@BEERISAC: OT/ICS Security Podcast Playlist

Podcast: OT Security Made Simple [https://www.listennotes.com/podcasts/ot-security-made-simple-klaus-mochalski-vE6iLZ2VHfd/] Episode: Wer ist für die Cybersicherheit der Windparks verantwortlich? | OT Security Made Simple [https://www.listennotes.com/e/248ad623624b4aa7b78d307f7839521e/] Pub date: 2025-06-19 Get Podcast Transcript → [https://www.listen411.com/?audio_url=https://audio.listennotes.com/e/p/248ad623624b4aa7b78d307f7839521e/¬es=Wer ist für die Cybersicherheit der Windparks verantwortlich? | OT Security Made Simple] powered by Listen411 [https://www.listen411.com/] - fast audio-to-text and summarization [https://cdn-images-3.listennotes.com/podcasts/ot-security-made-simple-klaus-mochalski-8KiYyg12-wd-vE6iLZ2VHfd.300x300.jpg] Mohamed Harrou erklärt als OT-Sicherheitsingenieur beim Energieversorger Amprion den Mehrwert von OT-Sicherheit in Windparks und PV-Anlagen. Mit seinem 12 Jahren Erfahrung im Bereich erneuerbarer Energieanlagen liefert er praxisnahe Einblicke zu den technologischen und organisatorischen Herausforderungen moderner Windparks und gibt eine überraschende und eher beunruhigende Antwort auf die Frage nach den Verantwortlichkeiten.  The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Nexus: A Claroty Podcast [https://www.listennotes.com/podcasts/nexus-a-claroty-podcast-claroty-zCh-SjZqY3A/] (LS 32 · TOP 5% what is this? [https://www.listennotes.com/listen-score/]) Episode: Sarah Fluchs on the Cyber Resilience Act [https://www.listennotes.com/e/7040847e1abb446c89d5375e35b552a9/] Pub date: 2025-06-17 Get Podcast Transcript → [https://www.listen411.com/?audio_url=https://audio.listennotes.com/e/p/7040847e1abb446c89d5375e35b552a9/¬es=Sarah Fluchs on the Cyber Resilience Act] powered by Listen411 [https://www.listen411.com/] - fast audio-to-text and summarization [https://cdn-images-3.listennotes.com/podcasts/aperture-a-claroty-podcast-claroty-gfm6LNCx14s-zCh-SjZqY3A.300x300.jpg] Cybersecurity and technology expert Sarah Fluchs joins the 100th episode of the Nexus Podcast to discuss the EU's Cyber Resilience Act [https://fluchsfriction.medium.com/cyber-resilience-act-in-5-minutes-018f43f69508] and what it means for manufacturers of "products with digital elements" as they aim toward a 2027 compliance deadline.  Sarah provides her insight on the regulation's essential requirements, its focus on secure-by-design and overall cyber resilience of products, and the milestones manufacturers need to hit as their compliance efforts get under way.  Sarah also discusses her thought leadership and work in bringing cybersecurity to engineers, asset operators, and other non-security teams [https://fluchsfriction.medium.com/make-the-big-decisions-with-cyber-decision-diagrams-f950b6966542]. It's important, she says, to eliminate cybersecurity's innate complexity and bring these concepts to engineers and others on their terms.  Listen to the Nexus Podcast on your favorite podcast platform [https://nexusconnect.io/podcasts]. The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: The Industrial Security Podcast [https://www.listennotes.com/podcasts/the-industrial-security-podcast-pi-media-K5gXeFuzZ1S/] (LS 36 · TOP 3% what is this? [https://www.listennotes.com/listen-score/]) Episode: Credibility, not Likelihood [The Industrial Security Podcast] [https://www.listennotes.com/e/18f958b2c7e548e491defa108674b8bf/] Pub date: 2025-06-17 Get Podcast Transcript → [https://www.listen411.com/?audio_url=https://audio.listennotes.com/e/p/18f958b2c7e548e491defa108674b8bf/¬es=Credibility, not Likelihood [The Industrial Security Podcast]] powered by Listen411 [https://www.listen411.com/] - fast audio-to-text and summarization [https://cdn-images-3.listennotes.com/podcasts/the-industrial-security-podcast-pi-media-kqG5IRn71wK-K5gXeFuzZ1S.300x300.jpg] Safety defines cybersecurity - Kenneth Titlestad of Omny joins us to explore safety, risk, likelihood, credibility, and deterministic / unhackable cyber defenses - a lot of it in the context of Norwegian offshore platforms. The podcast and artwork embedded on this page are from PI