Podcasts about Operational technology

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com Sometimes, one plus one is three. Back in 2021, McAfee's Enterprise business merged with FireEye to form Trellix. Today, the net result is a company that generates $1.2 billion globally and $400 million in the public sector. In today's interview, Ken Karsten details how federal leaders can use Trellix to improve cybersecurity in a federal world with rapidly increasing end points. Setting the stage, Ken Karsten reviews an Executive Order 14028  from 2021 that encouraged federal agencies to aggressively protect endpoints, sometimes called Endpoint Detection and Response. In four short years, AI has transformed the way malicious actors attack end points and the defense had to be improved. Enter, Extended Detection and response. During the interview, Ken Karsten gives listeners an overview of XDR's continuous monitoring, advanced analytics, and rapid threat assessment and response capabilities. Advances in AI have allowed Trellix to deliver EDR and XDR capabilities at a drastically reduced cost. Topics in the discussion include Operational Technology, 5G, and Trellix's recent DoD IL5 authorization. Provide a link to download the Trellix Cyber Threat Report.

Podcast: Hack the Plant (LS 35 · TOP 3% what is this?)Episode: Old Systems, New ThreatsPub date: 2025-06-10Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationBryson Bort is joined by Jim Montgomery, Director, Industrial Cybersecurity Solutions at TXOne Networks. TXOne provides network-based and endpoint-based products to tackle security vulnerabilities across industrial environments. With decades of IT security experience, Jim now leads TXOne's work protecting Operational Technology environments across critical sectors like automotive, oil and gas, pharma, manufacturing, and semiconductors.How can we defend against threats that are already embedded within our systems? What are the most immediate and significant risks facing our critical infrastructure today? And how can operators begin to secure their networks? “Let's start with the basics. Let's start with understanding. Let's start with making it hard to get into your environment, and let's start discouraging that type of behavior from attacking your environment,” Jim said. Join us for this and more on this episode of Hack the Plan[e]t. The views and opinions expressed in this podcast represent those of the speaker, and do not necessarily represent the views and opinions of their employers. Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology.The podcast and artwork embedded on this page are from Bryson Bort, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Hash Salehi, Reserve Engineer and Founder of RECESSIM, joins host Philip Wylie to demystify the world of hardware hacking and security, highlighting niche but critical vulnerability research in IoT and embedded devices. Through recounting his own experiences, from customizing low-cost fault injection attacks on automotive microprocessors to reverse engineering smart meters, Hash shares both successes and frustrations from the front lines of hands-on security assessment. The conversation aims to inspire and equip listeners who want to explore or deepen their understanding of hardware security by surfacing resources, communities, and the mindset necessary to uncover vulnerabilities beyond software.Links:http://www.recessim.com/https://wiki.recessim.com/https://www.youtube.com/c/RECESSIM Let's connect about IoT Security!Follow Phillip Wylie at https://www.linkedin.com/in/phillipwyliehttps://youtube.com/@phillipwylieThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 63: Chief Hacking OfficerPub date: 2025-05-27Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThis is a story about a Chief Hacking Officer who draws on his expertise in physical and virtual security assessments—along with some intuitive AI-driven coding—to safeguard Operational Technology. Colin Murphy of Frenos and Mitnick Security talks about how some of his early assessment work with Kevin Mitnick is helping him with OT security today.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

This is a story about a Chief Hacking Officer who draws on his expertise in physical and virtual security assessments—along with some intuitive AI-driven coding—to safeguard Operational Technology. Colin Murphy of Frenos and Mitnick Security talks about how some of his early assessment work with Kevin Mitnick is helping him with OT security today.

Cybersecurity in healthcare is facing heightened challenges as regulations shift, IoT devices proliferate, and ransomware attacks become increasingly devastating. Josh Spencer, Founder, and CIO at FortaTech Security and with over fifteen years in the field including time as CISO/CTO at UT Southwestern, explores why HIPAA changes are necessary, the high stakes of securing medical devices, and how both technology and culture play roles in protecting patient data and safety. The conversation breaks down risks, practical mitigation strategies, and the ongoing evolution of both threats and defensive tools -- including AI --  and covers the evolving HIPAA landscape and the move from “addressable” to required controls, ransomware's impact on hospitals and patient safety, challenges and best practices in securing connected medical (IoT/OT) devices, the importance of real-world risk assessment and penetration testing in healthcare, and human factors, including security awareness training and leveraging AI both for defense and as a threat. Let's connect about IoT Security!Follow Phillip Wylie at https://www.linkedin.com/in/phillipwyliehttps://youtube.com/@phillipwylieThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Cybersecurity is redefined as a discipline for the curious and adaptable, with a focus on continuous learning, imagination, and embracing change. On location at the RSA Conference, host Phillip Wylie and Anand Singh discusses the evolving challenges of IoT and OT security, the rapid integration of AI, and how organizations must address overlooked endpoints and fragmented infrastructures. There is an emphasis on practical advice for CISOs and cybersecurity practitioners, underscoring the importance of foundational security practices, data visibility, identity management, and mental well-being in high-stress leadership roles.The role of curiosity and adaptability in cybersecurity careersOverlooked risks and challenges in IoT and OT device securityThe transformative impact of AI and the importance of securing AI adoptionPractical strategies for asset, identity, and data managementMaintaining work-life balance and resilience for CISOs and security leaders Let's connect about IoT Security!Follow Phillip Wylie at https://www.linkedin.com/in/phillipwyliehttps://youtube.com/@phillipwylieThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

From heating systems in Ukraine to petrochemical plant safety controls, Operational Technology (OT) systems are the hidden workhorses behind critical infrastructure: and they're wide open to cyber threats. In this Deep Dive, Rob Maas sits down with Luca Cipriano to break down what OT is, why it's different from IT, where the two overlap and how we can start securing both before it's too late.  Key topics:⚙️ What OT is (and isn't)

Switching Shop Management Systems isn't as hard as you think! Give Shop Controller a try HEREIf your DVI isn't certified, you're losing customers! Get a FREE certification when you touch HERE!In this episode, you'll get to meet Tekmetric's new COO! Lauren Langston shares her journey from a software-focused background to joining the automotive industry, emphasizing her desire to deliver better technology tailored to the auto repair industry. Braxton and Lauren also get into the trust gap between consumers and auto repair shops, highlighting how transparency and the right technology can help bridge that divide. 00:00 Vertical SaaS in Professional Services04:02 Consumer Distrust in Auto Repair09:13 Enhancing Customer Trust Through Tech12:06 Tekmetric's Brand and Founder Impact14:59 Managing Tech Change in Business20:19 "Founders Drive Continuous Innovation"21:10 Tekmetric's Next-Level Customer Focus24:25 "Aligning Customer Needs with Offerings"27:47 Auto Industry's Vast Opportunities31:46 Building Tech with Industry Experts

