300 avsnitt • Längd: 35 min • Dagligen
A curated playlist of Operational Technology and ICS Cyber Security related podcast episodes [any language] by ICS Security enthusiasts. Contact Anton Shipulin / @shipulin_anton on Twitter or LinkedIn if something is missing. Subscribe!
The podcast @BEERISAC: OT/ICS Security Podcast Playlist is created by Anton Shipulin / Listen Notes. The podcast and the artwork on this page are embedded on this page using the public podcast feed (RSS).
In this episode, Kristin Demoranville sits down with AgFuturist Andrew Rose and food safety advocate Dr. Darin Detwiler to discuss why cybersecurity is a growing concern for the food and agriculture industries.
Andrew Rose, an advisor to BIO-ISAC and a leader in agricultural innovation, shares his insights into protecting farmers and food supply chains from cyber threats. Dr. Detwiler, a renowned food safety expert, educator, and author, explains why inaction is the greatest cost to our global food systems. Tune in for an eye-opening conversation on resilience, risks, and real solutions for protecting what feeds us all.
🔊 This is Part 1 of a two-part series.
_______________________________________________
Episode Key Highlights:
(0:00:21) - Introducing Andrew Rose and Dr. Darin Detwiler
(0:00:49) - Andrew Rose: Supporting Agriculture Through Cybersecurity
(0:01:10) - Darin Detwiler: Food Safety Awareness and Advocacy
(0:07:14) - Reflections on the Montreal Conference Panel
(0:08:56) - Challenges in Communicating Cybersecurity to Executives
(0:11:27) - Differences Between Traditional and Cybersecurity Audiences
(0:14:14) - Food and Agriculture as Universal Critical Infrastructure
(0:16:42) - Complexity and Fragility of the Food System
(0:18:19) - Cybersecurity Adoption Barriers for Small Farmers
(0:21:23) - Tech Stacks: Agility vs. Fragility in Food Systems
(0:24:08) - Financial Risks and Proactive Cybersecurity Investments
(0:27:33) - Cost of Doing Nothing: Ignoring Risks in Food Security
(0:30:02) - Corporate Responsibility and Accountability in Cyber Incidents
(0:32:11) - Predictions of a High-Profile Food Cybersecurity Attack
(0:35:09) - Cybersecurity Awareness and Future Resilience Initiatives
_______________________________________________
Show Notes:
Nashville Recommendations from Andrew Rose:
(Hotdogs) I Dream Of Weenie: https://www.facebook.com/IDreamofWeenie
(Ribs) Uncle Bud’s Catfish Chicken & Such: https://www.unclebuds.com/
_______________________________________________
Our panel was at the InCyber Conference in Montreal:
https://northamerica.forum-incyber.com/en/home-en/
InCyber Forum USA (new) San Antonio, TX, June 17-18, 2025:
https://usa.forum-incyber.com/
_______________________________________________
Cyberbiosecurity Summit
February 25-26, Laurel, Maryland:
https://www.cyberbiosecuritysummit.org/
Sumitt to a proposal to speak here:
https://www.cyberbiosecuritysummit.org/sessions
_______________________________________________
BSides ICS/OT Conference 🎉🌟
Feb. 10, 2025, in Tampa, Florida 🌴 (the day before S4x25 Conference)
Call for Papers is OPEN till 12/31/24!
Registration is OPEN: https://www.eventbrite.com/e/bsides-icsot-tickets-1078099778459
General Admission is $30, and Student/Veteran is $20!
Questions or Need more information email: [email protected]
_______________________________________________
Bites and Bytes Podcast Info:
Website: Explore all our episodes, articles, and more on our official website. Visit Now
Merch Shop: Show your support with some awesome Bites and Bytes gear! 🧢👕 Shop Now
Blog: Stay updated with the latest insights and stories from the world of cybersecurity in the food industry. Read Our Blog
Audience Survey: We value your feedback! Help us make the podcast even better. Take the Survey
Claroty Team82 researcher Noam Moshe joins the Nexus Podcast to discuss the IOCONTROL malware used by an Iranian APT actor known as the CyberAv3ngers to target civilian critical infrastructure in the U.S. and Israel. The malware acts as a Linux-based backdoor and has a modular configuration that can be adapted for IoT, OT, and SCADA devices.
Read Team82's research blog: "Inside a New OT/IoT Cyberweapon: IONCONTROL"
Listen and subscribe to the Nexus Podcast here.
In this episode, we sit down with Dean Frye, Solutions Architect at Nozomi Networks, as he discusses the complex landscape of IT, IoT, and OT security challenges.
Dean delves into the critical importance of avoiding an “us vs. them” mentality between IT and OT teams, and how security interruptions can severely impact business continuity. We explore industry-specific vulnerabilities, such as those in factory chicken farming and Tasmanian salmon farming, and emphasize the necessity for executives to have a deeper technical understanding of cybersecurity. Dean also highlights the value of telemetry and real-time reporting, the evolving role of cloud solutions in OT environments, and the importance of a well-integrated, multidisciplinary team to effectively manage cyber risks.
Dean Frye is a Solutions Architect for Nozomi Networks in Australia and New Zealand. Dean is an experienced security professional with a demonstrated history of providing compliance strategy, pragmatic risk mitigation, security project delivery, threat abatement and vendor interface solutions with a significant commercial background. Covering more than twenty years, his previous roles span consulting and senior leadership, including a stint at Armis as solutions architect, and another tenure at Cisco as director of security for the APJ region.
Are you prepared for a cyber-attack? Whether you’re managing a national or state-wide critical infrastructure organisation, or you’re a small rural provider with a lean team, the stakes are higher than ever for Australia’s Energy and Utility operators.
Recorded on 20 November 2024 this webinar discusses the SOCI Act 2018 and the Essential Eight Framework, equipping you with practical strategies to strengthen your organisation's cyber resilience.
Speakers:
Tony Campbell - Principal, Security Consulting & Advisory, Kinetic IT
Gayatri Prasad - Information Security Manager, Kinetic IT
Heath Moodie - Senior OT Threat Intelligence Analyst, Dragos
Moderator: Chris Cubbage - Executive Director & Editor of MySec.TV
For more information visit www.kineticit.com.au
To register for the series visit: https://mysecuritymarketplace.com/security-risk-professional-insight-series-kinetic-it/
#otcybersecurity #cybersecurity #mysecuritytv #kineticit #dragos
This is the story of the secret life of cellular chips and why we need to mitigate against the unintended access they provide. Deral Heiland, Principal Security Research for IoT at Rapid 7, describes a research project he presented at the IoT Village at DEF CON 32 where they compiled AT command manuals from various vendors, discovering unexpected functionalities, such as internal web services.
In this episode, Mark Mattei, Global Director of Industrial Managed Security Services at 1898 & Company, unpacks the high-stakes challenges of protecting vital systems from sophisticated attacks. Host John Vecchi highlights the critical issues surrounding IoT and OT security within industrial critical infrastructure. From the importance of cybersecurity in industrial environments to the practical challenges of compliance and regulation and strategies for mitigating cybersecurity threats without compromising operational integrity, Mark shares key insights and actionable advice for operators in today’s volatile security landscape.
Listeners of this episode will hear about...
The Growing Complexity of OT and IT Security Needs: Mark discusses the increasing sophistication of threats targeting critical infrastructure, including state-sponsored attacks and ransomware, and the complexities operators face in balancing security needs with uninterrupted operations.
Challenges with Compliance and Budget Constraints: Critical infrastructure operators often face budgetary and regulatory challenges that limit their ability to invest in cybersecurity. Navigating mandates like NERC CIP and adapting to regulatory changes is essential but can detract from proactive security efforts.
Building a Supportive Community: Mark encourages operators to reach out within the OT security community for advice and support. With limited experts in this field, sharing knowledge and collaborating can make a significant difference for smaller utilities and organizations facing resource constraints.
Let’s connect about IoT Security!
Follow John Vecchi at https://www.linkedin.com/in/johnvecchi
The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast
We sat down with the Health-ISAC Chief Security Officer to discuss his 25-year career spanning banking, government, and healthcare to identify the biggest cybersecurity threats and trends impacting the healthcare industry in 2025 and beyond.
In this week's episode, Lauren Blocker of Rockwell Automation, shares insights on the evolving landscape of industrial cybersecurity.
From overcoming the challenges of legacy systems to building standards-based security frameworks, Lauren highlights strategies to elevate cybersecurity in manufacturing and beyond.
She emphasizes the importance of aligning IT and OT perspectives, addressing obsolescence risks, and fostering proactive approaches to safeguard critical infrastructure.
Tune in to learn how to bridge the gap between compliance and holistic security while navigating the complexities of the industrial cybersecurity journey.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
Our host Derek Harp sits down with Adam Robbie, Head of OT Threat Research at Palo Alto Networks, live from Hack the Capitol 7.0. Adam shares critical insights into emerging cybersecurity challenges within Operational Technology (OT) environments, including findings from Palo Alto's extensive OT threat landscape research.
Listeners will hear about the top attack vectors impacting critical infrastructure: remote access vulnerabilities, supply chain risks, and lateral movement across networks. Adam discusses the importance of network segmentation, cross-team collaboration between IT and OT, and innovative tools like the Cyberwall, a hands-on demonstration environment showcasing real-world OT threats.
Whether you're an OT security professional or new to the field, this episode delivers practical takeaways to enhance your cybersecurity strategies. Don’t miss this engaging conversation focused on securing control systems and building stronger, collaborative defenses.
Click here to participate in this exclusive event - https://corvosec.com/lonestar-cyber-shootout/
In this episode, Neal Conlon joins Aaron Crow to dive into the details of an extraordinary event set to take place at the renowned STACCATO Ranch.
Listen in as Neal and Aaron describe an exclusive high-energy experience scheduled for cybersecurity decision-makers. Taking advantage of the expansive 800 Acres to Counter Ranch, this event promises tactical and adventurous activities like shooting from helicopters and professional tactical shooting instruction. Beyond the thrill, attendees will enjoy top-tier amenities such as cigars, bourbon, and gourmet food, all within a high-class, safe environment tailored for networking and learning.
Throughout the episode, listeners will hear how Neal Conlon transitioned from the Marine Corps mailroom to becoming a global leader in cybersecurity sales, offering a wealth of industry insights along the way. The hosts emphasize the importance of genuine relationship-building and soft skills in an industry often overshadowed by technical certifications. They critique traditional conferences for their superficial perks and excessive follow-up, promoting their unique event as a refreshing alternative designed to foster meaningful connections and strategic engagement.
Listeners will also gain valuable advice on navigating the complexities of the cybersecurity industry, from managing vendor relationships to understanding procurement cycles, and the crucial role of proactive networking in career advancement.
Tune in to this riveting episode for an inside look at an unparalleled cybersecurity event and invaluable career insights from Neal and Aaron.
Key Moments:
00:10 From hedge fund to data and marketing expert.
04:02 Evolved from client work to sales expertise.
09:23 Cybersecurity requires swift adaptation, networking, and leveraging skills.
13:34 Leadership program improved my skills over time.
17:30 AI evolution reduces need for abstract thinkers.
21:12 Lemming information creates noisy conflict and confusion.
23:53 People voluntarily attend for genuine networking opportunities.
26:39 Two people enjoy baseball game nosebleed seats.
31:06 Control initiatives, build relationships, secure deals.
34:29 Event's unique value and ROI for leaders/vendors.
35:20 Vendor leads often misclassified; true relationships matter.
38:33 Networking and shared experiences build valuable connections.
43:25 High-energy networking event with decision-makers.
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
Please leave us a review on Apple/Spotify Podcasts:
Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124
Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4
Claroty Team82's Noam Moshe and Tomer Goldschmidt join the Nexus Podcast to discuss the research team's latest publication on 10 vulnerabilities discovered in Ruijie Networks' Reyee OS cloud platform. A chain of these vulnerabilities could allow an attacker to remotely execute code on any device connected to the Ruijie cloud. Team82 also developed an attack they call Open Sesame which allows an attacker in proximity of a Ruijie device to use leaked device information and access the internal network.
You can find the research here on Team82's website.
Listen and subscribe to the Nexus Podcast here.
Mike Witt, NASA's Senior Agency Information Security Officer and Chief Information Security Officer for Cybersecurity and Privacy, has a long history of public service. In addition to serving 10 years in the U.S. Army, Mike was the director of the United States Computer Emergency Readiness Team (US-CERT) at the Department of Homeland Security and a key cybersecurity official at the IRS. Now, he’s leading NASA’s efforts to secure spaceflight centers nationwide and their missions to the final frontier.
Tune in to the latest episode of WE’RE IN! to hear more about how NASA balances its out-of-this-world mission with real-world concerns about cybersecurity resulting from increased activity from other space agencies and commercial interests alike.
Listen to learn more about:
OT Security Made Simple trifft IoT Use Cases. Klaus Mochalski spricht mit Madeleine Mickeleit, Geschäftsführerin von IoT Use Cases. Gemeinsam beleuchten sie die Macht von Use Cases anderer bei der Realisierung eigener Projekte, dem Mehrwert von Security-Lösungen in völlig fachfremden Use Cases und den (auch monetären) Vorteilen, die sich aus dem Austausch mit der Community ergeben.
Editor in chief Len Vermillion calls upon executive editor Jim Montague, who wrote a very informative cover story for the November issue of Control on cybersecurity with a series featuring seven systems integrators, now on Control Global.
Len will read the first of that series to get a taste for where Jim’s reporting is going and what engineers can learn about the ever-important topic of OT cybersecurity in process control.
One of those stories is a tale of system integrator Eosys Group, which helped a Tier 1 automotive parts manufacturer protect its plant and enterprise networks.
In this week's episode, Dino and Craig dive into the persistent disconnect between IT and OT teams and its impact on industrial cybersecurity.
They explore why IT tools often fall short on the plant floor and provide actionable insights to achieve true IT/OT convergence.
From addressing the challenges of resource gaps to fostering collaboration between teams, this conversation sheds light on practical strategies to bridge the divide and create a unified approach to industrial cybersecurity on the plant floor and for critical infrastructure.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
האם ניתן להגדיר את מתקפת הביפרים על החיזבאללה כמתקפת סייבר? הנושא פותח דיון שעוסק בהיבטי סייבר רבים ומשמעותיים.
נחשון פינקו מארח את אושר עשור שותף מנהל חטיבת הסייבר בפירמת הייעוץ הבינלאומית אוריין בשיחה מרתקת שמתחילה במתקפת הביפרים וזורמת לטכנולוגיות הגנה, גיוס מומחים בסייבר ועוד
Can the pager attack on Hezbollah be defined as a cyber attack? The topic opens a discussion that deals with many significant cyber aspects.
Nachshon Pincu hosts Osher Asor, co-director of the cyber division at the international consulting firm Auren, in a fascinating conversation that begins with the pager attack and flows into defense technologies, recruiting cyber experts, and more.
In this episode of the CS2AI Podcast, host Derek Harp dives deep into the evolving threats to national security and critical infrastructure with Mark Montgomery, Senior Fellow at the Foundation for Defense of Democracies. Recorded live at the Hack the Capitol 7.0 conference in Washington D.C., this episode sheds light on the increasing cyber vulnerabilities faced by the United States from nation-states like China and Russia, as well as criminal actors exploiting critical infrastructure. Mark shares his extensive experience and expertise, offering insights into how the U.S. government can better prepare and protect itself in the face of modern cyber threats.
Mark discusses the significant mismatch between the capabilities of the Department of Defense and intelligence agencies, and the authorities of civilian federal agencies responsible for protecting sectors like power, water, and transportation. He also highlights the pressing issue of underperforming federal agencies tasked with safeguarding critical infrastructure, and the dire need for a comprehensive, bipartisan approach to cybersecurity legislation. With over 32 years in the U.S. Navy and years of policy work in the federal government, Mark offers a unique perspective on the future of cybersecurity and what needs to change to address these challenges effectively.
One of the key takeaways from this episode is Mark’s call for a more cohesive strategy to defend against cyber threats and protect public safety and economic productivity. Despite the ongoing challenges, there’s a sense of hope as Mark emphasizes the bipartisan nature of cybersecurity solutions and the possibility of enacting meaningful changes. This conversation is essential for anyone involved in cybersecurity, national security, or government policy and provides crucial insights into the future of cyber defense in the United States.
In this episode, host Aaron Crow dives into cybersecurity and risk management with guest Harry Thomas, CTO and co-founder of Freanos. This episode tackles the complexities of managing security risks in large organizations, from outdated systems to inconsistent cybersecurity postures across various sites.
Listeners will learn how companies leverage consultants and community support to bridge knowledge gaps and the importance of operationalizing cybersecurity tools. Harry Thomas shares his views on the evolving landscape of OT security tools, the role of AI in enhancing productivity, and innovative approaches to addressing vulnerabilities in critical infrastructure.
The episode also explores the advantages of hybrid cloud models for improved resilience and ROI and offers practical advice on risk management and adaptability. Get Harry's book recommendations and learn about Freanos' platform, which is designed to efficiently prioritize and mitigate risks.
Tune in for essential knowledge and strategies to "protect it all," whether you're an experienced cybersecurity professional or just starting out. This discussion is packed with actionable insights and innovative perspectives you won't want to miss.
Key Moments:
04:07 Understanding comprehensive risk environments requires collective expertise.
11:43 Flexible onboarding for diverse technological infrastructures.
14:21 Tools are costly; operational transfer challenges value.
17:22 Replicated improves network security troubleshooting efficiency.
21:07 OT must embrace new technologies for growth.
25:17 Cloud's benefits outweigh outdated equipment's drawbacks.
27:12 Fast internet enables remote power plant operation.
30:46 Prioritize resources over patching 80,000 devices.
35:13 Patching insufficient in OT, unlike IT systems.
37:43 Different risk approaches for IT vs. OT scenarios.
45:41 All business involves people, adaptability, and growth.
47:42 Cybersecurity will shift focus to customer impact.
About the guest :
Harry Thomas, a cybersecurity veteran with over a decade of expertise, specializes in offensive penetration testing and securing industrial and healthcare infrastructure. As CTO of Frenos, Harry leads the company’s strategic innovation, focusing on advanced cybersecurity solutions to safeguard critical systems against evolving threats.
An accomplished educator and speaker, Harry has taught “Hacking PLCs” at DefCon and BSIDES Orlando, spoken at BSIDES NH, and appeared on the Secure Insights podcast, sharing insights on cybersecurity challenges and advancements.
Previously, he served as Director of Product R&D at Dragos, where he strengthened security in industrial control systems, and at AWS, where he developed AI/ML-driven User Behavioral Analytics to enhance security. Known for his technical expertise and leadership, Harry is a prominent speaker at global cybersecurity conferences, offering strategic insights into threat mitigation.
Connect Harry:
https://frenos.io/blog/atlas-advanced-threat-landscape-analysis-system
https://frenos.io/blog/proactive-defense-zero-disruption-why-frenos-won-the-datatribe-challenge
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
Please leave us a review on Apple/Spotify Podcasts:
Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124
Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4
Volexity founder Steven Adair joins the Claroty Nexus Podcast to discuss the Nearest Neighbor Attack, a unique attack carried out by Russia's APT 28 against a high-value target in an attempt to gain intelligence on Ukraine prior to the start of the war in February 2022.
APT 28 was able to compromise the Wi-Fi network of its target without being in physical proximity of it. They did so by remotely compromising neighboring organizations, accessing their Wi-Fi networks—creating a daisy-chain of breaches and compromises—until they were able to reach their target.
Volexity's blog contains additional technical details.
Listen to every episode of the Nexus Podcast here.
Emphasizing the importance of collaboration and communication, Mike Holcomb shares his extensive experience and practical insights into securing ICS and IoT environments. Holcomb, ICS/OT cybersecurity global lead at Fluor, stresses mastering basic cybersecurity fundamentals and asset inventory, along with the nuances of integrating IT and OT security. The episode aims to bridge gaps between IT and OT teams to fortify defenses against sophisticated cyber threats.
Listeners will gain valuable insights into critical takeaways, including:
Let’s connect about IoT Security!
Follow John Vecchi at https://www.linkedin.com/in/johnvecchi
The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast
In this episode of The Security Sandbox, hosts Vivek Ponnada and Sandeep Lota will dive into the top cybersecurity trends that shaped 2024 and discuss our predictions for 2025, including:
▶️ The impact of emerging technologies like AI on cybersecurity
▶️ The latest trends in threat actor tactics targeting operational technology
▶️ How zero trust initiatives are changing industrial network architecture
▶️ The growing role of Secure by Design principles
▶️ Upcoming regulations driving cybersecurity enhancements across industries
▶️ Why proactive defense in OT environments will be a key initiative in 2025
Visit Our Website
Follow Us on LinkedIn
When we think of IoT, we first think of our smart light bulbs, our smart TVs, our smart baby monitors. However, we don't typically associate IoT with high-performance race cars, and yet they collect terabytes of data each race. Austin Allen, Director of Solutions Architecture at Airlock Digital, discusses the growing presence of smart devices and the responsibility of securing them—should it be the developers who write the code, or the individuals who implement it?
Join Derek Harp and his guests from Rapid7—Lonnie Best, William Price, and Nicholas Butcher—as they delve into the critical challenges and exciting opportunities within the Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity landscape. Recorded live at Hack the Capitol 7.0, this episode highlights the growing demand for OT cybersecurity, innovative approaches to managing threats, and the evolving dynamics between IT and OT professionals.
In this episode, the panel discusses real-world examples of managing ICS threats, the nuances of integrating OT into traditional IT security frameworks, and the importance of trust and communication in bridging gaps between teams. Learn how managed security services are adapting to meet the unique demands of OT environments and why collaboration across roles and expertise is essential.
Whether you’re a seasoned professional or new to the field, this episode offers actionable insights and inspiring stories that highlight the importance of securing critical infrastructure in today’s evolving threat landscape.
Visit cs2ai.org to learn more about resources, events, and professional development opportunities in OT and ICS cybersecurity.
In this episode, host Aaron Crow is joined by special guest Mike Holcomb to discuss the intricate realm of Industrial Control Systems and Operational Technology (ICS/OT) cybersecurity. The episode also spotlights the upcoming event B Sides ICS, an open and community-centric conference set to run alongside the prestigious S4 conference in Tampa.
Mike Holcomb provides insights into the much-anticipated ticket sales for the event and underscores the importance of submitting papers or presentations by the end of the year. The discussion emphasizes the significance of expertise in OT, cyber, and enterprise operations for top-level management and how events like B Sides ICS and S4 promote networking, learning, and professional development.
Listeners will gain a deeper understanding of the origins of B Sides events, the excitement surrounding B Sides ICS, and the impactful discussions and innovations poised to shape the future of ICS/OT cybersecurity. Whether the audience comprises newcomers or seasoned professionals, this episode offers valuable takeaways for everyone.
Key Moments:
00:00 Educating and supporting ICS & OT cybersecurity communities.
04:28 Passionate about learning and sharing cybersecurity knowledge.
08:59 B Sides: Global community-focused conference events.
10:43 Bringing B-Sides to Greenville increased attendance.
16:29 Promote diverse perspectives in OT cybersecurity.
19:01 Active Directory challenges in IT-OT integration.
21:07 Active Directory simplifies system management, poses risks.
28:57 Lean on IT for the correct Active Directory setup.
31:52 Availability is crucial in an OT environment.
34:14 Integrating IT and OT for enhanced cybersecurity collaboration.
36:16 IT and OT integration needs improvement.
40:54 Exploring cybersecurity in ICSOT across various sectors.
About the guest :
Mike Holcomb is the Fellow of Cybersecurity and the ICS/OT Cybersecurity Global Lead for Fluor, one of the world’s largest engineering, procurement, and construction companies. His current role provides him with the opportunity to work in securing some of the world’s largest ICS/OT environments, from power plants and commuter rail to manufacturing facilities and refineries. He has his Masters degree in ICS/OT cybersecurity from the SANS Technology Institute. Additionally, he maintains cyber security and ICS/OT certifications such as the CISSP, GRID, GICSP, GCIP, GPEN, GCIH, ISA 62443, and more.
He posts regularly on LinkedIn and YouTube to help others learn more about securing ICS/OT and critical infrastructure.
How to contact Mike:
Website : https://www.mikeholcomb.com/
Youtube : https://www.youtube.com/@utilsec
LinkedIn: https://www.linkedin.com/in/mikeholcomb/
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
Please leave us a review on Apple/Spotify Podcasts:
Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124
Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4
The practice of engineering dates back thousands of years, incorporating science and mathematics to solve problems in the ancient world, and remains a key requirement for developing the complex digital systems controlling the physical systems core to our modern way of life. Unfortunately connectivity and complexity have created a vulnerability we must now engineer our way out of, and just like risk management, engineering is about balancing constraints.
Andrew Ginter is a recognized thought leader within the industrial security space with decades of real world experience and the willingness to distill that knowledge into a series of book on operational technology cybersecurity. Mr. Ginter's latest book "Engineering-Grade OT Security, a manager's guide" explores risk elements over multiple chapters and provided a great intersection with ESRM principles. A self professed collector of industry wisdom, Andrew was quick to highlight Cyber Informed Engineering principles for security engineering within OT and call out calculation issues when risk assessing black swans yet also offering an elegant approach to resolution.
Due to a technical glitch, this episode joins Andrew, Tim and Doug in mid-conversation about Cyber Informed Engineering instead of the typical introduction banter of most episodes.
In dieser Episode von OT Security Made Simple sprechen wir mit Gerald Krebs von TÜVIT über den Stand der NIS2-Umsetzung in Unternehmen. Gerald erläutert, warum Unternehmen Cybersicherheit gerade auf die lange Bank schieben und wie das Aussitzen schnell ein paar Millionen Euro kosten kann (nicht nur wegen der Strafen!). Viel wichtiger aber: Gerald gibt Tipps, wie Unternehmen die ersten Schritte nehmen können, ohne sich selbst zu überlasten.
We speak with Shahmeer Amir, CEO & Co-Founder of SpeeQR and his activities in hacking satellite transmissions.
Shahmeer stands as a globally recognized Entrepreneur, world renowned public speaker and Ethical Hacker, awarded Entrepreneur of the year 2024 for founding multiple startups including Speeqr and also ranking as the third most accomplished bug hunter globally. Shahmeer has been invited to speak at 130 international conferences including Blackhat, DefCON, GiSec, National Security Summit, One Conference, and International Cyber Security. His expertise has been instrumental in assisting over 400 Fortune companies, such as Facebook, Microsoft, Yahoo, and Twitter, in resolving critical security issues within their systems. Shahmeer's entrepreneurial ventures in the technology realm have led to the establishment of multiple startups, with his current role involving the leadership of Speeqr, and involvement in Veiliux and Authiun. He serves as the Cyber Security Advisor to the Ministry of Finance in the Government of Pakistan. His involvement spans various projects, including Deep Sea Tracking, Digital Transformation of Legislation, and the Digitization of Pakistani Cultural Content. As a testament to his influence in the tech industry, he holds a position on the Forbes Technology Council.
Cyber Security Asia 2024 took place on 7 – 8 October 2024 at ParkRoyal Hotel, Kuala Lumpur – bringing together top experts and practitioners for in-depth talks, and exclusive networking opportunities. It is a platform for the development of partnerships and strategies and highlights the latest technologies that are ensuring the safety and security of government, industry and individual.
#mysecuritytv #austaraliainspacetv #csa2024 #spacecyber
In this episode of the Bites and Bytes Podcast, Kristin Demoranville is joined by Radojka Barycki, Director of Training and Consulting at Safe Food Alliance and a food safety expert with nearly 25 years of experience. Together, they explore how cybersecurity and food safety are becoming inseparable in today’s technology-driven world. Radojka shares her perspectives on emerging challenges like AI and traceability, the role of proactive strategies in protecting global food systems, and why trust is the foundation of food safety. With stories from her personal journey and actionable insights for industry professionals, this episode sheds light on how innovation can both secure and transform the food industry. A must-listen for those passionate about food safety, technology, and consumer protection!
_______________________________________________
Episode Key Highlights:
(0:02:09) - Food Defense and Cybersecurity Collaboration
(0:03:20) - Awareness of Cybersecurity Threats in Food
(0:05:55) - Personal Risk Assessments and Security Mindsets
(0:11:26) - Integrating Cybersecurity in Food Safety Audits
(0:13:37) - Vulnerabilities in Automated Food Processes
(0:16:17) - Challenges in Traceability and AI Adoption
(0:19:00) - Reactive Policies vs. Proactive Prevention in Food Safety
(0:22:28) - Impacts of Food Safety Incidents on Consumer Trust
(0:27:56) - Resources for Food Defense and Risk Assessment
_______________________________________________
Show Notes:
Traceability rule:
Food Adulteration:
Food Safety Modernization Act (FSMA):
Food Defense:
https://www.fda.gov/food/food-defense
AI for Traceability:
Carrot Juice Cotulism Incident 2006:
https://www.cidrap.umn.edu/botulism/fourth-botulism-case-linked-carrot-juice
Hazard Analysis Critical Control Point (HACCP) & the Seven Principles:
https://food.unl.edu/article/haccp-seven-principles
Peanut Corporation of America and FSMA:
https://www.nejm.org/doi/full/10.1056/NEJMp1109388
Boars Head Incident 2024:
McDonald’s Onion E. coli Incident 2024:
Spinach E. coli Outbreak 2006:
https://archive.cdc.gov/www_cdc_gov/ecoli/2006/spinach-10-2006.html
Tesla products mentioned: Cybercab, Robovan, Bot
https://www.tesla.com/we-robot
Satellite made of wood called LignoSat (Japanese):
FDA:
Food Defense Plan Builder:
https://www.fda.gov/food/food-defense-tools/food-defense-plan-builder
Food Defense Mitigation Strategies Database:
https://www.hfpappexternal.fda.gov/scripts/fooddefensemitigationstrategies/index.cfm
_______________________________________________
🌟 Exciting News! AnzenSage, the company behind the Bites and Bytes Podcast, has been selected as a finalist for the 2024 Loudoun Innovation Challenge! 🏆 But we need your support to win the People’s Choice Award!
🗳️ Voting is open NOW until Wednesday, December 4 at midnight (EST), and it only takes a few seconds—no email required! Cast your vote for AnzenSage here: https://www.surveymonkey.com/r/P95VYR2 ✅
Thank you for helping us raise awareness about the critical cybersecurity risks in food and agriculture! 🌾🔒 Your support means the world! 💛
_______________________________________________
BSides ICS/OT Conference 🎉🌟
Feb. 10, 2025, in Tampa, Florida 🌴 (the day before S4x25 Conference)
Call for Papers is OPEN till 12/31/24!
