Cybersecurity Under Pressure. Real Attacks, Real Lessons

Shipping the Code That Security Rejected

Your vehicle's biggest security threat might be arriving with a perfectly valid digital signature and your company's own stamp of approval. In this episode, we break down why the shift to software-defined vehicles is currently failing at the release gate. We walk through the uncomfortable reality of SOP pressure and argue that current security assessments are often treated as advisory rather than hard controls. It is time to stop asking for attention and start controlling the release, because a "safe" binary that your organization doesn't actually understand is just a liability waiting to happen. Drop your take in the comments or share this episode with a colleague who is fighting against weak provenance and unrealistic deadlines right now. #AutomotiveCybersecurity #SDV #SupplyChainSecurity #CyberSecurity #AutomotiveSoftware

When a Patch Reopens the Safety Case

A simple security patch can fix a vulnerability and still become a total operational nightmare that brings an entire railway network to a standstill. In this episode, we break down the high-stakes collision between the new Cyber Resilience Act and the rigid, uncompromising world of railway safety certification. We walk through why architectural perfection is a myth for brownfield systems and how to use protocol-aware filtering to keep your network secure without triggering a massive, budget-breaking reassessment. We argue that the strongest cyber programs are not the ones with the fastest patch cycles, but the ones that know how to improve risk posture while keeping the trains moving. This conversation is about making security maintenance survivable in a sector where you simply cannot afford to touch the binary. Subscribe to the show and share this episode with anyone currently trying to navigate the impossible tension between rapid response and safety-critical stability. #RailCybersecurity #CyberResilienceAct #CriticalInfrastructure #OTSecurity

The Trap of the Trusted Engineering Session

Your VPN is lying to you about how safe your plant actually is. In this episode, we break down why relying on MFA and session monitoring is just giving you a front-row seat to your own incident. We walk through the reality of session hijacking in brownfield OT and argue why the network should never be the one deciding who gets to touch the control layer. This is about the high-stakes shift from letting the network decide your fate to putting the power back into the hands of the operators on the floor. It is the only way to withdraw digital authority before a trusted session becomes a physical catastrophe. Subscribe to the show and share this with someone who still thinks a secure tunnel is a silver bullet for industrial safety. #OTSecurity #Cybersecurity #CriticalInfrastructure #IndustrialAutomation

When VEX Becomes a Bureaucratic Shield

Your SBOM is probably useless, and it is time we talked about why. In this episode, we look past the hype of vulnerability scanning to the uncomfortable reality of the software-defined vehicle. We walk through how suppliers are using VEX as a bureaucratic shield to dodge patches and why your security program is likely just a mountain of expensive noise. We argue that if you are not prepared to challenge a supplier's claim with technical evidence, you are not doing security—you are just doing paperwork. This conversation is about moving from a flood of findings to actual, defensible risk management that protects the driver, not just the budget. Subscribe and share this with a security lead who is tired of chasing ghosts in their supply chain. #cybersecurity #automotive #supplychain #SBOM #VEX

Why FRMCS Cannot Trust the Mobile Carrier

Your 5G service level agreement is not a safety case, and confusing the two is a dangerous mistake for the future of rail. In this episode, we break down why FRMCS cannot depend on the goodwill of a mobile operator, regardless of how low the latency claims are. We explore the logic of EN 50159 and explain why the only way to build a truly resilient railway architecture is to assume the network is already hostile, degraded, or failing. Understanding this distinction is the difference between a system that works on paper and one that actually keeps passengers safe when the transport layer inevitably breaks. Subscribe to the show and share this episode with an engineer who needs a reality check on 5G. #FRMCS #RailCybersecurity #ETCS #CriticalCommunications #OTSecurity