In this episode, Craig and Dino address why manufacturers still suffer incidents after spending millions on OT security tools. They discuss how to convert those investments into measurable risk reduction.

You'll learn why buying tools isn't a strategy. Get insights into how to validate asset visibility on the floor (not just the network map), practical ways to reduce alert fatigue and assign ownership, how to close the OT incident response gap by connecting SOC to operators, the realities of flat Layer 2 networks and undocumented zones, how to handle technical debt at scale (EOL firmware, unpatched HMIs, safe upgrade paths), and why "everyone is responsible" often means no one is.

Expect candid discussion on alert fatigue, flat networks, and the human constraints driving today's gaps, plus a concrete checklist for building a coalition that actually works to protect production environments.

Chapters

00:00:00 – Why incidents still happen after major OT cyber spend

00:02:30 – Tools vs. outcomes: underusing capabilities and alert fatigue

00:05:50 – Who owns plant‑floor cyber? Why CISOs, CIOs, OEMs, and SIs talk past each other

00:08:10 – Define the use case before tuning sensors and policies

00:10:00 – OT IR is missing: operators are the first responders

00:11:20 – Network reality check: flat L2, VLAN gaps, and unmanaged switches

00:13:30 – Change management and patching in OT: risk, downtime, and technical debt

00:15:20 – Skills and staffing: the silver tsunami and "jack of all trades" constraints

00:18:00 – What outside partners can and cannot do in plants

00:21:00 – Visibility blind spots: validating coverage with floor‑level walkthroughs

00:24:00 – It won’t stick without a coalition: getting plant managers, engineering, OEMs, and SOC aligned

Links And Resources:

• Want to Sponsor an episode or be a Guest? Reach out here.
• Industrial Cybersecurity Insider on LinkedIn
• Cybersecurity & Digital Safety on LinkedIn
• BW Design Group Cybersecurity
• Dino Busalachi on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!