Healthcare IoT systems are increasingly targeted by cyber threats, necessitating a shift in strategy from isolated, organization-specific responses to a collaborative, ecosystem-wide approach. James McCarthy sits down with vCISO and 30-year information assurance and cybersecurity veteran Jason Taule. Taule brings important insights into the challenges faced by healthcare providers due to regulatory pressures, financial constraints, and technological advancements, urging both manufacturers and providers to participate in a unified security effort. Emphasizing the critical need for proactivity,  Taule also calls for a balance between regulation and adaptability in safeguarding these critical infrastructures. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Roman Arutyunov is the Co-founder and SVP of Products at Xage Security, a Series B startup focused on protecting critical infrastructure—including energy systems—from cyber threats. Xage is backed by investors like Chevron Technology Ventures, Aramco, Piva Capital, Valor Equity Partners, and Overture.Cybersecurity is a growing concern as our energy systems become more distributed, electrified, and digitally connected. We spoke with Roman about the vulnerabilities in today's infrastructure, the motivations behind cyberattacks, and how the rise of AI is changing the cybersecurity landscape.In this episode, we cover: [2:11] Introduction to Xage Security[3:12] Cybersecurity 101: Ransomware, nation-state threats, and attacker motivations[7:10] Operational tech (OT) vs. information tech (IT)[13:29] Xage's Zero Trust security approach[15:45] Customer segments and differing security challenges[20:47] Navigating regulations vs. fast deployment timelines[23:40] How AI is shaping both threats and defenses[28:00] When multifactor authentication becomes a vulnerability[31:59] Real-world cyberattacks on energy systems[34:10] Xage's funding history and growth trajectoryEpisode recorded on Feb 20, 2025 (Published on Mar 26, 2025) Enjoyed this episode? Please leave us a review! Share feedback or suggest future topics and guests at info@mcj.vc.Connect with MCJ:Cody Simms on LinkedInVisit mcj.vcSubscribe to the MCJ Newsletter*Editing and post-production work for this episode was provided by The Podcast Consultant

Matt Brown, Hardware Security Researcher, Bug Bounty Hunter, and Founder of Brown Fine Security, leaves nothing to the imagination in this conversation with host Eric Johansen on the world of embedded devices and cybersecurity. Matt shares his journey from childhood tinkering to professional vulnerability research, offering insights into the complexities of IoT attack surfaces, legacy system challenges, and real-world hacking experiences. The conversation covers everything from surprising device vulnerabilities to practical advice for aspiring IoT hackers, including why off-brand devices are a great starting point. Plus, Matt reveals some of the sketchy smart devices in his own home and why understanding your threat model is key to robust security. It's an unfiltered look into the intersection of curiosity, technology, and defense strategies in today's connected world.You may know Matt from his hit YouTube channel at https://www.youtube.com/@mattbrwn. If you like hardware, taking gear apart, and digging into what makes devices vulnerable, you're definitely going to want to give it a look. You can also find Matt Brown at the following places:brownfinesecurity.comlinkedin.com/in/mattbrwntwitter.com/nmatt0github.com/nmatt0reddit.com/user/mattbrwn0 Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

This week's guest is Audrey Van de Castle (https://www.linkedin.com/in/audrey-van-de-castle/), Senior Director of Operational Excellence Technology at Stanley Black & Decker. Audrey breaks down the challenges of scaling digital initiatives across 100+ manufacturing sites, how to balance governance with citizen development, and the need to move past the buzzwords and invest in technology that can make a difference on the shop floor today. She also shares insights into her unconventional career path from running a makerspace to becoming a digital transformation leader, best practices for working with IT, and her passion for building fighting robots (https://youtu.be/4fbwtajq5XA). Augmented Ops is a podcast for industrial leaders, citizen developers, shop floor operators, and anyone else that cares about what the future of frontline operations will look like across industries. This show is presented by Tulip (https://tulip.co/), the Frontline Operations Platform. You can find more from us at Tulip.co/podcast (https://tulip.co/podcast) or by following the show on LinkedIn (https://www.linkedin.com/company/augmentedpod/). Special Guest: Audrey Van de Castle.

In this episode, host Eric Johansen welcomes Bill Lucas, Senior Director of Cybersecurity at Mastronardi Produce, to explore the evolving security challenges in agricultural IoT. With over sixteen years of experience across the automotive, healthcare, and tech industries, Bill brings a deep understanding of enterprise risk management, endpoint security, and cyber defense—now applied to one of the world's most critical industries: food production.Bill and Eric explore the unique cybersecurity risks in modern agriculture, from UV robots to robotic bees, and discuss how automation, sensor networks, and supply chain security play pivotal roles in securing these technologies. Bill also shares his personal career journey, offering valuable insights for professionals looking to strengthen their IoT security strategies.Join us for a compelling conversation about the intersection of innovation and cybersecurity in the agricultural sector—and what it takes to secure the future of connected farming. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

What did 2024 teach us about securing the IoT and OT landscape? In this special 2024 lookback episode, Alex Nehmy, Asia Pacific CTO at Phosphorus, revisits impactful moments from industry experts and IoT Security Podcast guests, including Jason Taule,  Patrick Gillespie,  Sean Tufts, Michael Lester, Joel Goins, Khris Woodring, Mike Holcomb, and John Threat who share their unique journeys and lessons-learned in the realm of IoT security and beyond. Reflecting on learnings from 2024 and looking ahead at 2025, the discussion spans...• Why remediation beats endless assessments in IoT security.• Overcoming challenges with legacy systems and device management.• Trends shaping the future of Cyber-Physical Systems.• The power of community in tackling cybersecurity risks. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, host and xIoT security evangelist John Vecchi sits down with Enrique Martinez, OT/IoT Practice Lead at World Wide Technology (WWT), to explore the critical challenges and solutions in securing OT and IoT environments. Enrique shares his journey into cybersecurity, highlights the importance of asset visibility, and discusses how AI is transforming both defense and risk in the cyber-physical world.Key Topics Covered:The foundational importance of asset awareness and behavior analysis.How IT/OT convergence increases vulnerabilities and the need for layered security.Challenges in securing legacy systems and balancing risk with safety.How AI can enhance data analytics, decision-making, and security in OT.Practical insights on remediation and accelerating asset discovery.Featured Insights:“It all starts with asset awareness—knowing what you have and how it behaves is the first step to securing it.”“AI offers great potential for security, but with cyber-physical systems, safety and availability must always come first.” Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

It is no longer unusual for Operational Technology systems to be connected to IT systems and the Internet, but this leaves them increasingly open to cyber threats. Daniel Kapellmann, Security Engineering Manager at Google Threat Intelligence, talks about how convergence of OT with IT systems amplifies risk and what's involved in detecting threats. Hosted on Acast. See acast.com/privacy for more information.

