@BEERISAC: OT/ICS Security Podcast Playlist

Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: 111: From Scrubbing Hard Drives to Securing the Future: Max's Journey in CybersecurityPub date: 2024-05-28We are thrilled to have Max Aulakh, the Founder and CEO of Ignyte Assurance Platform, joining us today. Max is a military veteran and motorcycle enthusiast who enjoys doing voluntary work. He is a prolific contributor to the cybersecurity community, always willing to be of service to others. When Max was three, his father applied for American citizenship at the US Embassy in India. It was an extremely long process, and after losing all hope, he and his family finally migrated to Oklahoma a decade later. Join us to learn how Max transitioned from the military to founding the successful Ignyte Assurance Platform. He also shares his views on regulations, discusses how AI has impacted the security field, and offers prudent and practical advice for anyone interested in pursuing a cybersecurity career. Stay tuned for today’s candid and fascinating interview with Max Aulakh, the Founder and CEO of Ignyte.Show highlights:How Max’s military experience led to his career in securityMax’s Air Force mentor encouraged voluntary service.How working with the Department of Treasury, scrubbing hard drives, led to Max’s interest in security.Max explains how his military experience instilled a service mindset beneficial for security roles.While in service, he attended the American Military University due to its flexible programs for deployed personnel.The challenges he faced transitioning from a services company to a product-based companyMax shares how he launched Ignyte in 2019/2020How Max assists companies with the Cybersecurity Maturity Model, particularly in thedefense sector.Why standardization and testing are essential in operational technologyMax shares his views on the potential of AILinks and resources:(CS)²AI Derek Harp on LinkedInIgnyte Assurance PlatformMax Aulakh on LinkedInThe podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: The Industrial Security Podcast (LS 35 · TOP 3% what is this?)Episode: Rapid Recovery After an Attack [The Industrial Security Podcast]Pub date: 2024-05-27Ransomware is the most common cyber attack causing OT outages - all Windows machines encrypted. What if we could "press a button" and have everything working again in seconds or minutes? Alex Yevtushenko of Salvador Technologies joins us to look at new technology for rapid recovery.The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Jennifer Minella on OT Cybersecurity ConvergencePub date: 2024-05-28Jennifer Minella, founder and principal advisor of Viszen Security,  joins the Claroty Nexus podcast to discuss her experiences advising organizations on operational technology implementations, risk management, and succeeding at IT/OT convergence. This episode was recorded during RSA Conference where Jennifer and Bryson Bort gave a talk on convergence from the perspectives of a defender of industrial networks, and from the viewpoint of an offensive security specialist. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Casos de Ciberseguridad IndustrialEpisode: 3/4 Acciones del Caso Gestión de Ciberseguridad en la Cadena de Suministro IndustrialPub date: 2024-05-27En este episodio se presentan las estrategias o soluciones que se están considerando actualmente para reducir el riesgo en la cadena de suministro.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: OT Security Made Simple PodcastEpisode: OT Security Made Simple | Why CISOs are becoming a the companies' supermen and superwomenPub date: 2024-05-16This episode of OT Security Made Simple welcomes Jonathan Gordon of the OT cybersecurity researchers and analyst Takepoint. Jonathan argues that OT security needs to merge the bottom up and top down approach to succeed and that the CISOs will be at the frontline of driving and moderating this process.The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: IoT Security PodcastEpisode: Navigating the Convergence: Securing OT in a Connected WorldPub date: 2024-05-14In this episode, we're diving deep into the world of Operational Technology (OT) and IoT security, exploring the critical challenges and evolving threat landscape that are impacting sectors from manufacturing to critical infrastructure and healthcare. With insights from Patrick Gillespie, an OT expert at GuidePoint Security, we'll discuss the convergence of IT and OT systems, the risks introduced by COVID-19, and the advanced solutions from providers like Phosphorus that are combatting these threats. Patrick also sheds light on his personal journey from military service to a cybersecurity career, and the essential steps organizations should take to bolster their OT security, from embracing cyber hygiene to implementing robust security programs. Join us as we uncover the pressing issues facing IoT security today and how innovations are driving a safer, more secure operational environment. Let’s connect about IoT Security!Follow John Vecchi at https://www.linkedin.com/in/johnvecchiThe IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcastThe podcast and artwork embedded on this page are from Phosphorus Cybersecurity, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Control Amplified: The process automation podcast (LS 24 · TOP 10% what is this?)Episode: A conversation with 2024 Process Automation Hall of Fame inductee Joe WeissPub date: 2024-05-22Joe Weiss is managing partner of Applied Control Solutions Inc., and an ISA99 ICS cybersecurity pioneer and blogger.The podcast and artwork embedded on this page are from ControlGlobal, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: ICS Pulse PodcastEpisode: Ep. 47: Brad Hibbert on Third-Party Risk ManagementPub date: 2024-05-2150% of respondents still rely on spreadsheets and multiple tools for third-party risk management. In this episode of the ICS Pulse Podcast, we talk to Brad Hibbert of Prevalent about the company’s 2024 Third-Party Risk Management Study and how to create more effective risk management practices.The podcast and artwork embedded on this page are from Industrial Cybersecurity Pulse, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Error Code (LS 25 · TOP 10% what is this?)Episode: EP 37: Solving Mysteries. Saving Lives. Just Another Day with OT Incident Response and ForensicsPub date: 2024-05-21When an enterprise network goes down, you call in the Incident Response team and they do forensics. When your SCADA goes down, who do you call? Meet Lesley Carthart, technical director of incident response at Dragos, who focuses on products and services for the non standard part of cybersecurity. That means things like performing digital forensics on SCADA, industrial control systems, and critical infrastructure. There’s still some normal enterprise computing involved, but very often the stories told by practitioners are … well, just plain weird. The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Hack the Plant (LS 34 · TOP 5% what is this?)Episode: Preparing for the potential worst dayPub date: 2024-05-21In this episode, Bryson Bort is joined by Paul Shaver, Global OT Security Practice Lead at Mandiant / Google Cloud to discuss the cyber threat landscape. How did Paul’s military background play a role in his decision to start working with control systems? What is the difference between an advanced persistent threat and a regular threat? What does Paul think is the best way to protect against documented threats from nation-state actors?“I think if we're not doing a better job of protecting critical infrastructure, protecting our assets, any one of the nation state actors could cause that level of mass scale outage or destruction of capability. It comes down to being better prepared to protect these environments,” Paul said. Join us for this and more on this episode of Hack the Plant. Hack the Plant is brought to you by ICS Village and the Institute for Security and Technology.The podcast and artwork embedded on this page are from Bryson Bort, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: (CS)²AI Podcast Show: Control System Cyber SecurityEpisode: 110: Global Cybersecurity Insights with Mike HolcombPub date: 2024-05-21We are delighted to have Mike Holcomb joining us on the show today.Mike is both a fellow and a cybersecurity director, and he currently serves as the ICS OT Cybersecurity Global Lead at Fluor, a massive multinational engineering and construction firm with over 40,000 employees. He has participated in many major building projects, and we are excited to learn from his extensive experience today. Stay tuned as Mike shares his insights and expertise.Show Highlights:Mike discusses the two years he spent in China building bowling alleysMike talks about his time teaching and consulting at a training company in San DiegoHow Mike had the opportunity to double his salary and work with the Navy SEALs during 9/11Mike discusses his experience working in IT securityMike explains that Fluor has built some of the largest control system environments in the world Mike discusses challenges in the energy sectorHow regulations impact cybersecurity in various industriesWhy cybersecurity regulations are essential within critical infrastructureMike discusses the challenge of aligning IT and OT cybersecurity teams Links and resources:(CS)²AI Derek Harp on LinkedInBridewellMichael Holcomb on LinkedInFluorThe podcast and artwork embedded on this