POPULARITY
Few topics get as much heat as the current, future, and ideal relationship between OT and IT. One of the first posts someone just discovering OT makes is how OT is different than IT. As you dig deeper into OT you find an increasing case of the technology, processes, and even the people being similar to IT. In this 90 minute long conversation format, we will try to bring some enlightenment to this question with a specially curated group of 9 S4x25 attendees. About The Long Conversation Format Two people begin the discussion on stage. After 10 minutes a third person will tap one of the participants on the shoulder and replace them in the conversation. This continues for the 90 minutes. Participants are on stage for 20 minutes talking to two different people for 10 minutes each.
Cybertech-Influencer und Experte für Cybersicherheit und Maschinenbau Olaf Classen spricht über Cybersicherheit als Wettbewerbs- und Standortvorteil und warum gerade deutsche und europäische Unternehmen ihre Expertise im Engineering Richtung Cybersicherheit ausbauen sollten. Er plädiert für staatliche Förderung (und nicht nur Regulierung) und dafür, Cybersicherheit und digitale Souveränität als gesamtgesellschaftliches und europäisches Projekt zu behandeln.
Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Vivek Ponnada on the Ongoing Maturity of OT SecurityPub date: 2025-07-21Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT cybersecurity veteran Vivek Ponnada, SVP Growth & Strategy at Frenos, joins the Nexus Podcast to lend his expertise on the areas where he is seeing the most maturity and rapid evolution in the practice. Vivek explains the growing demand for contextual information to supplement the data organizations have around their known assets and vulnerabilities, for example. He also explains current risk prioritization and mitigation strategies, and how advanced technologies fit into the OT security landscape. Listen to the Nexus Podcast on your favorite podcast platform. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
OT cybersecurity veteran Vivek Ponnada, SVP Growth & Strategy at Frenos, joins the Nexus Podcast to lend his expertise on the areas where he is seeing the most maturity and rapid evolution in the practice. Vivek explains the growing demand for contextual information to supplement the data organizations have around their known assets and vulnerabilities, for example. He also explains current risk prioritization and mitigation strategies, and how advanced technologies fit into the OT security landscape. Listen to the Nexus Podcast on your favorite podcast platform.
Podcast: OT Security Made SimpleEpisode: Können Systeme zur Angriffserkennung zum Sicherheitsrisiko werden? | OT Security Made SimplePub date: 2025-07-17Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationManuel Atug, Geschäftsführer der HiSolutions und Mitgründer der unabhängigen AG Kritis, hinterfragt kritisch und aus eigener Erfahrung, was ein SzA leisten muss, wie gut es um deren eigene Sicherheit steht und wie Anbietern aus dem nichteuropäischen Ausland mit den Daten umgehen. Als Bonus erfahren wir endlich, wo sein Social-Media-Handle HonkHase herkommt.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
⬥GUEST⬥Tobias Halmans, OT Incident Responder | GIAC Certified Incident Handler | Automation Security Consultant at admeritia GmbH | On LinkedIn: https://www.linkedin.com/in/tobias-halmans/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Business continuity planning is a familiar exercise for most IT and security leaders—but when you move into operational technology (OT), the rules change. In this episode of Redefining CyberSecurity, Sean Martin talks with Tobias Halmans, an incident responder at admeritia, who helps organizations prepare for and respond to incidents in OT environments. Tobias shares why disaster recovery planning in OT requires more than simply adapting IT frameworks. It demands a change in approach, mindset, and communication.OT engineers don't think in terms of “ransomware readiness.” They think in terms of safety, uptime, manual fallback options, and how long a plant can stay operational without a SCADA system. As Tobias explains, while IT teams worry about backup integrity and rapid rebooting, OT teams are focused on whether shutting down a system—even safely—is even an option. And when the recovery plan depends on third-party vendors, the assumptions made on both sides can derail the response before it begins.Tobias walks us through the nuances of defining success in OT recovery. Unlike the IT world's metrics like mean time to recover (MTTR), OT environments often hinge on production impacts and safety thresholds. Recovery Time Objectives (RTOs) still exist—but they must be anchored in real-world plant operations, often shaped by vendor limitations, legacy constraints, and tightly regulated safety requirements.Perhaps most importantly, Tobias stresses that business continuity planning for OT can't just be a cybersecurity add-on. It must be part of broader risk and operational conversations, ideally happening when systems are being designed or upgraded. But in reality, many organizations are only starting these conversations now—often driven more by compliance mandates than proactive risk strategy.Whether you're a CISO trying to bridge the gap with your OT counterparts or an engineer wondering why cyber teams keep showing up with playbooks that don't fit, this conversation offers grounded, real-world insight into what preparedness really means for critical operations.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Article: https://www.linkedin.com/posts/sarah-fluchs_notfallvorsorge-in-der-ot-traut-euch-activity-7308744270453092352-Q8X1⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