In this episode, Mark Mattei, Global Director of Industrial Managed Security Services at 1898 & Company, unpacks the high-stakes challenges of protecting vital systems from sophisticated attacks. Host John Vecchi highlights the critical issues surrounding IoT and OT security within industrial critical infrastructure. From the importance of cybersecurity in industrial environments to the practical challenges of compliance and regulation and strategies for mitigating cybersecurity threats without compromising operational integrity, Mark shares key insights and actionable advice for operators in today's volatile security landscape.Listeners of this episode will hear about...The Growing Complexity of OT and IT Security Needs: Mark discusses the increasing sophistication of threats targeting critical infrastructure, including state-sponsored attacks and ransomware, and the complexities operators face in balancing security needs with uninterrupted operations. Challenges with Compliance and Budget Constraints: Critical infrastructure operators often face budgetary and regulatory challenges that limit their ability to invest in cybersecurity. Navigating mandates like NERC CIP and adapting to regulatory changes is essential but can detract from proactive security efforts. Building a Supportive Community: Mark encourages operators to reach out within the OT security community for advice and support. With limited experts in this field, sharing knowledge and collaborating can make a significant difference for smaller utilities and organizations facing resource constraints.  Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode of The Gate 15 Interview, Andy Jabbour speaks with Jeri Rogish and Mitchell Freddura, both with the Cybersecurity and Infrastructure Security Agency (CISA) and CISA's Joint Cyber Defense Collaborative (JCDC). Jeri serves as Deputy Chief of JCDC's Product Development Section and Mitch serves in the Partnerships Office. Jeri on LinkedIn. Mitch on LinkedIn. For further information about participating, email cisa.jcdc@cisa.dhs.gov. Discussed in the podcast: Jeri & Mitch's Backgrounds. JCDC background. How the JCDC is “uniting the global cyber community.” Best practices to support a “coordinated defensive cyber posture.” “Implementing comprehensive, whole-of-nation cyber defense plans” to address risks, coordinate action, and build national resilience. Building a joint understanding of challenges and opportunities for our nation's cyber defense. Networks of networks & private-public partnership  The NCIRP Public Comment period coming soon! We play Three Questions and talk moments from high school, favorite foods, big hearts and sports teams no one wants to hear about… Selected links: Joint Cyber Defense Collaborative (JCDC) CISA Launches New Joint Cyber Defense Collaborative (05 Aug 2021) JCDC Success Stories | CISA JCDC Artificial Intelligence Cyber Tabletop Exercise Series Shaping the legacy of partnership between government and private sector globally: JCDC Cybersecurity Resources for High-Risk Communities JCDC Builds Foundation for Pipelines Cyber Defense Planning Effort Additional resources: 2024 JCDC Priorities Enhanced Visibility and Hardening Guidance for Communications Infrastructure PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure Living off the Land (LoTL) Guidance Cybersecurity Resources for High-Risk Communities | CISA Securing Open Source Software in Operational Technology | CISA Improving Security of Open Source Software in Operational Technology and Industrial Control Systems

 While everybody is focusing on Artificial Intelligence, malicious actors are going after the soft underbelly of modern technology: operational technology, or OT.  Today, we take a look at the increasing threat of cyber-attacks on operational technology (OT) systems, which are often not built with security in mind. Operational Technology is represented by control systems, logic controllers, and other end points found in critical infrastructure like water and systems that generate energy, like oil, natural gas and even nuclear. Today's experts share ideas on how to mitigate risk through. Collaboration: Throughout the federal government communities are being formed that seek to share information on OT threats.  For example, CISA has a Joint Cyber Defense Collaborative that serves as a clearing house for communication between industry and the federal government. Continuous monitoring:  Marty Edwards works on several federal committees to try to establish data formats that would allow for interoperability to monitor attacks and update existing operational technology. Proactive measures:  Jonathan Feibus from the NRC shares that 90% of the systems he monitors are focused on Information Technology. Vendors seeking solutions to this problem should look at extending methodologies built for IT into the realm of OT. The discussion ended with a discussion of the integration of IT and OT security, the role of AI in enhancing security, and the need for comprehensive asset inventories and risk assessments.  

Emphasizing the importance of collaboration and communication, Mike Holcomb shares his extensive experience and practical insights into securing ICS and IoT environments. Holcomb, ICS/OT cybersecurity global lead at Fluor, stresses mastering basic cybersecurity fundamentals and asset inventory, along with the nuances of integrating IT and OT security. The episode aims to bridge gaps between IT and OT teams to fortify defenses against sophisticated cyber threats.Listeners will gain valuable insights into critical takeaways, including:Real-World Impact of Cyber Attacks: Mike explains how high-profile incidents, such as Colonial Pipeline and Triton, highlighted the physical consequences of cyber threats, making clear that OT security is a top priority for critical infrastructure.Bridging the IT-OT Divide: The discussion underscores the need for IT and OT teams to collaborate, as a lack of communication and understanding can leave vulnerabilities open to exploitation.Achievable Defense Strategies: From basic network segmentation to secure remote access, Mike provides practical, accessible steps to strengthen ICS/OT security without overwhelming smaller teams. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

As digitalization accelerates in industrial and operational settings, Operational Technology (OT) environments have become more interconnected with enterprise IT and even cloud infrastructures. The increased connectivity often can provide more efficiency and new capabilities, but it also introduces complex security challenges. Protecting OT and IoT environments is critical but complicated due to the differences in functions and approaches to securing IT vs. OT infrastructures. Read the original blog here: https://www.kuppingercole.com/events/cyberevolution2024/blog/security-in-the-era-of-rapid-digitalization-in-operational-technology-environments

