Podcasts about Operational technology

  • 151PODCASTS
  • 325EPISODES
  • 35mAVG DURATION
  • 1EPISODE EVERY OTHER WEEK
  • Apr 15, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about Operational technology

Latest podcast episodes about Operational technology

IoT Security Podcast
Identity, AI, and the Unseen Threats in Healthcare Cybersecurity – with vCISO Jason Taule

IoT Security Podcast

Play Episode Listen Later Apr 15, 2025 34:51


Healthcare IoT systems are increasingly targeted by cyber threats, necessitating a shift in strategy from isolated, organization-specific responses to a collaborative, ecosystem-wide approach. James McCarthy sits down with vCISO and 30-year information assurance and cybersecurity veteran Jason Taule. Taule brings important insights into the challenges faced by healthcare providers due to regulatory pressures, financial constraints, and technological advancements, urging both manufacturers and providers to participate in a unified security effort. Emphasizing the critical need for proactivity,  Taule also calls for a balance between regulation and adaptability in safeguarding these critical infrastructures. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

My Climate Journey
Securing the Energy Grid from Cyber Threats with Xage Security

My Climate Journey

Play Episode Listen Later Mar 27, 2025 38:31


Roman Arutyunov is the Co-founder and SVP of Products at Xage Security, a Series B startup focused on protecting critical infrastructure—including energy systems—from cyber threats. Xage is backed by investors like Chevron Technology Ventures, Aramco, Piva Capital, Valor Equity Partners, and Overture.Cybersecurity is a growing concern as our energy systems become more distributed, electrified, and digitally connected. We spoke with Roman about the vulnerabilities in today's infrastructure, the motivations behind cyberattacks, and how the rise of AI is changing the cybersecurity landscape.In this episode, we cover: [2:11] Introduction to Xage Security[3:12] Cybersecurity 101: Ransomware, nation-state threats, and attacker motivations[7:10] Operational tech (OT) vs. information tech (IT)[13:29] Xage's Zero Trust security approach[15:45] Customer segments and differing security challenges[20:47] Navigating regulations vs. fast deployment timelines[23:40] How AI is shaping both threats and defenses[28:00] When multifactor authentication becomes a vulnerability[31:59] Real-world cyberattacks on energy systems[34:10] Xage's funding history and growth trajectoryEpisode recorded on Feb 20, 2025 (Published on Mar 26, 2025) Enjoyed this episode? Please leave us a review! Share feedback or suggest future topics and guests at info@mcj.vc.Connect with MCJ:Cody Simms on LinkedInVisit mcj.vcSubscribe to the MCJ Newsletter*Editing and post-production work for this episode was provided by The Podcast Consultant

IoT Security Podcast
The Wild West of IoT: Hacking and Securing Devices with Matt Brown

IoT Security Podcast

Play Episode Listen Later Mar 25, 2025 34:30


Matt Brown, Hardware Security Researcher, Bug Bounty Hunter, and Founder of Brown Fine Security, leaves nothing to the imagination in this conversation with host Eric Johansen on the world of embedded devices and cybersecurity. Matt shares his journey from childhood tinkering to professional vulnerability research, offering insights into the complexities of IoT attack surfaces, legacy system challenges, and real-world hacking experiences. The conversation covers everything from surprising device vulnerabilities to practical advice for aspiring IoT hackers, including why off-brand devices are a great starting point. Plus, Matt reveals some of the sketchy smart devices in his own home and why understanding your threat model is key to robust security. It's an unfiltered look into the intersection of curiosity, technology, and defense strategies in today's connected world.You may know Matt from his hit YouTube channel at https://www.youtube.com/@mattbrwn. If you like hardware, taking gear apart, and digging into what makes devices vulnerable, you're definitely going to want to give it a look. You can also find Matt Brown at the following places:brownfinesecurity.comlinkedin.com/in/mattbrwntwitter.com/nmatt0github.com/nmatt0reddit.com/user/mattbrwn0 Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Augmented - the industry 4.0 podcast
Operational Excellence at Enterprise Scale with Stanley Black & Decker's Audrey Van de Castle

Augmented - the industry 4.0 podcast

Play Episode Listen Later Mar 19, 2025 42:22


This week's guest is Audrey Van de Castle (https://www.linkedin.com/in/audrey-van-de-castle/), Senior Director of Operational Excellence Technology at Stanley Black & Decker. Audrey breaks down the challenges of scaling digital initiatives across 100+ manufacturing sites, how to balance governance with citizen development, and the need to move past the buzzwords and invest in technology that can make a difference on the shop floor today. She also shares insights into her unconventional career path from running a makerspace to becoming a digital transformation leader, best practices for working with IT, and her passion for building fighting robots (https://youtu.be/4fbwtajq5XA). Augmented Ops is a podcast for industrial leaders, citizen developers, shop floor operators, and anyone else that cares about what the future of frontline operations will look like across industries. This show is presented by Tulip (https://tulip.co/), the Frontline Operations Platform. You can find more from us at Tulip.co/podcast (https://tulip.co/podcast) or by following the show on LinkedIn (https://www.linkedin.com/company/augmentedpod/). Special Guest: Audrey Van de Castle.

IoT Security Podcast
The Symbiosis of Tech and Nature: Securing Agriculture with Bill Lucas

IoT Security Podcast

Play Episode Listen Later Feb 25, 2025 42:53


In this episode, host Eric Johansen welcomes Bill Lucas, Senior Director of Cybersecurity at Mastronardi Produce, to explore the evolving security challenges in agricultural IoT. With over sixteen years of experience across the automotive, healthcare, and tech industries, Bill brings a deep understanding of enterprise risk management, endpoint security, and cyber defense—now applied to one of the world's most critical industries: food production.Bill and Eric explore the unique cybersecurity risks in modern agriculture, from UV robots to robotic bees, and discuss how automation, sensor networks, and supply chain security play pivotal roles in securing these technologies. Bill also shares his personal career journey, offering valuable insights for professionals looking to strengthen their IoT security strategies.Join us for a compelling conversation about the intersection of innovation and cybersecurity in the agricultural sector—and what it takes to secure the future of connected farming. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

ITSPmagazine | Technology. Cybersecurity. Society
From Signaling to Safety: Protecting Critical Infrastructure and the Modern Railway from Digital Threats | A Conversation with Fahad Mughal | Redefining CyberSecurity with Sean Martin

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Jan 31, 2025 52:43


Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Redefining CyberSecurity
From Signaling to Safety: Protecting Critical Infrastructure and the Modern Railway from Digital Threats | A Conversation with Fahad Mughal | Redefining CyberSecurity with Sean Martin

Redefining CyberSecurity

Play Episode Listen Later Jan 31, 2025 52:43


Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

IoT Security Podcast
IoT Lessons We Learned in 2024

IoT Security Podcast

Play Episode Listen Later Jan 29, 2025 25:51


What did 2024 teach us about securing the IoT and OT landscape? In this special 2024 lookback episode, Alex Nehmy, Asia Pacific CTO at Phosphorus, revisits impactful moments from industry experts and IoT Security Podcast guests, including Jason Taule,  Patrick Gillespie,  Sean Tufts, Michael Lester, Joel Goins, Khris Woodring, Mike Holcomb, and John Threat who share their unique journeys and lessons-learned in the realm of IoT security and beyond. Reflecting on learnings from 2024 and looking ahead at 2025, the discussion spans...• Why remediation beats endless assessments in IoT security.• Overcoming challenges with legacy systems and device management.• Trends shaping the future of Cyber-Physical Systems.• The power of community in tackling cybersecurity risks. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

IoT Security Podcast
A PLC Might Say "Oh No": Unlocking Comprehensive Asset Visibility with Enrique Martinez

IoT Security Podcast

Play Episode Listen Later Jan 7, 2025 46:19


In this episode, host and xIoT security evangelist John Vecchi sits down with Enrique Martinez, OT/IoT Practice Lead at World Wide Technology (WWT), to explore the critical challenges and solutions in securing OT and IoT environments. Enrique shares his journey into cybersecurity, highlights the importance of asset visibility, and discusses how AI is transforming both defense and risk in the cyber-physical world.Key Topics Covered:The foundational importance of asset awareness and behavior analysis.How IT/OT convergence increases vulnerabilities and the need for layered security.Challenges in securing legacy systems and balancing risk with safety.How AI can enhance data analytics, decision-making, and security in OT.Practical insights on remediation and accelerating asset discovery.Featured Insights:“It all starts with asset awareness—knowing what you have and how it behaves is the first step to securing it.”“AI offers great potential for security, but with cyber-physical systems, safety and availability must always come first.” Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

The RIPE Labs Podcast
Detecting Cyber Threats to Critical Systems

The RIPE Labs Podcast

Play Episode Listen Later Dec 19, 2024 34:31


It is no longer unusual for Operational Technology systems to be connected to IT systems and the Internet, but this leaves them increasingly open to cyber threats. Daniel Kapellmann, Security Engineering Manager at Google Threat Intelligence, talks about how convergence of OT with IT systems amplifies risk and what's involved in detecting threats. Hosted on Acast. See acast.com/privacy for more information.