page are from Derek Harp, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Cyber Work (LS 42 · TOP 1.5% what is this?)Episode: OT cybersecurity jobs are everywhere, so why is nobody taking them? | Guest Mark ToussaintPub date: 2024-05-20Mark Toussaint of OPSWAT joins to talk about his work in securing operational technology, and specifically about his role as product manager. This is an under-discussed job role within security, and requires great technical expertise, intercommunication skills and the ability to carry out long term campaigns on a product from, as he put it, initial brainstorming scribblings on a cocktail napkin through the creation of the product, all the way to its eventual retirement. Learn what it takes to connect security engineering, solutions experts, project management, and more in the role of security product manager, and how OT security connects fast, flexible IT and cybersecurity with systems that, as Toussaint put it, might be put in place and unmodified for 15 or 20 years. It’s not that hard to connect the worlds, but it takes a specific skill set.0:00 - Working in operational technology 1:49 - First getting into cybersecurity and tech3:14 - Mark Toussaint’s career trajectory5:15 - Average day as a senior product manager in OPSWAT7:40 - Challenges in operational technology 9:11 - Effective strategist for securing OT systems11:18 - Common attack vectors in OT security 13:41 - Skills needed to work in OT security 16:37 - Backgrounds people in OT have17:28 - Favorite parts of OT work 19:47 - How to get OT experience as a new industry worker21:58 - Best cybersecurity career advice22:56 - What is OPSWAT25:29 - Outro– Get your FREE cybersecurity training resources: https://www.infosecinstitute.com/free– View Cyber Work Podcast transcripts and additional episodes: https://www.infosecinstitute.com/podcastAbout InfosecInfosec’s mission is to put people at the center of cybersecurity. We help IT and security professionals advance their careers with skills development and certifications while empowering all employees with security awareness and phishing training to stay cyber-safe at work and home. More than 70% of the Fortune 500 have relied on Infosec Skills to develop their security talent, and more than 5 million learners worldwide are more cyber-resilient from Infosec IQ’s security awareness training. Learn more at infosecinstitute.com.  The podcast and artwork embedded on this page are from Infosec, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Charles Blauner on the Changing Role of the CISOPub date: 2024-05-20Charles Blauner, Team8 operating partner and CISO in residence, joins the Claroty Nexus podcast to discuss the rapid changes in responsibilities and liability risks facing today's chief information security officers. Blauner, former CISO at JP Morgan and Deutsche Bank, describes how, for example, the new SEC rules around disclosures and incidents, along with legal action against high-profile CISOs of public companies, have some security leaders re-thinking how they operate and negotiate within their roles. He also discusses whether enterprises should brace for an exodus of those in the CISO chair today. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Casos de Ciberseguridad IndustrialEpisode: 2/4 Análisis del Caso Gestión de Ciberseguridad en la Cadena de Suministro IndustrialPub date: 2024-05-19En este episodio se analizan cuáles son las principales amenazas, las responsabilidades internas y externas, así como el impacto de un incidente en la cadena de suministro.The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Click Here (LS 51 · TOP 0.5% what is this?)Episode: 131. Mic Drop: Could spoofing satellites become Russia’s new jam?Pub date: 2024-05-17On the battlefields of Ukraine, Russia has become very adapt at electronic warfare — both jamming GPS satellites and spoofing satellite signals. We explain how it works and its ripple effects beyond the front lines.The podcast and artwork embedded on this page are from Recorded Future News, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Secure Tracks: Rail Tech Security Conversations Episode: Bridging Expertise: From IT Foundations to OT Triumphs in Rail CybersecurityPub date: 2024-05-15In this episode of Secure Tracks, Miki Shifman delves into bridging knowledge between IT and OT in transit cybersecurity with Mark Johnston, CISO of TriMet. Mark Johnston shares his enlightening journey from a seasoned IT security career to leading OT security initiatives at TriMet. Discover the challenges, innovations, and triumphs involved in integrating these critical technologies to enhance the safety and reliability of public transit systems. The podcast and artwork embedded on this page are