matters, hosted by Dominic Vogel and Christian RedshawEpisode: Ep. 137: Understanding Operational Technology (w/ Danielle Jablanski, Nozomi Networks)Pub date: 2022-07-26On today's Cyber Security Matters episode, Dominic Vogel is joined by Danielle Jablanski, Operational Technology Strategist at Nozomi Networks. Danielle Jablanski is an OT cyber security strategist at Nozomi Networks, responsible for researching global cybersecurity topics and promoting operational technology (OT) and industrial control systems (ICS) cybersecurity awareness throughout the industry. She is also a nonresident fellow at the Cyber Statecraft Initiative of the Atlantic Council's Scowcroft Center for Strategy and Security. Nozomi Networks accelerate digital transformation by protecting the world's critical infrastructure, industrial and government organizations from cyber threats. Their solution delivers exceptional network and asset visibility, threat detection, and insights for OT and IoT environments. Customers rely on them to minimize risk and complexity, while maximizing operational resilience. During our conversation, we will discuss: -What Operational Technology and Industrial Control Systems are -The importance of investing in Operational Technology Security -How vulnerable Operational Technologies are -What protecting your Operational Technology looks like Want to connect with Danielle? Here are a couple of ways that you can do exactly that: -LinkedIn: @DanielleJablanski -Website: www.nozominetworks.comThe podcast and artwork embedded on this page are from Cyber.SC, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Hackers are targeting industrial systems with malware. On This Week in Enterprise Tech, Curt Franklin and Brian Chee discuss those threats and possible solutions. Subscribe and watch the full 'This Week in Enterprise Tech' podcast: https://twit.tv/twiet/503 Hosts: Louis Maresca, Brian Chee, and Curt Franklin You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/
Hackers are targeting industrial systems with malware. On This Week in Enterprise Tech, Curt Franklin and Brian Chee discuss those threats and possible solutions. Subscribe and watch the full 'This Week in Enterprise Tech' podcast: https://twit.tv/twiet/503 Hosts: Louis Maresca, Brian Chee, and Curt Franklin You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/
Hackers are targeting industrial systems with malware. On This Week in Enterprise Tech, Curt Franklin and Brian Chee discuss those threats and possible solutions. Subscribe and watch the full 'This Week in Enterprise Tech' podcast: https://twit.tv/twiet/503 Hosts: Louis Maresca, Brian Chee, and Curt Franklin You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/
Podcast: Aperture: A Claroty PodcastEpisode: Dan Gunter on Threat Hunting in Industrial Control SystemsPub date: 2022-07-18Insane Forensics CEO and founder Dan Gunter joins the Aperture podcast to discuss threat hunting approaches inside industrial control systems (ICS) and operational technology (OT) networks. Gunter describes how Shodan can be used to understand exposures within an industrial network and threats posed by trust relationships to the OT network. Gunter explains what asset operators and owners need in place to begin threat hunting, what they should be looking for, and how to use tools such as Shodan to their greatest effect. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Insane Forensics CEO and founder Dan Gunter joins the Aperture podcast to discuss threat hunting approaches inside industrial control systems (ICS) and operational technology (OT) networks. Gunter describes how Shodan can be used to understand exposures within an industrial network and threats posed by trust relationships to the OT network. Gunter explains what asset operators and owners need in place to begin threat hunting, what they should be looking for, and how to use tools such as Shodan to their greatest effect.
Operational technology supporting Industrial Control Systems challenges traditional operations management teams. To support modernization efforts, operators need visibility into their OT and ICS environments. Having this visibility helps them create upgrade paths of supporting hardware and software. More importantly this data helps them determine when devices have vulnerabilities that increase their environment risk posture and provides a path toward mitigation. This session, presented by Bill Musson, Advisory Solution Consultant, ServiceNow, provides an understanding of OT & ICS environments and how the ServiceNow platform in conjunction with our operational technology capabilities provides solutions which enable customers to operate efficiently and proactively manage their environments. See omnystudio.com/listener for privacy information.
