The Trap of the Trusted Engineering Session

Ransomware Beyond Encryption

What if a single login credential was all a hacker needed to bring your entire production line to a grinding halt, without even touching your industrial control systems? In this episode we break down the grey zone where ransomware attacks on operational technology can have devastating consequences, and explore the often-overlooked vulnerabilities that can allow attackers to move undetected between IT and OT systems. We walk through real-world scenarios where a simple login can enable access to sensitive areas of your operation, and discuss the importance of understanding the trust, exposure, and consequence of your assets. The reality is that many organizations are unaware of the risks lurking in the spaces between their IT and OT systems, and the consequences of a breach can be catastrophic, resulting in lost production time, damaged equipment, and compromised safety. Subscribe to our podcast to stay ahead of the threats and learn how to protect your operation from these emerging risks. #IndustrialCyberSecurity #Ransomware #OperationalTechnology

Beyond Asset Coverage

Can a single overlooked device really bring down your entire network, and are you unwittingly leaving the door open to cyberattacks by focusing on the wrong security strategy? In this episode we break down the flaws in traditional network visibility programs and explore how microsegmentation can limit the damage of unseen assets. We walk through real-world examples of how IT dependencies and vendor access have led to devastating breaches, and discuss the importance of structuring conversations around asset risk and function. By the end of this episode, you'll understand why treating inventory as a containment strategy is a recipe for disaster, and how a different approach can save you from costly disruptions. Subscribe to our podcast for more insights on how to secure your network and stay one step ahead of emerging threats. #cybersecurity #networkvisibility #microsegmentation

When Containment Fails Recovery

What if your team contained a cyber incident, but the real damage was only just beginning? In this episode we break down the disconnect between IT and engineering timelines, and explore how the NIS2 directive is raising the bar for incident recovery and accountability. We walk through the implications of Articles 20, 21, and 34, and what they mean for management bodies and cybersecurity teams. We argue that a single incident command model is the key to true recovery. The ability to recover from a cyber incident quickly and effectively is no longer a nice-to-have, but a critical component of business continuity and risk management. Subscribe to our podcast for more insights on cybersecurity and operational risk, and join the conversation on how to stay ahead of emerging threats. #cybersecurity #NIS2 #incidentrecovery #operationalrisk #businesscontinuity

Exposed Paths in OT Networks

What if the biggest security risk to your industrial control systems isn't a malicious hacker, but rather a simple disconnect between when a work order closes and when network access is actually shut off? In this episode we break down the hidden dangers of insecure remote access conditions and explore why PAM is not failing in OT, but rather being asked to enforce a physical work state it cannot see. We walk through real-world examples of exposed engineering paths and unpatched VPNs, and discuss the consequences of a visibility gap between operations and network access. We argue that the problem lies not with the tools, but with the disconnection between different states that never converge. The reality is that this gap can have devastating consequences, from allowing attackers to gain access to sensitive systems to putting entire operations at risk. Subscribe to our podcast to learn more about the intersection of industrial control systems and cybersecurity, and to stay up to date on the latest threats and solutions. #OTSecurity #ZeroTrust #IndustrialCybersecurity

Shipping the Code That Security Rejected

Your vehicle's biggest security threat might be arriving with a perfectly valid digital signature and your company's own stamp of approval. In this episode, we break down why the shift to software-defined vehicles is currently failing at the release gate. We walk through the uncomfortable reality of SOP pressure and argue that current security assessments are often treated as advisory rather than hard controls. It is time to stop asking for attention and start controlling the release, because a "safe" binary that your organization doesn't actually understand is just a liability waiting to happen. Drop your take in the comments or share this episode with a colleague who is fighting against weak provenance and unrealistic deadlines right now. #AutomotiveCybersecurity #SDV #SupplyChainSecurity #CyberSecurity #AutomotiveSoftware