Podcasts about it ot

GlobalLogic Inc., a Hitachi Group Company and leader in digital engineering, has released a new report, in partnership with HFS Research, that highlights insights into how industrial enterprises are managing AI adoption, sustainability transitions, and workforce transformation. The research reveals that despite executive ambitions, 51% of organisations cite skills gaps as the primary reason AI and advanced technology initiatives fail or underperform. The research, which surveyed more than 100 C-level and senior executives from $1 billion+ industrial firms across automotive, aerospace, chemicals, energy and utilities, and construction, highlights a clear challenge: while leaders acknowledge the urgency of AI, sustainability, and talent transformations, a fundamental misalignment between present priorities and future expectations is halting innovation. "We undertook this research to understand why industrial leaders see AI, sustainability, and talent as top priorities yet struggle to turn them into measurable results," said Srini Shankar, President and CEO at GlobalLogic. "We found many are trying to deploy advanced technologies without the talent, the clear AI governance frameworks, and without transition plans that link today's efficiency pressures to tomorrow's strategic goals. As onshoring accelerates in the United States, leaders face rising domestic demand but scarce and costly specialised talent. "At GlobalLogic, we're moving beyond experimentation to deliver AI-driven industrial ecosystems that create measurable value today. By combining our deep heritage in embedded systems, Edge AI, IT-OT convergence, OT cybersecurity, Industrial IoT, and next-generation connectivity, such as 5G/6G, GlobalLogic delivers the core capabilities industrial clients need to advance their Physical AI journeys. "When combined with Hitachi's proven OT and product excellence, we are empowering organisations to modernise faster, operate smarter, and accelerate their transformation across sustainability, productivity, and talent. Together with our industrial clients, we are advancing next-generation capabilities in servitisation, digital twins, industrial automation, predictive maintenance, and frontline worker productivity and safety - helping them unlock new revenue models while driving meaningful gains in operational efficiency and performance." Key Findings from the Report: The study reveals that industrial enterprises are trapped between ambition and capability, lacking the talent, frameworks, and integration strategies to execute on generational transitions: Upskilling Becomes the New Imperative: While 51% of companies say skills gaps hinder AI and advanced technology initiatives, half lack structured upskilling programs, and 42% struggle to find digital and AI talent. As seasoned workers retire and fewer new candidates enter traditional roles, industrial leaders are turning to agentic AI and sustainability-driven innovation to bridge the divide. Legacy Systems Create Technical Debt & Block Progress: Legacy systems create technical debt and are a clear sign of limited readiness to support the new, 'intelligent,' connected operating models required for technologies like agentic AI. Nearly half (49%) identify integrating new technologies with legacy systems as their greatest barrier to deploying advanced digital technologies. Priorities Shift to AI: Nearly half (46%) of executives currently prioritise reducing operational costs in their top three priorities, but research shows that in 2 years, AI adoption and operational optimisation will take top spot in priorities. Industry Seen as Career Dead-End: 58% believe talent sees limited career mobility in the manufacturing sector, 48% cite lack of innovation perception, and 46% acknowledge underpaying compared to other sectors - fueling a deepening talent crisis. "Industry executives must immediately embed their sustainability, talent, and technology transitions in both strategy and daily operat...

Podcast: Exploited: The Cyber Truth Episode: Smarter Vulnerability Management in OT Systems: Building ResiliencePub date: 2025-11-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAs OT environments face rising geopolitical tensions, ransomware threats, and aging infrastructure, vulnerability management has never been more complex. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Stuxnet expert Ralph Langner, Founder and CEO of Langner, Inc. Ralph shares from his decades of firsthand experience defending industrial control systems and explains why traditional CVE-focused vulnerability management falls short in OT. He breaks down the three major categories of OT vulnerabilities—design flaws, feature abuse, and configuration errors—and reveals why competent attackers often ignore CVEs entirely. Joe highlights how memory-based vulnerabilities continue to threaten critical systems and why eliminating entire vulnerability classes can create an asymmetric advantage for defenders. Together, Ralph and Joe explore: Why most OT equipment remains insecure by design and why replacement will take decadesHow features, not bugs, often become the real attack vectorThe growing role of ransomware and IT-side weaknesses in OT compromisesPractical steps OT defenders can take today to incrementally improve resilienceThe value of class-level protections, better architectures, and secure development processes Whether you secure energy infrastructure, manufacturing systems, or mixed IT/OT networks, this episode delivers experience-driven guidance for strengthening cyber-physical resilience.The podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Industrial Cybersecurity InsiderEpisode: When IT Security Meets OT Reality: Why One Size Doesn't Fit AllPub date: 2025-11-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhat happens when IT cybersecurity practices collide with OT operational realities? In this episode, Jim and Dino expose the costly mistakes organizations make when applying IT security playbooks to manufacturing environments.Discover why zero trust architectures can halt production, how shadow IT thrives on every plant floor, and why remote access policies designed for corporate networks fail in industrial settings. Learn the critical importance of OT-tailored asset inventories, the need for IT/OT collaboration, and why digital safety must be treated with the same urgency as physical safety.If you're struggling to bridge the gap between IT security mandates and OT operational needs—or if you've ever watched a well-intentioned security policy bring production to a halt—this episode is your roadmap to getting it right.Chapters:(00:00:00) - Introduction and Episode Overview(00:01:19) - IT vs OT Security Mindsets(00:02:03) - Zero Trust Challenges in OT Environments(00:05:12) - Remote Access and Change Management Conflicts(00:09:00) - Who Should Learn from Whom: IT or OT?(00:10:23) - Asset Inventory: What OT Engineers Don't Know(00:15:00) - Process Integrity and Operational Value(00:21:57) - Shadow IT: The Backdoors Nobody Talks About(00:26:00) - Designing Security Into New Equipment(00:28:00) - Digital Safety vs Physical SafetyLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInJim Cook on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Episode 188 is a conversation with Brad Bonavida and Rosy Khalife from Nexus Labs, as well as James Coleman from Princeton University. In this episode of the Nexus Podcast, the Nexus Labs team breaks down the top stories relevant to energy managers, facility managers, IT/OT managers, and workplace managers.Find full show notes and episode transcript on The Nexus Podcast: Episode 188 webpage.Sign-up (or refer a friend!) to the Nexus Newsletter.Learn more about The Smart Building Strategist Course and the Nexus Courses Platform.Check out the Nexus Labs Marketplace.Learn more about Nexus Partnership Opportunities.

Podcast: Industrial Cybersecurity InsiderEpisode: Dispelling IT/OT Convergence Challenges and MythsPub date: 2025-10-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Craig and Dino tackle IT/OT convergence, operational technology security, and manufacturing cybersecurity challenges head-on. They challenge the notion of OT being a "shadow IT group" and explore the fundamental differences between IT and OT operations in industrial environments. The discussion emphasizes that OT focuses on safety and physical outcomes, while IT prioritizes data security. They stress the importance of collaboration between IT and OT teams, highlighting how system integrators, OEMs, and plant operators must work together to improve cybersecurity posture. The conversation covers practical issues like Overall Equipment Effectiveness (OEE), incident response, and the need for proper funding and governance. Both advocate for CISOs and CIOs to actively engage with OT teams and system integrators, visit manufacturing facilities, and understand the unique challenges of industrial control systems to achieve true convergence and protect manufacturing plants and critical infrastructure.Chapters:00:00:00 - Opening Shot: Who's Really in Charge—CIOs or the Plant Floor?00:00:57 - Collision Course: IT and OT Can't Keep Dodging Each Other00:01:52 - Two Worlds, One Mission: Why OT Isn't Just “IT in a Hard Hat”00:04:07 - When Convergence Fails: What's Missing in the Middle00:05:54 - Breaking Silos: Why Cybersecurity Demands True Collaboration00:08:22 - Real Talk: What Cyber Protection Looks Like on the Plant Floor00:10:46 - OT's Tipping Point: Will the Next Move Come from IT, or the Shop Floor?00:17:32 - Your Move: What Leaders Must Do Next (Before It's Too Late)Links And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

At Automate 2025, Vlad and Dave take Manufacturing Hub inside the Siemens booth to explore how one of the world's largest industrial technology companies is shaping the future of manufacturing. From the latest S7-1200 G2 PLC to industrial copilots powered by AI, digital twins that simulate entire factories, and virtual PLCs redefining automation, this episode is packed with insights from Siemens leaders and engineers.In this conversation series, we uncover the evolution of hardware, software, and data-driven manufacturing with experts including Chris Stevens and Anna-Marie Breu on customer experience and digital twins, Bernd Raithel on software-defined automation and IT/OT convergence, Louis Narvaez on the next-generation S7-1200 G2 PLC, Kristen Sanderson on Industrial Copilot and AI agents, Sarah McGee on Sematic AX and modern PLC programming, Kevin Wu on Pick AI Pro, Ivan Hernandez on the G220 drives, and cybersecurity specialists Tilo and Gaurav on securing industrial networks.Throughout the episode, Vlad and Dave discuss how Siemens is transforming plant operations through tools that connect the physical and digital worlds. Topics include co-pilots for engineering and operations, lifecycle management, virtual commissioning, edge computing, harmonics and clean power, and the convergence of IT and OT teams.This conversation is a must-watch for engineers, integrators, plant managers, and decision-makers looking to understand how software-defined automation, AI, and digital twin technologies are merging to create resilient, data-driven factories.Timestamps:00:00 Siemens at Automate 2025 introduction02:45 Defining manufacturing resilience and digital twins09:32 Virtual commissioning and collaborative engineering environments15:10 Adoption of digital twins in small and medium manufacturers22:35 Co-pilots and natural language interaction in industrial systems30:28 Automation lifecycle management and version control for PLCs36:55 Virtual PLCs, software-defined automation, and IT/OT collaboration46:40 The new Siemens S7-1200 G2 PLC and migration from G157:20 AI copilots, agents, and secure Siemens cloud infrastructure1:08:05 Somatic AX and modern PLC programming for new engineers1:17:25 Pick AI Pro and real-world robotic vision applications1:29:10 G220 drives and clean power innovations1:35:45 Industrial cybersecurity and vulnerability management1:43:00 Cinemeric Run My Robot and CNC-robot collaboration1:50:20 Final reflections on Siemens innovation and future trendsReferences Mentioned:Siemens Digital IndustriesSiemens Industrial Edge Developer KitS7-1200 G2 InformationSematic AXIndustrial CopilotCinematic Run My RobotPick AI ProSiemens G220 DrivesCybersecurity SolutionsManufacturing HubModern Plant Network Requirements: Building Reliable and Connected OT Systems for ManufacturingAbout the Hosts:Vlad Romanov is an electrical engineer and manufacturing systems consultant with over a decade of experience modernizing plants and integrating SCADA, MES, and automation systems. He is the founder of Joltek and co-founder of SolisPLC, creating content that educates professionals in industrial automation.Dave Griffith is a manufacturing consultant and co-host of the Manufacturing Hub podcast, helping manufacturers navigate digital transformation, technology adoption, and operational excellence.

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: OT Cybersecurity Wake-Up Call: How Airports and Power Grids Expose the Gaps We Can't IgnorePub date: 2025-10-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this solo episode of Protect It All, host Aaron Crow delivers a straight-talk reality check on the widening IT–OT cybersecurity gap and what it really takes to protect the systems that keep the world running. With decades of experience defending critical infrastructure, Aaron exposes why many OT environments are still years behind in resilience and visibility - and how we can finally fix that. You'll learn: The real incidents prove why OT cybersecurity can't afford to lag. Why visibility and segmentation are non-negotiable for industrial systems. How to build an incident-response plan that works when the stakes are highest. Practical steps to strengthen resilience and recovery across critical operations. This episode isn't about fear - it's about preparation. If your work touches energy, transportation, manufacturing, or utilities, this one's your wake-up call to act before disaster hits. Listen now and learn how to protect what truly keeps our world moving - only on Protect It All. Key Moments: 05:06 "Real Risks of Critical Disruptions" 06:16 Redefining OT System Boundaries 11:42 Troubleshooting Unknown System Issues 14:09 "Secure Remote Access Best Practices" 18:28 "Planning for Worst-Case Scenarios" 19:36 Critical Infrastructure Under Cyber Threat   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4  The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Episode 187 is a conversation with James Dice and Rosy Khalife from Nexus Labs, as well as April Yi from CBRE. In this episode of the Nexus Podcast, the Nexus Labs team breaks down the top stories relevant to energy managers, facility managers, IT/OT managers, and workplace managers.Find full show notes and episode transcript on The Nexus Podcast: Episode 187 webpage.Sign-up (or refer a friend!) to the Nexus Newsletter.Learn more about The Smart Building Strategist Course and the Nexus Courses Platform.Check out the Nexus Labs Marketplace.Learn more about Nexus Partnership Opportunities.

