126: Shifting Left: Why Secure Software Starts at the Design Stage

(CS)²AI Podcast Show: Control System Cyber Security

Player FM - Internet Radio Done Right

הוסף לפני four שנים

תוכן מסופק על ידי Derek Harp. כל תוכן הפודקאסטים כולל פרקים, גרפיקה ותיאורי פודקאסטים מועלים ומסופקים ישירות על ידי Derek Harp או שותף פלטפורמת הפודקאסט שלהם. אם אתה מאמין שמישהו משתמש ביצירה שלך המוגנת בזכויות יוצרים ללא רשותך, אתה יכול לעקוב אחר התהליך המתואר כאן https://he.player.fm/legal.

The Big Pitch with Jimmy Carr

1
Coming Soon...The Big Pitch with Jimmy Carr 1:08

לפני יומיים1:08

הפעל מאוחר יותר

רשימות

לייק

אהבתי

1:08

Join us each week as celebrity guests pitch an idea for a film based on one of the SUPER niche sub-genres on Netflix. From ‘Steamy Crime Movies from the 1970s’ to ‘Australian Dysfunctional Family Comedies Starring A Strong Female Lead’, our celebrity guests will pitch their wacky plot, their dream cast, the marketing stunts, and everything in between. By the end of every episode, Jimmy Carr, Comedian by night / “Netflix Executive” by day, will decide whether the pitch is greenlit or condemned to development hell! New episodes on Wednesdays starting May 28th! Listen on all podcast platforms and watch on the Netflix is a Joke YouTube Channel . The Big Pitch is a co-production by Netflix and BBC Studios Audio.…

לפני שנה 35:00

MP3•בית הפרקים

In this episode of the (CS)²AI Podcast, host Derek Harp welcomes Mehdi Tarrit Mirakhorli, Associate Professor at the University of Hawaii and a Cybersecurity Expert, to discuss Secure by Design—a fundamental shift in how we develop and deploy software in industrial control systems (ICS) and operational technology (OT). With over 15 years of R&D experience for DARPA, the Air Force, and DHS, Mehdi shares why modern software is inherently vulnerable and how we can learn from aviation, medical, and safety-critical industries to build resilient systems from the ground up.

The conversation dives deep into the risks of insecure by design software, the challenges of implementing true security practices, and the role of government policies in shifting liability from users to vendors. Mehdi explains the importance of threat modeling, attack surface analysis, and secure architecture frameworks to mitigate cyber threats before they arise. He also highlights how software development must evolve beyond rapid deployment cycles to integrate security as a core design principle.

If you’re an ICS professional, cybersecurity engineer, or software developer, this episode provides actionable insights on reducing vulnerabilities at scale, implementing proactive security measures, and preparing for the future of cyber threats. Subscribe now and stay ahead in the ever-evolving world of industrial cybersecurity!

131 פרקים

126: Shifting Left: Why Secure Software Starts at the Design Stage

(CS)²AI Podcast Show: Control System Cyber Security

published לפני שנה

שתפו

MP3•בית הפרקים

131 פרקים

כל הפרקים

1
129: Why OT Cybersecurity Isn't a One-Tool Problem: Insights to be discussed at Level Zero 14:48

לפני 8 weeks14:48

14:48

In this insightful episode of the (CS)²AI Podcast, host Derek Harp welcomes Jay Gignac, Vice President of Sales at FoxGuard Solutions, (CS)²AI Fellow and a passionate OT cybersecurity evangelist. The conversation centers around some of the most pressing challenges in the control systems industry—asset visibility, patch management, and community collaboration. Jay, who will be speaking at the upcoming Level Zero OT Cybersecurity Conference, offers expert-level advice for professionals navigating the complex world of operational technology security. Listeners will hear real-world examples of how OT differs from IT, particularly in areas like patching and compliance. Jay shares how asset discovery and lifecycle management remain fundamental hurdles, even after over a decade of cybersecurity initiatives. The discussion explores the nuances across industry verticals—energy, manufacturing, oil & gas—and underscores why tailored approaches are critical when securing diverse OT environments. This episode is a must-listen for OT professionals, cybersecurity leaders, and anyone attending Level Zero or looking to deepen their understanding of control systems security. Discover why collaboration, not just technology, is key to long-term success in the OT space. Whether you’re an engineer, a procurement officer, or a seasoned CISO, there’s valuable insight here for everyone working to protect the core of their company’s operations.…

1
128: From the Pentagon to Public Safety: Lucian Niemeyer’s Mission to Secure OT 28:24

לפני 13 weeks28:24

28:24

Lucian Niemeyer , Chief Executive Officer of Building Cyber Security and former Assistant Secretary of Defense, joins Derek Harp to discuss the growing cyber risks to operational technology (OT) systems and the urgent need for proactive frameworks to protect public safety. Recorded live at Hack the Capitol 7.0 , this episode delves into the vulnerabilities in smart buildings, connected infrastructure, and critical systems that could have life-threatening consequences if exploited. Lucian shares how his experience in national security shaped his focus on OT cybersecurity, emphasizing the physical impacts of cyberattacks on HVAC systems, elevators, and even water utilities. He introduces the concept of cyber commissioning , a process that ensures building systems are configured securely from the start. Lucian also explains how Building Cyber Security is creating industry-specific frameworks to help facility managers, building owners, and policymakers mitigate risks and reduce insurance liabilities. With increasing threats from ransomware, nation-states, and insider errors, this episode highlights why securing operational technology is critical to protecting both property and lives. Learn how Lucian’s nonprofit is driving collaboration across industries to address this rapidly evolving threat landscape.…

