What Actually Works in OT Vulnerability Management with Dan Cartmill, TXOne Networks

Podcast: OT Security Made SimpleEpisode: Von der Angriffserkennung zum automatisierten Client Management in der OT | OT Security Made SimplePub date: 2025-10-21Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationPeter Lukesch, CEO des OT-Clientmanagement-Entwicklers ondeso, erklärt, wie in der OT passive Angriffserkennung und aktives Client Management sinnvoll zusammengeführt werden können. Er erörtert, wie die Handlungsfähigkeit der Verantwortlichen gesteigert, der Zeitaufwand reduziert und zugleich die Verfügbarkeit der sensiblen industriellen Prozesse geschützt werden. Mehr zum Thema OT Security Made simple findet Ihr auf rhebo.com oder schreibt uns mit Euren Ideen & Fragen an ⁠[email protected]⁠. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Industrial Cybersecurity InsiderEpisode: What Actually Works in OT Vulnerability Management with Dan Cartmill, TXOne NetworksPub date: 2025-10-21Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of the Industrial Cybersecurity Insider, host Dino sits down with Dan Cartmill, Sr. Global Product Marketing Director for TXOne Networks, to discuss the often misunderstood world of OT vulnerability management. Dan brings a unique perspective, having started as a practitioner 17 years ago, before transitioning to the vendor side. The conversation explores why simply creating a list of vulnerabilities isn't enough – and what organizations should actually be doing to reduce risk in their OT environments.Chapters:00:00:00 - Introduction and Dan's Background00:02:00 - Biggest Misconceptions About OT Vulnerability Management00:04:00 - Blind Spots in OT Vulnerability Scanning00:07:00 - Finding Vulnerabilities: OT vs IT Differences00:10:00 - Proactive Approaches to Unknown Vulnerabilities00:12:00 - How TX One Addresses Vulnerabilities Non-Disruptively00:15:00 - Virtual Patching and Operations-First Philosophy00:18:00 - IT/OT Convergence and Team Collaboration00:21:00 - Building Relationships with Third-Party Partners00:23:00 - Tabletop Exercises and Incident Response Planning00:26:00 - Key Takeaway: Never Forget Your Original Objectives00:28:00 - Dealing with Event Overload and Zero-Day VulnerabilitiesLinks And Resources:Dan Cartmill on LinkedInTXOne NetworksDino Busalachi on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: OT Cybersecurity Wake-Up Call: How Airports and Power Grids Expose the Gaps We Can’t IgnorePub date: 2025-10-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this solo episode of Protect It All, host Aaron Crow delivers a straight-talk reality check on the widening IT–OT cybersecurity gap and what it really takes to protect the systems that keep the world running. With decades of experience defending critical infrastructure, Aaron exposes why many OT environments are still years behind in resilience and visibility - and how we can finally fix that. You’ll learn: The real incidents prove why OT cybersecurity can’t afford to lag. Why visibility and segmentation are non-negotiable for industrial systems. How to build an incident-response plan that works when the stakes are highest. Practical steps to strengthen resilience and recovery across critical operations. This episode isn’t about fear - it’s about preparation. If your work touches energy, transportation, manufacturing, or utilities, this one’s your wake-up call to act before disaster hits. Listen now and learn how to protect what truly keeps our world moving - only on Protect It All. Key Moments: 05:06 "Real Risks of Critical Disruptions" 06:16 Redefining OT System Boundaries 11:42 Troubleshooting Unknown System Issues 14:09 "Secure Remote Access Best Practices" 18:28 "Planning for Worst-Case Scenarios" 19:36 Critical Infrastructure Under Cyber Threat   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: [email protected]  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at [email protected]   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4  The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Casos de Ciberseguridad IndustrialEpisode: 4/4 Desenlace de Evaluación de madurez en ciberseguridad industrialPub date: 2025-10-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn este episodio se profundiza en cómo mantener vivo el impulso tras una evaluación de madurez, el valor estratégico que aporta en auditorías y gestión de incidentes, y cómo un ICSO puede aprovechar la plataforma MACIN del CCI como palanca de transformación en su organización.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: KBKAST (LS 31 · TOP 5% what is this?)Episode: Episode 338 Deep Dive: Eric Stride | Securing the Aviation Industry in the Modern AgePub date: 2025-10-15Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, we sit down with Eric Stride, Chief Security Officer at Huntress, to discuss the escalating cybersecurity challenges facing the aviation industry. Eric highlights the alarming 600% year-over-year surge in cyberattacks targeting the sector, emphasising how attackers are exploiting the interconnected and fragile aviation supply chain—most notably seen in recent incidents like the ransomware strike on Collins Aerospace. He explores the growing risk posed by both IT and OT system convergence, the shift in regulation tying cybersecurity readiness directly to airworthiness, and the increasing adoption of robust frameworks to mitigate operational disruptions and data breaches. Eric also highlights the critical need for holistic supply chain security, the importance of regulatory enforcement, and a cultural shift in the industry toward prioritising safety and cyber resilience to restore public trust in air travel. Eric Stride is the Chief Security Officer at Huntress, where he oversees the company’s 24/7 Global Security Operations Center, Detection Engineering, Adversary Tactics, IT Operations, and Internal Security. A 20+ year cybersecurity leader, Eric has held senior roles spanning the U.S. Air Force, NSA, and private sector.  During his 12 years on active duty, Eric helped architect the Air Force’s first cyber combat mission team, co-authored its first offensive cyber operations manual, and rose to Deputy Chief for Cyber Operations at NSA Georgia. He continues to serve as a Colonel in the Air Force Reserve, where he established its first cyber range squadron.  In the private sector, Eric co-founded Atlas Cybersecurity, advised defense and enterprise clients as an independent consultant, and led Deloitte’s Advanced Cyber Training portfolio, generating $135M+ in new business. He holds an M.S. in Information Technology Management, a B.S. in Computer Science, and multiple cybersecurity certifications (CISSP, GCIH, CEH). The podcast and artwork embedded on this page are from KBI.Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Industrial Cybersecurity InsiderEpisode: Industrial Cybersecurity: The Gap Between Investment and Cyber Event PreventionPub date: 2025-10-14Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Craig and Dino address why manufacturers still suffer incidents after spending millions on OT security tools. They discuss how to convert those investments into measurable risk reduction. You'll learn why buying tools isn't a strategy. Get insights into how to validate asset visibility on the floor (not just the network map), practical ways to reduce alert fatigue and assign ownership, how to close the OT incident response gap by connecting SOC to operators, the realities of flat Layer 2 networks and undocumented zones, how to handle technical debt at scale (EOL firmware, unpatched HMIs, safe upgrade paths), and why "everyone is responsible" often means no one is. Expect candid discussion on alert fatigue, flat networks, and the human constraints driving today's gaps, plus a concrete checklist for building a coalition that actually works to protect production environments.Chapters00:00:00 – Why incidents still happen after major OT cyber spend00:02:30 – Tools vs. outcomes: underusing capabilities and alert fatigue00:05:50 – Who owns plant‑floor cyber? Why CISOs, CIOs, OEMs, and SIs talk past each other00:08:10 – Define the use case before tuning sensors and policies00:10:00 – OT IR is missing: operators are the first responders00:11:20 – Network reality check: flat L2, VLAN gaps, and unmanaged switches00:13:30 – Change management and patching in OT: risk, downtime, and technical debt00:15:20 – Skills and staffing: the silver tsunami and "jack of all trades" constraints00:18:00 – What outside partners can and cannot do in plants00:21:00 – Visibility blind spots: validating coverage with floor‑level walkthroughs00:24:00 – It won’t stick without a coalition: getting plant managers, engineering, OEMs, and SOC alignedLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 73: BADBOX 2.0: Blurring the line between bots and human for cybercrimePub date: 2025-10-14Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAd fraud driven by both humans and AI agents require new signals beyond traditional bot-vs-human checks. Gavin Reid and Lindsay Kaye from HUMAN Security discuss how monetization includes ad and click fraud (peach pit), selling residential proxy access, and operating botnets for hire and preventing harm requires dismantling criminal infrastructure and collaboration across industry, since many infected devices cannot be practically cleansed by end users.