Media, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Industrial Cybersecurity Insider [https://www.listennotes.com/podcasts/industrial-cybersecurity-insider-industrial-lkzZPU8EYci/] Episode: When CISOs Inherit the Plant Floor: What Happens Next? [https://www.listennotes.com/e/0cdefb1ff3ad42d5a0d70d9b4e542fe5/] Pub date: 2025-06-17 Get Podcast Transcript → [https://www.listen411.com/?audio_url=https://audio.listennotes.com/e/p/0cdefb1ff3ad42d5a0d70d9b4e542fe5/¬es=When CISOs Inherit the Plant Floor: What Happens Next?] powered by Listen411 [https://www.listen411.com/] - fast audio-to-text and summarization [https://cdn-images-3.listennotes.com/podcasts/industrial-cybersecurity-insider-velta-nPobcUYlNwM-lkzZPU8EYci.300x300.jpg] What happens when the CISO inherits responsibility for the security of the plant floor? Dino and Craig discuss a growing trend: CISOs are being expected to oversee cybersecurity for industrial plant floors. Unfortunately, they don't have the background to effectively take on this responsibility. A perpetuating trend exists where cybersecurity leaders are expected to protect factories and industrial assets without the authority, tools, or support to do so effectively. In this conversation, Dino and Craig explain why traditional IT security approaches don’t work in these environments, and how things like outdated equipment, disconnected systems, and outside vendors make the challenge even harder. From weak remote access tools to the confusion around who actually manages plant security, this episode shines a light on the hidden risks most companies overlook. Whether you're in IT, operations, or a leadership role, you’ll walk away with a better understanding of how to approach cybersecurity in complex industrial settings. You'll also gain insights into the steps you can take to protect your people, your technology, and your bottom line. Chapters: * 00:00:00 - Kicking Off: Smart Tool Choices Start Here * 00:01:02 - When CISOs Inherit the Factory Floor * 00:02:17 - Making Friends with OEMs and Integrators * 00:04:47 - Why OT Security Is a Whole Different Beast * 00:08:50 - Cyber Budgets: Where’s the Money Really Coming From? * 00:13:10 - How to Actually Roll Out Security in the Plant * 00:18:35 - VPNs Aren’t Enough: Fixing Remote Access * 00:24:42 - What OT Incident Response Really Looks Like * 00:27:17 - Wrapping It Up: Strategy, Buy-In, and What’s Next Links And Resources: * Industrial Cybersecurity Insider on LinkedIn [https://www.linkedin.com/company/industrial-cybersecurity-insider] * Cybersecurity & Digital Safety on LinkedIn [https://www.linkedin.com/groups/12450584/] * BW Design Group Cybersecurity [https://www.bwdesigngroup.com/sub-capability/cybersecurity] * Dino Busalachi on LinkedIn [https://www.linkedin.com/in/dinobusalachi/] * Craig Duckworth on LinkedIn [https://www.linkedin.com/in/craigaduckworth/] Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify [https://open.spotify.com/show/6y0fvWaYstCG604LYveckc], Apple Podcasts [https://podcasts.apple.com/us/podcast/industrial-cybersecurity-insider/id1713811546], and YouTube [https://www.youtube.com/@veltatechnology] to leave us a review! The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: PrOTect It All [https://www.listennotes.com/podcasts/protect-it-all-aaron-crow-nHYAjbOusmi/] (LS 26 · TOP 10% what is this? [https://www.listennotes.com/listen-score/]) Episode: Inside OT Penetration Testing: Red Teaming, Risks, and Real-World Lessons for Critical Infrastructure with Justin Searle [https://www.listennotes.com/e/2d3817b7cf9f4db299bef6dd5de108c6/] Pub date: 2025-06-16 Get Podcast Transcript → [https://www.listen411.com/?audio_url=https://audio.listennotes.com/e/p/2d3817b7cf9f4db299bef6dd5de108c6/¬es=Inside OT Penetration Testing: Red Teaming, Risks, and Real-World Lessons for Critical Infrastructure with Justin Searle] powered by Listen411 [https://www.listen411.com/] - fast audio-to-text and summarization [https://cdn-images-3.listennotes.com/podcasts/protect-it-all-aaron-crow-rc3G6uJYmNL-nHYAjbOusmi.300x300.jpg] In this episode, host Aaron Crow sits down with OT security expert Justin Searle, Director of ICS Security at InGuardians, for a deep dive into the ever-evolving world of OT and IT cybersecurity.  