1
127: Unlocking the Power of Asset Inventory in OT Cybersecurity with Roya Gordon 24:22

לפני 14 weeks24:22

24:22

Roya Gordon , previously the Executive Industry Consultant - Operational Technology (OT) Cybersecurity at Hexagon Asset Lifecycle Intelligence and currently, is the Deputy CISO at ENGIE North America Inc., joins Derek Harp live from Hack the Capitol 7.0 to explore the evolving landscape of asset inventory in operational technology (OT). Roya breaks down the differences between asset visibility, inventory, and management, sharing her firsthand experiences from both passive and configuration-based methodologies. Roya highlights the critical role of asset inventory in building a strong OT cybersecurity foundation. From distinguishing between passive and active network monitoring to the importance of configuration management, she emphasizes how a multi-layered approach can offer comprehensive visibility and risk management. Roya also dives into why organizations often overlook configuration change management, and how integrating different solutions can optimize security efforts. Whether you’re a seasoned OT professional or just starting your cybersecurity journey, this episode offers valuable insights into improving asset management, reducing risks, and fostering collaboration between vendors and operators.…

1
126: Shifting Left: Why Secure Software Starts at the Design Stage 35:00

לפני 15 weeks35:00

35:00

In this episode of the (CS)²AI Podcast, host Derek Harp welcomes Mehdi Tarrit Mirakhorli , Associate Professor at the University of Hawaii and a Cybersecurity Expert , to discuss Secure by Design—a fundamental shift in how we develop and deploy software in industrial control systems (ICS) and operational technology (OT). With over 15 years of R&D experience for DARPA, the Air Force, and DHS, Mehdi shares why modern software is inherently vulnerable and how we can learn from aviation, medical, and safety-critical industries to build resilient systems from the ground up. The conversation dives deep into the risks of insecure by design software, the challenges of implementing true security practices, and the role of government policies in shifting liability from users to vendors. Mehdi explains the importance of threat modeling, attack surface analysis, and secure architecture frameworks to mitigate cyber threats before they arise. He also highlights how software development must evolve beyond rapid deployment cycles to integrate security as a core design principle. If you’re an ICS professional, cybersecurity engineer, or software developer, this episode provides actionable insights on reducing vulnerabilities at scale, implementing proactive security measures, and preparing for the future of cyber threats. Subscribe now and stay ahead in the ever-evolving world of industrial cybersecurity!…

1
125: Decoding SBOMs: Kyle McMillian on Cybersecurity and Supply Chain Transparency 27:24

לפני 16 weeks27:24

27:24

Derek Harp welcomes Kyle McMillian , Product Security Officer at Siemens, to discuss the evolving landscape of software bill of materials (SBOMs) and their role in modern cybersecurity. Recorded live at Hack the Capitol 7.0 , this conversation unpacks the challenges and opportunities posed by SBOMs in an industry grappling with legacy systems and modern threats. Kyle dives into the origins of SBOMs, their role in addressing vulnerabilities like Log4J, and their potential to transform procurement, risk management, and incident response. He emphasizes the importance of balancing transparency with practicality, noting that SBOMs are a starting point for broader cybersecurity conversations. With his unique perspective from a leading equipment manufacturer, Kyle shares insights into how SBOMs can help bridge the gap between IT and OT systems. This episode is essential for anyone looking to understand the future of cybersecurity and the critical role of SBOMs in securing industrial control systems. Learn how these tools can foster trust, streamline risk management, and improve collaboration across the industry.…

1
124: Capture the Flag: Transforming Cybersecurity Training with Kenneth Warren 23:12

לפני 17 weeks23:12

23:12

Derek Harp sits down with Kenneth Warren , Staff OT and Offensive Security Engineer at GRIMM Cyber, to discuss how gamification and Capture the Flag (CTF) competitions are revolutionizing cybersecurity training. Recorded live at Hack the Capitol 7.0 , this conversation explores how CTFs and cyber ranges create safe, hands-on environments for learning offensive and defensive cybersecurity skills. Kenneth explains how CTFs offer opportunities to tackle real-world scenarios, from navigating complex networks to interacting with industrial control protocols. Whether you're an experienced professional or a newcomer to the field, CTFs provide a unique way to build and refine your skills. He also highlights how gamification reaches audiences that traditional training might miss, making learning engaging and accessible. This episode provides insights into the growing role of gamified learning in cybersecurity and how it’s inspiring the next generation of professionals. Discover how these competitions foster collaboration, creativity, and innovation in a rapidly evolving industry.…

1
123: From Classroom to Crisis: Immersive Training for ICS Security Professionals 23:00

לפני 18 weeks23:00

23:00

Derek Harp hosts Jeff Hahn , Project Manager at Idaho National Laboratory (INL), to discuss innovative approaches to training in the ICS and OT cybersecurity space. Recorded live at Hack the Capitol 7.0 , Jeff shares insights into how INL’s escape rooms provide hands-on, immersive learning experiences for professionals and students alike. The escape rooms integrate learning objectives from INL’s renowned 301 Red Team/Blue Team training, transforming them into engaging, gamified challenges. These exercises offer participants a chance to simulate real-world scenarios, improve teamwork, and develop critical cybersecurity skills. Jeff also highlights the importance of bridging gaps between IT and OT teams through collaborative training initiatives. Whether you're a seasoned professional or a newcomer to the field, this episode explores how gamification and experiential education can help prepare the next generation of cybersecurity experts. Discover how these escape rooms are traveling the world, raising awareness, and making learning accessible to everyone.…

