Industrial Cybersecurity Insider

In this episode of the Industrial Cybersecurity Insider, host Dino sits down with Dan Cartmill, Sr. Global Product Marketing Director for TXOne Networks, to discuss the often misunderstood world of OT vulnerability management. Dan brings a unique perspective, having started as a practitioner 17 years ago, before transitioning to the vendor side. The conversation explores why simply creating a list of vulnerabilities isn't enough – and what organizations should actually be doing to reduce risk in their OT environments.Chapters:00:00:00 - Introduction and Dan's Background00:02:00 - Biggest Misconceptions About OT Vulnerability Management00:04:00 - Blind Spots in OT Vulnerability Scanning00:07:00 - Finding Vulnerabilities: OT vs IT Differences00:10:00 - Proactive Approaches to Unknown Vulnerabilities00:12:00 - How TX One Addresses Vulnerabilities Non-Disruptively00:15:00 - Virtual Patching and Operations-First Philosophy00:18:00 - IT/OT Convergence and Team Collaboration00:21:00 - Building Relationships with Third-Party Partners00:23:00 - Tabletop Exercises and Incident Response Planning00:26:00 - Key Takeaway: Never Forget Your Original Objectives00:28:00 - Dealing with Event Overload and Zero-Day VulnerabilitiesLinks And Resources:Dan Cartmill on LinkedInTXOne NetworksDino Busalachi on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this episode, Craig and Dino address why manufacturers still suffer incidents after spending millions on OT security tools. They discuss how to convert those investments into measurable risk reduction. You'll learn why buying tools isn't a strategy. Get insights into how to validate asset visibility on the floor (not just the network map), practical ways to reduce alert fatigue and assign ownership, how to close the OT incident response gap by connecting SOC to operators, the realities of flat Layer 2 networks and undocumented zones, how to handle technical debt at scale (EOL firmware, unpatched HMIs, safe upgrade paths), and why "everyone is responsible" often means no one is. Expect candid discussion on alert fatigue, flat networks, and the human constraints driving today's gaps, plus a concrete checklist for building a coalition that actually works to protect production environments.Chapters00:00:00 – Why incidents still happen after major OT cyber spend00:02:30 – Tools vs. outcomes: underusing capabilities and alert fatigue00:05:50 – Who owns plant‑floor cyber? Why CISOs, CIOs, OEMs, and SIs talk past each other00:08:10 – Define the use case before tuning sensors and policies00:10:00 – OT IR is missing: operators are the first responders00:11:20 – Network reality check: flat L2, VLAN gaps, and unmanaged switches00:13:30 – Change management and patching in OT: risk, downtime, and technical debt00:15:20 – Skills and staffing: the silver tsunami and "jack of all trades" constraints00:18:00 – What outside partners can and cannot do in plants00:21:00 – Visibility blind spots: validating coverage with floor‑level walkthroughs00:24:00 – It won’t stick without a coalition: getting plant managers, engineering, OEMs, and SOC alignedLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this episode, Scott Cargill, Partner of BW Design Group, joins Craig and Dino. Together they dissect the critical vulnerability gap in data center operational technology infrastructure. While most data centers implement robust IT security protocols, their building management systems controlling cooling, power distribution, and environmental controls remain significantly under-protected. Cargill provides technical analysis of how the rapid expansion of data center capacity for AI workloads has outpaced OT security implementation, creating exploitable attack vectors where minutes of system compromise could cascade into millions in equipment damage and service disruption. Through evidence-based examination and industry insights, this episode offers CISOs and OT security professionals a practical framework for addressing the IT-OT security convergence challenge in mission-critical facilities.They offer actionable strategies for vulnerability assessment, segmentation, and defense-in-depth implementation.Chapters:- 00:00:00 - Meet Scott Cargill of BW Design Group- 00:02:30 - Data centers expanding for AI- 00:04:40 - Critical BMS vulnerabilities being ignored- 00:07:40 - Alarming OT security reality- 00:09:40 - Why OT security remains deprioritized- 00:12:10 - IT-OT security convergence challenges persist- 00:16:35 - Manufacturing parallels to data centers- 00:20:10 - Security solutions evolution underway- 00:21:45 - Managed services necessity for OT- 00:24:42 - Thought leadership driving industry standardsLinks and Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityScott Cargill on LinkedInDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Industrial environments are complex. Aging systems, distributed plants, and a crowded vendor landscape make “buy another tool” a tempting but often costly reflex. In this episode, Dino Busalachi talks with Danielle “DJ” Jablanski, about moving from paper programs to measurable progress in OT security. They address why competence and capacity must come before capabilities, how to right-size your technology stack through tool rationalization, and why interdependence mapping is foundational for real resilience.00:00:00 – Why OT maturity often stalls00:06:00 – Where to focus first: assets, segmentation, and access00:08:20 – Governance gaps: frameworks on paper vs. controls in practice00:10:10 – Interdependence mapping beyond "crown jewels"00:12:30 – Operators as first responders and safe-state realities00:16:15 – Vendor and OEM ecosystems: who owns the response plan?00:20:10 – Threat intel's limits: effects‑based security over means‑based noise00:22:00 – Incident readiness in plants: plans, practice, and ownership00:26:00 – Supply chain fragility and concentration risk in manufacturing00:29:30 – Tool rationalization: measuring ROI, coverage, and usabilityLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.DJ's Blog on Interdependence Mapping: https://claroty.com/blogDanielle Jablanski on LinkedInIndustrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Hosts Craig and Dino discuss Mitsubishi's billion-dollar acquisition of Nozomi Networks and its implications for operational technology cybersecurity. They address how this major deal affects the industrial security market.The conversation covers IT/OT convergence challenges, managed services, vendor partnerships, and AI in cybersecurity decision-making. Craig and Dino share practical insights for security leaders and engineering professionals working in industrial environments.Topics covered: • Why Mitsubishi made this $1B investment • How this affects choosing security vendors • The growing role of managed services in OT security • What organizations should do to prepare for changesFor cybersecurity professionals, industrial engineers, and executives working with operational technology and cyber defense.Chapters:00:00:00 - Welcome to Industrial Cybersecurity Insider Podcast00:01:26 - A Trend of Cybersecurity Platform Acquisitions00:02:03 - The "Cyber-Informed Engineering" Play00:02:52 - Market Impact: Setting a Billion-Dollar Bar for Competitors00:05:06 - A Lack of Expertise and Resources00:05:48 - The Challenge of Building an In-House Team vs. Using Managed Services00:07:40 - Embedding Security Directly into Hardware Controllers00:09:33 - How Competitors Like Rockwell Might React00:10:00 - IPO or Acquisition?00:14:42 - The On-Prem vs. Cloud Debate in Manufacturing Environments00:16:50 - 87% of Organizations Are Lagging in Cybersecurity Maturity00:17:20 - The IT/OT Resource and Knowledge Gap00:18:54 - The Need for CIOs to Partner with OT Systems Integrators00:21:25 - The "OnStar" Model for Industrial Security00:22:15 - The Reality of Vendor Lock-In and Warranty Issues00:24:14 - OT Needs to Own Its Cybersecurity Strategy00:25:12 - The Risk of Underutilized Security ToolsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this episode, Craig and Dino address one of the most pressing challenges in industrial cybersecurity: the gap between responsibility and authority for CISOs and their ability to protect manufacturing and critical infrastructure plant floors. While executives are tasked with ensuring resilience and reporting to the board, they often hit resistance at the plant floor where production uptime and safety KPIs take priority. The conversation explores IT/OT convergence, asset visibility blind spots, OEM restrictions, and the risks of relying on remote-only deployments. With insights from decades of hands-on experience in industrial environments, Craig and Dino outline practical steps for building bridges between IT and OT, aligning financial risk with security strategy, and equipping CISOs with the authority they need to succeed.Chapters:00:00:00 - Welcome to the Industrial Cybersecurity Insider Podcast00:01:11 - The CISO's Core Conflict of Responsibility Without Authority00:02:45 - Why Security Efforts Get "Kneecapped at the Front Door"00:04:04 - Understanding the OT Environment and Its Unique Technology00:05:36 - Building Bridges Between IT and OT as the Solution00:07:44 - Overcoming OT's "Skittish" Resistance to IT00:09:43 - The Scaling Problem of Too Few Engineers for Too Many Plants00:10:57 - Why a Remote-First Approach Fails in Manufacturing00:14:44 - The "Epiphany" of Uncovering Operational Benefits for OT Teams00:17:24 - Navigating OEM Warranties and Equipment Restrictions00:19:14 - The "Trust but Verify" Mandate for a CISO00:20:56 - The Danger of Hidden Networks and the "Air Gap" Myth00:23:16 - Speaking the Language of Business in Dollars and Cents00:24:43 - Aligning Security with the Plant's Capital Master Plan00:27:24 - How Company Ownership Affects Security Investment00:28:16 - How to Give the CISO Real AuthorityLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this essential rewind episode, Dino Busalachi and Craig Duckworth address a fundamental challenge facing practitioners in the field: effectively securing operational technology (OT) environments through local expertise and proper data collection.The Power of Local PartnershipDino emphasizes a crucial principle that often gets overlooked in cybersecurity implementations: "The only way you can act local is you've got to work with those folks that are in those plants every day, all day."This insight highlights why external cybersecurity consultants must forge strong partnerships with on-site operational teams who possess intimate knowledge of their industrial environments.These local experts understand the nuanced details that can make or break a security implementation. This includes everything from vendor schedules and machine operations to maintenance windows and downtime planning.They know when critical systems are most vulnerable and which processes absolutely cannot be interrupted.Chapters:00:00:00 - Why Local Collaboration is Critical for Cybersecurity Success00:01:07 - Meet Dino and Craig: Experts in IT/OT Integration00:01:49 - Unpacking the Challenges of IT/OT Convergence00:02:28 - Why IT and OT Teams Often Struggle to Align00:04:48 - Building Collaborative Frameworks for Stronger Cybersecurity00:07:33 - The Role of CIOs and CISOs in Driving Change00:08:44 - Navigating the Complexities of Diverse Plant Environments00:10:23 - Partnering with Vendors to Enhance Security Outcomes00:11:16 - Key Questions to Evaluate System Integrators Effectively00:16:35 - Using Tabletop Exercises to Align IT and OT Teams00:22:20 - Closing Thoughts: Bridging the Divide for Unified CybersecurityLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this episode, Craig and Dino break down the FBI’s latest cybersecurity advisory and what it means for industrial organizations. From Cisco hardware vulnerabilities on the plant floor to the widening gap between IT and OT security teams, they address the critical blind spots that attackers often exploit. They discuss why manufacturing has become ransomware’s “cash register,” the importance of continuous monitoring and asset visibility, and why every organization must have an incident response plan in place before a crisis. This episode is packed with real-world insights and actionable strategies. It's a must-listen for CISOs, CIOs, OT engineers, and plant leaders safeguarding manufacturing and critical infrastructure.Chapters:00:00:52 - Welcome to Industrial Cybersecurity Insider Podcast00:01:21 - A New FBI Advisory on Nation-State OT Threats00:02:37 - Cisco Hardware on the Plant Floor Targeted in Advisory00:03:18 - The IT/OT Disconnect: OT Assets are Often Invisible to InfoSec Teams00:04:19 - The Awareness Gap: Critical Security Alerts Fail to Reach OT Operations00:04:54 - The OT Cybersecurity Skills Gap and Cultural Divide00:07:32 - Why All Manufacturing is Critical, Citing the JBS Breach00:08:37 - The Staggering Economic Cost of OT Breaches00:09:33 - The "Cash Register" Concept: Why Attackers Target Manufacturing00:10:29 - OT as the New Frontier for Attacks on Unpatched Systems00:11:28 - The "Disinterested Third Party": When OEMs See Security as the Client's Problem00:12:31 - The Foundational First Step: Gaining Asset Visibility & Continuous Monitoring00:13:53 - The Impracticality of Patching in OT Due to Downtime and Safety Risks00:15:25 - Academic vs. Practitioner: Why High-Level Advice Fails on the Plant Floor00:18:25 - The Minimum Requirement: A Practiced, OT-Inclusive Incident Response Plan00:18:58 - Why CISOs Must Build Relationships with Key OT Partners00:22:46 - Practice, Partner, and Protect NowLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this week's rewind episode, Dino Busalachi is joined by Gary Kneeland from Claroty. With over nine years of experience at Claroty, Gary discusses the evolution of OT security, the convergence of IT and OT, and the growing importance of cybersecurity in protecting critical infrastructure. The conversation touches on how regulatory changes, ransomware threats, and AI advancements are shaping the industry. Whether you’re dealing with outdated systems or navigating complex industrial environments, this episode provides practical insights into the challenges and opportunities ahead.Chapters:00:00:00 - Pandemic's Impact on Critical Infrastructure00:01:08 - Introduction to Gary Neelan and Claroty00:01:41 - Gary's Role in OT Cybersecurity00:02:49 - Evolution of OT Cybersecurity: From Compliance to Strategy00:05:23 - IT and OT Convergence: Securing Cyber-Physical Systems00:09:46 - Addressing Complex Challenges in OT Cybersecurity00:11:56 - OT Cybersecurity Talent Shortage and Managed Services00:13:01 - Future of OT Cybersecurity: Adapting to New Threats00:14:36 - Modernizing Manufacturing Systems for Enhanced Security00:15:52 - Global Cybersecurity Trends in Critical Infrastructure00:18:01 - Regional OT Cybersecurity Challenges and Responses00:25:01 - The Role of AI in Defending OT Environments00:28:19 - Final Thoughts on OT Cybersecurity's FutureLinks And Resources:Links And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityGary Kneeland on LinkedInDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this hard-hitting episode of Industrial Cybersecurity Insider, host Dino Busalachi sits down with two battle-tested experts: Debbie Lay from TXOne Networks and Patrick Gillespie from GuidePoint Security. Together, they pull back the curtain on the messy, complex world of operational technology (OT) cybersecurity, where million-dollar cybersecurity losses happen regularly.This isn't your typical cybersecurity podcast filled with vendor pitches and theoretical frameworks. Instead, you'll get an unvarnished look at what really happens when industrial organizations try to secure their critical infrastructure. From the shocking reality of cyber insurance claims being denied over half-implemented multi-factor authentication to the all-too-common sight of HMI passwords scrawled in permanent marker on the plant floor. This conversation exposes the gap between cybersecurity best practices and industrial implementation and protection reality.What makes this episode essential listening:Real financial impact: Learn why industrial breaches cost $5.5-6 million on average, with downtime running $125,000 per hourPractical solutions that work: Discover how segmentation, virtual patching, and agentless endpoint tools can protect legacy systems without breaking the bankPolitical warfare decoded: Understand the often-toxic dynamics between IT and OT teams that sabotage security initiativesImplementation roadmaps: Get actionable strategies for deploying zero-trust architectures on the plant floorWhether you're a CISO struggling to justify OT security budgets, an engineer trying to protect decades-old industrial systems, or a consultant navigating the minefield of industrial cybersecurity politics, this episode delivers the kind of street-smart insights you won't find in vendor whitepapers.Chapters:00:00:00 - Cyber insurance denied over incomplete MFA 00:03:21 - What clients face as they begin the OT security journey00:06:35 - Industrial breach cost stat ($5.5–$6M; ~$125k/hour downtime) 00:07:36 - Too many IT tools forced into OT00:08:47 - Investment hurdles and budgeting misalignment00:11:05 - Collaboration between OT asset owners and the CISO00:13:24 - Hamilton ransomware: 80% hit; cyber insurance denied for incomplete MFA00:14:26 - HMI username/password written in Sharpie; segue to TXOne solutions00:18:22 - Who embraces TXOne first—IT or OT?00:20:58 - CISOs on OT priorities and piloting top sites00:22:25 - The ugly: Lacking OT inventory, unclear playbooks, starting from zero00:23:26 - The good: Safeguarding OT, anomaly alerts, avoiding risky legacy connections00:24:34 - Healthcare imaging case: XP-based systems, high replacement costs00:27:03 - AI useful in SOC/baselining; humans still required on OT side00:29:15 - Combining best-of-breed solutions to avoid costly deployment gaps00:29:47 - Why deployments stall—overwhelm and fatigue after tech selectionLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Debbie Lay, TXOne Networks on LinkedInPatrick Gillespie, GuidePoint Security on LinkedInIndustrial Cybersecurity Insider on LinkedInCybersecurity...

Many manufacturing leaders believe they’re seeing 80–85% of their OT environment industrial assets. But in this episode, Dino and Craig reveal the reality that most have visibility into only 30–35% of their industrial control system assets, leaving the hidden 70% vulnerable. In this hard-hitting episode, they dismantle the false sense of OT security. They explore why million-dollar cybersecurity tool investments aren't fully utilized, and expose the costly disconnect between corporate IT, plant-floor teams, and third-party vendors. From debunking the air gap myth to stressing the need to trust but verify every connection, they show how to turn underutilized tools into proactive defenses that improve both security and operational efficiency. If you think your ICS is fully protected, this conversation might change your mind.Chapters:00:00:00 - Introduction: When Inefficiency Becomes Expensive00:00:59 - The Hidden Danger of Feeling Secure in Manufacturing00:03:58 - Why True Visibility and Accurate Data Change Everything00:07:18 - Real-World Roadblocks: Missteps and Mixed Messages00:10:24 - Who Holds the Power vs. Who Bears the Blame in Cybersecurity00:21:47 - Charting a Smarter Path to Stronger Cyber Defenses00:25:27 - Conclusion: Actionable Moves to Level Up Your SecurityLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this episode of Industrial Cybersecurity Insider, Craig Duckworth sits down with Ian Bramson, VP of Global Industrial Cybersecurity at Black & Veatch, to explore what it really takes to secure complex industrial systems. Whether you're retrofitting legacy brownfield environments or designing cybersecurity into greenfield builds, Ian unpacks the foundational questions every organization must answer:What do you need to protect? Where are your holes? Can you see what's happening and respond if something goes wrong? From AI-enabled attackers to real-time asset visibility, he shares actionable insights on risk management, OT monitoring, and why leaders must begin treating cybersecurity like safety, not just an IT function. Whether you’re managing a water treatment plant, a power plant, or smart transportation infrastructure, this conversation delivers clarity in complexity - and guidance for what to do next.Chapters:00:00:00 - Uncovering Hidden Dangers in Remote Access00:00:59 - Meet Ian Bramson: Defending the World’s Most Critical Systems00:02:58 - Why Critical Infrastructure Is Everyone’s Business00:03:30 - Power and Water: The Frontlines of Cyber Defense00:09:07 - Decoding NERC CIP: What You Really Need to Know00:10:38 - Walking the Tightrope Between Compliance and True Security00:17:01 - Proven Cybersecurity Tactics That Actually Work00:22:50 - AI in Cybersecurity: Game-Changer or New Threat?00:24:47 - How Public and Private Sectors Tackle Cyber Risk Differently00:29:31 - Ian Bramson’s Final Playbook for Today’s CISOsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Craig Duckworth sits down with seasoned attorney and cyber crisis strategist Josh Cook, founder of Left of Boom Consulting. Together, they explore the pivotal role of proactive preparation in cybersecurity especially for mid-market and industrial organizations navigating today’s hyper-connected, AI-augmented threat landscape. Josh shares hard-earned insights from decades of incident response leadership, emphasizing why building your cyber playbook before the attack is critical. From legal implications and executive missteps to the psychological attributes needed in your incident command post, this conversation is a masterclass in cyber resilience and proactive protection by design.Chapters:00:00:00 – Kicking Off with Chaos: Why Incident Response Matters00:01:02 – Enter Josh Cook: Legal Strategist Turned Cyber Commander00:01:18 – War Stories and Wisdom: Josh’s Journey to Left of Boom00:02:38 – Planning Beats Panic: Mastering the Art of Pre-Incident Prep00:04:17 – Assembling the A-Team: Who Belongs in Your Cyber War Room00:09:07 – AI at the Front Lines: Friend, Foe, or Something in Between?00:12:42 – Industrial Chaos: What’s Really Holding Cybersecurity Back00:16:07 – Boardroom to Shop Floor: Why the C-Suite Can’t Stay Silent00:25:18 – No Secrets Here: Transparency and the Power of Telling the Truth00:29:08 – Parting Shots: Josh’s Battle-Tested Advice for ResilienceLinks And Resources:Josh Cook on LinkedInWebsiteWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this episode, Dino Busalachi and Craig Duckworth tackle one of the most overlooked threats in cybersecurity: the number of industrial vendors and system integrators in manufacturing environments. The conversation addresses the relationship and communication gap between IT and the teams responsible for designing and supporting industrial control systems. They emphasize the need for improved governance, enhanced vendor accountability, and clear ownership of cyber risk. Whether you're a CISO, CIO, or VP of Engineering, this episode offers actionable insight into bridging the IT/OT divide, securing plant floors, and building a cybersecurity strategy that works at the edge of your business.Chapters:00:00:00 - Kicking Off: Why Transparency in Cyber