You don't need to be rich or a finance expert to start investing — you just need a clear, step-by-step path. In this episode, I'll walk you through exactly how to open a Webull account, choose your first ETF (VOO, SPY, SCHB, ITOT), and make your first investment — even if you're starting from scratch.You'll learn: ✅ How ETFs work (and why they're the simplest way to own hundreds of companies) ✅ The exact buttons to press inside Webull to fund and buy your first investment ✅ How to build a habit that grows wealth automatically over timeNo jargon. No over-hype. Just real-world steps anyone can follow.Start your investing journey today — use my Webull affiliate link below to get the best deal and kick-start your portfolio:

Podcast: Industrial Cybersecurity InsiderEpisode: Hidden Cybersecurity Vulnerabilities in Today's Data CentersPub date: 2025-10-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Scott Cargill, Partner of BW Design Group, joins Craig and Dino. Together they dissect the critical vulnerability gap in data center operational technology infrastructure. While most data centers implement robust IT security protocols, their building management systems controlling cooling, power distribution, and environmental controls remain significantly under-protected. Cargill provides technical analysis of how the rapid expansion of data center capacity for AI workloads has outpaced OT security implementation, creating exploitable attack vectors where minutes of system compromise could cascade into millions in equipment damage and service disruption. Through evidence-based examination and industry insights, this episode offers CISOs and OT security professionals a practical framework for addressing the IT-OT security convergence challenge in mission-critical facilities.They offer actionable strategies for vulnerability assessment, segmentation, and defense-in-depth implementation.Chapters:- 00:00:00 - Meet Scott Cargill of BW Design Group- 00:02:30 - Data centers expanding for AI- 00:04:40 - Critical BMS vulnerabilities being ignored- 00:07:40 - Alarming OT security reality- 00:09:40 - Why OT security remains deprioritized- 00:12:10 - IT-OT security convergence challenges persist- 00:16:35 - Manufacturing parallels to data centers- 00:20:10 - Security solutions evolution underway- 00:21:45 - Managed services necessity for OT- 00:24:42 - Thought leadership driving industry standardsLinks and Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityScott Cargill on LinkedInDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Why “One Size Fits All” Fails in OT Cybersecurity: Real-World Fixes for IT–OT GapsPub date: 2025-10-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT cybersecurity isn't about installing more firewalls - it's about adapting your entire mindset. In this episode of Protect It All, host Aaron Crow breaks down why IT security tools often fall short in industrial environments and what it really takes to protect operational systems. Drawing from 25+ years of hands-on experience, Aaron explores the differences between IT and OT priorities, why “silver bullet” solutions don't exist, and how to build defense-in-depth strategies that actually work on the plant floor. You'll discover: Why IT tools struggle in OT environments - and where they can help. How to balance availability, safety, and security in critical systems. Practical ways to manage legacy hardware, vendor dependencies, and remote access. The key to uniting IT and OT teams for stronger resilience. If you're navigating the evolving world of industrial cybersecurity, this episode will change how you think about tools, processes, and protection. Tune in to learn how to bridge the IT–OT divide and build a smarter, safer security culture. Key Moments: 03:31 "Adapting IT Products for OT Use" 08:53 IT and OT Crossover Tools 11:05 Balancing OT Risk in Cybersecurity 13:37 Cybersecurity and Remote Secure Access 18:25 Designing Resilient, Independent Systems 21:40 Unified Cybersecurity Through Training & Collaboration 24:24 "IT and OT Integration Challenges" Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Get a firsthand look into the heart of Australian manufacturing as hosts Phil Seboa and Ed Fuentes sit down with Shane Williams and Paul Mason, two prominent voices from the Manufacturing Tech Australia Podcast. This episode examines the practical sides of digital transformation—beyond the buzzwords—to the real drivers, pain points, and breakthrough strategies shaping factories across the country.Listen in as the group compares IT and OT perspectives, highlights the evolving role of data, addresses challenges with legacy systems, and discusses how Australian businesses are tackling integration, culture, and rapid technological change. Candid stories from the plant floor meet sharp industry analysis, making this an essential listen for anyone invested in the future of manufacturing, automation, and technology adoption in Australia.Topics include:Continuous improvement vs. digital transformationThe value of real-time data and integration of old and new techBreaking down IT/OT silos through collaborationThe impact of AI and machine learning on manufacturing processesShifting business models—from selling products to selling servicesTips for setting a strong strategy and finding quick winsListen to the Manufacturing Tech Australia Podcast:https://open.spotify.com/show/6Gzc6XBnjTP0WRw9g891IPConnect with Shane on LinkedIn:https://www.linkedin.com/in/shanewilliamsau/Connect with Paul on LinkedIn:https://www.linkedin.com/in/pdmason/Connect with Phil on LinkedIn:https://www.linkedin.com/in/phil-seboa/Connect with Ed on LinkedIn: https://www.linkedin.com/in/ed-fuentes-2046121a/----------------About Industry Sage Media:Industry Sage Media is your backstage pass to industry experts and the conversations that are shaping the future of the manufacturing industry.Learn more at: http://www.industrysagemedia.com

Send us a textWhen talking to the experts and leading authorities that have participated in the 140+ episodes of Security Breach, there's always a slight pause when directing their attention specifically to the industrial sector. That's because, well, we're special. There's the unique juxtaposition of old and bleeding edge technology. There's the influx of greater connectivity combatting the struggles to identify and secure the growing number of endpoints. And there are the ongoing battles related to secure-by-design responsibilities, cloud networks and the ever popular building and breaking down of IT/OT silos. The good news is that we're getting better. Better at identifying the problems and better at elevating solutions from some of the sharpest minds in the sector. And we're fortunate to be able share these insights from an incredible collective on today's episode.Watch/listen as Max Clausen, senior VP of Network Connectivity at Zayo, John Carse, Field CISO at SquareX, Sophos' Chester Wisniewski and ExtraHop's Chad Lemaire tackle topics that include:VisibilitySecure-by-DesignArtificial IntelligenceIT/OT SilosPatchingLOTL and Phishing AttacksNon-standard OT ArchitectureAs a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Inspiring Tech Leaders - The Technology PodcastInterviews with Tech Leaders and insights on the latest emerging technology trends.Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com.

Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 72: Does a CISSP Certification Make Sense For OT?Pub date: 2025-09-30Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCertification exams increasingly reflect the IT OT convergence, acknowledging that many protections apply across both domains requiring holistic security approaches rather than siloed solutions. John France, CISO at ISC2, explains that as threats grow more complex, certifications, continuous learning, and diverse skills are essential to building a resilient global workforce.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Certification exams increasingly reflect the IT OT convergence, acknowledging that many protections apply across both domains requiring holistic security approaches rather than siloed solutions. John France, CISO at ISC2, explains that as threats grow more complex, certifications, continuous learning, and diverse skills are essential to building a resilient global workforce.

Podcast: Industrial Cybersecurity InsiderEpisode: Mitsubishi's Billion-Dollar Bet on OT Cybersecurity with Nozomi AcquisitionPub date: 2025-09-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationHosts Craig and Dino discuss Mitsubishi's billion-dollar acquisition of Nozomi Networks and its implications for operational technology cybersecurity. They address how this major deal affects the industrial security market.The conversation covers IT/OT convergence challenges, managed services, vendor partnerships, and AI in cybersecurity decision-making. Craig and Dino share practical insights for security leaders and engineering professionals working in industrial environments.Topics covered: • Why Mitsubishi made this $1B investment • How this affects choosing security vendors • The growing role of managed services in OT security • What organizations should do to prepare for changesFor cybersecurity professionals, industrial engineers, and executives working with operational technology and cyber defense.Chapters:00:00:00 - Welcome to Industrial Cybersecurity Insider Podcast00:01:26 - A Trend of Cybersecurity Platform Acquisitions00:02:03 - The "Cyber-Informed Engineering" Play00:02:52 - Market Impact: Setting a Billion-Dollar Bar for Competitors00:05:06 - A Lack of Expertise and Resources00:05:48 - The Challenge of Building an In-House Team vs. Using Managed Services00:07:40 - Embedding Security Directly into Hardware Controllers00:09:33 - How Competitors Like Rockwell Might React00:10:00 - IPO or Acquisition?00:14:42 - The On-Prem vs. Cloud Debate in Manufacturing Environments00:16:50 - 87% of Organizations Are Lagging in Cybersecurity Maturity00:17:20 - The IT/OT Resource and Knowledge Gap00:18:54 - The Need for CIOs to Partner with OT Systems Integrators00:21:25 - The "OnStar" Model for Industrial Security00:22:15 - The Reality of Vendor Lock-In and Warranty Issues00:24:14 - OT Needs to Own Its Cybersecurity Strategy00:25:12 - The Risk of Underutilized Security ToolsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode we explain how IT/OT convergence, the need for digital thread traceability and agentic AI have extended MES software beyond its production tracking roots and are putting it at the core of industry's digital transformation. Insights from Luigi de Bernardini, CEO of system integrator Autoware, and Francisco Almada Lobo, CEO of Critical Manufacturing, explain why and how this is happening and what manufacturers should be doing in response.

Podcast: Industrial Cybersecurity InsiderEpisode: Responsibility Without Authority: The CISO's Industrial Cybersecurity DilemmaPub date: 2025-09-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Craig and Dino address one of the most pressing challenges in industrial cybersecurity: the gap between responsibility and authority for CISOs and their ability to protect manufacturing and critical infrastructure plant floors. While executives are tasked with ensuring resilience and reporting to the board, they often hit resistance at the plant floor where production uptime and safety KPIs take priority. The conversation explores IT/OT convergence, asset visibility blind spots, OEM restrictions, and the risks of relying on remote-only deployments. With insights from decades of hands-on experience in industrial environments, Craig and Dino outline practical steps for building bridges between IT and OT, aligning financial risk with security strategy, and equipping CISOs with the authority they need to succeed.Chapters:00:00:00 - Welcome to the Industrial Cybersecurity Insider Podcast00:01:11 - The CISO's Core Conflict of Responsibility Without Authority00:02:45 - Why Security Efforts Get "Kneecapped at the Front Door"00:04:04 - Understanding the OT Environment and Its Unique Technology00:05:36 - Building Bridges Between IT and OT as the Solution00:07:44 - Overcoming OT's "Skittish" Resistance to IT00:09:43 - The Scaling Problem of Too Few Engineers for Too Many Plants00:10:57 - Why a Remote-First Approach Fails in Manufacturing00:14:44 - The "Epiphany" of Uncovering Operational Benefits for OT Teams00:17:24 - Navigating OEM Warranties and Equipment Restrictions00:19:14 - The "Trust but Verify" Mandate for a CISO00:20:56 - The Danger of Hidden Networks and the "Air Gap" Myth00:23:16 - Speaking the Language of Business in Dollars and Cents00:24:43 - Aligning Security with the Plant's Capital Master Plan00:27:24 - How Company Ownership Affects Security Investment00:28:16 - How to Give the CISO Real AuthorityLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Episode 186 is a conversation with Brad Bonavida and James Dice from Nexus Labs, as well as Leslie Beu from Clockworks Analytics and Reed Powell from MacDonald-Miller Facility Solutions. In this episode of the Nexus Podcast, the Nexus Labs team breaks down the top stories relevant to energy managers, facility managers, IT/OT managers, and workplace managers.Find full show notes and episode transcript on The Nexus Podcast: Episode 186 webpage.Sign-up (or refer a friend!) to the Nexus Newsletter.Learn more about The Smart Building Strategist Course and the Nexus Courses Platform.Check out the Nexus Labs Marketplace.Learn more about Nexus Partnership Opportunities.