1
122: Securing the Future: Rob Shaughnessy on Innovation, Supply Chain, and Cyber Threats 33:13

לפני 19 weeks33:13

33:13

Derek Harp welcomes Rob Shaughnessy , President & CEO, Director of Psymetis, Inc., to discuss critical issues in the world of ICS and OT security, recorded live at Hack the Capitol 7.0 . Rob dives into the vulnerabilities surrounding the development of innovative technologies, supply chain risks, and the evolving threat landscape posed by nation-state actors. The conversation highlights the growing need for transparency in supply chains, the legal gaps in cybersecurity requirements for technology companies, and the rise of services like ransomware-as-a-service, which lower the bar for cybercriminals. Rob also shares his perspective on education and workforce challenges in cybersecurity, emphasizing the importance of foundational skills and the risks of over-relying on influencer culture. Packed with actionable insights, this episode offers a nuanced look at the complexities of securing critical infrastructure, balancing innovation with security, and preparing for a more connected, yet vulnerable, future.…

1
121: From Farm to Fork: Kristin Demoranville on Food Safety and Cybersecurity 24:35

לפני 20 weeks24:35

24:35

The intersection of cybersecurity and the food industry takes center stage as Kristin Demoranville, founder and CEO of Anson Sage and host of Bytes and Bites , joins Derek Harp at Hack the Capitol 7.0 . This compelling conversation reveals how digital systems impact every aspect of the food supply chain, from farming and production to transportation and storage. Kristin highlights key vulnerabilities, including risks in automated farming equipment, robotic processing lines, and self-driving refrigerated trucks. She advocates for embedding cybersecurity into food safety practices to protect both trust and the integrity of what we eat. As the industry embraces groundbreaking innovations like AI and lab-grown food, addressing these challenges is more crucial than ever. Listeners will gain valuable insights into the urgent need for collaboration, awareness, and action to secure the systems that sustain our daily lives. This dialogue sheds light on the essential role of cybersecurity in ensuring a safe and reliable food supply for everyone.…

1
120: ResetCon and the Future of Cybersecurity: Insights from Jay Warne 22:26

לפני 21 weeks22:26

22:26

In this episode of the (CS)²AI Podcast , host Derek Harp welcomes Jay Warne , co-founder of ResetCon, to discuss the intersection of cybersecurity research, critical infrastructure, and collaborative defense strategies. Recorded live at Hack the Capitol 7.0 , this conversation highlights the pressing need to close gaps between academia, offensive researchers, and critical industries. Jay delves into the mission of ResetCon, an inaugural conference designed to connect academic researchers, defense experts, and key players from the civilian and commercial sectors. Together, they aim to anticipate emerging threats, mitigate risks, and reduce recovery times for critical systems. The discussion also explores the challenges of integrating IT and OT security teams, the importance of "cyber-informed engineering," and the need for secure-by-design principles. Listeners will gain insights into the future of cybersecurity, including lessons learned from DARPA research, the importance of bridging silos, and how to build more resilient systems. Don’t miss this episode if you’re passionate about protecting critical infrastructure and fostering innovation.…

1
119: Revealing the OT Threat Landscape: Remote Access, Supply Chain, and Lateral Movement 19:37

לפני 22 weeks19:37

19:37

Our host Derek Harp sits down with Adam Robbie , Head of OT Threat Research at Palo Alto Networks, live from Hack the Capitol 7.0 . Adam shares critical insights into emerging cybersecurity challenges within Operational Technology (OT) environments, including findings from Palo Alto's extensive OT threat landscape research. Listeners will hear about the top attack vectors impacting critical infrastructure: remote access vulnerabilities , supply chain risks , and lateral movement across networks. Adam discusses the importance of network segmentation , cross-team collaboration between IT and OT, and innovative tools like the Cyberwall , a hands-on demonstration environment showcasing real-world OT threats. Whether you're an OT security professional or new to the field, this episode delivers practical takeaways to enhance your cybersecurity strategies. Don’t miss this engaging conversation focused on securing control systems and building stronger, collaborative defenses.…

1
118: Preparing for Cyber Threats: A Strategic Discussion with Mark Montgomery on Securing Our Future 13:26

לפני 23 weeks13:26

13:26

In this episode of the CS2AI Podcast , host Derek Harp dives deep into the evolving threats to national security and critical infrastructure with Mark Montgomery, Senior Fellow at the Foundation for Defense of Democracies. Recorded live at the Hack the Capitol 7.0 conference in Washington D.C., this episode sheds light on the increasing cyber vulnerabilities faced by the United States from nation-states like China and Russia, as well as criminal actors exploiting critical infrastructure. Mark shares his extensive experience and expertise, offering insights into how the U.S. government can better prepare and protect itself in the face of modern cyber threats. Mark discusses the significant mismatch between the capabilities of the Department of Defense and intelligence agencies, and the authorities of civilian federal agencies responsible for protecting sectors like power, water, and transportation. He also highlights the pressing issue of underperforming federal agencies tasked with safeguarding critical infrastructure, and the dire need for a comprehensive, bipartisan approach to cybersecurity legislation. With over 32 years in the U.S. Navy and years of policy work in the federal government, Mark offers a unique perspective on the future of cybersecurity and what needs to change to address these challenges effectively. One of the key takeaways from this episode is Mark’s call for a more cohesive strategy to defend against cyber threats and protect public safety and economic productivity. Despite the ongoing challenges, there’s a sense of hope as Mark emphasizes the bipartisan nature of cybersecurity solutions and the possibility of enacting meaningful changes. This conversation is essential for anyone involved in cybersecurity, national security, or government policy and provides crucial insights into the future of cyber defense in the United States.…

1
117: Rapid7’s Approach to ICS and OT Security: Lessons from the Field 24:45

לפני 24 weeks24:45

24:45

Join Derek Harp and his guests from Rapid7—Lonnie Best, William Price, and Nicholas Butcher—as they delve into the critical challenges and exciting opportunities within the Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity landscape. Recorded live at Hack the Capitol 7.0, this episode highlights the growing demand for OT cybersecurity, innovative approaches to managing threats, and the evolving dynamics between IT and OT professionals. In this episode, the panel discusses real-world examples of managing ICS threats, the nuances of integrating OT into traditional IT security frameworks, and the importance of trust and communication in bridging gaps between teams. Learn how managed security services are adapting to meet the unique demands of OT environments and why collaboration across roles and expertise is essential. Whether you’re a seasoned professional or new to the field, this episode offers actionable insights and inspiring stories that highlight the importance of securing critical infrastructure in today’s evolving threat landscape. Visit cs2ai.org to learn more about resources, events, and professional development opportunities in OT and ICS cybersecurity.…

1
116: Cyber Safety in the Age of OT Threats: Insights from Lucian Niemeyer 31:33

לפני 25 weeks31:33

31:33

In this episode of the CS²AI Podcast, host Derek Harp is joined by Lucian Niemeyer, CEO of Building Cybersecurity, for an enlightening discussion on the critical importance of protecting operational technology (OT) systems. Recorded at the Hack the Capitol 7.0 conference, Lucian emphasizes the increasing threats to critical infrastructure posed by nation-state actors and other adversaries, describing the current landscape as a "Sputnik moment" for cybersecurity. From vulnerabilities in water systems to the cyber-physical risks of modern vehicles, this conversation highlights the pressing need for a collective defense strategy. Lucian shares actionable insights on the roles of the private sector and national defense in addressing these challenges and calls for a bipartisan commitment to safeguard life-essential systems. If you're curious about how cybersecurity intersects with human safety and national security, this episode is a must-listen. Learn about proactive measures, emerging frameworks, and how you can contribute to strengthening our defenses.…

1
115: Cyber Informed Engineering: Protecting Critical Infrastructure with Ginger Wright 24:07

לפני 26 weeks24:07

24:07

Derek Harp hosts Virginia "Ginger" Wright, a program manager at Idaho National Laboratory, known for her pioneering work in cybersecurity for critical infrastructure. Ginger shares the history and importance of Cyber Informed Engineering (CIE) and how this engineering philosophy integrates safety protocols directly into the design of industrial systems, making them resilient against cyber threats. They discuss the origins of CIE in nuclear energy safety, the unique assets of Idaho National Laboratory, and the vital role engineers play in safeguarding critical infrastructure. Ginger also dives into practical resources like the Cyber Informed Engineering Implementation Guide, sharing how organizations and educators can adopt this methodology. Join us for insights into CIE’s impact on the future of OT and ICS cybersecurity.…

(

(CS)²AI Podcast Show: Control System Cyber Security

1
114: Hack the Capitol 7.0: Building Cybersecurity Connections with Bryson Bort & Tom Van Norman 17:08

לפני 27 weeks17:08

17:08

In this episode, host Derek Harp sits down with Bryson Bort and Tom Van Norman, co-founders of ICS Village and creators of Hack the Capitol. They discuss the origins and evolution of Hack the Capitol, now in its seventh year, and the conference’s unique focus on bridging cybersecurity professionals with policy makers and industry leaders. They dive into the value of hands-on learning, the launch of Workforce Development Day, and the ongoing need for practical cybersecurity education and career opportunities for all. Bryson and Tom also highlight the significance of candor in the field and what attendees can look forward to at future conferences. Tune in for insights into the world of OT and ICS cybersecurity, hands-on training, and the importance of building community partnerships.…

(

(CS)²AI Podcast Show: Control System Cyber Security

1
113: Shaping the Future of OT Security with Dale Peterson 32:25

לפני 28 weeks32:25

32:25

In this episode, the conversation centers on the critical role of operational technology (OT) security and the unique contributions of the S4 Conference. Dale Peterson shares his journey and insights into the challenges of underrepresentation in cybersecurity, especially for women and other groups, and highlights innovative scholarship initiatives aimed at bridging this gap. The discussion also delves into the evolving landscape of AI in cybersecurity, addressing both its potential and the complexities it brings. Listeners will gain valuable perspectives on managing cybersecurity risks, prioritizing investments, and developing effective recovery strategies in OT environments. As we look forward to S4 2025 in Tampa, Florida, this episode offers a glimpse into the future of cybersecurity and the importance of resilience in our systems…