With over 25 years of experience, ranging from hands-on engineering and water treatment facilities to red-team penetration testing on critical infrastructures such as airports and power plants, Justin brings a wealth of insight and real-world anecdotes. This episode unpacks what it really takes to assess and secure operational technology environments. Whether you’re a C-suite executive, a seasoned cyber pro, or brand new to OT security, you’ll hear why network expertise, cross-team trust, and careful, collaborative engagement with engineers are so crucial when testing high-stakes environments. Aaron and Justin also discuss how the industry has matured, the importance of dedicated OT cybersecurity teams, and why practical, people-first approaches make all the difference, especially when lives, reliability, and national infrastructure are on the line. Get ready for actionable advice, hard-earned lessons from the field, and a candid look at both the progress and the ongoing challenges in protecting our most critical systems.   Key Moments:  05:55 Breaking Into Cybersecurity Without Classes 09:26 Production Environment Security Testing 13:28 Credential Evaluation and Light Probing 14:33 Firewall Misconfiguration Comedy 19:14 Dedicated OT Cybersecurity Professionals 20:50 "Prioritize Reliability Over Latest Features" 24:18 "IT-OT Convergence Challenges" 29:04 Patching Program and OT Security 32:08 Complexity of OT Environments 35:45 Dress-Code Trust in Industry 38:23 Legacy System Security Challenges 42:15 OT Cybersecurity for IT Professionals 43:40 "Building Rapport with Food" 47:59 Future OT Cyber Risks and Readiness 51:30 Skill Building for Tech Professionals   About the Guest :  Justin Searle is the Director of ICS Security at InGuardians, specializing in ICS security architecture design and penetration testing.  He led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played critical roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP).     Justin has taught hacking techniques, forensics, networking, and intrusion detection courses for multiple universities, corporations, and security conferences.  His current courses at SANS and Black Hat are among the world's most attended ICS cybersecurity courses.  Justin is currently a Senior Instructor for the SANS Institute and a faculty member at IANS. In addition to electric power industry conferences, he frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, HITBSecConf, Brucon, Shmoocon, Toorcon, Nullcon, Hardware.io, and AusCERT.     Justin leads prominent open-source projects, including The Control Thing Platform, Samurai Web Testing Framework (SamuraiWTF), and Samurai Security Testing Framework for Utilities (SamuraiSTFU).  He has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), Web Application Penetration Tester (GWAPT), and GIAC Industrial Control Security Professional (GICSP)   How to connect Justin:  https://www.controlthings.io [https://www.controlthings.io/] https://www.linkedin.com/in/meeas/ [https://www.linkedin.com/in/meeas/] Email: justin@controlthings.io Connect With Aaron Crow: * Website: www.corvosec.com [http://www.corvosec.com]  * LinkedIn: https://www.linkedin.com/in/aaronccrow [https://www.linkedin.com/in/aaronccrow]   Learn more about PrOTect IT All: * Email: info@protectitall.co  * Website: https://protectitall.co/ [https://protectitall.co/]  * X: https://twitter.com/protectitall [https://twitter.com/protectitall]  * YouTube: https://www.youtube.com/@PrOTectITAll [https://www.youtube.com/@PrOTectITAll]  * FaceBook:  https://facebook.com/protectitallpodcast [https://facebook.com/protectitallpodcast]    To be a guest or suggest a guest/episode, please email us at info@protectitall.co [info@protectitall.co]   Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 [https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124] Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4 [https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4] The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.