Salt Typhoon marks China's most ambitious campaign yet. A major Google outage hit Southeastern Europe.  A critical zero-day flaw in FreePBX gets patched. Scattered Lapsus$ Hunters claim the Jaguar Land Rover hack. Researchers uncover a major evolution in the XWorm backdoor campaign. GhostRedirector is a new China-aligned threat actor. CISA adds a pair of TP-Link router flaws to its Known Exploited Vulnerabilities (KEV) catalog. The feds put a $10 million bounty on three Russian FSB officers. Experts warn sweeping cuts to ODNI could cripple U.S. cyber defense. Our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation, discussing IT/OT convergence in securing critical water and wastewater systems. Google says rumors of Gmail's breach are greatly exaggerated. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire Guest Today our guest is Rick Kaun, Global Director of Cybersecurity Services at Rockwell Automation, who is talking about "IT/OT Convergence for Critical Water & Wastewater Security." Selected Reading ‘Unrestrained' Chinese Cyberattackers May Have Stolen Data From Almost Every American (The New York Times) Google Down in Eastern Europe (UPDATED) (Novinite Sofia News Agency) Sangoma Patches Critical Zero-Day Exploited to Hack FreePBX Servers (SecurityWeek) M&S hackers claim to be behind Jaguar Land Rover cyber attack (BBC) XWorm's Evolving Infection Chain: From Predictable to Deceptive (Trellix) GhostRedirector poisons Windows servers: Backdoors with a side of Potatoes (welivesecurity by ESET) CISA Flags TP-Link Router Flaws CVE-2023-50224 and CVE-2025-9377 as Actively Exploited (The Cyber Security News)  US offers $10 million bounty for info on Russian FSB hackers (Bleeping Computer) Cutting Cyber Intelligence Undermines National Security (FDD) No, Google did not warn 2.5 billion Gmail users to reset passwords (Bleeping Computer) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Episode 185 is a conversation with Brad Bonavida, Rosy Khalife, and Ainsley Muller from Nexus Labs. In this episode of the Nexus Podcast, the Nexus Labs team breaks down the top stories relevant to energy managers, facility managers, IT/OT managers, and workplace managers.Find full show notes and episode transcript on The Nexus Podcast: Episode 185 webpage.Sign-up (or refer a friend!) to the Nexus Newsletter.Learn more about The Smart Building Strategist Course and the Nexus Courses Platform.Check out the Nexus Labs Marketplace.Learn more about Nexus Partnership Opportunities.

In this episode of Manufacturing Hub, Vlad and Dave take a deep dive into one of the most critical yet often overlooked aspects of modern manufacturing: network and systems architecture. Too often manufacturers focus on SCADA, MES, and control layers without recognizing that the architecture beneath them is the foundation that determines whether a facility can scale, connect new equipment, and maintain reliability. Architecture touches everything from plant floor PLCs and HMIs to edge devices, managed switches, firewalls, historians, and enterprise-level systems.We begin the conversation by unpacking what “architecture” actually means in manufacturing environments. Is it the hardware, switches, and cables? Is it the way new machines are integrated into existing plants? Or is it the broader strategy of ensuring that data, safety, and scalability are protected? The answer, as both Vlad and Dave explain, is that it is all of these at once.Throughout the discussion, we explore real-world stories where poor architectural decisions led to unplanned downtime, cybersecurity risks, or expensive rework. Vlad shares an example of a palletizer brought online with unmanaged switches and insecure remote access hardware that nearly crippled production until it was properly segmented. Dave recalls his own field experiences, including unusual setups where integrators resorted to improvised remote troubleshooting, highlighting just how creative but fragile some solutions can be.The episode also looks at the evolution of remote access. From the early days of Ewon boxes to modern expectations of secure VPNs, jump boxes, and approved engineering workstations, we discuss what role remote connectivity should play in today's manufacturing environment. While these solutions can reduce travel time and speed up support, they can just as easily introduce vulnerabilities and trust issues if not carefully managed.From there we move into the technical tradeoffs of device level ring versus star topologies. Vlad explains why he often prefers device level ring to save costs and simplify troubleshooting, while Dave weighs in on the importance of pre-molded cables, managed switches, and long-term maintainability. We also analyze example architectures from Rockwell white papers, pointing out where diagrams align with field best practices and where they differ from what engineers often see in real facilities.Finally, we broaden the perspective by comparing greenfield and brownfield deployments. Greenfield projects allow prime contractors and consultants to design standards up front, but most facilities live in brownfield reality where years of technical debt, unmanaged switches, and ad hoc networks make improvements harder. We also touch on how architecture differs by industry, whether in food and beverage, pharmaceuticals, oil and gas, or distributed environments such as trains or pipelines.The conversation closes with predictions, career advice, and resource recommendations. Vlad stresses that CCNA is still one of the best starting points for engineers who want to understand industrial networking fundamentals, and Dave emphasizes the importance of asking the right questions and learning from experienced peers. Both agree that demand for data, combined with the rise of AI, will continue to stress legacy networks until companies recognize the need for robust, standards-driven architectures.If you work in automation, engineering, IT, or plant management, this episode will give you perspective on why network architecture is not just a technical afterthought but a strategic enabler of digital transformation.Timestamps 00:00 Introduction and community updates 02:30 Defining architecture in manufacturing 05:00 Why networks are the backbone of manufacturing systems 08:00 A real-world palletizer story and the risks of unmanaged switches 14:00 The rise and pitfalls of remote access devices 18:30 Field story of unconventional remote troubleshooting setups 23:00 Who is responsible for network design: end users, integrators, or OEMs 28:00 Analyzing Rockwell's reference architecture diagrams 36:00 Device level ring versus star topologies in practice 49:00 Brownfield versus greenfield considerations 56:00 Industry-specific architectures from food and beverage to oil and gas 01:04:00 The role of standards and corporate versus local decision making 01:08:30 Predictions, career advice, and recommended resourcesReferences Mentioned in this Episode Ignition Community Conference: https://icc.inductiveautomation.com/ Siemens SPS Atlanta Event: https://new.siemens.com/us/en/company/fairs-events/sps.html Rockwell Automation Architectures and Design White Papers: https://literature.rockwellautomation.com CISSP Official Study Guide: https://www.isc2.org/Certifications/CISSP Winning by Tim Grover: https://www.amazon.com/Winning-Unforgiving-Race-Greatness/dp/1982168862 Cisco CCNA Certification: https://www.cisco.com/c/en/us/training-events/training-certifications/exams/current-list/ccna.htmlAbout the HostsVlad Romanov is an electrical engineer and consultant with over a decade of experience in manufacturing and industrial automation. His background spans global companies such as Procter & Gamble, Kraft Heinz, and Post Holdings, where he has led modernization projects, SCADA and MES deployments, and digital transformation initiatives. He is the founder of Joltek, a consulting firm helping manufacturers align people, process, and technology to improve operations, and he also leads SolisPLC, an education platform for automation professionals. Connect with Vlad on LinkedIn: https://www.linkedin.com/in/vladromanovDave Griffith is a manufacturing consultant and co-host of Manufacturing Hub. With extensive experience in controls, systems integration, and business development, Dave has helped manufacturers across industries adopt SCADA, MES, and digital transformation solutions. He frequently shares insights on IT-OT convergence, operational strategy, and leadership in the automation space. Connect with Dave on LinkedIn: https://www.linkedin.com/in/davegriffithJoltek is a consulting and integration firm that helps manufacturers modernize with clarity, strategy, and execution. Built on decades of hands-on experience in engineering, automation, and plant leadership, Joltek bridges the gap between technical complexity and business value. The team is known for uncovering hidden risks in outdated systems, designing scalable IT and OT architectures, and guiding digital transformation initiatives that actually deliver measurable results. Whether it is upgrading control systems, deploying SCADA and MES platforms, or advising on strategic investments, Joltek consistently brings deep expertise and practical solutions that make manufacturing operations more resilient, efficient, and future ready.Listen and Subscribe Catch every episode of Manufacturing Hub on YouTube and your favorite podcast platforms. Subscribe to stay up to date with weekly conversations on automation, digital transformation, and the future of manufacturing.