(

(CS)²AI Podcast Show: Control System Cyber Security

1
112: Breaking Barriers in Cybersecurity: Roya Gordon’s Transformative Journey and Expert Advice for Veterans 46:51

לפני 50 weeks46:51

46:51

Today, we are thrilled to welcome Roya Gordon as our guest. Roya is an executive industry consultant specializing in operational technology, cybersecurity, and Hexagon. She is a military veteran, an accomplished technologist, and a prolific speaker in our industry. Her creativity knows no bounds, encompassing her passion for the arts and her love of opera and symphonies. She is also an avid traveler and a super fun person to have around. Roya brings a unique and engaging perspective to our discussion today. She shares her journey from a pre-law magnet program to becoming a skilled speaker in the Navy, highlighting the value of communication skills for conveying technical information to audiences and sharing the challenges and opportunities veterans face when breaking into the cybersecurity industry. Stay tuned as Roya shares her invaluable insights and experiences, offering guidance for veterans aspiring to enter the cybersecurity field. You will not want to miss the wisdom and stories Roya shares with us today. Show highlights: Roya shares her background as an army brat. Roya discusses her six-year experience in the Navy. How Roya gradually realized she was involved in technology through her Navy intelligence work Roya talks about her studies in international relations and national security after leaving the Navy and how she pivoted to studying cyber-warfare Roya landed a job as a security researcher at Idaho National Laboratory (INL) despite lacking an IT background. Roya talks about the foundational training she received in OT cybersecurity at INL. How advanced tools often get underutilized due to a lack of trained personnel Roya highlights the value of certifications. How non-technical roles like journalism and event planning can offer entryways into the cybersecurity space. Links and resources: (CS)²AI Derek Harp on LinkedIn Hexagon Roya Gordon on LinkedIn…

(

(CS)²AI Podcast Show: Control System Cyber Security

1
111: From Scrubbing Hard Drives to Securing the Future: Max's Journey in Cybersecurity 36:04

לפני 51 weeks36:04

36:04

We are thrilled to have Max Aulakh, the Founder and CEO of Ignyte Assurance Platform, joining us today. Max is a military veteran and motorcycle enthusiast who enjoys doing voluntary work. He is a prolific contributor to the cybersecurity community, always willing to be of service to others. When Max was three, his father applied for American citizenship at the US Embassy in India. It was an extremely long process, and after losing all hope, he and his family finally migrated to Oklahoma a decade later. Join us to learn how Max transitioned from the military to founding the successful Ignyte Assurance Platform. He also shares his views on regulations, discusses how AI has impacted the security field, and offers prudent and practical advice for anyone interested in pursuing a cybersecurity career. Stay tuned for today’s candid and fascinating interview with Max Aulakh, the Founder and CEO of Ignyte. Show highlights: How Max’s military experience led to his career in security Max’s Air Force mentor encouraged voluntary service. How working with the Department of Treasury, scrubbing hard drives, led to Max’s interest in security. Max explains how his military experience instilled a service mindset beneficial for security roles. While in service, he attended the American Military University due to its flexible programs for deployed personnel. The challenges he faced transitioning from a services company to a product-based company Max shares how he launched Ignyte in 2019/2020 How Max assists companies with the Cybersecurity Maturity Model, particularly in thedefense sector. Why standardization and testing are essential in operational technology Max shares his views on the potential of AI Links and resources: (CS)²AI Derek Harp on LinkedIn Ignyte Assurance Platform Max Aulakh on LinkedIn…

(

(CS)²AI Podcast Show: Control System Cyber Security

1
110: Global Cybersecurity Insights with Mike Holcomb 50:39

לפני 1 year50:39

50:39

We are delighted to have Mike Holcomb joining us on the show today. Mike is both a fellow and a cybersecurity director, and he currently serves as the ICS OT Cybersecurity Global Lead at Fluor, a massive multinational engineering and construction firm with over 40,000 employees. He has participated in many major building projects, and we are excited to learn from his extensive experience today. Stay tuned as Mike shares his insights and expertise. Show Highlights: Mike discusses the two years he spent in China building bowling alleys Mike talks about his time teaching and consulting at a training company in San Diego How Mike had the opportunity to double his salary and work with the Navy SEALs during 9/11 Mike discusses his experience working in IT security Mike explains that Fluor has built some of the largest control system environments in the world Mike discusses challenges in the energy sector How regulations impact cybersecurity in various industries Why cybersecurity regulations are essential within critical infrastructure Mike discusses the challenge of aligning IT and OT cybersecurity teams Links and resources: (CS)²AI Derek Harp on LinkedIn Bridewell Michael Holcomb on LinkedIn Fluor…

(

(CS)²AI Podcast Show: Control System Cyber Security

1
109: Teaser for the CNI Research Report with Chase Richardson 18:13

לפני 1 year18:13

18:13

We are delighted to have Chase Richardson, the VP of Consulting at Bridewell, back on the show today. Bridewell boasts a rich history in industrials, offering comprehensive cybersecurity services across the entire cybersecurity spectrum, including operating technology. Recently, Bridewell came up with an insightful report on cybersecurity within the US critical infrastructure. In this episode, Chase dives into the current state of cybersecurity regulations in critical infrastructure and shares the details and origin of the upcoming Bridewell report, which falls squarely within the interest of CSAI. Tune in to learn more about this exciting project. Show highlights: How the attacks experienced by CISOs and cyber managers have decreased despite an increase in risk sentiment The challenges small and mid-sized airports face when implementing regulations due to their limited cybersecurity budgets How cybersecurity regulations in the US differ from those in the UK What is the link between IT and OT security? Why it is essential to implement a hybrid of IT and OT security measures to protect critical infrastructure Why organizations need to comply with relevant cybersecurity standards and regulations Chase shares key findings and insights from Bridewell's upcoming cybersecurity report for critical infrastructure. Links and resources: (CS)²AI Derek Harp on LinkedIn Bridewell Chase Richardson on LinkedIn…