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Bites & Bytes PodcastEpisode: Third-Generation Farmer Jake Leguee on Technology, Risk, and Feeding the WorldPub date: 2025-10-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of the Bites and Bytes Podcast, host Kristin Demoranville sits down with Jake Leguee, a third-generation farmer from Saskatchewan, Canada, to explore the intersection of tradition, technology, and risk in modern agriculture. From “tractor naps” as a kid to operating GPS-guided combines, Jake reveals how precision agriculture has transformed aspects of farm life. However, with increased connectivity comes new vulnerability: cyber threats that farmers are aware of but don’t yet know how to defend against.  Jake’s message is clear: agriculture needs the cybersecurity community’s help, but farmers don’t know where to start. Whether you work in cybersecurity, food systems, or simply want to understand the human side of modern farming, this episode offers hard-won lessons on resilience, risk, and why securing our food supply has never mattered more. Jake’s Links: Leguee Farms Website: https://legueefarms.com/ Blog: A Year in the Life of a Farmer LinkedIn: Jake Leguee --------------- Episode Key Highlights 00:01:18 – Favorite Foods & Global Connections 00:05:08 – From Straight Rows to GPS Precision 00:12:40 – Technology and the Modern Farm 00:18:15 – Right-to-Repair and Ownership Challenges 00:23:42 – Cyber Risks on the Farm 00:30:10 – The Human Side of Technology 00:35:56 – Feeding the World and Future Generations --------------- 📘 Sign up for early updates, exclusive previews, and launch news of Kristin’s book, “Securing What Feeds Us” (working title) here. --------------- 🎤 Book Kristin Demoranville to Speak To invite Kristin to speak at your conference, corporate event, webinar, or workshop, visit the website and submit a request. --------------- 🎤 Bites and Bytes Podcast Info: Website: Explore all our episodes, articles, and more on our official website.   Merch Shop: Show your support with some awesome Bites and Bytes gear! Substack: Stay updated with the latest insights and stories from the world of cybersecurity in the food industry. Schedule a Call with Kristin: Share Your Thoughts Socials:  TikTok; Instagram; LinkedIn; BlueSky --------------- 🛡️ About AnzenSage & AnzenOT AnzenSage is a cybersecurity advisory firm specializing in security resilience for the food, agriculture, zoo, and aquarium industries.  AnzenSage offers practical, strategic guidance to help organizations anticipate risks and build resilience.  Learn more about their offerings at anzensage.com.​ AnzenOT:  Industrial Cyber Risk — Simple.  Smart.  Swift. AnzenOT is the SaaS risk management platform built to bring clarity and control to Operational Technology (OT) cybersecurity.  Designed for critical infrastructure sectors, AnzenOT translates technical risk into clear, actionable insight for decision-makers.  Explore the platform at anzenot.com. For demo requests or inquiries, email [email protected] or [email protected] podcast and artwork embedded on this page are from AnzenSage, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Casos de Ciberseguridad IndustrialEpisode: 3/4 Accione en Evaluación de madurez en ciberseguridad industrialPub date: 2025-10-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn este episodio se profundiza en cómo facilitar evaluaciones objetivas en planta, transformar los resultados en planes de acción efectivos, y en los factores clave que han permitido a modelos como C2M2 o el del CCI impulsar inversiones y respaldo directivo.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: OT Security Made SimpleEpisode: Threat Hunting in der OT | OT Security Made SimplePub date: 2025-10-09Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationOT-Sicherheitsexperte Oliver Jaeckel-Bender definiert Threat Hunting für OT-Netzwerke. Wie unterscheidet sich die Disziplin zur IT und was genau braucht es mindestens (und vielleicht maximal), um ein OT-Netzwerk sicher betreiben zu können?Mehr zum Thema OT Security Made simple findet Ihr auf rhebo.com oder schreibt uns mit Euren Ideen & Fragen an [email protected] podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.