Registration is OPEN: https://www.eventbrite.com/e/bsides-icsot-tickets-1078099778459
General Admission is $30, and Student/Veteran is $20!
Questions or Need more information? Email [email protected]
_______________________________________________
Bites and Bytes Podcast Info:
Website: Explore all our episodes, articles, and more on our official website. Visit Now
Merch Shop: Show your support with some awesome Bites and Bytes gear! 🧢👕 Shop Now
Blog: Stay updated with the latest insights and stories from the world of cybersecurity in the food industry. Read Our Blog
Audience Survey: We value your feedback! Help us make the podcast even better. Take the Survey
Schedule a Call with Kristin: Want to share your thoughts? Schedule a meeting with Kristin! Schedule Now
Bryson is joined by Sara Patrick, President and CEO at the Midwest Reliability Organization (MRO) to discuss cyber threats, mitigation strategies, and the United States energy infrastructure system. A lawyer by training, Sara led MRO’s enforcement group and compliance monitoring team for 16 years before stepping into her position as CEO.
What risks does AI pose to maintaining a reliable grid? How does MRO build resilience into the Northeast bulk power grid? What do smaller organizations need to be able to mitigate threats?
“When we think about operations, we're a lot of times focused on the bigger organizations. But from a cyber perspective, it really doesn't matter the size of your organization. You're all susceptible,” Sara explained.
Join us for this and more on this episode of Hack the Plan[e]t.
Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology.
This episode delves into the pivotal issues surrounding the 2024 election and Mississippi's policy landscape. Lucien Smith shares his expert analysis on the presidential race, critical battleground states, and the implications for both the nation and Mississippi. The conversation also explores the state’s path toward universal school choice, tax reform, and structural government changes ahead of the 2025 legislative session. Gain unique insights into what’s at stake for Mississippi’s political and educational future, along with a look at emerging leadership for the 2027 gubernatorial race. Don’t miss this deep dive into the decisions shaping Mississippi and beyond.
In Episode 33, Aaron Crow explores the transformative impact of automation and AI in the Operational Technology (OT) sector, joined by industry expert Shane Cox from Morgan Franklin Cyber. This episode deepens how AI and automation can enhance security operations when balanced with human oversight and strategic implementation.
Shane Cox shares insights on Morgan Franklin's flexible and expert-driven approach to Managed Detection and Response (MDR) services, emphasizing the importance of tailored client partnerships and continuous collaboration. The discussion highlights the potential of AI to revolutionize security while addressing the unique challenges and risks of integrating automated solutions.
Tune in to learn how the right blend of technology, expertise, and strategy can drive effective security solutions and foster long-term client relationships in today's evolving cybersecurity landscape.
Key Moments:
05:15 Flexible, evolving security service, partnership-focused approach.
07:06 Diverse tools are essential for all organizations.
12:58 Weekend setup complete; improved over subsequent months.
15:30 MDR/XDR: Cloud-based threat detection and response.
18:21 Flexible MDR service integrates client environments efficiently.
21:38 Integration speeds up threat detection and response.
24:52 Cautious automation best balances efficiency and control.
29:50 AI assists coding by highlighting potential errors.
32:12 People are crucial for effective security automation.
35:51 Superior team preferred over superior product.
39:06 AI integration risks due to untested promises.
41:46 Adapting security training amidst AI automation challenges.
Guest Profile:
Shane Cox leads the Cyber Fusion Center at MorganFranklin Cyber where he is responsible for the delivery of managed services such as Orion MDR, Advanced Detection and Response (ADR), Threat Hunting, Adversary Simulation, Cyber Threat Intelligence (CTI), and Incident Response and Management.
Shane has over 25 years of experience in IT and Cyber Security, leading the development and optimization of security programs within enterprise and managed services environments. He has deep experience and success providing customized, business-aligned security outcomes for a diverse range of client environments and industry verticals.
How to connect with Shane:
https://www.linkedin.com/feed/update/urn:li:activity:7264640034891337730
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
Please leave us a review on Apple/Spotify Podcasts:
Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124
Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4
In dieser Episode von OT Security Made Simple begrüßen wir Rainer Stecken vom Deutschen Verein des Gas- und Wasserfaches. Rainer zeigt die Herausforderungen im Wassersektor auf und stellt das Konzept eines Sektor-SOCs vor, das seit Anfang 2024 die Cybersicherheit mehrerer Wasserunternehmen zusammenführt.
What would happen if your GPS signal were jammed? It would impact more than just navigation – you'd also lose access to financial data and power. Joe Marshall, Senior IoT Strategist and Threat Researcher at Cisco Talos, discusses an innovative solution to maintain the country's power grid operations in the event of GPS jamming, whether it's a precautionary measure or an act of war.
Explore the fast-evolving field of OT cybersecurity with Emma Duckworth, a professional whose journey from chemical engineering to securing operational technologies highlights the growing need for cross-functional collaboration in industrial environments.
Emma shares her experiences working on the plant floor, the challenges of uniting IT and OT teams, and the role of emerging technologies like intrusion detection and prevention systems in safeguarding manufacturing processes.
Gain practical insights into career paths, mentorship, and the critical importance of hands-on learning in this dynamic industry.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
Derek Harp hosts Virginia "Ginger" Wright, a program manager at Idaho National Laboratory, known for her pioneering work in cybersecurity for critical infrastructure. Ginger shares the history and importance of Cyber Informed Engineering (CIE) and how this engineering philosophy integrates safety protocols directly into the design of industrial systems, making them resilient against cyber threats. They discuss the origins of CIE in nuclear energy safety, the unique assets of Idaho National Laboratory, and the vital role engineers play in safeguarding critical infrastructure. Ginger also dives into practical resources like the Cyber Informed Engineering Implementation Guide, sharing how organizations and educators can adopt this methodology. Join us for insights into CIE’s impact on the future of OT and ICS cybersecurity.
Recent years have seen a growing awareness of the vulnerabilities in our critical infrastructure to cyberattacks, particularly from nation-states like Russia, Iran, and China. In this episode of the IoT Security Podcast, host John Vecchi welcomes Khris Woodring, Senior Cybersecurity Architect at Syngenta, to explore the evolving challenges and opportunities in securing critical infrastructure. From his serendipitous journey into the field to actionable insights on workforce development, Khris shares how industries can overcome the persistent talent gap and drive proactive change in OT security.
Key topics include:
Tune in for a passionate discussion on how to protect the systems that make modern life possible—and the steps we can take to secure a resilient future.
Let’s connect about IoT Security!
Follow John Vecchi at https://www.linkedin.com/in/johnvecchi
The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast
In this episode, Aaron is joined by Paul Shaver, an experienced OT security consultant from Mandiant, part of Google Cloud. Together, they navigate the nuanced landscape of operational technology (OT) cybersecurity.
The episode begins with Aaron recalling a critical incident at a power plant that underscores the potential pitfalls in OT environments. This sets the stage for a rich discussion on the evolution of OT technology, with Aaron and Paul reminiscing about primary domain controllers and early NT workstations.
The conversation shifts to the future of OT in the cloud, where Paul highlights the benefits of cloud solutions, including enhanced resiliency, security, and data optimization through AI. A compelling customer case study illustrates modern technology adoption with web-based HMIs and Chromeboxes.
Paul offers a detailed analysis of the current OT cybersecurity landscape, addressing the persistent legacy system challenges and the need for a cohesive IT-OT security strategy. He discusses the evolving threat landscape influenced by global geopolitical tensions and the rise of zero-day vulnerabilities.
Listeners will gain practical insights into foundational cybersecurity measures, such as network segmentation, asset inventory management, and robust access control..
Key Moments:
04:14 Connecting IT and OT optimizes processes securely.
09:54 Lost production severely impacts manufacturing revenue recovery.
14:06 Ensure network notifications; control access, separate credentials.
17:10 Engineers need secure access to adjust parameters.
21:55 Endpoint detection on older systems is critical.
28:47 Resilience is crucial in CrowdStrike incident response effectiveness.
32:11 Limited resources for global incident response efforts.=
39:22 Rebuilt domain controller caused authentication issues.
42:37 Focus on resiliency and cloud opportunities, leveraging multi-cloud.
44:59 Improve grid operations using cloud and hyper-converged technology.
48:38 Local cloud provides redundancy for remote sites.
51:15 Critical for acquisition process and problem-solving.
About the guest :
Paul Shaver has dedicated more than two decades to various roles in Operational Technology (OT), primarily within the oil and gas industry. His expertise spans OT architecture, design, and build, along with run and maintaining responsibilities as an asset owner.
Before transitioning into cybersecurity, Paul served as a Technology Director for an oil and gas company in California. Driven by a burgeoning interest in security, he joined Mandiant nearly five years ago. At Mandiant, now part of Google, Paul relishes the mission of enhancing security postures in OT and critical infrastructure, contributing to significant advancements in the field.
How to connect Paul: https://www.linkedin.com/in/pbshaver/
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
Dale Peterson speaks with Joel Langill, the SCADAHacker, about his new training course entitled Conducting Threat, Vulnerability, and Risk Assessments For ICS. A two day version of this course will be offered prior to S4x25.
Of course Dale and Joel jump around a bit on training, the workforce and other items. Take a listen.
As the holidays approach, manufacturing and critical infrastructure organizations face unique cybersecurity challenges due to reduced staffing and associated increased vulnerabilities.
This episode delves into practical strategies for senior leaders and plant managers to secure their operational technology (OT) environments without disrupting production.
By adopting continuous monitoring, fostering cross-functional IT-OT collaboration, and engaging OT-specific vendors, organizations can reinforce their cyber resilience.
Through real-life scenarios, the hosts discuss how proactive planning and structured security practices are vital to maintaining operational continuity and mitigating risks in complex industrial settings.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
In this episode, host Derek Harp sits down with Bryson Bort and Tom Van Norman, co-founders of ICS Village and creators of Hack the Capital. They discuss the origins and evolution of Hack the Capital, now in its seventh year, and the conference’s unique focus on bridging cybersecurity professionals with policy makers and industry leaders. They dive into the value of hands-on learning, the launch of Workforce Development Day, and the ongoing need for practical cybersecurity education and career opportunities for all. Bryson and Tom also highlight the significance of candor in the field and what attendees can look forward to at future conferences. Tune in for insights into the world of OT and ICS cybersecurity, hands-on training, and the importance of building community partnerships.
In this episode of the Bites and Bytes Podcast, host Kristin Demoranville welcomes her good friend and former colleague, Mike Delaney, a seasoned corporate lawyer and partner with expertise in complex legal matters across industries. With over two decades of experience, Mike has held leadership roles at multinational corporations, where he managed global compliance, risk, and corporate governance.
Kristin and Mike explore the real-world challenges in food cybersecurity, sharing stories from their work together and discussing how industries like food manufacturing and supply chains adapt to meet today’s cybersecurity threats. From legal and compliance perspectives to human and technological considerations, this episode contains practical insights and firsthand experiences.
_______________________________________________
Show Notes:
DISARM Framework:
https://www.disarm.foundation/framework
Beekeeper movie:
https://www.imdb.com/title/tt15314262/
SEC Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies:
https://www.sec.gov/newsroom/press-releases/2023-139
Form 8-K:
https://www.sec.gov/files/form8-k.pdf
_______________________________________________
Episode Key Highlights:
(0:00:00) - Food Memories and Personal Connections
(0:06:50) - Industry’s Push for Modernization in Cybersecurity
(0:21:00) - Key Supply Chain Vulnerabilities in Food
(0:31:28) - SEC’s New Cybersecurity Reporting Rules
(0:43:00) - Rising Cyber Threats Targeting Food Sector
_______________________________________________
Bsides ICS/OT Conference 🎉🌟
Feb. 10, 2025 in Tampa, Florida 🌴 (day before S4x25 Conference)
Call for Papers is OPEN till 12/31/24!
Registration is OPEN: https://www.eventbrite.com/e/bsides-icsot-tickets-1078099778459
General Admission is $30 and Student/Veteran is $20!
Questions or Need more information email [email protected]
_______________________________________________
Bites and Bytes Podcast Info:
Website: Explore all our episodes, articles, and more on our official website. Visit Now
Merch Shop: Show your support with some awesome Bites and Bytes gear! 🧢👕 Shop Now
Blog: Stay updated with the latest insights and stories from the world of cybersecurity in the food industry. Read Our Blog
Audience Survey: We value your feedback! Help us make the podcast even better. Take the Survey
Schedule a Call with Kristin: Want to share your thoughts? Schedule a meeting with Kristin! Schedule Now
In this episode, host Aaron Crow addresses the pressing issue of cybersecurity for small and medium-sized businesses. With their limited budgets and resources, these enterprises are often prime cyberattack targets.
Aaron explains why these businesses are particularly vulnerable, the potentially devastating impacts of a cyber incident, and practical measures they can adopt to strengthen their cybersecurity without incurring significant costs.
Listeners will uncover insights on establishing basic cybersecurity policies, the critical importance of monitoring, and strategies for preparing for potential breaches.
This episode is filled with valuable tips that could ensure the survival and success of your business amid today's escalating cyber threats.
Key Moments;
00:00 Cybersecurity challenges and solutions for small businesses.
03:24 Startups are vulnerable due to inadequate cybersecurity measures.
06:30 Use secure passwords, educate employees, and use tools.
11:26 Segregate networks to protect sensitive data.
14:46 Effective monitoring requires time, effort, and setup.
16:10 DNS filtering blocks malicious sites, prevents attacks.
20:29 Plan proactively to manage events before crises.
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
We had the privilege of speaking with Steven Sim, Chair of the OT-ISAC Executive Committee, during the recent summit in Singapore. As a seasoned expert in operational technology (OT) cybersecurity, Sim shared valuable insights into the importance of information sharing, the growing threat of ransomware, and the transformative role of AI in cybersecurity.
Kicking off the podcast, Steven introduced the Executive Committee and its pivotal role in driving OT-ISAC’s mission to foster a collaborative community and promote best practices. By providing advisory support and strategic guidance, the committee ensures OT-ISAC stays at the forefront of cybersecurity initiatives.
Balancing Information Sharing and Confidentiality
One of the most pressing challenges in OT cybersecurity is striking the right balance between information sharing and safeguarding sensitive data. He explained that OT-ISAC has implemented robust measures, such as the Traffic Light Protocol and data anonymization techniques, to protect confidentiality while promoting collaboration. The platform also employs protocols like STIX and TAXII to automate the exchange of cyber threat intelligence, enabling members to quickly share and respond to emerging threats.
Cross-Jurisdictional Collaboration
With cyber threats spanning borders, cross-jurisdictional collaboration is essential. Sim highlighted that OT-ISAC allows members to share threat intelligence across different regions without breaching data sovereignty regulations by anonymizing the information sources. This approach strengthens global defenses against transnational cyberattacks.
The Growing Threat of Ransomware
Ransomware remains a significant risk to OT environments. Steven urged organizations to avoid paying ransoms, citing the risks and long-term consequences. Instead, he emphasized the importance of investing in strong business continuity and incident response plans. By focusing on resilience and preparedness, organizations can minimize their exposure to future attacks.
AI’s Role in OT Cybersecurity
He also discussed the potential of AI in OT cybersecurity, noting its ability to streamline incident response and improve threat detection. However, he cautioned that while AI offers powerful advantages, it must be implemented with human oversight to manage the risks associated with automated systems.
Steven Sim has worked for more than 25 years in the cybersecurity field with large end-user enterprises and critical infrastructures, undertaken global CISO role, driven award-winning CSO50 security governance and management initiatives and headed incident response, security architecture, technology, awareness and operations at local, regional and global levels. He leads cybersecurity across large MNC, heading 8 direct reports at Group Cybersecurity Department as well as indirect reports across regional offices and local business units in 42 countries.
He oversees both IT and OT Security Governance, Global Cybersecurity Technology Management and Incident Response as well as Cyber Security Masterplan Office.
Always keen to give back to the community, he also volunteers at the ISACA Singapore Chapter (which won ISACA Global Outstanding Chapter Achievement in 2022) as the President (from 2021 to 2022) and OT-ISAC (since 2021), the second key thrust of the SG's OT Cybersecurity Masterplan 2019, as Chair Executive Committee, as well as member of Geneva Dialogue Technical Community, and holds Masters in Computing, CCISO, CGEIT, CRISC, CISM, CISA, CDPSE, CISSP as well as technical certifications GICSP, GREM, GCIH and GPPA.
Recorded 5th Sept 2.30pm. Singapore Operational Technology Information Sharing and Analysis Summit 2024
#otcybersecurity #mysecuritytv #cybersecurity #singaporecybersecurity
Cybercriminal tactics against ICS include direct threats against individuals for MFA credentials, sometimes escalating to physical violence if they won’t share. Jim Coyle, US Public Sector CTO for Lookout, warns about the increasing use of Android in critical Industrial Control Systems (ICS), such as HVAC systems, and how stealing MFA tokens from mobile devices could affect critical services like healthcare, finance, and water supply, depending on the goals of the attackers.
Businesses and government organizations have seen threats to critical US infrastructure on the rise in recent years, particularly within IoT and OT systems, posed by cyberattacks, notably from state actors like Iran. With that context, Joel Goins, a veteran of manufacturing, oil and gas, and OT security at large, talks with John Vecchi about the critical need for enhanced security measures for data centers and other vital components, the vulnerabilities present in IoT devices, and the essential steps companies must take to safeguard against both traditional and emerging cyber threats.
Let’s connect about IoT Security!
Follow John Vecchi at https://www.linkedin.com/in/johnvecchi
The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast
In this episode, the conversation centers on the critical role of operational technology (OT) security and the unique contributions of the S4 Conference. Dale Peterson shares his journey and insights into the challenges of underrepresentation in cybersecurity, especially for women and other groups, and highlights innovative scholarship initiatives aimed at bridging this gap. The discussion also delves into the evolving landscape of AI in cybersecurity, addressing both its potential and the complexities it brings. Listeners will gain valuable perspectives on managing cybersecurity risks, prioritizing investments, and developing effective recovery strategies in OT environments. As we look forward to S4 2025 in Tampa, Florida, this episode offers a glimpse into the future of cybersecurity and the importance of resilience in our systems
Runsafe Security CEO and Cofounder Joe Saunders joins the Nexus Podcast to discuss the strategic shift from certain APTs toward destructive cyberattacks targeting U.S. critical infrastructure. Groups such as Volt Typhoon and Sandworm have aggressively focused their efforts on hacking OT, IoT, and healthcare organizations, opening new fronts that asset owners and operators, as well as manufacturers of embedded systems must now contend with.
OT Cybersecurity Engineer, Noah Duckworth, joins Dino Busalachi for this episode. They discuss the challenges and nuances of industrial cybersecurity, as he shares insights from his experience working in the OT (Operational Technology) cybersecurity space.
Noah talks about the complexities of integrating traditional IT cybersecurity measures within industrial networks, the specific tools and practices used, and the importance of safe, industry-specific approaches to vulnerability management.
He also provides a perspective on various industrial sectors, such as food and beverage and transportation, and how cybersecurity requirements vary across different verticals and environments.
This episode offers valuable insights into the evolving field of OT cybersecurity and practical advice for professionals interested in protecting critical infrastructure as well as entering the field of industrial cybersecurity.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
In this episode, host Aaron Crow is joined by Clint Bodungen, Director of Cybersecurity Innovation at Morgan Franklin Cyber and founder of Threatgen, alongside Michael Welch, Managing Director at Morgan Franklin Cyber. Together, they delve into the ever-evolving world of cybersecurity in honor of Cybersecurity Awareness Month.
Aaron kicks things off by discussing the importance of iterative processes and tabletop exercises in enhancing decision-making and preparedness. The conversation then shifts to the exciting yet complex role of AI in cybersecurity, particularly in operational technology (OT) and critical infrastructure. The experts emphasize the potential of generative AI for data analysis while underscoring the need for human oversight to avoid biases and misinformation.
Clint introduces an “engineering informed cyber” approach to better integrate OT and IT in managing cybersecurity risks, while Aaron stresses the importance of collaboration between cybersecurity professionals and engineers. The episode also tackles balancing convenience and security, the intricacies of password management, and the critical role of communication and trust.
Listeners will gain valuable insights into AI’s role in enhancing security operations, the consequences of system failures, and the debate between compliance and true security. This episode offers expert opinions, real-world examples, and practical advice for navigating today’s cybersecurity challenges. Join us for a comprehensive discussion on protecting our digital world.
Key Moments:
04:20 Generative AI aids efficient GRC and cybersecurity management.
08:40 AI lacks context for verifying asset information.
11:38 Generative AI creating and automating malware tools.
15:58 Building data centers using decommissioned power plants.
17:14 Regulation growing in infrastructure for compliance security.
22:09 Compliance is binary; partial compliance isn't sufficient.
24:33 Prioritize "engineering informed cyber" for OT resilience.
28:14 Collaboration between IT and OT is essential.
33:54 Frustration with excessive video game security measures.
34:49 Cybersecurity fails due to over-engineering complexity.
40:49 Make security easy with password managers, authenticators.
42:31 AI improves tabletop exercises for comprehensive insights.
45:31 Generative AI augments human capabilities and creativity.
48:08 Automated injects streamline engagement and business continuity.
53:46 Executives misunderstand risk, leading to false security.
54:29 Strong IT security, but vulnerable weak points.
About the Guests :
Clint Bodungen:
Clint Bodungen is a globally recognized cybersecurity professional and thought leader with 30 years of experience (focusing primarily on industrial cybersecurity, red teaming, and risk assessment). He is the author of two best-selling books, "Hacking Exposed: Industrial Control Systems" and “ChatGPT for Cybersecurity Cookbook. Clint is a United States Air Force veteran and has worked for notable cybersecurity firms like Symantec, Booz Allen Hamilton, and Kaspersky Lab, and is currently the founder of ThreatGEN and Director of Cybersecurity Innovation at Morgan Franklin Consulting. Renowned for his creative approach to cybersecurity education and training, he has been at the forefront of integrating gamification and AI applications into cybersecurity training; he created ThreatGEN® Red vs. Blue, the world's first online multiplayer computer designed to teach real-world cybersecurity. His latest innovation is AutoTableTop, which uses the latest generative AI technology to automate, simplify, and revolutionize IR tabletop exercises. As AI technology continues evolving, so does his pursuit of helping revolutionize the cybersecurity industry using gamification generative AI. Connect Clint at - https://www.linkedin.com/in/clintb/
Michael Welch :
Michael Welch has over twenty-five years of expertise in Governance, Risk Management, Compliance and Cybersecurity. In his role as Sector Lead, Michael will focus on the importance of cybersecurity in Utilities and Industrial Manufacturing. Michael understands that robust cybersecurity measures are not just a regulatory requirement but are pivotal in safeguarding the resilience of organizations, safety of its people, and overall economic stability. Michael has worked for organizations such as NextEra and Duke Energy as well as engineering firm Burns & McDonnell. In addition, he was the Global CISO for the food manufacturing firm OSI Industries.Some of the certifications he has obtained through his career are Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Global Industrial Cyber Security Professional (GICSP), Certified Data Privacy Solutions Engineer (CDPSE) and CMMC - Registered Practitioner Advanced (RPA). Connect Michael Welch at : https://www.linkedin.com/in/michael-welch-93375a4/
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
Hosts Vivek Ponnada and Sandeep Lota share their insights on and exploring topics such as:
✅ Emerging threats to ICS over the next 12-18 months
✅ Evolving strategies for integrating IT and OT cybersecurity
✅ The future role of AI in ICS cybersecurity
✅ Fostering collaboration between IT and OT teams
Visit Our Website
Follow Us on LinkedIn
** 3 Consecutive Awards for Best Podcast, 2022 - 2024 APEX Awards of Publication Excellence.
In this episode, The Journal’s Digital Editor Maggie MacHale brings the written word to life by reading the article, “Tips for Complying with the NIS2 Compliance Framework.” It’s written by Meghna Subramani, Commercial Product Manager, Network & Cybersecurity, and Andreu Cuartiella, Lifecycle Services Commercial Manager EMEA at Rockwell Automation.
You’ll learn 7 steps to help you comply with this directive for increasing cybersecurity for industrial firms, utilities and other entities across the European Union.
Resources from this episode:
Hit the “Share” symbol to share this episode with your colleagues who would benefit from this information. And please give us a 5-star rating and a review.
Brought to you by The Journal From Rockwell Automation and Our PartnerNetwork magazine.
This episode we dive into the critical strategies necessary for securing operational technology (OT) environments, with OT/ICS Strategy Lead at CISA, Danielle Jablanski.
Danielle explores the evolving role of CISA in assisting asset owners and government sectors, emphasizing the importance of collaboration and understanding in cybersecurity.
From building resilience against "shiny object syndrome" to prioritizing effective incident response and vendor relationships, this conversation provides valuable insights into crafting an actionable, sustainable OT security strategy.
Danielle also shares how workforce development is crucial in creating a robust cybersecurity posture and discusses CISA’s approach to integrating AI and machine learning into OT security cautiously and strategically.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
Get your FREE 2024 Cybersecurity Salary Guide: https://www.infosecinstitute.com/form/cybersecurity-salary-guide-podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcast
Today on Cyber Work, Jonathan Braley from the Food and Agriculture Information Sharing and Analysis Center (Food and Ag ISAC) delves into the critical security challenges in the food, farming and production sectors. Featuring insights on the evolution of cybersecurity, the role of ISACs, and real-world threats like ransomware and phishing, this episode offers a comprehensive look at how cybersecurity professionals within this industry are working to safeguard vital systems. Braley shares tips on obtaining competitive roles, the convergence of IT and OT security and the importance of continuous learning. Tune in to grasp the latest trends and get invaluable career advice to stay ahead in the ever-evolving field of cybersecurity.
View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast/?utm_source=audio&utm_medium=podcast&utm_campaign=podcast
00:00 - Introduction to cyber work and guest Jonathan Braley
00:53 - The growing cybersecurity job market
02:05 - From biology to cybersecurity
04:48 - Early career and learning at Valley Apps
09:26 - Role and responsibilities at Food and Ag ISAC
17:07 - Understanding cyber threats in food and agriculture
23:23 - The growing connectivity and vulnerabilities in agriculture
23:49 - Cybersecurity challenges for small towns and farms
25:28 - The Reality of cyberattacks on small farms
26:59 - Global implications of cybersecurity in agriculture
28:44 - Insights from a cybersecurity expert in agriculture
33:13 - Career opportunities in food and agriculture cybersecurity
37:37 - Staying informed and prepared in the cybersecurity field
40:04 - Cybersecurity career advice
About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.
Claroty Chief Strategy Officer Grant Geyer joins the Nexus Podcast to discuss the results of a survey of 1,100 cybersecurity leaders and practitioners on the business impact of disruptions from cyberattacks on cyber-physical systems.
The financial losses are steep from these attacks impacting connected systems that are so central to our way of life, as are the recovery costs and operational impacts such as downtime, which is often intolerable in critical industries such as manufacturing and healthcare.
Geyer brings his unique insights to the discussions, including attackers' motivations in targeting CPS, why ransomware continues to impact healthcare delivery organizations, and the risks of unsecured third-party and supply chain connections to the enterprise.
Get the full survey results here.
In Episode 29, host Aaron Crow is joined by cybersecurity expert Jori VanAntwerp to delve into Power Grid Security and Redundancy.
This episode explores the segmented design of the US power grid, addressing the challenges and necessary upgrades to mitigate cyber vulnerabilities. Jori highlights security monitoring gaps, the impact of hardware updates, and the cost implications of modernizing infrastructure. The discussion also emphasizes the importance of asset inventory and collaborative efforts between IT and OT professionals.
Real-world incidents, such as unexplained power plant reboots, illustrate the critical role of operator awareness and system maintenance. The potential of AI in cybersecurity, alongside the need for a collaborative, learning-focused approach, is also discussed.
Tune in to gain expert insights on balancing modernization, cost, and operational efficiency to ensure the stability and security of our power infrastructure. Join us for a packed episode to learn how to "Protect It All."
Key Moments:
05:30 Restoring power grids involves complex, staged processes.
11:01 Centralizing data improves efficiency, introduces vulnerabilities.
17:47 Network segmentation essential for security, mitigates risks.
26:12 Cybersecurity tools revealed crucial system issues.
32:15 Understanding systems fully prevents unintended negative impacts.
36:31 Understand OT environment before implementing IT solutions.
41:24 Equip must survive extreme heat, unlike typical data centers.
54:28 Strict access control in nuclear power plant.
57:48 Assess likely risks for protecting plant operations.
01:00:59 Rushed training weakens foundational cybersecurity skills.
About the guest :
For nearly two decades, Jori has enabled industrial and IT organizations to be successful in reducing risk, increasing compliance, and their overall security efforts. Jori has the ability to quickly evaluate situations and determine innovative solutions and possible pitfalls due to his diverse background in security, technology, partnering and client-facing experience. Approaching situations with intuitive insight and methodology, leveraging his deep understanding of business and technology, ranging from silicon to the cloud. He had the pleasure of working with such great companies as Gravwell, Dragos, CrowdStrike, FireEye, McAfee, and is now Founder and Chief Executive Officer at EmberOT, a cybersecurity startup focused on making security a reality.
How to connect Jori :
Website : https://emberot.com/
Linkedin : https://www.linkedin.com/in/jvanantwerp/
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
In this week's episode, Dino Busalachi is joined by Gary Kneeland from Claroty. With over nine years of experience at Claroty, Gary discusses the evolution of OT security, the convergence of IT and OT, and the growing importance of cybersecurity in protecting critical infrastructure.
The conversation touches on how regulatory changes, ransomware threats, and AI advancements are shaping the industry.
Whether you’re dealing with outdated systems or navigating complex industrial environments, this episode provides practical insights into the challenges and opportunities ahead.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
Technological change is inevitable and often one of the aspects that attracts people toward careers in information and operational technology. Although risk management is a part of navigating advancement in any area, the fundamental flaw in any management system is our human tendencies.
This episode explores how organizations can make slow, steady migration from first principles to risky undertakings without noticing. Marco Ayala, an operational technology cybersecurity expert and current Houston InfraGard president, joins this episode to further explore the reasons behind this normalization of deviance, a concept first introduced to OT cyber specialists at S4 in 2024.
Mr. Ayala is also CCE proponent and facilitator leading to a discussion on possible options for course correction back off the normalization path. Although solutions must always be tailored to work within organizational constraints, the early contributors to catastrophic outcomes associated with the Challenger space shuttle and Boeing 737 Max warrant exploration or we will inevitably repeat.
