EP 66: Secure only the OT code that actually runs

Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 66: Secure only the OT code that actually runsPub date: 2025-07-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationMany organizations spend valuable security resources fixing vulnerabilities in code that never actually runs—an inefficient and often unnecessary effort. Jeff Williams, CTO and founder at Contrast Security, says that 62% of open source libraries included in software are never even loaded into memory, let alone executed. This means only 38% of libraries are typically active and worth prioritizing. The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Bites & Bytes PodcastEpisode: Hiring for the Frontlines of Critical Infrastructure with Nathaniel SmithPub date: 2025-07-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationWhat does it take to build a cybersecurity workforce capable of protecting the systems that keep the lights on and food on our plates? In this episode, host Kristin Demoranville is joined by Nathaniel Smith, Co-Founder and VP at SR2, a purpose-driven recruitment firm. Nathaniel, who specializes in hiring OT/ICS, brings over 14 years of recruiting experience and a refreshing dose of honesty to the challenges of hiring in critical infrastructure. Together, they explore what makes a strong Operational Technology (OT) candidate, why culture fit matters as much as technical skills, and how broken hiring processes often keep the best people out. For sectors like food and agriculture, where operational technology is directly tied to safety, production, and public trust, getting the right people into the right roles isn’t just important. It’s essential. --------------- Show Notes: Mike Holcomb’s Episode (here) SEC Ruling on Disclosure of Cyber Incidents (here) 📘 Sign up for early updates, exclusive previews, and launch news of Kristin’s book, “Securing What Feeds Us” (working title) here. 📖 Kristin will also be sharing updates, behind-the-scenes chaos, and the occasional existential crisis over on her personal Substack 🎤 Book Kristin Demoranville to speak at your conference, corporate event, or workshop. --------------- Episode Key Highlights 00:04:50 – OT as Public Service 00:08:27 – Recruiter Perspective in OT 00:09:42 – What Makes a Good OT Hire 00:12:04 – Trust and Floor Experience 00:13:59 – OT vs. IT Culture 00:18:09 – The Talent Shortage Myth 00:20:18 – Broken Hiring Systems 00:22:50 – Job Descriptions That Miss the Mark 00:27:00 – Current OT Hiring Trends 00:29:30 – Who’s Hiring in OT 00:32:00 – Community in OT 00:33:00 – Why Specialized Recruiting Matters --------------- 🎤 Bites and Bytes Podcast Info: Website: Explore all our episodes, articles, and more on our official Website.   Merch Shop: Show your support with some awesome Bites and Bytes gear! Socials:  TikTok; Instagram; LinkedIn; Substack --------------- 🛡️ About AnzenSage & AnzenOT AnzenSage is a women-owned cybersecurity advisory firm specializing in security resilience for the food, agriculture, zoo, and aquarium industries.  AnzenSage offers practical, strategic guidance to help organizations anticipate risks and build resilience.  Learn more about their offerings at anzensage.com.​ AnzenOT Industrial Cyber Risk — Simple.  Smart.  Swift. AnzenOT is the SaaS risk management platform built to bring clarity and control to Operational Technology (OT) cybersecurity.  Designed for critical infrastructure sectors, AnzenOT translates technical risk into clear, actionable insight for decision-makers. Sign up for a free trial (here) Explore the platform at anzenot.com For demo requests or inquiries, email [email protected] or [email protected] podcast and artwork embedded on this page are from AnzenSage, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Industrial Cybersecurity InsiderEpisode: Breaking Down the IT-OT Wall: Why IT Cybersecurity Tools Fail on the Plant FloorPub date: 2025-07-08Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino Busalachi and Craig Duckworth tackle a critical disconnect plaguing industrial organizations: the disconnect in understanding and communication between IT and OT regarding industrial cybersecurity. While some IT departments are investing in OT cybersecurity platforms, 85% of the data these tools collect is designed for OT teams to act upon. Unfortunately, plant floor personnel, system integrators, and OEMs working in these environments rarely get access to dashboards, asset inventories, or vulnerability reports.Organizations must move beyond the "oil and water" mentality between IT and OT. This means involving plant personnel in cybersecurity decisions, sharing data with trusted partners who "build the cars" (not just buy them), and recognizing that effective OT security requires collaboration with the people who live and breathe on the plant floor every day.Bottom Line: If you're not sharing cybersecurity data with your system integrators, OEMs, and plant operations teams, you're not practicing true IT-OT convergence. You're missing critical