⬥GUEST⬥Tobias Halmans, OT Incident Responder | GIAC Certified Incident Handler | Automation Security Consultant at admeritia GmbH | On LinkedIn: https://www.linkedin.com/in/tobias-halmans/⬥HOST⬥Host: Sean Martin, Co-Founder at ITSPmagazine and Host of Redefining CyberSecurity Podcast | On LinkedIn: https://www.linkedin.com/in/imsmartin/ | Website: https://www.seanmartin.com⬥EPISODE NOTES⬥Business continuity planning is a familiar exercise for most IT and security leaders—but when you move into operational technology (OT), the rules change. In this episode of Redefining CyberSecurity, Sean Martin talks with Tobias Halmans, an incident responder at admeritia, who helps organizations prepare for and respond to incidents in OT environments. Tobias shares why disaster recovery planning in OT requires more than simply adapting IT frameworks. It demands a change in approach, mindset, and communication.OT engineers don't think in terms of “ransomware readiness.” They think in terms of safety, uptime, manual fallback options, and how long a plant can stay operational without a SCADA system. As Tobias explains, while IT teams worry about backup integrity and rapid rebooting, OT teams are focused on whether shutting down a system—even safely—is even an option. And when the recovery plan depends on third-party vendors, the assumptions made on both sides can derail the response before it begins.Tobias walks us through the nuances of defining success in OT recovery. Unlike the IT world's metrics like mean time to recover (MTTR), OT environments often hinge on production impacts and safety thresholds. Recovery Time Objectives (RTOs) still exist—but they must be anchored in real-world plant operations, often shaped by vendor limitations, legacy constraints, and tightly regulated safety requirements.Perhaps most importantly, Tobias stresses that business continuity planning for OT can't just be a cybersecurity add-on. It must be part of broader risk and operational conversations, ideally happening when systems are being designed or upgraded. But in reality, many organizations are only starting these conversations now—often driven more by compliance mandates than proactive risk strategy.Whether you're a CISO trying to bridge the gap with your OT counterparts or an engineer wondering why cyber teams keep showing up with playbooks that don't fit, this conversation offers grounded, real-world insight into what preparedness really means for critical operations.⬥SPONSORS⬥LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974⬥RESOURCES⬥Inspiring Article: https://www.linkedin.com/posts/sarah-fluchs_notfallvorsorge-in-der-ot-traut-euch-activity-7308744270453092352-Q8X1⬥ADDITIONAL INFORMATION⬥✨ More Redefining CyberSecurity Podcast:
Manuel Atug, Mitgründer der unabhängigen AG Kritis, hinterfragt kritisch und aus eigener Erfahrung, was ein SzA leisten muss, wie gut es um deren eigene Sicherheit steht und wie Anbietern aus dem nichteuropäischen Ausland mit den Daten umgehen. Als Bonus erfahren wir endlich, wo sein Social-Media-Handle HonkHase herkommt.
Podcast: Industrial Cybersecurity InsiderEpisode: The System Integrator's Role in Supporting OT SecurityPub date: 2025-07-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Craig Duckworth and Dino Busalachi discuss the critical but often overlooked or misunderstood role of system integrators (SIs) in industrial cybersecurity.Key Issues Identified:Organizations typically work with multiple specialized integrators across different facilities and systemsSome SIs lack cybersecurity expertise, focusing primarily on equipment functionalityEquipment can remain connected to networks for decades, with ownership and oversight changing hands over timeSystem integrators must exercise proper IT coordination to implement remote access solutions effectivelyRecommendations:IT and OT teams should collaborate more closely with system integrators on cybersecurity planningOrganizations need to evaluate their SIs' cybersecurity capabilities and partnershipsConsider standardizing on integrators with demonstrated cybersecurity practices and vendor certificationsApply the same due diligence used for IT vendor selection to OT system integratorsBottom Line: System integrators are essential partners in executing industrial cybersecurity strategies and protection. Organizations must actively engage them in security conversations and ensure they have the necessary skills and partnerships to implement secure solutions for their plant environments from the start.Chapters:00:00:00 - Real-World Ransomware Hits the Plant Floor00:00:52 - Meet the System Integrators Shaping Your OT Plant Floor Security00:01:17 - What System Integrators Really Do (and Don't)00:04:13 - Remote Access: The Hidden Backdoor Nobody Sees00:08:34 - Why Ongoing Monitoring Is Non-Negotiable00:13:30 - How to Pick the Right System Integrator For Your Operations00:26:17 - Building Strong Partnerships with Your IntegratorsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: OT Security Made SimpleEpisode: The Evolution of Procurement in OT Security | OT Security Made SimplePub date: 2025-07-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of OT Security Made Simple, Klaus Mochalski and Søren Knudsen discuss the evolving landscape of OT security in light of current geopolitical tensions. They explore how procurement processes have shifted, the importance of evaluating a broader range of security solutions, and the risks associated with relying on specific vendors. The conversation emphasizes the need for organizations to conduct thorough research and consider local providers to mitigate risks effectively.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
In this episode of OT Security Made Simple, Klaus Mochalski and Søren Knudsen discuss the evolving landscape of OT security in light of current geopolitical tensions. They explore how procurement processes have shifted, the importance of evaluating a broader range of security solutions, and the risks associated with relying on specific vendors. The conversation emphasizes the need for organizations to conduct thorough research and consider local providers to mitigate risks effectively.
Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: Driving OT Security Innovation: AI, Risk Reduction, and the Future of Critical InfrastructurePub date: 2025-06-23Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome back to Protect It All! In this episode, host Aaron Crow sits down with longtime friend and OT cybersecurity veteran Brian Proctor for a deep dive into the current state—and future—of the OT cyber landscape. Together, they trade stories from the front lines, reflecting on how their early experiences as asset owners shaped their passion for innovation and helping critical infrastructure run safely and securely. Brian, whose career spans roles from OT engineer to startup co-founder, opens up about his journey—highlighting his drive to push the boundaries of traditional OT security and the evolution of key industry technologies. The conversation explores everything from the persistent lack of innovation in OT, to AI's growing role in tackling the daunting challenges of risk reduction, visibility, and scaling assessments across sprawling environments. If you've ever wondered how new tech like AI is reshaping industrial cybersecurity, why “we've always done it this way” just doesn't cut it anymore, or how organizations can realistically stay ahead without breaking the bank, this episode delivers honest insights, practical advice, and a look toward an exciting, if sometimes daunting, future. So grab your headphones and settle in as Aaron and Brian share stories, hot takes, and strategies designed to protect it all—because in critical infrastructure, the stakes have never been higher. Key Moments: 06:45 OT Cyber Industry Evolution 11:57 Evolving Challenges in OT Security 19:34 Bridging the OT Security Skills Gap 21:54 Enhancing OT Security Understanding 30:46 AI Model Security Challenges 34:26 Rapid Scaling for Site Assessments 40:56 Simulating Cyber Threat Responses 47:19 Operational Priorities: Equipment vs. Cyber Tools 49:30 Focus on Meaningful Security Metrics 56:30 Rapid AI Adoption vs. Internet 01:02:12 Cybersecurity: Small Targets are Vulnerable About the guest : Brian Proctor is a cybersecurity leader with over 20 years of experience protecting critical infrastructure across energy, industrial automation, and operational technology sectors. As the co-founder and CEO of Frenos, he empowers critical infrastructure operators to proactively secure their environments against evolving cyber threats. Brian built his foundation in ICS/OT cybersecurity during his 13+ year tenure at two progressive California Investor Owned Utilities, San Diego Gas & Electric and Southern California Edison serving the 2nd and 8th largest cities in the United States. He managed a team of 15 security engineers and researchers across 150+ projects, established OT security roadmaps, and co-invented an R&D Magazine Top 100 award-winning GPS anti-spoofing mitigation technology that earned him a patent. Brian has published IEEE papers on security monitoring, served as Critical Infrastructure Co-Chair for Securing Our eCity, and regularly speaks at conferences to educate and build the ICS/OT cybersecurity community. He holds technical certifications including GICSP, CISSP, and CRISC, along with a Business Administration degree from the University of San Diego. Links: https://frenos.io/services - Learn more about Optica, the industry's first tech-enabled rapid OT visibility service https://frenos.io/autonomous-ot-security-assessment-platform - Learn more about how to automate OT security risk assessments Connect Brian : https://www.linkedin.com/in/brianproctor67/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Secure Insights with NDK CyberEpisode: AI-Native OT Security with FRENOS' Harry Thomas and Colin MurphyPub date: 2025-06-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationSend us a textThis week on Secure Insights, we're joined by FRENOS Founder Harry Thomas and Chief Hacking Officer Colin Murphy. Frenos is an innovative organisation revolutionising OT security through the use of AI and next-generation tech. In this episode, we shine a light on some of the most overlooked challenges in the OT space, exploring whether the traditional ways of assessing risk still hold up, and how scalable the Frenos approach really is. We dive into what's working, what's not, and where the future of OT security is headed. From critical vulnerabilities to smarter, AI-driven solutions, we unpack it all giving you real insight into where businesses are falling short, where they're leading the charge, and what needs to change to secure our infrastructure for the long haul.Get in touch with host James hereGet in touch with Harry here.Get in touch with Colin here.The podcast and artwork embedded on this page are from NDK Cyber, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: OT Security Made SimpleEpisode: Wer ist für die Cybersicherheit der Windparks verantwortlich? | OT Security Made SimplePub date: 2025-06-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationMohamed Harrou erklärt als OT-Sicherheitsingenieur beim Energieversorger Amprion den Mehrwert von OT-Sicherheit in Windparks und PV-Anlagen. Mit seinem 12 Jahren Erfahrung im Bereich erneuerbarer Energieanlagen liefert er praxisnahe Einblicke zu den technologischen und organisatorischen Herausforderungen moderner Windparks und gibt eine überraschende und eher beunruhigende Antwort auf die Frage nach den Verantwortlichkeiten. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Mohamed Harrou erklärt als OT-Sicherheitsingenieur beim Energieversorger Amprion den Mehrwert von OT-Sicherheit in Windparks und PV-Anlagen. Mit seinem 12 Jahren Erfahrung im Bereich erneuerbarer Energieanlagen liefert er praxisnahe Einblicke zu den technologischen und organisatorischen Herausforderungen moderner Windparks und gibt eine überraschende und eher beunruhigende Antwort auf die Frage nach den Verantwortlichkeiten.
Podcast: Industrial Cybersecurity InsiderEpisode: What Every CISO Gets Wrong About OT SecurityPub date: 2025-06-05Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino and Craig tackle one of the most misunderstood topics in industrial cybersecurity: IT/OT convergence. But is it truly convergence or more of a collision? Drawing from real-world experiences, they challenge the idea that OT is a “shadow IT group” and argue that operational technology deserves distinct governance, funding, and strategic influence. From secure-by-design to system integrators' evolving role, this conversation is a call to action for CISOs, CIOs, and engineering leaders to rethink how they build cybersecurity partnerships across the plant floor.Chapters:00:00:00 - Opening Shot: Who's Really in Charge—CIOs or the Plant Floor?00:00:57 - Collision Course: IT and OT Can't Keep Dodging Each Other00:01:52 - Two Worlds, One Mission: Why OT Isn't Just “IT in a Hard Hat”00:04:07 - When Convergence Fails: What's Missing in the Middle00:05:54 - Breaking Silos: Why Cybersecurity Demands True Collaboration00:08:22 - Real Talk: What Cyber Protection Looks Like on the Plant Floor00:10:46 - OT's Tipping Point: Will the Next Move Come from IT, or the Shop Floor?00:17:32 - Your Move: What Leaders Must Do Next (Before It's Too Late)Links And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: OT Security Made SimpleEpisode: What do we need to deter insider threats? | OT Security Made SimplePub date: 2025-06-03Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationMandana White, CEO of Smart Grid Forums, talks about the rise of insider threats to a company's cybersecurity and what it has to do with the cost-of-living crisis as well as the Western Robin Hood mentality. Diving a bit into societal psychology and politics there might even be a bit to learn from – of all places – Dubai to get IT and OT cybersecurity working in both companies and society.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Mandana White, CEO of Smart Grid Forums, talks about the rise of insider threats to a company's cybersecurity and what it has to do with the cost-of-living crisis as well as the Western Robin Hood mentality. Diving a bit into societal psychology and politics there might even be a bit to learn from – of all places – Dubai to get IT and OT cybersecurity working in both companies and society.