Shawn Tierney meets up with Ashley Weckwerth of ISA to learn all about the OT Cybersecurity Summit in this episode of The Automation Podcast. For any links related to this episode, check out the “Show Notes” located below the video. Watch The Automation Podcast from The Automation Blog: Note: This episode was not sponsored so the video edition is a “member only” perk. The below audio edition (also available on major podcasting platforms) is available to the public and supported by ads. To learn more about our membership/supporter options and benefits, click here. Listen to The Automation Podcast from The Automation Blog: The Automation Podcast, Episode 245 Show Notes: To learn about our online and in-person training courses please visit TheAutomationSchool.com. Read the transcript on The Automation Blog: (automatically generated) Shawn Tierney (Host): Welcome back. My name is Shawn Tierney from Insights and Automation, and I wanna thank you for tuning back in to this episode of the automation podcast. This week on the show, I have Ashley Weckworth from ISA to talk about the OT cybersecurity summit they just held over in Europe in Brussels, and, very interesting conversation about OT cybersecurity. In addition to that, I had a couple announcements. First off, I wanted to let you know that I have rebooted the automation news podcast, and I renamed it Automation Tech Talk. And I’m trying to do a show at least three or four times a week at lunchtime. So if you’re not already subscribed to the old automation news podcast, you should be able to find it now as Automation Tech Talk. And, I’m just trying to spend ten to twenty minutes every lunch trying to share some knowledge that I have with the community. I also wanna mention that if you are a listener, I’m running a special 20% off, sale on my courses over at the automationschool.com. You will not see that there. It’s only for those listening. And I know most of you are already automation experts, so you don’t need to take these courses. So, really, this would be something you would pass on to the people who work for you or people you know who need to get up to speed on whether they need an introductory PLC course, so they need to get up to speed on ControlLogix, CompactLogix, s seven twelve hundred and fifteen hundred, PanelView plus, USC, and so on. So in any case, to get that discount, that 20% off any course or bundle of courses at $99 or more, All you have to do is send me the email address of the person who wants the discount. And, of course, we do do, group enrollment with, we’ve done it with a lot of Fortune 500 companies. Actually, I got a new order that just came in I gotta process. But, when we do a group enrollment, you you enroll, like, several people at your shop, and then I enroll them all at once, and you get a discount a quantity discount and all that. So in any case, if you have any questions about that, just go to the automationschool.com. All my contact info is at the very top, my voice mail, my email. You can even fill in a form there or book a meeting with me. But, please let me know if you know anybody who needs training. Even if you just want me to reach out to them to see if I can help them with their training needs, please let me know over there. And with that, let’s go ahead and jump into this week’s episode of the automation podcast. And, Ashley, I know this is your first time on the show. So before we jump into the summary of what what what this OT cybersecurity summit is and what it was all about and the highlights and all that good stuff, before we even get into that, could you tell the audience a little bit about yourself? Ashley Weckwerth (ISA): Yeah. Thank you, Shawn. I appreciate being here. My name is Ashley Weckworth. I am located in Orlando, Florida. I’ve been a volunteer for ISA for twelve years now. I actually have a day job, though. I’m a volunteer with ISA, which is the International Society of Automation. But in my day job, I’m actually a project manager for automation projects, so specifically SCADA systems projects for the electric grid right now. But our company also supports many other industries, so I actually started my career out. I was a chemical engineer. So I like to tell people, you never know how you’re gonna find your way to automation professions. There’s so many different varying degrees and everything that kinda lead us to this place. But I graduated in chemical engineering, went into instrumentation and controls, for the oil and gas industry. So doing a lot of, you know, it was PLCs or DCS systems that we used. But essentially, as I actually got my pro professional engineer license in control systems. So as a chemical engineer, you don’t know a lot about instrumentation controls and automation, at least I didn’t. And so I was actually recommended to join ISA right out of school. So I joined ISA in June 2012 and became a volunteer leader at the local section in 2013 and then just grew, in my volunteer roles, and I am now the ISA president-elect secretary. So what that means is in 2026, I will be the, ISA president for that calendar year. So I’m excited to be here today, to talk to you all about the ISA OT Cyber Summit. I actually was able to attend this event this year. It’s the third year that ISA has done this event. The first year was Aberdeen, Scotland. The second year was in London. And then this year, the first year I was able to attend was actually in Brussels, Belgium. So we’ve been all over Europe in different capacities, and I was really excited to attend this event. And I wanted to come on here today, and I’m so thankful you allowed us to come on here today to just tell your audience and community that are all very, enthusiastic about automation about this summit. So, hopefully, maybe they wanna attend in the future or maybe just can see what ISA is all about, and look into it more. So I’m really excited. Shawn Tierney (Host): No. And thank you for coming on. You know, it’s we we all get so wrapped up in our day to day that it’s great to have people on, like, from ISA to tell us what’s going on. And, you know, maybe, you know, you’re you get in a position later in your career where you can actually spend some time after work, you know, meeting with, your colleagues from all kinds of different industries. ISA is a great place to check into and and get involved with. But let me go ahead and turn it back to you. Ashley Weckwerth (ISA): Yeah. No. And, Shawn, you’re so right in the sense of I tell people is even though right now I’m not really in the day to day cybersecurity or OT cyber space, this conference was actually still really beneficial because of all the diverse connections that I gained there. It was actually the first time I had been more of the minority coming from The United States in the sense that you had people from Spain. You had people from, you know, Belgium, of course. You had France, you had Ireland, you had London in The UK. Right? You had different perspectives that everybody’s trying to come together. And ISA had this vision statement that’s create a better world through automation. Is and that’s truly what this group’s trying to do is we’re trying to protect all of our automation systems in the OT space against those vulnerabilities or those threats and how it will impact us from an operational standpoint, but also a business standpoint. So I thought even though I’m not in it day to day, like you mentioned, is sometimes I just have my blinders on, do my job, know what I’m doing, is it was very unique to talk to these folks at the socials and in the the meetings and listen to them to really expand my knowledge of what automation can be and also what we can do to protect it, but also just, like, building those connections because you never know where your career might lead. And I really did value that. So, with that, I did wanna mention that ISA OT Cyber Summit did have two unique tracks this year. I do feel like we try to change up the tracks based on what’s happening in today’s world, what people are talking about, the trends in this area. And so this year, we had a chain a track called threat intelligence. So really just identifying threats, knowing the vulnerabilities, knowing how to respond and react to those, how to prepare for those threats. So that was one track that we had, and the other track was securing the supply chain. Shawn Tierney (Host): Hey, everybody. Just wanted to jump in there for a minute and pay the bills and talk to you about some of the changes coming to the courses at theautomationschool.com. If you’re watching this video, then you will see me standing in front of a bunch of equipment, and that’s because I am updating actively updating all of my PLC courses as well as filming new additions. So I just wanna make it very clear. If you buy the existing course today, you will get the updated edition as well. And, there are some add on courses I’m doing that will be optional. You can buy them or not buy them. But in any case, I just wanted to let everybody know that I wanna protect your investment. I know I’ve been doing this for twelve plus years, you know, on my own as the automation school and the automation blog. And twenty five years before, I was, you know, working as a, a specialist. But I just wanted to let you know that, you know, if you make an investment today, you’re not gonna miss out on what I previously did, but you’re also gonna get what I continue to do. And that that’s very important to me. And all my courses are buy once own forever. So if you, make the investment if you made the investment, let’s say, going back to 2013, 2014, you’re still gonna get the updated, courses. So I know a lot of people get confused when you start looking at the new versions of Studio 5,000. It looks different, you know, than even version 30. Right? And so, you know, I figured it was you know, a lot of people too move to a Windows 11, and, there’s some new cool stuff I wanna include. You know, over the time, I’ve looked for different hardware sales and, you know, I bought a lot of different equipment, you know, just out of my own pocket that I wanna show you guys as well. So with that said, that’s an update on the automation school. Now let’s get right back into this week’s podcast. Ashley Weckwerth (ISA): So making sure that when we have disruptions to those supply chain areas or what those disruptions might look like, how are we gonna adapt to those? What does that mean to do to make sure that we’re being dependable and reliable in what we’re trying to accomplish in the supply chain and making sure we understand those impacts as well. So two different tracks. Of course, we had speakers, that sometimes overlapped both because they do kinda intertwine together. We had 40 speakers, two thirty attendees, and over 20 sponsors this year. So the event just continues to grow and grow. But the, the real thing that I loved about the conference and the content was it it actually shocked me how transparent and open the conversation was, because I feel like at some conferences, you go and you feel like you’re just sitting and being, like, preached at. And you’re like, I don’t know if I agree with that. At this conference, I felt like was different. It had more panel discussions. And one that really stood out to me is it was a panel discussion about ITOT convergence. And now this has been a theme word for years now. Right? IT, OT convergence, that’s the way to go. It actually took a shift in the the discussion in the panel discussion where people were actually like, why? Why why are we trying to do that? It seems like IT just wants to do that, and OT is being told you must do that. And so I thought it was and and you would think that we were about to go, like, in a boxing ring, but we weren’t. Right? It was actually, like, people wanted to hear and be inclusive of counterarguments, which, again, I think was very unique for this kind of conference in the sense of you might think that we were trying to push OT, IT convergent, but it was no. Like, let’s discuss the pain points and the challenges and where we like, what’s holding us back from converging? What are the benefits of that convergence? And I thought what was unique is we had IT backgrounded people on the panel as well as OT backgrounded people. So you kinda see both sides where they actually had people raise their hand what their background was in. And it was kinda unique to see the audience members being like, yeah. I came from the IT background, and I’m being told I need to watch over this IT space or the IT people raising their hand or OT people. I’m sorry. OT people saying, yeah. I came from the OT side, and I want the IT side to to watch what they’re asking and be careful and stuff like that. And so I, again, wanna go back to it was very cool to see the diverse connections in this group, but also the inclusiveness that we weren’t trying to push ideas. We were trying to get people talking about the options and what’s available and why. And I so I thought it was interesting that I feel like I’ve always heard, like, we wanna push towards convergence, with, you know, just having better data, knowing what’s happening through the whole system, and and from a cyber aspect. But I thought it was unique to hear how we could work together and keep them still separate in some certain situations and and why. And so that was that was unique to me. I I thought I was like, wow. This took a it took a turn, but in a positive way. And I think we all left there really challenged with where do we want this to head, why, and how do we get rid of those pain points. So Yeah. You know, I Shawn Tierney (Host): think a lot of controls engineers, right, they they know their they know their IT guys. So let’s say you’re an NGS er, and they know but they know the the cost of downtime. Mhmm. And and in many cases, there’s there’s no convergence because Right. There’s there’s no tolerance for downtime. If you’re making computer chips or you’re making, well, I guess, even potato chips, you you really downtime is such a profit killer. Right? And Yeah. In in some cases, it can it can take years to recover from a day or a week of downtime. And so that mission critical aspect of what we do in industrial automation is not always that mentality is not always present in IT. In many companies, and I’m not saying all IT people, but in many companies, IT is a firefighter. They’re a tech who’s been thrown into the, you know, thrown to the wolves, and they’re fixing everything from smartphones to, you know, trying to get the UPS, replaced to, you know, somebody needs a better monitor to the to the CEO, maybe needs a little hand holding to get the PowerPoint to work. So, yeah, different worlds and and and it’s so you every every and I’m sure you see this in your business, but every site, every customer seems to be unique well, because they have unique people. Right? But every site you go to is even different sites in the same company. They have different cultures and just I guess they all have unique people, unique teams, so they’re gonna that’s gonna happen. But, yeah, I can definitely see where you’re coming from, with with that. That sounds like it was a very interesting discussion. Ashley Weckwerth (ISA): Right. And you bring up a great point in the sense of I I remember specifically this, CISO or CISO, you know, chief information security officer from Johns Mansville came in and was talking about how he came from an IT background and was told you’re kinda leading this. And he noticed that he had the gap from the OT lens and that downtime, like you’re talking about, or the individual plant to where he did a strategic hire, essentially, or move to bring in an OT lens into his, you know, umbrella, essentially, to make sure he wasn’t, like, missing something or speaking and not realizing that impact of downturn. And that’s that’s actually Scott Reynolds who talked here, I believe, last year about this summit, is that’s who he brought under him to bring in that, you know, OT thought process, and they actually do travel to their different locations. Like you said, every plant’s different, every manufacturing facility is different, to make sure they’re hearing the unique circumstances and what they can do to support, but also not just, like, pushing them to do it a certain way knowing that there are the variances. So I think that you’re exactly right. So perfect. So the other side, right, is that that’s really trending right now and especially in Europe, which I learned, fun fact, I was like, why is this conference in Belgium and in Brussels? And I did not realize that Brussels is, like, the de facto capital of the EU, the European Union. And so there’s a lot of regulation that is happening in Brussels and and things that, like, come down from a compliance standpoint. And so a lot of the other, you know, discussions that happened was regarding the regulatory landscape across, all the all the world essentially and, like, NIST two, which I had to write this down because I am I’m not as familiar with NIST two, is network and information security directive. There’s been NIST one for a while or just NIST, and now they’ve come up with an update that actually spans across multiple sectors. And we can see from NIST two and from RED, which is radio equipment directive, and just other cyber initiatives and regulation coming down, cybersecurity initiatives, that more and more government or state officials are seeing the vulnerabilities that could happen or the risk that could happen if they don’t say you shall follow this or do something to protect your OT systems from, you know, disruption, from downtime, all of that, especially the those, again, like you mentioned, mission critical things. And and and there and I’m gonna talk about one specifically, one session that stood out with this. But I do want us to all be aware is, like, with these regulatory and governmental mandates or guidance or directives, is there are products out there and standards out there that a lot of people are leaning on to make sure they are protected and, you know, ready for an incident and how they respond, how they react if it happened. And I I think last time this was also talked about is six two four four three. I think you all had Eric Cosman on Shawn Tierney (Host): Yes. Yeah. Ashley Weckwerth (ISA): On an episode as well. So I would advise anybody that isn’t familiar with 62443, go back, look for that episode to really dive into the meat of what that is. But ISA developed the the IEC ISA six two four four three standard that has different different layers to it that you kinda can pick it which layer you need to do based on where you stand in this process. But, essentially, is because ISA has this as the foundation is this is what a lot of regulators are looking at to be like, you need to make sure you’re doing this. You need to make sure you’re being as compliant as you can be with six two four four three. So that’s why ISA continues to host this event and talk about it because we can see from a regulatory, you know, perspective that it is coming. And and and it has been coming for a while now, but I think it’s now being more enforced than ever before in certain regions. So just keep that in mind. Shawn Tierney (Host): Yeah. You know, I think, and and I may get this wrong, but from a previous coverage of NIST and NIST two, you know, it’s it’s, you know, from memory, just going by memory. You know, NIST was really about core providers. So those people who, if they got hacked, could really affect society in a big way. And with NIST two, right, it broadens that. So some industries that you may think, well, you know, if that plant goes down, it’s really not gonna well, it could affect your your community, your city in a big way. You just may not be have been aware of that previously. And so, you know, in America, I think you’re absolutely right. You know, not that we’re gonna get those same regulations, probably not word for word, but, you know, a lot of OEMs here are shipped there. Right? A lot of integrators work on machines here ship there. But beyond that, understanding what the threats they’re trying to protect from, the six two four four three layered you know, the different layers of standards, You know? So you understand what when you see a product, right, like a remote access product, and it has all these different numbers on it, you understand what are they protecting? What kind of what kind of security was built in, baked into this product? Like, this this product has this number on it. That means they went through all kinds of testing and and, you know, and to to make sure that their, you know, processes and the product itself and the supply chain and all that. So I think it’s very helpful. Not that we’re going to necessarily have to meet this and this too. We may have similar regulations, but the fact that you’re staying up to date with what’s going on in the world as far as cybersecurity is concerned. And we’ve had so many vendors on talking about zones and conduits and Yeah. Just all kinds of all kinds of different things, you know, secure remote access, VPNs. And all of this plays a role in in you know, there’s just so many great products out there, but, you know, that that’s my pitch for why staying abreast of these is important. In worst case scenario hey, everybody. Just wanted to break in here and pay some bills. Did you know that the automation school is a factory IO reseller? That’s right. Not only that, I have questions on using factory IO with ControlLogix and CompactLogix, with the MicroLogix and Slic 500, and with the micro 800. Now factory IO is a three d, factory simulator that allows you to really practice your programming skills, not on an actual machine, but on a three d simulation of a machine. And I’ll tell you what, some of these, are really challenging. Right? The early editions are not the early levels aren’t really that hard, but as you get them to lesson three, four, five, six, and more, they start getting much harder. And a lot of times, we utilize, like, a state machine to solve them because, like, if we have, merging two different conveyors or if we’re checking for the height of packages and things like that, or we’re filling a tank, whatever we’re doing, a lot of times you wanna take a very sequential approach to those type of applications, whereas other applications, you know, you take more of a batch approach. But in any case, if you don’t know anything about Factory IO, go check out lesson one zero two in any of my PLC courses, and I put a little demo in there along with the free utility I give away with my courses as well as for the compact and control logics. There’s another package we sell called, PLC Logics that is similar to Factory IO, but it doesn’t require a PLC. It doesn’t require that you have your own license of Studio 5,000. It’s actually it’s all self contained training, software. So check those out over at theautomationschool.com. And with that, let’s jump right back into this week’s episode. Don’t connect the plant flow to the Internet. You know? I know you I know you wanna be able to VPN in and check on your PLCs, but, you know, just make sure that connection is ultra secure. If you’re not if you’re not sure if it’s secure, unplug it and and do the research because, you know, we’ve heard about the pipeline where there was, you know, a cyber attack and there was, you know, ransomware, and we’ve heard about hospital hospitals and, you know, just, you can pretty much think any place in our society, there’s been a ransomware attack. And so we’re just gonna be cognizant. We heard a major news talking about don’t even charge your phone at the airport because Right. Cult I don’t know how to get in, but culprits have been going in and hacking the physical hardware so they can steal your information when you’re using The US. So we all have to help each other stay up to date on this. We gotta share these stories. That’s what people do best is share stories about things that are important that we need to know about. And, you know, that’s that’s kind of my pitch for staying. Let me turn it back. Let me turn it back to you. Ashley Weckwerth (ISA): Well no. And you bring up it honestly makes me think about a session that happened about Wi Fi. Is it it’s talking about Wi Fi security, and I know that I’m just as, like, guilty of this where we’ll just sign on to what we believe is the local safe Wi Fi, whether it’s the airport. Yep. Or the use case that he gave me even here, like, how many of us signed into the hotel’s Wi Fi? Shawn Tierney (Host): Yeah. Ashley Weckwerth (ISA): Right? And he talked about how and he kept saying, hypothetically, to make sure because he knew it was against the