opportunities to improve your security posture where it matters most.Chapters:00:00:00 - Why Local Collaboration is Critical for Cybersecurity Success00:01:07 - Meet Dino and Craig: Experts in IT/OT Integration00:01:49 - Unpacking the Challenges of IT/OT Convergence00:02:28 - Why IT and OT Teams Often Struggle to Align00:04:48 - Building Collaborative Frameworks for Stronger Cybersecurity00:07:33 - The Role of CIOs and CISOs in Driving Change00:08:44 - Navigating the Complexities of Diverse Plant Environments00:10:23 - Partnering with Vendors to Enhance Security Outcomes00:11:16 - Key Questions to Evaluate System Integrators Effectively00:16:35 - Using Tabletop Exercises to Align IT and OT Teams00:22:20 - Closing Thoughts: Bridging the Divide for Unified CybersecurityLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: How AI Became the Ultimate Cybersecurity Blind Spot: Understanding the Microsoft 365 Copilot VulnerabilityPub date: 2025-07-07Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow dives deep into the fast-evolving world of AI automation and its impact on cybersecurity. Aaron breaks down practical, real-world ways security professionals can leverage AI to streamline their workflows without breaking data loss prevention policies or putting proprietary information at risk.  From drafting reports and playbooks to automating repetitive tasks and managing vulnerability data, Aaron offers actionable advice for using both public AI tools like ChatGPT and more advanced private AI models. He also addresses common fears CISOs and business leaders have about unsanctioned AI use in the workplace and shares tips for staying safe and compliant while taking advantage of AI’s efficiencies.  Whether you’re in a large enterprise or a lean team with limited resources, you’ll come away with a fresh perspective on how to use AI responsibly to work smarter and protect your organization. Plus, Aaron invites listeners to share their own creative AI use cases and lessons learned. Let’s jump in and explore how to protect it all as AI advances. Key Moments :  01:20 AI's Rising Role in Media 03:22 Guidelines for Using AI Safely 07:06 "AI Integration and Automation Strategies" 10:03 Automating Windows Management Tasks 14:29 Exploring AI for Personal Tasks Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: [email protected]  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at [email protected]   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Industrial Cybersecurity InsiderEpisode: The System Integrator’s Role in Supporting OT SecurityPub date: 2025-07-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Craig Duckworth and Dino Busalachi discuss the critical but often overlooked or misunderstood role of system integrators (SIs) in industrial cybersecurity.Key Issues Identified:Organizations typically work with multiple specialized integrators across different facilities and systemsSome SIs lack cybersecurity expertise, focusing primarily on equipment functionalityEquipment can remain connected to networks for decades, with ownership and oversight changing hands over timeSystem integrators must exercise proper IT coordination to implement remote access solutions effectivelyRecommendations:IT and OT teams should collaborate more closely with system integrators on cybersecurity planningOrganizations need to evaluate their SIs' cybersecurity capabilities and partnershipsConsider standardizing on integrators with demonstrated cybersecurity practices and vendor certificationsApply the same due diligence used for IT vendor selection to OT system integratorsBottom Line: System integrators are essential partners in executing industrial cybersecurity strategies and protection. Organizations must actively engage them in security conversations and ensure they have the necessary skills and partnerships to implement secure solutions for their plant environments from the start.Chapters:00:00:00 - Real-World Ransomware Hits the Plant Floor00:00:52 - Meet the System Integrators Shaping Your OT Plant Floor Security00:01:17 - What System Integrators Really Do (and Don’t)00:04:13 - Remote Access: The Hidden Backdoor Nobody Sees00:08:34 - Why Ongoing Monitoring Is Non-Negotiable00:13:30 - How to Pick the Right System Integrator For Your Operations00:26:17 - Building Strong Partnerships with Your IntegratorsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: OT Security Made SimpleEpisode: The Evolution of Procurement in OT Security | OT Security Made SimplePub date: 2025-07-01Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of OT Security Made Simple, Klaus Mochalski and Søren Knudsen discuss the evolving landscape of OT security in light of current geopolitical tensions. They explore how procurement processes have shifted, the importance of evaluating a broader range of security solutions, and the risks associated with relying on specific vendors. The conversation emphasizes the need for organizations to conduct thorough research and consider local providers to mitigate risks effectively.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: How to Harness AI Without Breaking Security or Corporate PoliciesPub date: 2025-06-30Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, host Aaron Crow dives deep into the fast-evolving world of AI automation and its impact on cybersecurity. Aaron breaks down practical, real-world ways security professionals can leverage AI to streamline their workflows without breaking data loss prevention policies or putting proprietary information at risk.  From drafting reports and playbooks to automating repetitive tasks and managing vulnerability data, Aaron offers actionable advice for using both public AI tools like ChatGPT and more advanced private AI models. He also addresses common fears CISOs and business leaders have about unsanctioned AI use in the workplace and shares tips for staying safe and compliant while taking advantage of AI’s efficiencies.  Whether you’re in a large enterprise or a lean team with limited resources, you’ll come away with a fresh perspective on how to use AI responsibly to work smarter and protect your organization. Plus, Aaron invites listeners to share their own creative AI use cases and lessons learned. Let’s jump in and explore how to protect it all as AI advances. Key Moments :  01:20 AI's Rising Role in Media 03:22 Guidelines for Using AI Safely 07:06 "AI Integration and Automation Strategies" 10:03 Automating Windows Management Tasks 14:29 Exploring AI for Personal Tasks Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: [email protected]  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at [email protected]   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Pedro Umbelino on Exploiting ATG Devices in Fuel StoragePub date: 2025-06-29Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationPedro Umbelino, Principal Research Scientist at Bitsight Technologies, joins the Nexus Podcast to discuss his team's research into Automatic Tank Gauge (ATG) systems and how they uncovered 11 vulnerabilities in ATGs manufactured by five different vendors. ATG systems are an industrial control system that monitors fuel levels inside storage tanks, including those at gasoline stations, military bases, hospitals, airports, and elsewhere. ATGs track fuel levels, and are meant to detect leaks, help with inventory management, and are key in regulatory compliance efforts.The vulnerabilities uncovered by Pedro and his team expose these systems to catastrophic risks, from environmental hazards to significant economic losses, including physical damage.Worse yet is that these systems are old and challenging to update. Read Bitsight's research here.Listen to the Nexus Podcast on your favorite podcast platform. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 65: Hacking Critical Infrastructure Through Supply ChainsPub date: 2025-06-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCritical Infrastructure software lacks the strict liability standards found in industries like automotive manufacturing, leading to minimal accountability for insecure products when they get exploited.  Alex Santos, CEO of Fortress Information Security, explains how they’re typically hired by buyers of ICS equipment—such as utilities—to assess and mitigate supply chain risks, including working with OEMs to improve security.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Industrial Cybersecurity InsiderEpisode: When IT Cyber Events Bring Down the Plant FloorPub date: 2025-06-24Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCraig and Dino break down how cyberattacks that start in traditional IT systems can shut down entire manufacturing production lines, leading to massive financial losses. Using real-world examples like UNFI's $500 million drop in market value in 60 hours, they explain how overlooked connections between IT and the OT plant floor are often the weakest links. You’ll hear why simply installing firewalls isn’t enough, how organizational silos between IT and operations cause major blind spots, and what it really takes to secure industrial equipment. Whether you're in leadership, technology, or operations, this episode will change how you think about cyber risk and business continuity in connected environments.Chapters:00:00:00 - Introduction: Where Responsibility Ends and Authority Doesn’t Begin00:01:08 - Meet Your Guides: Dino & Craig On the Frontlines00:01:14 - When Cyber Hits the Plant Floor00:01:28 - Real-World Wake-Up: The Unify IT Incident00:02:36 - The Gaps No One’s Watching in OT Security00:03:18 - How Org Structure Can Make or Break Cyber Defense00:04:03 - Plugging in OT Visibility: IDS in Action00:04:43 - Who’s Really Calling the Shots—Corporate or the Plant?00:07:02 - IT-OT Convergence: What Leaders Must Understand00:13:14 - Building Cyber Defense That Actually Works00:15:25 - Recovery Starts Before the Breach00:17:37 - Why IT Alone Can’t Fix OT Problems00:24:55 - Just Getting Started? Here’s What to Do First00:28:33 - Final Word: You Can’t Secure OT AloneLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.