Matters00:00:43 - Who’s Talking? Meet Craig & Dino00:01:05 - The Big Question: What’s IT’s Role in Industrial Security?00:01:35 - When Too Many Vendors = Chaos00:02:37 - How to Actually Secure OT Environments00:03:46 - Choosing the Right Partners (and Asking the Right Questions)00:12:37 - Why Cyber Teams Need Plant Floor Time00:14:24 - Getting Smarter: Use External Experts & Vendor Summits00:18:22 - IT Meets OT: Closing the Culture Gap00:30:03 - What Now? Practical Next Steps for CISOsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this episode, Craig Duckworth and Dino Busalachi discuss the critical role of the C-suite in fortifying manufacturing environments against cyber threats. They discuss the unique challenges that manufacturing organizations face. Their conversation reinforces the importance of executive teams understanding and actively engaging in industrial OT cybersecurity strategies. With compelling arguments for a more involved C-suite, Craig and Dino explore the intersection of cybersecurity and operational efficiency. They emphasize the need for leadership to understand and lead the charge to ensure security for industrial control systems. This episode serves as a wake-up call for executives to embrace their role in protecting their companies from potential adverse events. This episode highlights the fact that cybersecurity is not just an IT issue but a foundational aspect of modern business resilience.Chapters:00:00:00 - Meet Dino and Craig00:01:47 - Deciphering Cybersecurity's Extensive Influence on Manufacturing Dynamics00:03:29 - Unpacking the Costs: The Stark Reality of Ignoring Cybersecurity00:04:08 - The Interplay Between Cyber Insurance, Liability, and Organizational Security00:05:07 - Charting the Course: Fundamental Actions for Cyber Resilience00:07:35 - Implementing Cybersecurity Measures: A Tactical Overview for Manufacturing Leaders00:10:54 - The Imperative of Continuous Monitoring in Mitigating Cyber Risks00:14:11 - Bridging the Divide: Fostering Collaboration Between IT and OT Teams00:17:06 - Cultivating Cyber-Aware Culture: Integrating Security into the Manufacturing DNA00:20:01 - Forward Momentum: Strategic Insights for Executive Leadership on Cybersecurity00:24:28 - Reflecting on the Imperatives of Cybersecurity in the Manufacturing SectorLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this episode, Dino Busalachi and Craig Duckworth tackle a critical disconnect plaguing industrial organizations: the disconnect in understanding and communication between IT and OT regarding industrial cybersecurity. While some IT departments are investing in OT cybersecurity platforms, 85% of the data these tools collect is designed for OT teams to act upon. Unfortunately, plant floor personnel, system integrators, and OEMs working in these environments rarely get access to dashboards, asset inventories, or vulnerability reports.Organizations must move beyond the "oil and water" mentality between IT and OT. This means involving plant personnel in cybersecurity decisions, sharing data with trusted partners who "build the cars" (not just buy them), and recognizing that effective OT security requires collaboration with the people who live and breathe on the plant floor every day.Bottom Line: If you're not sharing cybersecurity data with your system integrators, OEMs, and plant operations teams, you're not practicing true IT-OT convergence. You're missing critical opportunities to improve your security posture where it matters most.Chapters:00:00:00 - Why Local Collaboration is Critical for Cybersecurity Success00:01:07 - Meet Dino and Craig: Experts in IT/OT Integration00:01:49 - Unpacking the Challenges of IT/OT Convergence00:02:28 - Why IT and OT Teams Often Struggle to Align00:04:48 - Building Collaborative Frameworks for Stronger Cybersecurity00:07:33 - The Role of CIOs and CISOs in Driving Change00:08:44 - Navigating the Complexities of Diverse Plant Environments00:10:23 - Partnering with Vendors to Enhance Security Outcomes00:11:16 - Key Questions to Evaluate System Integrators Effectively00:16:35 - Using Tabletop Exercises to Align IT and OT Teams00:22:20 - Closing Thoughts: Bridging the Divide for Unified CybersecurityLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this episode, Craig Duckworth and Dino Busalachi discuss the critical but often overlooked or misunderstood role of system integrators (SIs) in industrial cybersecurity.Key Issues Identified:Organizations typically work with multiple specialized integrators across different facilities and systemsSome SIs lack cybersecurity expertise, focusing primarily on equipment functionalityEquipment can remain connected to networks for decades, with ownership and oversight changing hands over timeSystem integrators must exercise proper IT coordination to implement remote access solutions effectivelyRecommendations:IT and OT teams should collaborate more closely with system integrators on cybersecurity planningOrganizations need to evaluate their SIs' cybersecurity capabilities and partnershipsConsider standardizing on integrators with demonstrated cybersecurity practices and vendor certificationsApply the same due diligence used for IT vendor selection to OT system integratorsBottom Line: System integrators are essential partners in executing industrial cybersecurity strategies and protection. Organizations must actively engage them in security conversations and ensure they have the necessary skills and partnerships to implement secure solutions for their plant environments from the start.Chapters:00:00:00 - Real-World Ransomware Hits the Plant Floor00:00:52 - Meet the System Integrators Shaping Your OT Plant Floor Security00:01:17 - What System Integrators Really Do (and Don’t)00:04:13 - Remote Access: The Hidden Backdoor Nobody Sees00:08:34 - Why Ongoing Monitoring Is Non-Negotiable00:13:30 - How to Pick the Right System Integrator For Your Operations00:26:17 - Building Strong Partnerships with Your IntegratorsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Craig and Dino break down how cyberattacks that start in traditional IT systems can shut down entire manufacturing production lines, leading to massive financial losses. Using real-world examples like UNFI's $500 million drop in market value in 60 hours, they explain how overlooked connections between IT and the OT plant floor are often the weakest links. You’ll hear why simply installing firewalls isn’t enough, how organizational silos between IT and operations cause major blind spots, and what it really takes to secure industrial equipment. Whether you're in leadership, technology, or operations, this episode will change how you think about cyber risk and business continuity in connected environments.Chapters:00:00:00 - Introduction: Where Responsibility Ends and Authority Doesn’t Begin00:01:08 - Meet Your Guides: Dino & Craig On the Frontlines00:01:14 - When Cyber Hits the Plant Floor00:01:28 - Real-World Wake-Up: The Unify IT Incident00:02:36 - The Gaps No One’s Watching in OT Security00:03:18 - How Org Structure Can Make or Break Cyber Defense00:04:03 - Plugging in OT Visibility: IDS in Action00:04:43 - Who’s Really Calling the Shots—Corporate or the Plant?00:07:02 - IT-OT Convergence: What Leaders Must Understand00:13:14 - Building Cyber Defense That Actually Works00:15:25 - Recovery Starts Before the Breach00:17:37 - Why IT Alone Can’t Fix OT Problems00:24:55 - Just Getting Started? Here’s What to Do First00:28:33 - Final Word: You Can’t Secure OT AloneLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

What happens when the CISO inherits responsibility for the security of the plant floor?Dino and Craig discuss a growing trend: CISOs are being expected to oversee cybersecurity for industrial plant floors. Unfortunately, they don't have the background to effectively take on this responsibility.A perpetuating trend exists where cybersecurity leaders are expected to protect factories and industrial assets without the authority, tools, or support to do so effectively.In this conversation, Dino and Craig explain why traditional IT security approaches don’t work in these environments, and how things like outdated equipment, disconnected systems, and outside vendors make the challenge even harder. From weak remote access tools to the confusion around who actually manages plant security, this episode shines a light on the hidden risks most companies overlook.Whether you're in IT, operations, or a leadership role, you’ll walk away with a better understanding of how to approach cybersecurity in complex industrial settings.You'll also gain insights into the steps you can take to protect your people, your technology, and your bottom line.Chapters:00:00:00 - Kicking Off: Smart Tool Choices Start Here00:01:02 - When CISOs Inherit the Factory Floor00:02:17 - Making Friends with OEMs and Integrators00:04:47 - Why OT Security Is a Whole Different Beast00:08:50 - Cyber Budgets: Where’s the Money Really Coming From?00:13:10 - How to Actually Roll Out Security in the Plant00:18:35 - VPNs Aren’t Enough: Fixing Remote Access00:24:42 - What OT Incident Response Really Looks Like00:27:17 - Wrapping It Up: Strategy, Buy-In, and What’s NextLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this rewind episode, cybersecurity leaders revisit some of the hardest-hitting truths about protecting critical infrastructure in an increasingly converged IT/OT world. This conversation explores the disconnect between IT theory and OT reality, from the real-world fallout of the CrowdStrike disruption to the challenges of virtual patching, insider threats, and the cloud’s role on the plant floor. The discussion exposes how legacy systems, poor collaboration, alert fatigue, and vendor dependency continue to sabotage industrial cybersecurity. They discuss tactical strategies for improving, from asset inventory and patching hygiene to choosing the right partners and walking the plant floor.Chapters:00:00:00 - Cyber threats are moving faster than your patch cycle00:00:47 - Crowdstrike, Virtual Patching and Industrial OT Environments with Debbie Lay, TXOne Networks00:07:48 - The #1 Myth Putting Your Industrial OT Assets at Risk00:15:01 - Patch Management and Software Updates: IT versus OTLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!