IoT Security Podcast
Strategies for Industrial Resilience: Insights from Mark Mattei

IoT Security Podcast

Play Episode Listen Later Dec 17, 2024 41:04


In this episode, Mark Mattei, Global Director of Industrial Managed Security Services at 1898 & Company, unpacks the high-stakes challenges of protecting vital systems from sophisticated attacks. Host John Vecchi highlights the critical issues surrounding IoT and OT security within industrial critical infrastructure. From the importance of cybersecurity in industrial environments to the practical challenges of compliance and regulation and strategies for mitigating cybersecurity threats without compromising operational integrity, Mark shares key insights and actionable advice for operators in today's volatile security landscape.Listeners of this episode will hear about...The Growing Complexity of OT and IT Security Needs: Mark discusses the increasing sophistication of threats targeting critical infrastructure, including state-sponsored attacks and ransomware, and the complexities operators face in balancing security needs with uninterrupted operations. Challenges with Compliance and Budget Constraints: Critical infrastructure operators often face budgetary and regulatory challenges that limit their ability to invest in cybersecurity. Navigating mandates like NERC CIP and adapting to regulatory changes is essential but can detract from proactive security efforts. Building a Supportive Community: Mark encourages operators to reach out within the OT security community for advice and support. With limited experts in this field, sharing knowledge and collaborating can make a significant difference for smaller utilities and organizations facing resource constraints.  Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

The Gate 15 Podcast Channel
The Gate 15 Interview EP 53. CISA's JCDC, plus! Love for Boston, love for potatoes, love for cats, and love for cyber.

The Gate 15 Podcast Channel

Play Episode Listen Later Dec 11, 2024 51:40


In this episode of The Gate 15 Interview, Andy Jabbour speaks with Jeri Rogish and Mitchell Freddura, both with the Cybersecurity and Infrastructure Security Agency (CISA) and CISA's Joint Cyber Defense Collaborative (JCDC). Jeri serves as Deputy Chief of JCDC's Product Development Section and Mitch serves in the Partnerships Office. Jeri on LinkedIn. Mitch on LinkedIn. For further information about participating, email cisa.jcdc@cisa.dhs.gov. Discussed in the podcast: Jeri & Mitch's Backgrounds. JCDC background. How the JCDC is “uniting the global cyber community.” Best practices to support a “coordinated defensive cyber posture.” “Implementing comprehensive, whole-of-nation cyber defense plans” to address risks, coordinate action, and build national resilience. Building a joint understanding of challenges and opportunities for our nation's cyber defense. Networks of networks & private-public partnership  The NCIRP Public Comment period coming soon! We play Three Questions and talk moments from high school, favorite foods, big hearts and sports teams no one wants to hear about… Selected links: Joint Cyber Defense Collaborative (JCDC) CISA Launches New Joint Cyber Defense Collaborative (05 Aug 2021) JCDC Success Stories | CISA JCDC Artificial Intelligence Cyber Tabletop Exercise Series Shaping the legacy of partnership between government and private sector globally: JCDC Cybersecurity Resources for High-Risk Communities JCDC Builds Foundation for Pipelines Cyber Defense Planning Effort Additional resources: 2024 JCDC Priorities Enhanced Visibility and Hardening Guidance for Communications Infrastructure PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure Living off the Land (LoTL) Guidance Cybersecurity Resources for High-Risk Communities | CISA Securing Open Source Software in Operational Technology | CISA Improving Security of Open Source Software in Operational Technology and Industrial Control Systems

Security Breach
AI Is Exposing Your Most Vulnerable Attack Surface

Security Breach

Play Episode Listen Later Dec 9, 2024 36:04


According to Fortinet's 2024 State of Operational Technology and Cybersecurity Report, 43 percent of those surveyed reported a loss of business critical data or intellectual property so far in 2024– a number this is up nearly 10 percent from last year. And we all know what happens with this hijacked data. Per the World Economic Forum's May 2024 white paper, the number of ransomware attacks on industrial infrastructure doubled in 2023, boosting ransomware to the leading concern for manufacturers, with 40 percent citing it as their top issue. While that may not surprise you, this might - due to the many challenges we've discussed here on Security Breach, the industrial sector now accounts for 71 percent of all ransomware attacks. Our data is valuable and the hackers know it.To offer some perspective on protecting this data, we sat down with Karthik Krishnan, CEO of Concentric.ai – a leading provider of data security posture management solutions. Watch/listen as he provides insight on:Prioritizing and limiting data access to lessen the blast radius.How data, especially customer data, is essentially the "new oil."Reversing your mindset to think about "data out" instead of "user in".The generative AI advancements that continue to be made, and how they're producing more complex phishing and ransomware attacks.  Why it has become easier for hackers to get a foothold on your network.The best ways to shore up your weakest security link - employees.How it all starts with data discovery and visualization, then prioritization.A look at the money involved with remediation and response costs versus proper planning and defense prep.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor.Everyday AI: Your daily guide to grown with Generative AICan't keep up with AI? We've got you. Everyday AI helps you keep up and get ahead.Listen on: Apple Podcasts SpotifyTo catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you'd like to have us explore on Security Breach, you can reach me at jeff@ien.com. To download our latest report on industrial cybersecurity, The Industrial Sector's New Battlefield, click here.

Federal Tech Podcast: Listen and learn how successful companies get federal contracts

 While everybody is focusing on Artificial Intelligence, malicious actors are going after the soft underbelly of modern technology: operational technology, or OT.  Today, we take a look at the increasing threat of cyber-attacks on operational technology (OT) systems, which are often not built with security in mind. Operational Technology is represented by control systems, logic controllers, and other end points found in critical infrastructure like water and systems that generate energy, like oil, natural gas and even nuclear. Today's experts share ideas on how to mitigate risk through. Collaboration: Throughout the federal government communities are being formed that seek to share information on OT threats.  For example, CISA has a Joint Cyber Defense Collaborative that serves as a clearing house for communication between industry and the federal government. Continuous monitoring:  Marty Edwards works on several federal committees to try to establish data formats that would allow for interoperability to monitor attacks and update existing operational technology. Proactive measures:  Jonathan Feibus from the NRC shares that 90% of the systems he monitors are focused on Information Technology. Vendors seeking solutions to this problem should look at extending methodologies built for IT into the realm of OT. The discussion ended with a discussion of the integration of IT and OT security, the role of AI in enhancing security, and the need for comprehensive asset inventories and risk assessments.  