law, but, like, hypothetically, I could spoof it right now. Right? Is essentially and he went through how he could do it. Right? How he could use a device, hypothetically, in his laptop to essentially make the Wi Fi go out for a second, create a new Wi Fi with a very similar name that makes you believe that that’s now the new connection that you have to, you know, say that you’re joining and, you know oh, there it is. My my current hotel Wi Fi went off. There’s the other name that looks very similar Shawn Tierney (Host): Yeah. Ashley Weckwerth (ISA): And joining and not realizing you’re joining, that unsecure network. They can get in different ways now. So you’re you’re very right. As I tell people, is is really that threat intelligence track at OT, cyber made me, in a good way, again, expand my knowledge for what is possible out there, but also, like, what what I should be thinking about taking into consideration in my day to day home personal, you know, career and life and what I’m doing. But also, what am I doing in the job that I should be second guessing or making sure I’ve thought through? Are there any loopholes or gaps that someone could get in or is already in? Right? Shawn Tierney (Host): Well, that’s the thing because you bring most people are bringing their devices to work. So if you get hacked at the airport or get hacked at the hotel, that’s a vector into your company. And a lot of companies, that’s where that’s where the intrusion comes from a personal device. I mean, today, it used to be people are a little on and don’t bring your devices. And today, everybody brings their phone with them everywhere. Yeah. And so that is a vector into the plant. And that’s another reason why maybe your POC and HMI and SCADA system and VFDs and everything that you have in your network should only talk to a list of approved IP addresses and proved you know? You know? Maybe there should be some digital signatures there. I’m not saying for for certain networks, but for other networks that are more wide open, like, maybe you plant for a Wi Fi, maybe you should be locked down a little bit more. Maybe it shouldn’t be a great place to to stream you to. But, anyways, let me turn it back to you. Ashley Weckwerth (ISA): Well and and you, doctor, her name was doctor Marina Krotafil, And I’m gonna say it wrong. She actually shared a case study. Now I won’t give all the details of the case study, but, essentially, is it talked through how even at, like, state sponsored cyber operations. So when we’re talking, you know, we’re talking maybe, like, everybody thinks, like, hackers are, like, you know, the the people that just have too much time. They wanna do ransomware, get money. They wanna get through it’s like, you know, you think about especially with all the things happening in the world today is Mhmm. Countries against countries or states against states, essentially, that want to get in and disrupt the economy or disrupt and show their power can do so through cyber attacks. And she actually talked through how attackers, especially at a state level, that get recruited by a state, maybe like a Russia, you know, at first, like, essentially, she went through different scenarios where is if a if a government official or government wanted to get in and learn the vulnerabilities and all that for another, entity or another country, they know how to do that. Right? They know how to essentially make it to where they they’re testing their limits. Right? How long does it take them to get caught? How long does it take them to to make you notice that they’re in your system? How what do you do about it? Like, they’re essentially, she gave examples in this case study where everything certain state sponsored cyber operations do is strategic. Right? They’re testing their limits. They’re testing their capabilities. They’re testing and training up folks for when they actually want to do something. And I think you mentioned this in other, podcasts too that I listen to is, like, we gotta be cautious that people could be lurking. They could be in. They could be just not making themselves known in our critical infrastructure. And and, again, she she spun it in such a way that I’m not here to scare anybody on this podcast, but, essentially, just being aware that people are very smart, and we need to be smart and ahead of that as well. And that’s what I think this conference allows us to do is it shares best practices. It shares that knowledge. It builds those connections. So now, like, you kinda mentioned, there’s so much equipment that you can buy and vendors selling different things that have different security settings. Like, all those sponsors make great products. And and understanding what they can do, what they can’t do helps us be able to protect ourselves, get ahead of these risks, get ahead of these potentials, and not be afraid. Right? It’s kinda like you put a lock on your door to make sure you’re not just welcoming anybody in, not that you’re gonna plan for someone just to walk in your house that’s not welcome. Right? Is we wanna make sure we’re doing what we can, and I think that’s what this conference really allowed is to know the risk out there, to be aware of the situations, the cyberattacks that have happened in in recent history, but also, like, what can I do as an end user, as a consultant, as an integrator, as a product, you know, manufacturer? What can I do to make a difference to help safeguard our OT systems and make a difference and and protect them? Shawn Tierney (Host): You know, I I I restore to the people. They’re like, well, why would they hack us? And it’s like, you know, take a step back. You know, the first of all, these people who are working for their governments, whether it’s The US, whether it’s EU, any country in the world, you name it. Right. They all they all think that they’re doing a patriotic thing working for their com their country. In every country, every almost virtually every country in the world, virtually every one of them have been hacked by almost every other one of them. Yeah. And we don’t know who hacked for us. Right? This is the eye for the eye thing. Like, it’s been going on for so long. You know, did the French start it? Did the Americans start it? Did the Russians start it? Did no. Every country in the world’s been hacking every other country. There there’s no tracing back to who started this this roller coaster of hacking, but everybody’s perceived like the other people are hacking me, so I have to hack back. So you just have to be cognizant of that and and and understand that it may not be you. It may not be your company. It may not even be what you make that’s the target. You may just be the punch back for the punches they received last month, and you’re just the only target they can hit. And so we we, you know, let’s stop all the punching. Let’s secure our facilities. So so we frustrate all of these, including our own, all these people who are trying to illegally hack into different companies and and cause problems like the ransomware. And, you know, I and and it’s real. And, you know, it came years ago, it came to me. I put a SCADA server as a demo for my customers. I put it on the Internet. I was just like, hey, boss. Give me a cable modem. I’m gonna put my server on. I’m gonna demo, you know, web based SCADA to all my, to all my great customers in the area. And the thing was hacked within a day. I mean and I’m going back twenty years now. This is twenty years. It was hacked in a day. And every week, I would spend a couple hours trying to make it hack proof. You know? And, you know, this was before I even you know, firewalls were even, like, consideration for a small business. Right? And so, yes, the people are being hacked all the time. Yep. We we you know? And and we have to be vigilant against those hacks. And we gotta people are tired of me saying this. Also, please back up your PLC HMI SCADA systems and all those VFPs. Ashley Weckwerth (ISA): Just in Shawn Tierney (Host): case. Stuff up just in case. It’ll there there’s so much room on your hard drive now. You could back it all up a thousand times, and you would still have room left over. So I like to Ashley Weckwerth (ISA): Can you imagine how much money you would save having that backup ready to go instead of like you mentioned, downtime earlier, right, is Yeah. Essentially, if if something were to happen, right, say, ransom ransomware hap whatever. Right? Is is you you end up saying, no. We’re not paying it, and you lose everything. Is now if you had to rebuild all of that code and all of your systems and get everything back talking to each other is I mean, I don’t even wanna do the math. I mean, you’re talking you’re you’re not you’re losing revenue, just whatever you’re producing or making with that system, but you’re also now spending money to get it back to whereas if you had the backups already ready. Yes. You’re still gonna have downtime. You’re still gonna have to get everything back up, but you’re saving all that developmental time to, like, redo it all, essentially. Shawn Tierney (Host): Sometimes you can’t. There are some machines that are so complicated. Right. And they, you know, they may have had changeover. Nobody may have that file anymore. So take your take your own future in your own hands, back up everything, back it up more at once. Right. You know, and take it like Microsoft will tell you if you go to any type of server type of training or certifications, you’re gonna have a copy of that off-site. They all cannot be on your site because if there’s a fire where you store all that stuff, you don’t have any backups anymore. So very interesting stuff and, you know, I hate to preach. I know the the I know the audience is used to me saying this stuff, but, but it’s so important. I I I’ve had multiple customers well, former customers, colleagues, audience members tell me about their horror stories where they had ransomware, and it’s just it truly is devastating to the companies. Right. And it really, like, I mean, it hurts people’s paychecks because, you know, there’s no raises that year, no bonuses that year, sometimes layoffs. So Ashley Weckwerth (ISA): Oh, yes. It kills the culture. I mean, truly. And and that’s where I and I I think sometimes we take for granted, kinda like you mentioned at the beginning. We put our blinders on. We just do our job. We think we’re doing our job, and you don’t think about all these things. And I think that’s the the benefit of groups like this. Right? Your podcast, bringing a community together to talk about things like this, lessons learned, things that I’ve learned in my career, my product. Like, you’re getting knowledge out there, and that’s exactly what ISA is trying to do as well. It’s like, why do we all have to learn by the the hard way or learn by things happening when you have all these resources? That’s what I think frustrates me the most sometimes is people will be like, well, I didn’t know that. Shawn Tierney (Host): Hey, buddy. I just wanted to jump in here and pay some bills and tell you about my training at the Automation School, my in person training that I do right here in my offices in the beautiful Berkshires. So many great things to do out here in Western Massachusetts. We’re about an hour away from Albany, New York. And one of the things you’re gonna find with my training that you’re not gonna find with, the big vendors is, you know, I can kinda customize it for you. Right? So, you know, if you wanna do, like, a day of, Allen Bradley PLCs and a day of Siemens PLCs, I can do that for you. Also, you know, we teach not just using the the trainer trainer boxes, but we also teach using factory IO so that even the most advanced students should have a full day’s worth of work or two or three full days depending on what you wanna do. And you’re gonna see over the coming weeks, I’m adding even more hardware to the training room. I’m, creating all of these one by one demo boards that I’ll be showing you guys in on the, the lunchtime show that I’m doing, where, I’m bringing in things like Flex IO, Point IO, you know, seventeen sixty nine distributed IO, fifty sixty nine distributed IO. All these things that, you know, if you go to some of the place where they just bought, you know, APLCs and APCs and say, here’s a manual, you’re not gonna get the same experience. So in any case, if you have any needs for in person training, maybe you don’t wanna send your folks off to the factory for $5,000 a pop and have them gone for a week, get in touch with me, and you can see all these details about what I’m doing over at the automationschool.com forward slash live. That is where I have not only information about my in person training, I have pictures of the training room, I got pictures of the building. I also have all the local hotels. Within three miles, we have all of the big hotels as well as all of the kind of fun stuff you can do in the Berkshires when you come out here, like visit the Norman Rockwell Museum, climb Mount Greylock, and there’s so many other things to do as well out here. And a lot of historical places too, like Susan b Anthony’s home or Herman Melville’s home and so on. So with that, I just wanted to tell you about my in person training that I’m offering here in my office. And now let’s jump right back into this week’s show. Ashley Weckwerth (ISA): And I’m like, but you gotta, like, you gotta go find that out. Right? You gotta ingrain yourself in a community that knows more than you do and admit you’re not the smartest person in the room. Right? And and learn from the group. Right? Learn from the greater good that is really trying to help make make the world a better place. I know it’s a a tagline, but, essentially, that’s true. Right? Like, you’re trying to get the automation community more knowledge, more information, and that’s what ISA is trying to do. And I think it’s nice to know that you don’t have to do it alone in the sense of whether you’re starting out in automation and you have no clue what you just signed up for, or you’re in it. You’re now charged with making sure the OT system’s safe is knowing that there’s conferences out there that specialize in OT cybersecurity as well as, like, standards that tell you how to make sure that you’re protecting your OT cyber, you know, security assets and all that stuff, but also training courses. So I think Scott mentioned this last year, but we did the same thing this year where we hosted two training courses with this conference that you could sign up for. One of them even sold out, and that was using the IEC ISA six two four four three standard, like how to use it to secure your control systems. Literally a two day course sold out. Full house packed room. Marco Aiola? I can’t ever say his last name. Sorry, Marco, if you’re listening. He is great if you’ve never met him, but he has tons of knowledge. He he trained that or taught that course this during this conference in Belgium. So if you’re not sure where to start and you’re just like, I just need to, like, wrap my head around what this standard is, maybe reading, you know, a standard is not what you love to do, maybe you want someone to teach you what’s in there and how to use it, that’s the place to start, as well as, Steve Mustard taught, assessing the cybersecurity of new and existing systems. So industrial con industrial automation control systems. So Steve Mustard’s also been on an episode. He taught a a class as well at Brussels. And so I just wanted to encourage everyone that is listening, is you don’t have to be an automation professional alone. You don’t have to do figure out how to just make sure you’re safe and secure alone. Get involved in communities like this podcast, like ISA. Find those people that have walked it, have learned from mistakes, have done things because there’s resources out there that you can find and get involved in, whether that’s discussion boards, conferences, standards, training, all of the above, podcasts. I just I think that’s where I truly people are like, why are you involved in ICA? I’m like, why wouldn’t I be? Like, it’s like you just it’s so much knowledge. It’s so take it take it with what I I say as I just ask people to get involved. That that’s what I’m saying in in any automation community. Shawn Tierney (Host): Yeah. And if you’re an engineering manager out there, consider, you know, be in the first take the first step. Get yourself involved with your local chapter. Right? And maybe it is an ISA. Right? If you don’t have an ISA local, there’s probably another another similar organization, and get involved. And if you find it valuable, right, that whatever it is, an hour or a week, an hour a month, then, you know, encourage the people who work for you to also get involved. It’s it’s yes. Some of them may find may network a little bit and find a new job, but then again, you may find people to fill positions you’re open. So but it did just, you know, this this this industrial automation, industry is so tiny. Right? To tip to, like, health and fitness, right, or or all those type of things that that, you know, we’re we’re at a disadvantage as far as, you know, just be able to have, you know, everybody on the corner. Had there’s a gym on every corner or there’s Yes. You know, a a maker shop on every corner. Well, with industrial automation, you know, a lot of times, we can’t visit each other’s facilities just because of intellectual property. So so consider that, and there’s some great places online, plcs.net, misterplc.com, and other forms online. We get the ISA and other organizations. So, yeah, I definitely, confirm that too. We wanna we wanna encourage people to get involved. And I know a lot of folks are like me. You got family, you got kids, grandkids. You’re just busy all the time. But if you’re able to, and and I live in the boonies, but if you’re able to, get involved. So I I definitely encourage that. Yeah. Ashley Weckwerth (ISA): Exactly. And I have I have two boys on my own, two and six. And the the joke around ISA is that they’re the youngest members because they are going to be I literally have bought merch with ISA on it for them because it’s just one of those things that the it it it does take a village to be part of something like this and and try to really make a difference. So I do wanna go back a step. You mentioned this too, and I think it’s so valuable. I joined ISA because my manager found the value and said, you should join ISA because it will skyrocket your career. You’ll learn from other professionals. You’ll network. You’ll get up to speed faster in this type of industry with if you didn’t. Right? And I can tell you as as working for the same company now for thirteen years, that that hasn’t been a true statement. Is is it truly enabled me to, one, get involved in this industry, grow from an I and c engineer, you know, putting in big EPC projects, engineer procurement construction projects, you know, midstream refineries to now managing automation projects for my clients. And it I I I truly credit getting involved in the automation community because, again, it’s a small world. I’ve literally met people across The United States that are like, I feel like I’ve gotten an I like, an email from you. Like, are you part of ISA? Like, it’s truly, like, you don’t realize how that, like, comes full circle. You’re like, yes, I am. And, like, what how do you and how are you involved? So I’ll just say, I totally agree. And I do want to say, if you go to events, is you might start you might be the first to hear something that’s in the works or that’s starting. So I did wanna mention in here, because I think it’s it’s a really cool, initiative that’s rolling out, is our group ISA Secure, which, again, focuses on six two four four three, is they’re rolling out the industrial automation control system security assurance program this fall. So there was a session on it at the conference to announce it, and there’s a whole, flyer on it. You can find it at isasecure.org. What it’s doing is it’s kinda coming full circle. Right? Is ISA developed a standard. They then made training for the standard. They then, you know, essentially said, okay. What else can we do? Okay. Let’s do ISA secure and really, like, certify devices and and things that that fall as ISA secure. They’re doing what they should be doing. And now it’s saying, now let’s offer a site assessment program to where we will validate or essentially not prove, but essentially, they’re gonna say, yes. You are following what you can do for six 2443. And so it’s gonna roll out this fall, so more details to come. Like I said, there’s a two page flyer on it. It goes through different stakeholder benefits depending on, are you an asset owner? Are you an insurance underwriter? Are you, you know, an end you you know, I said end user, but you know what I mean. It essentially is it kinda lays out that they’re going to come in and say, yes. You are being compliant with 62443 as the person that, you know, wrote 62443 is essentially kind of validating that through this new, it’s called ACSSA. We love acronyms in ISA, and control systems love acronyms. So we had to fit the the part there. So all to say, I think it’s good to join events because they’re the first ones to know. I learned that at the conference. So it’s essentially it’s like you’re always finding out what’s coming ahead that you can be on the lookout for, what can help you instead of going down a rabbit hole that you didn’t even realize this was coming into play. So Shawn Tierney (Host): That’s awesome. That’s awesome. Was there anything else you wanted to share with us about the event? I know we covered a lot of ground already. Ashley Weckwerth (ISA): Yeah. Shawn Tierney (Host): But were there other things that you wanted to talk about? Ashley Weckwerth (ISA): The only thing I wanted to say was, I know I mentioned this before, but I would say get involved at a conference that maybe is overseas if you ever get the opportunity. Next year, it’s going to be in Prague, Czech Republic, also in the month of June. You’ll find all the details coming out, on our website, o t c s, for OT cybersecurity, summit, .isa.org. And I I want to just reiterate that you really do build that diverse connections. You build confidence if you’re doing it the right way. You get the knowledge if you essentially, you know, needed more knowledge on what to do to secure your OT assets. So I I just think going to a conference like this really builds that community, that network, and that confidence. And so I encourage you all to join, but, essentially, I think you should look at our pictures on our website. It makes it look like you missed out. I will say it was a lot of fun. I was so glad to join. But I do thank you, Shawn, for letting me be here today. Shawn Tierney (Host): No. And it’s great to hear what, ISA is doing. You guys do so much. And I know this, this security summit, OT security summit, or cyber summit is a big part and and and touches on a very important aspect of what, the audience the people in the audience do on a regular basis. And, we love getting updates from you guys. Maybe we can get you back in a few months to talk about, some maybe something else you guys are working on. But, in any case, we Ashley Weckwerth (ISA): should that. Shawn Tierney (Host): Yeah. I really appreciate you coming on today and, bringing us up to speed on the the summit. Ashley Weckwerth (ISA): Well, thank you, Shawn. I really appreciate you and your community. Shawn Tierney (Host): Well, I hope you enjoyed that episode, and I wanna thank Ashley for coming on the show and talking OT cybersecurity with us. It sounds like a great opportunity to go to this, event if you especially if your company has, offices in Europe. It’s not something that I think I could do as a self employed person here in The US, but, definitely, any of you folks out there who are, you know, working with your European counterparts, maybe going to SPS over there, this may be a trip you may wanna consider. And, of course, please check out the ISA. They’re a great organization, and we love having them on the show. I also wanna thank our sponsor, the automationschool.com. If you know anybody looking for PLC, HMI, or SCADA training, whether it be in person right here in this office or it’d be online, please, contact me directly at theautomationschool.com. You’ll see all my contact links up at the top of the site. And with that, I wanna wish you all good health and happiness. And until next time, my friends, peace. Until next time, Peace ✌️  If you enjoyed this content, please give it a Like, and consider Sharing a link to it as that is the best way for us to grow our audience, which in turn allows us to produce more content

This week on Manufacturing Hub, Vlad Romanov and Dave Griffith are joined by Kevin McClusky, Chief Technology Architect at Inductive Automation. Kevin shares his journey from computer engineering into the world of industrial automation, his early experiences as an HMI developer, and his leadership roles at Inductive Automation that shaped the direction of Ignition software.The conversation takes a deep dive into the newly released Ignition 8.3 beta, exploring the core features that matter most for end users, system integrators, and manufacturers. Kevin discusses the new Siemens driver with symbolic addressing, the internal historian powered by QuestDB, the Kafka and Event Streams module, and the new DevOps capabilities with file system storage, Git integration, and automated deployments. These capabilities are set to change how manufacturers design, deploy, and scale automation systems in real-world production environments.We also preview the Ignition Community Conference (ICC), which is moving to a larger venue this year. Kevin outlines new additions such as the Hub, the CoLab, community design challenges, and the continuation of Prove It sessions. The episode also covers the evolution of the Build-On competition, the growing integrator ecosystem, and Inductive Automation's continued focus on empowering its community through transparency and collaboration.This episode provides both a technical and strategic look at where Ignition is heading and why it matters for the future of industrial automation. If you are working on digital transformation, UNS, DevOps for OT, or enterprise-scale SCADA and MES, you will not want to miss this discussion.Timestamps00:00 Introduction and welcome with Dave, Vlad, and Kevin02:00 Kevin's background and entry into industrial software05:00 Lessons from early HMI and integrator experiences07:30 The importance of integrators in Inductive Automation's go-to-market strategy09:00 Transition into sales leadership and learnings from global customers13:00 Ignition 8.3 beta release process and development challenges18:00 Historian improvements and introduction of QuestDB21:00 The new Siemens driver and why it matters globally27:00 Use cases for multiple historians and large-scale data performance31:00 Kafka integration, Event Streams, and IT-OT convergence35:00 DevOps capabilities in Ignition including Git and deployment modes41:00 Preview of the Ignition Community Conference and new venue44:00 The Hub, CoLab, and community-driven sessions at ICC50:00 Prove It sessions and exhibitor highlights56:00 The Build-On competition and its evolution01:01:00 Predicting the future of ICC and Ignition01:03:00 Kevin's career advice for engineers and integrators01:05:00 How listeners can connect with Inductive AutomationReferences Mentioned in the EpisodeInductive Automation: https://inductiveautomation.com/Ignition 8.3 Beta Release Notes: https://inductiveautomation.com/downloads/release-notesQuestDB: https://questdb.io/Opto 22: https://opto22.com/HiveMQ: https://www.hivemq.com/Flow Software: https://flow-software.com/Sepasoft MES: https://sepasoft.com/Soba.ai: https://soba.ai/About the HostsVlad Romanov is an industrial automation consultant, electrical engineer, and founder of Joltek and SolisPLC. With more than a decade of experience in digital transformation and systems integration, Vlad has worked with Fortune 500 manufacturers including Procter and Gamble, Kraft Heinz, and Post Holdings. He is passionate about bridging the gap between IT and OT while helping manufacturers modernize their facilities.Connect with Vlad: https://www.linkedin.com/in/vladromanov/Dave Griffith is a manufacturing consultant and digital transformation strategist who helps organizations navigate technology adoption in automation, data, and operations. With a background in engineering and leadership across multiple industries, Dave focuses on helping manufacturers align technology initiatives with business outcomes.Connect with Dave: https://www.linkedin.com/in/davegriffith/About the GuestKevin McClusky is the Chief Technology Architect at Inductive Automation, where he has played a key role in shaping the growth of Ignition software over more than a decade. Kevin has led professional services, sales engineering, and product strategy, and now focuses on long-term architecture and technology direction for Inductive Automation. He is a frequent speaker at industry events and is deeply involved in guiding the Ignition community.Connect with Kevin: https://www.linkedin.com/in/kevinmcclusky/Manufacturing Hub is a weekly podcast hosted by Vlad Romanov and Dave Griffith, covering digital transformation, automation, data, robotics, and the future of manufacturing. Subscribe to stay ahead in the industry.