(

(CS)²AI Podcast Show: Control System Cyber Security

1
108: Mastering Data Complexity: Insights from Chase Richardson and Martin Riley on OT Integration 49:21

לפני 1 year49:21

49:21

We are delighted to have Chase Richardson, Head of US Operations for Bridewell, and Martin Riley, Director of Managed Services for Bridewell, joining us today! We are changing things slightly for this episode, with Martin and Chase diving into how to integrate OT systems into your sim rather than presenting our regular biographical format. Their focus today is predominantly on the increasingly relevant topic of managing data across diverse platforms, particularly in OT applications. Join us as we explore this integration and unravel the challenges it presents. Show highlights: The evolution of cybersecurity technology How the industry struggles with integrating IoT and OT data into security sims Why integrating separate systems into one platform is crucial for security teams How security and operational technology leadership teams converge Why hybrid teams are essential for managing cybersecurity risks The importance of asset visibility and understanding the architecture for effectively implementing security solutions How AI and machine learning can help to reduce noise in security operations Why threat intelligence is essential for business risk and control validation The importance of threat intelligence in the cybersecurity industry Links and resources: (CS)²AI Chase Richardson on LinkedIn Martin Riley on LinkedIn Bridewell Derek Harp on LinkedIn…

(

(CS)²AI Podcast Show: Control System Cyber Security

1
107: Keeping the Lights On: Carlos's Roadmap to Becoming an Energy Cybersecurity Pro 41:36

לפני 1 year41:36

41:36

We are thrilled to welcome Juan Carlos Buenano as our distinguished guest for today’s episode of the CS2AI podcast! Carlos is the Chief Technology Officer for OT at Armis. He is a born technologist and an engineer by training. Beyond his professional endeavors, he embraces a life filled with adventure, enjoying many outdoor activities, including scuba diving, mountain biking, and exploring the scenic expanses of unspoiled nature. Carlos was born in Venezuela and grew up in a small town outside Caracas. After graduating as an electronic engineer in Venezuela, he traveled to Australia to learn English, fell in love with the country, the lifestyle, and the nature, and has lived there for the last 23 years. Carlos brings a unique perspective to today’s show, shaped by his professional and personal experiences. Join us for an engaging discussion as he shares his wealth of experiences and insights and explains how he serves his community. Show Highlights: Carlos shares his journey to becoming an engineer in the energy industry How his interest in control systems began Carlos recounts his early cybersecurity experiences in industrial systems during the early 2000s The importance of keeping operating systems up to date to prevent vulnerabilities and ensure reliability Why it is essential to understand how technology works in both physical security and cybersecurity Carlos discusses the challenges of integrating cybersecurity into process control systems Carlos offers advice for engineers who want to get into cybersecurity The importance of mentorship and learning from others in their industry Carlos discusses the weekly open mic Ask Me Anything sessions he does at work Links and resources: (CS)²AI Derek Harp on LinkedIn Carlos Buenano on LinkedIn Armis…

(

(CS)²AI Podcast Show: Control System Cyber Security

1
106: Top Gun Meets the Cloud: Ken's Guide to Keeping Your Airplanes (and Data) Safe 42:08

לפני 1 year42:08

42:08

We are delighted to have Ken Munro joining us from the UK today! Ken is a Partner and Co-founder of Pen Test Partners. He is a seasoned technologist, the founder of multiple ventures, a pilot, a skier, and a dynamic and adventurous contributor to our community. Ken brings a wealth of experience and expertise that promises to enrich our understanding of the evolving landscape in cybersecurity. In today's discussion, we dive into his remarkable career journey and explore his perspective on OT and ICS-related cybersecurity. Join us for this informative session with Ken as he shares his valuable perspectives. Show Highlights: Ken discusses his cybersecurity industry journey How Ken’s past Air Force experience relates to his current work in cybersecurity The benefits of telling a story when communicating complex concepts Ken shares a story to highlight the importance of safety and security within the aviation industry Ken talks about the unique systems on board planes and their vulnerabilities How the isolated protocols used in older aircraft systems are more robust and stable than the modern systems How even simple display systems can cause airport outages Ken shares his concerns about cybersecurity risks within cloud management platforms for industrial control systems How including contractual language for liability in procurement contracts can protect organizations against cybersecurity risks Ken shares his thoughts on the future of the cybersecurity industry Links and resources: (CS)²AI Derek Harp on LinkedIn Ken Munro on LinkedIn Pen TestPartners…

(

(CS)²AI Podcast Show: Control System Cyber Security

1
105: Beyond Boundaries: Unveiling the Multifaceted World of Michelle Balderson 46:37

