PrOTect It All

In this episode, Aaron is joined by Paul Shaver, an experienced OT security consultant from Mandiant, part of Google Cloud. Together, they navigate the nuanced landscape of operational technology (OT) cybersecurity.   The episode begins with Aaron recalling a critical incident at a power plant that underscores the potential pitfalls in OT environments. This sets the stage for a rich discussion on the evolution of OT technology, with Aaron and Paul reminiscing about primary domain controllers and early NT workstations.   The conversation shifts to the future of OT in the cloud, where Paul highlights the benefits of cloud solutions, including enhanced resiliency, security, and data optimization through AI. A compelling customer case study illustrates modern technology adoption with web-based HMIs and Chromeboxes.   Paul offers a detailed analysis of the current OT cybersecurity landscape, addressing the persistent legacy system challenges and the need for a cohesive IT-OT security strategy. He discusses the evolving threat landscape influenced by global geopolitical tensions and the rise of zero-day vulnerabilities.   Listeners will gain practical insights into foundational cybersecurity measures, such as network segmentation, asset inventory management, and robust access control..   Key Moments:    04:14 Connecting IT and OT optimizes processes securely. 09:54 Lost production severely impacts manufacturing revenue recovery. 14:06 Ensure network notifications; control access, separate credentials. 17:10 Engineers need secure access to adjust parameters. 21:55 Endpoint detection on older systems is critical. 28:47 Resilience is crucial in CrowdStrike incident response effectiveness. 32:11 Limited resources for global incident response efforts.= 39:22 Rebuilt domain controller caused authentication issues. 42:37 Focus on resiliency and cloud opportunities, leveraging multi-cloud. 44:59 Improve grid operations using cloud and hyper-converged technology. 48:38 Local cloud provides redundancy for remote sites. 51:15 Critical for acquisition process and problem-solving.   About the guest :  Paul Shaver has dedicated more than two decades to various roles in Operational Technology (OT), primarily within the oil and gas industry. His expertise spans OT architecture, design, and build, along with run and maintaining responsibilities as an asset owner.  Before transitioning into cybersecurity, Paul served as a Technology Director for an oil and gas company in California. Driven by a burgeoning interest in security, he joined Mandiant nearly five years ago. At Mandiant, now part of Google, Paul relishes the mission of enhancing security postures in OT and critical infrastructure, contributing to significant advancements in the field. How to connect Paul: https://www.linkedin.com/in/pbshaver/ Connect With Aaron Crow:

In this episode, host Aaron Crow addresses the pressing issue of cybersecurity for small and medium-sized businesses. With their limited budgets and resources, these enterprises are often prime cyberattack targets. Aaron explains why these businesses are particularly vulnerable, the potentially devastating impacts of a cyber incident, and practical measures they can adopt to strengthen their cybersecurity without incurring significant costs. Listeners will uncover insights on establishing basic cybersecurity policies, the critical importance of monitoring, and strategies for preparing for potential breaches.  This episode is filled with valuable tips that could ensure the survival and success of your business amid today's escalating cyber threats. Key Moments;  00:00 Cybersecurity challenges and solutions for small businesses. 03:24 Startups are vulnerable due to inadequate cybersecurity measures. 06:30 Use secure passwords, educate employees, and use tools. 11:26 Segregate networks to protect sensitive data. 14:46 Effective monitoring requires time, effort, and setup. 16:10 DNS filtering blocks malicious sites, prevents attacks. 20:29 Plan proactively to manage events before crises.   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co

In this episode, host Aaron Crow is joined by Clint Bodungen, Director of Cybersecurity Innovation at Morgan Franklin Cyber and founder of Threatgen, alongside Michael Welch, Managing Director at Morgan Franklin Cyber. Together, they delve into the ever-evolving world of cybersecurity in honor of Cybersecurity Awareness Month. Aaron kicks things off by discussing the importance of iterative processes and tabletop exercises in enhancing decision-making and preparedness. The conversation then shifts to the exciting yet complex role of AI in cybersecurity, particularly in operational technology (OT) and critical infrastructure. The experts emphasize the potential of generative AI for data analysis while underscoring the need for human oversight to avoid biases and misinformation. Clint introduces an “engineering informed cyber” approach to better integrate OT and IT in managing cybersecurity risks, while Aaron stresses the importance of collaboration between cybersecurity professionals and engineers. The episode also tackles balancing convenience and security, the intricacies of password management, and the critical role of communication and trust. Listeners will gain valuable insights into AI’s role in enhancing security operations, the consequences of system failures, and the debate between compliance and true security. This episode offers expert opinions, real-world examples, and practical advice for navigating today’s cybersecurity challenges. Join us for a comprehensive discussion on protecting our digital world.   Key Moments:    04:20 Generative AI aids efficient GRC and cybersecurity management. 08:40 AI lacks context for verifying asset information. 11:38 Generative AI creating and automating malware tools. 15:58 Building data centers using decommissioned power plants. 17:14 Regulation growing in infrastructure for compliance security. 22:09 Compliance is binary; partial compliance isn't sufficient. 24:33 Prioritize "engineering informed cyber" for OT resilience. 28:14 Collaboration between IT and OT is essential. 33:54 Frustration with excessive video game security measures. 34:49 Cybersecurity fails due to over-engineering complexity. 40:49 Make security easy with password managers, authenticators. 42:31 AI improves tabletop exercises for comprehensive insights. 45:31 Generative AI augments human capabilities and creativity. 48:08 Automated injects streamline engagement and business continuity. 53:46 Executives misunderstand risk, leading to false security. 54:29 Strong IT security, but vulnerable weak points. About the Guests :    Clint Bodungen:    Clint Bodungen is a globally recognized cybersecurity professional and thought leader with 30 years of experience (focusing primarily on industrial cybersecurity, red teaming, and risk assessment). He is the author of two best-selling books, "Hacking Exposed: Industrial Control Systems" and “ChatGPT for Cybersecurity...