Podcast: Industrial Cybersecurity InsiderEpisode: OT Security in Hindsight: Visibility, Authority, and the Executive DisconnectPub date: 2025-05-27Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this special rewind edition of Industrial Cybersecurity Insider, we revisit some of the most powerful insights shared on how to elevate OT cybersecurity across complex, distributed environments. From budget allocation strategies to disaster recovery frameworks and the nuances of executive engagement, this episode distills frontline lessons into a compact, high-impact listen. Whether you're navigating remote access risks, managing hybrid architectures, or striving to align plant managers with corporate cybersecurity goals, these reflections are a roadmap for driving resilience and maturity in your OT security strategy.Chapters:00:00:00 - Rewind Kickoff: From Blind Spots to Bold Predictions00:00:46 - The A-Z of Industrial Cybersecurity for OT Environments with Industry Expert Bryson Bort00:10:57 - Gartner, DOGE, and the Future of OT Cybersecurity Policy00:21:38 - Uncovering Blind Spots in OT CybersecurityLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: PrOTect It All (LS 25 · TOP 10% what is this?)Episode: From Plant Operator to OT Security: Stories of Failures and BreakthroughsPub date: 2025-05-26Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow dives deep into the intersection of IT and OT cybersecurity with special guest Gavin Dilworth—a plant operator turned automation engineer and cybersecurity expert. Listen in as Gavin shares his candid and often humorous journey from factory floors to global consulting, including how a workplace near-miss sparked his “lightbulb moment” about the similarities between health and safety and cybersecurity. Aaron and Gavin discuss everything from operators' creative workarounds on the plant floor, to the importance of trust and rapport between IT and OT teams, and why having hands-on experience is key to building effective cybersecurity programs in critical infrastructure environments. You'll also hear real-world stories of technology mishaps, the critical role of plant culture, and the practical challenges organizations face in securing legacy systems while keeping operations running. If you want honest, relatable insights and actionable advice on bridging the IT-OT divide—and a few laughs along the way—this episode is for you. Key Moments: 10:12 Operator Rounds and RFID Challenges 12:56 Operators' Ingenuity and Knowledge 21:29 IT vs. OT: Firmware Update Challenges 26:49 Understanding and Accepting Risk 28:12 Standards, Frameworks, and Continuity 33:08 High Voltage Safety Precautions 40:41 Bridging OT and IT Skills 43:46 Cybersecurity Cross-Training Surge 52:38 CISO Knowledge Gap in OT Security 54:32 "Experience: Essential for Understanding" 01:03:34 DCS System Configuration Challenges 01:06:52 Neglecting Redundancy Risks Operations 01:11:00 Optimizing Underutilized IT Resources 01:20:04 "Understanding Systems Before Advice" 01:22:06 Old Cables Remain Untouched About the guest : Gavin Dilworth's career took an unconventional path. As a plant operator, he was tasked with keeping production running smoothly and monitoring sensor readings, both on the computer and around the factory. However, Gavin was never quite the model operator—rather than dutifully making rounds and comparing readings, he often found himself absorbed in books, dreaming of a future in IT. Though he laughs about being a “pretty terrible operator,” Gavin's story reflects his early drive to pursue his true interests in technology, even when duty called elsewhere. How to connect Gavin : Linkedin : https://www.linkedin.com/in/gavin-dilworth/ Website: https://assessmentplus.co.nz/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: OT Security Made SimpleEpisode: How to build a SIEM SOC in OT? | OT Security Made SimplePub date: 2025-05-22Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationZeek Muratovic, Director of Security Operations at Landis+Gyr talks about the first steps to build a SIEM SOC in OT environments. Being a pragmatist, he proposes a step-by-step approach that prevents OT operators from overkilling their budget AND workload.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Zeek Muratovic, Director of Security Operations at Landis+Gyr talks about the first steps to build a SIEM SOC in OT environments. Being a pragmatist, he proposes a step-by-step approach that prevents OT operators from overkilling their budget AND workload.
In deze aflevering gaat Dave Maasland in gesprek met de CISO van IG&H Sam van Rooij. Vergeet het stereotype van de hacker op zolder: Sam is net zo gepassioneerd over fotografie en kunst als over OT-omgevingen en securityprotocollen.Met een indrukwekkende loopbaan waarin hij meerdere rollen vervulde o.a. bij Volkers Wessels, weet Sam als geen ander hoe belangrijk het is om de mens achter de techniek centraal te stellen. Hij vertelt open over zijn drijfveren, hoe hij het gesprek aangaat binnen organisaties én waarom hij uren kan praten over operationele technologie zonder zijn publiek kwijt te raken.