Podcast: Control System Cyber Security Association International: (CS)²AIEpisode: 40: ICS Village and Why You Should Attend DefCon with Bryson Bort and Tom VanNormanPub date: 2022-05-31Today, we got a special episode to highlight a really neat initiative that's been in the works for awhile. My guests are Bryson Bort and Tom VanNorman.Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow with the Atlantic Council's Cyber Statecraft Initiative, the National Security Institute, and an Advisor to the Army Cyber Institute. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. He was recognized as one of the Top 50 in Cyber in 2020 by Business Insider.Tom leads the CyPhy Product group at GRIMM, where his primary focus is securing Industrial Control Systems and the networking of such systems. Tom brings an unparalleled level of operational knowledge and experience, as he has been working in the Operational Technology (OT) field for almost three decades. He also has considerable knowledge in constructing Cyber Physical testing environments for OT systems.Tom co-founded the ICS Village, a non-profit organization focused on Control System security and awareness. He is also retired from the Air National Guard, where he worked in Cyber Warfare Operations.ICS Village is holding Def Con 29, a 100% virtual event that takes place Aug 6th-8th. There are sessions and workshops covering all aspects of ICS. Show Highlights:How ICS Village was startedThe original 2 events - RSA and DefConGRIMM and their involvement in ICS VillageWhy no one was thinking about Industrial control systems before ICS VillageThe artwork that started it allAll of the events that ICS Village has throughout the yearHow the pandemic changed DefCon and the other ICS Village eventsThe birth of Hack the Plant PodcastCapture the Flag and what we can learn from itHighlights of DefCon Table Talks and other sessionsLinks:CS2AI.orgICS VillageDefCon Event happening Aug 6-8The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Control Loop: The OT Cybersecurity PodcastEpisode: Introducing Control Loop, the industrial cybersecurity podcast.Pub date: 2022-05-26Cybersecurity for Operational Technology and Industrial Control Systems.The Control Loop podcast, hosted by the CyberWire's Dave Bittner, investigates the latest threat intelligence, security strategies, and technologies that industry professionals rely on to safeguard civilization. Every two weeks, Dave analyzes the biggest stories in OT security with commentary from key industry leaders and operators. Each episode includes new guests who provide the insider's perspective on major threats and vulnerabilities, novel ideas and solutions, and critical training topics. Control Loop Episode 1 premieres on June 1st, 2022.Listen and subscribe to the podcast wherever you get your favorite shows and subscribe to the newsletter on the CyberWire website.The podcast and artwork embedded on this page are from CyberWire Inc., which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Control System Cyber Security Association International: (CS)²AI
Today, we've got a special episode to highlight a really neat initiative that's been in the works for awhile. My guests are Bryson Bort and Tom VanNorman. Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow with the Atlantic Council's Cyber Statecraft Initiative, the National Security Institute, and an Advisor to the Army Cyber Institute. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. He was recognized as one of the Top 50 in Cyber in 2020 by Business Insider. Tom leads the CyPhy Product group at GRIMM, where his primary focus is securing Industrial Control Systems and the networking of such systems. Tom brings an unparalleled level of operational knowledge and experience, as he has been working in the Operational Technology (OT) field for almost three decades. He also has considerable knowledge in constructing Cyber Physical testing environments for OT systems. Tom co-founded the ICS Village, a non-profit organization focused on Control System security and awareness. He is also retired from the Air National Guard, where he worked in Cyber Warfare Operations. ICS Village is holding Def Con 29, a 100% virtual event that takes place Aug 6th-8th. There are sessions and workshops covering all aspects of ICS. Show Highlights: How ICS Village was started The original 2 events - RSA and DefCon GRIMM and their involvement in ICS Village Why no one was thinking about Industrial control systems before ICS Village The artwork that started it all All of the events that ICS Village has throughout the year How the pandemic changed DefCon and the other ICS Village events The birth of Hack the Plant Podcast Capture the Flag and what we can learn from it Highlights of Def Con Table Talks and other sessions Links: https://cs2ai.org/ (CS2AI.org) https://www.icsvillage.com/ (ICS Village) https://www.icsvillage.com/schedule-def-con-29 (DefCon Event happening Aug 6-8) Mentioned in this episode: Our Sponsors: We'd like to thank our sponsors for their faithful support of this podcast. Without their support we would not be able to bring you this valuable content. We'd appreciate it if you would support these companies because they support us! Network Perception Waterfall Security Tripwire KPMG Cyber Join CS2AI Join the largest organization for cybersecurity professionals. Membership has its benefits! We keep you up to date on the latest cybersecurity news and education. https://cs2ai.captivate.fm/cs2ai (Preroll Membership)
Cybersecurity for Operational Technology and Industrial Control Systems. The Control Loop podcast, hosted by the CyberWire's Dave Bittner, investigates the latest threat intelligence, security strategies, and technologies that industry professionals rely on to safeguard civilization. Every two weeks, Dave analyzes the biggest stories in OT security with commentary from key industry leaders and operators. Each episode includes new guests who provide the insider's perspective on major threats and vulnerabilities, novel ideas and solutions, and critical training topics. Control Loop Episode 1 premieres on June 1st, 2022. Listen and subscribe to the podcast wherever you get your favorite shows and subscribe to the newsletter on the CyberWire website.