IoT Security Podcast
Building a Bridge Across the Divide: The Intersection of IT and OT Cybersecurity with Mike Holcomb

IoT Security Podcast

Play Episode Listen Later Dec 3, 2024 51:21


Emphasizing the importance of collaboration and communication, Mike Holcomb shares his extensive experience and practical insights into securing ICS and IoT environments. Holcomb, ICS/OT cybersecurity global lead at Fluor, stresses mastering basic cybersecurity fundamentals and asset inventory, along with the nuances of integrating IT and OT security. The episode aims to bridge gaps between IT and OT teams to fortify defenses against sophisticated cyber threats.Listeners will gain valuable insights into critical takeaways, including:Real-World Impact of Cyber Attacks: Mike explains how high-profile incidents, such as Colonial Pipeline and Triton, highlighted the physical consequences of cyber threats, making clear that OT security is a top priority for critical infrastructure.Bridging the IT-OT Divide: The discussion underscores the need for IT and OT teams to collaborate, as a lack of communication and understanding can leave vulnerabilities open to exploitation.Achievable Defense Strategies: From basic network segmentation to secure remote access, Mike provides practical, accessible steps to strengthen ICS/OT security without overwhelming smaller teams. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

KuppingerCole Analysts
Security in the Era of Rapid Digitalization in Operational Technology Environments

KuppingerCole Analysts

Play Episode Listen Later Nov 29, 2024 8:41


As digitalization accelerates in industrial and operational settings, Operational Technology (OT) environments have become more interconnected with enterprise IT and even cloud infrastructures. The increased connectivity often can provide more efficiency and new capabilities, but it also introduces complex security challenges. Protecting OT and IoT environments is critical but complicated due to the differences in functions and approaches to securing IT vs. OT infrastructures. Read the original blog here: https://www.kuppingercole.com/events/cyberevolution2024/blog/security-in-the-era-of-rapid-digitalization-in-operational-technology-environments

@BEERISAC: CPS/ICS Security Podcast Playlist
The Future of Automation and AI in Operational Technology with Shane Cox

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Nov 25, 2024 47:40


Podcast: PrOTect It All (LS 24 · TOP 10% what is this?)Episode: The Future of Automation and AI in Operational Technology with Shane CoxPub date: 2024-11-25Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn Episode 33, Aaron Crow explores the transformative impact of automation and AI in the Operational Technology (OT) sector, joined by industry expert Shane Cox from Morgan Franklin Cyber. This episode deepens how AI and automation can enhance security operations when balanced with human oversight and strategic implementation.   Shane Cox shares insights on Morgan Franklin's flexible and expert-driven approach to Managed Detection and Response (MDR) services, emphasizing the importance of tailored client partnerships and continuous collaboration. The discussion highlights the potential of AI to revolutionize security while addressing the unique challenges and risks of integrating automated solutions.   Tune in to learn how the right blend of technology, expertise, and strategy can drive effective security solutions and foster long-term client relationships in today's evolving cybersecurity landscape.   Key Moments:    05:15 Flexible, evolving security service, partnership-focused approach. 07:06 Diverse tools are essential for all organizations. 12:58 Weekend setup complete; improved over subsequent months. 15:30 MDR/XDR: Cloud-based threat detection and response. 18:21 Flexible MDR service integrates client environments efficiently. 21:38 Integration speeds up threat detection and response. 24:52 Cautious automation best balances efficiency and control. 29:50 AI assists coding by highlighting potential errors. 32:12 People are crucial for effective security automation. 35:51 Superior team preferred over superior product. 39:06 AI integration risks due to untested promises. 41:46 Adapting security training amidst AI automation challenges.   Guest Profile:    Shane Cox leads the Cyber Fusion Center at MorganFranklin Cyber where he is responsible for the delivery of managed services such as Orion MDR, Advanced Detection and Response (ADR), Threat Hunting, Adversary Simulation, Cyber Threat Intelligence (CTI), and Incident Response and Management.    Shane has over 25 years of experience in IT and Cyber Security, leading the development and optimization of security programs within enterprise and managed services environments. He has deep experience and success providing customized, business-aligned security outcomes for a diverse range of client environments and industry verticals.    How to connect with Shane:   https://www.linkedin.com/feed/update/urn:li:activity:7264640034891337730 https://www.sdxcentral.com/articles/stringerai-announcements/morganfranklin-consulting-launches-orion-mdr-service-with-stellar-cyber/2024/11/   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast  To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

IoT Security Podcast
Critical Infrastructure Security: From Awareness to Action with Khris Woodring

IoT Security Podcast

Play Episode Listen Later Nov 19, 2024 53:47


Recent years have seen a growing awareness of the vulnerabilities in our critical infrastructure to cyberattacks, particularly from nation-states like Russia, Iran, and China. In this episode of the IoT Security Podcast, host John Vecchi welcomes Khris Woodring, Senior Cybersecurity Architect at Syngenta, to explore the evolving challenges and opportunities in securing critical infrastructure. From his serendipitous journey into the field to actionable insights on workforce development, Khris shares how industries can overcome the persistent talent gap and drive proactive change in OT security.Key topics include:The unique challenges of bridging IT and OT security.Why workforce shortages hinder progress and how industry and academia can collaborate.The importance of standardizing roles, frameworks, and terminology.Stories of how early curiosity sparked a career in cybersecurity.Tune in for a passionate discussion on how to protect the systems that make modern life possible—and the steps we can take to secure a resilient future. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

@BEERISAC: CPS/ICS Security Podcast Playlist
Episode 416 - OT ISAC - Singapore Operational Technology Information Sharing and Analysis Summit 2024

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Nov 13, 2024 21:50


Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2% what is this?)Episode: Episode 416 - OT ISAC - Singapore Operational Technology Information Sharing and Analysis Summit 2024Pub date: 2024-11-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWe had the privilege of speaking with Steven Sim, Chair of the OT-ISAC Executive Committee, during the recent summit in Singapore. As a seasoned expert in operational technology (OT) cybersecurity, Sim shared valuable insights into the importance of information sharing, the growing threat of ransomware, and the transformative role of AI in cybersecurity.Kicking off the podcast, Steven introduced the Executive Committee and its pivotal role in driving OT-ISAC's mission to foster a collaborative community and promote best practices. By providing advisory support and strategic guidance, the committee ensures OT-ISAC stays at the forefront of cybersecurity initiatives.Balancing Information Sharing and ConfidentialityOne of the most pressing challenges in OT cybersecurity is striking the right balance between information sharing and safeguarding sensitive data. He explained that OT-ISAC has implemented robust measures, such as the Traffic Light Protocol and data anonymization techniques, to protect confidentiality while promoting collaboration. The platform also employs protocols like STIX and TAXII to automate the exchange of cyber threat intelligence, enabling members to quickly share and respond to emerging threats.Cross-Jurisdictional CollaborationWith cyber threats spanning borders, cross-jurisdictional collaboration is essential. Sim highlighted that OT-ISAC allows members to share threat intelligence across different regions without breaching data sovereignty regulations by anonymizing the information sources. This approach strengthens global defenses against transnational cyberattacks.The Growing Threat of RansomwareRansomware remains a significant risk to OT environments. Steven urged organizations to avoid paying ransoms, citing the risks and long-term consequences. Instead, he emphasized the importance of investing in strong business continuity and incident response plans. By focusing on resilience and preparedness, organizations can minimize their exposure to future attacks.AI's Role in OT CybersecurityHe also discussed the potential of AI in OT cybersecurity, noting its ability to streamline incident response and improve threat detection. However, he cautioned that while AI offers powerful advantages, it must be implemented with human oversight to manage the risks associated with automated systems.Steven Sim has worked for more than 25 years in the cybersecurity field with large end-user enterprises and critical infrastructures, undertaken global CISO role, driven award-winning CSO50 security governance and management initiatives and headed incident response, security architecture, technology, awareness and operations at local, regional and global levels. He leads cybersecurity across large MNC, heading 8 direct reports at Group Cybersecurity Department as well as indirect reports across regional offices and local business units in 42 countries. He oversees both IT and OT Security Governance, Global Cybersecurity Technology Management and Incident Response as well as Cyber Security Masterplan Office. Always keen to give back to the community, he also volunteers at the ISACA Singapore Chapter (which won ISACA Global Outstanding Chapter Achievement in 2022) as the President (from 2021 to 2022) and OT-ISAC (since 2021), the second key thrust of the SG's OT Cybersecurity Masterplan 2019, as Chair Executive Committee, as well as member of Geneva Dialogue Technical Community, and holds Masters in Computing, CCISO, CGEIT, CRISC, CISM, CISA, CDPSE, CISSP as well as technical certifications GICSP, GREM, GCIH and GPPA. Recorded 5th Sept 2.30pm. Singapore Operational Technology Information Sharing and Analysis Summit 2024#otcybersecurity #mysecuritytv #cybersecurity #singaporecybersecurityThe podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

School Safety Today
The Role of Trusted Adults in Student Resilience and Wellbeing

School Safety Today

Play Episode Listen Later Nov 12, 2024 31:39


In this episode of School Safety Today by Raptor Technologies, host Dr. Amy Grosso speaks with Melissa Kree about fostering resilience in students. Kree shares insights from her role in student mental health and school safety. The discussion emphasizes the role of trusted adults in supporting students, exploring how resilience involves ongoing support from families, educators, and communities.KEY POINTS:Resilience Requires Intentional Support — Students benefit from consistent support.The Importance of Trusted Adult Relationships — Trusted adults play an essential role in helping students navigate difficult experiences and build resilience.Holistic Approach to School Safety — Fostering a supportive school culture and positive student well-being are essential for school safety.Our guest, Melissa Kree is a seasoned school psychologist with over a decade of experience at Oxford Community Schools in Michigan. Since joining the district in October 2012, Kree has worked across all educational levels, from pre-kindergarten through high school. She coordinates building-level Multi-Tiered System of Supports (MTSS) teams and oversees special education evaluations. Additionally, she serves as a district-level Individualized Education Program (IEP) coach. Kree is an active member of the district's crisis team and participates in building-level threat and suicide risk assessment teams, utilizing both Behavioral Threat Assessment and Management (BTAM) and PREPaRE models. She has been an ongoing part of Oxford's response to the tragedy on November 30th, 2021, and works closely with the Executive Director of School Safety, Operational Technology, and Student Services to regularly review and implement policies and procedures, as well as lead building level teams in the implementation as situations arise. She serves on the district mental health/SEL committee and participates in county-level PREPaRE community of practice groups. Beyond her district responsibilities, she serves on the mental health and SEL committee of the Michigan Association of School Psychologists, advocating for the integration of mental health considerations in all aspects of school safety. Residing in Oxford with her husband and two children, Kree is deeply committed to the well-being and safety of her community.