In Episode 29, host Aaron Crow is joined by cybersecurity expert Jori VanAntwerp to delve into Power Grid Security and Redundancy. This episode explores the segmented design of the US power grid, addressing the challenges and necessary upgrades to mitigate cyber vulnerabilities. Jori highlights security monitoring gaps, the impact of hardware updates, and the cost implications of modernizing infrastructure. The discussion also emphasizes the importance of asset inventory and collaborative efforts between IT and OT professionals. Real-world incidents, such as unexplained power plant reboots, illustrate the critical role of operator awareness and system maintenance. The potential of AI in cybersecurity, alongside the need for a collaborative, learning-focused approach, is also discussed. Tune in to gain expert insights on balancing modernization, cost, and operational efficiency to ensure the stability and security of our power infrastructure. Join us for a packed episode to learn how to "Protect It All." Key Moments:    05:30 Restoring power grids involves complex, staged processes. 11:01 Centralizing data improves efficiency, introduces vulnerabilities. 17:47 Network segmentation essential for security, mitigates risks. 26:12 Cybersecurity tools revealed crucial system issues. 32:15 Understanding systems fully prevents unintended negative impacts. 36:31 Understand OT environment before implementing IT solutions. 41:24 Equip must survive extreme heat, unlike typical data centers. 54:28 Strict access control in nuclear power plant. 57:48 Assess likely risks for protecting plant operations. 01:00:59 Rushed training weakens foundational cybersecurity skills.   About the guest :  For nearly two decades, Jori has enabled industrial and IT organizations to be successful in reducing risk, increasing compliance, and their overall security efforts. Jori has the ability to quickly evaluate situations and determine innovative solutions and possible pitfalls due to his diverse background in security, technology, partnering and client-facing experience. Approaching situations with intuitive insight and methodology, leveraging his deep understanding of business and technology, ranging from silicon to the cloud. He had the pleasure of working with such great companies as Gravwell, Dragos, CrowdStrike, FireEye, McAfee, and is now Founder and Chief Executive Officer at EmberOT, a cybersecurity startup focused on making security a reality. How to connect Jori :  Website : https://emberot.com/ Linkedin : https://www.linkedin.com/in/jvanantwerp/   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn:

This episode delves into the world of cybersecurity with the esteemed guest, Ken Foster. With over 30 years of experience and a career that began in the Navy, Ken has comprehensive expertise in managing firewalls and antivirus systems and addressing today’s complex cybersecurity challenges. This episode, hosted by Aaron Crow, explores the evolving cybersecurity industry, emphasizing the crucial roles of mentorship and networking. Ken and Aaron discuss the strategic importance of aligning security with business goals, the impact of leadership training and honest feedback on developing better leaders, and the necessity of balancing technical skills with effective communication. Ken shares his insights on the dangers of over-relying on AI, the essential need for disaster preparedness and business continuity, and the importance of continuously evaluating business investments to avoid unnecessary expenses. The episode highlights the value of informal networks and mentorship in overcoming industry challenges and fostering personal growth. Listeners will gain practical strategies and invaluable lessons to navigate the ever-changing cybersecurity landscape while ensuring their personal and professional development.   Key Moments:    06:59 Translate tech leadership into business risk communication. 11:51 Integrating expertise, technical skills, and communication effectively. 18:13 No disaster recovery plan; business disrupted by flood. 25:36 Building relationships and listening are crucial successes. 31:39 Simplify explanations for effective cross-team communication. 33:53 Realized technical focus limited career growth. 42:12 Networking is crucial for finding senior roles. 44:06 Produced content led to advisory board roles. 50:06 Who supports post-handover? Security can't do it alone. 57:44 Translate work into clear business value requirements. 01:04:11 Ensure clarity and continuity for cybersecurity's future. About the guest :  Ken Foster is a cybersecurity leader with over 25 years of experience in risk management, global team development, and IT infrastructure. As Head of Global Architecture at Adient, Ken oversees global teams to align technical initiatives with business goals, driving innovation while managing risks. His career includes key roles at Fleetcor and Fiserv, where he built large-scale cybersecurity programs and led risk governance and cloud security efforts. With a strong focus on client trust and board-level advisory, Ken brings deep expertise in navigating regulatory landscapes and developing risk-based, business-aligned strategies. Connect Ken Foster : https://www.linkedin.com/in/kennethfoster/   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn:

In this episode, host Aaron Crow takes a deep dive into the essential aspects of cyber hygiene.  As part of the Cybersecurity Awareness Month spotlight, Aaron discusses actionable steps to enhance your digital safety, whether at home or work. This episode covers everything from the significance of strong, unique passwords and multifactor authentication to keeping your software updated and recognizing phishing attacks.  Aaron also provides expert advice on securing home networks and introduces useful tools like password managers and antivirus software. Designed for both cybersecurity novices and seasoned professionals, this episode is a must-listen for anyone looking to improve their cyber hygiene.  Tune in to arm yourself and your family with the knowledge needed to stay safe in the digital age.   Key Moments:  06:06 Secure email with strong, unique password, multifactor authentication. 07:10 Multifactor: Password plus physical authentication like YubiKey. 10:42 Always update devices, avoid phishing attacks. 16:14 Use VPNs and password managers for Wi-Fi security. 19:00 Securely share credentials without sending clear text. 20:56 Regularly backup devices to prevent data loss. 25:18 Practice cyber hygiene and educate your family.   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co

In this episode, Aaron Crow engages in an insightful conversation with Dennis Maldonado, Director of Technology for Harris, Fort Bend ESD 100. The discussion emphasizes the importance of resiliency in technology environments and how strategic planning can safeguard against unforeseen disasters without necessitating a complete technological overhaul. From his extensive experience, Dennis shares how effective communication and collaboration were critical during events like Hurricane Harvey. He also provides his perspective on future trends and concerns in cybersecurity, including the rise of ransomware and nation-state attacks targeting critical infrastructure. The episode illuminates the significance of networking, with Aaron and Dennis underscoring its value in career advancement and sharing personal stories to illustrate how being well-known and trusted can open doors to unexpected opportunities.  Additionally, Dennis discusses the zero trust model and the intricate balance between maintaining cybersecurity and ensuring system availability in critical infrastructure.Listeners will gain practical insights into building resilient tech environments through real-world examples and expert advice.  The episode is a treasure trove of learnings on keeping organizations secure, responsive, and prepared for any eventuality. Join as "Protect It All" dives deep into building resilient tech environments with Dennis Maldonado's invaluable lessons.   Key Moments:  09:15 Networking is crucial for success in cybersecurity. 13:46 Volunteer firefighter boosted dispatch center through IT. 18:52 Transfers emergency calls to fire and EMS. 22:06 Quick response with information saves lives effectively. 26:22 Implemented lessons for resilient project development. 42:14 Sharing lessons learned from threat modeling experiences. 48:04 Zero trust model effectively mitigates cybersecurity incidents. 57:32 Public safety adapts by reverting to manual methods. 01:02:51 Cybersecurity's mainstream rise sparks widespread interest.   About the guest :  Dennis serves as Director of Technology for Harris Fort Bend ESD 100 (WESTCOM) managing and maintaining the technology needs of 911 call taking and emergency dispatch services for multiple public safety agencies. With over 15 years of experience in information technology and over 12 years in cybersecurity enterprise environments and consulting, Dennis’s experience includes cyber resilience, network penetration testing, full-scope red team engagements, adversarial simulation, and physical security assessments. Dennis presented at multiple security industry conferences including DEF CON, InfoSec SouthWest, BSides conferences, Houston Security Conference, Houston OWASP, SANS HackFest, and several local meetups and organizations around the United States. As an active leader in the Houston cyber security community, Dennis is responsible for founding two cyber security meetups in the Houston area: Houston Locksport, founded in 2014 and Houston Area Hackers An...

Welcome to Episode 25 of the Protect It All podcast, titled "Funding OT Cybersecurity: Priority Setting and Practical Approaches." In this episode, host Aaron Crow tackles the pressing issue of securing Operational Technology (OT) systems in critical sectors like energy, manufacturing, and transportation. Although often overshadowed by IT security, the increasing number of OT system attacks makes it clear that underfunding is no longer an option. Aaron explores the unique challenges of OT cybersecurity, such as legacy thinking and budget constraints. He offers strategies to align cybersecurity with business goals, prioritize investments effectively, and implement risk-based funding approaches. The episode emphasizes the importance of understanding asset inventories and making incremental improvements to strengthen security. Listeners will also learn how to bridge the communication gap between OT teams and business executives and translate technical risks into business impacts. With real-world examples and actionable insights, this episode is essential for anyone tasked with protecting OT environments. Tune in to gain valuable knowledge and start effectively prioritizing and funding your OT cybersecurity initiatives. Key Moments :    00:10 Cybersecurity requires comprehensive, risk-aware approach beyond basic safety. 05:18 Understanding OT risks is crucial for prioritization. 09:11 We do business at the speed of trust. 12:13 Communicate cybersecurity's financial impact to business leaders. 13:58 Cost-benefit analysis of asset inventory in OT. 18:15 Establish security basics before advanced AI implementation. 23:21 Easier board conversations amid constant news events. Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at

In this episode of Protect It All, host Aaron Crow is joined by Christopher Stein from Royal Caribbean Group to delve into the fascinating evolution of maritime technology. This discussion explores the dramatic journey ships have taken from their analog origins to becoming digitally advanced behemoths of the seas, emphasizing the critical importance of safety and redundancy. Listeners will understand how automation has revolutionized ship operations, allowing for reduced crew workload and increased efficiency. The episode also highlights the intricate management behind running a fleet of 68 ships, each functioning as an autonomous mobile city with numerous interconnected systems. Christopher Stein provides an insider’s perspective on the maritime industry's latest cybersecurity challenges and compliance requirements. He discusses the careful processes of ensuring all onboard systems run smoothly and safely, from cybersecurity assessments to integrating digital sensors and control mechanisms. This episode offers a deep dive into the complexities of maritime operations, emphasizing the behind-the-scenes efforts that keep voyages safe and efficient.  Through engaging storytelling and expert insights, Protect It All takes listeners on a journey through the melding of technology and tradition in the maritime world. Tune in to discover how these advancements are shaping the future of safe sea travel! Key Moments:  00:10 OT systems require constant uptime; no outage windows. 05:06 OT and IT convergence misunderstood; safety risk emphasized. 08:18 Testing must ensure safety, operational integrity, and collaboration. 10:25 Cybersecurity must integrate with overall system design. 14:21 No pool, casino, water slides, roller coasters. 17:29 Systems affect availability, reliability, safety, and billing. 21:24 Managing vast logistics for seamless vacation experiences. 25:14 Royal Caribbean's efficient logistics and management impress. 27:28 Family surprised internet works during power outage. 33:26 Apollo 13 movie: interconnected digital procedures, limited power. 36:20 All systems have manual control for safety. 37:55 Operator rounds involved manual inspection of equipment. 41:27 Early immigrants faced harsh, uncertain voyages to America. 45:32 Technology makes formerly unattainable achievements accessible today. 49:08 Internet outage impacts due to maritime dependency. About the guest :  Christopher Stein is a proficient maritime systems specialist who ensures the operational safety of onboard systems. Recognizing the potential dangers of propulsion loss, Christopher meticulously coordinates maintenance tasks while vessels are docked. He emphasizes precise timing and a clear understanding of assessment objectives to execute system tests and shutdowns safely. His expertise ensures voyages proceed without inci...

In this insightful episode of Protect It All, titled "Why Cybersecurity Matters: Protecting Our Food Supply from Digital Threats with Kristin Demoranville," host Aaron Crow and guest Kristin Demoranville tackle the critical yet often overlooked role of cybersecurity in the food and agriculture industry. Kristin stresses the need to shift from reactive to proactive cybersecurity measures to protect our complex food supply chains and ensure resilience. The discussion covers real-world cyber incidents like the ransomware attack on JBS meat company, emphasizing the human factors, financial misconceptions, and the necessity for robust incident response and business continuity plans. Listeners will also learn about the dangers of excessive reliance on technology and automation, the significance of water conservation, and the importance of integrating OT security in data centers. Through professional insights and personal anecdotes, Kristin highlights the crucial need for community support within the OT landscape. This episode offers a comprehensive look at the cultural and societal implications of cyber threats to our food supply, making it essential listening for anyone interested in the safety and security of the food industry. Key Moments:    00:10 Training and spreading awareness about operational technology. 10:21 Agriculture lacks attention; needs OT cybersecurity focus. 15:26 Security professionals foresee major food safety risk. 18:04 Supply chain issues during COVID highlight concerns. Regenerative farming and feeding the population. 24:04 ICS OT industry united in game proposal. 27:35 Designing systems must consider cyber risk implications. 34:11 Cybersecurity often an afterthought in many companies. 41:47 Respectful, supportive, and geeky cyber community advocate. 42:58 Texan upbringing shaped love for celebratory food. 51:10 Concern over CrowdStrike blaming and finger pointing. 57:16 Operator scans RFID tags from break room. 59:24 Resisting a wasteful task, leading to change. About the guest :    Kristin Demoranville is the visionary founder and CEO of AnzenSage, a cybersecurity firm specializing in the food and agricultural industry.  She also leads as the CEO and co-founder of AnzenOT, a groundbreaking SaaS OT Cybersecurity Risk Intelligence solution.  With 26 years in the tech industry, Kristin seamlessly blends cybersecurity with food protection culture, always emphasizing the vital role of people and processes.  Her extensive background—ranging from collaborating with Fortune 500 companies and various manufacturing sectors to studying gorilla behavior as part of her Environmental Management degree—gives her a unique and well-rounded perspective on cybersecurity and critical infrastructure.  A published expert and in-demand speaker, Kristin is known for bridging the worlds of food protection and cybersecurity.  She’s also the host of the Bites & Bytes Podcast, where she drives meaningful conversations between professionals across food, cybersecurity, and technology.   Anzensage Website :

In this episode of Protect It All, titled "Tackling Tech Troubles: Inside the DFW Airport Cyber Incident and Wider Industry Challenges with Evan Morgan," host Aaron Crow explore the complexities of widespread tech issues, focusing on a recent cybersecurity incident at DFW Airport that affected over 1,000 machines. Guest Evan Morgan, founder of Cyber Defense Army, discusses the challenges of resolving such large-scale incidents and the importance of standardization and AI in cybersecurity.   Evan shares his journey from an Air Force aircraft mechanic to a cybersecurity expert, highlighting the benefits and challenges of running a small consultancy versus a large firm. The episode also covers recent cybersecurity incidents involving CrowdStrike and Microsoft 365, emphasizing the need for preventive measures and trust in business and technology.    Practical tips for everyday cybersecurity and insights into industry-wide challenges make this episode a valuable resource for listeners across all sectors.   Key Moments:  00:10 Entrepreneurship brings freedom and awesome transformations. 03:54 Recent tech outages are gaining mainstream media attention. 07:52 Adapting existing tech for enhanced security measures. 10:48 Over-the-air car updates are complex and uncertain. 14:01 DFW airport machines, recovery time, and problem. 18:39 How do we improve efficiency and learning? 21:26 Customers validate goods, test, streamline, feedback. 25:10 Cyber enables business growth and protection. 28:52 Cyberattack halted gas sales, risking pipeline operations. 32:55 Challenges in the multi-faceted role, regulatory changes. 35:35 Commonalities in cybersecurity, despite differences in industry. 39:33 Robotics and AI revolutionize future human roles. 40:42 AI would bring trust, speed, and efficiency. 44:38 Defense technology, both funny and scary. 47:59 Distance tech carries risk, needs personal vigilance.   About the guest :    Evan Morgan is the Founder of Cyber Defense Army, a cybersecurity consultancy and services firm that incorporates geopolitical risk in their cybersecurity practices.  He is a service-disabled Veteran of the United States Air Force and served in the post-9/11 campaigns, as well as remote tours to the Republic of Korea.  He holds a Master's degree in Information Systems (Computer Security Management specialization) and a Master of Business Administration (Information Systems Management specialization), both with honors from Strayer University. Post his military service, he has led cybersecurity functions for Fortune 100 organizations, was a global leader for a worldwide consultancy, and has been honored with multiple cybersecurity awards for his efforts in protecting the organization he was a part of previously.   Connect with Evan via LinkedIn:  https://www.linkedin.com/in/evanmorgan/ Cyber Defense Ar...

In Episode 21 of "Protect It All," titled "Cybersecurity in Critical Industries: Lessons from Medical Devices to Automotive," host Aaron Crow is joined by experts David Leichner and Shlomi Ashkenazy to explore the multifaceted world of cybersecurity across various critical industries.    The conversation starts with Shlomi sharing a transformative personal experience in London, emphasizing the importance of pursuing one's passions. David follows with a moment of realization about the critical nature of cybersecurity during an eye surgery, underscoring the necessity of protecting people through robust cyber measures.   The episode delves deep into how cybersecurity practices are implemented in medical devices, automotive, and industrial manufacturing sectors. David, Shlomi, and Aaron discuss generative AI and its dual potential to enable and defend against cyber threats, drawing parallels to cyber weapons like Stuxnet. The importance of secure design, continuous monitoring, and compliance with ever-evolving regulations are highlighted, particularly in upgrading legacy systems in critical infrastructure.   With comprehensive insights into integrating IT and OT cybersecurity measures, the episode provides a compelling call to action for increased awareness and collaborative efforts to bolster defenses. Aaron also extends an invitation for engagement through conferences like Black Hat and Defcon, where practical solutions and innovative strategies are showcased.   Tune in to gain a deeper understanding of the critical intersection of cybersecurity in various industries and learn valuable lessons from the experts on safeguarding our digital and physical world.   Key Moments:    00:10 Security threats have expanded to 15-year-olds. 08:35 Privacy breaches occur through overlooked device vulnerabilities. 12:14 Power utility leading in cybersecurity due to regulation. 17:06 Smaller companies need to prioritize cybersecurity measures. 26:42 Security strategy requires adapting to different environments. 28:30 FDA emphasizes cybersecurity importance at the H-ISAC conference. 37:43 MIT study simulates cyber attack, uses AI. 40:24 AI can eliminate manual product development processes. 46:16 Cybersecurity brings unknown threats: deterrence or powerful AI. 50:26 Black start plants generate and transmit power. 59:00 Soft skills are crucial for effective communication and trust. 01:00:09 Sent demos to heroes, got a minimal response. 01:06:47 Promoting face-to-face meetings and events globally. 01:10:19 Agreement on conclusion of project. About the Guests :    David Leichner   David has over 25 years of marketing and sales executive management experience garnered from leading tech companies including Cynet, Information Builders, Magic Software, Gilat Satellite Networks, BluePhoenix Solutions, and SQream. At Cybellum, a provider of integrated cybersecurity solutions for leading device manufacturers,...

In this episode of "Protect It All," hosts Aaron Crow and Neal Conlon discuss the upcoming Lone Star Cyber Shootout. Set to take place on September 6, 2024, at the prestigious Staccato Ranch in Florence, TX, this episode highlights the unique blend of cybersecurity expertise and personal development that participants can anticipate.   Neal and Aaron share their captivating professional journeys and discuss how their diverse backgrounds converge at the crossroads of trust, cybersecurity, and personal growth. They recount their own experiences, noting the importance of trust in both personal and professional spheres. Moreover, the hosts vividly describe what attendees can anticipate from the Lone Star Cyber Shootout, detailing the state-of-the-art facilities, value-driven activities, and the exciting networking opportunities that await.   Listeners will discover the exceptional nature of Staccato Ranch, its veteran-focused initiatives, and how the event is structured to provide unparalleled insights and hands-on experiences in both cyber and physical security. Neal and Aaron underscore the importance of such events in fostering community connections and highlight the three pillars of an amazing event—epic location, outstanding content, and a strong community.   Join Aaron and Neal as they gear up for a day full of learning, camaraderie, and growth at the Lone Star Cyber Shootout, one of the cybersecurity world's most innovative and dynamic events. Secure your spot and prepare for an experience that promises to be as enlightening as it is adventurous! Key Moments:  03:49 Diverse career in real estate and sales. 09:47 Public impact from events necessitates political unity. 12:07 New cybersecurity event bridges cyber and physical. 16:14 Transformational event in cybersecurity and technology consolidation. 17:32 Event fosters trusted partnerships in evolving cybersecurity. 22:46 Improving daily, manufacturing and professional development topics. 25:18 "Amazing content, valuable relationships, and community." 27:02 Cyber events filling up quickly, next in 2025. To register, click  https://corvosec.com/lonestar-cyber-shootout/ To sponsor the event, check out https://corvosec.com/lone-star-cyber-shootout-sponsorships/ or email sponsors@corvosec.com. For further details, contact Aaron at aaron@corvosec.com or Neal at neal@corvosec.com.

In Episode 19 of "Protect It All," titled "Lessons from CrowdStrike: Managing Risks in IT and OT Environments," Host Aaron Crow gets into the recent CrowdStrike Falcon platform incident that caused widespread system crashes and blue screens of death on Windows machines. Drawing from his extensive IT and OT experience, Aaron explains that the issue stemmed from a routine update error, not a cybersecurity attack. He explores why it had such a significant impact on major entities like airlines and airports.   Aaron highlights the critical differences between IT and OT risk management, emphasizing the importance of automated updates, real-time threat detection, and thorough update testing. He discusses the need for comprehensive risk assessment and the implementation of cyberinformed engineering practices to prevent similar issues in the future.   Listeners will gain key insights into balancing cybersecurity measures with system reliability and availability and actionable recommendations for strengthening their IT and OT environments. Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co  

In this episode, host Aaron Crow dives into critical infrastructure and industrial control systems with special guests Matthew Miller and James Warne. Together, they introduce ResetCon—an upcoming conference to close the gap between technical research and practical applications in cybersecurity. Our listeners get an exclusive discount for attending ResetCon this year! Visit https://rstcon.org/2024/ and use the code PrOTect to receive a 10% discount on your tickets.   The discussion highlights the importance of including cybersecurity in infrastructure design, tackling supply chain attacks, and fostering collaboration among industry experts. With the call for papers closing soon, listeners are encouraged to submit abstracts and join this revolutionary initiative. Episode 18 promises valuable insights into the intersection of IT, OT, and critical infrastructure cybersecurity. It emphasizes the need for more skilled professionals and community-driven solutions.  Don’t miss this chance to learn, get inspired, and prepare for ResetCon!   Key Moments:    03:32 ResetCon aims to deliver cutting-edge tech talks. 08:47 Debating cause, but the outcome is unchanged. 11:49 Conference seeks to address critical infrastructure issues. 16:06 ICS Village presence at key cybersecurity events vital. 18:34 Sharing industry knowledge and protecting brand integrity. 20:51 Colin O'Flynn presents cutting-edge hardware innovations. 26:05 Diverse audiences at the ponderous conference. 28:34 Understanding same team, goals, critical infrastructure, not experts. 30:37 Submitted on 3rd, some issues, resubmitted 6th. 35:52 High-tech talks, networking, and exploring Savannah. 38:39 Discussing boat transportation as part of long-term goal. 40:38 Collaboration can lead to innovative infrastructure solutions. 44:10 Discussing relevance of Wi-Fi and security measures.   About the guests :    James Warne   Jay's work in research has affirmed his commitment to technology, security, and computation. His time on and leading high-performing teams codified his desire to enable and support his scientists and engineers. Jay constantly seeks ways to contribute to his field; one may find him testing his theories, reading and sharing papers, problem-solving with industry, arming investors with technical knowledge, coordinating RSTCON, developing instructive/ research presentations, mentoring new industry hopefuls, advising the Cornell Cyber Club, or outdoors.   Matthew Miller   Matthew spent eight years in the United States Navy and Special Operations as a CNO Operator. After the military, he shifted his career toward security research and software engineering. Recently, Matthew co-founded ResetCon to address growing cybersecurity concerns in...

Welcome back to *Protect It All*! In Episode 17, host Aaron Crow is joined by Andrew Ginter, VP of Industrial Security at Waterfall Security Solutions, to dive deep into secure remote access for Operational Technology (OT) systems. They explore the cutting-edge HERA (Hardware Enforced Remote Access) technology, which offers a revolutionary approach to remote control via TPM hardware, unidirectional gateways, and stringent encryption protocols.  This episode covers everything from the critical need for robust security in high-stakes environments like wind farms and manufacturing to the dangers of supply chain vulnerabilities to the broader implications for industries dependent on remote operations. Ginter sheds light on the limitations of software-based solutions and the strategic advantages of hardware-enforced security, while also discussing his book "Engineering Great OT Security" and the latest initiatives in cyber-informed engineering.  Tune in to learn how organizations can remain competitive, reduce costs, and stay secure in an increasingly interconnected industrial world. This enlightening discussion could change the way you think about remote access!   Key Moments:    05:53 Spectrum of consequence in remote access explained. 07:55 Security flaws in remote access systems. 10:23 Remote access is often overlooked by many. 15:11 Supply chain vulnerability due to cloud connectivity. 17:33 Hardware-enforced remote access, HERA, fills the security spectrum. 20:52 Custom ASIC with 1M transistors for encryption. 25:55 Ways to exploit network security vulnerabilities discussed. 26:35 Exploiting technology to send unauthorized messages. 32:50 Benefits of centralizing engineering teams in businesses. 34:18 Competing in the international market with unique services. 39:31 Understanding the implications before implementing technology is crucial. 40:30 Uncertainty about large number, risk opportunity tap. 43:50 Firewall controls data flow and is potentially misconfigurable.   About the guest :    At Waterfall Security, Andrew leads a team of experts working with the world's most secure industrial sites. He is the author of three books on industrial security, co-author of the IIoT SF and the UITP Guide to CyberSecurity in Tendering, and co-host of the Industrial Security Podcast. Links: https://waterfall-security.com/ot-insights-center/ot-cybersecurity-insights-center/hardware-enforced-remote-access-hera-under-the-hood/ LinkedIn: https://www.linkedin.com/in/andrewginter/ Email Andrew: andrew.ginter@waterfall-security.com    Connect With Aaron Crow:

In this episode, host Aaron Crow delves into IT OT convergence, a crucial yet often misunderstood topic. Listeners will gain insights into the distinct differences between IT and OT, the challenges of integrating these fields, and the reasons behind the historical mistrust between IT and OT teams. Aaron discusses how technology might be similar, but the roles and impacts are starkly different—with IT focusing on corporate environments and OT handling mission-critical operations like power plants and manufacturing lines. He also shares real-world stories and strategies for building trust and fostering collaboration between these often siloed teams. Tune in to learn how to overcome these hurdles to create a more secure and efficient organization. Whether you're an IT professional or an OT specialist, this episode offers valuable perspectives on navigating the complexities of IT OT convergence. Key Moments:  00:10 Technology similarities, lack of understanding, a trust issue. 03:49 Corporate distrust causes technology outages and inefficiency. 07:21 Building trust and collaboration for buy-in. 11:20 Different games, but similar athletic requirements. 15:38 Team successful in providing technical support in Texas. 17:09 Connect with us at Black Hat, DEF CON.   Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co

In this episode, Aaron Crow and special guest Joseph Perry dive deeply into the evolving landscape of cybersecurity. The episode explores the integration of commercial off-the-shelf systems into OT environments, highlighting how this transition brings similar security challenges from the IT sector into play. Throughout their discussion, Aaron and Joseph tackle the complex vulnerabilities, the resistance to adopting new technologies, and the critical necessity of tailored security measures. They also examine the pervasive buzzwords like "AI" in modern cybersecurity products. Listeners will gain insights into the growing regulatory scrutiny from the SEC, the heightened responsibility of Chief Security Officers, and the anticipated evolution of cybersecurity professions into more rigorous, skilled trades. The conversation further touches on the chaotic state of threat intelligence, the impact of technological advancements such as AI on cyber-attacks, and the increasing industrialization of fraud. From understanding the hype cycles of AI to the practical challenges of explaining complex security solutions to non-technical stakeholders, this episode is packed with valuable information. Aaron and Joseph also discuss the importance of learning from past IT mistakes when adopting new technologies and the unique challenges of protecting both cutting-edge and legacy systems within OT environments. As they address topics like social engineering attacks, ransomware, and the use of AI tools in cybersecurity, listeners will come away better equipped to navigate the intricate cybersecurity landscape. Tune in for a comprehensive exploration of these critical issues. Key Moments:  05:36 Library catalog conversion led to career in cybersecurity. 15:02 AI useful in cybersecurity for structured data. 18:07 Questions remain about AI, and human intervention need. 25:39 Advanced fraud detection surpasses current AI capabilities. 28:37 AI contributes significantly to medicine, finance, and cybersecurity. 34:57 Powerful means test and audience testing revolutionized fraud. 37:58 Attacks getting shorter, focused on initial access. 47:52 Focus shifts to CPE, vulnerability, and attack. 48:53 Russian threat actors reassert, causing chaos. No rules. 54:43 IT challenges in dealing with construction clients. 59:56 Evolution of cyber security concerns and measures.   About the guest :  Joseph Perry is a seasoned cybersecurity expert currently leading incident response, threat intelligence, and purple teaming at MorganFranklin Cyber. With a background spanning the US Navy and the National Security Agency, Perry has built a robust expertise in emerging technology and cybersecurity. He specializes in critical infrastructure protection, threat intelligence, and the adoption of new technologies. Perry is a prominent figure in the cybersecurity community, contributing his insights at major conferences like Black Hat and Defcon. He focuses on the practical applications of AI in cybersecurity, fraud detection, and the evolving threat landscape. Committed to advancing the field, Perry emphasizes continuous learning and domain expertise to help organizations combat cyber threat...

In this episode, our host, Aaron Crow, explores the intriguing world of OT cybersecurity products.   This episode explores the key differences between IT and OT, the challenges faced in OT environments, and how some IT products can actually be adapted for OT use.   Aaron explains why availability and safety take precedence in OT settings, from power plants to manufacturing lines, and how traditional IT cybersecurity measures need to be tailored for these unique environments. He also discusses the importance of understanding protocols, implementing multi-layered defenses, and leveraging advancements in cybersecurity tools.   Tune in as we unravel the distinct intricacies of protecting our critical infrastructures and discover how IT and OT worlds continue to converge. Key Moments:    00:10 Adapting IT products for OT cybersecurity challenges. 06:33 IT products integrating OT capabilities, impacting uptime. 10:33 Windows XP boxes in production pose risk. 14:00 Access device remotely to avoid travel time. 17:45 Complex network setup required for risk reduction. 20:06 Multiple vendors complicate technology and support solutions. 24:14 Plan for OT challenges by engaging IT. 26:21 OT and IT overlap, and industry devices evolve.   Connect With Aaron Crow:   Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow   Learn more about PrOTect IT All:   Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast    To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Welcome to Episode 13 of Protect It All! This episode features Philip Huff, a professor at UA Little Rock and a cybersecurity expert. He explores the promise of AI in education, especially for robotics and automation, while cautioning against the erosion of educational rigor. Philip and host Aaron Crow discuss the importance of hands-on learning and real-world experience in aligning educational standards with industry needs. They delve into the role of industry partnerships, the necessity of embedding cybersecurity education at the community college level, and the growing skills gap in technology due to retiring experts. The conversation also covers the advantages of competency-based education and flexible training programs in enhancing social mobility. Throughout, they stress the critical role of human involvement in AI and cybersecurity and the need for innovative, resilient systems. Tune in for an engaging discussion on the future of education and workforce development in the tech and cybersecurity sectors.   Key Moments:  00:10 Early career challenges prepare for real-world demands. 04:35 Degree's purpose is knowledge and skill acquisition. 08:17 Promoting cyber-informed engineering principles in community colleges. 11:32 Small private school in Texas prioritizes practical engineering. 14:48 Trade skills in high demand, apprenticeships offered. 17:33 Community colleges offer efficient curriculum changes for workforce. 23:12 Team's success attributed to aligning schedules with peers. 26:57 Company and employee benefit from long-term commitment. 28:46 Aligning learning outcomes with career competencies is crucial. 31:44 Retooling professionals for new careers and skills. 36:13 Value education based on future job prospects. 37:35 Integration of AI in education needs balancing. 42:52 Transforming education to align with real learning. 46:28 Transforming classroom for positive shared learning experiences. 49:57 Unused industrial equipment turned into educational tools. 52:10 Learn troubleshooting, not just following instructions. 56:07 Excitement and fear about accessible AI advancements. 59:12 Developing cyber engineering education standards at Idaho National Labs. About the guest :  Philip Huff is an Associate Professor of Cybersecurity at the University of Arkansas in Little Rock and serves as the Director of Cybersecurity Research in the Emerging Analytics Center. Dr. Huff is also chief scientist and co-founder of Bastazo, a company specializing in cybersecurity solutions for industrial technology. He leads the National Cyber Teaching Academy, the Department of Energy’s Emerging Threat Information Sharing and Analysis Center, and the Cybersecurity Consortium for Innovation which all focus on driving work-force development and innovation for cybersecurity in the region. He is also a CISSP. How to connect with Philip: