Your New Equipment Just Shipped With Security Risks & Here's Why Your OEM Won't Fix Them

Podcast: OT Security Made SimpleEpisode: NIS2 mit gesundem Menschenverstand umsetzen | OT Security Made SimplePub date: 2026-01-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationKlaus Kilvinger von Opexa Advisory zieht dem NIS2UmsuCG den Zahn und nimmt die Angst vor Überregulierung und Überforderung bei der Implementierung von NIS2. Er argumentiert, dass die Grundlagen in den meisten Unternehmen schon existieren und das Management des Cyberrisikos ein natürlicher Bestandteil des regulären Risikomanagements ist, für das die Geschäftsführung seit eh und je verantwortlich ist. Mehr zum Thema OT Security Made simple findet Ihr auf rhebo.com oder schreibt uns mit Euren Ideen, Fragen oder Gastvorschlägen an [email protected].  The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Hack the Plant (LS 35 · TOP 3% what is this?)Episode: Bridging the IT/OT Divide in Oil & GasPub date: 2026-01-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationBryson Bort is joined by Dd Budiharto, Microsoft’s Customer Security Officer for the Oil, Gas, and Energy sectors, to share her experience bridging the IT/OT divide in the energy sector. Drawing on her background as a former CISO and industry veteran with decades of experience starting security programs at giants like Halliburton and Marathon Oil, Dd breaks down IT vs OT auditing, the cultural divide in oil and gas, and what cybersecurity looks like in the energy sector.   How did an early mistake involving a patch reboot change Dd's career forever? What is preventing private companies and the FBI from working together? Why is basic hygiene—like disabling terminated accounts—still the biggest "unsolved" problem in billion-dollar industries? “If you want to upgrade your home, to modernize it, the foundation still needs to be fixed first,” Dd said. Join us for this and more on this episode of Hack the Plan[e]t. The views and opinions expressed in this podcast represent those of the speaker, and do not necessarily represent the views and opinions of their employers. Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology.The podcast and artwork embedded on this page are from Bryson Bort, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Industrial Cybersecurity InsiderEpisode: Four Distinct Companies & One Critical Gap—The Ownership Crisis in OT SecurityPub date: 2026-01-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationThis compilation episode brings together the most critical insights from Industrial Cybersecurity Insider conversations about the fundamental challenges plaguing OT security implementation and management.Industry experts dissect why traditional IT security approaches fail catastrophically on the plant floor, revealing that the core issue isn't technology—it's ownership, collaboration, and understanding.From the dangers of deploying endpoint detection without vendor qualification to the millions lost in unplanned downtime, this episode exposes the gap between security theory and operational reality.Listeners will discover why cybersecurity tools are often shelfware, how the "have and have-not" world creates vulnerability gaps across manufacturing facilities, and what "left of boom" thinking means for preventing incidents before they happen. Featuring hard-won lessons about shutdown windows, cyber-informed engineering, and the critical importance of building relationships between IT teams and plant floor operations, this episode delivers actionable intelligence for CISOs, plant managers, and anyone responsible for securing industrial control systems.Chapters:(00:00:00) - Introduction: The Core Problem of Ownership in OT Security(00:01:45) - Why IT Security Approaches Fail on the Plant Floor(00:04:30) - The Cloud Analogy: Lessons for OT Implementation(00:07:15) - The Missing Conversation: Capital Plans and OEMs(00:10:20) - IT vs OT Networks: Different Purposes, Different Risks(00:13:35) - EDR in OT: The Aftermarket Parts Problem(00:16:10) - Cyber-Informed Engineering: Building Security into Design(00:19:45) - The Have and Have-Not World of Plant Security(00:23:20) - Left of Boom: Visibility Beyond Security(00:27:15) - Who Should Lead the OT Security DiscussionLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: Securing Remote Access in OT: Visibility, Segmentation, and What Compliance MissesPub date: 2026-01-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationRemote access is no longer optional in OT - but unmanaged connectivity is one of the fastest ways to lose control of critical systems. In this episode of Protect It All, host Aaron Crow breaks down the real challenges of securing connectivity across IT and OT environments. As vendors, technicians, and support teams increasingly rely on remote access, many organizations struggle with poor visibility, legacy systems, and unclear network boundaries - creating unnecessary risk. Aaron walks through newly released secure connectivity guidance from CISA and the UK National Cyber Security Centre, translating an eight-point framework into practical, real-world