Cyber Security Weekly Podcast
Episode 416 - OT ISAC - Singapore Operational Technology Information Sharing and Analysis Summit 2024

Cyber Security Weekly Podcast

Play Episode Listen Later Nov 8, 2024


We had the privilege of speaking with Steven Sim, Chair of the OT-ISAC Executive Committee, during the recent summit in Singapore. As a seasoned expert in operational technology (OT) cybersecurity, Sim shared valuable insights into the importance of information sharing, the growing threat of ransomware, and the transformative role of AI in cybersecurity.Kicking off the podcast, Steven introduced the Executive Committee and its pivotal role in driving OT-ISAC's mission to foster a collaborative community and promote best practices. By providing advisory support and strategic guidance, the committee ensures OT-ISAC stays at the forefront of cybersecurity initiatives.Balancing Information Sharing and ConfidentialityOne of the most pressing challenges in OT cybersecurity is striking the right balance between information sharing and safeguarding sensitive data. He explained that OT-ISAC has implemented robust measures, such as the Traffic Light Protocol and data anonymization techniques, to protect confidentiality while promoting collaboration. The platform also employs protocols like STIX and TAXII to automate the exchange of cyber threat intelligence, enabling members to quickly share and respond to emerging threats.Cross-Jurisdictional CollaborationWith cyber threats spanning borders, cross-jurisdictional collaboration is essential. Sim highlighted that OT-ISAC allows members to share threat intelligence across different regions without breaching data sovereignty regulations by anonymizing the information sources. This approach strengthens global defenses against transnational cyberattacks.The Growing Threat of RansomwareRansomware remains a significant risk to OT environments. Steven urged organizations to avoid paying ransoms, citing the risks and long-term consequences. Instead, he emphasized the importance of investing in strong business continuity and incident response plans. By focusing on resilience and preparedness, organizations can minimize their exposure to future attacks.AI's Role in OT CybersecurityHe also discussed the potential of AI in OT cybersecurity, noting its ability to streamline incident response and improve threat detection. However, he cautioned that while AI offers powerful advantages, it must be implemented with human oversight to manage the risks associated with automated systems.Steven Sim has worked for more than 25 years in the cybersecurity field with large end-user enterprises and critical infrastructures, undertaken global CISO role, driven award-winning CSO50 security governance and management initiatives and headed incident response, security architecture, technology, awareness and operations at local, regional and global levels. He leads cybersecurity across large MNC, heading 8 direct reports at Group Cybersecurity Department as well as indirect reports across regional offices and local business units in 42 countries. He oversees both IT and OT Security Governance, Global Cybersecurity Technology Management and Incident Response as well as Cyber Security Masterplan Office. Always keen to give back to the community, he also volunteers at the ISACA Singapore Chapter (which won ISACA Global Outstanding Chapter Achievement in 2022) as the President (from 2021 to 2022) and OT-ISAC (since 2021), the second key thrust of the SG's OT Cybersecurity Masterplan 2019, as Chair Executive Committee, as well as member of Geneva Dialogue Technical Community, and holds Masters in Computing, CCISO, CGEIT, CRISC, CISM, CISA, CDPSE, CISSP as well as technical certifications GICSP, GREM, GCIH and GPPA. Recorded 5th Sept 2.30pm. Singapore Operational Technology Information Sharing and Analysis Summit 2024#otcybersecurity #mysecuritytv #cybersecurity #singaporecybersecurity

@BEERISAC: CPS/ICS Security Podcast Playlist
Navigating Cybersecurity Challenges: AI, Tabletop Exercises, and Operational Technology

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Nov 6, 2024 58:02


Podcast: PrOTect It All (LS 24 · TOP 10% what is this?)Episode: Navigating Cybersecurity Challenges: AI, Tabletop Exercises, and Operational TechnologyPub date: 2024-11-04Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow is joined by Clint Bodungen, Director of Cybersecurity Innovation at Morgan Franklin Cyber and founder of Threatgen, alongside Michael Welch, Managing Director at Morgan Franklin Cyber. Together, they delve into the ever-evolving world of cybersecurity in honor of Cybersecurity Awareness Month. Aaron kicks things off by discussing the importance of iterative processes and tabletop exercises in enhancing decision-making and preparedness. The conversation then shifts to the exciting yet complex role of AI in cybersecurity, particularly in operational technology (OT) and critical infrastructure. The experts emphasize the potential of generative AI for data analysis while underscoring the need for human oversight to avoid biases and misinformation. Clint introduces an “engineering informed cyber” approach to better integrate OT and IT in managing cybersecurity risks, while Aaron stresses the importance of collaboration between cybersecurity professionals and engineers. The episode also tackles balancing convenience and security, the intricacies of password management, and the critical role of communication and trust. Listeners will gain valuable insights into AI's role in enhancing security operations, the consequences of system failures, and the debate between compliance and true security. This episode offers expert opinions, real-world examples, and practical advice for navigating today's cybersecurity challenges. Join us for a comprehensive discussion on protecting our digital world.   Key Moments:    04:20 Generative AI aids efficient GRC and cybersecurity management. 08:40 AI lacks context for verifying asset information. 11:38 Generative AI creating and automating malware tools. 15:58 Building data centers using decommissioned power plants. 17:14 Regulation growing in infrastructure for compliance security. 22:09 Compliance is binary; partial compliance isn't sufficient. 24:33 Prioritize "engineering informed cyber" for OT resilience. 28:14 Collaboration between IT and OT is essential. 33:54 Frustration with excessive video game security measures. 34:49 Cybersecurity fails due to over-engineering complexity. 40:49 Make security easy with password managers, authenticators. 42:31 AI improves tabletop exercises for comprehensive insights. 45:31 Generative AI augments human capabilities and creativity. 48:08 Automated injects streamline engagement and business continuity. 53:46 Executives misunderstand risk, leading to false security. 54:29 Strong IT security, but vulnerable weak points. About the Guests :    Clint Bodungen:    Clint Bodungen is a globally recognized cybersecurity professional and thought leader with 30 years of experience (focusing primarily on industrial cybersecurity, red teaming, and risk assessment). He is the author of two best-selling books, "Hacking Exposed: Industrial Control Systems" and “ChatGPT for Cybersecurity Cookbook. Clint is a United States Air Force veteran and has worked for notable cybersecurity firms like Symantec, Booz Allen Hamilton, and Kaspersky Lab, and is currently the founder of ThreatGEN and Director of Cybersecurity Innovation at Morgan Franklin Consulting. Renowned for his creative approach to cybersecurity education and training, he has been at the forefront of integrating gamification and AI applications into cybersecurity training; he created ThreatGEN® Red vs. Blue, the world's first online multiplayer computer designed to teach real-world cybersecurity. His latest innovation is AutoTableTop, which uses the latest generative AI technology to automate, simplify, and revolutionize IR tabletop exercises. As AI technology continues evolving, so does his pursuit of helping revolutionize the cybersecurity industry using gamification generative AI. Connect Clint at - https://www.linkedin.com/in/clintb/   Michael Welch :    Michael Welch has over twenty-five years of expertise in Governance, Risk Management, Compliance and Cybersecurity.  In his role as Sector Lead, Michael  will focus on the importance of cybersecurity in Utilities and Industrial Manufacturing.  Michael understands that robust cybersecurity measures are not just a regulatory requirement but are pivotal in safeguarding the resilience of organizations, safety of its people, and overall economic stability.  Michael has worked for organizations such as NextEra and Duke Energy as well as engineering firm Burns & McDonnell.  In addition, he was the Global CISO for the food manufacturing firm OSI Industries.Some of the certifications he has obtained through his career are Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Global Industrial Cyber Security Professional (GICSP), Certified Data Privacy Solutions Engineer (CDPSE) and CMMC - Registered Practitioner Advanced (RPA).  Connect Michael Welch at : https://www.linkedin.com/in/michael-welch-93375a4/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.coThe podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