Cybersecurity for Operational Technology and Industrial Control Systems. The Control Loop podcast, hosted by the CyberWire's Dave Bittner, investigates the latest threat intelligence, security strategies, and technologies that industry professionals rely on to safeguard civilization. Every two weeks, Dave analyzes the biggest stories in OT security with commentary from key industry leaders and operators. Each episode includes new guests who provide the insider's perspective on major threats and vulnerabilities, novel ideas and solutions, and critical training topics. Control Loop Episode 1 premieres on June 1st, 2022. Listen and subscribe to the podcast wherever you get your favorite shows and subscribe to the newsletter on the CyberWire website.
Podcast: Control System Cyber Security Association International: (CS)²AIEpisode: 37: Engineers Should Consider a Cyber Security Career with Vivek PonnadaPub date: 2022-05-17Derek Harp is excited to have Vivek Ponnada, the Regional Sales Director for Nozomi Networks, joining him for another episode in the series on security leaders! Vivek was also a long-time contributor at GE.Vivek Ponnada has over 23 years of experience in Industrial Control Systems. He currently serves customers in Western Canada for Nozomi Networks with market-leading OT and IoT Security & Visibility solutions. He started his career in ICS as an Instrumentation Technician and then became a Controls Engineer and commissioned Gas Turbine Controls systems in Europe, Middle-East, Africa, and South-East Asia. During his career, Vivek has held multiple roles including Sales, Marketing & Business Development, and Services covering Control systems & Cybersecurity solutions for Critical Infrastructure (Power, Oil & Gas, Water, and Mining) industries at GE and ICI Electrical Engineering in North America. He is a co-lead for the Top 20 Secure PLC Coding Practices Project and his recent talks and contributions include ICS Village (DefCon 29), Industrial Security Conference in Copenhagen & several BSides. Vivek has a bachelor's degree in Electrical Engineering from I.E. India, an MBA from The University of Texas at Austin, and GICSP certification from GIAC. He is an active member of the Infosec community in Vancouver, BC as a Board Member for Mainland Advanced Research Society, Volunteers for ISACA, and is a member of the ISA.Vivek is a thoughtful and fun individual! He is an engineer, analyst, and finance guy! He is also a motorcycle enthusiast, an intermediate skier, and a husband! In this episode of the (CS)²AI Podcast, Vivek shares his backstory, discusses his education, and talks about his career trajectory. He also offers gold nuggets of advice for engineers with an interest in cyber security.This is one show you will not want to miss- particularly if you are an engineer considering moving into the field of cyber security. Stay tuned for more!Show highlights:Vivek grew up in South India. He became an engineer and developed skills in control systems long before he became a cybersecurity guy. (1:50)The first job Vivek remembers doing was helping someone with gardening when he was seven or eight years old. (2:98)When Vivek graduated from high school, he was in a technical program. So he was already in an electronics and communication phase. (4:10)Vivek studied his engineering undergrad part-time because he was also working full-time. It all worked out well because the work he was doing and his studies were all connected. (4:43)He enjoyed learning how to connect his work-life with his education organically. (6:25)Vivek discusses his twenty-year history with GE. (7:10)Security is a discipline that is a constant learning process. (12:26)Some helpful advice for engineers who have an interest in cyber security, but don't know where to start or how to break into the field. (14:52)Vivek talks about the career challenges he faced at GE and how he navigated them. (19:00)Two things that most engineers tend to struggle with. (21:01)Vivek jumped around in his career path, so he never had a mentor. He had some excellent coaches and managers, however. (23:17)People in the cybersecurity community are always open to advising and helping one another. (25:14)How sales came into Vivek's career journey. (27:09)Vivek talks about the Top 20 Secure PLC Coding Practices Project to which he is contributing. (30:40)It is always good to have a plan for the next few years. (32:57)Vivek shares his recommendations for career choices in the field of cyber security. (39:13)The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Control System Cyber Security Association International: (CS)²AI