לפני 1 year46:37

46:37

We are excited to bring you another captivating industry leader interview today. In this episode, we interview Michelle Balderson, the Principal Security Architect at Issquared. Michelle is a seasoned professional. In addition to having extensive experience as an established contributor and leader within the industry, she is a technologist, devoted mother, wife, chef, and a true jack of all trades. Beyond her contributions to the industry, Michelle finds joy in the great outdoors, whether she is conquering hiking trails, setting up camp, or enjoying four-by-four adventures. In our discussion today, Michelle talks about her personal and professional journey, sharing insights she gained along the way and shedding light on the path that brought her to where she is in her current role as a security specialist. Join us as we dive into the rich reservoir of wisdom and experience that Michelle brings to the table. Show Highlights: How moving around a lot while growing up allowed Michelle to develop an excellent rapport with others Michelle describes her first experience with technology Michelle shares her experience of working at Fortinet and SonicWALL Work opportunities within the OT security space Why a more holistic approach to security is needed The importance of changing the culture within businesses to bridge the gap between different domains How empathy and active listening can drive business success Michelle discusses her role at Issquared Michelle shares the advice she would give to her younger self Links and resources: (CS)²AI Derek Harp on LinkedIn Michelle Balderson on LinkedIn ISSQUARED Inc.…

(

(CS)²AI Podcast Show: Control System Cyber Security

1
104: Author Spotlight™ - An Interview with Andrew Ginter, Author of Engineering-Grade OT Security: A Guide for Managers 1:08:15

לפני 1 year1:08:15

1:08:15

Today, we are bringing you a fresh, new format called the Author Spotlight, where we focus on the authors within our community. We are delighted to launch the Author Spotlight by shining our light on Andrew Ginter, the VP of Industrial Security at Waterfall Security Solutions. Andrew has been a steadfast CS2AI supporter since its inception, dedicating considerable time to CS2AI initiatives, and Waterfall is one of our oldest sponsors. We are grateful to Andrew for generously sharing his insights and all the invaluable contributions he and his company, Waterfall, have made. Andrew's offerings include editing, reading, and committing much of his time to community projects. Join us today as we explore Andrew's wealth of wisdom and experience. Show Highlights Andrew reflects on his writing process and discusses his new book, The Golden Black Book. Andrew talks about a new approach of combining cybersecurity and engineering to manage risk. How Andrew structured his book for a mixed audience of engineers and managers The importance of using mathematical modeling when making cybersecurity decisions rather than relying on intuition or guesswork Andrew highlights the lack of cybersecurity expertise within industrial settings. How complex risks have created the need for a multi-faceted approach to cybersecurity Andrew emphasizes the importance of security by design within product development. Why it’s essential to understand the broader definition of vulnerability Andrew discusses the challenges of writing a book on industrial cybersecurity Links and resources: (CS)²AI Derek Harp on LinkedIn Andrew Ginter on LinkedIn WaterfallSecurity…

(

(CS)²AI Podcast Show: Control System Cyber Security

1
103: Diving into the Multifaceted World of Ron Fabela: From Cybersecurity Leadership to Goat Herding and Beyond 46:17

לפני 1 year46:17

46:17

We are thrilled to have another exceptional guest on the show today! Ron Fabela is the Field Chief Technology Officer at Xona. He is a multifaceted individual who has been a stalwart contributor to the industry for many years. His impressive resume includes being an Industrial Security champion, a military veteran, and a technologist. Beyond his professional achievements, Ron is also a founder, a father, a husband, an astronomy expert interested in anything space-related, and, believe it or not, a goat herder. Ron has had a wealth of experiences, making him an all-around fascinating guest. Get ready for a long-overdue and truly insightful discussion with Ron Fabela! Show highlights: How Ron’s interest in technology began Ron discusses his career in the military and talks about his cybersecurity training Ron offers advice for young people The benefits of working for large organizations, doing internships, and doing volunteer work How Ron progressed in his cybersecurity career Why no opportunity for exposure to systems and networks should ever get squandered How Ron’s military experience shaped his approach to work Ron shares insights on the challenges of consulting The importance of having hobbies and passions outside of work Ron talks about his role as a Field CTO How the control systems cybersecurity industry has evolved Why it is essential to persevere with projects, even when facing challenges or the progress is slow Links and resources: (CS)²AI Derek Harp on LinkedIn Ron Fabela on LinkedIn Xona…

(

(CS)²AI Podcast Show: Control System Cyber Security

1
102: Unveiling the Multifaceted Brilliance: A Dive into the World of Bill Lawrence 44:27

לפני 2 years44:27

44:27

We are delighted to have Bill Lawrence, the Chief Delivery Officer at Itegriti Corporation, joining us on the podcast today! For those unfamiliar with Bill, he is a well-rounded and multifaceted individual. He is a technologist, artist, and a loving father and husband, in addition to being a talented singer, Navy veteran, and pilot. Bill is known in the industry for his many achievements. In today’s conversation, we unveil the various layers of his experiences and perspectives, and he shares insights into the unique facets that have defined his professional and personal journey. Stay tuned as we delve into the steps and milestones that have shaped Bill’s dynamic career! Show highlights: How Bill started programming in the fourth or fifth grade How a movie inspire him to join the military Bill shares some of his exciting fighter pilot experiences Bill’s Naval Academy experiences included computer science studies and exposure to cybersecurity Bill reflects on teaching cybersecurity at the Naval Academy How he transitioned in his career after quitting the Naval Academy Bill discusses his time spent as a project manager at NERC How Grid X evolved and grew Cybersecurity and compliance within the energy industry The importance of reading books and applying them to life to make a positive impact Why Bill finds quantum computing and AI exciting prospects Links and resources: (CS)²AI Derek Harp on LinkedIn Bill Lawrence on LinkedIn ItegritiCorporation Books mentioned: The Ideal Team Player by Patrick Lencioni How to Be Perfect by Michael Perry…