IoT Security Podcast
Guarding the Gateways: Tackling IoT Vulnerabilities in Critical Systems with Joel Goins

IoT Security Podcast

Play Episode Listen Later Nov 5, 2024 44:44


Businesses and government organizations have seen threats to critical US infrastructure on the rise in recent years, particularly within IoT and OT systems, posed by cyberattacks, notably from state actors like Iran. With that context, Joel Goins, a veteran of manufacturing, oil and gas, and OT security at large, talks with John Vecchi about the critical need for enhanced security measures for data centers and other vital components, the vulnerabilities present in IoT devices, and the essential steps companies must take to safeguard against both traditional and emerging cyber threats. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Lowenstein Sandler's Insurance Recovery Podcast: Don’t Take No For An Answer
Cyber Insurance for Operational Technology: Where Computers Touch the Real World

Lowenstein Sandler's Insurance Recovery Podcast: Don’t Take No For An Answer

Play Episode Listen Later Oct 10, 2024 18:50


On this episode of “Don't Take No for An Answer,” Lynda A. Bennett, Chair of Lowenstein's Insurance Recovery Group, speaks with David Anderson, Vice President of Cyber at Woodruff Sawyer, about the difference between operational technology (OT) and informational technology (IT). They discuss how system failures or cyber-attacks on a company's OT system may not only give rise to risks to data security, but also may have real world consequences, from business interruption and wasted inventory to physical injury and environmental damage. Lynda and David stress the need for policyholders to carefully understand and negotiate their cyber insurance coverage to cover all potential OT impacts—preferably at the purchase phase, and not after a failure has occurred.  Speakers: Lynda A. Bennett, Partner and Chair, Insurance RecoveryDavid Anderson, CIPP/US, Vice President, Cyber Liability, Woodruff-Sawyer & Co

@BEERISAC: CPS/ICS Security Podcast Playlist
204: OT Security Best Practices for Manufacturers with Fortinet's Rich Springer

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Oct 1, 2024 49:55


Podcast: Manufacturing Happy Hour (LS 43 · TOP 1.5% what is this?)Episode: 204: OT Security Best Practices for Manufacturers with Fortinet's Rich SpringerPub date: 2024-09-24Is your shop floor as secure as you think it is? Innovation in the manufacturing world has made IT-OT convergence much more commonplace today, but is the industry taking the potential risks seriously enough? In this episode, we hear from Fortinet's Director of Marketing for OT Solutions, Rich Springer, about the real threats facing manufacturers within OT networks, and why effective OT security is a non-negotiable today...Rich brings bags of experience to the table, from his early days in furniture and glass factories to his time as a Navy submarine officer and later as the global head of SCADA operations for a major wind turbine company. He shares how these experiences shaped his understanding of the unique cybersecurity challenges facing the manufacturing sector. Painting a picture of how an OT threat can bring production to a standstill, Rich recommends that manufacturers use tabletop exercises to assess risk points and their impact on the whole production line. Rich also explains that part of protecting your OT network is about getting IT and OT teams to work together, and he gives practical advice on how to bridge the gap.In this episode, find out:Rich explains Fortinet's position on OT network security We hear about Rich's diverse career background and how his previous roles prepared him for his role at Fortinet The current state of OT convergence and why companies are yet to take actionRich breaks the misconception that air gaps will protect manufacturers from digital threats Advice for better collaboration between IT and OT teams Rich explains why he's optimistic that manufacturers are paying attention to the right things in securityWhat the report says about manufacturers and their approach to OT systems todayWhat it takes for cybersecurity experts to get executives to pay attention to the threats facing OTHow to run a tabletop exercise to assess threat and impact on production What surprises Rich most about cybersecurity in manufacturing todayEnjoying the show? Please leave us a review here. Even one sentence helps. It's feedback from Manufacturing All-Stars like you that keeps us going!Tweetable Quotes:“The separation of duties should be decided on the tabletop exercise, not when the fire is burning.”“The technology has evolved. So therefore, it has made this air gap strategy a little less realistic over the years. And this is a common challenge.”“When the systems go down, they go to paper. So if the line hasn't stopped, what happens with our suppliers if we have to go paper? Take your tabletop exercise to that level.”Links & mentions:Advancing Digital Transformation in a Time of Unprecedented Cybersecurity Risk, a report on how digital transformation in manufacturing has driven a widespread need for cybersecurity awareness2024 State of Operational Technology and Cybersecurity Report, Fortinet's report on OT cybersecurity Make sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.The podcast and artwork embedded on this page are from Chris Luecke, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
Episode 413 - Operational Technology (OT) Cybersecurity - Episode 4

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Sep 30, 2024 60:06


Podcast: Cyber Security Weekly Podcast (LS 38 · TOP 2% what is this?)Episode: Episode 413 - Operational Technology (OT) Cybersecurity - Episode 4Pub date: 2024-09-22This episode dives into OT Cybersecurity and discusses:SCADA, ICS & IIoT CybersecurityHow do we define an OT-related cyber incident?What are the leading standards and guidelines for managing OT Cybersecurity and resilience?Threat intelligence and suitable ISAC modelsVendor platform insights and cyber maturity landscapeSpeakers include:Daniel Ehrenreich, Secure Communications and Control ExpertsLesley Carhart, Director of Incident Response - DragosIlan Barda, Founder - RadiflowRahul Thakkar, Team Lead, System Engineering, ANZ, ForescoutDean Frye, Solutions Architect ANZ, Nozomi NetworksTo visit and subscribe to the full series visit https://mysecuritymarketplace.com/security-risk-professional-insight-series/#mysecuritytv #otcybersecurityFurther reading:https://mysecuritymarketplace.com/reports/your-guide-to-nis2-compliance/ https://www.forescout.com/research-labs/ot-iot-routers-in-the-software-supply-chain/https://cyberriskleaders.com/critical-infrastructure-organisations-remain-poorly-prepared-against-cyber-attacks/The podcast and artwork embedded on this page are from MySecurity Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Manufacturing Happy Hour
204: OT Security Best Practices for Manufacturers with Fortinet's Rich Springer

Manufacturing Happy Hour

Play Episode Listen Later Sep 24, 2024 49:55


Is your shop floor as secure as you think it is? Innovation in the manufacturing world has made IT-OT convergence much more commonplace today, but is the industry taking the potential risks seriously enough? In this episode, we hear from Fortinet's Director of Marketing for OT Solutions, Rich Springer, about the real threats facing manufacturers within OT networks, and why effective OT security is a non-negotiable today...Rich brings bags of experience to the table, from his early days in furniture and glass factories to his time as a Navy submarine officer and later as the global head of SCADA operations for a major wind turbine company. He shares how these experiences shaped his understanding of the unique cybersecurity challenges facing the manufacturing sector. Painting a picture of how an OT threat can bring production to a standstill, Rich recommends that manufacturers use tabletop exercises to assess risk points and their impact on the whole production line. Rich also explains that part of protecting your OT network is about getting IT and OT teams to work together, and he gives practical advice on how to bridge the gap.In this episode, find out:Rich explains Fortinet's position on OT network security We hear about Rich's diverse career background and how his previous roles prepared him for his role at Fortinet The current state of OT convergence and why companies are yet to take actionRich breaks the misconception that air gaps will protect manufacturers from digital threats Advice for better collaboration between IT and OT teams Rich explains why he's optimistic that manufacturers are paying attention to the right things in securityWhat the report says about manufacturers and their approach to OT systems todayWhat it takes for cybersecurity experts to get executives to pay attention to the threats facing OTHow to run a tabletop exercise to assess threat and impact on production What surprises Rich most about cybersecurity in manufacturing todayEnjoying the show? Please leave us a review here. Even one sentence helps. It's feedback from Manufacturing All-Stars like you that keeps us going!Tweetable Quotes:“The separation of duties should be decided on the tabletop exercise, not when the fire is burning.”“The technology has evolved. So therefore, it has made this air gap strategy a little less realistic over the years. And this is a common challenge.”“When the systems go down, they go to paper. So if the line hasn't stopped, what happens with our suppliers if we have to go paper? Take your tabletop exercise to that level.”Links & mentions:Advancing Digital Transformation in a Time of Unprecedented Cybersecurity Risk, a report on how digital transformation in manufacturing has driven a widespread need for cybersecurity awareness2024 State of Operational Technology and Cybersecurity Report, Fortinet's report on OT cybersecurity Make sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.

Cyber Security Weekly Podcast
Episode 413 - Operational Technology (OT) Cybersecurity - Episode 4

Cyber Security Weekly Podcast

Play Episode Listen Later Sep 22, 2024 60:06


This episode dives into OT Cybersecurity and discusses:SCADA, ICS & IIoT CybersecurityHow do we define an OT-related cyber incident?What are the leading standards and guidelines for managing OT Cybersecurity and resilience?Threat intelligence and suitable ISAC modelsVendor platform insights and cyber maturity landscapeSpeakers include:Daniel Ehrenreich, Secure Communications and Control ExpertsLesley Carhart, Director of Incident Response - DragosIlan Barda, Founder - RadiflowRahul Thakkar, Team Lead, System Engineering, ANZ, ForescoutDean Frye, Solutions Architect ANZ, Nozomi NetworksTo visit and subscribe to the full series visit https://mysecuritymarketplace.com/security-risk-professional-insight-series/#mysecuritytv #otcybersecurityFurther reading:https://mysecuritymarketplace.com/reports/your-guide-to-nis2-compliance/ https://www.forescout.com/research-labs/ot-iot-routers-in-the-software-supply-chain/https://cyberriskleaders.com/critical-infrastructure-organisations-remain-poorly-prepared-against-cyber-attacks/

Navigating the Gridâ„¢
The Compliance Frontier: Overcoming Obstacles and Chasing the American Dream

Navigating the Gridâ„¢

Play Episode Listen Later Aug 22, 2024 19:00


In this inspiring episode of Navigating the Grid, we sit down with Adib Abdulzai, Vice President of Operational Technology & Security, to explore his remarkable journey in the renewable energy industry. From overcoming significant challenges as an immigrant chasing the American dream to rising through the ranks in compliance and technology, Adib shares how resilience, determination, and grit have been crucial to his success. Discover the obstacles he faced, the lessons he learned, and how his story can inspire others to pursue their dreams, no matter the odds. Tune in for an insightful conversation on the role of perseverance in achieving career success and shaping the future of renewables.

OpTech Insights
OpTech Insight new season: Navigating the Next Wave of Operational Technology

OpTech Insights

Play Episode Listen Later Jul 16, 2024 1:47


Join us for exclusive conversations with top supply chain and technology thought leaders. We are excited to launch our new season of OpTech Insights as we dive deep into proven technologies and emerging trends essential for staying ahead in today's fast-paced supply chain environment.We have an exciting line up of some top industry experts who will be sharing their insights and experiences, covering innovative solutions and strategic approaches that drive your business and people forward. Whether you're looking to optimize operations, enhance your competitive edge, or stay informed about the latest industry developments, OpTech Insights is your go-to resource.Hosted by Todd Greenwald, OpTech Insights offers unparalleled expertise and insights, making it the perfect guide through the complexities of supply chain and industry trends.Tune in and stay ahead of the curve with OpTech Insights – where technology and operational expertise intersect.Audio Engineer & Production: Neo GreenwaldWant to learn more: Heartland Blog & News

@BEERISAC: CPS/ICS Security Podcast Playlist
EP 39: Hacking Water Systems and the OT Skills Gap

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jun 21, 2024 40:20


Podcast: Error Code (LS 25 · TOP 10% what is this?)Episode: EP 39: Hacking Water Systems and the OT Skills GapPub date: 2024-06-18A critical skills gap in Operational Technology security could have a real effect on your water supply and other areas of the critical infrastructures. Christopher Walcutt from DirectDefense explains how the IT OT convergence, and the lack of understanding of what OT systems are, might be contributing to the spate of water systems attacks in 2024. The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

@BEERISAC: CPS/ICS Security Podcast Playlist
EP 39: Hacking Water Systems and the OT Skills Gap

@BEERISAC: CPS/ICS Security Podcast Playlist

Play Episode Listen Later Jun 21, 2024 40:20


Podcast: Error Code (LS 25 · TOP 10% what is this?)Episode: EP 39: Hacking Water Systems and the OT Skills GapPub date: 2024-06-18A critical skills gap in Operational Technology security could have a real effect on your water supply and other areas of the critical infrastructures. Christopher Walcutt from DirectDefense explains how the IT OT convergence, and the lack of understanding of what OT systems are, might be contributing to the spate of water systems attacks in 2024. The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Error Code
EP 39: Hacking Water Systems and the OT Skills Gap

Error Code

Play Episode Listen Later Jun 18, 2024 40:20


A critical skills gap in Operational Technology security could have a real effect on your water supply and other areas of the critical infrastructures. Christopher Walcutt from DirectDefense explains how the IT OT convergence, and the lack of understanding of what OT systems are, might be contributing to the spate of water systems attacks in 2024.

School Safety Today
Proactive School Safety: Leveraging the Summer Months

School Safety Today

Play Episode Listen Later Jun 11, 2024 32:26


In today's episode of School Safety Today by Raptor Technologies, join host Dr. Amy Grosso as she sits down with Dr. Allison Willemin, Executive Director of School Safety, Operational Technology, and Student Services at Oxford Community Schools, Michigan. Together, they delve into the crucial topic of school safety during the summer months, focusing on practical strategies for preparing for the new school year. KEY POINTS: The importance of aligning priorities with district goals while focusing on manageable small steps The need for collaboration across different departments, as well as city and county agencies Continuous training and engagement with staff allow for school safety to be part of the school climate Go-to places for school safety resources. Where to start, websites, organizations, and associations Dr. Allison Willemin earned her Doctor of Education in Professional Leadership, Inquiry, and Transformation from Concordia University. She also holds a Master of School Administration from the University of North Carolina at Pembroke and a Bachelor of Science in Elementary Education from Oakland University. Dr. Willemin has dedicated her career to children's education and remains a lifelong learner. Her extensive experience spans various roles within school districts in North Carolina and Texas, and she currently serves as the Executive Director of School Safety, Operational Technology, and Student Services at Oxford Community Schools in Michigan. She holds numerous certifications across multiple educational disciplines.

The Security Ledger Podcasts
Spotlight Podcast: OT Is Under Attack. Now What?

The Security Ledger Podcasts

Play Episode Listen Later Jun 5, 2024


Chris Walcutt, the CSO at DirectDefense talks about the rapidly changing threat landscape that critical infrastructure owners and operators inhabit, and how savvy firms are managing OT cyber risks. The post Spotlight Podcast: OT Is Under Attack. Now What? appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to listen. Related StoriesSpotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT RiskCiting Attacks On Small Utilities, Dragos Launches Community Defense ProgramFBI: Iranian APT Targets Israeli-Made PLCs Used In Critical Industries

IoT Security Podcast
From Vulnerabilities to Visibility: Enhancing OT Network Security with Michael Lester

IoT Security Podcast

Play Episode Listen Later May 28, 2024 44:54


Explore the intricate challenges and solutions in managing OT cybersecurity, particularly emphasizing the importance of active querying over passive deep packet inspection, with Michael Lester, Senior Product Security Engineer at Rockwell Automation! Lester underscores the necessity of segmenting networks, improving visibility, and fostering collaboration between IT and OT teams to mitigate risks and enhance security. His journey, from passionate mentorship to pursuing a PhD, exemplifies a commitment to advancing industrial cybersecurity frameworks and education. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

The Security Ledger Podcasts
Spotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT Risk

The Security Ledger Podcasts

Play Episode Listen Later May 16, 2024 35:42


In this Spotlight Podcast, host Paul Roberts talks with Chris Walcutt, the CSO of DirectDefense about the rising cyber threats facing operational technology (OT) and how organizations that manage OT - including critical infrastructure owners can best manage increased cyber risks to OT environments. The post Spotlight Podcast: CSO Chris Walcutt on Managing 3rd Party OT Risk appeared first on The Security Ledger with Paul F. Roberts. Click the icon below to listen. Related StoriesCiting Attacks On Small Utilities, Dragos Launches Community Defense ProgramFBI: Iranian APT Targets Israeli-Made PLCs Used In Critical IndustriesChina Calls Out U.S. For Hacking. The Proof? TBD!

IoT Security Podcast
Navigating the Convergence: Securing OT in a Connected World

IoT Security Podcast

Play Episode Listen Later May 14, 2024 43:33


In this episode, we're diving deep into the world of Operational Technology (OT) and IoT security, exploring the critical challenges and evolving threat landscape that are impacting sectors from manufacturing to critical infrastructure and healthcare. With insights from Patrick Gillespie, an OT expert at GuidePoint Security, we'll discuss the convergence of IT and OT systems, the risks introduced by COVID-19, and the advanced solutions from providers like Phosphorus that are combatting these threats. Patrick also sheds light on his personal journey from military service to a cybersecurity career, and the essential steps organizations should take to bolster their OT security, from embracing cyber hygiene to implementing robust security programs. Join us as we uncover the pressing issues facing IoT security today and how innovations are driving a safer, more secure operational environment. Let's connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

Federal Drive with Tom Temin
NASA focusing effort on securing its operational technology

Federal Drive with Tom Temin

Play Episode Listen Later May 9, 2024 9:36


The cybersecurity of operational technology, or OT, is a growing concern for many agencies. At NASA, OT tests rockets, and controls and communicates with spacecraft, and operates ground support facilities. NASA is looking to secure its OT systems, without affecting their safe operation. For details, Federal News Network's Justin Doubleday, spoke with NASA's enterprise cybersecurity architect, Mark Stanley.  Learn more about your ad choices. Visit megaphone.fm/adchoices

ITSPmagazine | Technology. Cybersecurity. Society
Is there a Frankenstein's Industry Monster lurking in the shadow at RSAC 2024? | Cybersecurity Chronicles from Broadcast Alley with Christina Stokes | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later May 8, 2024 35:20


Guest: Christina Stokes, Host, On Cyber & AI Podcast, Founder of Narito CybersecurityOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/christina-stokesOn LinkedIn | https://www.linkedin.com/in/xTinaStokes/____________________________Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesThe Evolution of CybersecurityThe dialogue initiated by Sean, Christina, and Marco shed light on how cybersecurity has matured over the years. From the early days of hacking as a hobby to the current focus on ethical practices, the panelists emphasized the importance of adapting to the changing technological landscape. They discussed how regulations, policies, and laws have played a crucial role in shaping the cybersecurity industry, emphasizing the need for responsible use of technology to prevent it from becoming a monster.AI and Its ImplicationsThe conversation also touched upon the growing role of Artificial Intelligence (AI) in cybersecurity. While AI has brought about advancements in threat detection and response, there are concerns about privacy and data protection. The panelists emphasized the importance of using AI ethically and responsibly to avoid potential risks associated with its misuse.Supply Chain VulnerabilitiesA significant portion of the discussion revolved around supply chain vulnerabilities and the interconnected nature of global industries. The experts highlighted the importance of understanding and securing supply chains, particularly in the context of operational technology and manufacturing processes. They stressed the need for resilience and innovation to address evolving cybersecurity threats.The Human Element in CybersecurityThroughout the conversation, the experts reiterated the significance of human connections and collaborations in the cybersecurity domain. They emphasized the need for organizations to invest in education, training, and building strong relationships within the industry to combat cyber threats effectively. The dialogue underscored the essential role of people in securing digital ecosystems and fostering a culture of cybersecurity awareness.Looking Towards the FutureAs the discussion came to a close, Sean, Christina, and Marco expressed optimism about the future of cybersecurity. They discussed upcoming trends such as Generative AI, AI Bill of Materials, and the continued focus on governance, data security, and AI ethics. The experts highlighted the importance of ongoing conversations, collaborations, and innovation in driving the industry forward.This insightful chat at RSAC 2024 offered valuable perspectives on the current challenges and opportunities in cybersecurity. The experts' nuanced discussions about AI, supply chain vulnerabilities, and human-centric cybersecurity shed light on the complex nature of the digital threat landscape. As we navigate the evolving cybersecurity landscape, collaboration, innovation, and a shared commitment to ethical practices will be key to ensuring a secure digital future.Be sure to follow our Coverage Journey and subscribe to our podcasts!____________________________Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageOn YouTube:

ITSPmagazine | Technology. Cybersecurity. Society
Navigating the World of Operational Technology and Cybersecurity | A Brand Story Conversation From RSA Conference 2024 | A DirectDefense Story with Chris Walcutt | On Location Coverage with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later May 7, 2024 28:08


In a recent episode recorded live at the RSA Conference, an insightful discussion unfolded between Sean Martin and Chris Walcutt on the intersection of operational technology (OT) and cybersecurity. The conversation look into the challenges, insights, and best practices surrounding these vital areas of technology. Let's dive deeper into the key takeaways from this engaging dialogue.Bridging the Gap Between IT and OTChris emphasized the importance of collaboration between IT and OT teams, highlighting the need for mutual understanding and cooperation. By fostering communication and building trust, organizations can navigate the complexities of integrating IT and OT systems effectively.Understanding Critical InfrastructureOne of the key insights shared by Chris revolved around the critical nature of infrastructure, particularly in sectors such as energy, water, and manufacturing. The emphasis on resilience-based risk assessments and the need to comprehensively evaluate vulnerabilities underscored the importance of proactive cybersecurity measures.The Purdue Model and Practical ApproachesChris shed light on the Purdue model, a framework often referenced in the OT space. While acknowledging its value, he emphasized the need for practical implementations tailored to individual environments. Simplifying zones and focusing on critical operational aspects can enhance security without compromising system performance.Fostering Resilience through CollaborationThe conversation underscored the significance of resilience in cybersecurity efforts. By fostering collaboration, implementing tailored security measures, and leveraging expertise across IT and OT domains, organizations can bolster their resilience to cyber threats effectively.Procurement as a Strategic AllyAn insightful recommendation from Chris highlighted the role of procurement as a strategic ally in the cybersecurity landscape. Educating procurement teams on the specific needs of OT systems and integrating cybersecurity requirements into vendor contracts can fortify defense mechanisms and mitigate risks.The dialogue between Sean Martin and Chris Walcutt offered a comprehensive glimpse into the dynamic realm of operational technology and cybersecurity. By emphasizing collaboration, risk assessment, and strategic partnerships, organizations can navigate the evolving cybersecurity landscape with resilience and adaptability.The insights shared in this conversation serve as a valuable resource for IT and OT professionals seeking to enhance their cybersecurity practices and fortify critical infrastructure against potential threats. Embracing a proactive and collaborative approach can pave the way for a more secure and resilient technological ecosystem.Learn more about DirectDefense: https://itspm.ag/directdef-gs7Note: This story contains promotional content. Learn more.Guest: Chris Walcutt, Chief Security Officer at DirectDefense [@Direct_Defense]On LinkedIn | https://www.linkedin.com/in/christopher-walcutt-cism-cissp-45a6631/ResourcesLearn more and catch more stories from DirectDefense: https://www.itspmagazine.com/directory/directdefenseView all of our RSA Conference Coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverageAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Cyber Work
Careers in operational technology: What does a security risk assessor do? | Guest Donovan Tindill

Cyber Work

Play Episode Listen Later Apr 29, 2024 54:57 Transcription Available


Today on Cyber Work, we continue our deep dive into industrial control systems and operational technology security by talking with Donovan Tindill of DeNexus. Now, I'm just going to come out and say it: Tindill's episode is like a cybersecurity career seminar in a box, and a must-not-miss if you're interested in not just ICS and OT security, but specifically the realm of Risk Assessment. Tindill brought slides and literally lays out his entire career for us to see, including the highs and even some of the lows, and what he learned from them. He explains the fuzzy distinctions between ICS security and the act of determining risk for said systems, gives us a 60 year history of the increasing attack surface and number or risk types associated with operational technology, and gives us tons of great career advice and ways to get started. 0:00 - Careers in operational technology2:01 - Donovan Tindill's interest in tech5:30 - Tindill's career roles in cybersecurity 10:42 - The jump to a supervision role13:19 - Average day for a director of OT cybersecurity 18:39 - Volunteerism with Public Safety Canada 22:57 - Tindill's talk on active directory a decade later23:43 - Current operational technology challenges29:26 - New SEC regulations 33:54 - Thoughts on the SEC regulations35:37 - How to work in OT, ICS or risk assessment40:34 - Skill gaps for OT, ICS and risk management 42:44 - Tindill's favorite work45:36 - Best cybersecurity career advice48:22 - What is DeNexus? 52:22 - Learn more about Tindill and DeNexus53:22 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec's mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ's security awareness training. Learn more at infosecinstitute.com.