Derek Harp is excited to have Vivek Ponnada, the Regional Sales Director for Nozomi Networks, joining him for another episode in the series on security leaders! Vivek was also a long-time contributor at GE. Vivek Ponnada has over 23 years of experience in Industrial Control Systems. He currently serves customers in Western Canada for Nozomi Networks with market-leading OT and IoT Security & Visibility solutions. He started his career in ICS as an Instrumentation Technician and then became a Controls Engineer and commissioned Gas Turbine Controls systems in Europe, Middle-East, Africa, and South-East Asia. During his career, Vivek has held multiple roles including Sales, Marketing & Business Development, and Services covering Control systems & Cybersecurity solutions for Critical Infrastructure (Power, Oil & Gas, Water, and Mining) industries at GE and ICI Electrical Engineering in North America. He is a co-lead for the Top 20 Secure PLC Coding Practices Project and his recent talks and contributions include ICS Village (DefCon 29), Industrial Security Conference in Copenhagen & several BSides. Vivek has a bachelor's degree in Electrical Engineering from I.E. India, an MBA from The University of Texas at Austin, and GICSP certification from GIAC. He is an active member of the Infosec community in Vancouver, BC as a Board Member for Mainland Advanced Research Society, Volunteers for ISACA, and is a member of the ISA. Vivek is a thoughtful and fun individual! He is an engineer, analyst, and finance guy! He is also a motorcycle enthusiast, an intermediate skier, and a husband! In this episode of the (CS)²AI Podcast, Vivek shares his backstory, discusses his education, and talks about his career trajectory. He also offers gold nuggets of advice for engineers with an interest in cyber security. This is one show you will not want to miss- particularly if you are an engineer considering moving into the field of cyber security. Stay tuned for more! Show highlights: Vivek grew up in South India. He became an engineer and developed skills in control systems long before he became a cybersecurity guy. (1:50) The first job Vivek remembers doing was helping someone with gardening when he was seven or eight years old. (2:98) When Vivek graduated from high school, he was in a technical program. So he was already in an electronics and communication phase. (4:10) Vivek studied his engineering undergrad part-time because he was also working full-time. It all worked out well because the work he was doing and his studies were all connected. (4:43) He enjoyed learning how to connect his work-life with his education organically. (6:25) Vivek discusses his twenty-year history with GE. (7:10) Security is a discipline that is a constant learning process. (12:26) Some helpful advice for engineers who have an interest in cyber security, but don't know where to start or how to break into the field. (14:52) Vivek talks about the career challenges he faced at GE and how he navigated them. (19:00) Two things that most engineers tend to struggle with. (21:01) Vivek jumped around in his career path, so he never had a mentor. He had some excellent coaches and managers, however. (23:17) People in the cybersecurity community are always open to advising and helping one another. (25:14) How sales came into Vivek's career journey. (27:09) Vivek talks about the Top 20 Secure PLC Coding Practices Project to which he is contributing. (30:40) It is always good to have a plan for the next few years. (32:57) Vivek shares his recommendations for career choices in the field of cyber security. (39:13) Links: https://www.cs2ai.org/ ((CS)²AI) https://www.linkedin.com/in/1ot/?originalSubdomain=ca (Vivek Ponnada on LinkedIn) https://www.nozominetworks.com/ (Nozomi Networks) https://gca.isa.org/blog/the-top-20-secure-plc-coding-practices-project (Top 20 Secure PLC Coding Practices Project) Mentioned in this...
Can criminal hackers shut down a city's electrical grid? Well, nothing's impossible. But how might it actually happen? And how might we defend ourselves? Tom Van Norman, co-founder of the ICS Village, joins The Hacker Mind to share the group's upcoming plans for RSAC and DEF CON, where they will again present present virtual scenarios and hands on physical models of industrial control systems in order to expose hackers to their inner workings and to provide them with best practices to prevent potential threats to health, life, and safety.
The malware toolkit, known as Pipedream, is perhaps the most versatile tool ever made to target critical infrastructure like power grids and oil refineries.
The malware toolkit, known as Pipedream, is perhaps the most versatile tool ever made to target critical infrastructure like power grids and oil refineries.