In 2020, editor in chief Mike Bacidore spoke with Mattias Altendorf, then- CEO of Endress+Hauser Group. Much has changed since then. Since January of 2024, Altendorf has moved from the CEO role to become the president of the supervisory board for Endress+Hauser Group. He also founded Bionic Leadership, which applies evolutionary principles to modern management, extending to evolutionary economics and economic bionics. His organization explores the fusion of nature-inspired strategies, technologies and effective leadership in shaping organizational excellence. During this conversation, they discussed sustainability, sensors, cybersecurity, component interoperability and IT/OT convergence, as well as the impact of those topics on machine builders and system integrators. Altendorf's insights still hold true in 2025, and his foresight on many topics was spot on.

Episode 183 is a conversation with James Dice and Brad Bonavida from Nexus Labs, as well as Devan Tracy from Lockheed Martin. In this episode of the Nexus Podcast, the Nexus Labs team breaks down the top stories relevant to energy managers, facility managers, IT/OT managers, and workplace managers.Find full show notes and episode transcript on The Nexus Podcast: Episode 183 webpage.Sign-up (or refer a friend!) to the Nexus Newsletter.Learn more about The Smart Building Strategist Course and the Nexus Courses Platform.Check out the Nexus Labs Marketplace.Learn more about Nexus Partnership Opportunities.

Podcast: Industrial Cybersecurity InsiderEpisode: Plant-Level Cyber Risk: Who's Actually Responsible?Pub date: 2025-07-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino Busalachi and Craig Duckworth tackle one of the most overlooked threats in cybersecurity: the number of industrial vendors and system integrators in manufacturing environments. The conversation addresses the relationship and communication gap between IT and the teams responsible for designing and supporting industrial control systems. They emphasize the need for improved governance, enhanced vendor accountability, and clear ownership of cyber risk. Whether you're a CISO, CIO, or VP of Engineering, this episode offers actionable insight into bridging the IT/OT divide, securing plant floors, and building a cybersecurity strategy that works at the edge of your business.Chapters:00:00:00 - Kicking Off: Why Transparency in Cyber Matters00:00:43 - Who's Talking? Meet Craig & Dino00:01:05 - The Big Question: What's IT's Role in Industrial Security?00:01:35 - When Too Many Vendors = Chaos00:02:37 - How to Actually Secure OT Environments00:03:46 - Choosing the Right Partners (and Asking the Right Questions)00:12:37 - Why Cyber Teams Need Plant Floor Time00:14:24 - Getting Smarter: Use External Experts & Vendor Summits00:18:22 - IT Meets OT: Closing the Culture Gap00:30:03 - What Now? Practical Next Steps for CISOsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

AB sits down with PepsiCo's Rajat Arora, Global Head of Networks and IT/OT Infrastructure, to talk about how Cisco technologies and solutions are driving better business outcomes for PepsiCo across the globe. This is a great conversation that covers a variety of topics, from IT/OT convergence to the integration of Cisco WAN to self-healing networks.

En este videocast exploramos por qué la ciberseguridad OT se ha convertido en un pilar crítico para la continuidad operativa y la seguridad física de las industrias. Revisaremos el modelo Purdue, los marcos IEC 62443 y NIST 800-82, casos reales de implementación en energía e oil & gas, la convergencia IT/OT con IIoT e IoMT, y un plan de “quick wins” para obtener resultados en solo seis semanas. Cerramos con recomendaciones ejecutivas para Heads de Tecnología y Negocio que buscan blindar sus operaciones antes de 2026.

AB sits down with PepsiCo's Rajat Arora, Global Head of Networks and IT/OT Infrastructure, to talk about how Cisco technologies and solutions are driving better business outcomes for PepsiCo across the globe. This is a great conversation that covers a variety of topics, from IT/OT convergence to the integration of Cisco WAN to self-healing networks.

Podcast: Industrial Cybersecurity InsiderEpisode: Breaking Down the IT-OT Wall: Why IT Cybersecurity Tools Fail on the Plant FloorPub date: 2025-07-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino Busalachi and Craig Duckworth tackle a critical disconnect plaguing industrial organizations: the disconnect in understanding and communication between IT and OT regarding industrial cybersecurity. While some IT departments are investing in OT cybersecurity platforms, 85% of the data these tools collect is designed for OT teams to act upon. Unfortunately, plant floor personnel, system integrators, and OEMs working in these environments rarely get access to dashboards, asset inventories, or vulnerability reports.Organizations must move beyond the "oil and water" mentality between IT and OT. This means involving plant personnel in cybersecurity decisions, sharing data with trusted partners who "build the cars" (not just buy them), and recognizing that effective OT security requires collaboration with the people who live and breathe on the plant floor every day.Bottom Line: If you're not sharing cybersecurity data with your system integrators, OEMs, and plant operations teams, you're not practicing true IT-OT convergence. You're missing critical opportunities to improve your security posture where it matters most.Chapters:00:00:00 - Why Local Collaboration is Critical for Cybersecurity Success00:01:07 - Meet Dino and Craig: Experts in IT/OT Integration00:01:49 - Unpacking the Challenges of IT/OT Convergence00:02:28 - Why IT and OT Teams Often Struggle to Align00:04:48 - Building Collaborative Frameworks for Stronger Cybersecurity00:07:33 - The Role of CIOs and CISOs in Driving Change00:08:44 - Navigating the Complexities of Diverse Plant Environments00:10:23 - Partnering with Vendors to Enhance Security Outcomes00:11:16 - Key Questions to Evaluate System Integrators Effectively00:16:35 - Using Tabletop Exercises to Align IT and OT Teams00:22:20 - Closing Thoughts: Bridging the Divide for Unified CybersecurityLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Episode 182 features James Dice, Rosy Khalife and Brad Bonavida from Nexus Labs. In this episode of the Nexus Podcast, the Nexus Labs team breaks down the top stories relevant to energy managers, facility managers, IT/OT managers, and workplace managers.Find full show notes and episode transcript on The Nexus Podcast: Episode 182 webpage.Sign-up (or refer a friend!) to the Nexus Newsletter.Learn more about The Smart Building Strategist Course and the Nexus Courses Platform.Check out the Nexus Labs Marketplace.Learn more about Nexus Partnership Opportunities.

Podcast: Industrial Cybersecurity InsiderEpisode: Reflections from the Front Lines of Industrial Cyber FailuresPub date: 2025-06-12Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this rewind episode, cybersecurity leaders revisit some of the hardest-hitting truths about protecting critical infrastructure in an increasingly converged IT/OT world. This conversation explores the disconnect between IT theory and OT reality, from the real-world fallout of the CrowdStrike disruption to the challenges of virtual patching, insider threats, and the cloud's role on the plant floor. The discussion exposes how legacy systems, poor collaboration, alert fatigue, and vendor dependency continue to sabotage industrial cybersecurity. They discuss tactical strategies for improving, from asset inventory and patching hygiene to choosing the right partners and walking the plant floor.Chapters:00:00:00 - Cyber threats are moving faster than your patch cycle00:00:47 - Crowdstrike, Virtual Patching and Industrial OT Environments with Debbie Lay, TXOne Networks00:07:48 - The #1 Myth Putting Your Industrial OT Assets at Risk00:15:01 - Patch Management and Software Updates: IT versus OTLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: KBKAST (LS 31 · TOP 5% what is this?)Episode: Episode 314 Deep Dive: Imran Husain | Cybersecurity Threats in the Manufacturing WorldPub date: 2025-06-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, we sit down with Imran Husain, Chief Information Security Officer at MillerKnoll, as he discusses the evolving landscape of cybersecurity threats in the manufacturing sector. Imran explores the challenges that arise as manufacturing increasingly integrates with online technologies and IoT, highlighting the unique vulnerabilities posed by legacy systems and operational technology (OT). He shares insights on high-profile incidents like the Norsk Hydro ransomware attack, emphasizing the importance of cyber resilience, data backup, and incident recovery. Imran also offers a candid look at why critical tasks like backing up data are often neglected, the complexities of securing aging infrastructure, and the need for creative solutions such as network segmentation and IT/OT convergence. A dedicated and trusted senior Cyber security professional, Imran Husain has over 22 years of Fortune 1000 experience that covers a broad array of domains which includes risk management, cloud security, SecDevOps, AI Security and OT Cyber practices. A critical, action-oriented leader Imran brings strategic and technical expertise with a proven ability to build cyber program to be proactive in their threat detection, identifying and engaging in critical areas to the business while upholding their security posture. He specializes in Manufacturing and Supply Chain Distribution focusing on how to best use security controls and processes to maximize coverage and reduce risk in a complex multi-faceted environment. A skilled communicator and change agent with bias to action who cultivates an environment of learning and creative thinking, Imran champions open communication and collaboration to empower and inspire teams to exceed in their respective cyber commitments. He is currently the Global Chief Information Security Officer (CISO) at MillerKnoll, a publicly traded American company that produces office furniture, equipment, and home furnishings.The podcast and artwork embedded on this page are from KBI.Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Episode 181 features James Dice, Rosy and Brad Bonavida from Nexus Labs, as well as Nicholas Dumoulin from Dream Real Estate. In this episode of the Nexus Podcast, the Nexus Labs team breaks down the top stories relevant to energy managers, facility managers, IT/OT managers, and workplace managers.Find full show notes and episode transcript on The Nexus Podcast: Episode 181 webpage.Sign-up (or refer a friend!) to the Nexus Newsletter.Learn more about The Smart Building Strategist Course and the Nexus Courses Platform.Check out the Nexus Labs Marketplace.Learn more about Nexus Partnership Opportunities.

Podcast: Industrial Cybersecurity InsiderEpisode: What Every CISO Gets Wrong About OT SecurityPub date: 2025-06-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino and Craig tackle one of the most misunderstood topics in industrial cybersecurity: IT/OT convergence. But is it truly convergence or more of a collision? Drawing from real-world experiences, they challenge the idea that OT is a “shadow IT group” and argue that operational technology deserves distinct governance, funding, and strategic influence. From secure-by-design to system integrators' evolving role, this conversation is a call to action for CISOs, CIOs, and engineering leaders to rethink how they build cybersecurity partnerships across the plant floor.Chapters:00:00:00 - Opening Shot: Who's Really in Charge—CIOs or the Plant Floor?00:00:57 - Collision Course: IT and OT Can't Keep Dodging Each Other00:01:52 - Two Worlds, One Mission: Why OT Isn't Just “IT in a Hard Hat”00:04:07 - When Convergence Fails: What's Missing in the Middle00:05:54 - Breaking Silos: Why Cybersecurity Demands True Collaboration00:08:22 - Real Talk: What Cyber Protection Looks Like on the Plant Floor00:10:46 - OT's Tipping Point: Will the Next Move Come from IT, or the Shop Floor?00:17:32 - Your Move: What Leaders Must Do Next (Before It's Too Late)Links And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: PrOTect It All (LS 25 · TOP 10% what is this?)Episode: From Plant Operator to OT Security: Stories of Failures and BreakthroughsPub date: 2025-05-26Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow dives deep into the intersection of IT and OT cybersecurity with special guest Gavin Dilworth—a plant operator turned automation engineer and cybersecurity expert. Listen in as Gavin shares his candid and often humorous journey from factory floors to global consulting, including how a workplace near-miss sparked his “lightbulb moment” about the similarities between health and safety and cybersecurity. Aaron and Gavin discuss everything from operators' creative workarounds on the plant floor, to the importance of trust and rapport between IT and OT teams, and why having hands-on experience is key to building effective cybersecurity programs in critical infrastructure environments.  You'll also hear real-world stories of technology mishaps, the critical role of plant culture, and the practical challenges organizations face in securing legacy systems while keeping operations running. If you want honest, relatable insights and actionable advice on bridging the IT-OT divide—and a few laughs along the way—this episode is for you. Key Moments:  10:12 Operator Rounds and RFID Challenges 12:56 Operators' Ingenuity and Knowledge 21:29 IT vs. OT: Firmware Update Challenges 26:49 Understanding and Accepting Risk 28:12 Standards, Frameworks, and Continuity 33:08 High Voltage Safety Precautions 40:41 Bridging OT and IT Skills 43:46 Cybersecurity Cross-Training Surge 52:38 CISO Knowledge Gap in OT Security 54:32 "Experience: Essential for Understanding" 01:03:34 DCS System Configuration Challenges 01:06:52 Neglecting Redundancy Risks Operations 01:11:00 Optimizing Underutilized IT Resources 01:20:04 "Understanding Systems Before Advice" 01:22:06 Old Cables Remain Untouched About the guest :  Gavin Dilworth's career took an unconventional path. As a plant operator, he was tasked with keeping production running smoothly and monitoring sensor readings, both on the computer and around the factory. However, Gavin was never quite the model operator—rather than dutifully making rounds and comparing readings, he often found himself absorbed in books, dreaming of a future in IT. Though he laughs about being a “pretty terrible operator,” Gavin's story reflects his early drive to pursue his true interests in technology, even when duty called elsewhere. How to connect Gavin :  Linkedin : https://www.linkedin.com/in/gavin-dilworth/ Website: https://assessmentplus.co.nz/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Episode 180 features James Dice, Rosy and Brad Bonavida from Nexus Labs, as well as Chris Tjiattas from Walmart. In this episode of the Nexus Podcast, the Nexus Labs team breaks down the top stories relevant to energy managers, facility managers, IT/OT managers, and workplace managers.Find full show notes and episode transcript on The Nexus Podcast: Episode 180 webpage.Sign-up (or refer a friend!) to the Nexus Newsletter.Learn more about The Smart Building Strategist Course and the Nexus Courses Platform.Check out the Nexus Labs Marketplace.Learn more about Nexus Partnership Opportunities.

Podcast: Cyber Focus (LS 24 · TOP 10% what is this?)Episode: The One-Way Street of Digital Transformation: OT Cybersecurity with Nozomi's Edgard CapdeviellePub date: 2025-05-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this special RSA Conference edition of Cyber Focus, host Frank Cilluffo sits down with Edgard Capdevielle, President and CEO of Nozomi Networks, to unpack the evolving landscape of operational technology (OT) cybersecurity. Together, they explore how digital transformation and the convergence of IT and OT are reshaping the threat environment for critical infrastructure. Capdevielle outlines the three major phases of the OT security market, reflects on the role of AI and legacy systems, and explains why visibility remains foundational to cybersecurity. The conversation also highlights the growing risk from nation-state actors, the breakdown of air gap assumptions, and the tangible steps owner-operators must take to build resilience. Main Topics Covered: Defining the three phases of OT cybersecurity market maturity The impact of digital transformation and IT/OT convergence Why visibility remains the top concern for infrastructure operators The role of AI in passive detection and firmware profiling Nation-state threats, air gap fallacies, and Volt Typhoon's implications Practical steps for operators to improve risk visibility and resilience Key Quotes: “Digital transformation is a one-way street. We're only going to automate more — automate everything — and IT and OT are only going to converge more.” — Edgard Capdevielle “You cannot protect what you can't see. So having a layer of visibility is number one.” — Edgard Capdevielle “Air gapping has been our number one enemy because it's not real… It's brought a level of comfort that is not good for us.” — Edgard Capdevielle Relevant Links and Resources: Nozomi Networks Guest Bio: Edgard Capdevielle is President and CEO of Nozomi Networks, a global leader in OT and IoT cybersecurity. He has a background in computer science and more than two decades of experience in cybersecurity and enterprise technology. Prior to joining Nozomi in 2016, he held leadership roles at Imperva and EMC (including post-acquisition work with Data Domain) and has served as an investor and advisor to several successful startups in the security space.The podcast and artwork embedded on this page are from McCrary Institute, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Episode 179 features James Dice, Rosy and Brad Bonavida from Nexus Labs, as well as Andrew Rogers from ACE IoT Solutions. In this episode of the Nexus Podcast, the Nexus Labs team breaks down the top stories relevant to energy managers, facility managers, IT/OT managers, and workplace managers.Find full show notes and episode transcript on The Nexus Podcast: Episode 179 webpage.Sign-up (or refer a friend!) to the Nexus Newsletter.Learn more about The Smart Building Strategist Course and the Nexus Courses Platform.Check out the Nexus Labs Marketplace.Learn more about Nexus Partnership Opportunities.

Can your mind be hacked? In this gripping episode of the Azizi Podcast, Samir Azizi sits down with cybersecurity veteran John Caballero – an expert with over two decades of experience securing IT/OT infrastructures and educating Fortune 500 companies, government agencies, and even the Department of Defense. This conversation goes beyond firewalls and phishing—it dives deep into the human factor and the psychology behind modern cyber threats.

Episode 178 features James Dice, Rosy and Brad Bonavida from Nexus Labs, as well as Keilly Witman from Refrigerant Management Solutions. In this episode of the Nexus Podcast, the Nexus Labs team breaks down the top stories relevant to energy managers, facility managers, IT/OT managers, and workplace managers.Find full show notes and episode transcript on The Nexus Podcast: Episode 178 webpage.Sign-up (or refer a friend!) to the Nexus Newsletter.Learn more about The Smart Building Strategist Course and the Nexus Courses Platform.Check out the Nexus Labs Marketplace.Learn more about Nexus Partnership Opportunities.

Welcome back to a special Thursday edition of Manufacturing Hub!In this episode, we dive deep into one of the standout presentations from the Prove It conference — featuring Travis Cox from Inductive Automation and Arlen Nipper from Cirrus Link Solutions.

Episode 176 features James Dice, Rosy and Brad Bonavida from Nexus Labs. In this episode of the Nexus Podcast, the Nexus Labs team breaks down the top stories relevant to energy managers, facility managers, IT/OT managers, and workplace managers.Find full show notes and episode transcript on The Nexus Podcast: Episode 176 webpage.Sign-up (or refer a friend!) to the Nexus Newsletter.Learn more about The Smart Building Strategist Course and the Nexus Courses Platform.Check out the Nexus Labs Marketplace.Learn more about Nexus Partnership Opportunities.

Episode 175 features James Dice, Rosy and Brad Bonavida from Nexus Labs. In this episode of the Nexus Podcast, the Nexus Labs team breaks down the top stories relevant to energy managers, facility managers, IT/OT managers, and workplace managers.Find full show notes and episode transcript on The Nexus Podcast: Episode 175 webpage.Sign-up (or refer a friend!) to the Nexus Newsletter.Learn more about The Smart Building Strategist Course and the Nexus Courses Platform.Check out the Nexus Labs Marketplace.Learn more about Nexus Partnership Opportunities.

In this episode recorded live at the ProveIt Conference, we sit down with Mark and Harry from Tatsoft, creators of the industrial IIoT platform Frameworks. We dive deep into how Tatsoft is redefining what a true industrial platform should be — built from the ground up for the factory floor, yet scalable across the enterprise.Mark and Harry walk us through:Their platform's positioning as a SCADA, HMI, MES, and IIoT toolbox — all in oneHow Frameworks handles real-time data, from connectivity (MQTT, OPC UA, SQL) to transformation and dynamic visualizationWhy the “extra I in IIoT” matters when building for industrial environmentsThe challenges of IT/OT integration, people gaps, and legacy systems — and how Tatsoft tackles them head-onA demo of their ProveIt solution, showing off auto-recognition of new assets, dynamic UI, and high-performance visualization across devicesWhether you're an end user, system integrator, or OEM, this episode will help you understand how Tatsoft's Frameworks V10 is enabling fast, scalable, and future-proof industrial applications — without compromise.

Episode 174 features James Dice, Rosy and Brad Bonavida from Nexus Labs. In this episode of the Nexus Podcast, the Nexus Labs team breaks down the top stories relevant to energy managers, facility managers, IT/OT managers, and workplace managers.Find full show notes and episode transcript on The Nexus Podcast: Episode 174 webpage.Sign-up (or refer a friend!) to the Nexus Newsletter.Learn more about The Smart Building Strategist Course and the Nexus Courses Platform.Check out the Nexus Labs Marketplace.Learn more about Nexus Partnership Opportunities.

Episode 173 features James Dice, Rosy Khalife, and Brad Bonavida from Nexus Labs. In this episode of the Nexus Podcast, the Nexus Labs team breaks down the top stories relevant to energy managers, facility managers, IT/OT managers, and workplace managers.Find full show notes and episode transcript on The Nexus Podcast: Episode 173 webpage.Sign-up (or refer a friend!) to the Nexus Newsletter.Learn more about The Smart Building Strategist Course and the Nexus Courses Platform.Check out the Nexus Labs Marketplace.Learn more about Nexus Partnership Opportunities.

This week's guest is ZJ van de Weg (https://www.linkedin.com/in/zegerjan/), CEO of FlowFuse. ZJ shares his journey from an intern at GitLab to now leading FlowFuse, how open-source technology is transforming industrial operations, and why Node-RED has become the go-to platform for low-code manufacturing connectivity. He also takes a deep dive into the challenges of scaling open source solutions in enterprise environments, the value of an ‘open-core' business model, and the future of IT/OT collaboration. Augmented Ops is a podcast for industrial leaders, citizen developers, shop floor operators, and anyone else that cares about what the future of frontline operations will look like across industries. This show is presented by Tulip (https://tulip.co/), the Frontline Operations Platform. You can find more from us at Tulip.co/podcast (https://tulip.co/podcast) or by following the show on LinkedIn (https://www.linkedin.com/company/augmentedpod/). Special Guest: ZJ van de Weg.

Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist: