Industrial Cybersecurity Insider

Dino and Craig break down what they are seeing in real industrial environments as companies begin the OT cybersecurity journey. They outline why most organizations are still in an “unaware to awareness” phase, what creates the “oh wow” moment after the first pilot, and why ownership and execution often falls to plant-floor teams and their OEM and integrator partners.The conversation covers the limits of surface-level visibility, why accurate asset inventory and remote access control are foundational, and how practical constraints like flat networks, legacy switches, warranty concerns, and limited human capital can stall progress.They also share cautionary examples of IT-first security tooling causing operational impact, and they close with a clear message: think globally, act locally, and build a defensible OT program that matches how plants actually run.Chapters:(00:00:00) Why OT vulnerabilities and remote access are the real “kicker”(00:01:00) The market reality: 60% unaware, 30% starting, 10% operationalized(00:03:00) Who owns remediation: IT vs OT and the plant-floor accountability gap(00:05:00) Why “visibility” often stops at Purdue Level 3 and misses Level 2 assets(00:07:00) OEMs, integrators, and why support models matter in OT cybersecurity(00:09:00) Flat networks, north-south traffic, and why you still miss panel-level devices(00:11:00) The human capital problem and why outsourcing is often unavoidable(00:18:00) A real-world warning: EDR in ICS can create massive operational cost(00:20:00) Safety, quality, and cybersecurity: the three things leaders will fund(00:24:00) Change management failures and why monitoring PLC edits mattersLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Craig Duckworth sits down with CIO and Chief Enterprise Architect Shellie D'Angelo to address why so many OT and IT modernization efforts stall out at the foundation.Shellie explains why data governance must come before “another tool,” how inconsistent data quality quietly sabotages reporting and risk decisions, and why leadership transparency is the fastest path to maturity. Craig and Shellie also explore the reality of shadow IT on the plant floor, the growing impact of AI as both a defensive advantage and an attacker accelerator, and the practical steps teams can take to move from reactive chaos to measurable business outcomes.Chapters:(00:00:00) Why honest risk conversations are the starting line(00:01:00) Shellie’s background: rebuilding enterprise tech foundations(00:02:00) OT/IT convergence: start with business drivers and data governance(00:05:00) “Tools first” vs business-first security decisions(00:08:00) Knowing what you have before buying more tools(00:11:00) How far along are most organizations, really?(00:15:00) AI as a double-edged sword: defense vs attacker acceleration(00:18:00) Where to start: inventory first vs governance structure(00:22:00) OT tech is often easier prey: PLCs, HMI/SCADA, cameras(00:25:00) Partnering vs going it alone: don’t reinvent the wheel(00:26:00) Tech debt and why technology can’t be an afterthought(00:29:00) Governance should increase speed, not slow it down(00:30:00) Final advice: “turn chaos into cash” and own your impactLinks And Resources:Shellie D'Angelo on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Dino Busalachi sits down with Simon Chassar, former Chief Revenue Officer at Claroty and current OT cybersecurity advisor and investor, to explore the evolution and future of industrial cybersecurity. Simon shares insights from his decade-long journey in the space, discussing how OT asset visibility has become commoditized and why the industry is experiencing two major shifts: moving right toward threat-led SOC services and perimeter protection, and moving left toward secure-by-design approaches and attack simulation. They dive into the persistent challenge of self-performing versus partnering with specialized integrators, the critical skills shortage commanding 30-40% salary premiums, and why AI is both accelerating security challenges and offering new solutions. Simon reveals how private equity firms are finally prioritizing OT cybersecurity at the board level, discusses the emerging OT SOC landscape, and explains why the traditional IT security budget model is failing operational technology environments. The conversation addresses the disconnect between IT leadership and the OT ecosystem, the proliferation of unmanaged remote access technologies, and the urgent need for manufacturers to engage their trusted system integrators and OEMs as cybersecurity partners before the next major incident occurs.Chapters:(00:00:00) - Meet Simon : From