steps that security and operations teams can actually implement. You’ll learn: Why remote access is one of the biggest OT risk multipliers How poor visibility creates blind spots attackers love Why asset inventory and documentation are foundational - not optional How segmentation and least-privilege design shrink the attack surface What compliance frameworks get right - and what they don’t Best practices for vendor access, MFA, session recording, and monitoring How to design secure connectivity without breaking operations Whether you’re responsible for OT security, managing vendors, or bridging IT and OT teams, this episode delivers actionable guidance to help you regain control of connectivity and protect critical infrastructure. Tune in to learn how to secure access without sacrificing operations - only on Protect It All. Key Moments:  01:11 "Secure Connectivity in OT" 05:10 "Reducing Attack Surface Through Access Limits" 10:02 "Control System Upgrade Failure Impact" 12:00 Beyond Passwords: Strengthening Security 17:16 "Strengthening Cybersecurity Basics" 18:26 "Balancing Compliance and Security" Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: [email protected]  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast  To be a guest or suggest a guest/episode, please email us at [email protected] Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Casos de Ciberseguridad IndustrialEpisode: 2/4 Análisis de Monitorización de seguridad OT con telemetría del procesoPub date: 2026-01-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEste episodio se centra en el análisis: cómo distinguir la variabilidad normal del proceso de eventos sospechosos, qué incidentes se han detectado gracias a la telemetría y los retos técnicos de trabajar con datos industriales reales.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: 130: S4’s “Connect” Theme Explained — Dale Peterson on OT Security’s Hyper-Connected FuturePub date: 2026-01-14Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of the (CS)²AI Podcast, host Derek Harp is joined once again by Dale Peterson, Founder of the S4 Conference and one of the longest-standing voices in OT cybersecurity. As Dale marks 25 years in the industry, the conversation takes a forward-looking turn toward what he believes is the next major inflection point for industrial security: connectivity driven by AI, data, and business systems.Dale explains why the 2026 S4 Conference theme, Connect, is not just about networking people, but about the explosive growth of connections between OT systems, enterprise platforms, and analytics driven by AI. From MES, ERP, and PLCs to asset inventories and security telemetry, these connections are accelerating faster than most security teams are prepared for—often driven by business value rather than security design.Listeners will hear why manufacturing is emerging as the epicenter of this transformation, how AI is enabling real-time querying across operational systems, and why OT security teams must prepare for a future where their tools become just another data source in larger operational workflows. Dale also shares how this shift will reshape risk, attack surfaces, and even the role of humans in control and response.The episode also provides an inside look at S4 2026, including this year’s Proof-of-Concept Pavilion, where vendors will be forced to demonstrate their technologies live on a real manufacturing environment, as well as updates on attendance, ticket availability, and why this will be the final year S4 is held in Miami Beach before moving back to Tampa.This is a must-listen for OT security professionals, automation leaders, and anyone trying to understand how AI-driven connectivity will redefine both risk and opportunity across industrial environments in the years ahead.The podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Exploited: The Cyber Truth Episode: Beyond Defense: Building Cyber Resilience in Autonomous and Connected MobilityPub date: 2026-01-15Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAutonomous and connected vehicles are reshaping transportation, but increased software complexity and connectivity introduce serious security and safety challenges that can’t be solved with traditional perimeter defenses. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder and CEO Joseph M. Saunders and Hemanth Tadepalli, Senior Cybersecurity & Compliance SME at May Mobility, for a practical discussion on what cyber resilience looks like inside real-world autonomous vehicle programs. Hemanth draws on his experience securing mobility systems at May Mobility, as well as prior work with Mandiant, Google, and AlixPartners, to explain how automotive organizations are adapting to software-defined vehicle architectures, regulatory pressure, and expanding attack surfaces. Joe shares his perspective on why mobility companies increasingly resemble software companies and what that means for engineering, governance, and operational security. Together, they explore: How connected and autonomous vehicle architectures expand the attack surfaceWhat cyber resilience means in day-to-day