CISO Stories Podcast
Operational Technology (OT) and the Art of War - Glenn Kapetansky - CSP #168

CISO Stories Podcast

Play Episode Listen Later Apr 2, 2024 32:30


Operational Technology (OT) security is concerned with protecting embedded, purpose-built technologies enabling our industrial processes. You also may have heard “adjacent” buzzwords like Internet of Things (IOT) and Fog (like “cloud” but close to the ground). OT security has significant challenges in terms of cost/size/weight, capability, ability to be updated, and robustness (often, OT failures can endanger lives). More recently, as cyber warfare evolves, OT is one of two main attack vectors. This session will explore the threats, and ability to manage them, using war stories. This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-168

IoT Security Podcast
Unlocking Resilient Cybersecurity Solutions in Healthcare and Beyond with Jason Taule

IoT Security Podcast

Play Episode Listen Later Feb 20, 2024 60:30


Are you curious about the evolving world of cybersecurity, virtual CISOs, and their vital role in different industries? In this episode, Brian and John are joined by cross-vertical vCISO Jason Taule, who brings a wealth of experience and insights from his diverse career in the field as one of the first CISOs...ever. From working with federal agencies like NASA to serving as a virtual CISO for agriculture, heavy manufacturing, and healthcare organizations, Jason offers valuable perspectives on the unique security challenges faced across different sectors.Throughout the episode, Jason discusses the evolving role of the Chief Information Security Officer (CISO) in various industries. He highlights the intricacies of implementing cybersecurity measures in sectors like healthcare, where specific jargon and risks come into play.The conversation also goes into the complexities of managing operational technology (OT) and IoT security, emphasizing the need for improved third-party access control and a better understanding of firmware vulnerabilities. Additionally, the episode explores the impact of regulations, financial pressure, and the evolving threat landscape on organizations' engagement with security. Let's get into Things on the IoT Security Podcast!Follow Brian Contos on LinkedIn at https://www.linkedin.com/in/briancontosAnd you can follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

ITSPmagazine | Technology. Cybersecurity. Society
Incorporating Security from the Start for a More Secure Future: Exploring the 'Secure by Design' Initiative and the Ongoing Secure by Design Alert Series | A Conversation with Jack Cable | Redefining CyberSecurity Podcast with Sean Martin

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Feb 14, 2024 36:46


Guest: Jack Cable, Senior Technical Advisor at CISA [@CISAgov]On LinkedIn | https://linkedin.com/in/jackcableOn Twitter | https://twitter.com/jackhcableCISA on LinkedIn | https://www.linkedin.com/company/cisagov/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin invites Jack Cable, Senior Technical Advisor at CISA (U.S. Cybersecurity and Infrastructure Security Agency), to discuss the concept of 'Secure by Design' and the importance of incorporating security into the development process of technology products. The episode explores the motivations behind CISA's 'Secure by Design' initiative, which aims to shift the responsibility for cybersecurity from end users to technology manufacturers.During the conversation, Jack highlights the need for long-term investments in cybersecurity and emphasizes the role of business leaders in driving necessary security improvements. The conversation explores the core principles of 'Secure by Design', including technology manufacturers taking ownership of security outcomes for their customers, promoting radical transparency and accountability, and ensuring top business leadership drives security improvements. The episode also touches on the collaboration between CISA and the open-source community to foster greater security improvements in the open-source space.Jack also shares success stories of companies effectively implementing 'Secure by Design' principles and highlights the economic and business factors that will drive a more secure future. The episode concludes with a call-to-action for organizations to adopt the 'Secure by Design' approach and engage with CISA to support the shift towards more secure software.Top Key Insights:The 'Secure by Design' initiative is aiming to shift the burden of cybersecurity from end users to the technology manufacturers, essentially pushing for a more proactive approach to security.Successful adoption of 'Secure by Design' requires buy-in from business leaders who possess the power to allocate budgets and direct the shift towards a secure future, demonstrating that cybersecurity is as much a business issue as a technical one.Collaboration with the open-source community is crucial for improving security in the technology ecosystem. This includes expectaing companies who use open-source software to be responsible consumers and sustainable contributors to the open-source software ecosystem.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Industrial Automation – It Doesn’t Have To…
Industrial Automation - It Doesn't Have To... Disagree

Industrial Automation – It Doesn’t Have To…

Play Episode Listen Later Feb 13, 2024 44:17


Bridging the Gap: Cybersecurity and Networking in Industrial AutomationIn this episode of "Industrial Automation - It Doesn't Have To...", we delve into the critical intersection of cybersecurity and networking, essential components in today's industrial landscape.

Trust Issues
EP 45 - OT Security's Digital Makeover

Trust Issues

Play Episode Listen Later Feb 6, 2024 41:38


In this episode of Trust Issues, the conversation revolves around the challenges and transformations in operational technology (OT) security. Guest Mike Holcomb, the Fellow of Cybersecurity and the ICS/OT Cybersecurity Lead at Fluor shares insights with host David Puner on securing legacy systems, the impact of generative AI – and the evolving threat landscape. From addressing security challenges in manufacturing plants to the skills gap in OT cybersecurity, the episode provides an overview of the current state and future prospects of securing critical infrastructure. Holcomb also emphasizes the importance of identity in OT security and offers practical advice for organizations looking to enhance their cybersecurity posture. Check out the episode to explore the dynamic intersection of IT and OT – and how it spotlights the urgent need for robust cybersecurity measures in an evolving digital landscape.

ITSPmagazine | Technology. Cybersecurity. Society
2024 ... You Know | A Conversation of InfoSec and Technology Predictions with Yolanda Reid, Laura Payne, Cat Self, Rob Black, Chuck Brooks, George Platsis, Matthew Rosenquist | Redefining CyberSecurity Podcast with Sean Martin and Marco Ciappelli

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Dec 13, 2023 73:13


Guests: Yolanda Reid, Associate Partner at IBM [@IBM]On Linkedin | https://www.linkedin.com/in/yolanda-c-reid/Laura Payne, Chief Enablement Officer & VP Security Consulting at White Tuque [@WhiteTuque]On Linkedin | https://www.linkedin.com/in/laura-l-payne/?originalSubdomain=caCat Self, Principal Adversary Emulation Engineer, MITRE [@MITREcorp]On Linkedin | https://www.linkedin.com/in/coolestcatiknow/On Twitter | https://twitter.com/coolestcatiknowRob Black, Director at UK Cyber 9/12 Strategy Challenge [@Cyber912_UK]On LinkedIn | https://www.linkedin.com/in/rob-black-30440819/Chuck Brooks, Adjunct Professor at Georgetown University's Graduate Applied Intelligence Program [@GeorgetownSCS]On LinkedIn | https://www.linkedin.com/in/chuckbrooks/On Twitter | https://twitter.com/ChuckDBrooksGeorge Platsis, Senior Lead Technologist, Proactive Incident Response & Crisis Management at Booz Allen Hamilton [@BoozAllen]On LinkedIn | https://www.linkedin.com/in/gplatsis/On Twitter | https://twitter.com/gplatsisMatthew Rosenquist, Host of Cybersecurity Insights Podcast On ITSPmagazine  

The Bid Picture - Cybersecurity & Intelligence Analysis
Overwatch Diaries #8. An Infiltration at the Border.

The Bid Picture - Cybersecurity & Intelligence Analysis

Play Episode Listen Later Aug 27, 2023 4:09


In this episode, host Bidemi Ologunde talked about an April 2022 incident where cybersecurity researchers observed hackers penetrating the networks of at least 7 Indian State Load Dispatch Centres (SLDCs) which oversee operations for electrical grid control. The SLDCs manage SCADA systems and researchers suggested that PLA-linked hackers may be involved. Support the show