Claroty's Hypergrowth to OT Security's Next Chapter(00:02:00) - The Commoditization of OT Asset Visibility(00:04:00) - Two Major Industry Shifts: Right and Left(00:07:00) - The Self-Performing Problem: Why OT Security Becomes Shelfware(00:10:00) - IT/OT Convergence and the Skills Gap Crisis(00:13:00) - Secure by Design and the AI Leapfrog(00:15:00) - AI Uncovers Hidden OT Vulnerabilities and Risks(00:18:00) - Funding Models and Private Equity's Cybersecurity Awakening(00:22:00) - Why the OT Ecosystem Must Drive Its Own Security Strategy(00:25:00) - M&A Activity and Consolidation in OT Cybersecurity(00:27:00) - The Rise of OT SOCs and MSP PartnershipsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Craig and Dino recap their experience at S4X26, the leading global OT cybersecurity conference in Miami.They discuss the conference's "connected" theme and how AI is creating an inflection point in industrial cybersecurity, driving unprecedented connectivity between IT and OT environments.The hosts explore the challenges of the "silver tsunami" as experienced engineers retire, how AI-powered tools are being embedded directly into edge devices and industrial products from vendors like Cisco and Fortinet, and why the regulatory landscape in Europe is advancing faster than other regions.They emphasize the importance of connecting with peers and partners in the OT security community, highlight key vendors and technologies showcased at the event, and explain why both IT and OT professionals should attend S4X together to bridge the knowledge gap.The episode concludes with details about next year's expanded conference in Tampa, February 8-11.Chapters:(00:00:00) - Random Encounter with Team USA Hockey in Miami(00:01:00) - S4X26 Conference Kickoff: The "Connected" Theme(00:03:00) - AI as the Inflection Point for OT Connectivity(00:05:00) - AI Embedded in Edge Devices and Vendor Technologies(00:07:00) - First-Time Attendee Experiences and Key Takeaways(00:10:00) - Europe's Cyber Resiliency Act and Regulatory Advancements(00:12:00) - Vendor Presence and the OT Technology Marketplace(00:14:00) - S4X27 Moving to Tampa: February 8-11, 2027(00:16:00) - AI's Role in Addressing the Silver Tsunami(00:18:00) - Final Thoughts: Why IT and OT Teams Should Attend TogetherLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

As we look back, Craig and Dino tackle a critical disconnect in industrial cybersecurity: the failure to share OT security tool data with the people who actually need it.They explore why IT teams often purchase and deploy OT IDS platforms without engaging plant floor teams, system integrators, and OEMs who are actively working in manufacturing environments.The conversation reveals that 85% of data collected by these tools is meant for OT teams to act on, yet it rarely reaches them.They discuss the consequences of this siloed approach—including system integrators bringing their own tools to fill the gap—and provide practical advice on achieving true IT/OT convergence.The episode emphasizes the importance of working with partners who can "build the car" rather than just "sell the car," and challenges organizations to evaluate whether they're truly practicing IT/OT convergence or just paying lip service to it.Chapters:(00:00:00) - The Data Sharing Problem in OT Cybersecurity(00:01:00) - Why System Integrators Can't Access Security Tool Data(00:04:00) - Who's Keeping the Data and Why(00:08:00) - The IT/OT Oil and Water Problem(00:11:00) - When System Integrators Bring Their Own Tools(00:14:00) - Questions to Ask Your Cybersecurity Partners(00:17:00) - The Car Analogy: Buyers vs. Builders(00:19:00) - Who Asset Owners Really Trust(00:21:00) - The Three-Legged Stool of OT Security(00:23:00) - The Path to True IT/OT ConvergenceLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

LuRae Lumpkin, Producer of Industrial Cybersecurity Insider, sits down with industrial cybersecurity expert Dino Busalachi to break down the 2026 World Economic Forum Global Cybersecurity Outlook Report and what it really means for manufacturers. While the report surveyed nearly a thousand CEOs, CIOs, and CISOs, Dino reveals a critical blind spot: industrial control systems and OT environments are being left dangerously exposed. They discuss how AI is becoming a double-edged sword for attackers and defenders, why supply chain vulnerabilities remain unaddressed, the shocking lack of cybersecurity skills on plant floors, and why most companies still aren't conducting incident response exercises. Dino shares real-world insights from working in nearly 2,000 plants over four decades, explaining why IT and OT remain disconnected, how remote access creates massive security gaps, and why outdated equipment with decades-old vulnerabilities sits unpatched in critical manufacturing environments. The conversation reveals that while enterprises focus on IT security, the plant floor—where revenue is actually generated—remains critically vulnerable, with potentially catastrophic consequences for businesses, supply chains, and even national GDP. Chapters: (00:00:00) - Introduction and Overview of WEF 2026 Cybersecurity Report (00:01:00) - Where Cybersecurity Funding Actually Goes: IT vs OT Reality (00:03:00) - The Myth of Disconnected Legacy Equipment (00:05:00) - AI as a Double-Edged Sword in Industrial Environments (00:08:00) - The Vulnerability Crisis: Thousands of Unpatched Systems (00:09:00) - Third-Party and Supply Chain Security Gaps (00:12:00) - Remote Access: The Hidden Attack Vector (00:14:00) - Critical Supplier Dependencies and Decentralized OT (00:15:00) - The Skills Gap: Why Industrial Cybersecurity Expertise is Scarce (00:19:00) - The Shocking Truth About Incident Response Exercises (00:22:00) - Real-World Impact: When Manufacturers Get Hit (00:24:00) - Getting All Stakeholders in the Same Room (00:28:00) - Insurance vs Prevention: The True Cost of Cyber Incidents (00:29:00) - Final Thoughts: Who Should Own OT Cybersecurity? Links And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Craig and Dino tackle the critical differences between IT and OT Security Operations Centers, revealing why traditional IT-centric SOCs are failing to protect manufacturing environments.Drawing from real-world examples, including a global beverage company that discovered they were only monitoring one-third of their OT assets, the hosts expose the fundamental disconnect between IT security teams and operational technology environments.They discuss why IT SOCs struggle with OT visibility, the challenges of asset inventory in dynamic manufacturing environments, and the critical importance of localization in security operations.The conversation covers practical barriers like line changeovers, PLC modifications, remote access vulnerabilities, and the need for OT-specific incident response protocols.Craig and Dino emphasize that effective OT security requires IT teams to become embedded in plant operations, working collaboratively with OEMs and system integrators, and understanding the unique operational context of manufacturing assets.This episode is essential listening for CISOs, plant managers, and security professionals trying to bridge the IT-OT security gap.Chapters:(00:00:00) - The Two-Thirds Problem: When Your SOC Can't See Your Plant Floor(00:01:00) - The OT SOC Asset Visibility Problem: A Case Study(00:03:00) - Why IT SOCs Can't Manage OT Assets(00:05:00) - Line Changeovers and Operational Context(00:07:00) - First Responders and Incident Response Challenges(00:10:00) - The WannaCry Response Gap(00:12:00) - Asset Inventory and Baseline Challenges(00:15:00) - Incident Response and Phone Trees(00:17:00) - Organizational Accountability Problems(00:19:00) - Greenfield Opportunities and Standardization(00:22:00) - The IT-OT Collaboration Challenge(00:24:00) - Think Global, Act Local: Embedding IT in PlantsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Dino and Craig reunite to tackle the shifts occuring in industrial cybersecurity in 2026.They discuss how OT-focused IDS software companies are shifting away from managed services to partner with systems integrators who understand the plant floor.The conversation explores the challenges manufacturers face—from aging infrastructure spanning decades to flat layer-2 networks that give remote vendors unrestricted access.They emphasize that IT departments cannot effectively manage OT assets they don't own or understand, especially when dealing with equipment older than their cybersecurity staff.The episode covers the pitfalls of penetration testing in live manufacturing environments, the reality of shadow IT versus shadow OT, and why EDR solutions struggle in control system environments.Dino and Craig stress the importance of treating cybersecurity as a marathon rather than a sprint, starting with basic asset inventory and microsegmentation.They call on manufacturing leaders to stop deferring to IT for OT security, attend industry-specific conferences like S4X26, and partner with systems integrators who have deep automation expertise.With threats mounting, the time for action is now—not next quarter.Chapters:(00:00:00) - Welcome & What We've Been Up To(00:00:48) - The Big Shift: Why OT IDS Companies Are Backing Away From Managed Services(00:03:00) - The Shelfware Problem: When Security Tools Sit Unused(00:04:12) - Why Pen Testing Can Be Disruptive (or Dangerous) in Manufacturing Environments(00:05:54) - The Reality of Legacy Infrastructure: Equipment Older Than Your Cybersecurity Team(00:07:43) - Who Can Actually Patch Your Control Systems?(00:09:04) - Supply Chain Vulnerabilities: You're Only as Strong as Your Weakest Link(00:11:01) - The Last Mile Challenge: Asset Inventory, Microsegmentation & Starting Small(00:13:55) - The Shelfware to Tool-Switching Problem: Why Companies Are Reconsidering Their First Choice(00:16:18) - Shadow IT vs. Shadow OT: Who Really Owns Plant Floor Security?(00:19:00) - Why EDR Struggles in Control System Environments(00:21:35) - Time to Step Up: Why Manufacturing Leaders Can't Defer to IT Anymore(00:23:00) - Where to Learn: S4, Automation Fair, and Why You Need to Attend Industry Conferences(00:25:00) - Finding the Right Partner: Systems Integrators Who Speak Automation and Cybersecurity(00:27:00) - Final Thoughts: The Time for Action Is NowLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Dino sits down with Dick Wilkinson, CTO and co-founder of Proof Labs, to explore the intersection of space technology and industrial cybersecurity.Dick shares his 20-year journey in the U.S. Army with the National Security Agency, transitioning from signals intelligence to becoming a CISO for critical infrastructure organizations, including New Mexico's Supreme Court and the Albuquerque water authority.The conversation dives deep into the challenges of securing satellite systems with onboard intrusion detection and the persistent gap between IT and OT security teams. We also explore why the "castle wall" perimeter security model is dangerously outdated.Dick reveals how AI is lowering the barrier to entry for both attackers and defenders, and discusses the real-world applications of satellite communications in oil and gas operations.He also introduces a revolutionary physical layer-one air gap device called Goldilock Secure, which could transform how we protect remote industrial assets.This episode is essential listening for CISOs, CTOs, and security leaders looking to understand emerging threats in space-based infrastructure and practical solutions for securing distributed industrial environments.Chapters:(00:00:00) - Dick's Journey: From NSA to Space Cybersecurity(00:04:32) - What is Proof Labs and Why Space Security Matters(00:08:15) - Satellites as OT Assets: Oil, Gas, and Critical Infrastructure(00:12:47) - How Onboard Intrusion Detection Works in Spacecraft(00:16:23) - The Castle Wall Problem: Moving Beyond Perimeter Security(00:19:41) - IT vs OT: Bridging the Gap in Manufacturing Cybersecurity(00:24:18) - AI's Impact: Lowering the Barrier for Attackers and Defenders(00:27:35) - The Visibility Challenge: Why Most Plants Don't Know Their Assets(00:30:12) - Goldilock Firebreak: A Physical Air Gap Device That Changes Everything(00:35:20) - Real-World Applications for Remote Industrial Asset ProtectionLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Dick Wilkinson on LinkedInProof Labs WebsiteIndustrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Dino sits down with Adeel Shaikh Muhammad, a Dubai-based cybersecurity expert and researcher with 16+ years in IT and OT security. They dive into why IT and OT teams still can't communicate effectively. The conversation reveals why most CISOs struggle to secure manufacturing environments. Adeel shares real-world insights from securing industrial systems across the Middle East, Africa, and Asia. They tackle the implementation gap in OT SOCs and why legacy systems remain vulnerable. The discussion covers third-party access risks, OEM warranty restrictions, and system integrator challenges. AI might finally solve IT-OT convergence by acting as a translator between these worlds. But first, organizations need to master the fundamentals: asset inventory, vulnerability management, and network segmentation. Most companies still haven't nailed these basics in their industrial environments. This conversation cuts through the hype to focus on what actually works.Chapters:(00:00:00) - 16 Years in Cybersecurity: Why CISOs Don't Know What a PLC Is(00:01:48) - Career Journey: From IT to OT Cybersecurity Focus(00:02:48) - Books on AI Transforming Security Operations Centers(00:04:44) - The Implementation Gap: Challenges Building OT SOCs(00:06:40) - The IT-OT Cultural Divide and Missing Communication(00:08:40) - Why the OT Ecosystem Must Proactively Bring Cybersecurity Tools(00:10:00) - Can IT-OT Convergence Actually Happen?(00:11:00) - AI as the Bridge: The Black Box Solution for IT-OT Communication(00:12:42) - Legacy Systems Reality: Windows 7 Running $5M Equipment(00:14:00) - OT Cybersecurity Conferences: S4, Intersec, and Rockwell Automation Fair(00:16:00) - Market Consolidation: Who's Been Acquired in OT Security(00:17:48) - Back to Basics: Asset Inventory, Vulnerabilities, and Network Segmentation(00:18:40) - Third-Party Access Control and OEM Warranty Restrictions(00:20:40) - Why We Can't Ignore Asset Inventory and Segmentation in OT AnymoreLinks And Resources:Adeel Shaikh Muhammad on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Craig and Dino tackle one of industrial cybersecurity's most critical challenges in this Rewind episode: the massive gap between IT and OT patching strategies. IT organizations patch constantly—think Patch Tuesday. OT environments rarely patch at all, creating dangerous vulnerability gaps across connected networks. The hosts explore why this disconnect exists. Production floor downtime costs are astronomical, making patching a risky business decision. OEM restrictions complicate matters further. Many vendors won't support systems or warranties after unauthorized updates. Managing decades-old equipment alongside modern systems creates another layer of complexity. Legacy PLCs weren't designed with patching in mind. The consequences of not patching are mounting. Insurance companies are tightening requirements and regulatory pressures are intensifying. Craig and Dino offer practical solutions that don't require shutting down production lines. Virtual patching technologies can protect legacy control systems without traditional software updates. The hosts emphasize the urgent need for IT-OT collaboration. All stakeholders—including OEMs and system integrators—must be part of strategic cybersecurity conversations. This episode is essential listening for CISOs, plant managers, and anyone responsible for protecting industrial operations. The connected world isn't waiting for OT to catch up. Chapters:00:00:00 - Introduction to Patching Challenges00:01:08 - IT vs OT Patching: Key Differences00:02:55 - Understanding the Cost of Downtime in OT00:03:32 - Overcoming Challenges with Legacy Systems00:05:21 - Navigating OEMs and Safety Concerns00:06:45 - The Role of Safety in OT Patching00:08:52 - Exploring Virtual Patching Solutions00:13:11 - Enhancing Vendor Collaboration and Risk Management00:16:48 - Impact of Mergers and Acquisitions on Cybersecurity00:18:33 - Addressing Insurance and Compliance Issues00:20:12 - Significant Consequences of Not Patching00:23:14 - Building an Effective Collaborative Cybersecurity Strategy00:24:03 - Conclusion and Actionable InsightsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

This compilation episode brings together the most critical insights from Industrial Cybersecurity Insider conversations about the fundamental challenges plaguing OT security implementation and management.Industry experts dissect why traditional IT security approaches fail catastrophically on the plant floor, revealing that the core issue isn't technology—it's ownership, collaboration, and understanding.From the dangers of deploying endpoint detection without vendor qualification to the millions lost in unplanned downtime, this episode exposes the gap between security theory and operational reality.Listeners will discover why cybersecurity tools are often shelfware, how the "have and have-not" world creates vulnerability gaps across manufacturing facilities, and what "left of boom" thinking means for preventing incidents before they happen.Featuring hard-won lessons about shutdown windows, cyber-informed engineering, and the critical importance of building relationships between IT teams and plant floor operations, this episode delivers actionable intelligence for CISOs, plant managers, and anyone responsible for securing industrial control systems.Chapters:(00:00:00) - Introduction: The Core Problem of Ownership in OT Security(00:01:45) - Why IT Security Approaches Fail on the Plant Floor(00:04:30) - The Cloud Analogy: Lessons for OT Implementation(00:07:15) - The Missing Conversation: Capital Plans and OEMs(00:10:20) - IT vs OT Networks: Different Purposes, Different Risks(00:13:35) - EDR in OT: The Aftermarket Parts Problem(00:16:10) - Cyber-Informed Engineering: Building Security into Design(00:19:45) - The Have and Have-Not World of Plant Security(00:23:20) - Left of Boom: Visibility Beyond Security(00:27:15) - Who Should Lead the OT Security DiscussionLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this episode, Dino and Craig tackle one of manufacturing's most pressing challenges: the OEM blockade. They explore why brand-new equipment often ships with hundreds of unpatched vulnerabilities, how the gap between IT and OT teams creates operational blind spots, and why manufacturers can't rely on traditional IT solutions to secure their plant floors.From the CrowdStrike incident that took down HMIs to the "ghost in the machine" causing unexplained downtime, they reveal why OT teams must take ownership of their cybersecurity posture and build partnerships with the right ecosystem of OT-focused service providers.If you've ever wondered why your million-dollar machine center is running Windows 7 or why your cybersecurity reports don't match reality, this episode provides the answers—and a path forward.Chapters:(00:00:00) - The OEM Blockade Problem(00:01:00) - Understanding OEM Software Lock and Remote Access(00:03:00) - The Reality of Unpatched Vulnerabilities in New Equipment(00:06:00) - The IT/OT Blockade and Convergence Challenges(00:09:00) - Why IT Disciplines Don't Translate to OT Environments(00:11:00) - The CrowdStrike Incident: What Really Happened on Plant Floors(00:13:00) - The Lack of Due Diligence in Manufacturing M&A(00:16:00) - Chasing the Ghost in the Machine(00:19:00) - Process Integrity vs. Cybersecurity Tools(00:22:00) - Why OT Teams Must Take Ownership and Build the Right PartnershipsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Craig and Dino tackle one of the most pressing challenges in industrial cybersecurity: the disconnect between IT security teams and operational technology environments.They explore why traditional CISOs struggle to protect manufacturing plants despite their best intentions, revealing that most security executives get 30 minutes or less per quarter to present cyber risks to their boards—leaving little time to address the complexities of OT environments they barely understand.The conversation digs into the fundamental differences between enterprise IT and plant floor operations, where safety and uptime trump traditional security approaches, and where telling an engineer to remove a Windows 7 machine from the network might mean shutting down millions of dollars in production.Craig and Dino make a compelling case for why external expertise, cross-functional collaboration, and a fundamental shift in how organizations approach industrial cybersecurity are not just recommended—they're essential for survival in an evolving threat landscape where adversaries only need to get lucky once.Chapters:(00:00:00) - The IT Security Mindset vs. OT Reality(00:01:00) - Has the CISO Really Engaged with Industrial Cybersecurity?(00:03:00) - The Disconnect: IT Owns the Network, OT Owns the Assets(00:05:00) - What CISOs Don't Know About the Plant Floor(00:07:00) - Safety and Uptime: The Top Two Priorities CISOs Must Understand(00:10:00) - The Asset Visibility Problem: Do You Really Know What's Out There?(00:13:00) - 30 Minutes or Less Per Quarter: The CISO's Impossible Task(00:16:00) - Why External Expertise Isn't Optional Anymore(00:19:00) - The Cyber Insurance Myth: Why Your Policy Won't Save You(00:22:00) - Secure by Demand: Holding Vendors Accountable(00:25:00) - Getting to the "Know": Where to Start and What to AskLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this rewind episode, Craig and Dino tackle a critical disconnect in industrial cybersecurity: the gap between IT teams deploying OT security tools and the plant floor teams who desperately need the data these tools collect.They reveal why 85% of data from industrial cybersecurity platforms is meant for OT personnel, yet rarely reaches them.The conversation exposes how organizations invest heavily in tools like IDS platforms but fail to share vulnerability data, asset inventories, and network intelligence with the system integrators, OEMs, and plant teams actually working on their control systems.Craig and Dino discuss the consequences of this siloed approach—from incomplete asset visibility to duplicated tooling—and offer practical guidance on achieving true IT-OT convergence.They emphasize that organizations must work with partners who can "build the car, not just buy it," and stress the importance of tabletop exercises, proper vendor vetting, and collaborative frameworks that include the entire industrial ecosystem in cybersecurity planning and execution.Chapters:(00:00:00) - The Growing Problem: OT Teams Lack Access to Critical Security Data(00:01:47) - IT-OT Convergence in Practice: Are We Really Doing It?(00:04:42) - Why IT Teams Keep Security Data Siloed from Plant Floor Partners(00:06:38) - The Consequence: System Integrators Bring Their Own Tools(00:08:38) - The Disconnect Between IT Security Tools and OT Reality(00:11:48) - How to Bridge the Gap: Questions System Integrators Should Ask(00:15:42) - Vetting Your Security Partners: Can They Build the Car or Just Buy It?(00:17:46) - The Three-Legged Stool: Why IT-Only Security Fails in Manufacturing(00:20:48) - Action Steps: Creating a Comprehensive List of Your Industrial Ecosystem(00:22:48) - Final Thoughts: Moving Beyond Security Theater to True CollaborationLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Dino sits down with cybersecurity expert Wil Klusovsky to discuss the massive gap between IT security practices and OT reality. With 26 years of experience, Wil shares his unconventional journey into operational technology and reveals why most security tools end up as shelfware on plant floors.They dive deep into the communication breakdown between CISOs and plant operations, the critical role of system integrators and OEMs that IT leaders often ignore, and why the "air gap" myth continues to put manufacturing facilities at risk.Wil breaks down his framework for speaking to boards in language they understand, emphasizing business impact over technical jargon. The conversation covers everything from the challenges of MFA implementation in OT environments to why patching isn't always the answer. They discuss how organizations can build effective OT security programs by making cybersecurity everyone's responsibility - not just IT's problem.Chapters:(00:00:00) - Opening: The $50K Security Investment That Nobody Uses(00:01:00) - Will's Unconventional Journey Into OT Cybersecurity(00:03:45) - The Communication Gap Between IT and OT Teams(00:07:15) - Why Asset Visibility Tools Miss 135% of Your Equipment(00:10:30) - Speaking Board Language: Revenue Loss vs. Technical Jargon(00:13:25) - The Missing Third Leg: System Integrators and OEMs(00:17:30) - Making Cybersecurity Everyone's Job, Not Just IT's Problem(00:21:15) - Why Patching Isn't Always the Answer in OT Environments(00:25:45) - The Reality Check: Physical Security in Manufacturing Plants(00:28:30) - Building a Cybersecurity Program as a Journey, Not a DestinationLinks And Resources:Wil Online LinktreeWil Klusovsky on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Katie O'Brien shares her unconventional journey from music teacher to industrial cybersecurity expert, bringing over 25 years of IT experience into the OT world. In this conversation with Dino, Katie discusses the critical gaps in OT cybersecurity—from the lack of university programs teaching industrial security to the disconnect between IT and OT teams. They explore why system integrators and OEMs fail to design cybersecurity into new manufacturing projects from the start, compare it to building cars without safety features, and discuss the emergence of managed services in the OT space. Katie explains how Garland Technology helps organizations get visibility into aging infrastructure with unmanaged switches, and both hosts emphasize the urgent need for the OT ecosystem to drive cybersecurity conversations proactively rather than waiting for IT teams who may never have walked the plant floor.Chapters:(00:00:00) - The Hard Truths About OT Security Nobody Wants to Hear(00:01:06) - Katie's Unconventional Journey: From Music Teacher to OT Cybersecurity Expert(00:04:00) - The Current State of OT Cybersecurity and Future Directions(00:06:00) - The Education Gap: Why Universities Aren't Teaching Industrial Cybersecurity(00:08:00) - The Disconnect Between IT/Security Teams and OT Operations(00:10:00) - Designing Cybersecurity Into New Manufacturing Projects From the Start(00:13:00) - IT Teams Who've Never Walked the Plant Floor(00:16:00) - The Emergence of Managed Services in the OT Space(00:18:00) - Garland Technology: Getting Visibility Into Aging Infrastructure(00:19:00) - Software Defined Automation and the Future of Industrial Control(00:22:00) - Why the OT Ecosystem Must Drive the Cybersecurity Conversation(00:24:00) - The Real Cost of Downtime and Cyber Incidents in ManufacturingLinks And Resources:Katie O'Brien on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Dino sits down with industrial automation and industrial cybersecurity expert Kevin Kumpf, fresh off the floor of Rockwell Automation Fair 2025. They discuss why OT managed services are finally becoming viable for manufacturing, the critical 80/20 split between people and technology challenges, and how the industry's "silver tsunami" of retiring talent is forcing a reckoning. Kevin shares insights on building unified platforms that can manage everything from 30-year-old paper tape systems to AI-powered smart factories, why IT's "patch now" mentality fails in OT environments, and how the DG 360 platform is delivering true cyber-physical convergence today - not tomorrow. They discuss the reality that most OT cybersecurity tools only discover 