engineering and fleet operationsHow governance, threat intelligence, and software validation reduce riskRegulatory pressures shaping automotive security decisionsHow teams balance detection, response, and safety in autonomous systems Whether you’re building autonomous platforms, managing connected fleets, or securing safety-critical software, this episode offers a grounded look at what it takes to keep modern mobility systems trustworthy and safe.The podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: ICS Arabia PodcastEpisode: From Physical Security to OT Cybersecurity (Arabic) | 45Pub date: 2026-01-15Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationJoin us in this new episode of the ICS Arabia Podcast as we sit down with Bassem Ben Amor, a seasoned Physical Security Manager from Tunisia with over 12 years of experience.Bassem shares his journey from managing physical security and BMS systems to transitioning into the world of OT cybersecurity.We discuss his work as a security integrator, his passion for writing articles, and exciting projects he’s currently involved in.The podcast and artwork embedded on this page are from ICS ARABIA PODCAST, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: ICS Cyber Talks PodcastEpisode: Dr. Yaniv Harel cyber expert & key figure in bridging between cyber industry and academia in IsraelPub date: 2026-01-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationבניגוד להרבה תחומים אחרים בסייבר התעשייה והאקדמיה הולכים יד ביד ולעיתים דווקא האקדמיה היא זו שדוחפת את החדשנות בתעשייה לקצוות. לראיה ה CyberWeek של אוניברסיטת ת"א מצליחה פעם אחר פעם לרכז את מיטב המוחות לדון על הווה ועתיד, למה הפעם זה כן עובד? שמדובר בסייבר הישראלי בצורה מפתיעה (או שלא) תמיד תפגשו את ד"ר יניב הראל. יניב מלווה את הסייבר האזרחי בישראל פחות או יותר מאז הקמתו ועל גלגולו השונים מאין סוף כיוונים, אחל מימיו בצבא, תפקידים ממשלתיים, אוניברסיטת ת"א והרשימה עוד ארוכה. כמו רבים וטובים אחרים בשל האירועים מאז אוקטוב 2023 הפודקאסט נדחה ונדחה וסוף סוף הוא קרה. נחשון פינקו מארח את ד"ר יניב הראל יזם ומומחה סייבר שיש לו חלק משמעותי בדבק שבין תעשיית הסייבר ואקדמיה בישראל בשיחה על ההווה ועתיד הסייבר. החיבור בין תעשיית הסייבר ואקדמיה בישראל מחקרי סייבר שהובילו לשינוי תפיסה AI ועוד Unlike many other sectors, the cyber industry and academia go hand in hand, and at times, it is actually academia that pushes industrial innovation to its limits. A prime example is Tel Aviv University’s CyberWeek, which consistently brings together the brightest minds to discuss the present and future. Why does it work so well this time? When discussing Israeli cybersecurity, it’s no surprise that you will always run into Dr. Yaniv Harel. Yaniv has been a cornerstone of Israel’s civilian cyber landscape since its inception, witnessing its various evolutions from numerous vantage points, including his service in the IDF and the Israel National Cyber Directorate, as well as his work at Tel Aviv University, among others. Like many other projects, this podcast was repeatedly postponed due to the events of October 2023, but it has finally come to fruition. Nachshon Pincu hosts Dr. Yaniv Harel, an entrepreneur, cyber expert, and a key figure in bridging the gap between the cyber industry and academia in Israel, for a conversation on the present and future of cybersecurity. The connection between the cyber industry and academia in Israel's Cyber research has led to conceptual shifts. AI and more.  The podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Industrial Cybersecurity InsiderEpisode: Your New Equipment Just Shipped With Security Risks & Here's Why Your OEM Won't Fix ThemPub date: 2026-01-13Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode, Dino and Craig tackle one of manufacturing's most pressing challenges: the OEM blockade. They explore why brand-new equipment often ships with hundreds of unpatched vulnerabilities, how the gap between IT and OT teams creates operational blind spots, and why manufacturers can't rely on traditional IT solutions to secure their plant floors.From the CrowdStrike incident that took down HMIs to the "ghost in the machine" causing unexplained downtime, they reveal why OT teams must take ownership of their cybersecurity posture and build partnerships with the right ecosystem of OT-focused service providers.If you've ever wondered why your million-dollar machine center is running Windows 7 or why your cybersecurity reports don't match reality, this episode provides the answers—and a path forward.Chapters:(00:00:00) - The OEM Blockade Problem(00:01:00) - Understanding OEM Software Lock and Remote Access(00:03:00) - The Reality of Unpatched Vulnerabilities in New Equipment(00:06:00) - The IT/OT Blockade and Convergence Challenges(00:09:00) - Why IT Disciplines Don't Translate to OT Environments(00:11:00) - The CrowdStrike Incident: What Really Happened on Plant Floors(00:13:00) - The Lack of Due Diligence in Manufacturing M&A(00:16:00) - Chasing the Ghost in the Machine(00:19:00) - Process Integrity vs. Cybersecurity Tools(00:22:00) - Why OT Teams Must Take Ownership and Build the Right PartnershipsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.