Podcast: PrOTect It All (LS 24 · TOP 10% what is this?)Episode: The Future of Automation and AI in Operational Technology with Shane CoxPub date: 2024-11-25Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn Episode 33, Aaron Crow explores the transformative impact of automation and AI in the Operational Technology (OT) sector, joined by industry expert Shane Cox from Morgan Franklin Cyber. This episode deepens how AI and automation can enhance security operations when balanced with human oversight and strategic implementation.   Shane Cox shares insights on Morgan Franklin's flexible and expert-driven approach to Managed Detection and Response (MDR) services, emphasizing the importance of tailored client partnerships and continuous collaboration. The discussion highlights the potential of AI to revolutionize security while addressing the unique challenges and risks of integrating automated solutions.   Tune in to learn how the right blend of technology, expertise, and strategy can drive effective security solutions and foster long-term client relationships in today's evolving cybersecurity landscape.   Key Moments:    05:15 Flexible, evolving security service, partnership-focused approach. 07:06 Diverse tools are essential for all organizations. 12:58 Weekend setup complete; improved over subsequent months. 15:30 MDR/XDR: Cloud-based threat detection and response. 18:21 Flexible MDR service integrates client environments efficiently. 21:38 Integration speeds up threat detection and response. 24:52 Cautious automation best balances efficiency and control. 29:50 AI assists coding by highlighting potential errors. 32:12 People are crucial for effective security automation. 35:51 Superior team preferred over superior product. 39:06 AI integration risks due to untested promises. 41:46 Adapting security training amidst AI automation challenges.   Guest Profile:    Shane Cox leads the Cyber Fusion Center at MorganFranklin Cyber where he is responsible for the delivery of managed services such as Orion MDR, Advanced Detection and Response (ADR), Threat Hunting, Adversary Simulation, Cyber Threat Intelligence (CTI), and Incident Response and Management.    Shane has over 25 years of experience in IT and Cyber Security, leading the development and optimization of security programs within enterprise and managed services environments. He has deep experience and success providing customized, business-aligned security outcomes for a diverse range of client environments and industry verticals.    How to connect with Shane:   https://www.linkedin.com/feed/update/urn:li:activity:7264640034891337730 https://www.sdxcentral.com/articles/stringerai-announcements/morganfranklin-consulting-launches-orion-mdr-service-with-stellar-cyber/2024/11/   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast  To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Recent years have seen a growing awareness of the vulnerabilities in our critical infrastructure to cyberattacks, particularly from nation-states like Russia, Iran, and China. In this episode of the IoT Security Podcast, host John Vecchi welcomes Khris Woodring, Senior Cybersecurity Architect at Syngenta, to explore the evolving challenges and opportunities in securing critical infrastructure. From his serendipitous journey into the field to actionable insights on workforce development, Khris shares how industries can overcome the persistent talent gap and drive proactive change in OT security.Key topics include:The unique challenges of bridging IT and OT security.Why workforce shortages hinder progress and how industry and academia can collaborate.The importance of standardizing roles, frameworks, and terminology.Stories of how early curiosity sparked a career in cybersecurity.Tune in for a passionate discussion on how to protect the systems that make modern life possible—and the steps we can take to secure a resilient future. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2% what is this?)Episode: Episode 416 - OT ISAC - Singapore Operational Technology Information Sharing and Analysis Summit 2024Pub date: 2024-11-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWe had the privilege of speaking with Steven Sim, Chair of the OT-ISAC Executive Committee, during the recent summit in Singapore. As a seasoned expert in operational technology (OT) cybersecurity, Sim shared valuable insights into the importance of information sharing, the growing threat of ransomware, and the transformative role of AI in cybersecurity.Kicking off the podcast, Steven introduced the Executive Committee and its pivotal role in driving OT-ISAC's mission to foster a collaborative community and promote best practices. By providing advisory support and strategic guidance, the committee ensures OT-ISAC stays at the forefront of cybersecurity initiatives.Balancing Information Sharing and ConfidentialityOne of the most pressing challenges in OT cybersecurity is striking the right balance between information sharing and safeguarding sensitive data. He explained that OT-ISAC has implemented robust measures, such as the Traffic Light Protocol and data anonymization techniques, to protect confidentiality while promoting collaboration. The platform also employs protocols like STIX and TAXII to automate the exchange of cyber threat intelligence, enabling members to quickly share and respond to emerging threats.Cross-Jurisdictional CollaborationWith cyber threats spanning borders, cross-jurisdictional collaboration is essential. Sim highlighted that OT-ISAC allows members to share threat intelligence across different regions without breaching data sovereignty regulations by anonymizing the information sources. This approach strengthens global defenses against transnational cyberattacks.The Growing Threat of RansomwareRansomware remains a significant risk to OT environments. Steven urged organizations to avoid paying ransoms, citing the risks and long-term consequences. Instead, he emphasized the importance of investing in strong business continuity and incident response plans. By focusing on resilience and preparedness, organizations can minimize their exposure to future attacks.AI's Role in OT CybersecurityHe also discussed the potential of AI in OT cybersecurity, noting its ability to streamline incident response and improve threat detection. However, he cautioned that while AI offers powerful advantages, it must be implemented with human oversight to manage the risks associated with automated systems.Steven Sim has worked for more than 25 years in the cybersecurity field with large end-user enterprises and critical infrastructures, undertaken global CISO role, driven award-winning CSO50 security governance and management initiatives and headed incident response, security architecture, technology, awareness and operations at local, regional and global levels. He leads cybersecurity across large MNC, heading 8 direct reports at Group Cybersecurity Department as well as indirect reports across regional offices and local business units in 42 countries. He oversees both IT and OT Security Governance, Global Cybersecurity Technology Management and Incident Response as well as Cyber Security Masterplan Office. Always keen to give back to the community, he also volunteers at the ISACA Singapore Chapter (which won ISACA Global Outstanding Chapter Achievement in 2022) as the President (from 2021 to 2022) and OT-ISAC (since 2021), the second key thrust of the SG's OT Cybersecurity Masterplan 2019, as Chair Executive Committee, as well as member of Geneva Dialogue Technical Community, and holds Masters in Computing, CCISO, CGEIT, CRISC, CISM, CISA, CDPSE, CISSP as well as technical certifications GICSP, GREM, GCIH and GPPA. Recorded 5th Sept 2.30pm. Singapore Operational Technology Information Sharing and Analysis Summit 2024#otcybersecurity #mysecuritytv #cybersecurity #singaporecybersecurityThe podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

In this episode of School Safety Today by Raptor Technologies, host Dr. Amy Grosso speaks with Melissa Kree about fostering resilience in students. Kree shares insights from her role in student mental health and school safety. The discussion emphasizes the role of trusted adults in supporting students, exploring how resilience involves ongoing support from families, educators, and communities.KEY POINTS:Resilience Requires Intentional Support — Students benefit from consistent support.The Importance of Trusted Adult Relationships — Trusted adults play an essential role in helping students navigate difficult experiences and build resilience.Holistic Approach to School Safety — Fostering a supportive school culture and positive student well-being are essential for school safety.Our guest, Melissa Kree is a seasoned school psychologist with over a decade of experience at Oxford Community Schools in Michigan. Since joining the district in October 2012, Kree has worked across all educational levels, from pre-kindergarten through high school. She coordinates building-level Multi-Tiered System of Supports (MTSS) teams and oversees special education evaluations. Additionally, she serves as a district-level Individualized Education Program (IEP) coach. Kree is an active member of the district's crisis team and participates in building-level threat and suicide risk assessment teams, utilizing both Behavioral Threat Assessment and Management (BTAM) and PREPaRE models. She has been an ongoing part of Oxford's response to the tragedy on November 30th, 2021, and works closely with the Executive Director of School Safety, Operational Technology, and Student Services to regularly review and implement policies and procedures, as well as lead building level teams in the implementation as situations arise. She serves on the district mental health/SEL committee and participates in county-level PREPaRE community of practice groups. Beyond her district responsibilities, she serves on the mental health and SEL committee of the Michigan Association of School Psychologists, advocating for the integration of mental health considerations in all aspects of school safety. Residing in Oxford with her husband and two children, Kree is deeply committed to the well-being and safety of her community.