30% of plant assets, the importance of human-in-the-loop decision making, and why the OT ecosystem - not IT - must drive the managed services revolution. This is a must-listen for anyone struggling with the complexity of protecting and managing modern manufacturing facilities.Chapters:(00:00:00) - Introduction and Rockwell Automation Fair Recap(00:01:43) - The OT Managed Services Evolution and Rebranding(00:04:15) - The Three-Legged Stool: IT, OT, and OEMs(00:07:32) - Point Solutions vs. Unified Platforms in Manufacturing(00:10:45) - The DG 360 Vision: 360-Degree Plant Visibility(00:14:28) - The Silver Tsunami and Training Challenges(00:18:22) - Alert Fatigue and Actionable Intelligence(00:22:45) - Software Defined Automation and Legacy Systems(00:26:18) - Why OT Must Drive the Cybersecurity Conversation(00:30:35) - Real-Time Demo and Implementation ReadinessLinks And Resources:Kevin Kumpf on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Former U.S. Secret Service Special Agent Richard LaTulip joins Craig Duckworth to reveal the hidden world of cyber criminal networks and infrastructure attacks. Drawing from his undercover work infiltrating dark web forums and catching some of the world's most sophisticated threat actors, Richard breaks down why traditional security approaches fail, how ransomware attacks actually cost organizations millions if not billions beyond the ransom payment itself, and why the timeline between compromise and detection has shrunk from months to minutes. He shares jaw-dropping statistics on vulnerability management failures, explains how adversaries are using AI to become exponentially more dangerous, and provides actionable insights for building resilient security programs that protect what matters most to your business. Whether you're defending critical infrastructure or managing security for a manufacturing organization, this conversation offers a rare insider perspective on the evolving threat landscape and what it takes to stay ahead of increasingly sophisticated cyber criminals.Chapters:(00:00:00) - Meet the Ex-Secret Service Agent Who Infiltrated Underground Cyber Criminal Networks(00:03:00) - Inside Operation Carder Kaos: Going Undercover in the Dark Web(00:06:00) - The Real Price Tag: Why Ransomware Costs Go Far Beyond the Ransom(00:11:00) - When Production Lines Go Dark: The Hidden Costs of Manufacturing Downtime(00:14:00) - Reality Check: How Prepared Is Your Organization for a Cyber Attack?(00:17:00) - The AI Arms Race: How Adversaries Are Weaponizing Artificial Intelligence(00:21:00) - 2027 Threat Landscape: What Keeps a Field CISO Up at Night(00:24:00) - Follow the Bitcoin: How Cyber Criminals Launder Billions Through Cryptocurrency(00:31:00) - Why Speed Matters: The Critical Window for Law Enforcement Notification(00:33:00) - The Security Leader's Playbook: Threat Intelligence + Business ContextLinks And Resources:Richard LaTulip on LinkedInRichard's Book: Operation Carder KaosRecorded FutureWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this eye-opening conversation, Dino and Craig address a critical issue facing manufacturing organizations today: the dangerous gap between perceived and actual cybersecurity preparedness in operational technology (OT) environments.They discuss why many organizations "don't know what they don't know" when it comes to securing industrial control systems, the myth of isolated manufacturing equipment, and why 25% of companies still lack comprehensive OT asset monitoring. Drawing powerful parallels to safety protocols, they explain why cybersecurity must become as ingrained in plant culture as wearing a hard hat on the factory floor.Their bottom line: Back up your beliefs with data, treat every system as if it's connected, and verify, don't just trust, your security posture. In OT cybersecurity, perception isn't reality, and that gap could cost not only millions but also brand perception and even human life.This episode is a must-listen for anyone serious about protecting their industrial environments.Chapters:00:00:00 - Kicking Off: Are You Truly Secure or Just Comfortable?00:01:15 - OT Security Reality Check: Do You Really Know Your Risks?00:01:45 - The Hidden Challenges Holding OT Security Back00:03:15 - Lack of Skilled Resources: The Biggest Barrier to Security00:05:30 - Security Frameworks: Are They Reaching the Plant Floor?00:06:15 - The Dangerous Myth of “Isolated” OT Systems00:07:58 - From Theory to Action: Winning Strategies for OT Security00:12:13 - Leadership’s Role in Cybersecurity: Who’s Driving the Change?00:19:55 - No More Blind Spots: Key Takeaways for a Secure FutureLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!