This episode delves into the world of cybersecurity with the esteemed guest, Ken Foster. With over 30 years of experience and a career that began in the Navy, Ken has comprehensive expertise in managing firewalls and antivirus systems and addressing today’s complex cybersecurity challenges.
This episode, hosted by Aaron Crow, explores the evolving cybersecurity industry, emphasizing the crucial roles of mentorship and networking. Ken and Aaron discuss the strategic importance of aligning security with business goals, the impact of leadership training and honest feedback on developing better leaders, and the necessity of balancing technical skills with effective communication.
Ken shares his insights on the dangers of over-relying on AI, the essential need for disaster preparedness and business continuity, and the importance of continuously evaluating business investments to avoid unnecessary expenses. The episode highlights the value of informal networks and mentorship in overcoming industry challenges and fostering personal growth.
Listeners will gain practical strategies and invaluable lessons to navigate the ever-changing cybersecurity landscape while ensuring their personal and professional development.
Key Moments:
06:59 Translate tech leadership into business risk communication.
11:51 Integrating expertise, technical skills, and communication effectively.
18:13 No disaster recovery plan; business disrupted by flood.
25:36 Building relationships and listening are crucial successes.
31:39 Simplify explanations for effective cross-team communication.
33:53 Realized technical focus limited career growth.
42:12 Networking is crucial for finding senior roles.
44:06 Produced content led to advisory board roles.
50:06 Who supports post-handover? Security can't do it alone.
57:44 Translate work into clear business value requirements.
01:04:11 Ensure clarity and continuity for cybersecurity's future.
About the guest :
Ken Foster is a cybersecurity leader with over 25 years of experience in risk management, global team development, and IT infrastructure. As Head of Global Architecture at Adient, Ken oversees global teams to align technical initiatives with business goals, driving innovation while managing risks. His career includes key roles at Fleetcor and Fiserv, where he built large-scale cybersecurity programs and led risk governance and cloud security efforts. With a strong focus on client trust and board-level advisory, Ken brings deep expertise in navigating regulatory landscapes and developing risk-based, business-aligned strategies.
Connect Ken Foster : https://www.linkedin.com/in/kennethfoster/
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
In dieser Folge des Rhebo-Podcast „OT Security Made Simple“ sprechen Gastgeber Klaus und der OT-Cybersecurity-Experte Max Weidele von Sichere Industrie über die Notwendigkeit eines organisatorischen Wandels, um OT-Sicherheit zu erreichen. Was mit dem Asset Management als Grundlage beginnt, führt schnell zu der klaren Vision, dass die IT das Herzstück der OT-Sicherheitsorganisation sein wird.
Craig sits down with Jessica Cook, a computer science engineering senior at Mississippi State University, to explore her journey into industrial cybersecurity.
From discovering her passion for tech in high school to gaining hands-on experience in OT cybersecurity, Jessica discusses how internships and real-world exposure have shaped her understanding of the industry.
She talks about the exciting evolution of industrial careers, highlighting how traditional manufacturing roles are becoming more technical and data-driven.
Jessica shares valuable advice on building relationships, leveraging networking opportunities, and overcoming the challenges of being a woman in a traditionally male-dominated field.
As she prepares to graduate, she reflects on her career path and the opportunities ahead in cybersecurity and OT.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
In this episode of the Bites and Bytes Podcast, host Kristin Demoranville welcomes Rick Biros, the founder of Food Safety Tech and the Food Safety Consortium. Rick, an industry veteran with decades of experience, shares fascinating insights into the critical role of food safety and its intersection with Cybersecurity. From the early days of food safety regulations sparked by major outbreaks to today’s technological advancements, Rick discusses how the industry has evolved and why Cybersecurity is becoming an integral part of protecting our food supply.
Rick also reflects on his journey from launching Food Quality magazine to creating the Food Safety Consortium, a must-attend event for senior-level food safety professionals. The episode covers how the Consortium fosters a collaborative environment for problem-solving and innovation, bringing together leaders from across the industry.
Listeners will also hear Rick’s thoughts on the latest challenges facing the food industry, including the impact of recent cyber threats and how technology is reshaping food safety protocols. Whether you’re in the food industry, Cybersecurity, or just curious about the future of food protection, this episode offers a wealth of knowledge and practical insights.
🎉🎂 Happy 1st Birthday to the Bites and Bytes Podcast! 🎧🎉Here’s to a year of incredible conversations, industry insights, and amazing listeners like YOU! 🎙️🌟 Thank you for all your support—here’s to many more! 🥳
________________________________________________________________________________________
Rick’s Information
LinkedIn: https://www.linkedin.com/in/rick-biros-860bb47/
Food Safety Tech Bio: https://foodsafetytech.com/about-us/
________________________________________________________________________________________
Show Notes:
Brussels memory – La Truffe Noire Restaurant
https://www.truffenoire.com/en/
What is Candling wine?
https://www.instagram.com/cristienorman_somm/reel/C9A2l-hyOjV/
Jack-in-the-box crisis
https://outbreakdatabase.com/outbreaks/jack-in-the-box-restaurant-chain-ground-beef-hamburgers-1992
Mark Carter – president of IAFP (International Association for Food Protection)
Food Safety Modernization Act (FSMA)
Boars Head Crisis
Peanut Corp of America Crisis
Bill Marler
Sabra – Salmonella incident 2021
Rob Mommsen
https://www.linkedin.com/in/rob-mommsen-b6848211/
Frank Yiannas
https://www.smarterfysolutions.com/
David Theo – Jack-in-Box
https://www.latimes.com/local/obituaries/la-me-david-theno-20170710-story.html
________________________________________________________________________________________
Food Safety Tech
➡️ Subscription to the free newsletter:
________________________________________________________________________________________
Innovative Publishing Company
https://www.linkedin.com/company/innovative-publishing-company-llc/
http://innovativepublishing.net/
________________________________________________________________________________________
Food Safety Consortium Conference
https://foodsafetyconsortium.org/
➡️ Register here:
https://www.eventleaf.com/Attendee/Attendee/EventPage?eId=RCMrOPTC6EZVv99yKxyQJw%3D%3D
💰⭐ Discount code for $200.00: RickyB
________________________________________________________________________________________
Kristin Demoranville Speaking at:
Food Safety Consortium Conference, Arlington, VA
https://foodsafetyconsortium.org/
BREAKOUT 3: Food Defense in the Digital Era
2:15 PM - 3:00 PM EST on Monday, October 21st
ICS Cyber Security Conference, Atlanta, GA
https://www.icscybersecurityconference.com/
Agriculture at Risk: Recognizing and Securing Our Forgotten Critical Infrastructure
11 AM EST on Thursday, October 24th
InCyber Forum Canada, Montreal, QC
https://northamerica.forum-incyber.com/en/home-en/
Guardians of the food supply chain: cybersecurity resilience in agriculture and food safety
1:55 PM to 2:40 PM EST on Tuesday, October 29th
💰⭐ 50% discount code: ININ59XU2CF3
➡️ Registration link: https://2024.northamerica.forum-incyber.com/en/pe1/pe1-home.htm
________________________________________________________________________________________
Bites and Bytes Podcast Info:
Website: Explore all our episodes, articles, and more on our official website. Visit Now
Merch Shop: Show your support with some awesome Bites and Bytes gear! 🧢👕 Shop Now
Blog: Stay updated with the latest insights and stories from the world of cybersecurity in the food industry. Read Our Blog
Audience Survey: We value your feedback! Help us make the podcast even better. Take the Survey
Schedule a Call with Kristin: Want to share your thoughts? Schedule a meeting with Kristin! Schedule Now
Joe Slowik, ATT&CK CTI Lead at MITRE, joins the latest episode of the mnemonic security podcast to share his insights on the complexities of securing critical infrastructure. With a background in cyber threat intelligence, incident response, and detection engineering, Joe discusses with Robby the challenge of defining and prioritising what's truly "critical" in a landscape where every sector claims importance.
They explore the difficulty in distributing security investments across industries and the growing need for organisations of all sizes to adopt a mindset of self-defence. Joe also addresses the potential consequences of large-scale cyberattacks, such as those by Volt Typhoon, emphasising the need for coordinated incident response and leadership during crisis scenarios. He concludes with a strong call for resilience and highlights the vital role CEOs play in ensuring organisational preparedness.
AI and generative AI are transforming the energy industry but also bringing new cybersecurity challenges. In the newest EPRI Current podcast episode, experts from EPRI and NVIDIA discuss AI's benefits and ways to combat potential cybersecurity threats to critical energy infrastructure.
Guests: Jason Hollern, EPRI cybersecurity technical executive, and Marc Spieler, Senior Managing Director for Energy with NVIDIA.
Links and Resources:
If you enjoy this podcast, please subscribe and share! And please consider leaving a review and rating on Apple Podcasts/iTunes.
Follow EPRI:
LinkedIn https://www.linkedin.com/company/epri/
Twitter https://twitter.com/EPRINews
EPRI Current examines key issues and new R&D impacting the energy transition. Each episode features insights from EPRI, the world's preeminent independent, non-profit energy research and development organization, and from other energy industry leaders. We also discuss how innovative technologies are shaping the global energy future. Learn more at www.epri.com
In this rewind episode, we explore the critical role CISOs play in bridging the gap between operational technology (OT) and enterprise cybersecurity.
With manufacturing and critical infrastructure facing increasing cyber threats, CISOs must navigate both the boardroom and the plant floor to secure complex environments without disrupting production.
This discussion focuses on the importance of risk assessment, real-time monitoring, and the adoption of specialized cybersecurity tools.
The episode highlights the need for cross-functional collaboration, leveraging external expertise, and shifting toward proactive, secure-by-design approaches.
It also addresses the vulnerabilities in supply chains, the limitations of relying on cybersecurity insurance, and the necessity of actionable, strategic measures to protect industrial environments.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
In this special episode, David and Shlomi, hosts of the Left to Our Own Devices podcast, sit down with Aaron C. Crow, a seasoned Cyber and Strategic Risk leader with 25 years of experience. Together, they share valuable insights on OT and product security, while also exploring the future direction of the industry.
This episode is a republish from Aaron’s own PrOTect It All podcast, where it was originally released.
If you are in IT, you are probably not thinking about the risks associated with the Otis Elevator or the Coke machine. Maybe you should. Chester Wisnieski, the director and global field CTO at Sophos, points out that IoT devices, big and small, create an outsized threat to any organization. And that’s why IoT vendors need to secure these devices, even if they only “phone home” for more Coke. If they’re on your network, they need to be secured.
In this episode, Aaron Crow engages in an insightful conversation with Dennis Maldonado, Director of Technology for Harris, Fort Bend ESD 100. The discussion emphasizes the importance of resiliency in technology environments and how strategic planning can safeguard against unforeseen disasters without necessitating a complete technological overhaul.
From his extensive experience, Dennis shares how effective communication and collaboration were critical during events like Hurricane Harvey. He also provides his perspective on future trends and concerns in cybersecurity, including the rise of ransomware and nation-state attacks targeting critical infrastructure.
The episode illuminates the significance of networking, with Aaron and Dennis underscoring its value in career advancement and sharing personal stories to illustrate how being well-known and trusted can open doors to unexpected opportunities.
Additionally, Dennis discusses the zero trust model and the intricate balance between maintaining cybersecurity and ensuring system availability in critical infrastructure.Listeners will gain practical insights into building resilient tech environments through real-world examples and expert advice.
The episode is a treasure trove of learnings on keeping organizations secure, responsive, and prepared for any eventuality. Join as "Protect It All" dives deep into building resilient tech environments with Dennis Maldonado's invaluable lessons.
Key Moments:
09:15 Networking is crucial for success in cybersecurity.
13:46 Volunteer firefighter boosted dispatch center through IT.
18:52 Transfers emergency calls to fire and EMS.
22:06 Quick response with information saves lives effectively.
26:22 Implemented lessons for resilient project development.
42:14 Sharing lessons learned from threat modeling experiences.
48:04 Zero trust model effectively mitigates cybersecurity incidents.
57:32 Public safety adapts by reverting to manual methods.
01:02:51 Cybersecurity's mainstream rise sparks widespread interest.
About the guest :
Dennis serves as Director of Technology for Harris Fort Bend ESD 100 (WESTCOM) managing and maintaining the technology needs of 911 call taking and emergency dispatch services for multiple public safety agencies.
With over 15 years of experience in information technology and over 12 years in cybersecurity enterprise environments and consulting, Dennis’s experience includes cyber resilience, network penetration testing, full-scope red team engagements, adversarial simulation, and physical security assessments.
Dennis presented at multiple security industry conferences including DEF CON, InfoSec SouthWest, BSides conferences, Houston Security Conference, Houston OWASP, SANS HackFest, and several local meetups and organizations around the United States.
As an active leader in the Houston cyber security community, Dennis is responsible for founding two cyber security meetups in the Houston area: Houston Locksport, founded in 2014 and Houston Area Hackers Anonymous (HAHA), founded in 2016.
How to connect Dennis:
LinkedIn: https://www.linkedin.com/in/dennismald/
Twitter/X: https://twitter.com/dennismald
Houston Area Hackers Anonymous (HAHA): https://www.meetup.com/houston-area-hackers-association/=
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
In dieser Folge von OT Security Made Simple erläutert unser Gast Moritz Flüchter von der Universität Tübingen, wie ein OT-Monitoring auch dafür genutzt werden kann, um Time Sensitive Networking (TSN) in Netzwerken zu ermöglichen, in denen ein Teil der Systeme und Endgeräte nicht TSN-fähig sind. Nicht zuletzt zeigt er auf, wie eine integrierte Anomalieerkennung die bestehenden Unsicherheiten von TSN überwacht und Denial-of-Service-Attacken erkennt.
In this reflective episode, we revisit the real-world challenges of securing industrial environments, where the intersection of IT and OT often creates unforeseen cybersecurity vulnerabilities.
From mismanaged remote access to the critical need for continuous asset monitoring, our experts dive deep into the lessons learned from boots on the ground work in the field.
They share insights on managing OT cybersecurity risks while maintaining production uptime and operational integrity.
This episode provides invaluable takeaways for those navigating the complexities of protecting industrial networks, offering practical solutions for balancing security with operational demands.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube Podcasts to leave us a review!
Most cybersecurity threats begin in IT systems. But as the lines between IT and OT continue to blur, these same threats have more and more opportunities to move closer to critical control systems. Having both visibility and context into what assets are most at risk across your operational environments is crucial for maintaining the safety and availability of these systems.
In this episode of the Security Sandbox, we'll cover the strategic use of cyber threat intelligence (CTI) to safeguard critical infrastructure and industrial environments.
You'll learn about:
Visit Our Website
Follow Us on LinkedIn
KraftCERT trusselvurdering 2024 | In Norwegian only
In this episode, Robby is joined by Espen Endal and Bjørn Tore Hellesøy from KraftCERT/InfraCERT - the Norwegian CERT for the energy and petroleum sectors.
The trio discuss the Threat Assessment report recently published by KraftCERT/InfraCERT, and the unique challenges the Norwegian energy sectors are facing. They touch into topics such as threat evaluation, insider threats, countermeasures, and the importance of maintaining robust security practices despite evolving digital landscapes.
The conversation emphasises the contextualization of national threat assessments to be practical for energy production companies, stressing the balance between emerging technologies like AI and Digital Twins and their associated risks.
The Threat Assessment 2024 report is available at: https://www.kraftcert.no/filer/KraftCERT-ThreatAssessment2024.pdf
השימוש בספריות קוד פתוח הפך לפרקטיקה מקובלת בכול פיתוח תוכנה, קיצור משך הפיתוח הוא משמעותי אבל טומן בחובו סיכונים עיסקיים וסיכוני סייבר משמעותים ללקוחות.
המעבר של העולם התפעולי לבקרים מבוססי מערכת הפעלה סטנדרטית ותאומים דיגיטלים מוזיל עלויות ובאותה נשימה חושף את הסביבה התפעולית לסיכוני סייבר מוכרים מסביבות המחשוב הסטנדרטיות.
נחשון פינקו מארח את צביקה רונן מייסד שותף והמנהל הטכנולוגי בחברת פוסאוור, מומחה בתחום ניהול סיכונים בקוד פתוח בשיחה על השימוש בקוד פתוח ע"י חברות תוכנה.
מה המשמעות של הרישוי השונה בקוד פתוח
איך מוודאים שהקוד הפתוח שהוכנס ע"י המפתחים "נקי" ולא מסתיר נוזקות שיפתחו באתר הלקוח
איפה פוגש הקוד הפתוח את העולם התפעולי ועוד
Open-source libraries have become an accepted practice in all software development. Shortening the duration of development is significant but carries significant business and cyber risks for customers.
The transition of the operational world to controllers based on a standard operating system and digital twins lowers costs. Still, it exposes the operational environment to known cyber risks from standard computing environments.
Nachshon Pincu hosts Zvika Ronan, Co-founder and chief technology officer at FOSSAware and an expert in open-source risk management, in a conversation about software companies' use of open source.
What does the different open-source licensing mean?
How do you ensure that the open code entered by the developers is "clean" and does not hide vulnerabilities that will be opened on the client's site?
Where does the open source meet the operational world?
and more
In this episode, Bryson sits down with MITRE EMB3D co-founder Niyo Little Thunder Pearson. For nearly 20 years, Niyo has been at the forefront of protecting critical infrastructure systems. He previously led incident response for American Express, directing the company’s Security Operations Center during the LulzSec and Anonymous attacks, and worked to develop an adversarial cyber defense program for the nation’s third largest gas utility at ONE Gas Oklahoma. Now, Niyo has co-founded MITRE EMB3D, a groundbreaking global threat network aimed at enhancing the security of embedded devices.
What is MITRE EMB3D? Who is the intended audience? What problems is it trying to solve?
“There is such a gap that exists today on what we understand and how risk averse these [embedded] devices are. They do well and they operate well. They're built for what they're doing in a safety context, but the security was never brought forward with it,” Niyo said.
Join us for this and more on this episode of Hack the Plan[e]t.
Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology.
Political hacktivism once mainly focused on website defacement. Now it has shifted to targeting physical devices, affecting critical infrastructure such as water treatment plants. At Black Hat USA 2024, Noam Moshe from Claroty highlighted how the HMIs in PLC devices from Israeli manufacturers may be susceptible to political attacks by nation-state actors using unknown vulnerabilities in the PComm protocol.
In this episode, Craig and Dino explore the evolving responsibilities of the CISO in managing cybersecurity within operational technology (OT) environments.
They address the persistent disconnect between IT and OT teams and the unique challenges CISOs face in bridging this gap.
With a focus on collaboration, they discuss the critical role of external partnerships and the importance of understanding the industrial landscape to implement effective security measures.
The conversation highlights how CISOs can balance rigorous cybersecurity protocols with operational demands, ensuring both safety and continuous uptime in complex industrial systems.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube, to leave us a review!
We sat down with Tim Conway and Robert Lee, two leading cybersecurity experts, to discuss pressing issues in OT cybersecurity.
CrowdStrike Lessons Learned
Tim and Robert began by examining the CrowdStrike incident from July 2024. They highlighted the dangers of over-relying on trusted technology without sufficient testing and verification, and the importance of integrating resilience into systems and avoiding a one-size-fits-all security approach.
Cyber Threat Landscape
Robert discussed the rise of sophisticated malware like Fuxnet, Frostygoop and Pipe Dream, designed to target OT systems. Fuxnet was a highly targeted attack aimed at disrupting critical infrastructure in Russia, while Frostygop used similar techniques against Ukraine. In contrast, Pipe Dream serves as a more versatile attack framework applicable to various OT systems.
He underscored an important lesson: even if specific malware isn't reused, studying its tactics can improve our prevention, detection, and response strategies. The key takeaway: threats to OT environments are growing, with increasingly targeted efforts from a range of actors.
Critical Control – ICS Network Visibility
Tim and Robert addressed the challenges of gaining visibility into OT devices. Tim noted that OT environments are diverse and require more than a one-size-fits-all approach. Each environment has unique characteristics that must be considered. While attackers exploit both commonalities and specific features, defenders must balance the need for visibility with the risk of disrupting operations. Legacy systems without modern security features further complicate these efforts. Despite historical challenges in visibility due to limited capabilities and resistance to change, recent technological advances have improved the situation. However, new technologies, such as encryption, introduce additional complexities. A balanced approach, using critical controls as a framework, is essential for prioritizing security efforts and adapting to evolving needs.
Critical Control – Incident Response Plan
Tim and Robert highlighted that many organizations lack specific incident response plans for OT, relying instead on general IT plans. Backup plans for power outages often do not address cyber attack scenarios. Effective OT incident response requires a tailored plan that includes data collection, safety procedures, and appropriate tools. In addition, maturity in incident response involves having a detailed, operationally integrated plan that addresses various scenarios, including handling outages and restoring systems without SCADA support.
OT and IT Convergence
Tim and Robert discussed several crucial aspects of OT security. They noted that the increasing interconnection between IT and OT systems has elevated the risk of attacks transitioning from IT to OT environments. Additionally, remote access, often used for vendor support, presents a significant security threat.
They emphasized the distinct characteristics of OT systems, which necessitate specialized security approaches. Treating OT and IT as identical can lead to dangerous oversimplifications and vulnerabilities. Therefore, security measures must be tailored to the specific needs of OT environments, considering their safety, physical constraints, and unique risks.
Tim and Robert also touched on cyber-informed engineering. Key takeaways include recognizing common attack vectors from IT systems, implementing distinct security strategies for OT, and avoiding the assumption that OT and IT are the same. Tailoring security measures to the specific needs and constraints of OT environments is essential for effective protection.
Celebrating Wins
Finally, Tim and Robert highlighted the importance of celebrating cybersecurity successes, such as defending against VOLTZITE. Recognizing and celebrating these victories can boost morale and encourage teams to continue their efforts.
Tim Conway, Senior Instructor, https://www.sans.org/profiles/tim-conway/
Tim serves as the Technical Director of ICS and SCADA programs at SANS, and he is responsible for developing, reviewing, and implementing technical components of the SANS ICS and SCADA product offerings. A recognized leader in CIP operations, he formerly served as the Director of CIP Compliance and Operations Technology at Northern Indiana Public Service Company (NIPSCO), where he was responsible for Operations Technology, NERC CIP Compliance, and the NERC training environments for the operations departments within NIPSCO Electric.
Robert M. Lee, Fellow, https://www.sans.org/profiles/robert-m-lee/
SANS fellow Robert M. Lee brings to the classroom one of the most valuable and respected of credentials: real-world experience. Robert is the CEO and founder of his own company, Dragos, Inc., that provides cyber security solutions for industrial control system networks.
Further viewing; https://youtu.be/BiUpuRk6pvA?si=xQcx9oiJOxQu0n7H
#mysecuritytv #otcybersecurity
Is your shop floor as secure as you think it is? Innovation in the manufacturing world has made IT-OT convergence much more commonplace today, but is the industry taking the potential risks seriously enough?
In this episode, we hear from Fortinet’s Director of Marketing for OT Solutions, Rich Springer, about the real threats facing manufacturers within OT networks, and why effective OT security is a non-negotiable today...
Rich brings bags of experience to the table, from his early days in furniture and glass factories to his time as a Navy submarine officer and later as the global head of SCADA operations for a major wind turbine company. He shares how these experiences shaped his understanding of the unique cybersecurity challenges facing the manufacturing sector.
Painting a picture of how an OT threat can bring production to a standstill, Rich recommends that manufacturers use tabletop exercises to assess risk points and their impact on the whole production line. Rich also explains that part of protecting your OT network is about getting IT and OT teams to work together, and he gives practical advice on how to bridge the gap.
In this episode, find out:
Enjoying the show? Please leave us a review here. Even one sentence helps. It’s feedback from Manufacturing All-Stars like you that keeps us going!
Tweetable Quotes:
Links & mentions:
Make sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.
Welcome to Episode 25 of the Protect It All podcast, titled "Funding OT Cybersecurity: Priority Setting and Practical Approaches." In this episode, host Aaron Crow tackles the pressing issue of securing Operational Technology (OT) systems in critical sectors like energy, manufacturing, and transportation. Although often overshadowed by IT security, the increasing number of OT system attacks makes it clear that underfunding is no longer an option.
Aaron explores the unique challenges of OT cybersecurity, such as legacy thinking and budget constraints. He offers strategies to align cybersecurity with business goals, prioritize investments effectively, and implement risk-based funding approaches. The episode emphasizes the importance of understanding asset inventories and making incremental improvements to strengthen security.
Listeners will also learn how to bridge the communication gap between OT teams and business executives and translate technical risks into business impacts. With real-world examples and actionable insights, this episode is essential for anyone tasked with protecting OT environments.
Tune in to gain valuable knowledge and start effectively prioritizing and funding your OT cybersecurity initiatives.
Key Moments :
00:10 Cybersecurity requires comprehensive, risk-aware approach beyond basic safety.
05:18 Understanding OT risks is crucial for prioritization.
09:11 We do business at the speed of trust.
12:13 Communicate cybersecurity's financial impact to business leaders.
13:58 Cost-benefit analysis of asset inventory in OT.
18:15 Establish security basics before advanced AI implementation.
23:21 Easier board conversations amid constant news events.
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
This episode dives into OT Cybersecurity and discusses:
SCADA, ICS & IIoT Cybersecurity
How do we define an OT-related cyber incident?
What are the leading standards and guidelines for managing OT Cybersecurity and resilience?
Threat intelligence and suitable ISAC models
Vendor platform insights and cyber maturity landscape
Speakers include:
Daniel Ehrenreich, Secure Communications and Control Experts
Lesley Carhart, Director of Incident Response - Dragos
Ilan Barda, Founder - Radiflow
Rahul Thakkar, Team Lead, System Engineering, ANZ, Forescout
Dean Frye, Solutions Architect ANZ, Nozomi Networks
To visit and subscribe to the full series visit https://mysecuritymarketplace.com/security-risk-professional-insight-series/
#mysecuritytv #otcybersecurity
Further reading:
https://mysecuritymarketplace.com/reports/your-guide-to-nis2-compliance/
https://www.forescout.com/research-labs/ot-iot-routers-in-the-software-supply-chain/
https://cyberriskleaders.com/critical-infrastructure-organisations-remain-poorly-prepared-against-cyber-attacks/
חזרת ממילואים ומצאת את עצמך בלי עבודה ופרנסה קבועה רוצה להיכנס להייטק או כול תחום אחר כג'וניור רוצה להחליף מקום עבודה כסיניור רוצה לעשות שינוי כיוון בקריירה שלך סדרת הפודקאסטים הזו נועדה עבורך
נחשון פינקו מארח את דפנה הר-לבן מנהלת קשרי הייטק בקריה האקדמית אונו ומנהלת מחלקת גיוסים בעברה. בתפקידה הנוכחי דפנה מסייעת לסטודנטים במכללה במציאת עבודה.
הפודאסט כולו סביב מציאת עבודה, איך מחפשים עבודה בצורה אקטיבית ואיך עוברים את המשוכה המשמעותית הראשונה, השיחה (ראיון) עם המגייס/ת.
מודיעין איומי סייבר הוא משכבות הקריטיות בהגנת סייבר. הכרת האויב שלך, הבנת מטרותיו וביצוע מראש של מהלכים מתאימים ימנעו מתקפה משמעותית ונזק משמעותי לארגון. התוקף תמיד יחפש פריצה פשוטה במקום לבזבז זמן על התקפות ארוכות עם פוטנציאל גילוי גבוה.
נחשון פינקו מארח את אסף חזן, סמנכ"ל טכנולוגיות של קספרסקי ישראל וצייד איומי סייבר ידוע, בשיחה על חשיבות מודיעין איומי סייבר, המידע שהוא מספק לחברות מדי יום והרשת העצומה שקספרסקי בנתה ברשת האפלה במשך שנים עם מספר עצום של חיישנים
.Cyber threat intelligence is one of the most critical layers in cyber defense. Knowing your enemy, understanding his targets, and making the appropriate next moves will prevent disaster. The attacker will always look for a straightforward breach rather than wasting time on long attacks with a high potential for discovery.
Nachshon Pincu hosts Assaf Hazan, the CTO of Kaspersky Israel and a renowned Cyber Threat Hunter, in a conversation on the importance of Cyber Threat Intelligence. Assaf shares the information he provides to companies daily, and the extensive network Kaspersky has built in the dark net over the years, boasting a significant number of sensors.
En este episodio de Secure Tracks, el presentador Omar Benjumea conversa con Isabel Pardo de Vera, exsecretaria de Estado de Transportes, Movilidad y Agenda Urbana de España y expresidenta de Adif. Isabel comparte sus experiencias en el ámbito de la ingeniería civil y el sector ferroviario, abordando la creciente importancia de la ciberseguridad en las operaciones ferroviarias, los desafíos para proteger infraestructuras críticas y la transformación cultural necesaria para mejorar la conciencia sobre seguridad. También destaca el valor de la diversidad en el liderazgo y la necesidad de colaboración entre los sectores público y privado para mejorar la resiliencia cibernética en el sector del transporte.English description: Engineering the Future of Railway Cybersecurity | Isabel Pardo de Vera PosadaIn this episode of Secure Tracks, host Omar Benjumea speaks with Isabel Pardo de Vera, former Secretary of State for Transport, Mobility, and Urban Agenda of Spain and former President of Adif. Isabel shares insights from her extensive experience in civil engineering and the rail sector, discussing the increasing importance of cybersecurity in railway operations, the challenges of securing critical infrastructure, and the cultural transformation needed to enhance security awareness. She also highlights the value of diversity in leadership and the need for collaboration between public and private sectors to improve cybersecurity resilience across the transport industry.
We revisit key insights from past conversations with Dave Purdy and Debbie Lay of TXOne Networks, who shared their expertise on the critical cybersecurity challenges facing industrial environments.
The episode delves into innovative solutions such as virtual patching and deep packet inspection, which are vital for securing legacy systems without causing operational disruption.
With a focus on mitigating zero-day vulnerabilities and ransomware threats, the discussions also emphasize the importance of bridging the IT/OT divide to create cohesive, secure environments.
This episode provides actionable strategies for professionals responsible for managing the cybersecurity of critical infrastructure in sectors like energy, manufacturing, and utilities.
Chapters
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!
In this episode of Protect It All, host Aaron Crow is joined by Christopher Stein from Royal Caribbean Group to delve into the fascinating evolution of maritime technology. This discussion explores the dramatic journey ships have taken from their analog origins to becoming digitally advanced behemoths of the seas, emphasizing the critical importance of safety and redundancy.
Listeners will understand how automation has revolutionized ship operations, allowing for reduced crew workload and increased efficiency. The episode also highlights the intricate management behind running a fleet of 68 ships, each functioning as an autonomous mobile city with numerous interconnected systems.
Christopher Stein provides an insider’s perspective on the maritime industry's latest cybersecurity challenges and compliance requirements. He discusses the careful processes of ensuring all onboard systems run smoothly and safely, from cybersecurity assessments to integrating digital sensors and control mechanisms.
This episode offers a deep dive into the complexities of maritime operations, emphasizing the behind-the-scenes efforts that keep voyages safe and efficient.
Through engaging storytelling and expert insights, Protect It All takes listeners on a journey through the melding of technology and tradition in the maritime world. Tune in to discover how these advancements are shaping the future of safe sea travel!
Key Moments:
00:10 OT systems require constant uptime; no outage windows.
05:06 OT and IT convergence misunderstood; safety risk emphasized.
08:18 Testing must ensure safety, operational integrity, and collaboration.
10:25 Cybersecurity must integrate with overall system design.
14:21 No pool, casino, water slides, roller coasters.
17:29 Systems affect availability, reliability, safety, and billing.
21:24 Managing vast logistics for seamless vacation experiences.
25:14 Royal Caribbean's efficient logistics and management impress.
27:28 Family surprised internet works during power outage.
33:26 Apollo 13 movie: interconnected digital procedures, limited power.
36:20 All systems have manual control for safety.
37:55 Operator rounds involved manual inspection of equipment.
41:27 Early immigrants faced harsh, uncertain voyages to America.
45:32 Technology makes formerly unattainable achievements accessible today.
49:08 Internet outage impacts due to maritime dependency.
About the guest :
Christopher Stein is a proficient maritime systems specialist who ensures the operational safety of onboard systems. Recognizing the potential dangers of propulsion loss, Christopher meticulously coordinates maintenance tasks while vessels are docked. He emphasizes precise timing and a clear understanding of assessment objectives to execute system tests and shutdowns safely. His expertise ensures voyages proceed without incidents, reflecting his commitment to maritime safety and system reliability.
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
In this episode, Robby speaks with Jens Christian Vedersø, Head of Cyber Risk Management at Vestas, one of the world’s largest wind turbine manufacturers.
Jens is a former Navy and intelligence officer and recovering regulator. Before managing cyber risk in the renewable energy sector, Jens helped develop energy sector legislation and cyber preparedness at the Danish Energy Agency, and served as a subject matter expert for SCADA, OT, ICS and IoT at the Danish Center for Cyber Security.
In the discussion Jens shares his unique perspective on how security acts as both an enabler and a potential barrier in the transition towards renewable energy transition, and how the industry needs to move from a reactive, compliance-driven approach towards a more proactive, risk-based model. Jens also shares insights into the threat landscape, potential motivations of state actors, and how Vestas is working to quantify cyber risk and empower customers to better understand and control their own cyber risks.
In this episode of the Bites and Bytes Podcast, host Kristin Demoranville welcomes George Kamide, co-host of the Bare Knuckles & Brass Tacks podcast, Head of Community at The CISO Society, and Co-Founder of Mind Over Cyber. George brings his expertise in both cybersecurity and anthropology to the conversation, discussing the cultural, human, and technological factors shaping the global food supply chain. Together, they examine how cybersecurity intersects with agriculture, the vulnerabilities within our food systems, and the importance of protecting this critical infrastructure.
If you're interested in the connections between cybersecurity, food security, and technology, this episode is packed with valuable insights into securing the systems that sustain us.
_______________________________________________
🏆 Vote for Bites and Bytes Podcast for Women in Podcasting Award
🏆 Voting deadline: October 1, 2024
https://womeninpodcasting.net/bites-and-bytes-podcast/
THANK YOU! 🤩 🎉
_______________________________________________
George’s Information:
LinkedIn: https://www.linkedin.com/in/george-kamide/
The CISO Society: https://www.linkedin.com/company/the-ciso-society/posts/?feedView=all
Mind Over Cyber: https://www.linkedin.com/company/mind-over-cyber/posts/?feedView=all
_______________________________________________
Bare Knuckles and Brass Tacks Podcast Information:
LinkedIn: https://www.linkedin.com/company/bare-knuckles-brass-tacks/posts/?feedView=all
Listen here: https://open.spotify.com/show/1be0fUg0zTS6nfdUFlNDOt?si=97ff77d647294ff8
Merch Shop: https://bkbtpodcast.shop/
Secure World Denver October 10, 2024
[Closing Keynote] Radical Transparency Needed to Build Trust
https://events.secureworld.io/agenda/denver-co-2024/
_______________________________________________
Show Notes:
Brazil's innovation and technology in ag-tech:
Development of Brazilian Agriculture:
https://agricultureandfoodsecurity.biomedcentral.com/articles/10.1186/2048-7010-1-4
SMART FARMING IN BRAZIL: AN OVERVIEW OF TECHNOLOGY,
ADOPTION AND FARMER PERCEPTION:
https://www.rbgdr.net/revista/index.php/rbgdr/article/download/6040/1250/15857
"50% of croplands are used for human food; 38% is for livestock feed; and 12% is for non-food uses."
Food Insecurity in Ukraine:
https://www.wfp.org/stories/war-ukraine-how-humanitarian-tragedy-fed-global-hunger-crisis
Global Starvation because of Russia's War on Ukraine:
https://www.nytimes.com/2023/01/02/us/politics/russia-ukraine-food-crisis.html
Ukraine's war damage to agriculture:
https://resoilfoundation.org/en/agricultural-industry/ukraine-war-pollution-soil/
Ukraine's state of soil as impacted by war:
https://www.agroberichtenbuitenland.nl/documenten/publicaties/2024/03/28/ukrainian-soil
H5 Avian Flu in cows:
https://www.aphis.usda.gov/livestock-poultry-disease/avian/avian-influenza/hpai-detections
H5N1 Bird Flue Reponse CDC:
How Food Gets Contaminated: The Food Production Chain:
https://www.cdc.gov/foodborne-outbreaks/foodproductionchain/index.html
_______________________________________________
News Break:
Boar's Head
Avian Influenza
https://www.aphis.usda.gov/livestock-poultry-disease/avian/avian-influenza/hpai-detections
_______________________________________________
Episode Key Highlights:
00:00 - Introduction
02:15 - Cultural Significance of Food
10:30 - Global Food Supply Chains and Technology
18:45 - Vulnerabilities in the Food Supply System
26:00 - Communication Skills in Cybersecurity
33:20 - Resilience in Supply Chains
41:10 - Future of Cybersecurity
_______________________________________________
Bites and Bytes Podcast Info:
Website: Explore all our episodes, articles, and more on our official website. Visit Now
Merch Shop: Show your support with some awesome Bites and Bytes gear! 🧢👕 Shop Now
Blog: Stay updated with the latest insights and stories from the world of cybersecurity in the food industry. Read Our Blog
Audience Survey: We value your feedback! Help us make the podcast even better. Take the Survey
Schedule a Call with Kristin: Want to share your thoughts? Schedule a meeting with Kristin! Schedule Now
In this week's episode, Craig Duckworth and LuRae Lumpkin dive into the critical need for translating high-level cybersecurity solutions and priorities into clear, succinct communication across the industrial cybersecurity industry.
They focus on bridging the communication gap between IT and OT teams, discussing how a unified approach from both leadership and operations can strengthen security efforts.
The episode highlights evolving strategies for addressing breaches, improving risk management, and safeguarding critical infrastructure.
Key takeaways include the importance of tailoring cybersecurity communication to different audiences, implementing proactive measures, and fostering a consistent, organization-wide message that integrates cybersecurity into the core culture regardless of the organization.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and leave us a review!
U.S. manufacturing is on a roll right now. And organizations like MxD – The Digital Manufacturing and Cybersecurity Institute are on a mission to help manufacturers build the things they need to build in the modern digital world.
In this episode, we sit down with Berardino Baratta, CEO of MxD, to explore the evolution of digital transformation in manufacturing and its impact on the industry. First, Berardino shares his career story, which takes us from healthcare AI to operating a café during a sabbatical to now helping manufacturers thrive in a digital world.
As MxD celebrates its 10th anniversary, Berardino shares insights on how the organization has evolved over the years as new technology progresses. We dig into the challenges faced by small businesses, the importance of cybersecurity in the digital age, and how MxD is shaping the future of American manufacturing. Berardino shares his perspective on how manufacturing is changing for the better, including a more collaborative approach to improving supply chains and the democratization of data and insights.
In this episode, find out:
Enjoying the show? Please leave us a review here. Even one sentence helps. It’s feedback from Manufacturing All-Stars like you that keeps us going!
Tweetable Quotes:
Links & mentions:
Make sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.
We have an exciting and crucial topic: the Cyber Resilience Act. With us are two guests who are experts in their fields: Guillaume Crinon, Director of IoT Business Strategy at Keyfactor, and Romain Tesniere, Business Development Manager at Avnet Silica. Guillaume and Romain bring a wealth of knowledge and experience in IoT security and business strategy, making them the perfect guides to help us navigate this important legislation.
The Cyber Resilience Act aims to enhance the security of connected devices, but what does that mean for businesses, developers, and end-users? We'll explore the benefits, challenges, and impacts of this Act and practical steps for ensuring IoT security.
#iot #security #cra #wetalkiot
Summary of this week's episode:
01:42 Understanding the Cyber Resilience Act
02:04 Keyfactor's Role in IoT Security
03:37 Avnet Silica's Approach to Security
05:19 Exploring the Cyber Resilience Act
10:42 Challenges and Risk Assessments
19:05 Practical Implementations and Examples
23:15 Collaboration and Future Prospects
24:44 Balancing Innovation and Security
Show notes:
Guillaume Crinon: https://www.linkedin.com/in/guillaumecrinon/
Romain Tesniere: https://www.linkedin.com/in/romain-tesniere-26698b80/
About Keyfactor: https://www.keyfactor.com
Deep dive into the Cyber Resilience Act:
https://my.avnet.com/silica/solutions/iot/secure-device-management-provisioning/
https://www.keyfactor.com/resources/content/eight-steps-to-iot-security?lx=6IfNm7
https://www.brighttalk.com/webcast/17778/604186
About Avnet Silica:
This podcast is brought to you by Avnet Silica—the Engineers of Evolution.
You can connect with us on LinkedIn: https://www.linkedin.com/company/silica-an-avnet-company/. Or find us at www.avnet-silica.com.
In this episode, Steve Plumb, Editor-in-Chief, sits down with Jeremy Dodson, Chief Information Security Officer, and Jay Korpi, Principal Cybersecurity Specialist, from NextLink Labs to discuss cybersecurity in the manufacturing industry. They highlight the convergence of IT and OT and the need for understanding the differences between the two. They also talk about common breaches, such as social engineering attacks and misconfigurations, and the need for comprehensive risk assessments and training programs.
In this episode, Craig Duckworth is joined by Roger Hill, founder of Hillstrong Group Security.
Roger is a seasoned 30-year industry veteran in the field of industrial automation and cybersecurity. He joins Craig to discuss the critical challenges and emerging trends in industrial cybersecurity.
From the evolution of security practices in industrial environments to the complexities of integrating modern solutions with legacy systems, Roger offers invaluable insights.
He delves into the importance of breaking down silos between IT and OT teams, the rise of ransomware as a major threat, and the need for collaborative approaches to secure critical infrastructure.
Whether you're grappling with aging systems or looking to future-proof your OT security, this conversation is packed with practical advice and forward-thinking strategies.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!
Welcome to the first episode of our new Energy Talks miniseries, Why Should We Talk About Incident Response? Join OMICRON cybersecurity experts Andreas Klien and Simon Romer as they explore the critical roles of IT and OT in cyber incident response and disaster recovery alongside other experts from the power industry.
In this episode, Andreas and Simon discuss disaster recovery from an OT perspective, using a recent CrowdStrike incident as a case study. Simon also highlights key considerations for utilities when developing OT incident response and recovery processes and offers practical tips for those without established plans.
We want to hear from you! If you work at a utility, please share your experiences implementing OT response and recovery processes – what prompted you to start, and what challenges have you faced? If you would like to contribute, email us at omicroncybersecurity.com and we may feature your story in an upcoming episode.
Stay tuned for upcoming episodes in our miniseries Why Should We Talk About Incident Response?
Learn more about OMICRON’s approach to advanced cybersecurity for OT environments.
We would really like to know what you think about Energy Talks and which topics you would like to hear more about. To do this, simply send us an email to [email protected] and be sure to give us a star review on Spotify or Apple Podcast. Thanks for your feedback!
Over the past decade, operational technology (OT) systems have become increasingly digitized and more vulnerable to cyber threats, making effective cyber risk management more crucial than ever. This session will explore the concept of cyber risk, defined as the potential for loss or harm to digital infrastructure, and how you can proactively apply the latest tools, trends and techniques to reduce cyber risk and enhance the resilience of your OT systems.
We’ll cover:
Visit Our Website
Follow Us on LinkedIn
Too few vulnerabilities in industrial control systems (ICS) are assigned CVEs because of client non-disclosure agreements. This results in repeatedly discovering the same vulnerabilities for different clients, especially in critical infrastructure. Don C. Weber from IOActive shares his experiences as an ICS security professional and suggests improvements, including following the SANS best practices for ICS security..
In this episode, Amy Bryson, Contributing Lead Editor, and Tod Virden, GM of Advanced Analytics at GrayMatter, discuss aligning digital transformation with cybersecurity. They highlight the importance of making cybersecurity part of the strategy from the beginning and they examine examples of client solutions GrayMatter has worked on.
In this insightful episode of Protect It All, titled "Why Cybersecurity Matters: Protecting Our Food Supply from Digital Threats with Kristin Demoranville," host Aaron Crow and guest Kristin Demoranville tackle the critical yet often overlooked role of cybersecurity in the food and agriculture industry.
Kristin stresses the need to shift from reactive to proactive cybersecurity measures to protect our complex food supply chains and ensure resilience. The discussion covers real-world cyber incidents like the ransomware attack on JBS meat company, emphasizing the human factors, financial misconceptions, and the necessity for robust incident response and business continuity plans.
Listeners will also learn about the dangers of excessive reliance on technology and automation, the significance of water conservation, and the importance of integrating OT security in data centers. Through professional insights and personal anecdotes, Kristin highlights the crucial need for community support within the OT landscape.
This episode offers a comprehensive look at the cultural and societal implications of cyber threats to our food supply, making it essential listening for anyone interested in the safety and security of the food industry.
Key Moments:
00:10 Training and spreading awareness about operational technology.
10:21 Agriculture lacks attention; needs OT cybersecurity focus.
15:26 Security professionals foresee major food safety risk.
18:04 Supply chain issues during COVID highlight concerns. Regenerative farming and feeding the population.
24:04 ICS OT industry united in game proposal.
27:35 Designing systems must consider cyber risk implications.
34:11 Cybersecurity often an afterthought in many companies.
41:47 Respectful, supportive, and geeky cyber community advocate.
42:58 Texan upbringing shaped love for celebratory food.
51:10 Concern over CrowdStrike blaming and finger pointing.
57:16 Operator scans RFID tags from break room.
59:24 Resisting a wasteful task, leading to change.
About the guest :
Kristin Demoranville is the visionary founder and CEO of AnzenSage, a cybersecurity firm specializing in the food and agricultural industry. She also leads as the CEO and co-founder of AnzenOT, a groundbreaking SaaS OT Cybersecurity Risk Intelligence solution. With 26 years in the tech industry, Kristin seamlessly blends cybersecurity with food protection culture, always emphasizing the vital role of people and processes. Her extensive background—ranging from collaborating with Fortune 500 companies and various manufacturing sectors to studying gorilla behavior as part of her Environmental Management degree—gives her a unique and well-rounded perspective on cybersecurity and critical infrastructure. A published expert and in-demand speaker, Kristin is known for bridging the worlds of food protection and cybersecurity. She’s also the host of the Bites & Bytes Podcast, where she drives meaningful conversations between professionals across food, cybersecurity, and technology.
Anzensage Website : https://www.anzensage.com/
AnzenOT Website : https://www.anzenot.com/
Bites and Bytes Podcast: https://www.bitesandbytespodcast.com/
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
In this episode of "Left to Our Own Devices," we dive into the world of automotive cybersecurity with Heather Vermillion, a security engineer at PACCAR, who shares her journey from the Department of Defense to safeguarding advanced automotive technologies, while also championing the next generation of cybersecurity professionals.
Chris Cockburn, Cybersecurity Advisor at CISA, shares his insights on how CISA supports industrial cybersecurity from critical infrastructure to elections.
We explore the impact of state-sponsored cyber threats, the importance of securing emerging technologies like AI through the "Secure by Design" initiative, and the role of government-private sector partnerships in building a resilient cybersecurity posture.
He shares the free resources available to support industrial cybersecurity including Fusion Centers. Whether it's defending against sophisticated cyber attacks or ensuring the integrity of our election systems, this episode provides essential guidance for securing the future of critical infrastructure.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!
In this special joint episode of the Bites and Bytes Podcast, host Kristin Demoranville teams up with Aaron Crow, the esteemed ProOTect IT All Podcast host and Senior Director at MorganFranklin Cyber. Aaron brings over two decades of experience in the cybersecurity domain, with a particular focus on operational technology (OT) and critical infrastructure. Together, they explore the evolving landscape of OT cybersecurity, discussing the challenges and strategies involved in protecting both the power grid and food supply chains. Aaron shares his insights from his extensive career, including overseeing cybersecurity protocols at over 40 power generation sites, highlighting the importance of cross-industry collaboration. Whether you’re in the food industry or power utilities, simply passionate about cybersecurity, or even curious, this episode offers valuable insights into safeguarding our most vital systems.
_______________________________________________
🏆 Vote for Bites and Bytes Podcast for Women in Podcasting Award
🏆Voting Opens on August 1, 2024, and closes on October 1, 2024
https://womeninpodcasting.net/bites-and-bytes-podcast/
THANK YOU! 🤩 🎉
_______________________________________________
Aaron’s Info:
Aaron Crow has carved a niche for himself as a prominent figure in the cybersecurity domain, particularly within the power utility and operational technology (OT) sectors. Currently serving as the Senior Director at MorganFranklin Cyber, Aaron focuses on OT cybersecurity across critical infrastructure, where he applies his extensive experience to safeguard vital systems.
His career, spanning over two decades, showcases a dedication to enhancing cybersecurity measures in critical infrastructure environments. Aaron's extensive experience includes a notable tenure as Manager of OT for power generation at Luminant (Vistra), where he was responsible for overseeing cybersecurity protocols across more than 40 power generation sites, including a vital nuclear power plant.
Aaron's expertise in the field is further evidenced by his impactful roles at EY, a leading Big 4 Consulting Firm, and Industrial Defender. At EY, he held the position of Senior Manager, leading transformational OT cybersecurity programs for a wide array of significant critical infrastructure clients. His leadership and strategic insight were instrumental in addressing and mitigating multifaceted cybersecurity challenges. As the CTO of Industrial Defender, Aaron significantly influenced the company's product development and strategic direction, demonstrating his ability to innovate and drive growth within the OT cybersecurity space.
Beyond his professional achievements, Aaron is deeply committed to contributing to the broader cybersecurity community. He is the host of the "PrOTect IT All" podcast, where he has recorded over 50 episodes featuring discussions with some of the most recognized thought leaders in the OT cybersecurity field. This platform has become an essential resource for sharing knowledge, trends, and insights, further solidifying Aaron's role as a thought leader in the industry.
In addition to his professional and community contributions, Aaron holds an advisory position with Building Cyber Security. This role leverages his comprehensive experience and dedication to advancing security practices within building management systems, emphasizing his commitment to improving industry-wide cybersecurity resilience.
Aaron's distinguished career in cybersecurity, particularly within the power utility sector and his extensive work as an asset owner, underscores his profound understanding of the challenges and complexities inherent in securing critical infrastructure. His expertise, leadership, and commitment to the field position him as a key figure in shaping the future of OT cybersecurity, making him a valuable asset to any organization or initiative aiming to enhance cybersecurity measures in critical infrastructure environments.
_______________________________________________
About the Show: Welcome to "PrOTect It All," the podcast where we peel back the layers of cybersecurity to reveal the core strategies, challenges, and triumphs of protecting our digital and operational landscapes. We're thrilled to have you on board for an upcoming episode! Your insights and experiences are invaluable to our listeners who are eager to learn and engage with the leading minds in IT and OT security.
As we gear up to dive into conversation, please feel free to share any specific topics or stories you'd like to discuss. Our audience appreciates both the technical deep-dives and the high-level overviews, so bring your unique perspective, and let's make cybersecurity accessible and engaging together.
Thank you for joining us on this journey to foster a more secure future. We can't wait to hear your voice on the "PrOTect It All" podcast!
_______________________________________________
Episode Key Highlights:
(01:39 - 02:49) Food and Ag Cybersecurity Innovations (05:51 - 06:41) Difference Between OT and IT (10:17 - 11:19) Importance of Agriculture in Critical Infrastructure (16:47 - 18:33) Building Resilience in the Food Industry (22:41 - 23:34) Legacy Tech Challenges With IoT Integration (28:35 - 29:44) Understanding Cyber Physical Systems (36:05 - 37:06) Potential Chaos in American Disaster Response (43:22 - 44:23) Cyber Attack Threatening Lives Through Food (47:31 - 48:04) Resilience in Food Industry Cybersecurity (51:36 - 52:51) RFID Tag Duplication Risk_______________________________________________
Bites and Bytes Podcast Info:
Website: Explore all our episodes, articles, and more on our official website. Visit Now
Merch Shop: Show your support with some awesome Bites and Bytes gear! 🧢👕 Shop Now
Blog: Stay updated with the latest insights and stories from the world of cybersecurity in the food industry. Read Our Blog
Audience Survey: We value your feedback! Help us make the podcast even better. Take the Survey
Schedule a Call with Kristin: Want to share your thoughts? Schedule a meeting with Kristin! Schedule Now
Bishop Fox senior security consultant Alethe Denis joins the Claroty Nexus podcast to discuss social engineering in cybersecurity and how it has become part of red-team engagements, especially inside critical infrastructure organizations. She explains the value of open source intelligence and data stolen in breaches to scammers and extortionists in creating pretexts for their schemes. She also explains how to best defend against these tactics that aid threat actors in weaponizing personal information against victims and organizations.
For more, visit nexusconnect.io/podcasts.
In this episode, Dino and Craig dive into the complexities of cybersecurity in the operational technology (OT) space, focusing on the challenges posed by vendor lock, version lock, and outdated systems.
They explore the disconnect between IT and OT teams, emphasizing the need for collaboration to secure industrial environments effectively.
The discussion highlights practical strategies like virtual patching and microsegmentation to mitigate risks, stressing the importance of working with the right partners to protect legacy systems while maintaining production efficiency.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!
Alon Dankner of the Technion Institute for Technology in TelAviv Israel joins the Claroty Nexus Podcast to discuss a presentation he gave at the recent Black Hat cybersecurity conference in Las Vegas. Dankner and colleague Nadav Adir's presentation looked at the attack surface of programmable logic controllers (PLCs), in particular Siemens’ S7 protocol. Dankner and Adir developed six attacks against the encryption implementation in the protocol that expose private crypto keys and allow an attacker full control over the industrial control system.
For more, visit nexusconnect.io/podcasts
In this episode of Protect It All, titled "Tackling Tech Troubles: Inside the DFW Airport Cyber Incident and Wider Industry Challenges with Evan Morgan," host Aaron Crow explore the complexities of widespread tech issues, focusing on a recent cybersecurity incident at DFW Airport that affected over 1,000 machines. Guest Evan Morgan, founder of Cyber Defense Army, discusses the challenges of resolving such large-scale incidents and the importance of standardization and AI in cybersecurity.
Evan shares his journey from an Air Force aircraft mechanic to a cybersecurity expert, highlighting the benefits and challenges of running a small consultancy versus a large firm. The episode also covers recent cybersecurity incidents involving CrowdStrike and Microsoft 365, emphasizing the need for preventive measures and trust in business and technology.
Practical tips for everyday cybersecurity and insights into industry-wide challenges make this episode a valuable resource for listeners across all sectors.
Key Moments:
00:10 Entrepreneurship brings freedom and awesome transformations.
03:54 Recent tech outages are gaining mainstream media attention.
07:52 Adapting existing tech for enhanced security measures.
10:48 Over-the-air car updates are complex and uncertain.
14:01 DFW airport machines, recovery time, and problem.
18:39 How do we improve efficiency and learning?
21:26 Customers validate goods, test, streamline, feedback.
25:10 Cyber enables business growth and protection.
28:52 Cyberattack halted gas sales, risking pipeline operations.
32:55 Challenges in the multi-faceted role, regulatory changes.
35:35 Commonalities in cybersecurity, despite differences in industry.
39:33 Robotics and AI revolutionize future human roles.
40:42 AI would bring trust, speed, and efficiency.
44:38 Defense technology, both funny and scary.
47:59 Distance tech carries risk, needs personal vigilance.
About the guest :
Evan Morgan is the Founder of Cyber Defense Army, a cybersecurity consultancy and services firm that incorporates geopolitical risk in their cybersecurity practices. He is a service-disabled Veteran of the United States Air Force and served in the post-9/11 campaigns, as well as remote tours to the Republic of Korea. He holds a Master's degree in Information Systems (Computer Security Management specialization) and a Master of Business Administration (Information Systems Management specialization), both with honors from Strayer University. Post his military service, he has led cybersecurity functions for Fortune 100 organizations, was a global leader for a worldwide consultancy, and has been honored with multiple cybersecurity awards for his efforts in protecting the organization he was a part of previously.
Connect with Evan via LinkedIn: https://www.linkedin.com/in/evanmorgan/
Cyber Defense Army's website: https://www.cyberdefensearmy.com/
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
This episode sees Rhebo Head of Development, Martin Förster, taking the driver’s seat. He talks to fellow developers Ingmar Pörner & Raphael Peters about how programming language Rust makes for robust and secure software and what a high-quality development process in an OT security company looks like.
At DEF CON 32, in the ICS village, researchers disclosed vulnerabilities in home and commercial solar panel systems that could potentially disrupt the grid. Dan Berte, Director of IoT security for Bitdefender, discusses his more than a decade in IoT, how the vendor maturity often isn’t there for our smart TVs or even for our solar panels, so reporting vulnerabilities sometimes goes nowhere. That doesn’t stop defenders like Dan, who, along with his team, work hard to change and to educate the industry.
מפעלים משתנים ומכניסים דיגיטציה למערכות הייצור על מנת להישאר רלוונטיים מול עלויות העבודה הזולה במזרח ולהגדיל את שורת הרווח באותם אמצעי ייצור. מה המשמעויות ואיך זה משפיע רוחבית כולל ובמיוחד בתחום הסייבר.
נחשון פינקו מארח את אריאל לסרי מנכ"ל רוקוול ישראל בשיחה על עבר, הווה ועתיד התעשייה ואיך רוקוול נכנסה לעולם הסייבר.
לאן הולכת התעשייה
המשמעויות של כניסת הדיגיטציה למערכות הייצור
איך משתלב הסייבר בתמונה הכוללת
Factories are changing and digitizing their production systems to remain relevant in the face of cheap labor costs in the East and increase the profit margin with the same means of production. What are the meanings, and how does it affect horizontally, especially in the cyber field?
Nachshon Pincu hosts Ariel Lasry, Israel's country Director of Rockwell Israel, in a conversation about the industry's past, present, and future and how Rockwell entered the cyber world.
Where is the industry going?
The implications of digitization entering production systems
How does cyber fit into the overall picture?
In this episode of Left to Our Own Devices, Rob Putman, Global Manager of Cybersecurity Services at ABB, shares his journey from Sony PlayStation to leading cybersecurity in industrial automation. Tune in for insights on product security and industrial control challenges.
In this episode of our “Automation Chat” podcast from The Journal From Rockwell Automation and Our PartnerNetwork magazine, Executive Editor Theresa Houck chats with Dave Kang, Advisory Solutions Architect at Dragos and Kamil Karmali, Senior Global Commercial Manager, Cybersecurity Services at Rockwell Automation. Get nuts-and-bolts, practical information about strengthening cybersecurity for industrial networks and systems, including:
And as always, get your family-friendly, silly Joke of the Day.
Resources from this episode:
You can also watch their discussion on YouTube at https://youtu.be/8Pm670QAO9E.
Automation Chat is brought to you by The Journal From Rockwell Automation and Our PartnerNetwork magazine.
Find us on LinkedIn.
Find us on Facebook.
Find us on X (Twitter).
Please subscribe to "Automation Chat" and give us a 5-star rating and a review.
** Named “Best Podcast” 3 Consecutive Years! 2022-2024 Apex Award of Publication Excellence.
In Episode 21 of "Protect It All," titled "Cybersecurity in Critical Industries: Lessons from Medical Devices to Automotive," host Aaron Crow is joined by experts David Leichner and Shlomi Ashkenazy to explore the multifaceted world of cybersecurity across various critical industries.
The conversation starts with Shlomi sharing a transformative personal experience in London, emphasizing the importance of pursuing one's passions. David follows with a moment of realization about the critical nature of cybersecurity during an eye surgery, underscoring the necessity of protecting people through robust cyber measures.
The episode delves deep into how cybersecurity practices are implemented in medical devices, automotive, and industrial manufacturing sectors. David, Shlomi, and Aaron discuss generative AI and its dual potential to enable and defend against cyber threats, drawing parallels to cyber weapons like Stuxnet. The importance of secure design, continuous monitoring, and compliance with ever-evolving regulations are highlighted, particularly in upgrading legacy systems in critical infrastructure.
With comprehensive insights into integrating IT and OT cybersecurity measures, the episode provides a compelling call to action for increased awareness and collaborative efforts to bolster defenses. Aaron also extends an invitation for engagement through conferences like Black Hat and Defcon, where practical solutions and innovative strategies are showcased.
Tune in to gain a deeper understanding of the critical intersection of cybersecurity in various industries and learn valuable lessons from the experts on safeguarding our digital and physical world.
Key Moments:
00:10 Security threats have expanded to 15-year-olds.
08:35 Privacy breaches occur through overlooked device vulnerabilities.
12:14 Power utility leading in cybersecurity due to regulation.
17:06 Smaller companies need to prioritize cybersecurity measures.
26:42 Security strategy requires adapting to different environments.
28:30 FDA emphasizes cybersecurity importance at the H-ISAC conference.
37:43 MIT study simulates cyber attack, uses AI.
40:24 AI can eliminate manual product development processes.
46:16 Cybersecurity brings unknown threats: deterrence or powerful AI.
50:26 Black start plants generate and transmit power.
59:00 Soft skills are crucial for effective communication and trust.
01:00:09 Sent demos to heroes, got a minimal response.
01:06:47 Promoting face-to-face meetings and events globally.
01:10:19 Agreement on conclusion of project.
About the Guests :
David Leichner
David has over 25 years of marketing and sales executive management experience garnered from leading tech companies including Cynet, Information Builders, Magic Software, Gilat Satellite Networks, BluePhoenix Solutions, and SQream. At Cybellum, a provider of integrated cybersecurity solutions for leading device manufacturers, David is responsible for creating and executing the marketing strategy and managing the global marketing team that forms the foundation for Cybellum’s market penetration.
Shlomi Ashkenazy
Shlomi is the Head of Brand and Strategy at Cybellum, overseeing product security thought leadership, positioning, and brand activities. A physicist-turned-cybersecurity brand builder, Shlomi spent the years before joining Cybellum as a consultant, working with dozens of founders in the cybersecurity, AI, DevOps, Quantum, and Health Tech industries on building their brand, product marketing, positioning, and messaging. Shlomi also produces and co-hosts "Left to Our Own Devices: The Product Security Podcast" and spearheads multiple business strategy and GTM initiatives at Cybellum.
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
הוא מכונה "ד" משנותיו בצה"ל. בשני העשורים האחרונים הוא ייעץ וריכז תגובות לאירועי משבר בצה"ל ובארגוני ביטחון לאומי אחרים. כעת, הוא ייסד את חברת קריטיקל אמפאקט לניהול משברים
עו"ד הדס תמם בן אברהם ונחשון פינקו מארחים את דורון הדר ("ד") בשיחה על ניהול משברים ברמת המדינה ואירועי משבר סייבר מסחריים. שילוב הגנת סייבר-טכנית עם הבנה מעמיקה של המניעים האנושיים, היתרונות והפגיעויות של היריב
He is known as "D" from his years in the IDF. For the past two decades, he has advised on and coordinated responses to crisis events within the IDF and other national security organizations.
Now, he co-founded 𝗖𝗥𝗜𝗧𝗜𝗖𝗔𝗟 𝗜𝗠𝗣𝗔𝗖𝗧 crisis management firm.
Adv. Hadas Tamam Ben-Avraham and Nachshon Pincu host Doron Hadar ("D") in a conversation on crisis management at the country level and commercial cyber crisis events.
Combine cyber-technical defense with a thorough understanding of the adversary's human motivations, advantages, and vulnerabilities.
In this episode, Dr. Allan Friedman from CISA returns to discuss the upcoming SBOM-a-Rama, a pivotal event in supply chain cybersecurity. He shares insights on the evolution of SBOMs, the significance of community collaboration, and what to expect from this year's hybrid event, including a showcase of innovative SBOM solutions.
Claroty Team82 researcher Noam Moshe joins the Nexus Podcast to talk about Team82’s research into Unitronics Vision series integrated HMI/PLC devices. The OT devices were exploited last year in attacks against water treatment facilities in the U.S. and Israel. Team82 researched the security of these devices and developed a pair of tools that allowed them to extract forensic information from the PLCs. Both tools were released to open source on Team82’s Github page.
Moshe also presented this research today at the Black Hat Briefings in Las Vegas.
Read Team82’s research blog here.
Download the forensics tools here.
For more, visit nexusconnect.io/podcasts
In this episode, Dino Busalachi and Craig Duckworth dive into the complexities of human factors and industrial cybersecurity. They discuss the need for robust cybersecurity awareness at all levels, and the challenges of integrating IT and OT environments.
The conversation highlights real-world scenarios, from phishing attacks to internal threats, and emphasizes the importance of building a strong cybersecurity culture.
Dino and Craig also explore strategies for improving visibility, managing remote access, and ensuring compliance with industry regulations, offering actionable insights for industrial professionals.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!
Do you desire a more joy-filled, deeply-enduring sense of accomplishment and success? Live your business the way you want to live with the BUSINESS BEATITUDES...The Bridge connecting sacrifice to success. YOU NEED THE BUSINESS BEATITUDES!
TAP INTO YOUR INDUSTRIAL SOUL, RESERVE YOUR COPY NOW! BE BOLD. BE BRAVE. DARE GREATLY AND CHANGE THE WORLD. GET THE BUSINESS BEATITUDES!
Reserve My Copy and My 25% Discount
In this episode of "Protect It All," hosts Aaron Crow and Neal Conlon discuss the upcoming Lone Star Cyber Shootout. Set to take place on September 6, 2024, at the prestigious Staccato Ranch in Florence, TX, this episode highlights the unique blend of cybersecurity expertise and personal development that participants can anticipate.
Neal and Aaron share their captivating professional journeys and discuss how their diverse backgrounds converge at the crossroads of trust, cybersecurity, and personal growth. They recount their own experiences, noting the importance of trust in both personal and professional spheres. Moreover, the hosts vividly describe what attendees can anticipate from the Lone Star Cyber Shootout, detailing the state-of-the-art facilities, value-driven activities, and the exciting networking opportunities that await.
Listeners will discover the exceptional nature of Staccato Ranch, its veteran-focused initiatives, and how the event is structured to provide unparalleled insights and hands-on experiences in both cyber and physical security. Neal and Aaron underscore the importance of such events in fostering community connections and highlight the three pillars of an amazing event—epic location, outstanding content, and a strong community.
Join Aaron and Neal as they gear up for a day full of learning, camaraderie, and growth at the Lone Star Cyber Shootout, one of the cybersecurity world's most innovative and dynamic events. Secure your spot and prepare for an experience that promises to be as enlightening as it is adventurous!
Key Moments:
03:49 Diverse career in real estate and sales.
09:47 Public impact from events necessitates political unity.
12:07 New cybersecurity event bridges cyber and physical.
16:14 Transformational event in cybersecurity and technology consolidation.
17:32 Event fosters trusted partnerships in evolving cybersecurity.
22:46 Improving daily, manufacturing and professional development topics.
25:18 "Amazing content, valuable relationships, and community."
27:02 Cyber events filling up quickly, next in 2025.
To register, click https://corvosec.com/lonestar-cyber-shootout/
To sponsor the event, check out https://corvosec.com/lone-star-cyber-shootout-sponsorships/ or email [email protected].
For further details, contact Aaron at [email protected] or Neal at [email protected].
While we recover from our own operation interruptions, we're putting out bonus episodes where we can, and this is one of them. Our anonymous guest has this to say about the recent IT issues that interrupted the world's critical infrastructures... or did they? Listen to this and I think you'll agree that we should stop blaming CrowdStrike for outages in OT.
Traditionally, operational technology (OT) operators have shied away from active monitoring methods, driven largely by concerns over system disruption and OEM vendor validation expectations. However, the tide appears to be turning. Over the past few years, we’ve seen mindsets evolving from relying on a 100% passive approach to embracing more active monitoring methods to get deeper asset context, including configuration information, log files, user activity correlation, USB insertions, and even operational data from level 0 in a PLC.
During this session, we'll delve into the advancements in OT-safe proactive monitoring and how you could apply some of these latest developments towards securing your critical infrastructure while ensuring operational continuity and compliance.
Visit Our Website
Follow Us on LinkedIn
הי.איי אינו דבר חדש וקיים שנים רבות תחת שמות שונים כגון רשתות נוירונים וכדומה. עולם המידע עבר טלטלה כאשר כלי האינטליגנציה המלאכותית הפכו לנחלת הכלל והונגשו לציבור בתחילה עם צ'אט ג'י.פי.טי ולאחריו מערכות רבות נוספות.
נחשון פינקו מארח את הילל קובורובסקי עתידן, חוקר טרנדים טכנולוגים ומרצה סייבר באקדמית אונו בשיחה על ההשפעות של הי.אי. בעולם הסייבר.
איך יראה עולם הגנת הסייבר בעתיד הלא רחוק
ההשפעות של ההי.איי. על מקצועות הסייבר והכשרת מומחי סייבר
ועוד
AI is not new and has existed for many years under different names, such as neural networks. The world of information went through a shake-up when artificial intelligence tools became the common domain and were initially made available to the public with Chat GPT, followed by many other systems.
Nachshon Pincu hosts Hillel Koborovsky, a futurist, researcher of technological trends, and cyber lecturer at Ono Academy, in a conversation about the effects of AI in the cyber world.
What will the world of cyber defense look like soon
The effects of AI on the cyber professions and the training of cyber experts
and more
Alexander Antukh, CISO of AboitizPower in the Philippines, the country's largest power and renewable energy provider, joins the Nexus Podcast to discuss cyber risk quantification (CRQ). CRQ is a popular framework used to assess the financial impact of a cybersecurity threat on an organization. Antukh is an advocate of CRQ, and discusses his approach to using it to predict risk in his organization, what level of organizational maturity is required for this approach to succeed, and how it's being applied in operational technology (OT) environments.
For more, visit nexusconnect.io/podcasts
Join host Kristin Demoranville on the Bites and Bytes Podcast as she welcomes Maureen Ballatori, the dynamic founder and CEO of Agency29. In this insightful episode, Maureen highlights the crucial role of branding in the food, beverage, and agriculture industries. Discover how to build strong, trustworthy brands and navigate the unique challenges faced by agribusinesses in today's evolving market.
This episode provides valuable insider perspectives on why understanding branding is essential for risk management strategies in cybersecurity, operational technology (OT), food safety, and beyond. Whether you're a tech-savvy professional, a cybersecurity expert, or an OT specialist, Maureen's expertise offers a fresh outlook on the intersection of branding and technology in the food industry.
_______________________________________________
🏆 Vote for Bites and Bytes Podcast for Women in Podcasting Award 🏆
Voting Opens on August 1, 2024, and closes on October 1, 2024
https://womeninpodcasting.net/bites-and-bytes-podcast/
THANK YOU! 🤩 🎉
_______________________________________________
Episode Key Highlights:
(01:59 - 02:44) Connection to Dairy Farm Upbringing
(05:34 - 07:29) Brand Building for Food & Beverage
(09:14 - 10:20) Branding in Food and Ag
(16:36 - 18:04) Building Trust Through Transparency
(22:49 - 23:19) Handling Mistakes With Transparency
(27:24 - 28:05) Global Impact of Declining Dairy Consumption
(34:03 - 34:48) From Dairy Farm to Branding Success
(38:31 - 39:53) Importance of Niche Specialization in Industry
(41:46 - 43:08) Cybersecurity's Impact on Agriculture
(50:27 - 52:07) Building Trust in Food and Ag
_______________________________________________
Show Notes:
Cornell University https://dairy.cornell.edu/
Apples varieties: https://waapple.org/varieties/all/
Bio-ISAC (Milk contimination) https://www.isac.bio/post/update-hpai-h5n1-avian-influenza-2024
BIO-ISAC (cybersecurity efforts): https://www.isac.bio/bioag
Dairy Conference speaking: https://www.maureenballatori.com/events/2024-northeast-dairy-convention
CPG = Consumer Packaged Goods
Ag Chat and Chew: https://us06web.zoom.us/meeting/register/tZIocOGprj8qE9QpQq1QDw75aMj8liv75Jzt#/registration
Andrew Rose: https://www.linkedin.com/in/chesapeakesun/
Andrew Rose’s Bites and Bytes Podcast Episode: https://podcasts.apple.com/us/podcast/the-double-andrew-rose-special-insights-on/id1704061572?i=1000659643673
Grow New York: https://www.grow-ny.com/
Grapevine Powdery Mildew: https://www.ncbi.nlm.nih.gov/pmc/articles/PMC8307186/
AgriTech for Powdery Mildew: Robots fitted with ultraviolet light lamps that roam vineyards at night are proving effective at killing powdery mildew: https://cals.cornell.edu/news/robots-armed-uv-light-fight-grape-mildew#:~:text=Robots%20fitted%20with%20ultraviolet%20light,for%20many%20crops%2C%20including%20grapes.
World Agri-Tech – https://worldagritechusa.com/
_______________________________________________
Maureen Ballatori’s Contact Information:
_______________________________________________
Bites and Bytes Podcast Info:
Website: Explore all our episodes, articles, and more on our official website. Visit Now
Merch Shop: Show your support with some awesome Bites and Bytes gear! 🧢👕 Shop Now
Blog: Stay updated with the latest insights and stories from the world of cybersecurity in the food industry. Read Our Blog
Audience Survey: We value your feedback! Help us make the podcast even better. Take the Survey
Schedule a Call with Kristin: Want to share your thoughts? Schedule a meeting with Kristin! Schedule Now
The resources available at small utilities are scarce, and that’s a big problem because small water, gas, and electric facilities are increasingly under attack. Dawn Capelli of Dragos is the Director of OT-CERT, an independent organization that provides free resources to educate and even protect small and medium sized utilities from attack.
Dino Busalachi sits down with Debbie Lay, Senior Solutions Architect from TXOne Networks, in this week's episode, to discuss challenges and innovative solutions in OT cybersecurity.
They cover the ongoing issues of outdated systems, the complexities of IT and OT convergence, and the benefits of virtual patching as a method for securing OT environments and legacy equipment. They also address the impact of the Crowdstrike event on Industrial OT environments.
Debbie shares her extensive experience and insights into how industries can safeguard their operations from ransomware and other threats without disrupting production.
This episode provides perspectives on managing cybersecurity in industrial environments, and the importance of collaboration between IT and OT teams.
Tune in to understand how virtual patching can be an effective approach to protect critical assets on the plant floor!
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!
In Episode 19 of "Protect It All," titled "Lessons from CrowdStrike: Managing Risks in IT and OT Environments," Host Aaron Crow gets into the recent CrowdStrike Falcon platform incident that caused widespread system crashes and blue screens of death on Windows machines. Drawing from his extensive IT and OT experience, Aaron explains that the issue stemmed from a routine update error, not a cybersecurity attack. He explores why it had such a significant impact on major entities like airlines and airports.
Aaron highlights the critical differences between IT and OT risk management, emphasizing the importance of automated updates, real-time threat detection, and thorough update testing. He discusses the need for comprehensive risk assessment and the implementation of cyberinformed engineering practices to prevent similar issues in the future.
Listeners will gain key insights into balancing cybersecurity measures with system reliability and availability and actionable recommendations for strengthening their IT and OT environments.
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
In this episode, Sam Mackenzie, cybersecurity committee member from the Australian Computer Society, sheds light on the crucial aspects of protecting essential services from cyber threats. Offering valuable insights, Sam emphasizes the need for good practice, sharing learnings, threat intelligence, network segmentation, and clear communication of risk to address leadership challenges. Sam highlights the challenges and importance of protecting society from cyber-physical outcomes, the evolving threat landscape for professionals in critical infrastructure, and the significance of defending against social engineering attacks.
Sam speaks straightforward cybersecurity and technology with business leaders in critical infrastructure. With 25 years’ experience at international corporations and household names in Australia, he’s created and led high performance teams in health, telecoms, energy and more recently in local government, focusing on using structured thinking and making the complex simple.
Sam’s recent research project involves interviewing leaders of critical infrastructure in Australia to gain valuable industry insights. Sam also serves on the Cybersecurity Committee for the Australian Computer Society (ACS) and is building a new community of driven professionals, passionate about protecting critical infrastructure and keeping society safe.
גופים רבים שאינם יכולים להרשות לעצמם סיסו במשרה מלאה פונים לאופציה של סיסו אס הסרבייס.
נחשון פינקו מארח את טוני רשף הסיסו של אלקטרה, מדיקל ארליסיין ויווויזן בין שאר הדברים שהיא עושה בשיחה על המשמעות של סיסו אס הסרביס, ההבדל בין סיסו אס הסרביס ויעוץ סייבר. איך בונים את התפקיד על מנת שיהיה אפקטיבי? החשיבות של סקרי סייבר, תוכנית עבודה ובדיקות חדירות לארגון. מהם גבולות הגזרה של הסיסו כאשר הוא אינו חלק אינטגרלי משדרת הניהול
Many organizations that cannot afford a full-time CISO use the Ciso as a Service (CaaS) option.
Nachshon Pincu hosts Toni Reshef, serving as a contract Ciso for @Electra group, Medical EarlySign, and Uvision, among other things she does in a conversation about the meaning of CaaS, the difference between CaaS and cyber consulting.
How do you build the CaaS position to be effective?
What is the importance of cyber surveys, Cyber plans, and penetration tests (PT) for organizations?
What are the limits of the CaaS when it is not an integral part of the management avenue?
In this episode, host Aaron Crow dives into critical infrastructure and industrial control systems with special guests Matthew Miller and James Warne. Together, they introduce ResetCon—an upcoming conference to close the gap between technical research and practical applications in cybersecurity.
Our listeners get an exclusive discount for attending ResetCon this year! Visit https://rstcon.org/2024/ and use the code PrOTect to receive a 10% discount on your tickets.
The discussion highlights the importance of including cybersecurity in infrastructure design, tackling supply chain attacks, and fostering collaboration among industry experts. With the call for papers closing soon, listeners are encouraged to submit abstracts and join this revolutionary initiative.
Episode 18 promises valuable insights into the intersection of IT, OT, and critical infrastructure cybersecurity. It emphasizes the need for more skilled professionals and community-driven solutions.
Don’t miss this chance to learn, get inspired, and prepare for ResetCon!
Key Moments:
03:32 ResetCon aims to deliver cutting-edge tech talks.
08:47 Debating cause, but the outcome is unchanged.
11:49 Conference seeks to address critical infrastructure issues.
16:06 ICS Village presence at key cybersecurity events vital.
18:34 Sharing industry knowledge and protecting brand integrity.
20:51 Colin O'Flynn presents cutting-edge hardware innovations.
26:05 Diverse audiences at the ponderous conference.
28:34 Understanding same team, goals, critical infrastructure, not experts.
30:37 Submitted on 3rd, some issues, resubmitted 6th.
35:52 High-tech talks, networking, and exploring Savannah.
38:39 Discussing boat transportation as part of long-term goal.
40:38 Collaboration can lead to innovative infrastructure solutions.
44:10 Discussing relevance of Wi-Fi and security measures.
About the guests :
James Warne
Jay's work in research has affirmed his commitment to technology, security, and computation. His time on and leading high-performing teams codified his desire to enable and support his scientists and engineers. Jay constantly seeks ways to contribute to his field; one may find him testing his theories, reading and sharing papers, problem-solving with industry, arming investors with technical knowledge, coordinating RSTCON, developing instructive/ research presentations, mentoring new industry hopefuls, advising the Cornell Cyber Club, or outdoors.
Matthew Miller
Matthew spent eight years in the United States Navy and Special Operations as a CNO Operator. After the military, he shifted his career toward security research and software engineering. Recently, Matthew co-founded ResetCon to address growing cybersecurity concerns in critical infrastructure. He's passionate about his family, work, and about giving back to the community
Know more about Reset Conference - https://rstcon.org/
Attend ResetCon this year!
Visit https://rstcon.org/2024/ and use the code PrOTect to receive a 10% discount on your tickets.
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
In this episode, Bryson sits down with Mark Montgomery, Senior Director at the Foundation for Defense of Democracies. For three years, Mark served as Executive Director of the Cyberspace Solarium Commission, created by congressional mandate to develop strategic approaches to defending against cyber attacks. Now, he directs CSC 2.0, an initiative that works to implement the recommendations of the Commission.
What were the key recommendations of the Cyberspace Solarium Commission? What are the politics of cybersecurity? How do we ensure that our international partners have the same level of resiliency and recovery that we have domestically?
“We'd like to fight our adversaries overseas. That means we have to fight with and through our allies and partners. So they have to have strong critical infrastructure as our forces arrive and execute their missions,” Mark said.
Join us for this and more on this episode of Hack the Plan[e]t.
Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology.
Craig and Dino dig into the differences and nuances of patch management and software updates comparing IT versus Operational Technology (OT) environments.
They explore the distinct challenges that OT systems face with software updates, and risks associated with patch management, including potential operational disruptions and risks of downtime.
They discuss the importance of IT understanding the OT risks and challenges of updating software and implementing patches to ICS and OT equipment.
The conversation highlights innovative solutions like virtual patching, the role of OEMs, and the critical need for a strategic, collaborative approach to cybersecurity in industrial settings.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!
In this episode of our “Automation Chat” podcast from The Journal From Rockwell Automation and Our PartnerNetwork magazine, Executive Editor Theresa Houck chats with Brian Deken, North America Commercial Manager of Networks & Cybersecurity Services at Rockwell Automation. They talk about cybersecurity challenges and outcomes manufacturers are trying to achieve and how to attain them.
Also learn why it’s vital to do cybersecurity assessments in real time and why you can’t integrate and optimize an IT tool for an OT environment. And see how Rockwell Automation provides IT/OT synergies through its partner ecosystem and uses the NIST-based approach to help manufacturers to focus resources for cybersecurity.
And as always, get your family-friendly, silly Joke of the Day.
Resources from this episode:
You can also watch their discussion on YouTube at https://youtu.be/8NtR7oHzhhY.
Automation Chat is brought to you by The Journal From Rockwell Automation and Our PartnerNetwork magazine.
Find us on LinkedIn.
Find us on Facebook.
Find us on X (Twitter).
Please subscribe and give us a 5-star rating and a review.
** Named Best Podcast 2 Consecutive Years! 2022 & 2023 Apex Awards of Publication Excellence.
חזרת ממילואים ומצאת את עצמך בלי עבודה ופרנסה קבועה
רוצה להיכנס להייטק או כול תחום אחר כג'וניור
רוצה להחליף מקום עבודה כסיניור
רוצה לעשות שינוי כיוון בקריירה שלך סדרת הפודקאסטים הזו נועדה עבורך
נחשון פינקו מארח את דפנה הר-לבן מנהלת קשרי הייטק בקריה האקדמית אונו ומנהלת מחלקת גיוסים בעברה. בתפקידה הנוכחי דפנה מסייעת לסטודנטים במכללה במציאת עבודה. הפודאסט כולו סביב מציאת עבודה, בניית אסטרטגיה למציאת עבודה ואיך בונים נכון קורות חיים.
Welcome back to *Protect It All*! In Episode 17, host Aaron Crow is joined by Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, to dive deep into secure remote access for Operational Technology (OT) systems. They explore the cutting-edge HERA (Hardware Enforced Remote Access) technology, which offers a revolutionary approach to remote control via TPM hardware, unidirectional gateways, and stringent encryption protocols.
This episode covers everything from the critical need for robust security in high-stakes environments like wind farms and manufacturing to the dangers of supply chain vulnerabilities to the broader implications for industries dependent on remote operations.
Ginter sheds light on the limitations of software-based solutions and the strategic advantages of hardware-enforced security, while also discussing his book "Engineering Great OT Security" and the latest initiatives in cyber-informed engineering.
Tune in to learn how organizations can remain competitive, reduce costs, and stay secure in an increasingly interconnected industrial world. This enlightening discussion could change the way you think about remote access!
Key Moments:
05:53 Spectrum of consequence in remote access explained.
07:55 Security flaws in remote access systems.
10:23 Remote access is often overlooked by many.
15:11 Supply chain vulnerability due to cloud connectivity.
17:33 Hardware-enforced remote access, HERA, fills the security spectrum.
20:52 Custom ASIC with 1M transistors for encryption.
25:55 Ways to exploit network security vulnerabilities discussed.
26:35 Exploiting technology to send unauthorized messages.
32:50 Benefits of centralizing engineering teams in businesses.
34:18 Competing in the international market with unique services.
39:31 Understanding the implications before implementing technology is crucial.
40:30 Uncertainty about large number, risk opportunity tap.
43:50 Firewall controls data flow and is potentially misconfigurable.
About the guest :
At Waterfall Security, Andrew leads a team of experts working with the world's most secure industrial sites. He is the author of three books on industrial security, co-author of the IIoT SF and the UITP Guide to CyberSecurity in Tendering, and co-host of the Industrial Security Podcast.
Links:
LinkedIn: https://www.linkedin.com/in/andrewginter/
Email Andrew: [email protected]
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
Vincente Diaz, Threat Intelligence Strategist on Google’s VirusTotal team and formerly the EU director of Kaspersky Lab’s Global Research & Analysis Team, joins the Nexus Podcast to discuss how artificial intelligence and machine learning is an integral part of what VirusTotal is doing around malware analysis. Vincente describes the advantages these advanced technologies bring to malware analysis, in particular how it cuts down analysis time, and improves exploit detection.
For more, visit nexusconnect.io/podcasts
האם העובדה שביצעתם מבדקי חדירות ותיקנתם ליקויים אומרת שאתם מוגנים? אין ספק שאתם יותר מוגנים ממה שהיתם לפני, אבל נדרש לערוך את מבדקי החדירות בלופ כדי לוודא שלא נפתחו פרצות חדשות מאז המבדק האחרון
נחשון פינקו מארח את אושר עשור שותף ומנכ"ל חטיבת הסייבר והטכנולוגיה באוריין ישראל, אחת משתיים עשרה חברות ראיית החשבון הגדולות בעולם. בשיחה על מבדקי חדירות, ההבדל בין כלים אוטומטים למבדק אנושי ועוד
Does the fact that you performed penetration tests and corrected defects mean that you are protected? You are undoubtedly more protected than before, but conducting the penetration tests in a loop is necessary to ensure that no new loopholes have opened since the last test.
Nachshon Pincu hosts Osher Asor, partner and CEO of Cyber Security & Tech Division @Auren Israel, one of the twelve largest accounting firms in the world. In a conversation about penetration tests, the difference between automated tools and human testing, and more.
For the last twenty years we’ve invested in software security without parallel development in firmware security. Why is that? Tom Pace, co-founder and CEO of NetRise, returns to Error Code to discuss the need for firmware software bills of materials, and why Zero Trust is a great idea yet so poorly implemented. As in Episode 30, Tom is a straight shooter, imparting necessary truth bombs about our industry. Fortunately he’s optimistic about our future.
In dieser Folge von Rhebos OT Security Made Simple erklärt Matthias Maier vom SIEM-System-Hersteller Splunk, warum eine OT-Sicherheitsstrategie auf Managementlevel unumgänglich ist, um bei der Tool-Auswahl die richtigen Investment-Entscheidungen zu treffen. Er erläutert die einzelnen Schritte und verdeutlicht noch einmal die Verantwortung des Managements bei der Cybersicherheit der OT, insbesondere mit Blick auf NIS2 und Co.
Let's continue unpacking the "Cyber Incident Reporting for Critical Infrastructure Act". What else do you need to know? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
In this episode, cybersecurity expert Sandeep Lota, Nozomi Networks Field CTO, joins Dino Busalachi to discuss the challenges and innovations in OT cybersecurity.
Key topics they explore include dealing with the evolution of OT security tools, the challenges with IT-OT convergence, and the increasing importance of continuous monitoring.
Sandeep also talks about the role of OEM partnerships and the rising trend of managed services. Tune in to stay ahead of the curve!
Chapters
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!
In this episode, host Aaron Crow delves into IT OT convergence, a crucial yet often misunderstood topic. Listeners will gain insights into the distinct differences between IT and OT, the challenges of integrating these fields, and the reasons behind the historical mistrust between IT and OT teams.
Aaron discusses how technology might be similar, but the roles and impacts are starkly different—with IT focusing on corporate environments and OT handling mission-critical operations like power plants and manufacturing lines. He also shares real-world stories and strategies for building trust and fostering collaboration between these often siloed teams.
Tune in to learn how to overcome these hurdles to create a more secure and efficient organization. Whether you're an IT professional or an OT specialist, this episode offers valuable perspectives on navigating the complexities of IT OT convergence.
Key Moments:
00:10 Technology similarities, lack of understanding, a trust issue.
03:49 Corporate distrust causes technology outages and inefficiency.
07:21 Building trust and collaboration for buy-in.
11:20 Different games, but similar athletic requirements.
15:38 Team successful in providing technical support in Texas.
17:09 Connect with us at Black Hat, DEF CON.
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
תחום הגנת הסייבר על מערכות אימבדד (מערכות סייבר פיזיות) עוסק בהגנה על מערכות שבדרך כלל מבוססות על מערכות הפעלה ותוכנה משולבות בפירמוור מצומצם מחד, מאידך כמות המכשירים המפוזרים בעולם מגיע לעשרות ואף מאות מיליוני יחידות. עובדה זו משמשת תוקפים ליצירת מתקפות מסיביות על חברות ע"י שימוש בו זמני במיליוני מערכות אימבדד. בצורה כזו הופלו בעבר חברות התקשורת הגדולות בארה"ב מה שהביא לאי יכולת מתן שירותיים ללקוחות וניתוק אזורים שלמים מתקשורת
עם התרחבות הרגולציה בתחום והדרישה מיצרנים להטמיע מערכות הגנה בתוך המוצרים נושא הגנת מערכות סייבר פיזיות תופס תאוצה. חברת צ'ק פוינט הייתה מהראשונות לזהות את הצורך ומתן מענה למוצרי אי.או.טי כבר בעשור הקודם
נחשון פינקו מארח את מירי אופיר דירקטורית פיתוח בצ'ק פוינט שהצוותים שלה מסייעים לחברות המייצרות מערכות פיזיות להגביה את חומות הסייבר במוצריהן, בשיחה על הצורך, הדרישה הגוברת של הרגולטורים להגנות משמעותיות ועד כמה שונה ההגנה הסייבר פיזית מהעולם המוכר של האי.טי
Cyber protection for embedded and cyber-physical systems (CPS) revolves around securing systems that typically rely on operating systems and software integrated into limited firmware. On the other hand, the number of devices scattered worldwide reaches tens of millions and, in some cases, even hundreds of millions of units. Unfortunately, attackers exploit this vast network to orchestrate massive attacks on companies, simultaneously leveraging millions of compromised systems. In the past, such coordinated attacks have disrupted major communication companies in the US, leading to service outages for customers and disconnections in entire regions.
As regulations expand within this domain, manufacturers face increasing pressure to implement robust protection mechanisms in their products. The issue of safeguarding CPS has gained momentum, and companies like Check Point have been at the forefront. Check Point recognized the need for solutions tailored to IoT products as early as the previous decade.
Nachshon Pincu hosts Miri Ofir, Director of R&D at Check Point, who illuminates the urgency of robust protections. Her teams work closely with companies that produce physical systems, fortifying their products against cyber threats. This discussion delves into regulators' evolving demands, emphasizing the unique challenges of CPS protection compared to the familiar landscape of traditional IT security.
A quick update from MIranda, to explain the recent delays in new episodes. She also has a few teasers of new episodes that will be coming soon! Well, maybe "eventually" is a better word, because our production process has become more difficult. But there is some great new content on its way, we promise!
In this episode of the ASHB Smarter Homes and Buildings Podcast, ASHB is joined by Vivek Ponnada from Nozomi Networks. Vivek, a Technology Solutions Director shares his expertise on programmable logic controllers (PLCs). ASHB and Vivek dive into the world of PLCs, discussing their role in building automation, from HVAC systems to lighting control. Vivek highlights the security concerns associated with PLCs and introduces the groundbreaking "Top 20 Secure PLC Coding Practices" project. This initiative aims to enhance the security of these crucial systems using native functionality and proposing best practices for engineers. Vivek also explores the project's future direction, including the expansion to the "Top 20 Secure PLC Environmental Practices" project. Learn about the importance of securing PLCs in building automation, the collaborative efforts driving this initiative, and how you can get involved. Visit plc-security.com for more information and to join the community.
Artificial intelligence (AI) is having a moment… a really long moment. It’s been evolving for decades, but now it’s everywhere all at once. AI-powered digital assistants like Siri and Alexa, as well as generative AI tools like ChatGPT, Gemini and Copilot, have put AI at everyone’s fingertips, including cybercriminals.In cybersecurity, the race is on to outsmart bad actors who are already using new forms of AI to find vulnerabilities faster and launch more effective attacks. During this session, we'll delve into what AI really is, its applications for cybersecurity, and how critical infrastructure and industrial organizations are using it to stay ahead of cyber threats.
Visit Our Website
Follow Us on LinkedIn
Stewart Baker is one of the preeminent lawyers on topics of cyber law with an impressive career in and out of government. Stewart also hosts the Cyberlaw podcast.
The Biden administration is contending that vendors should be held liable for security deficiencies in their products.
Assuming this is turned into law and/or executive orders, what does it mean? What can we learn from other liability law to inform us what would be required for a vendor to be held liable for a security issue? How would the judgment / damages be determined.
Dale's note: We talk about the SEC charges against SolarWinds in this interview.
In this episode, Aaron Crow and special guest Joseph Perry dive deeply into the evolving landscape of cybersecurity. The episode explores the integration of commercial off-the-shelf systems into OT environments, highlighting how this transition brings similar security challenges from the IT sector into play. Throughout their discussion, Aaron and Joseph tackle the complex vulnerabilities, the resistance to adopting new technologies, and the critical necessity of tailored security measures. They also examine the pervasive buzzwords like "AI" in modern cybersecurity products.
Listeners will gain insights into the growing regulatory scrutiny from the SEC, the heightened responsibility of Chief Security Officers, and the anticipated evolution of cybersecurity professions into more rigorous, skilled trades. The conversation further touches on the chaotic state of threat intelligence, the impact of technological advancements such as AI on cyber-attacks, and the increasing industrialization of fraud. From understanding the hype cycles of AI to the practical challenges of explaining complex security solutions to non-technical stakeholders, this episode is packed with valuable information.
Aaron and Joseph also discuss the importance of learning from past IT mistakes when adopting new technologies and the unique challenges of protecting both cutting-edge and legacy systems within OT environments. As they address topics like social engineering attacks, ransomware, and the use of AI tools in cybersecurity, listeners will come away better equipped to navigate the intricate cybersecurity landscape. Tune in for a comprehensive exploration of these critical issues.
Key Moments:
05:36 Library catalog conversion led to career in cybersecurity.
15:02 AI useful in cybersecurity for structured data.
18:07 Questions remain about AI, and human intervention need.
25:39 Advanced fraud detection surpasses current AI capabilities.
28:37 AI contributes significantly to medicine, finance, and cybersecurity.
34:57 Powerful means test and audience testing revolutionized fraud.
37:58 Attacks getting shorter, focused on initial access.
47:52 Focus shifts to CPE, vulnerability, and attack.
48:53 Russian threat actors reassert, causing chaos. No rules.
54:43 IT challenges in dealing with construction clients.
59:56 Evolution of cyber security concerns and measures.
About the guest :
Joseph Perry is a seasoned cybersecurity expert currently leading incident response, threat intelligence, and purple teaming at MorganFranklin Cyber. With a background spanning the US Navy and the National Security Agency, Perry has built a robust expertise in emerging technology and cybersecurity. He specializes in critical infrastructure protection, threat intelligence, and the adoption of new technologies.
Perry is a prominent figure in the cybersecurity community, contributing his insights at major conferences like Black Hat and Defcon. He focuses on the practical applications of AI in cybersecurity, fraud detection, and the evolving threat landscape. Committed to advancing the field, Perry emphasizes continuous learning and domain expertise to help organizations combat cyber threats effectively
How to connect Joseph : https://www.linkedin.com/in/lousyhacker/
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
This episode focuses on the critical intersection of IT and OT in industrial cybersecurity.
Featuring discussions on strategic partnerships and validated designs, the episode addresses the challenges of data protection, digital safety, and asset inventory.
The conversation goes into how companies can better secure their operations by integrating IT and OT, leveraging new technologies, and improving operational efficiency.
The speakers also share insights on the evolving landscape of cybersecurity and the importance of collaboration between different departments within organizations to mitigate risks and ensure safety.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!
Ahmik Hindman, Senior Network and Security Solution Consultant at Rockwell Automation, joins the Claroty Nexus podcast to discuss the challenges and success stories he's experienced in patching operational technology equipment and industrial control systems. Hindman has been at Rockwell Automation for 28 years and has expansive experience with customers solving these complex cybersecurity issues. Hindman shares some of the frameworks, tools, and approaches he's worked with, and how convergence and other recent trends have changed how organizations handle vulnerabilities.
For more, visit nexusconnect.io/podcasts
Craig Duckworth and Dino Busalachi discuss the pressing issue of cybersecurity compliance for publicly traded companies under new SEC regulations.
They discuss the reasons behind the low number of reported breaches, including national security exemptions and potential corporate negligence.
Craig and Dino address the challenges companies face in safeguarding their operations, from inadequate incident response plans to the ins and outs of securing industrial control systems.
Tune in to understand why transparency and proactive measures are essential for protecting both companies and their investors.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!
In this special episode of the Bites and Bytes Podcast, host Kristin Demoranville is joined by Kyle King, Managing Director of Capacity Building International and founder of Crisis Lab. Unlike our typical episodes focused on food industry experts, this conversation explores broader themes such as food insecurity, crisis management, and food security during global crises.
Kyle shares his extensive experience in emergency services and international security, discussing the impact of global conflicts, such as the Russian invasion of Ukraine, on our food supply chains. Learn how food insecurity leads to mass migration and the innovative ways communities build resilience. Kyle also sheds light on the crucial role technology plays in both the challenges and opportunities of modern farming.
This episode is part one of a special two-part series. Stay tuned for part two on the Crisis Lab Podcast, where Kyle and Kristin will discuss practical steps communities can take to be more resilient in the face of food supply challenges and technological disruptions.
You can listen to that episode here: https://podcasts.apple.com/us/podcast/integrating-digital-safety-in-the-food-industry/id1607644712?i=1000662173951
More information about Part Two can be found here:
https://www.crisislab.io/podcasts/crisis-lab/episodes/2148742285
___________________________________________________
Episode Key Highlights:
(00:37 - 01:14) Exploring Kyle's Favorite Food
(03:27 - 04:27) Memorable Texas Restaurant Experience
(08:48 - 09:53) Navigating Crisis With Clear Communication
(19:56 - 21:28) Community Food Supply Preparedness
(26:33 - 28:13) Implementing Technology in Agriculture
(36:03 - 37:58) Technology, Labor Shortage, and Vulnerability
(48:20 - 49:44) Building Resilience Through Community Engagement
___________________________________________________
Show Notes:
Food waste statistic:
Fires with electric vehicles:
German EV Sales after tax cut removed:
Baltic Sea Infrastructure Incident:
Russian ships off the coast of Florida, USA:
Deep Sea Mining for Minerals for EV batteries:
___________________________________________________
Crisis Lab Podcast: https://www.crisislab.io/podcasts/crisis-lab
Crisis Lab: https://www.crisislab.io/
Crisis Lab Newsletter: https://www.linkedin.com/newsletters/7197166347129139200/
Capacity Building International: https://www.capacitybuildingint.com/
Kyle King LinkedIn: https://www.linkedin.com/in/kylek-us/
___________________________________________________
Bites and Bytes Podcast Info:
TikTok: @bitesandbytespodcast
Website: Explore all our episodes, articles, and more on our official website. Visit Now
Merch Shop: Show your support with some awesome Bites and Bytes gear! 🧢👕 Shop Now
Blog: Stay updated with the latest insights and stories from the world of cybersecurity in the food industry. Read Our Blog
Audience Survey: We value your feedback! Please help us make the podcast even better. Take the Survey
Schedule a Call with Kristin: Want to share your thoughts? Schedule a meeting with Kristin! Schedule Now
Dino Busalachi and Craig Duckworth, CTO and CEO of Velta Technology, respectively, tackle the inherent risks of CISO resignations.
They discuss the immense stress and challenges that put these crucial roles at risk.
They talk about the unique struggles CISOs face in managing industrial cybersecurity, where outdated systems and a lack of authority compound their difficulties.
Dino and Craig also address the critical disconnect between IT and OT environments, the importance of on-the-ground involvement, and the need for a collaborative approach to secure industrial operations.
Tune in to understand why the role of a CISO has become untenable for many and what can be done to address this growing issue.
Chapters:
Links And Resources:
Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, YouTube, and Google Podcasts to leave us a review!
עולם הסייבר הולך ומתרחב, יותר ויותר רגולציות ונושאים בהם נדרשים מנהלים לקחת החלטות שיהיו להן השפעות לטווח ארוך, איך מתמודדים ומה צריך לעשות על מנת לוודא שננקטו הצעדים הנכונים?
נחשון פינקו מארח את עו"ד רמי תמם וג'קי אלטל מובילי תוכנית לתואר שני בסייבר פורנזיקה בקריה האקדמית אונו, בשיחה על הצורך והחשיבות של מנהלים להבין סייבר גם אם זה לא מרכז עיסוקם.
The cyber-world is expanding, more and more regulations and issues require managers to make decisions that will have long-term effects. How do you cope, and what should be done to ensure that the proper steps have been taken?
Nachshon Pincu hosts attorney Rami Tamm and Jackie Altal, leaders of a master's degree program in cyber forensics at the Ono Academic College, in a conversation about the need and importance of managers to understand cyber even if it is not their focus.
When you hit a milestone like 50, you need to take a few minutes to reflect. On this very special episode, Gary Cohen and Tyler Wall look back at what they’ve learned, discuss what has surprised them and rate some cybersecurity movies.
Our top podcast episode of Season 3 is back in the spotlight, and it's a must-listen!
Join us as we revsit our time meeting with Danielle Jablanski, exploring the exciting future of cybersecurity!.
We explore the fascinating realm of smart cities and their development, while also delving deep into Danielle's expertise in OT security challenges and navigating legacy technology hurdles.
In this episode, our host, Aaron Crow, explores the intriguing world of OT cybersecurity products.
This episode explores the key differences between IT and OT, the challenges faced in OT environments, and how some IT products can actually be adapted for OT use.
Aaron explains why availability and safety take precedence in OT settings, from power plants to manufacturing lines, and how traditional IT cybersecurity measures need to be tailored for these unique environments. He also discusses the importance of understanding protocols, implementing multi-layered defenses, and leveraging advancements in cybersecurity tools.
Tune in as we unravel the distinct intricacies of protecting our critical infrastructures and discover how IT and OT worlds continue to converge.
Key Moments:
00:10 Adapting IT products for OT cybersecurity challenges.
06:33 IT products integrating OT capabilities, impacting uptime.
10:33 Windows XP boxes in production pose risk.
14:00 Access device remotely to avoid travel time.
17:45 Complex network setup required for risk reduction.
20:06 Multiple vendors complicate technology and support solutions.
24:14 Plan for OT challenges by engaging IT.
26:21 OT and IT overlap, and industry devices evolve.
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
CIRCIA stands for the "Cyber Incident Reporting for Critical Infrastructure Act". But what does it really mean? Let's find out with your hosts Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.
We sat down with Scott Sheahan, the owner of Rustic Security, to learn from his rich background in the automotive cybersecurity world and embedded software development.
Dr. Bilyana Lilly, an expert on geopolitics and Russia’s codification of information warfare as a strategy, says that the war in Ukraine has only temporarily delayed Russia’s activity against the West in cyberspace. On this episode of the Nexus podcast, she reinforces the idea that despite the fact that Russia is operating under severe resource constraints, CISOs should be preparing for the inevitable.
“I think it’s important to identify the conditions and the constraints that currently the Russian government is currently experiencing. Because once these constraints are lifted then I think we’ll see an increase in cyber activity, which gives us some time to prepare,” Lilly said. “That’s what I think we should be doing right now. I think we shouldn’t be letting our guard down because I think those attacks are coming.”
For more, visit nexusconnect.io/podcasts
In dieser Folge von OT Security Made Simple teilt Götz Schartner, Geschäftsführer des SOC-Dienstleisters 8com und Sachverständiger für Cyberversicherungen, seine Erfahrungen zu den häufigsten Angriffen. Er erklärt, warum OT-Sicherheit noch immer zu wenig Beachtung findet und weshalb das der größte Fehler eines Unternehmens sein könnte.
Dale Peterson interviews Rob Lee on the S4 Main Stage. They cover a lot of ground and Rob is never shy about sharing his opinions and analysis. They discuss:
Welcome to Episode 13 of Protect It All! This episode features Philip Huff, a professor at UA Little Rock and a cybersecurity expert. He explores the promise of AI in education, especially for robotics and automation, while cautioning against the erosion of educational rigor.
Philip and host Aaron Crow discuss the importance of hands-on learning and real-world experience in aligning educational standards with industry needs. They delve into the role of industry partnerships, the necessity of embedding cybersecurity education at the community college level, and the growing skills gap in technology due to retiring experts.
The conversation also covers the advantages of competency-based education and flexible training programs in enhancing social mobility. Throughout, they stress the critical role of human involvement in AI and cybersecurity and the need for innovative, resilient systems.
Tune in for an engaging discussion on the future of education and workforce development in the tech and cybersecurity sectors.
Key Moments:
00:10 Early career challenges prepare for real-world demands.
04:35 Degree's purpose is knowledge and skill acquisition.
08:17 Promoting cyber-informed engineering principles in community colleges.
11:32 Small private school in Texas prioritizes practical engineering.
14:48 Trade skills in high demand, apprenticeships offered.
17:33 Community colleges offer efficient curriculum changes for workforce.
23:12 Team's success attributed to aligning schedules with peers.
26:57 Company and employee benefit from long-term commitment.
28:46 Aligning learning outcomes with career competencies is crucial.
31:44 Retooling professionals for new careers and skills.
36:13 Value education based on future job prospects.
37:35 Integration of AI in education needs balancing.
42:52 Transforming education to align with real learning.
46:28 Transforming classroom for positive shared learning experiences.
49:57 Unused industrial equipment turned into educational tools.
52:10 Learn troubleshooting, not just following instructions.
56:07 Excitement and fear about accessible AI advancements.
59:12 Developing cyber engineering education standards at Idaho National Labs.
About the guest :
Philip Huff is an Associate Professor of Cybersecurity at the University of Arkansas in Little Rock and serves as the Director of Cybersecurity Research in the Emerging Analytics Center. Dr. Huff is also chief scientist and co-founder of Bastazo, a company specializing in cybersecurity solutions for industrial technology. He leads the National Cyber Teaching Academy, the Department of Energy’s Emerging Threat Information Sharing and Analysis Center, and the Cybersecurity Consortium for Innovation which all focus on driving work-force development and innovation for cybersecurity in the region. He is also a CISSP.
How to connect with Philip: https://www.linkedin.com/in/philip-huff-65012621/
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
As advancements in cybersecurity have improved detection and response capabilities, managing the immense amounts of data required by AI-based cyber solutions remains a challenge. So, in this episode, we chat about how edge computing can enhance cybersecurity. Executive Editor Theresa Houck is joined by Valerie Schneider, Business Development Manager and Mike Wurster, Director of Strategic Alliances with Stratus Technologies to discuss:
You can also watch their discussion on YouTube at https://youtu.be/0kQ1c3z36MM.
Resources from this episode:
Automation Chat is brought to you by The Journal From Rockwell Automation and Our PartnerNetwork magazine.
Find us on LinkedIn.
Find us on Facebook.
Find us on X (Twitter).
** Named Best Podcast 2 Consecutive Years! 2022 & 2023 Apex Awards of Publication Excellence.
Joe Marshall is a Senior IoT Security Strategist at Cisco Talos Intelligence Group. When Russia invaded Ukraine in 2022, Joe helped coordinate a multinational, multi-company coalition of volunteers and experts to find a technological solution.
Bryson and Joe sat down to discuss his efforts in Ukraine, how he got the go-ahead from Cisco leadership, and more.
“They were like, yeah, we can't even get accurate timing to work on our transmission grid because of jamming that is interrupting GPS communications,” Joe explains. “A week later I was sitting in my office and I went, ‘I wonder if we have something inside of Cisco that can actually help with this.’”
Join us for this and more on this episode of Hack the Plan[e]t.
Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology.
עו"ד הדס תמם בן-אברהם ראש המכון למחקר סיכוני סייבר והילל קובורובסקי מרצה סייבר שניהם מהאקדמית אונו, בשיחה על הדו"ח החדש שפורסם באפריל 2024: הערכת העלות הכלכלית בגין תקיפות סייבר בישראל
Adv. Hadas Tamam Ben-Avraham, the Head of Cyber Risks Research Institute & Vice Dean at Ono Academic College, and Hillel Kobrovski, a Senior Lecturer for Cyber security at the College, in a conversation about The new report from April 2024 on the economic damage estimate from cyber attacks in Israel.
In this special episode of the Bites and Bytes Podcast, host Kristin Demoranville is joined by two cybersecurity experts, both named Andrew Rose, for an insightful discussion on the intersection of cybersecurity and AgroFoods. Andrew Rose, from the UK, is currently the Chief Security Officer (CSO) at SoSafe and formerly the CISO at Proofpoint, CSO at Mastercard UK, and CISO at the National Air Traffic Services (NATS). The other, Andrew Rose, is from the US; he’s an Ag Futurist and a cybersecurity advisor specializing in agricultural production, including advising for BIO-ISAC.
Learn about the critical role of resiliency in the agri-supply chain, the impact of human error on cybersecurity, and the need for education and awareness to prevent breaches. Explore how cybersecurity integrates into food safety culture and the importance of building security into agri-tech products. The discussion also covers emerging cybersecurity trends, the role of government agencies like the FBI, and the global implications of food security.
Tune in for expert insights, practical advice, and a deeper understanding of the unique challenges and opportunities in agri-food cybersecurity and this critical infrastructure.
Also, Happy Pride! 🏳️🌈
-----------------------------------------------------
Episode Key Highlights:
(16:03 - 16:55) National Seminars on Agricultural Security Threats
(19:19 - 20:24) Lessons for Food Industry Cybersecurity
(22:50 - 23:54) Importance of Data Integrity and Availability
(27:51 - 29:22) Social Engineering
(34:03 - 35:46) Food Security and Existential Risks
(39:13 - 40:17) Impact of Global Food Economy
(41:29 - 42:09) Impact of Ukraine on Grain Prices
(49:34 - 51:11) Rising Nation-State Threats in Cybersecurity
(53:13 - 54:22) Importance of Product Security in Agro-Tech
(59:46 - 01:00:55) Financial Impact of Ransomware Attack
-----------------------------------------------------
Notes from the Show:
Reporting Agricultural Incidents (Ic3.gov)
-----------------------------------------------------
🏳️🌈👊⚡️ Pride Merch 🏳️🌈👊⚡️
Bare Knuckles & Brass Tacks Podcast
Learn more about Out in Tech
Learn more about the Scholarship for LGBTQ+ students
This BKBT podcast episode discusses these causes and the Pride Merch Shop.
----------------------------------------------------
Bites and Bytes Podcast Info:
Website: Explore all our episodes, articles, and more on our official website. Visit Now
Merch Shop: Show your support with some awesome Bites and Bytes gear! 🧢👕 Shop Now
Blog: Stay updated with the latest insights and stories from the world of cybersecurity in the food industry. Read Our Blog
Audience Survey: We value your feedback! Help us make the podcast even better. Take the Survey
Schedule a Call with Kristin: Want to share your thoughts? Schedule a meeting with Kristin! Schedule Now
A critical skills gap in Operational Technology security could have a real effect on your water supply and other areas of the critical infrastructures. Christopher Walcutt from DirectDefense explains how the IT OT convergence, and the lack of understanding of what OT systems are, might be contributing to the spate of water systems attacks in 2024.
When it comes to critical infrastructure, like the energy sector, weak cybersecurity can cause incalculable damage. In this episode, we talk with Jacob Marzloff of Armexa about how to build a more resilient OT network and some of the technological advancements that are shaping the industry.
In this episode, our host Aaron Crow, sits down with Dr. Anmol Agarwal, a distinguished security professional at Nokia and adjunct professor specializing in machine learning. Together, they dive deep into machine learning, AI, and cutting-edge telecommunications technologies.
They uncover how vast amounts of data are crucial for training machine learning models to detect anomalies and prevent cyber threats, particularly in the telecommunications industry. Dr. Agarwal also sheds light on the transformative impacts of 5G and future 6G networks, from enhancing communication speed to revolutionizing smart manufacturing and industrial networks.
Explore the fascinating world of digital twins, AI-powered anomaly detection, and the complexities of transitioning from 4G to 5G. Aaron and Dr. Agarwal also discuss the global efforts required to standardize these technologies and emphasize the importance of diversity and passion in the tech industry.
Tune in as they tackle the current challenges and future possibilities in AI and telecommunications, and discover how these innovations are shaping the security landscape. Plus, take advantage of Dr. Agarwal's valuable insights and upcoming research on AI-based solutions to prevent DDoS attacks. Let's dive in!
Key Moments:
00:10 Old technology, like dial-up, latency is important.
04:08 Latency in IT and OT processes. Excitement for 5G.
08:40 Machine learning for anomaly detection, digital twins, network sensing for 6G.
12:54 5G as secure media pipe for communication.
15:43 Training machine learning models requires ample data.
18:14 AI benefits outweigh fear of job loss.
22:06 AI creates and replaces jobs, imperfect but beneficial.
25:34 AI adapts dynamically, opens limitless possibilities.
27:31 Live stream with CEO playing themed tabletop.
32:06 5G signal has shorter coverage than 4G.
36:42 Diversity in cyber is crucial for innovation.
40:37 Diverse backgrounds bring fresh perspectives to cybersecurity.
43:04 AI creating deepfakes raises concerns about misinformation.
45:01 Concerned about deep fake potential and solutions.
About the guest :
Dr. Anmol Agarwal is a security expert at Nokia, dedicated to securing advanced communication technologies such as 5G and upcoming 6G networks. Her critical work ensures that the data transmitted through your cell phone calls and text messages remains confidential and protected from hacking. Additionally, Dr. Agarwal imparts her extensive artificial intelligence knowledge as a part-time adjunct professor teaching machine learning. Her expertise not only safeguards our digital communications but also enhances their speed and efficiency through the innovative application of AI.
How to connect with Dr. Anmol :
LinkedIn: https://www.linkedin.com/in/anmolsagarwal/
X: https://twitter.com/anmolspeaker
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
Welcome to the 8th episode of our Energy Talks miniseries, Cybersecurity in the Power Grid, in which we provide a 360-degree view of how power grids can best safeguard their infrastructures from cyber attacks.
This episode investigates why, in addition to software, hardware devices must be secured against cyber threats.
OMICRON hardware developer Marcel Ströhle describes how hardware cybersecurity is crucial to overall system security because hardware devices are another potential attack vector that can be easily neglected. Through examples of actual hardware attacks, he highlights how important proper cybersecurity is for your hardware applications and offers tips to ensure it.
Marcel shares his experiences securing hardware devices and describes how he and his team have developed reliable and robust hardware technology, such as the MBX2 mobile test set, used in OMICRON’s cybersecurity solutions.
Stay tuned for upcoming episodes in our Cybersecurity in the Power Grid miniseries. Learn more about OMICRON’s approach to cybersecurity in power grids.
We would really like to know what you think about Energy Talks and which topics you would like to hear more about. To do this, simply send us an email to [email protected] and be sure to give us a star review on Spotify or Apple Podcast. Thanks for your feedback!
In this episode, host Aaron Crow interviews Kevin Walter, an expert in vehicle security, about the growing cybersecurity and safety risks in modern vehicles. Kevin, with a master’s degree in cybersecurity and extensive experience in vehicle systems like the CAN bus, shares his insights into the hidden vulnerabilities within today's cars.
The discussion covers key topics such as the challenges automakers face in updating vehicle software, the real-world implications of vehicle hacking—including the notorious 2014 Jeep hack—and the emerging threats from autonomous vehicles and AI systems. Kevin and Aaron explore how hackers can exploit architectural weaknesses and what measures can be taken to protect against these threats, from simple solutions like Faraday bags to advanced strategies like kill switches.
Whether you’re a cybersecurity enthusiast, a vehicle owner, or just intrigued by the intersection of technology and safety, this episode offers valuable insights into keeping modern vehicles secure. Join Aaron and Kevin for an engaging dive into automotive cybersecurity. Let’s get started!
Key Moments:
00:10 Vehicle network, OBD 2 standard, vehicle diagnostics.
07:22 Incident leads to upgrading car engine.
08:06 Programmed car transmission to work with engine.
13:34 Cars now require computer skills for repair.
14:25 Shop had to enable new battery in car.
18:50 Tire sensor vulnerabilities lead to serious risks.
20:55 Relying on sensors, lacking basic driving skills.
26:05 Greenberg upset about engine shutdown on highway. The jeep's brakes disabled in parking lot. Demonstrated vehicle vulnerability in 2014.
27:40 Potential security risk shutting down connected vehicles.
32:16 Harley dealership charged $100 to enable Spotify.
36:12 OBD2 standard needed for vehicle safety.
39:32 Tesla's automated driver assist misinterprets speed limit.
41:43 Keyless cars vulnerable to theft via tech.
46:13 Interconnected systems may lead to car hacking.
49:19 Balancing innovation with cybersecurity is crucial.
About the guest :
Kevin Walter is an experienced professional in the field of vehicle network and computer systems. He possesses a deep understanding of the more than 50 electronic control units typically found in these networks. Kevin is well-versed in the use of onboard diagnostics tools, specifically the OBD 2 standard, which has been a universal feature in vehicles since 1996. This standard is crucial for mechanics to diagnose and troubleshoot vehicle issues effectively. Kevin’s extensive background includes work as an independent transportation contractor, further solidifying his expertise in the automotive industry.
How to connect Kevin :
https://www.linkedin.com/in/kevin-w-942416211/
Watch a key fob replay attack video Kevin made with his vehicle.:
https://drive.proton.me/urls/3FJXK72NVG#lr_dL45TIogs
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
Bishop Fox CEO and Cofounder Vinnie Liu joins the Nexus Podcast to discuss his team's role during security incidents in conducting offensive security testing alongside incident response activities. In healthcare environments where ransomware is the leading threat, red-teams and other offensive security specialists are called in, Liu said, to ensure that secondary attack vectors cannot be leveraged by attackers to maintain persistence inside an organization.
For more, visit nexusconnect.io/podcasts
In cybersecurity, knowing what goes into every device and system is absolutely crucial. Enter: SBOMs. Today, we talk to Ron Brash of aDolus Technology once again about the importance of SBOMs and vulnerability management.
Today, we are thrilled to welcome Roya Gordon as our guest.
Roya is an executive industry consultant specializing in operational technology, cybersecurity, and Hexagon. She is a military veteran, an accomplished technologist, and a prolific speaker in our industry. Her creativity knows no bounds, encompassing her passion for the arts and her love of opera and symphonies. She is also an avid traveler and a super fun person to have around.
Roya brings a unique and engaging perspective to our discussion today. She shares her journey from a pre-law magnet program to becoming a skilled speaker in the Navy, highlighting the value of communication skills for conveying technical information to audiences and sharing the challenges and opportunities veterans face when breaking into the cybersecurity industry.
Stay tuned as Roya shares her invaluable insights and experiences, offering guidance for veterans aspiring to enter the cybersecurity field. You will not want to miss the wisdom and stories Roya shares with us today.
Show highlights:
Links and resources:
Derek Harp on LinkedIn
Roya Gordon on LinkedIn
When critical infrastructure is shut down due to ransomware or some other malicious attack, who gets notified and when? Chris Warner, from GuidePoint Security, discusses the upcoming Cyber Incident Reporting for Critical Infrastructure Act or CIRCIA and what it will mean for critical infrastructure organizations.
UK will propose law to ban ransom payments for critical infrastructure entities. EPA outlines enforcement measures to protect water utilities against cyberattacks. Rockwell advises customers to disconnect ICS devices from the internet. Senator Vance asks CISA for information on Volt Typhoon. Guest Kimberly Graham of Dragos joins Dave to discuss regulatory compliance issues.
Control Loop is going on a temporary hiatus. Thank you for being a loyal listener. N2K CyberWire will be back soon with more ICS/OT news and analysis that you rely on. Please stay tuned for more updates.
Please take a moment to fill out our super quick survey. It’s only 5 short questions. Thanks!
Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (The Record)
EPA Outlines Enforcement Measures to Help Prevent Cybersecurity Attacks and Protect the Nation’s Drinking Water (Environmental Protection Agency)
Rockwell Automation Reiterates Customer Guidance to Disconnect Devices from the Internet to Protect from Cyber Threats (Rockwell Automation)
Senator Vance issues warning on China-backed Volt Typhoon threat to US critical infrastructure (Industrial Cyber)
Guest Kimberly Graham, Vice President of Product Management at Dragos, discussing regulatory compliance issues.
A companion monthly newsletter is available through free subscription and on the N2K CyberWire website.
How do you adopt a cybersecurity strategy that fits your manufacturing business?
In this episode of Manufacturing Happy Hour, host Chris Lueke is speaking to Mollie Breen, CEO & Founder of Perygee, an automation platform for IT and security teams, built to eliminate the visibility challenges of the digital-first world.
They kick off by exploring significant developments in cybersecurity over the past few years. Mollie highlights the dual role AI plays, assisting both hackers in identifying vulnerabilities and defenders in fortifying network security. She underscores the importance of reverting to cybersecurity fundamentals amid tech evolutions, noting that a shift back to basics is essential for adapting to new threats effectively.
Mollie provides background on her time at the NSA, revealing the surprising routine nature of tackling seemingly insurmountable tasks due to robust capabilities and top-tier expertise available. Her time at the NSA played a crucial role in her entrepreneurial journey with Perygee, where she navigated the intricate processes within governmental organizations to introduce innovative security measures.
Mollie and Chris also discuss practical advice for implementing cybersecurity strategies within organizations of varying sizes. Mollie touches on the unique cybersecurity challenges faced by medical device companies due to heavy regulations and the criticality of their operations. The conversation then moves to the timing and evolution of cybersecurity roles within growing businesses.
To wrap up, they discuss the potential for leadership in cybersecurity across all levels of an organization. This episode is packed with valuable insights for leaders across the manufacturing sector looking to enhance their cybersecurity strategies and foster a more secure operational environment.
In this episode, find out:
Enjoying the show? Please leave us a review here. Even one sentence helps. It’s feedback from Manufacturing All-Stars like you that keeps us going!
Tweetable Quotes:
Links & mentions:
Make sure to visit http://manufacturinghappyhour.com for detailed show notes and a full list of resources mentioned in this episode. Stay Innovative, Stay Thirsty.
In this episode of the Bites and Bytes Podcast, host Kristin Demoranville chats with Marc Frankel, CEO and co-founder of Manifest Cyber, a software supply chain security company. They talk about the world of Software Bills of Materials (SBOMs) and their critical role in cybersecurity, especially within the food industry. Marc shares insights on the importance of SBOMs, their implementation, and the future of supply chain security. He also provides a unique perspective on the intersection of cybersecurity and the food industry, making this a must-listen for anyone interested in protecting our food systems. Tune in to learn how SBOMs can help your organization stay resilient in the face of cyber threats.
______________________________
Episode Key Highlights:
(02:29 - 03:11) Navigating Relationships as Entrepreneurs
(09:11 - 11:07) Importance of Software Ingredient Lists
(16:54 - 17:59) Understanding SBOM Regulatory Requirements
(25:49 - 26:35) Streamlining Software Supply Chain Security
(34:54 - 36:25) Mission-Driven Software Supply Chain Importance
(38:33 - 39:23) Duty to Monitor Software Security
------------------------------------------
Show Notes:
Hakarl, have you ever wondered what fermented Greenlandic shark tastes like? 🌊🦈 Discover the unique Icelandic delicacy that Marc Frankel bravely sampled! Learn More
Russ & Daughters (NYC, Lower East Side): Experience the legendary smoked salmon from one of NYC's most iconic spots. Perfect for your next bagel craving! 🥯🐟 Visit Russ & Daughters
US Executive Order on Improving the Nation's Cybersecurity (14028): Stay informed about the latest national cybersecurity measures. Read the Executive Order
FDA Medical Devices Cybersecurity Guidelines: Learn about how medical devices are secure with the FDA's latest guidelines. 🏥🔒 Explore the Guidelines
EU Cyber Resilience Act Learn about the upcoming changes in EU cybersecurity regulations. 🌍🛡️ Read the Act
Log4Shell: Get the details on one of the most significant cybersecurity vulnerabilities of recent times. 🔍💻 Learn More
______________________________
Marc and Manifest Information:
Find Marc Frankel on LinkedIn. Connect with Marc to jump into the world of SBOMs and cybersecurity. Connect with Marc
Information on Marc's company, Manifest. Discover how Manifest is revolutionizing software supply chain security. Visit their Website or LinkedIn for more details.
______________________________
Bites and Bytes Podcast Information:
Website: Explore all our episodes, articles, and more on our official website. Visit Now
Merch Shop: Show your support with some awesome Bites and Bytes gear! 🧢👕 Shop Now
Blog: Stay updated with the latest insights and stories from the world of cybersecurity in the food industry. Read Our Blog
Audience Survey: We value your feedback! Help us make the podcast even better. Take the Survey
Schedule a Call with Kristin: Want to share your thoughts? Schedule a meeting with Kristin! Schedule Now
In Episode 10 of Protect It All, titled "Tools and Techniques for Better Network Visibility and Vulnerability Management with Kylie McClanahan," host Aaron Crow and guest Kylie McClanahan dive into the critical elements of enhancing cybersecurity through advanced tools and strategies. Kylie, CTO of a company specializing in this field, shares her insights on overcoming the challenges of consistent naming conventions, accurate vendor data, and breaking down silos for effective communication across teams.
They explore the utility of tools like Spartan and Network Perception in visualizing network vulnerabilities, mapping asset inventories, and planning effective patch management. They emphasize the importance of correlating vulnerabilities with business priorities rather than just CVSS scores and the need for a layered security approach.
The episode also discusses cybersecurity risks to non-technical stakeholders, highlighting the business implications. The duo discusses the evolving landscape in the power utility sector, the dual nature of physical and cyber threats, and the ever-present need for continuous adaptation.
Kylie shares her excitement about machine learning and graph neural networks for grid state estimation while expressing caution about AI tools' accuracy. Aaron and Kylie stress the importance of reliable data, automated processes, and vendor security advisories in maintaining effective asset management.
Key Moments:
03:47 Discussion focused on improving cybersecurity classifications and communication.
08:48 Compliance sometimes leads to minimum effort for benefit.
11:17 Vendor security advisories prioritize patch tracking.
14:46 Testing for security vulnerabilities and potential exploits.
17:20 Understanding and communicating cybersecurity risk to non-professionals.
20:50 Disagreement on consistent product naming causes confusion.
25:46 NVD website publishes overwhelming recent vulnerabilities.
27:07 Understanding the importance of asset management.
32:13 Challenges of tracking change management in organizations.
33:33 People, process, and technology are crucial investments.
37:34 Spartan takes any scan, offers change management.
39:55 Vision of the future: a dynamic ecosystem.
43:19 Vendors acknowledge changes in control systems effectiveness.
48:09 Equations useful, AI for optimization, caution with models.
49:28 Questioning truthfulness of AI in HR replacement.
53:01 Toyota and Lexus prioritize reliable, tested technology.
About the guest :
Kylie McClanahan is the Chief Technology Officer of Bastazo, Inc and a doctoral candidate in Computer Science at the University of Arkansas. She has nearly a decade of experience with cybersecurity in the electric industry, including both professional experience and frequent collaborations with industry as a graduate researcher. Her research explores the automation of vulnerability analysis and remediation using natural language processing and machine learning. She holds a GCIP certification from GIAC and speaks frequently about cybersecurity in industrial control systems.
How to connect Kylie:
https://www.linkedin.com/in/kyliemcclanahan/
https://www.cisa.gov/stakeholder-specific-vulnerability-categorization-ssvc
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
Protect AI Chief Information Security Officer Diana Kelley joins the Claroty Nexus podcast to discuss the intricacies of securing machine learning and artificial intelligence use inside the enterprise. She also explains the concept of MLSecOps and how it compares and contrasts to DevOps used in application development.
For more, visit nexusconnect.io/podcasts
The OT (operational technology) space has never been more of a target to cyber threats than today. A recent McKinsey & Company article stated “As this sector embraces digitalization, its ‘attack surface’ is skyrocketing. In a space that boasted about being air-gapped, or unplugged from the internet environment in years past, these new capabilities have made it vulnerable to attack – and threat actors are chomping at the bit.”
In this episode we discuss cybersecurity in the process industries with cybersecurity expert, Marco Ayala, President of the Houston chapter of InfraGard, a partnership between the FBI and the private sector for the protection of U.S. critical infrastructure. Marco, who has a long history in industrial security, comes from the unique perspective of being a supplier to the process industries as well as an end user.
We discuss:
Current landscape of cybersecurity
Challenges facing owner operators today
Role of regulatory agencies and standards organizations
Strategies asset owners are undertaking and first steps to achieve them
Join our series hosts, Jonas Norinder and Don Mack, for an episode filled with helpful information that will guide you on your journey to stay cybersafe!
Show Notes:
Video: NOVA – A.I. Revolution (https://to.pbs.org/4aWsoe5) time 47:50 in video
Article: Board of directors: The final cybersecurity defense for industrials (https://mck.co/454z5cH)
Website: Cyber Informed Engineering (https://bit.ly/4e4ypbl)
Website: Consequence-Driven Cyber-Informed Engineering (https://bit.ly/4aC8O6p)
Website: InfraGard – Partnership for Protection (https://www.infragard.org/)
Additional resources: https://bit.ly/3yD2Q8j
Upcoming webinar (Wednesday, July 11, 2024):
Navigating the Digital Workforce: 4 Strategies for Success in the Age of Technology (https://bit.ly/3Va6H4m)
Contact us:
· Marco Ayala ([email protected])
· Don Mack ([email protected])
· Jonas Norinder ([email protected])
We are thrilled to have Max Aulakh, the Founder and CEO of Ignyte Assurance Platform, joining us today.
Max is a military veteran and motorcycle enthusiast who enjoys doing voluntary work. He is a prolific contributor to the cybersecurity community, always willing to be of service to others. When Max was three, his father applied for American citizenship at the US Embassy in India. It was an extremely long process, and after losing all hope, he and his family finally migrated to Oklahoma a decade later.
Join us to learn how Max transitioned from the military to founding the successful Ignyte Assurance Platform. He also shares his views on regulations, discusses how AI has impacted the security field, and offers prudent and practical advice for anyone interested in pursuing a cybersecurity career.
Stay tuned for today’s candid and fascinating interview with Max Aulakh, the Founder and CEO of Ignyte.
Show highlights:
Links and resources:
Derek Harp on LinkedIn
Max Aulakh on LinkedIn
Jennifer Minella, founder and principal advisor of Viszen Security, joins the Claroty Nexus podcast to discuss her experiences advising organizations on operational technology implementations, risk management, and succeeding at IT/OT convergence. This episode was recorded during RSA Conference where Jennifer and Bryson Bort gave a talk on convergence from the perspectives of a defender of industrial networks, and from the viewpoint of an offensive security specialist.
For more, visit nexusconnect.io/podcasts
This episode of OT Security Made Simple welcomes Jonathan Gordon of the OT cybersecurity researchers and analyst Takepoint. Jonathan argues that OT security needs to merge the bottom up and top down approach to succeed and that the CISOs will be at the frontline of driving and moderating this process.
In this episode, we're diving deep into the world of Operational Technology (OT) and IoT security, exploring the critical challenges and evolving threat landscape that are impacting sectors from manufacturing to critical infrastructure and healthcare. With insights from Patrick Gillespie, an OT expert at GuidePoint Security, we'll discuss the convergence of IT and OT systems, the risks introduced by COVID-19, and the advanced solutions from providers like Phosphorus that are combatting these threats. Patrick also sheds light on his personal journey from military service to a cybersecurity career, and the essential steps organizations should take to bolster their OT security, from embracing cyber hygiene to implementing robust security programs. Join us as we uncover the pressing issues facing IoT security today and how innovations are driving a safer, more secure operational environment.
Let’s connect about IoT Security!
Follow John Vecchi at https://www.linkedin.com/in/johnvecchi
The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast
Joe Weiss is managing partner of Applied Control Solutions Inc., and an ISA99 ICS cybersecurity pioneer and blogger.
50% of respondents still rely on spreadsheets and multiple tools for third-party risk management. In this episode of the ICS Pulse Podcast, we talk to Brad Hibbert of Prevalent about the company’s 2024 Third-Party Risk Management Study and how to create more effective risk management practices.
When an enterprise network goes down, you call in the Incident Response team and they do forensics. When your SCADA goes down, who do you call? Meet Lesley Carhart, technical director of incident response at Dragos, who focuses on products and services for the non standard part of cybersecurity. That means things like performing digital forensics on SCADA, industrial control systems, and critical infrastructure. There’s still some normal enterprise computing involved, but very often the stories told by practitioners are … well, just plain weird.
In this episode, Bryson Bort is joined by Paul Shaver, Global OT Security Practice Lead at Mandiant / Google Cloud to discuss the cyber threat landscape. How did Paul’s military background play a role in his decision to start working with control systems? What is the difference between an advanced persistent threat and a regular threat? What does Paul think is the best way to protect against documented threats from nation-state actors?
“I think if we're not doing a better job of protecting critical infrastructure, protecting our assets, any one of the nation state actors could cause that level of mass scale outage or destruction of capability. It comes down to being better prepared to protect these environments,” Paul said.
Join us for this and more on this episode of Hack the Plant.
Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology.
We are delighted to have Mike Holcomb joining us on the show today.
Mike is both a fellow and a cybersecurity director, and he currently serves as the ICS OT Cybersecurity Global Lead at Fluor, a massive multinational engineering and construction firm with over 40,000 employees. He has participated in many major building projects, and we are excited to learn from his extensive experience today.
Stay tuned as Mike shares his insights and expertise.
Show Highlights:
Links and resources:
Derek Harp on LinkedIn
Michael Holcomb on LinkedIn
Mark Toussaint of OPSWAT joins to talk about his work in securing operational technology, and specifically about his role as product manager. This is an under-discussed job role within security, and requires great technical expertise, intercommunication skills and the ability to carry out long term campaigns on a product from, as he put it, initial brainstorming scribblings on a cocktail napkin through the creation of the product, all the way to its eventual retirement. Learn what it takes to connect security engineering, solutions experts, project management, and more in the role of security product manager, and how OT security connects fast, flexible IT and cybersecurity with systems that, as Toussaint put it, might be put in place and unmodified for 15 or 20 years. It’s not that hard to connect the worlds, but it takes a specific skill set.
0:00 - Working in operational technology
1:49 - First getting into cybersecurity and tech
3:14 - Mark Toussaint’s career trajectory
5:15 - Average day as a senior product manager in OPSWAT
7:40 - Challenges in operational technology
9:11 - Effective strategist for securing OT systems
11:18 - Common attack vectors in OT security
13:41 - Skills needed to work in OT security
16:37 - Backgrounds people in OT have
17:28 - Favorite parts of OT work
19:47 - How to get OT experience as a new industry worker
21:58 - Best cybersecurity career advice
22:56 - What is OPSWAT
25:29 - Outro
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.
Charles Blauner, Team8 operating partner and CISO in residence, joins the Claroty Nexus podcast to discuss the rapid changes in responsibilities and liability risks facing today's chief information security officers. Blauner, former CISO at JP Morgan and Deutsche Bank, describes how, for example, the new SEC rules around disclosures and incidents, along with legal action against high-profile CISOs of public companies, have some security leaders re-thinking how they operate and negotiate within their roles. He also discusses whether enterprises should brace for an exodus of those in the CISO chair today.
For more, visit nexusconnect.io/podcasts
On the battlefields of Ukraine, Russia has become very adapt at electronic warfare — both jamming GPS satellites and spoofing satellite signals. We explain how it works and its ripple effects beyond the front lines.
In this episode of Secure Tracks, Miki Shifman delves into bridging knowledge between IT and OT in transit cybersecurity with Mark Johnston, CISO of TriMet. Mark Johnston shares his enlightening journey from a seasoned IT security career to leading OT security initiatives at TriMet. Discover the challenges, innovations, and triumphs involved in integrating these critical technologies to enhance the safety and reliability of public transit systems.
The landscape of maritime cybersecurity has evolved significantly, driven by current events, increasing digitization and the adoption of emerging technologies. These changes enhance operational capabilities, but also introduce vulnerabilities. Regulation and standards introductions have been pivotal in guiding the integration of cyber risk management into safety management systems onboard ships. However, a primary concern in maritime cybersecurity is OT systems, which are vital for the control and operation of physical shipboard processes.
Panelists:
Sean Plankey, Global Head of Cybersecurity Software, Willis Towers Watson
Michael DeVolld, Senior Principal Consultant, American Bureau of Shipping
Kevin Duffy, CEO, Maritime Imperative
Marco Ayala, President, Infragard Houston
וובינר בנושא ניהול משבר במגזר התעשייתי בהנחייתו של יוגב נחום מחברת קוד בלו משתתפים:
חגית איסר - מנכ"לית דגש פ.ק
יסמין טל בדש - מנהלת סיכוני סייבר עולמי של טכנולוגיה תפעולית וחדשנות באי.סי.אל לשעבר כימיקלים לישראל
יוסי שביט - ראש יחידת סייבר בתעשייה המשרד להגנת הסביבה
נחשון פינקו - סייבר אוונגליסט וסמנכ"ל בכיר ליעוץ ניאטק סייבר סקיורטי בע"מ
Chris Hughes and Nikki Robinson recently wrote the book Effective Vulnerability Management. Dale and Chris discuss the topic and book including:
The definition and scope of vulnerabilities. It’s much more than coding errors that need patches.
Are ICS protocols lacking authentication “vulnerabilities”
The reality that most organizations have 100’s of thousands of unpatched vulnerabilities. Some statistics and will this change.
Ways to prioritize what vulnerabilities you address.
The SSVC decision tree approach that was introduced at S4 as Never, Next, Now
Tooling … vulnerability management, software configuration, ticketing, remediation.
And much more.
Links:
Effective Vulnerability Management, https://www.amazon.com/Effective-Vulnerability-Management-Vulnerable-Ecosystem/dp/1394221207/
Dale’s ICS-Patch Decision Tree, https://dale-peterson.com/wp-content/uploads/2020/10/ICS-Patch-0_1.pdf
US Defense Department warns of Russian hacktivists targeting OT devices. The US government establishes safety and security board to advise the deployment of AI in critical infrastructure sectors. Vulnerabilities affect CyberPower UPS management software. US congressmen put forward water system cybersecurity bill. Encore guest Garrett Bladow, Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. The Learning Lab is currently on a hiatus this episode.
Urgent Warning from Multiple Cybersecurity Organizations on Current Threat to OT Systems (NSA)
DHS launches safety and security board focused on AI and critical infrastructure (FedScoop)
Uninterrupted Power Supply (UPS): A Silent Threat to Critical Infrastructure Resilience (Cyble)
Crawford puts forward bill on cybersecurity risks to water systems (Arkansas Democrat-Gazette)
Guest is Garrett Bladow, Distinguished Engineer at Dragos, discussing active visibility into OT systems.
The Learning Lab is on a break. Stay tuned.
A companion monthly newsletter is available through free subscription and on the N2K CyberWire website.
Join host Kristin Demoranville for this insightful Bites and Bytes Podcast episode featuring special guests Tia Glave and Jill Stuber. The discussion will bridge the worlds of food safety, quality, and transformative leadership within the food industry.
Tia Glave, a trained chemical engineer and a seasoned food safety and quality professional, brings extensive experience working across diverse food sectors. In this episode, Tia discusses her approach to integrating leadership principles with technical strategies to enhance food safety programs, reflecting her passion for supporting talent in the food industry.
Jill Stuber, with her comprehensive background in Food Safety & Quality (FSQ) and her roles in various multi-million-dollar food organizations, shares her journey and the joy she finds in coaching and positively impacting the food safety sector. With a Master of Science in both Food Science and Quality Management, Jill’s professional coaching certification and leadership skills shine through as she discusses the importance of integrating leadership skills with technical expertise to foster better outcomes in food safety.
Together, they explore the evolving landscape of food industry leadership, the integration of technology, and the critical role of empathy and effective communication in cultivating a safe and innovative food environment. This episode explores their journeys and highlights their unique perspectives on the future of food safety and intentional leadership’s pivotal role in navigating modern food systems’ challenges.
In this episode, we also focus on the critical intersection of cybersecurity with food safety. As digital transformations sweep through the food industry, understanding the cyber aspects becomes increasingly vital. Kristin, Tia, and Jill discuss how enhancing cybersecurity measures is integral to safeguarding food production processes. They emphasize the need for leaders to be proficient not only in traditional food safety roles but also in combating potential cyber threats that could impact food integrity and safety. This conversation highlights the importance of a holistic approach to food safety, including robust cybersecurity practices, ensuring that the food industry can effectively face modern challenges.
Don’t miss this engaging conversation that connects the dots between creating efficient, safe food practices and nurturing the next generation of food industry leaders.
___________________________________________
Episode Key Highlights:
(00:50 - 02:58) Food Safety Leadership Development and Coaching
(13:29 - 14:48) The Importance of Catalyst in Industry
(16:45 - 17:34) Diverse Roles in Food Industry Leadership
(25:11 - 26:06) Personal Development and Self-Reflection
(28:37 - 29:26) Cybersecurity and Food Safety Discussions
(32:25 - 33:57) Consumer Education in the Food Industry
(43:29 - 46:02) Leadership and Empathy in Food Industry
(51:14 - 52:42) Navigating Uncertainty Together
(54:59 - 56:12) Future of Hybrid Food Safety Roles
___________________________________________
To learn more about Tia & Jill’s company, please check out their website Catalyst LLC and LinkedIn
Catalyst is a comprehensive and holistic coaching program for creating transformational change within people and organizations toward the ultimate food safety and quality culture.
You can find Tia Glave on LinkedIn and also find Jill Stuber on LinkedIn.
Catalyst Youtube: Ever wonder why food safety culture seems so challenging? or why technical experts aren’t, by default, technical leaders? Join us each week as we explore these topics and more!
___________________________________________
Bites and Bytes Podcast website for additional show notes, blog, and more!
We are delighted to have Chase Richardson, the VP of Consulting at Bridewell, back on the show today.
Bridewell boasts a rich history in industrials, offering comprehensive cybersecurity services across the entire cybersecurity spectrum, including operating technology.
Recently, Bridewell came up with an insightful report on cybersecurity within the US critical infrastructure. In this episode, Chase dives into the current state of cybersecurity regulations in critical infrastructure and shares the details and origin of the upcoming Bridewell report, which falls squarely within the interest of CSAI.
Tune in to learn more about this exciting project.
Show highlights:
Links and resources:
Derek Harp on LinkedIn
Chase Richardson on LinkedIn
A story about satellites, electronic warfare, and a team of American techies who MacGyver-ed a way to keep the power flowing in Ukraine.
A first-of-its-kind 2016 cyberattack on Ukraine’s power grid was a wake-up call for countries around the world to shore up protection of vulnerable energy resources. Mara Winn, Deputy Director for Preparedness, Policy, and Risk Analysis at the Department of Energy's Office of Cybersecurity, Energy Security, and Emergency Response (CESER), is in charge of acting on just that. From securing electric vehicles to safeguarding electric substations, Mara and her team help to ensure the resilience of the energy sector against cyber, physical and climate-based disruptions.
Mara takes a holistic approach to risk management, considering both physical and cyber threats. In the latest episode of WE’RE IN!, she cautions against focusing too much on the "flashy object of the day" and describes why she imbues diversity in risk management for the best outcomes.
Listen to hear more about:
Cybersecurity pioneer Mikko Hypponen joins the Claroty Nexus live at the RSA Conference to discuss a decade of ransomware attacks against corporate networks. Hypponen is Chief Research Officer at WithSecure, the former F-Secure for Business. He has observed and analyzed malware from its infancy when it was a merely a means of disruption and attention-seeking to today's enormously profitable ransomware services and gangs .
For more, visit nexusconnect.io/podcasts
Welcome to the 7th episode of our Energy Talks miniseries, Cybersecurity in the Power Grid, in which we provide a 360-degree view of how power grids can best safeguard their infrastructures from cyber attacks.
In this episode, we will learn how an OMICRON team of cybersecurity experts goes about analyzing incoming alarms and how even the smallest indicators can reveal hidden dangers that threaten the safety and operations of an entire system.
This was tested by the Norwegian utility company Glitre Nett. They conducted an intrusion detection system (IDS) evaluation exercise at a live substation to compare the solutions of multiple vendors, including OMICRON.
OMICRON cybersecurity experts Ozan Dayanc, Christoph Rheinberger, and Lukas Schneider join us in this episode to describe their involvement in the project with Glitre Nett and discuss how they successfully completed it using OMICRON’s StationGuard intrusion detection system.
The project involved executing live attack simulations in the substation to compare the detection mechanisms of the various IDS solutions. Glitre Nett also wanted to ensure the detection response and support capabilities of the cybersecurity experts at each vendor company.
Stay tuned for upcoming episodes in our Cybersecurity in the Power Grid miniseries.
Learn more about OMICRON’s approach to cybersecurity in power grids.
We would really like to know what you think about Energy Talks and which topics you would like to hear more about. To do this, simply send us an email to [email protected] and be sure to give us a star review on Spotify or Apple Podcast. Thanks for your feedback!
Former NSA Director Adm. Michael S. Rogers (Ret. USN) joins the Claroty Nexus Podcast live from RSA Conference in San Francisco to discuss the current geopolitical climate, its impact on chief information security officers, and how they can and should response. Rogers discusses how the doctrines of adversaries are changing and that U.S. critical infrastructure is increasingly in the crosshairs. He also brings his experience and delivers practical advice for CISOs who are not only dealing with external adversaries but also potential legal liability in the event of breaches.
For more, visit nexusconnect.io/podcasts
פרק מיוחד בשיתוף עם הפודקסט "למה סייבר!?"
נחשון פינקו מארח את דנית ליבוביץ-שטי המייסדת של חברת אלפא חקירות דיגיטליות, מובילת הפודקאסט המצויין "למה סייבר!?". בשיחה על מה היא פורנזיקה דיגיטלית (כנראה לא מה שחשבתם), איך לבחור חברת מענה לאירוע סייבר, חשיבות הגיבויים ובדיקות חזרה מגיבוי באופן שוטף. ועוד
A special episode in collaboration with the podcast "Why Cyber!?"
Nachshon Pincu hosts Danit Leybovich-Shati, Alfa Forensics Digital Evidence's founder and the excellent "Why Cyber!?" podcast host. In a conversation about what digital forensics is (probably not what you thought), how to choose a response company for a cyber incident, and backup, backup, backup, and backup tests on an ongoing basis.
This is a story about how organizations are moving their SCADA systems to the cloud and how they need to secure them or they’ll be attacked. Chris Doman, co-founder and CTO of Cado Security discusses the new NSC guidelines on SCADA in the Cloud and whether the guidelines are prescriptive enough.
In this episode of the OG of OT podcast, a young woman “Clara” (not her real name) is reunited with this dude “Harvey” (also not his real name). She was duped into taking part in a supply chain attack. He kinda remembers the equipment refresh and rumors of infected firmware. Decades later, they meet. Coincidence?
Waterfall Security Solutions and ICSSTRIVE put out an annual threat report that Dale Peterson believes is the best in OT. Why? It only includes incidents that had physical consequences on systems monitored and controlled by OT.
Dale and Andrew discuss:
What is in and out of scope for the report.
The breakdown of the 68 incidents that occurred in 2023 by industry sector, cause, threat actor and more.
The impact reporting requirements may have on these numbers in the future.
What percentage of OT cyber incidents with physical consequences are made public.
Ransomware on IT causing physical consequences, exfil v. encryption, and what asset owners should do given this represents 80% of the known incidents in the report.
And more.
Links:
2024 Threat Report: https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/2024-threat-report-ot-cyberattacks-with-physical-consequences/
ICSSTRIVE: https://icsstrive.com
S4 Events YouTube Channel: https://youtube.com/s4events
Mandiant ties OT attacks to Sandworm. Russia-linked hackers target Texas water utilities. Belarusian hacktivists hit fertilizer company. CISA issues eight ICS advisories. Dave Bittner's Caveat podcast co host Ben Yelin joins him to discuss pending legislation with potential to affect critical infrastructure, as well as the Department of Energy’s assessment of the potential risks and rewards from AI. The Learning Lab is on a hiatus this episode, and will be returning soon!
Unearthing APT44: Russia’s Notorious Cyber Sabotage Unit Sandworm (Mandiant)
Rural Texas Towns Report Cyberattacks That Caused One Water System to Overflow (SecurityWeek)
Belarusian hackers claim to breach fertilizer plant in retaliation for support of Lukashenko regime (The Record)
CISA Releases Eight Industrial Control Systems Advisories (CISA)
Host Dave Bittner and his co host from the Caveat podcast on the N2K CyberWire network, Ben Yelin, share some discussion about pending legislation with potential to affect critical infrastructure, and Department of Energy’s assessment of the potential risks and rewards from AI.
Links to articles:
The Learning Lab is on a break and will be back soon. Stay tuned.
Please take a moment to fill out our super quick survey. It’s only 5 short questions. Thanks!
A companion monthly newsletter is available through free subscription and on N2K Networks website.
פרק מיוחד בשיתוף עם הפודקסט למה סייבר?! דנית ליבוביץ-שטי ונחשון פינקו מארחים את תהילה שוורץ אלטשולר, עמית בכירה במכון הישראלי לדמוקרטיה וראש תכנית דמוקרטיה בעידן המידע, בשיחה על עולם ה"פיגיטלי" החדש (פיזי פלוס דיגיטלי) וסיכוני הסייבר שבו. מדוע ישראל עומדת מאחורי מדינות המערב עם היעדר רגולציות סייבר ופרטיות? ועוד
A special co-created episode with Why Cyber?! Podcast Danit Leybovich-Shati and Nachshon Pincu host Tehilla Shwartz Altshuler, a Senior Fellow at Israel Democracy Institute and head of the Democracy in the Information Age program, In a conversation about the new “Phygital” (physical plus digital) world and its cyber risks. Why is Israel behind the Western countries with a lack of cyber regulations? And More
Abel Archundia, chief technology officer and global head of advisory for Istari, joins the Claroty Nexus podcast to discuss the nature of complexity, technical debt, and regulation, and how it influences risk decisions in critical infrastructure environments. He explains the challenges complexity brings to manufacturing, pharmaceuticals, and other CI sectors, and how owners and operators may feel outmatched by technical debt.
For more, visit nexusconnect.io/podcasts
In this captivating podcast episode, host Kristin and her guest and fiancée, Stuart King, explore their rich experiences in cybersecurity, specifically focusing on the food industry. They discuss the transformative impact of AI and machine learning on security practices within this sector. The episode begins with personal stories that connect their professional paths to memorable food experiences, illustrating how these moments deeply intertwine with their work.
Stuart recounts his extensive career, starting with his initial experiences in the Royal Air Force and moving into significant roles in cybersecurity, particularly emphasizing his contributions to safeguarding food production systems. The conversation then shifts to their joint venture, “AnzenOT,” a tool they co-developed to simplify and democratize risk assessments for small to mid-size enterprises in the food industry. They discuss how AI enhances this process through improved analytics to give context to risk, which is essential for food manufacturers aiming to fortify their defenses against cyber threats.
The duo highlights the crucial need to understand the human side of cybersecurity in food manufacturing, advocating for solutions that address the daily challenges employees face on production floors. They discuss how AnzenOT uses AI to simulate realistic threat scenarios and offer practical, actionable insights, helping companies navigate the complex landscape of food safety and cybersecurity.
Throughout the episode, Kristin’s cat, Kai, also makes a charming presence, adding a touch of warmth as she quietly joins in, much to the amusement of both hosts.
As the episode wraps up, Kristin and Stuart invite listeners to join them at upcoming industry conferences, including RSA, where they will discuss cybersecurity and operational technology in the food industry. They encourage a broader dialogue about enhancing security measures to protect the vital processes that feed nations and maintain public health.
___________________________________________
Episode Key Highlights:
(02:52 - 03:53) Unforgettable Food Adventures in Japan
(06:13 - 08:23) Career Evolution and Shared Experiences
(13:44 - 15:56) Critical Infrastructure Vulnerabilities in Production
(17:56 - 20:09) Importance of Understanding Environment in Cybersecurity
(24:04 - 26:00) Risk Management and AI in Industry
(29:27 - 31:18) AnzenOT Tool Benefits and Features
(34:08 - 35:40) Value for Money and Risk Assessment
(37:45 - 38:41) Network Security Vulnerabilities From Unknown Applications
___________________________________________
How to connect with Stuart King:
Our talk on the S4 Main Stage, “Factories Are Families: How Does Security Join The Family?”
Panel at IC3 Games 2023 on protecting critical infrastructure.
___________________________________________
If you want to learn more about AnzenOT, please check the website or reach out on LinkedIn.
Also, if you would like to schedule a demo of AnzenOT or have a chat, please use this link to schedule a meeting.
___________________________________________
Additional Show notes and information are on the Bites and Bytes Website.
If you would like to schedule a meeting with Kristin to discuss the Bites and Bytes Podcast, please use this link.
Audience Survey can be found here.
Bites and Bytes Podcast Merch Shop!! (click here)
OT Security Made Simple Host Klaus Mochalski spricht mit Stefan Grützmacher, der in den letzten Jahrzehnten mehrere Energieversorger geleitet hat. Für Stefan wird die OT-Sicherheit bei den Kritischen Infrastrukturen noch immer viel zu stiefmütterlich behandelt. Er stellt als Branchenkenner aber auch klare Anforderungen an Lösungen für den KRITIS-Sektor.
In this episode, we welcome Alex Cowan, CEO of RazorSecure, where we discuss the intricate world of rail cybersecurity.
From legacy systems to cutting-edge digital infrastructures, Alex shares his wealth of knowledge gained from over a decade in the field. Additionally, we'll explore the impact of new NIST regulations on this dynamic sector.
Join us for another informative episode of Secure Insights!
Claroty is a cybersecurity company that helps organizations to secure cyber-physical systems across industrial (OT), healthcare (IoMT), and enterprise (IoT) environments: the Extended Internet of Things (XIoT).
In this episode, Bryson Bort sits down with Claroty director of research and industrial control system (ICS) vulnerability expert Sharon Brizinov to discuss everything ICS.
What are the most common vulnerabilities threatening ICS security? What’s the impact of cybersecurity controls standardization? And if he could wave a magic wand, what is one thing he’d change in the ICS industry?
“Don't expose ICS equipment over the Internet,” Sharon said. “That's my wish. To eliminate all the ICS Internet-exposed devices.”
Join us for this and more on this episode of Hack the Plant.
Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology.
Patrick Miller has OT cybersecurity experience as an asset owner, PacificCorp. As a regulator and one of the first NERC CIP auditors with WECC. As a community organizer creating and leading EnergySec and the BeerISAC. And as an entrepreneur creating and leading a number of consulting practices. He is currently the Founder of Ampyx Cyber.
In this episode Patrick and Dale discuss:
Why Patrick changed the company name and selected Talinn as the location for the new European office.
The major differences in approaches to OT cybersecurity and risk management between Europe and the US. (more than just regulatory differences)
What has the EU learned or improved on regulation from NERC CIP.
What is the current state of NERC CIP regulatory risk? Are the regulated entities understanding and meeting the standards’ requirements?
The challenge of slow NERC CIP modifications, eg virtualization and cloud.
Bad standard & good regulator v. good standard & bad regulator.
Should water follow the NERC CIP model as recommended by AWWA?
How Patrick is dealing with AI.
Links
Ampyx Cyber: https://ampyxcyber.com
Patrick’s Critical Assets Podcast: https://amperesec.com/podcast
Subscribe to Dale’s ICS Security Friday News & Notes: https://friday.dale-peterson.com/signup
Advertise on Unsolicited Response: https://dale-peterson.com/advertising/
Adam Gluck, founder and CEO of Copia Automation, joins the Claroty Nexus podcast to discuss the need for DevOps within industrial automation. DevOps practices are popping up more frequently in these environments, but there are still hurdles and challenges for developers and engineers to overcome. Adam covers those, and explains how DevOps can improve disaster recovery, lessen the introduction of vulnerabilities in new code, and mitigate risk by being proactive about reviewing code changes as they happen rather than later in the development lifecycle.
For more, visit nexusconnect.io/podcasts
If you knock down an email server, you could stand up a parallel server or you could find workarounds. If you knock down a factory floor, there is no real parallel, alternative to a factory floor. Dane Grace, product manager at Brinqa talks about how the risks to OT carries with it an outsized kinetic response in the real world. For example, what would happen if someone managed to put a botnet on a defibrillator?
Today on Cyber Work, we are talking operational technology, or OT, security with guest, Robin Berthier of Network Perception. From his earliest studies to his time as an academic researcher, Berthier has dedicated his career to securing the intersection between operational technology and network security, with some pretty imaginative solutions to show for it. In today’s episode, Berthier explains why modern OT security means thinking more about the mechanics of the machinery than the swiftness of the software solutions, the big conversation that infrastructure and ICS Security need to have about nation-state attackers (and finally are having!) and Berthier's best piece of career advice turns into some excellent thoughts on the importance of maintaining your network… and I don’t mean routing and switching!
0:00 - Industrial control systems cybersecurity
1:54 - How Robin Berthier got into tech
3:38 - Majoring in cybersecurity
4:55 - Intrusion detection systems
9:18 - Mechanical and cybersecurity tools
12:33 Launching Network Perception
17:03 - Current state of ICS and OT infrastructure
20:24 - Cyberattacks on industrial control systems
28:35 -Skills needed to work in industrial control systems
35:19 - Where are ICS security jobs?
36:39 - Getting into local OT systems
37:55 - Skills gaps in ICS
39:21 - Best piece of career advice
41:01 - Cultivating a work network
43:28 - What is Network Perception?
45:27 - Learn more about Robin Berthier
45:58 - Outro
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.
When it comes to OT cybersecurity, every decision can have massive impact on company finances,
human life and safety and more. In this episode of the ICS Pulse Podcast, we talk to Matt Wiseman of OPSWAT about getting IT and OT to work together and how AI/ML can help simplify the process.
The conversation covers various topics related to cybersecurity, including offensive security, IoT devices, hidden threats in cables, advanced hacking devices, privacy concerns with smart devices, cyber hygiene, securing personal data, risks of social media platforms, importance of cybersecurity education, government regulations, and trends in cybersecurity for 2024. The conversation explores the prevalence of social engineering attacks and the effectiveness of generative AI in social engineering. It discusses the challenges of detecting phishing emails generated by AI and the difficulty of defending against AI-powered attacks. The role of password managers and firewalls in defense is highlighted, as well as the importance of recognizing the limitations of human perception. The conversation emphasizes the need for cyber defense measures in organizations and the vulnerability of the weakest link in the chain. It also addresses the risks associated with third-party vendors and the impact of cyber attacks on critical infrastructure. The importance of cyber-informed engineering and designing with security in mind is discussed, along with the challenges of securing outdated OT systems. This conversation covers various topics related to securing OT networks, including the challenges of upgrading OT systems, the complexity of OT networks, and the use of OT firewalls. The discussion also explores the importance of understanding OT protocols and the security risks of unencrypted OT protocols. Additionally, the conversation delves into the impact of Active Directory issues and the role of AI in cybersecurity. The future of AI and quantum computing in cybersecurity is also discussed.
Hosted by: Aaron Crow
Guest: Duane Laflotte
To be a guest, or suggest a guest/episode please email us at [email protected]
—
Audio production by NMP. We hear you loud and clear.
הכנס השנתי 2024 של קבוצת אינטנסיטי גלובל חלק חלק שלישי: ראיית
המגן למרות האיומים האירנים לאנשי הסייבר זו מאין שגרה. דריכות המתנה ושיוף היכולות עוד ועוד
מנחה: נחשון פינקו - אוונגליסט סייבר סמנכ"ל בכיר ליעוץ ושרותי מומחים בניאטק סייבר סקיורטי בע"מ.
משתתפים: אביבית קוטלר: סיסו ודי.פי.או - בשרותי בריאות כללית
יערה לבון: סיסו – אילון חברה לביטוח
אמיר ארד: סיסו - תנובה
ערן פלד: דירקטור מערכות מידע גלובלי – ננו דימנשן
רוני רויטמן - מייסד שותף ומנכ"ל אינטנסיטי גלובל
Intensity Global Group's 2024 Annual Conference Part Three: The Defender's View Despite the Iranian threats, cyberpeople have an ordinary routine: vigilance, waiting, and honing their skills repeatedly.
Moderator:
Nachshon Pincu - cyber evangelist, SVP @Niatech Cyber Security Participants:
Avivit Kotler: CISO & DPO at Clalit Health Services
Yaara Lavon: CISO at Ayalon insurance company
Amir Arad: CISO & Director of Cyber Security at Tnuva
Eran Peled: Global IT Director at Nano Dimension
Roni Roytman - Co-founder & CEO at Intensity Global
In the last episode we talked about bad guys camping out in critical infrastructure networks, and now it's time to explore what they can do while they're there. This episode explores "Living off the Land" attacks and what that means in an industrial control network.
Chinese-manufactured devices in US networks see a 41% YoY increase. Ukraine-linked hackers deploy ICS malware against Russian infrastructure company. A look at cyberattacks that had physical consequences in 2023. Lessons from NERC’s GridEx exercise. Extension requested for comment period on CISA’s incident reporting rule. Guest Kate Ledesma, Senior Director Government Affairs at Dragos, talks about the Cybersecurity Incident Reporting for Critical Infrastructure Proposed rule (CIRCIA). The Learning Lab returns has part 2 of Mark Urban and Josh Hanrahan's discussion adversary hunting and VOLTZITE (aka Volt Typhoon).
“All your base are belong to us” – A probe into Chinese-connected devices in US networks (Forescout)
Unpacking the Blackjack Group's Fuxnet Malware (Claroty)
2024 Threat Report – OT Cyberattacks with Physical Consequences (Waterfall)
GridEx VII: Lessons Learned Report (NERC)
US Chamber of Commerce, industry groups call for 30-day delay in CIRCIA rules (The Record)
Guest Kate Ledesma, Senior Director Government Affairs at Dragos, discussing Cybersecurity Incident Reporting for Critical Infrastructure Proposed rule (CIRCIA).
On the Learning Lab segment, listen to Dragos’ Mark Urban talking with Josh Hanrahan, Principal Adversary Hunter at Dragos, in part two of their discussion on adversary hunting and VOLTZITE (aka Volt Typhoon).
Resources:
VOLTZITE Threat Group’s Under the Radar Cyber Espionage on U.S. Critical Systems.
The 5 Critical Controls for ICS/OT Cybersecurity – SANS webinar.
Please take a moment to fill out our super quick survey. It’s only 5 short questions. Thanks!
A companion monthly newsletter is available through free subscription and on N2K Networks website.
Power grid security expert Joe Marshall joins the crew today to talk all things, well, power grid security. But not before he gets an impromptu pop quiz from Matt in the roundtable.
Joe then tells some stories from his days working in electric utility, deploying new systems and his experiences with pentesting teams ("Wow, y'all need to stop!"). Plus, the team ask Joe about the risks with both aging infrastructure versus newer, smarter based infrastructure. And what happens when threat actors target critical infrastructure?
הכנס השנתי 2024 של קבוצת אינטנסיטי גלובל חלק חלק שני: ראיית התוקף
מנחה: נחשון פינקו - אוונגליסט סייבר סמנכ"ל בכיר ליעוץ ושרותי מומחים בניאטק סייבר סקיורטי בע"מ.
משתתפים:
אלברטו (דטו) חסון - סמנכ"ל CISO ב ICL Group
חן גיראט - CISO בחברת חשמל לישראל
ניר צ'רנוב - לשעבר CISO ב 8200 וזוכה פרס בטחון ישראל
דניאל סוויסה - לשעבר ראש מדור ביום אויב בחטיבת הסייבר
רוני רויטמן - מייסד שותף ומנכ"ל אינטנסיטי גלובל
Intensity Global Group's 2024 Annual Conference Part 2: The Cyber Attacker View
Moderator: Nachshon Pincu - cyber evangelist, SVP @Niatech Cyber Security
Participants:
Alberto (Deto) Hasson - VP CISO @ICL Group
Chen Girat - CISO @Israel Electricity Company (IEC)
Nir Chernov - former CISO @IDF 8200 and winner of the Israel Security Award
Daniel Suissa - former head of the Rad heat section @IDF cyber division
Roni Roytman - Co-founder and CEO of Intensity Global
In this episode of Secure Tracks, join us as we explore the intricate world of rail cybersecurity with insights from Greg Adamson, Chief Information Security Officer at the Department of Transport and Planning in Victoria, Australia. With a career that transitioned from the federal government to the forefront of cybersecurity in the rail sector, Adamson sheds light on the evolving challenges and strategies essential for safeguarding our rail systems against emerging digital threats. We delve into the necessity of adaptive cybersecurity frameworks, the impact of technological advancements, and the innovative approach of zoning for asset protection.
In the modern, interconnected environment, almost everything is vulnerable to cyberattacks, including the buildings in which we live, work and play. In this edition of the ICS Pulse Podcast, we talk to Steve Carroll and Dave Jennings of Salas O’Brien about how to protect building automation systems and why standards are needed.
One of the problems with security is ROI. If I put in next gen this and next gen that and no security events happen, am I justified in making those expenditures? How do you quantify a risk like that? Padraic O’Reilly, founder and Chief Innovation Officer at CyberSaint, walks us through the risk analysis for IoT and OT systems, and why it’s important to understand this as we secure our critical infrastructure.
Manufacturing is now the #1 target for hackers. Smart, connected devices on the plant floor are high-value cyberattack targets because of the intellectual property they contain — and just one day of downtime can cost millions.
In this episode, Executive Editor Theresa Houck talks with Richard Springer, Director of Marketing, OT Solutions at Fortinet, about findings of its revealing study, “Advancing Digital Transformation in a Time of Unprecedented Cybersecurity Risk,” developed in collaboration with the Manufacturers Alliance Foundation.
They discuss key takeaways, cybersecurity trends, and lessons that can help manufacturers fortify their cybersecurity efforts. Also learn how IT/OT collaboration is a key to finding mutual goals that balance security and operational priorities. And discover what the U.S. SEC has to do with cyberattack reporting.
And as always, get your family-friendly, silly Joke of the Day.
Resources from this episode:
You can also watch Theresa & Richard’s conversation on YouTube at https://youtu.be/esFAKPAbCSY.
Automation Chat is brought to you by The Journal From Rockwell Automation and Our PartnerNetwork magazine.
Find us on LinkedIn.
Find us on Facebook.
Find us on X (Twitter).
** Named Best Podcast 2 Consecutive Years! 2022 & 2023 Apex Awards of Publication Excellence.
In this engaging episode of the Bites and Bytes Podcast, we welcome Carl 'CJ' Unis, a Systems Engineer with the U.S. Space Force and Principal at Unis Complexity Solutions. CJ brings over 20 years of expertise in systems engineering and infrastructure logistics to our conversation. He illuminates the critical role of systems thinking in enhancing cybersecurity within the food industry. His background includes analyzing cascading infrastructure failures for the Department of Homeland Security at Sandia National Laboratories and serving as a federal agent for the Department of Energy. Not to mention, CJ's experience in the U.S. Marine Corps adds a unique perspective to his insights.
This episode was pre-recorded in January 2024 and predates the current critical infrastructure incidents or challenges highlighted in recent media. CJ's insights offer a proactive perspective and underscore the strategic importance of resilience in system thinking, providing a valuable lens to view and address the evolving cybersecurity landscape.
Episode Key Highlights:
(00:29 - 01:24) System Engineering and Food Cybersecurity
(08:56 - 11:07) Food and Cyber Security Risks
(13:47 - 15:40) Rapid Technological Advancement in 2024
(18:01 - 18:46) Cybersecurity Impact on Food Industry
(23:22 - 25:03) Understanding Natural Cycles and Engineering
(29:06 - 31:12) Systems Thinking in Risk Management
(32:19 - 33:36) Food Industry's Wide-Reaching Impact
(37:48 - 39:37) Universal Industry Problems
(43:16 - 44:02) Unsung Heroes of Everyday Life
(45:38 - 47:06) Insider Threat and Vulnerability Analysis
How to connect with CJ: LinkedIn and Contact Card
Course CJ teaches: “Systems Thinking in Emergency Management.”
Article CJ co-authored: “Rethinking Future Food Chains: Systems Thinking and the Cascading Consequences of System Failure."
Research Paper CJ co-authored: “Building Food System Resilience within a Learning Organization.”
Additional Show notes and guest inquiry information are on the Bites and Bytes Website.
If you want to learn more about AnzenOT, please check the website or reach out on LinkedIn.
FKfxRoQqxr9G0n03s16G
In this episode of OT Security Made Simple, Klaus Mochalski welcomes Digital Forensics Managing Director Dr. Frank Stummer. Frank talks about the importance of digital forensics in security incidents in OT, the challenges he faces and how he was able to thwart another security incident worth hundreds of millions of euros at a logistics service provider.
Hosted by: Aaron Crow
Guest: Luther 'Chip' Harris
To be a guest, or suggest a guest/episode please email us at [email protected]
—
Audio production by NMP. We hear you loud and clear.
In this week’s episode, we met with Patrick Miller, CEO at Ampere Industrial Security.
Patrick provides an overview of the present landscape of OT Security, identifies potential shortages in skills, and offers insights into how to establish a career in this industry.
Emma Stewart joins Dale to discuss the 3 big OT & ICS security stories from the first quarter. They end by giving their win, fail and prediction for Q1.
Co-Host Sam Van Ryder flies solo for this episode with Executive Industry Consultant, Roya Gordon! They share insights on SBOMs and their significance in OT security, discuss what current security conferences are doing right (and where they could improve!), and the importance of building local cybersecurity communities.
Things Mentioned:
· Southern Company Builds SBOM for Electric Power Substation - https://www.darkreading.com/ics-ot-security/southern-company-builds-a-power-substation-sbom?mc_cid=4ef3664287&mc_eid=UNIQID
Do you have a question for the hosts? Reach out to us at [email protected]
Keep up with HOU.SEC.CON:
· YouTube
Check out our other show:
Check out our Conferences and Events:
Support or apply to our Scholarship Program:
In this episode:
· Host: Michael Farnum
· Host: Sam Van Ryder
· Guest: Roya Gordon
· Editing by: Lauren Lynch
· Music by: August Honey
הכנס השנתי 2024 של קבוצת אינטנסיטי גלובל חלק ראשון: הרצאה של מייסד שותף ומנכ"ל החברה רוני רויטמן על העליה החדה במתקפות סייבר על ישראל ולא רק, התמודדות, ניהול ארוע סייבר ומה הדרך הנכונה לבחור ולהפעיל חברת IR
The 2024 annual conference of the Intensity Global Group, part one: a lecture by the company's co-founder and CEO Roni Roytman on the sharp increase in cyber attacks on Israel and not only. Dealing with it, managing a cyber event and what is the right way to choose and operate an IR company
Stories about nation-state adversaries "camping out" in the energy grid for as long as I can remember. What the deal? Is this truth? Fiction? Somewhere in between?
In this episode, the OGs talk to a bunch of people who claim to know.
Sellafield nuclear waste site to be prosecuted for alleged cybersecurity failings. CISA issues draft proposal for cyber incident reporting by critical infrastructure entities. Threat actor targets Indian government and energy entities. Suspicious NuGet package appears to target developers in the industrial sector. Guest Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, shares their CIRCIA Notice of Proposed Rulemaking. The Learning Lab returns! Mark Urban and Josh Hanrahan discuss adversary hunting.
Sellafield nuclear waste dump to be prosecuted for alleged cybersecurity offences (The Guardian)
Sellafield nuclear site hacked by groups linked to Russia and China (The Guardian)
CISA releases draft rule for cyber incident reporting (CyberScoop)
Operation FlightNight: Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign (EclecticIQ)
Suspicious NuGet package grabs data from industrial systems (ReversingLabs)
Guest is Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA. Eric shares their CIRCIA Notice of Proposed Rulemaking that goes into effect this week.
The Learning Lab is back! On today’s segment, listen to Dragos’ Mark Urban talking with Josh Hanrahan, Principal Adversary Hunter at Dragos, in part one of their discussion on adversary hunting and VOLTZITE (aka Volt Typhoon).
Resources:
Please take a moment to fill out our super quick survey. Thanks!
A companion monthly newsletter is available through free subscription and on N2K Networks website.
Thomas Pace of NetRise talks about industrial control systems security. We’ll learn about Pace's time in the United States Marine Corps in cyber-intelligence, his move to forensics and then ICS and why the greatest asset a security professional can have is the ability to find, clearly see and create narratives. I always find ICS professionals to be fascinating, and Pace took us down some new paths, so if you’re also interested in ICS Security, keep it here for today’s episode of Cyber Work!
0:00 - Industrial Control Systems security
1:39 - How Pace got into cybersecurity
4:31 - The speed of cybersecurity's change
5:20 - Pace's career in cyber intelligence
10:08 - Importance of cybersecurity analysis
10:55 - Current state of ICS and infrastructure security in the U.S.
25:22 - How to work in ICS security
32:52 - Manufacturing security issues
38:00 - Security risks for cranes
40:51 - Best ICS security advice
44:09 - Best cybersecurity career advice
46:15 - What is NetRise?
47:40 - Learn more about Pace
48:25 - Outro
– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free
– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcast
About Infosec
Infosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.
Greg Garcia, the executive director of the Healthcare and Public Health Sector Coordinating Council’s Cybersecurity Working Group, joins the Claroty Nexus podcast to discuss the Change Healthcare ransomware attack and what can be done from a policy perspective to minimize the impact of such attacks in the future.
Garcia has had a long career on the policy side of cybersecurity, and was the first presidentially appointed Assistant Secretary for Cybersecurity at the Department of Homeland Security. In this episode, he discusses where organizations are in terms of recovery from the impacts of the attack, longterm impacts on the healthcare sector, and how the HSCC's recently published five-year strategic plan for organizations in the crosshairs.
For more, visit nexusconnect.io/podcasts
Host Luke McNamara is joined by Mandiant consultants Shanmukhanand Naikwade and Dan Nutting to discuss hunting for threat actors utilizing "living off the land" (LotL) techniques. They discuss how LotL techniques differ from traditional malware based attacks, ways to differentiate between normal and malicious use of utilities, Volt Typhoon, and more.
This episode is hosted by Thom Langford
https://www.linkedin.com/in/thomlangford/
Syed Ubaid Ali Jafri, Head of Cyber Defence & Offensive Security, HBL - Habib Bank Limited
https://www.linkedin.com/in/ubaidjafri
Giles Dunn, Partner & OT Cyber Security leader, EY
https://www.linkedin.com/in/giles-dunn-6485a2117/
Amir Preminger, VP Research, Claroty
https://www.linkedin.com/in/amir-preminger-207a0553/
Max Higginson, Cyber Security Manager (ICS/OT), Dominos UK
https://www.linkedin.com/in/max-higginson/
Welcome back, everybody, to New Cyber Frontier. In today’s Episode we have guest Eslam Tawfik Ph.D. .Dr Tawfik. studied advanced technology in Egypt. Cybersecurity is frequently used to describe the defense of digital networks, systems, and data against harm, unwanted access, and attacks. On the other hand, protecting the hardware and infrastructure that underpin digital systems is referred to as the physical part of cybersecurity. Securing the Root of Trust is a term you will hear throughout the talk, this is what Dr. Tawfik, explains as the set of underlying credentials that the security in each device depends upon. Cyber Physical security as you will hear also includes defending against different attacks to hardware devices, server rooms, data centers, and network connections, among other physical assets. Organizations can establish a more comprehensive security posture to safeguard their digital assets and infrastructure from various threats by incorporating physical security considerations with traditional cybersecurity procedures. Listen to this fascinating episode where our guest provides some insight that will resonate with many of you interested in the security of IoT and Critical Infrastructure systems.
There have been a lot of questions surrounding artificial intelligence and how they will be regulated moving forward. In this edition of the ICS Pulse podcast, we talk to Lesley Carhart of Dragos about these implications, as well as exclusive research on AI in cybersecurity.
In this episode of Bites and Bytes Podcast, we're joined by Scott Algeier, an influential figure navigating the crucial intersection of cybersecurity, IT, policy, and operations. As the founder of Conrad, Inc. and the executive director for IT-ISAC and Food and Ag-ISAC (Information Sharing and Analysis Center), Scott brings unparalleled expertise in building bridges between organizations to help fortify their defenses against cyber threats.
Holding a Master’s degree in International Relations and European Studies from the University of Kent and an honors graduate from Gettysburg College, Scott’s journey into cybersecurity is as unique as it is inspiring. This episode explores the foundational stories behind the Food and Ag ISAC and IT-ISAC and highlights the pivotal role of cross-industry information sharing in building a resilient cybersecurity infrastructure.
Engage with us in this compelling dialogue that offers a deep dive into the mechanisms of securing our critical agricultural infrastructure through collective effort and strategic partnerships. Learn about the innovative measures Scott Algeier is spearheading to safeguard our food and agriculture sectors from cyber threats, ensuring a secure future for all. Join us for an exploration of how thoughtful collaboration and expert leadership are shaping the future of cybersecurity in agriculture, making our world safer, one byte at a time.
Key Episode Highlights:
Learn More:
Water Sector discussion information:
EPA calls off cyber regulations for water sector
Cyberattacks are hitting water systems throughout US, Biden officials warn governors
White House Convenes States to Discuss Water Sector Breaches
🎉 NEW Bites and Bytes Podcast Website!! 🎉
For those who have been asking how to support the show, a donation tip jar is on the main page and about the show page. Thank you for all your support!
Wicked6 Cyber Games | 2024 Women's Global Cyber League
Learn more: https://www.wicked6.com/
Register and use promo code W6SPEAKERVIP to save $5
WICKED6 is back for its fourth year, and it's packed with speaker sessions, career networking, cyber challenges, and a tournament that will have you on the edge of your seat. It's not just an event; it's a community, a learning experience, and a lot of fun!
In dieser Episode von OT Security Made Simple begrüßen wir den Cybersecurity-Experten Dirk Seewald vom B2B-Investor eCapital. Dirk spricht über die Entwicklung des OT-Sicherheitsmarktes von 2006 bis heute, kommende Trends, warum Cyberversicherungen nicht der Weisheits letzter Schluss sind und die Bedeutung militärischer Forschung für Innovationen. Und er erklärt, warum Internationalisierung deutscher Startups von Tag 1 mitgedacht werden muss.
Researchers discover a way to hijack web-based PLCs. Threat actor targets manufacturing entities in North America. US Department of Defense launches CORA program. CISA issues ICS advisories. Guest Aura Sabadus, Senior Journalist at ICIS, joins us to discuss how energy insiders are approaching the renewed risks of China's ramp up toward potential attacks on critical infrastructure and what the energy industry is saying about these risks. The Learning Lab is taking a break and will return soon. Stay tuned.
Critical Infrastructure Systems Are Vulnerable to a New Kind of Cyberattack (Georgia Tech)
Blind Eagle's North American Journey (eSentire)
APT-C-36 Updates Its Spam Campaign Against South American Entities With Commodity RATs (Trend Micro)
JFHQ-DODIN Officially Launches its New Cyber Operational Readiness Assessment Program (US Department of Defense)
CISA Releases Fifteen Industrial Control Systems Advisories (CISA)
Guest Aura Sabadus, Senior Journalist at ICIS, joins us to discuss how energy insiders are approaching the renewed risks of China's ramp up toward potential attacks on critical infrastructure and what the energy industry is saying about these risks.
The Learning Lab is on break and will return in the near future. Stay tuned.
Please take a moment to fill out our super quick survey. Thanks!
A companion monthly newsletter is available through free subscription and on N2K Networks website.
In this episode, we offer 7 steps for better cybersecurity.
If you are a process control engineer, an IT professional in a company with an automation division, or a business manager responsible for safety or security, you may be wondering how your organization can get moving on more robust cybersecurity practices.
View the transcript for links to all the materials mentioned in this podcast.
The story of a pen tester who actually got to put his grubby hands on a real working control system. That never happens! And the things he was able to do will make your head spin. This is unlike any pen test story that most of you have ever heard before, or will likely hear again.
In this conversation, Bryson Bort discusses his background and the creation of Scythe, an offensive security platform. He also talks about the ICS Village and the Vulnerability Management Pavilion, as well as his collaboration with the Department of Energy on a vulnerability management research project. Bryson emphasizes the importance of prioritizing vulnerabilities in operational technology (OT) and understanding the risks in power plants. He also highlights the need to build trust with asset owners and gain leadership buy-in for cybersecurity initiatives. Finally, he discusses the importance of connecting technical expertise to business priorities. The conversation explores the importance of building trust and collaboration in the field of cybersecurity, particularly in the context of power utilities. It emphasizes the need for security professionals to be partners rather than adversaries, and highlights the role of organizations like the ICS Village in fostering collaboration and education. The conversation also delves into the concept of purple team exercises and the importance of starting small and growing in cybersecurity initiatives. Additionally, it discusses the significance of conversations with policymakers and the need for more cybersecurity professionals in the industry.
Hosted by: Aaron Crow
Guest: Sevak Avakians
To be a guest, or suggest a guest/episode please email us at [email protected]
—
Show notes by NMP.
Audio production by NMP. We hear you loud and clear.
En liten tjänst av I'm With Friends. Finns även på engelska.