Podcast: HOU.SEC.CAST.Episode: OT Security with Watch Mr. Wizard Star Sean CurryPub date: 2025-05-14Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationMichael and Sam are catching up with Principal Consultant and Co-Founder at Cavalry Solutions, Sean Curry! Sean talks about his transition from the military to the private sector, the importance of standards like IEC 62443 for OT security, and the best way to align IT and OT teams.Things Mentioned:· New study reveals 92% of industrial sites at risk from unsecured remote access - https://www.securityinfowatch.com/critical-infrastructure/press-release/55262827/new-study-reveals-92-of-industrial-sites-at-risk-from-unsecured-remote-access?utm_campaign=4532845-%5BSocial%5D+News+Mentions,+Articles,+and+Bylines&utm_content=323098968&utm_medium=social&utm_source=linkedin&hss_channel=lcp-12898104· Sean's Talk: https://youtu.be/Lv6ppq6ZaBs?si=IlBtkFJSEuDshGwF Do you have a question for the hosts? Reach out to us at podcast@houstonseccon.com Keep up with HOU.SEC.CON:· LinkedIn· Twitter· Facebook· Instagram· YouTube· Bluesky Check out our other show:· CyberSundayCheck out our Conferences and Events:· HOU.SEC.CON.· OT.SEC.CON.· EXEC.SEC.CON.· HSC User GroupSupport or apply to our Scholarship Program:· TAB Cyber FoundationIn this episode:· Host: Michael Farnum· Host: Sam Van Ryder· Guest: Sean Curry· Production and editing: Lauren Lynch· Music by: August HoneyThe podcast and artwork embedded on this page are from Michael Farnum and Sam Van Ryder, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 62: Defending the Unknown in OT SecurityPub date: 2025-05-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationROI is always a tricky subject in cybersecurity. If you're paying millions of dollars in securing your OT networks, you'd want to be able to show that it was worth it. Andrew Hural of UnderDefense talks about the need for continuous vigilance, risk management, and proactive defense, acknowledging both the human and technological elements in cybersecurity and how just because something didn't happen doesn't mean that it didn't.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
ROI is always a tricky subject in cybersecurity. If you're paying millions of dollars in securing your OT networks, you'd want to be able to show that it was worth it. Andrew Hural of UnderDefense talks about the need for continuous vigilance, risk management, and proactive defense, acknowledging both the human and technological elements in cybersecurity and how just because something didn't happen doesn't mean that it didn't.
Podcast: OT Security Made SimpleEpisode: How to implement Zero Trust in OT environments? | OT Security Made SimplePub date: 2025-05-06Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationZero Trust expert Stefan Sebastian talks us through the process of Zero Trust in critical OT networks like substations - and explains why this will be the make segmentation obsolete.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: OT Security Made SimpleEpisode: The State of Smart Grid Cybersecurity | OT Security Made SimplePub date: 2025-04-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationTodd Wiedman, CISO von Landis+Gyr, spricht über staatliche Bedrohungsakteure, die Gefährdung der Lieferkette und darüber, was die Verlagerung der Gesetzgebungsbefugnis in den USA von der Bundes- auf die Landesebene für die Cybersicherheit intelligenter Stromnetze bedeutet.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Critical Assets PodcastEpisode: From CISO to Startup: OT Security, Leadership, and Lessons from the FieldPub date: 2025-04-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of the Critical Assets Podcast, Patrick Miller interviews Darren Highfill, former CISO of Norfolk Southern, for a candid look behind the curtain of life as a security executive. Darren shares hard-won lessons from building and leading a cybersecurity program in a critical infrastructure environment, including how to gain executive buy-in, scale a team, and align security with business priorities. He reflects on the challenges of translating cyber risk into business risk, managing real-world incidents, and the evolving expectations of the CISO role. Whether you're in the chair now or working toward it, this conversation is packed with practical insights for anyone navigating cybersecurity leadership.Show links:Darren Highfill LinkedIn Profile - https://www.linkedin.com/in/darrenhighfill/NIST Cyber Security Framework (CSF) - https://www.nist.gov/cyberframeworkAnkrd website - https://www.ankrd.com/The podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: OT Security Made SimpleEpisode: Die Rolle des CISO in der OT | OT Security Made SimplePub date: 2025-04-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEileen Walther, General Manager von Northwave Cyber Security, und Klaus Mochalski gehen der Frage auf den Grund, wie sich die Rolle des CISO in der OT-Security verändert hat und was KMUs daraus lernen können. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Industrial Cybersecurity InsiderEpisode: Cybersecurity by Design: Building OT Security Into Your Manufacturing Plant FloorPub date: 2025-04-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino and Craig address the practicalities of building cyber resilience directly into manufacturing environments - rather than after the fact. Using real-world analogies and field-tested insights, they break down why treating OT security like physical safety is crucial. They challenge the outdated mindset of retrofitting cybersecurity protection after deployment of industrial plant floor equipment.This episode covers all the key elements of protecting your plant floor. From the importance of designing cybersecurity upfront, to implementing the SANS 5 Critical Controls, specific to cybersecurity in operational technology (OT) environments. Whether you're planning a greenfield build or managing legacy systems, this episode equips mid-to-senior leaders with actionable strategies to align IT and OT teams, boost visibility across XIoT assets, and future-proof operational environments in high-risk industries.Chapters:00:00:00 - Kicking Off: Why Cybersecurity Can't Be an Afterthought in Manufacturing00:01:52 - Dino's Five Must-Have OT Security Controls You Should Already Be Using00:03:45 - When IT and OT Collide: Real Talk on Silos, Strategy, and Responsibility00:06:08 - You Can't Protect What You Can't See: The Visibility Wake-Up Call00:11:24 - Build It In, Don't Bolt It On: Making Cybersecurity Part of the Machine00:19:26 - Lost Docs and Retiring Experts: Managing Risk Across the Lifecycle00:20:41 - Dino and Craig's Final Word: Start Now, Start Smart—Security Is the New SafetyLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity Insider NewsletterDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you'd like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: OT Security Made SimpleEpisode: ISO 27001 für OT: Mehrwert oder Overhead? | OT Security Made SimplePub date: 2025-03-27Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationKlaus Kilvinger, Managing Director bei den Sicherheitsexperten von Opexa Advisory, berichtet aus seinen vielfältigen Erfahrungen zur ISO 27001. Während diese in der IT bereits ein alter Hut ist, wird sie in industriellen Umgebungen - der OT - häufig mit einer Mischung aus Argwohn und Überforderungen begrüßt. Im Podcast kommen wir dem Mehrwert auf die Spur. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Bites & Bytes PodcastEpisode: Cybersecurity Shouldn't Suck: Fixing the Real Problems with Tom SegoPub date: 2025-03-18Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhat happens when cyber threats hit critical infrastructure? In this episode of the Bites and Bytes Podcast, host Kristin Demoranville sits down with Tom Sego, a cybersecurity leader with a fascinating background from chemical engineering to Apple to professional poker, now focused on making security simpler and more effective for critical infrastructure as CEO at Blastwave. Cyber risks in critical industries are real, but so are the solutions. Kristin and Tom discuss why current security models create more problems than they solve, how the human element is often overlooked, and what needs to change to make security actually work for the people keeping our systems running.
Dale Peterson discusses with Maggie how she got into OT security, her recent move to the Financial Sector, women in ICS security, and more.
Podcast: OT Security Made SimpleEpisode: Aus dem Tagebuch eines OT-Pentesters | OT Security Made SimplePub date: 2025-03-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationPatrick Latus berichtet als passionierter Pentester von vorderster Front der OT-Sicherheit. Von fehlendem Bewusstsein und Expertise bei Herstellern, Anwendenden und Auditor:innen bis zur Frage, ob OT-Sicherheitsvorfälle nur deshalb nicht publik werden, weil sie schlichtweg nicht gesehen werden. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: OT Security Made SimpleEpisode: How do you secure the smart grid infrastructure? | OT Security Made SimplePub date: 2025-02-27Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of OT Security Made Simple, Zeek Muratovic, Director of Security Solutions for the Landis+Gyr group talks about the challenges and shortcomings of energy distributors, and the first steps to secure the growing and ever more complex smart grid infrastructure from the distribution network to the edge like smart meters and EV charging stations.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Please enjoy this encore episode of Word Notes. Hardware and software designed to detect and prevent cyber adversary campaigns that target industrial operations.
Please enjoy this encore of Word Notes. Hardware and software designed to detect and prevent cyber adversary campaigns that target industrial operations. Learn more about your ad choices. Visit megaphone.fm/adchoices
Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | How to secure the smart metering infrastructure?Pub date: 2025-02-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT Security Made Simple welcomes Kenneth Lampinen, Head of Global Security Operations at energy management system provider Landis+Gyr. Kenneth talks about the threats targeting the smart metering infrastructure and why the starting point of cybersecurity is always knowing your turf.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: Bites & Bytes PodcastEpisode: ICS/OT Trends and the Food We Eat: A Conversation with Mike HolcombPub date: 2025-01-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWelcome to the first episode of the second season of the Award-Winning Bites and Bytes Podcast! In this episode, host Kristin Demoranville sits down with Mike Holcomb, Fellow of Cybersecurity and ICS/OT Cybersecurity Global Lead for Fluor. With decades of experience, Mike secures some of the world's largest and most complex ICS/OT environments, from power plants and rail systems to manufacturing and refineries. A passionate advocate for education and community, Mike has built cybersecurity programs, founded the Upstate SC ISSA Chapter, awarded the CyberSC'sC's MG Lester D. Eisner Award for Cyber Excellence in Leadership for the State of South Carolina, and leads the BSides Greenville & BSides ICS conferences. Join Kristin and Mike as they discuss the evolving ICS/OT cybersecurity landscape, Mike's journey as a leader in the field, and the unique challenges facing critical infrastructure, including food and agriculture. Mike also shares personal insights, including his favorite food memories and how cybersecurity connects to everyday systems like agriculture and transportation. Where to find Mike Holcomb: LinkedIn Website Youtube Github Newsletter _______________________________________________ Episode Key Highlights: (0:00:09) - Welcome and Introduction to Mike Holcomb (0:03:10) - Unique Food Combinations and Fun Food Memories (0:07:12) - Highlighting Food and Agriculture in OT Security (0:12:10) - Protecting Critical Infrastructure Systems Impacting Lives (0:17:18) - Food and Agriculture as Complex Critical Systems (0:23:13) - Behind the Scenes of Food Production and Transport (0:24:02) - Cyber Incidents Impacting Grocery Supply Chains (0:30:01) - Regional Food Safety Regulations and Challenges (0:35:10) - Educating Consumers About Food Systems (0:47:25) - Reflections on Community Building in Cybersecurity (0:53:37) - Final ThoughtsMike'ss Personal Message _______________________________________________ Upcoming Conferences:
Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | Looking at smart grid cybersecurity regulation under TrumpPub date: 2025-01-28Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT Security Made Simple welcomes Marguerite Behringer, Director of Regulatory Policy & Industry Relations at Landis+Gyr USA. She talks about the difficulty of US-wide cybersecurity regulation, the grind of redundant requirements and why smart meter cybersecurity needs more frameworks than laws.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Guest: Fahad Mughal, Senior Cyber Solutions Architect - SecurityOn LinkedIn | https://www.linkedin.com/in/fahadmughal/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinView This Show's Sponsors___________________________Episode NotesModern railway systems are increasingly digital, integrating operational technology (OT) to enhance efficiency, reliability, and safety. However, as railways adopt automated and interconnected systems, they also become more vulnerable to cyber threats. In this episode of Redefining Cybersecurity on ITSP Magazine, host Sean Martin speaks with Fahad Ali Mughal, a cybersecurity professional with extensive experience in OT security architecture, about the challenges and priorities of securing railway infrastructure.The Growing Role of Cybersecurity in RailwaysRailway systems have evolved from steam-powered locomotives to autonomous, driverless trains that rely on sophisticated digital controls. OT now plays a crucial role in managing train operations, signaling, interlocking, and trackside equipment. These advancements improve efficiency but also expose railway networks to cyber threats that can disrupt service, compromise safety, and even impact national security. Unlike traditional IT environments, where the focus is on confidentiality, integrity, and availability (CIA), OT in railways prioritizes reliability, availability, and public safety. Ensuring the safe movement of trains requires a cybersecurity strategy tailored to the unique needs of railway infrastructure.Critical OT Systems in RailwaysMughal highlights key OT components in railways that require cybersecurity protection:• Signaling Systems: These function like traffic lights for trains, ensuring safe distances between locomotives. Modern communication-based train control (CBTC) and European Rail Traffic Management Systems (ERTMS) are vulnerable to cyber intrusions.• Interlocking Systems: These systems prevent conflicting train movements, ensuring safe operations. As they become digitized, cyber risks increase.