We had the privilege of speaking with Steven Sim, Chair of the OT-ISAC Executive Committee, during the recent summit in Singapore. As a seasoned expert in operational technology (OT) cybersecurity, Sim shared valuable insights into the importance of information sharing, the growing threat of ransomware, and the transformative role of AI in cybersecurity.Kicking off the podcast, Steven introduced the Executive Committee and its pivotal role in driving OT-ISAC's mission to foster a collaborative community and promote best practices. By providing advisory support and strategic guidance, the committee ensures OT-ISAC stays at the forefront of cybersecurity initiatives.Balancing Information Sharing and ConfidentialityOne of the most pressing challenges in OT cybersecurity is striking the right balance between information sharing and safeguarding sensitive data. He explained that OT-ISAC has implemented robust measures, such as the Traffic Light Protocol and data anonymization techniques, to protect confidentiality while promoting collaboration. The platform also employs protocols like STIX and TAXII to automate the exchange of cyber threat intelligence, enabling members to quickly share and respond to emerging threats.Cross-Jurisdictional CollaborationWith cyber threats spanning borders, cross-jurisdictional collaboration is essential. Sim highlighted that OT-ISAC allows members to share threat intelligence across different regions without breaching data sovereignty regulations by anonymizing the information sources. This approach strengthens global defenses against transnational cyberattacks.The Growing Threat of RansomwareRansomware remains a significant risk to OT environments. Steven urged organizations to avoid paying ransoms, citing the risks and long-term consequences. Instead, he emphasized the importance of investing in strong business continuity and incident response plans. By focusing on resilience and preparedness, organizations can minimize their exposure to future attacks.AI's Role in OT CybersecurityHe also discussed the potential of AI in OT cybersecurity, noting its ability to streamline incident response and improve threat detection. However, he cautioned that while AI offers powerful advantages, it must be implemented with human oversight to manage the risks associated with automated systems.Steven Sim has worked for more than 25 years in the cybersecurity field with large end-user enterprises and critical infrastructures, undertaken global CISO role, driven award-winning CSO50 security governance and management initiatives and headed incident response, security architecture, technology, awareness and operations at local, regional and global levels. He leads cybersecurity across large MNC, heading 8 direct reports at Group Cybersecurity Department as well as indirect reports across regional offices and local business units in 42 countries. He oversees both IT and OT Security Governance, Global Cybersecurity Technology Management and Incident Response as well as Cyber Security Masterplan Office. Always keen to give back to the community, he also volunteers at the ISACA Singapore Chapter (which won ISACA Global Outstanding Chapter Achievement in 2022) as the President (from 2021 to 2022) and OT-ISAC (since 2021), the second key thrust of the SG's OT Cybersecurity Masterplan 2019, as Chair Executive Committee, as well as member of Geneva Dialogue Technical Community, and holds Masters in Computing, CCISO, CGEIT, CRISC, CISM, CISA, CDPSE, CISSP as well as technical certifications GICSP, GREM, GCIH and GPPA. Recorded 5th Sept 2.30pm. Singapore Operational Technology Information Sharing and Analysis Summit 2024#otcybersecurity #mysecuritytv #cybersecurity #singaporecybersecurity

Podcast: PrOTect It All (LS 24 · TOP 10% what is this?)Episode: Navigating Cybersecurity Challenges: AI, Tabletop Exercises, and Operational TechnologyPub date: 2024-11-04Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow is joined by Clint Bodungen, Director of Cybersecurity Innovation at Morgan Franklin Cyber and founder of Threatgen, alongside Michael Welch, Managing Director at Morgan Franklin Cyber. Together, they delve into the ever-evolving world of cybersecurity in honor of Cybersecurity Awareness Month. Aaron kicks things off by discussing the importance of iterative processes and tabletop exercises in enhancing decision-making and preparedness. The conversation then shifts to the exciting yet complex role of AI in cybersecurity, particularly in operational technology (OT) and critical infrastructure. The experts emphasize the potential of generative AI for data analysis while underscoring the need for human oversight to avoid biases and misinformation. Clint introduces an “engineering informed cyber” approach to better integrate OT and IT in managing cybersecurity risks, while Aaron stresses the importance of collaboration between cybersecurity professionals and engineers. The episode also tackles balancing convenience and security, the intricacies of password management, and the critical role of communication and trust. Listeners will gain valuable insights into AI's role in enhancing security operations, the consequences of system failures, and the debate between compliance and true security. This episode offers expert opinions, real-world examples, and practical advice for navigating today's cybersecurity challenges. Join us for a comprehensive discussion on protecting our digital world.   Key Moments:    04:20 Generative AI aids efficient GRC and cybersecurity management. 08:40 AI lacks context for verifying asset information. 11:38 Generative AI creating and automating malware tools. 15:58 Building data centers using decommissioned power plants. 17:14 Regulation growing in infrastructure for compliance security. 22:09 Compliance is binary; partial compliance isn't sufficient. 24:33 Prioritize "engineering informed cyber" for OT resilience. 28:14 Collaboration between IT and OT is essential. 33:54 Frustration with excessive video game security measures. 34:49 Cybersecurity fails due to over-engineering complexity. 40:49 Make security easy with password managers, authenticators. 42:31 AI improves tabletop exercises for comprehensive insights. 45:31 Generative AI augments human capabilities and creativity. 48:08 Automated injects streamline engagement and business continuity. 53:46 Executives misunderstand risk, leading to false security. 54:29 Strong IT security, but vulnerable weak points. About the Guests :    Clint Bodungen:    Clint Bodungen is a globally recognized cybersecurity professional and thought leader with 30 years of experience (focusing primarily on industrial cybersecurity, red teaming, and risk assessment). He is the author of two best-selling books, "Hacking Exposed: Industrial Control Systems" and “ChatGPT for Cybersecurity Cookbook. Clint is a United States Air Force veteran and has worked for notable cybersecurity firms like Symantec, Booz Allen Hamilton, and Kaspersky Lab, and is currently the founder of ThreatGEN and Director of Cybersecurity Innovation at Morgan Franklin Consulting. Renowned for his creative approach to cybersecurity education and training, he has been at the forefront of integrating gamification and AI applications into cybersecurity training; he created ThreatGEN® Red vs. Blue, the world's first online multiplayer computer designed to teach real-world cybersecurity. His latest innovation is AutoTableTop, which uses the latest generative AI technology to automate, simplify, and revolutionize IR tabletop exercises. As AI technology continues evolving, so does his pursuit of helping revolutionize the cybersecurity industry using gamification generative AI. Connect Clint at - https://www.linkedin.com/in/clintb/   Michael Welch :    Michael Welch has over twenty-five years of expertise in Governance, Risk Management, Compliance and Cybersecurity.  In his role as Sector Lead, Michael  will focus on the importance of cybersecurity in Utilities and Industrial Manufacturing.  Michael understands that robust cybersecurity measures are not just a regulatory requirement but are pivotal in safeguarding the resilience of organizations, safety of its people, and overall economic stability.  Michael has worked for organizations such as NextEra and Duke Energy as well as engineering firm Burns & McDonnell.  In addition, he was the Global CISO for the food manufacturing firm OSI Industries.Some of the certifications he has obtained through his career are Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Global Industrial Cyber Security Professional (GICSP), Certified Data Privacy Solutions Engineer (CDPSE) and CMMC - Registered Practitioner Advanced (RPA).  Connect Michael Welch at : https://www.linkedin.com/in/michael-welch-93375a4/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.coThe podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Businesses and government organizations have seen threats to critical US infrastructure on the rise in recent years, particularly within IoT and OT systems, posed by cyberattacks, notably from state actors like Iran. With that context, Joel Goins, a veteran of manufacturing, oil and gas, and OT security at large, talks with John Vecchi about the critical need for enhanced security measures for data centers and other vital components, the vulnerabilities present in IoT devices, and the essential steps companies must take to safeguard against both traditional and emerging cyber threats. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

On this episode of “Don't Take No for An Answer,” Lynda A. Bennett, Chair of Lowenstein's Insurance Recovery Group, speaks with David Anderson, Vice President of Cyber at Woodruff Sawyer, about the difference between operational technology (OT) and informational technology (IT). They discuss how system failures or cyber-attacks on a company's OT system may not only give rise to risks to data security, but also may have real world consequences, from business interruption and wasted inventory to physical injury and environmental damage. Lynda and David stress the need for policyholders to carefully understand and negotiate their cyber insurance coverage to cover all potential OT impacts—preferably at the purchase phase, and not after a failure has occurred.  Speakers: Lynda A. Bennett, Partner and Chair, Insurance RecoveryDavid Anderson, CIPP/US, Vice President, Cyber Liability, Woodruff-Sawyer & Co

Podcast: Manufacturing Happy Hour (LS 43 · TOP 1.5% what is this?)Episode: 204: OT Security Best Practices for Manufacturers with Fortinet's Rich SpringerPub date: 2024-09-24Is your shop floor as secure as you think it is? Innovation in the manufacturing world has made IT-OT convergence much more commonplace today, but is the industry taking the potential risks seriously enough? In this episode, we hear from Fortinet's Director of Marketing for OT Solutions, Rich Springer, about the real threats facing manufacturers within OT networks, and why effective OT security is a non-negotiable today...Rich brings bags of experience to the table, from his early days in furniture and glass factories to his time as a Navy submarine officer and later as the global head of SCADA operations for a major wind turbine company. He shares how these experiences shaped his understanding of the unique cybersecurity challenges facing the manufacturing sector. Painting a picture of how an OT threat can bring production to a standstill, Rich recommends that manufacturers use tabletop exercises to assess risk points and their impact on the whole production line. Rich also explains that part of protecting your OT network is about getting IT and OT teams to work together, and he gives practical advice on how to bridge the gap.In this episode, find out:Rich explains Fortinet's position on OT network security We hear about Rich's diverse career background and how his previous roles prepared him for his role at Fortinet The current state of OT convergence and why companies are yet to take actionRich breaks the misconception that air gaps will protect manufacturers from digital threats Advice for better collaboration between IT and OT teams Rich explains why he's optimistic that manufacturers are paying attention to the right things in securityWhat the report says about manufacturers and their approach to OT systems todayWhat it takes for cybersecurity experts to get executives to pay attention to the threats facing OTHow to run a tabletop exercise to assess threat and impact on production What surprises Rich most about cybersecurity in manufacturing todayEnjoying the show? Please leave us a review here. Even one sentence helps. It's feedback from Manufacturing All-Stars like you that keeps us going!Tweetable Quotes:“The separation of duties should be decided on the tabletop exercise, not when the fire is burning.”“The technology has evolved. So therefore, it has made this air gap strategy a little less realistic over the years. And this is a common challenge.”“When the systems go down, they go to paper. So if the line hasn't stopped, what happens with our suppliers if we have to go paper? Take your tabletop exercise to that level.”Links & mentions:Advancing Digital Transformation in a Time of Unprecedented Cybersecurity Risk, a report on how digital transformation in manufacturing has driven a widespread need for cybersecurity awareness2024 State of Operational Technology and Cybersecurity Report, Fortinet's report on OT cybersecurity Make sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.The podcast and artwork embedded on this page are from Chris Luecke, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2% what is this?)Episode: Episode 413 - Operational Technology (OT) Cybersecurity - Episode 4Pub date: 2024-09-22This episode dives into OT Cybersecurity and discusses:SCADA, ICS & IIoT CybersecurityHow do we define an OT-related cyber incident?What are the leading standards and guidelines for managing OT Cybersecurity and resilience?Threat intelligence and suitable ISAC modelsVendor platform insights and cyber maturity landscapeSpeakers include:Daniel Ehrenreich, Secure Communications and Control ExpertsLesley Carhart, Director of Incident Response - DragosIlan Barda, Founder - RadiflowRahul Thakkar, Team Lead, System Engineering, ANZ, ForescoutDean Frye, Solutions Architect ANZ, Nozomi NetworksTo visit and subscribe to the full series visit https://mysecuritymarketplace.com/security-risk-professional-insight-series/#mysecuritytv #otcybersecurityFurther reading:https://mysecuritymarketplace.com/reports/your-guide-to-nis2-compliance/ https://www.forescout.com/research-labs/ot-iot-routers-in-the-software-supply-chain/https://cyberriskleaders.com/critical-infrastructure-organisations-remain-poorly-prepared-against-cyber-attacks/The podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Is your shop floor as secure as you think it is? Innovation in the manufacturing world has made IT-OT convergence much more commonplace today, but is the industry taking the potential risks seriously enough? In this episode, we hear from Fortinet's Director of Marketing for OT Solutions, Rich Springer, about the real threats facing manufacturers within OT networks, and why effective OT security is a non-negotiable today...Rich brings bags of experience to the table, from his early days in furniture and glass factories to his time as a Navy submarine officer and later as the global head of SCADA operations for a major wind turbine company. He shares how these experiences shaped his understanding of the unique cybersecurity challenges facing the manufacturing sector. Painting a picture of how an OT threat can bring production to a standstill, Rich recommends that manufacturers use tabletop exercises to assess risk points and their impact on the whole production line. Rich also explains that part of protecting your OT network is about getting IT and OT teams to work together, and he gives practical advice on how to bridge the gap.In this episode, find out:Rich explains Fortinet's position on OT network security We hear about Rich's diverse career background and how his previous roles prepared him for his role at Fortinet The current state of OT convergence and why companies are yet to take actionRich breaks the misconception that air gaps will protect manufacturers from digital threats Advice for better collaboration between IT and OT teams Rich explains why he's optimistic that manufacturers are paying attention to the right things in securityWhat the report says about manufacturers and their approach to OT systems todayWhat it takes for cybersecurity experts to get executives to pay attention to the threats facing OTHow to run a tabletop exercise to assess threat and impact on production What surprises Rich most about cybersecurity in manufacturing todayEnjoying the show? Please leave us a review here. Even one sentence helps. It's feedback from Manufacturing All-Stars like you that keeps us going!Tweetable Quotes:“The separation of duties should be decided on the tabletop exercise, not when the fire is burning.”“The technology has evolved. So therefore, it has made this air gap strategy a little less realistic over the years. And this is a common challenge.”“When the systems go down, they go to paper. So if the line hasn't stopped, what happens with our suppliers if we have to go paper? Take your tabletop exercise to that level.”Links & mentions:Advancing Digital Transformation in a Time of Unprecedented Cybersecurity Risk, a report on how digital transformation in manufacturing has driven a widespread need for cybersecurity awareness2024 State of Operational Technology and Cybersecurity Report, Fortinet's report on OT cybersecurity Make sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.

This episode dives into OT Cybersecurity and discusses:SCADA, ICS & IIoT CybersecurityHow do we define an OT-related cyber incident?What are the leading standards and guidelines for managing OT Cybersecurity and resilience?Threat intelligence and suitable ISAC modelsVendor platform insights and cyber maturity landscapeSpeakers include:Daniel Ehrenreich, Secure Communications and Control ExpertsLesley Carhart, Director of Incident Response - DragosIlan Barda, Founder - RadiflowRahul Thakkar, Team Lead, System Engineering, ANZ, ForescoutDean Frye, Solutions Architect ANZ, Nozomi NetworksTo visit and subscribe to the full series visit https://mysecuritymarketplace.com/security-risk-professional-insight-series/#mysecuritytv #otcybersecurityFurther reading:https://mysecuritymarketplace.com/reports/your-guide-to-nis2-compliance/ https://www.forescout.com/research-labs/ot-iot-routers-in-the-software-supply-chain/https://cyberriskleaders.com/critical-infrastructure-organisations-remain-poorly-prepared-against-cyber-attacks/

In this inspiring episode of Navigating the Grid, we sit down with Adib Abdulzai, Vice President of Operational Technology & Security, to explore his remarkable journey in the renewable energy industry. From overcoming significant challenges as an immigrant chasing the American dream to rising through the ranks in compliance and technology, Adib shares how resilience, determination, and grit have been crucial to his success. Discover the obstacles he faced, the lessons he learned, and how his story can inspire others to pursue their dreams, no matter the odds. Tune in for an insightful conversation on the role of perseverance in achieving career success and shaping the future of renewables.

Join us for exclusive conversations with top supply chain and technology thought leaders. We are excited to launch our new season of OpTech Insights as we dive deep into proven technologies and emerging trends essential for staying ahead in today's fast-paced supply chain environment.We have an exciting line up of some top industry experts who will be sharing their insights and experiences, covering innovative solutions and strategic approaches that drive your business and people forward. Whether you're looking to optimize operations, enhance your competitive edge, or stay informed about the latest industry developments, OpTech Insights is your go-to resource.Hosted by Todd Greenwald, OpTech Insights offers unparalleled expertise and insights, making it the perfect guide through the complexities of supply chain and industry trends.Tune in and stay ahead of the curve with OpTech Insights – where technology and operational expertise intersect.Audio Engineer & Production: Neo GreenwaldWant to learn more: Heartland Blog & News

Podcast: Error Code (LS 25 · TOP 10% what is this?)Episode: EP 39: Hacking Water Systems and the OT Skills GapPub date: 2024-06-18A critical skills gap in Operational Technology security could have a real effect on your water supply and other areas of the critical infrastructures. Christopher Walcutt from DirectDefense explains how the IT OT convergence, and the lack of understanding of what OT systems are, might be contributing to the spate of water systems attacks in 2024. The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Error Code (LS 25 · TOP 10% what is this?)Episode: EP 39: Hacking Water Systems and the OT Skills GapPub date: 2024-06-18A critical skills gap in Operational Technology security could have a real effect on your water supply and other areas of the critical infrastructures. Christopher Walcutt from DirectDefense explains how the IT OT convergence, and the lack of understanding of what OT systems are, might be contributing to the spate of water systems attacks in 2024. The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

A critical skills gap in Operational Technology security could have a real effect on your water supply and other areas of the critical infrastructures. Christopher Walcutt from DirectDefense explains how the IT OT convergence, and the lack of understanding of what OT systems are, might be contributing to the spate of water systems attacks in 2024.

In today's episode of School Safety Today by Raptor Technologies, join host Dr. Amy Grosso as she sits down with Dr. Allison Willemin, Executive Director of School Safety, Operational Technology, and Student Services at Oxford Community Schools, Michigan. Together, they delve into the crucial topic of school safety during the summer months, focusing on practical strategies for preparing for the new school year. KEY POINTS: The importance of aligning priorities with district goals while focusing on manageable small steps The need for collaboration across different departments, as well as city and county agencies Continuous training and engagement with staff allow for school safety to be part of the school climate Go-to places for school safety resources. Where to start, websites, organizations, and associations Dr. Allison Willemin earned her Doctor of Education in Professional Leadership, Inquiry, and Transformation from Concordia University. She also holds a Master of School Administration from the University of North Carolina at Pembroke and a Bachelor of Science in Elementary Education from Oakland University. Dr. Willemin has dedicated her career to children's education and remains a lifelong learner. Her extensive experience spans various roles within school districts in North Carolina and Texas, and she currently serves as the Executive Director of School Safety, Operational Technology, and Student Services at Oxford Community Schools in Michigan. She holds numerous certifications across multiple educational disciplines.

Explore the intricate challenges and solutions in managing OT cybersecurity, particularly emphasizing the importance of active querying over passive deep packet inspection, with Michael Lester, Senior Product Security Engineer at Rockwell Automation! Lester underscores the necessity of segmenting networks, improving visibility, and fostering collaboration between IT and OT teams to mitigate risks and enhance security. His journey, from passionate mentorship to pursuing a PhD, exemplifies a commitment to advancing industrial cybersecurity frameworks and education. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, we're diving deep into the world of Operational Technology (OT) and IoT security, exploring the critical challenges and evolving threat landscape that are impacting sectors from manufacturing to critical infrastructure and healthcare. With insights from Patrick Gillespie, an OT expert at GuidePoint Security, we'll discuss the convergence of IT and OT systems, the risks introduced by COVID-19, and the advanced solutions from providers like Phosphorus that are combatting these threats. Patrick also sheds light on his personal journey from military service to a cybersecurity career, and the essential steps organizations should take to bolster their OT security, from embracing cyber hygiene to implementing robust security programs. Join us as we uncover the pressing issues facing IoT security today and how innovations are driving a safer, more secure operational environment. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Guest: Christina Stokes, Host, On Cyber & AI Podcast, Founder of Narito CybersecurityOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/christina-stokesOn LinkedIn | https://www.linkedin.com/in/xTinaStokes/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThe Evolution of CybersecurityThe dialogue initiated by Sean, Christina, and Marco shed light on how cybersecurity has matured over the years. From the early days of hacking as a hobby to the current focus on ethical practices, the panelists emphasized the importance of adapting to the changing technological landscape. They discussed how regulations, policies, and laws have played a crucial role in shaping the cybersecurity industry, emphasizing the need for responsible use of technology to prevent it from becoming a monster.AI and Its ImplicationsThe conversation also touched upon the growing role of Artificial Intelligence (AI) in cybersecurity. While AI has brought about advancements in threat detection and response, there are concerns about privacy and data protection. The panelists emphasized the importance of using AI ethically and responsibly to avoid potential risks associated with its misuse.Supply Chain VulnerabilitiesA significant portion of the discussion revolved around supply chain vulnerabilities and the interconnected nature of global industries. The experts highlighted the importance of understanding and securing supply chains, particularly in the context of operational technology and manufacturing processes. They stressed the need for resilience and innovation to address evolving cybersecurity threats.The Human Element in CybersecurityThroughout the conversation, the experts reiterated the significance of human connections and collaborations in the cybersecurity domain. They emphasized the need for organizations to invest in education, training, and building strong relationships within the industry to combat cyber threats effectively. The dialogue underscored the essential role of people in securing digital ecosystems and fostering a culture of cybersecurity awareness.Looking Towards the FutureAs the discussion came to a close, Sean, Christina, and Marco expressed optimism about the future of cybersecurity. They discussed upcoming trends such as Generative AI, AI Bill of Materials, and the continued focus on governance, data security, and AI ethics. The experts highlighted the importance of ongoing conversations, collaborations, and innovation in driving the industry forward.This insightful chat at RSAC 2024 offered valuable perspectives on the current challenges and opportunities in cybersecurity. The experts' nuanced discussions about AI, supply chain vulnerabilities, and human-centric cybersecurity shed light on the complex nature of the digital threat landscape. As we navigate the evolving cybersecurity landscape, collaboration, innovation, and a shared commitment to ethical practices will be key to ensuring a secure digital future.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageOn YouTube:

In a recent episode recorded live at the RSA Conference, an insightful discussion unfolded between Sean Martin and Chris Walcutt on the intersection of operational technology (OT) and cybersecurity. The conversation look into the challenges, insights, and best practices surrounding these vital areas of technology. Let's dive deeper into the key takeaways from this engaging dialogue.Bridging the Gap Between IT and OTChris emphasized the importance of collaboration between IT and OT teams, highlighting the need for mutual understanding and cooperation. By fostering communication and building trust, organizations can navigate the complexities of integrating IT and OT systems effectively.Understanding Critical InfrastructureOne of the key insights shared by Chris revolved around the critical nature of infrastructure, particularly in sectors such as energy, water, and manufacturing. The emphasis on resilience-based risk assessments and the need to comprehensively evaluate vulnerabilities underscored the importance of proactive cybersecurity measures.The Purdue Model and Practical ApproachesChris shed light on the Purdue model, a framework often referenced in the OT space. While acknowledging its value, he emphasized the need for practical implementations tailored to individual environments. Simplifying zones and focusing on critical operational aspects can enhance security without compromising system performance.Fostering Resilience through CollaborationThe conversation underscored the significance of resilience in cybersecurity efforts. By fostering collaboration, implementing tailored security measures, and leveraging expertise across IT and OT domains, organizations can bolster their resilience to cyber threats effectively.Procurement as a Strategic AllyAn insightful recommendation from Chris highlighted the role of procurement as a strategic ally in the cybersecurity landscape. Educating procurement teams on the specific needs of OT systems and integrating cybersecurity requirements into vendor contracts can fortify defense mechanisms and mitigate risks.The dialogue between Sean Martin and Chris Walcutt offered a comprehensive glimpse into the dynamic realm of operational technology and cybersecurity. By emphasizing collaboration, risk assessment, and strategic partnerships, organizations can navigate the evolving cybersecurity landscape with resilience and adaptability.The insights shared in this conversation serve as a valuable resource for IT and OT professionals seeking to enhance their cybersecurity practices and fortify critical infrastructure against potential threats. Embracing a proactive and collaborative approach can pave the way for a more secure and resilient technological ecosystem.Learn more about DirectDefense: https://itspm.ag/directdef-gs7Note: This story contains promotional content. Learn more.Guest: Chris Walcutt, Chief Security Officer at DirectDefense [@Direct_Defense]On LinkedIn | https://www.linkedin.com/in/christopher-walcutt-cism-cissp-45a6631/ResourcesLearn more and catch more stories from DirectDefense: https://www.itspmagazine.com/directory/directdefenseView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Today on Cyber Work, we continue our deep dive into industrial control systems and operational technology security by talking with Donovan Tindill of DeNexus. Now, I'm just going to come out and say it: Tindill's episode is like a cybersecurity career seminar in a box, and a must-not-miss if you're interested in not just ICS and OT security, but specifically the realm of Risk Assessment. Tindill brought slides and literally lays out his entire career for us to see, including the highs and even some of the lows, and what he learned from them. He explains the fuzzy distinctions between ICS security and the act of determining risk for said systems, gives us a 60 year history of the increasing attack surface and number or risk types associated with operational technology, and gives us tons of great career advice and ways to get started. 0:00 - Careers in operational technology2:01 - Donovan Tindill's interest in tech5:30 - Tindill's career roles in cybersecurity 10:42 - The jump to a supervision role13:19 - Average day for a director of OT cybersecurity 18:39 - Volunteerism with Public Safety Canada 22:57 - Tindill's talk on active directory a decade later23:43 - Current operational technology challenges29:26 - New SEC regulations 33:54 - Thoughts on the SEC regulations35:37 - How to work in OT, ICS or risk assessment40:34 - Skill gaps for OT, ICS and risk management 42:44 - Tindill's favorite work45:36 - Best cybersecurity career advice48:22 - What is DeNexus? 52:22 - Learn more about Tindill and DeNexus53:22 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

Guest: Jack Cable, Senior Technical Advisor at CISA [@CISAgov]On LinkedIn | https://linkedin.com/in/jackcableOn Twitter | https://twitter.com/jackhcableCISA on LinkedIn | https://www.linkedin.com/company/cisagov/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin invites Jack Cable, Senior Technical Advisor at CISA (U.S. Cybersecurity and Infrastructure Security Agency), to discuss the concept of 'Secure by Design' and the importance of incorporating security into the development process of technology products. The episode explores the motivations behind CISA's 'Secure by Design' initiative, which aims to shift the responsibility for cybersecurity from end users to technology manufacturers.During the conversation, Jack highlights the need for long-term investments in cybersecurity and emphasizes the role of business leaders in driving necessary security improvements. The conversation explores the core principles of 'Secure by Design', including technology manufacturers taking ownership of security outcomes for their customers, promoting radical transparency and accountability, and ensuring top business leadership drives security improvements. The episode also touches on the collaboration between CISA and the open-source community to foster greater security improvements in the open-source space.Jack also shares success stories of companies effectively implementing 'Secure by Design' principles and highlights the economic and business factors that will drive a more secure future. The episode concludes with a call-to-action for organizations to adopt the 'Secure by Design' approach and engage with CISA to support the shift towards more secure software.Top Key Insights:The 'Secure by Design' initiative is aiming to shift the burden of cybersecurity from end users to the technology manufacturers, essentially pushing for a more proactive approach to security.Successful adoption of 'Secure by Design' requires buy-in from business leaders who possess the power to allocate budgets and direct the shift towards a secure future, demonstrating that cybersecurity is as much a business issue as a technical one.Collaboration with the open-source community is crucial for improving security in the technology ecosystem. This includes expectaing companies who use open-source software to be responsible consumers and sustainable contributors to the open-source software ecosystem.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

In this episode of Trust Issues, the conversation revolves around the challenges and transformations in operational technology (OT) security. Guest Mike Holcomb, the Fellow of Cybersecurity and the ICS/OT Cybersecurity Lead at Fluor shares insights with host David Puner on securing legacy systems, the impact of generative AI – and the evolving threat landscape. From addressing security challenges in manufacturing plants to the skills gap in OT cybersecurity, the episode provides an overview of the current state and future prospects of securing critical infrastructure. Holcomb also emphasizes the importance of identity in OT security and offers practical advice for organizations looking to enhance their cybersecurity posture. Check out the episode to explore the dynamic intersection of IT and OT – and how it spotlights the urgent need for robust cybersecurity measures in an evolving digital landscape.