from Cylus, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: PodomationEpisode: 004 - Secure Seas: Navigating Maritime CybersecurityPub date: 2024-05-16The landscape of maritime cybersecurity has evolved significantly, driven by current events, increasing digitization and the adoption of emerging technologies. These changes enhance operational capabilities, but also introduce vulnerabilities. Regulation and standards introductions have been pivotal in guiding the integration of cyber risk management into safety management systems onboard ships. However, a primary concern in maritime cybersecurity is OT systems, which are vital for the control and operation of physical shipboard processes. Panelists: Sean Plankey, Global Head of Cybersecurity Software, Willis Towers WatsonMichael DeVolld, Senior Principal Consultant, American Bureau of ShippingKevin Duffy, CEO, Maritime Imperative Marco Ayala, President, Infragard Houston The podcast and artwork embedded on this page are from ISA - International Society of Automation, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: ICS Cyber Talks PodcastEpisode: וובינר ניהול משבר סייבר במגזר התעשייתיPub date: 2024-05-15וובינר בנושא ניהול משבר במגזר התעשייתי בהנחייתו של יוגב נחום מחברת קוד בלו  משתתפים: חגית איסר - מנכ"לית דגש פ.ק  יסמין טל בדש - מנהלת סיכוני סייבר עולמי של טכנולוגיה תפעולית וחדשנות באי.סי.אל לשעבר כימיקלים לישראל יוסי שביט - ראש יחידת סייבר בתעשייה המשרד להגנת הסביבה נחשון פינקו - סייבר אוונגליסט וסמנכ"ל בכיר ליעוץ ניאטק סייבר סקיורטי בע"מThe podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Unsolicited Response (LS 34 · TOP 5% what is this?)Episode: Chris Hughes, Author of Effective Vulnerability ManagementPub date: 2024-05-15Chris Hughes and Nikki Robinson recently wrote the book Effective Vulnerability Management. Dale and Chris discuss the topic and book including: The definition and scope of vulnerabilities. It’s much more than coding errors that need patches. Are ICS protocols lacking authentication “vulnerabilities” The reality that most organizations have 100’s of thousands of unpatched vulnerabilities. Some statistics and will this change. Ways to prioritize what vulnerabilities you address. The SSVC decision tree approach that was introduced at S4 as Never, Next, Now Tooling … vulnerability management, software configuration, ticketing, remediation. And much more.   Links: Effective Vulnerability Management, https://www.amazon.com/Effective-Vulnerability-Management-Vulnerable-Ecosystem/dp/1394221207/ Dale’s ICS-Patch Decision Tree, https://dale-peterson.com/wp-content/uploads/2020/10/ICS-Patch-0_1.pdf  The podcast and artwork embedded on this page are from Dale Peterson: ICS Security Catalyst and S4 Conference Chair, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Control Loop: The OT Cybersecurity Podcast (LS 34 · TOP 3% what is this?)Episode: Hacktivism targeting OT devices.Pub date: 2024-05-15US Defense Department warns of Russian hacktivists targeting OT devices. The US government establishes safety and security board to advise the deployment of AI in critical infrastructure sectors. Vulnerabilities affect CyberPower UPS management software. US congressmen put forward water system cybersecurity bill. Encore guest Garrett Bladow, Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. The Learning Lab is currently on a hiatus this episode. Control Loop News Brief.US DOD warns of Russian hacktivists targeting OT devices.Urgent Warning from Multiple Cybersecurity Organizations on Current Threat to OT Systems (NSA)US government establishes safety and security board to advise on deployment of AI in critical infrastructure sectors.DHS launches safety and security board focused on AI and critical infrastructure (FedScoop)Over 20 Technology and Critical Infrastructure Executives, Civil Rights Leaders, Academics, and Policymakers Join New DHS Artificial Intelligence Safety and Security Board to Advance AI’s Responsible Development and Deployment (DHS)Vulnerabilities affecting CyberPower UPS management software.Uninterrupted Power Supply (UPS): A Silent Threat to Critical Infrastructure Resilience (Cyble)US congressmen introduce water system cybersecurity bill.Crawford puts forward bill on cybersecurity risks to water systems (Arkansas Democrat-Gazette)Control Loop Interview.Guest is Garrett Bladow, Distinguished Engineer at Dragos, discussing active visibility into OT systems. Control Loop Learning Lab.The Learning Lab is on a break. Stay tuned. Control Loop OT Cybersecurity Briefing.A companion monthly newsletter is available through free subscription and on the N2K CyberWire website.The podcast and artwork embedded on this page are from N2K Networks, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.