• Onboard OT Systems: Automatic Train Control (ATC) regulates speed and ensures compliance with signaling instructions. A cyberattack could manipulate these controls.• SCADA Systems: Supervisory Control and Data Acquisition (SCADA) systems oversee infrastructure operations. Any compromise here can impact an entire railway network.• Safety-Critical Systems: Fail-safe mechanisms like automatic braking and failover controls are vital in preventing catastrophic accidents.The increasing digitization and interconnection of these systems expand the attack surface, making cybersecurity a top priority for railway operators.Real-World Cyber Threats in RailwaysMughal discusses several significant cyber incidents that highlight vulnerabilities in railway cybersecurity:• 2023 Poland Attack: Nation-state actors exploited vulnerabilities in railway radio communication systems to send unauthorized emergency stop commands, halting trains across the country. The attack exposed weaknesses in authentication and encryption within OT communication protocols.• 2021 Iran Railway Incident: Hackers breached Iran's railway scheduling and digital message board systems, displaying fake messages and causing widespread confusion. While safety-critical OT systems remained unaffected, the attack disrupted operations and damaged public trust.• 2016 San Francisco Muni Ransomware Attack: A ransomware attack crippled the fare and scheduling system, leading to free rides for passengers and operational delays. Though IT systems were the primary target, the impact on OT operations was evident.These incidents underscore the urgent need for stronger authentication, encryption, and IT-OT segmentation to protect railway infrastructure.Cybersecurity Standards and Best Practices for Railways (links to resources below)To build resilient railway cybersecurity, Mughal emphasizes the importance of international standards:• IEC 62443: A globally recognized framework for securing industrial control systems, widely applied to OT environments, including railways. It introduces concepts such as network segmentation, risk assessment, and security levels.• TS 50701: A European standard specifically designed for railway cybersecurity, expanding on IEC 62443 with guidance for securing signaling, interlocking, and control systems.• EN 50126 (RAMS Standard): A safety-focused standard that integrates reliability, availability, maintainability, and safety (RAMS) into railway operations.Adopting these standards helps railway operators establish secure-by-design architectures that mitigate cyber risks.Looking Ahead: Strengthening Railway CybersecurityAs railway systems become more automated and interconnected with smart cities, vehicle transportation, and supply chain networks, cyber threats will continue to grow. Mughal stresses the need for industry collaboration between railway engineers and cybersecurity professionals to ensure that security is integrated into every stage of railway system design.He also emphasizes the importance of real-time OT threat monitoring, anomaly detection, and Security Operations Centers (SOCs) that understand railway-specific cyber risks. The industry must stay ahead of adversaries by adopting proactive security measures before a large-scale cyber incident disrupts critical transportation networks.The conversation makes it clear: cybersecurity is now a fundamental part of railway safety and reliability. As Mughal warns, it's not a question of if railway cyber incidents will happen, but when.To hear the full discussion, including insights into OT vulnerabilities, real-world case studies, and cybersecurity best practices, listen to this episode of Redefining Cybersecurity on ITSP Magazine.___________________________SponsorsImperva: https://itspm.ag/imperva277117988LevelBlue: https://itspm.ag/attcybersecurity-3jdk3ThreatLocker: https://itspm.ag/threatlocker-r974___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | How to translate IT in OT securityPub date: 2025-01-16Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT Security Made Simple welcomes senior OT cyber security expert Mohammed Saad, who spent twelve years developing security solutions at Honeywell. He talks about his experiences with customers, successful attacks and how the communication gap between IT and OT in companies needs to be bridged.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Podcast: KBKAST (LS 31 · TOP 5% what is this?)Episode: Episode 286 Deep Dive: Dean Frye | IT, IoT And OT Security As A Business Continuity ProblemPub date: 2024-12-18Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, we sit down with Dean Frye, Solutions Architect at Nozomi Networks, as he discusses the complex landscape of IT, IoT, and OT security challenges. Dean delves into the critical importance of avoiding an “us vs. them” mentality between IT and OT teams, and how security interruptions can severely impact business continuity. We explore industry-specific vulnerabilities, such as those in factory chicken farming and Tasmanian salmon farming, and emphasize the necessity for executives to have a deeper technical understanding of cybersecurity. Dean also highlights the value of telemetry and real-time reporting, the evolving role of cloud solutions in OT environments, and the importance of a well-integrated, multidisciplinary team to effectively manage cyber risks. Dean Frye is a Solutions Architect for Nozomi Networks in Australia and New Zealand. Dean is an experienced security professional with a demonstrated history of providing compliance strategy, pragmatic risk mitigation, security project delivery, threat abatement and vendor interface solutions with a significant commercial background. Covering more than twenty years, his previous roles span consulting and senior leadership, including a stint at Armis as solutions architect, and another tenure at Cisco as director of security for the APJ region.The podcast and artwork embedded on this page are from KBI.Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Guest: Sian John, Chief Technology Officer, NCC GroupOn LinkedIn | https://www.linkedin.com/in/sian-john/Hosts: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode NotesDuring the recent AISA Cyber Conference 2024 in Melbourne, notable figures Sean Martin and Sian John engaged in a compelling conversation about emerging trends and significant topics within the cyber industry. The discussion covered a range of subjects from the importance of availability in operational technology (OT) security to the environmental implications of artificial intelligence (AI) and analytics. Sean Martin noted the communal focus of the conference, highlighting how initiatives driven by members of the industry, like those led by the AISA Perth chapter (as noted by Sian John), contribute significantly to the cybersecurity community.Sian John MBE provided an in-depth perspective on the global regulatory landscape, pointing out how digital disruption is driving an increase in regulations. She emphasized that privacy regulations now affect more people worldwide than ever before. John observes that while some regions might roll back regulations, the overall trend is increasing around regulatory scrutiny.Another key topic was the carbon impact of AI and analytics. Sian John pointed out the substantial environmental cost associated with training large language models, referencing research by PwC and Microsoft showcasing the significant carbon footprint involved. She argued for the need to integrate sustainability into technological advancements, coining it 'green by design.'The conversation also touched on the vital importance of OT security in the context of achieving net-zero carbon emissions and advancing renewable technology. John pointed out that while OT security has been a topic of discussion for some time, the urgency is now heightened as regulatory focus intensifies and renewable energy projects increase. When it comes to triggers that drive action, finance could win out over regulation in this case.The dialogue also explored the broader implications of security, extending beyond the traditional realms to incorporate business resilience. Martin stressed the necessity for organizations to adopt a risk-aware approach that encompasses both cyber and business risks. He posits that mature organizations, which effectively integrate resilience into their operations, are more adept at navigating regulatory changes and emerging threats.Finally, the cost of security and operational efficiency was discussed. Both speakers agreed that in a world with rising power costs, the drive towards efficient, sustainable practices is also economically motivated. This underscores the intersection of cost, regulation, and sustainability in today's business strategies. As the conversation drew to a close, the future-oriented outlook shared by both speakers reflected a pragmatic approach to the complexities of modern cybersecurity, emphasizing efficiency, regulatory compliance, and sustainability.____________________________This Episode's SponsorsThreatlocker: https://itspm.ag/threatlocker-r974____________________________ResourcesLearn more and catch more stories from Australian Cyber Conference 2024 coverage: https://www.itspmagazine.com/australian-cyber-conference-melbourne-2024-cybersecurity-event-coverage-in-australiaBe sure to share and subscribe!____________________________Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverageTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcastTo see and hear more Redefining Society stories on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-society-podcastWant to tell your Brand Story Briefing as part of our event coverage?Learn More
Security automation needs a machine-readable vulnerability database. Carmit Yadin of Device Total joins us to look at limitations of the widely-used National Vulnerability Database (NVD), and explore a new "data science" alternative.
Security automation needs a machine-readable vulnerability database. Carmit Yadin of Device Total joins us to look at limitations of the widely-used National Vulnerability Database (NVD), and explore a new "data science" alternative.
Dale Peterson speaks with Joel Langill, the SCADAHacker, about his new training course entitled Conducting Threat, Vulnerability, and Risk Assessments For ICS. A two day version of this course will be offered prior to S4x25. Of course Dale and Joel jump around a bit on training, the workforce and other items. Take a listen.
Is your shop floor as secure as you think it is? Innovation in the manufacturing world has made IT-OT convergence much more commonplace today, but is the industry taking the potential risks seriously enough? In this episode, we hear from Fortinet's Director of Marketing for OT Solutions, Rich Springer, about the real threats facing manufacturers within OT networks, and why effective OT security is a non-negotiable today...Rich brings bags of experience to the table, from his early days in furniture and glass factories to his time as a Navy submarine officer and later as the global head of SCADA operations for a major wind turbine company. He shares how these experiences shaped his understanding of the unique cybersecurity challenges facing the manufacturing sector. Painting a picture of how an OT threat can bring production to a standstill, Rich recommends that manufacturers use tabletop exercises to assess risk points and their impact on the whole production line. Rich also explains that part of protecting your OT network is about getting IT and OT teams to work together, and he gives practical advice on how to bridge the gap.In this episode, find out:Rich explains Fortinet's position on OT network security We hear about Rich's diverse career background and how his previous roles prepared him for his role at Fortinet The current state of OT convergence and why companies are yet to take actionRich breaks the misconception that air gaps will protect manufacturers from digital threats Advice for better collaboration between IT and OT teams Rich explains why he's optimistic that manufacturers are paying attention to the right things in securityWhat the report says about manufacturers and their approach to OT systems todayWhat it takes for cybersecurity experts to get executives to pay attention to the threats facing OTHow to run a tabletop exercise to assess threat and impact on production What surprises Rich most about cybersecurity in manufacturing todayEnjoying the show? Please leave us a review here. Even one sentence helps. It's feedback from Manufacturing All-Stars like you that keeps us going!Tweetable Quotes:“The separation of duties should be decided on the tabletop exercise, not when the fire is burning.”“The technology has evolved. So therefore, it has made this air gap strategy a little less realistic over the years. And this is a common challenge.”“When the systems go down, they go to paper. So if the line hasn't stopped, what happens with our suppliers if we have to go paper? Take your tabletop exercise to that level.”Links & mentions:Advancing Digital Transformation in a Time of Unprecedented Cybersecurity Risk, a report on how digital transformation in manufacturing has driven a widespread need for cybersecurity awareness2024 State of Operational Technology and Cybersecurity Report, Fortinet's report on OT cybersecurity Make sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.