(

(CS)²AI Podcast Show: Control System Cyber Security

1
101: Exploring the IoT and OT Cybersecurity World with Dr. Jesus Molina: An Expert's Insights and Experiences 1:01:29

לפני 2 years1:01:29

1:01:29

We are delighted to have another remarkable guest joining us on the podcast today! Dr. Jesus Molina, the Director of Industrial IoT at Waterfall Security Solutions, is a seasoned cybersecurity practitioner and well-known OT cybersecurity thought leader. He is a technologist and inventor driven by an insatiable curiosity. In addition to being a copious reader and an electrical engineer with a Master's degree and a Ph.D. in the field, Dr. Molina is a dedicated researcher, a sailor, an intrepid traveler, a compelling public speaker, and an ardent educator. Dr. Molina’s passion for cybersecurity, particularly in the context of IoT and OT, is evident in everything he does. Join us today as we delve into the insights and experiences of this accomplished cybersecurity expert. Show highlights: Dr. Molina talks about his early life experiences How his interest in cybersecurity began Dr. Molina explains how he created a virus that infected every computer in his high school Dr. Molina shares his experience of pursuing a Master's degree in the US after studying in Spain A valuable lesson learned about remaining cautious and protecting a group or organization after a security breach Cybersecurity challenges and solutions in various industries How Dr. Molina discovered he could control every room in a hotel by exploiting a wireless network vulnerability Dr. Molina shares a cautionary story about the importance of watching what you say around journalists How curiosity drives creativity Dr. Molina discusses his views on the future Links and resources: (CS)²AI Derek Harp on LinkedIn Dr. Jesus Molina on LinkedIn Waterfall Security Solutions…

(

(CS)²AI Podcast Show: Control System Cyber Security

1
100: Exploring OT Security and Cyber Practices with IBM's Rob Dyson 56:53

לפני 2 years56:53

56:53

We are delighted to welcome Rob Dyson as our special guest for the 100th episode of the CS2AI podcast! Rob is the Global OT Security Services Leader for IBM. Beyond his corporate role, he is a military veteran, a tech enthusiast, a devoted father and husband, a proud grandfather, and an avid scuba diver. His extensive experience overseeing key service areas within an industry giant like IBM makes Rob an exceptional guest for this milestone podcast. He joins us today to share his insights on control systems, operating technology, and cybersecurity practices. Rob truly brings a wealth of knowledge and clarity to today’s discussion. Stay tuned for more! Show highlights: How Rob’s interest in technology influenced his desire to explore new things and push boundaries The challenges of setting up a business continuity plan in a remote location How security measures have evolved from the early days of network security to modern-day cybersecurity The importance of understanding the network for OT security How software developers can bring valuable skills to cybersecurity after mastering the fundamentals of networking Rob shares his insights on entrepreneurship in the cybersecurity space How Rob got offered a job with IBM in 2012 after a quick and unexpected interview process Rob explains how he transitioned to full-time OT security work in 2016 Why is there a need for a different mindset and cultural understanding within the OT cybersecurity industry? Rob offers advice for people who have recently begun their career journeys Links and resources: (CS)²AI Derek Harp on LinkedIn Rob Dyson on LinkedIn IBM…

ברוכים הבאים אל Player FM!

Player FM סורק את האינטרנט עבור פודקאסטים באיכות גבוהה בשבילכם כדי שתהנו מהם כרגע. זה יישום הפודקאסט הטוב ביותר והוא עובד על אנדרואיד, iPhone ואינטרנט. הירשמו לסנכרון מנויים במכשירים שונים.

תקשיבו ל-500+ נושאים

Bounty Quick Size Paper Towels, White, 8 Family Rolls = 20 Regular Rolls (Packaging May Vary)

Ailun 3 Pack Screen Protector for iPhone 16 Pro [6.3 inch] + 3 Pack Camera Lens Protector with Installation Frame,Case Friendly Tempered Glass Film,[9H Hardness] - HD [6 Pack]

2025 - American Silver Eagle .999 Fine Silver with our Smyrnacoin Certificate of Authenticity Dollar Uncirculated US Mint

פודקאסטים ששווה להאזין

(CS)²AI Podcast Show: Control System Cyber Security « » 126: Shifting Left: Why Secure Software Starts at the Design Stage

126: Shifting Left: Why Secure Software Starts at the Design Stage

פודקאסטים ששווה להאזין

ברוכים הבאים אל Player FM!

Pluto TV - Watch Free Movies, Shows & Live TV

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

Microsoft Office Home 2024 | Classic Apps: Word, Excel, PowerPoint | One-Time Purchase for 1 PC/MAC | Instant Download | Formerly Home & Student 2021 [PC/Mac Online Code]

HP 67XL Black High-yield Ink Cartridge | Works with HP DeskJet 1255, 2700, 4100 Series, HP ENVY 6000, 6400 Series | Eligible for Instant Ink | One Size | 3YM57AN

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

מדריך עזר מהיר

(CS)²AI Podcast Show: Control System Cyber Security « »
126: Shifting Left: Why Secure Software Starts at the Design Stage