Podcast

Really Committing to Supply Chain Security | Episode #95

Supply chain security is bigger than one standard or one approach. Supply chain has fingers into remote access and cloud services and many other things beyond SBOMs and vendor questionnaires. Pedro Fernandes of Accenture joins us to look at the big picture and at what it takes to really commit to su

Cybersecurity investments, like safety investments, involve ROI calculations. But unlike safety, security ROI is not baked into engineering practice. Wally Magda - a senior standards and security instructor, advisor and former NERC CIP auditor joins us to look at today's ROI problems and what to do

Complex networks "drift" over time - maintaining an original security vision is hard. Robin Berthier, CEO and Co-Founder of Network Perception joins us to look at a new technology for understanding what's happening to our networks.

Forescout's recent Icefall report documents 56 new OT vulnerabilities, many in certified "secure" industrial equipment. Daniel Dos Santos, Head of Security Research, joins us to look at the vulnerabilities and at what they mean for industrial security.

The big picture of industrial security programs is why we do security, who does what, and to what standards or risk tolerances. Darren Conway of Capula joins us to look at documenting industrial security policies and programs, not just technology.

Moving target defence is increasingly used for remote access systems and other high risk connections between and into systems. Ian Schmertzler, President and Co-Founder of Dispel joins us to dig into the technology.

Many people ask "why can't we just encrypt all those industrial protocols?" It turns out it's harder than it looks. Andrew West of Subnet Solutions and the Technical Chair of the DNP User group looks at Secure DNP3 - take three.

Relationships, humour and a complete lack of creepiness - Laura Torres and Sarah Jennings of FoxGuard join us to look at the art of marketing industrial security solutions.

Building automation cybersecurity is starting to happen, but most buildings are way back of their industrial peers. Mirel Sehic, Cyber Practice GM for Honeywell Building Technology, joins us to look at security for building automation, smart cities, and the results of a recent survey re: state of th

Jens Wiesner of the German BSI joins us - new German critical infrastructure laws demand immediate reporting and certified state-of-the-art attack detection.

"Silent" cyber coverage has vanished in most insurance policies, and you can't get cyber insurance any more without cyber security. Georgina Williams, Senior Cyber Underwriter at Murich RE joins us to look at how insurers are digging deep into both engineering and security aspects of industrial cybe

A lot can go wrong - Enrique Martinez Technical Solutions Architect for OT Security at WWT joins us to look at common mistakes when deploying OT asset inventory, IDS and other visibility solutions - and how to avoid them.

Industrial security programs have to touch all the bases. Alexandru Suditu of the Enevo Group joins us to look at - not everything - just the tricky bits.

Demand for skilled industrial / OT security people has increased dramatically over the last couple of years. Join Meg Duba, Senior Technical Recruiter at Idaho National Labs for an update on the market.

Greg Hale - Editor and Founder of ISSSource and ICSStrive joins us to look at his new OT / industrial incident repository, and a new report using the data in the repository, analyzing industrial cyber incidents with physical consequences.

Standardization and consolidation increase the consequences of cyber attacks - these are unexpected insights from applying the CCE methodology. Jodi Jensen, President of Secure SCADA Solutions joins us to look the experience of using Consequence-Driven, Cyber-Informed Engineering.

The widely-used 62443-3-3 standard is being updated. One big change is making security levels risk-based. Join Alex Nicoll, co-chair of the ISA committee updating the standard, to look at what this means and how it will work.

Functional vs operational safety, profiles, deep connections to IEC 62443 and more. Tom Aubuchon, Principal Consultant at Ethosecure Consulting and Suzanne Lemieux, Director Operations Security and Emergency Response Policy at the American Petroleum Institute join us to look at API 1164 Rev 3 - a co

Which is better - security or compliance? Suzanne Black of Network + Security Technologies brings a new perspective to this old question and covers a lot of other ground in the latest NERC CIP standards.

Safety, insiders, external attacks, remote access, zero trust, and more. Serkan Yusuf at Applied Risk explores a new report based on a survey of over 1000 industrial security practitioners.

Podcast

Really Committing to Supply Chain Security | Episode #95

ROI Mistakes for Cybersecurity Investments | Episode #94

Set and Forget – is not cyber resiliency | Episode #93

56 OT Vulnerabilities – do they matter? | Episode #92

Why and Who – Not Just How | Episode #91

Moving Target Defence | Episode #90

DNP3 Crypto – Harder Than It Looks | Episode #89

Relationships, Not Creepiness – Marketing Industrial Security | Episode #88

Like industrial security a decade ago | Episode #87

Legislation demands state of the art | Episode #86

OT Cyber insurance is changing fast | Episode #85

Common mistakes in OT visibility deployments | Episode #84

Just the Tricky Bits | Episode #83

Exploding Demand | Episode #82

Industrial cyber attacks, consequences & trends | Episode #81

Standardization and other risks – experience using CCE | Episode #80

Risk-based Security Levels – updating ISA/IEC 62443-3-3 | Episode #79

Complete Rewrite – API 1164 Rev 3 | Episode #78

Security vs Compliance & other NERC CIP insights | Episode #77

Architecting Next Gen OT Security | Episode #76

HEADQUARTERS

USA

United Arab Emirates

FRANCE

SINGAPORE

AUSTRALIA

FOLLOW US

RESOURCES