The Lock & Key Lounge — An ArmorText Original Podcast

Podcast#26: Blackstarts and Blindspots

54 min · 8. apr. 2026
episode Podcast#26: Blackstarts and Blindspots cover

Beskrivelse

How AI can turn air gaps into security gaps for ICS/SCADA For decades, critical infrastructure companies have relied on organizational silos—air gaps between IT and operational technology—to ensure that enterprise disruptions do not cascade into the physical systems that keep the lights on. But those silos have been largely successful due to biology and physics: the scale of coordination and depth of expertise required to overwhelm them has been beyond human capability. That changed when we built something capable of assembling expert skill sets instantaneously. Patrick Miller, CEO of Ampyx Cyber, recovering regulator, and one of the most recognized voices in OT cybersecurity, joins Matt Calligan to confront the question that most organizations have not seriously answered: what does resilience look like when both IT and OT systems are simultaneously degraded or unavailable—and the assumption that you can "go back to manual" turns out to be a pipe dream?

Kommentarer

0

Vær den første til at kommentere

Tilmeld dig nu og bliv en del af The Lock & Key Lounge — An ArmorText Original Podcast-fællesskabet!

Kom i gang

1 måned kun 9 kr.

Derefter 99 kr. / måned · Opsig når som helst.

  • Podcasts kun på Podimo
  • 20 lydbogstimer pr. måned
  • Gratis podcasts

Alle episoder

32 episoder

episode Podcast #32 - Vendor Cooties cover

Podcast #32 - Vendor Cooties

Should We Rethink the Practitioner/Vendor Relationship in Cybersecurity? There is a deeply ingrained, culturally accepted reflex in cybersecurity: Keep vendor sales and marketing people at arm's length during any serious evaluation or decision. Matt Calligan calls it "vendor cooties," and in this episode he argues the assumptions underneath it have not been true for a long time—and that they are actively costing practitioners. Before the internet, vendors held a genuine information advantage, and that asymmetry created real incentives to mislead. So the community built a wall. But buyers have become more educated now, AI has made comparative analysis table stakes, and the people working inside these companies have had to become genuine category experts just to get a meeting. Gianna Whitver, co-founder and CEO of the Cybersecurity Marketing Society, and Charles Gold, a four-time cybersecurity CMO, join Matt to examine where the stigma came from, what practitioners leave on the table by keeping vendors out of the room, where AI as the "objective consultant" falls short, and what a healthier vendor-practitioner relationship actually looks like.

1. juli 202653 min
episode Podcast #31 All Tools, No People: Cybersecurity Is Missing The Boring Human Investment cover

Podcast #31 All Tools, No People: Cybersecurity Is Missing The Boring Human Investment

OT security spending is at an all-time high, yet all these tools do is fill the “do we have X product” hole if the organization isn't investing in a human-driven aggregation layer to curate and make decisions based on the telemetry and data pouring out of them. Danielle Jablanski has examined this problem from a rare intersection of vantage points: as a strategist working with asset owners at Nozomi Networks, as a leader of OT strategy inside CISA's Office of the Technical Director, and now as the OT cybersecurity consulting program lead at STV, an infrastructure-focused firm building security in from the start rather than bolting it on. She joins Matt Calligan to explain why treating cybersecurity as a technology problem instead of a people problem is dangerous in environments where the stakes couldn’t be higher - where failure doesn’t just interrupt data or access, it stops water, electricity, and the systems society runs on.

17. juni 202655 min
episode Podcast #30 Faster Than Human cover

Podcast #30 Faster Than Human

Anthropic's Project Glasswing used a restricted AI model to surface over ten thousand high-severity vulnerabilities across more than a thousand open-source projects. The 2026 Verizon DBIR tells us vulnerability exploitation just became the number one initial access vector for breaches—up 55% in a single year. Only 26% of critical vulnerabilities were fully remediated last year, down from 38% the year before. Median time to resolution: 43 days, up from 32. That was the pre-Glasswing baseline—before AI-scale discovery even entered the equation. Tim Chase, Program Director at MFG-ISAC, and Brian Geffert, VP of Cyber Defense at 3M and former Global CISO at KPMG International, join Matt Calligan to confront what this means for an industry that has heavy OT interconnection, no regulatory floor equivalent to NERC CIP, and a security culture that has outsourced too much to tools that are now becoming the attack surface themselves.

4. juni 202643 min
episode Podcast #29 The Structures That Hold cover

Podcast #29 The Structures That Hold

Building Governance that Holds Because the Mission Demands It—Not Because Anyone Required It We have spent years in this industry talking about who belongs in the room—the board table, the executive suite, the security leadership track. What we have talked about far less is what it actually takes to get there, and whether the commitments organizations have made to broadening who leads are holding when the environment makes it easier to let them quietly lapse. Jameeka Green Aaron has operated at both levels simultaneously: as the CISO responsible for making security governance work inside a global digital health company serving millions of members, and as a board member whose job was to ask the harder questions about whether the organization was doing what it said it would. In this conversation with Navroop Mitter—recorded just one day after her move to Emerson Collective—Jameeka traces the arc from the South Side of Stockton to Black Hat MEA in Saudi Arabia, names the structural conditions that have kept the pipeline too thin for too long, and explains what it actually took to build AI governance at Headspace that held because people's wellbeing demanded it—not because regulation required it.

20. maj 202650 min
episode Podcast #28 196 Countries, One CISO cover

Podcast #28 196 Countries, One CISO

Most security leaders spend their careers building programs in the private sector—strong compensation, clear organizational lines, and at least some degree of control over the stakeholder map. Occasionally, someone makes a different call. Bjørn Watne left senior CISO roles at Telenor and Storebrand—two of Scandinavia's most recognized institutions—to take on one of the most complex security mandates on the planet: Global CISO of INTERPOL, the international law enforcement organization supporting 196 member nations in the fight against transnational crime. In this conversation with Navroop Mitter, Bjørn explores what that decision looked like up close—the mission that drew him in, the trade-offs he accepted, and what you learn about security leadership when your stakeholder map includes sovereign governments that may not always see eye to eye, some of whom are actively sanctioning each other.

6. maj 202633 min