Cybersecurity Under Pressure. Real Attacks, Real Lessons

Exposed Paths in OT Networks

What if the biggest security risk to your industrial control systems isn't a malicious hacker, but rather a simple disconnect between when a work order closes and when network access is actually shut off? In this episode we break down the hidden dangers of insecure remote access conditions and explore why PAM is not failing in OT, but rather being asked to enforce a physical work state it cannot see. We walk through real-world examples of exposed engineering paths and unpatched VPNs, and discuss the consequences of a visibility gap between operations and network access. We argue that the problem lies not with the tools, but with the disconnection between different states that never converge. The reality is that this gap can have devastating consequences, from allowing attackers to gain access to sensitive systems to putting entire operations at risk. Subscribe to our podcast to learn more about the intersection of industrial control systems and cybersecurity, and to stay up to date on the latest threats and solutions. #OTSecurity #ZeroTrust #IndustrialCybersecurity

Shipping the Code That Security Rejected

Your vehicle's biggest security threat might be arriving with a perfectly valid digital signature and your company's own stamp of approval. In this episode, we break down why the shift to software-defined vehicles is currently failing at the release gate. We walk through the uncomfortable reality of SOP pressure and argue that current security assessments are often treated as advisory rather than hard controls. It is time to stop asking for attention and start controlling the release, because a "safe" binary that your organization doesn't actually understand is just a liability waiting to happen. Drop your take in the comments or share this episode with a colleague who is fighting against weak provenance and unrealistic deadlines right now. #AutomotiveCybersecurity #SDV #SupplyChainSecurity #CyberSecurity #AutomotiveSoftware

When a Patch Reopens the Safety Case

A simple security patch can fix a vulnerability and still become a total operational nightmare that brings an entire railway network to a standstill. In this episode, we break down the high-stakes collision between the new Cyber Resilience Act and the rigid, uncompromising world of railway safety certification. We walk through why architectural perfection is a myth for brownfield systems and how to use protocol-aware filtering to keep your network secure without triggering a massive, budget-breaking reassessment. We argue that the strongest cyber programs are not the ones with the fastest patch cycles, but the ones that know how to improve risk posture while keeping the trains moving. This conversation is about making security maintenance survivable in a sector where you simply cannot afford to touch the binary. Subscribe to the show and share this episode with anyone currently trying to navigate the impossible tension between rapid response and safety-critical stability. #RailCybersecurity #CyberResilienceAct #CriticalInfrastructure #OTSecurity

The Trap of the Trusted Engineering Session

Your VPN is lying to you about how safe your plant actually is. In this episode, we break down why relying on MFA and session monitoring is just giving you a front-row seat to your own incident. We walk through the reality of session hijacking in brownfield OT and argue why the network should never be the one deciding who gets to touch the control layer. This is about the high-stakes shift from letting the network decide your fate to putting the power back into the hands of the operators on the floor. It is the only way to withdraw digital authority before a trusted session becomes a physical catastrophe. Subscribe to the show and share this with someone who still thinks a secure tunnel is a silver bullet for industrial safety. #OTSecurity #Cybersecurity #CriticalInfrastructure #IndustrialAutomation

When VEX Becomes a Bureaucratic Shield

Your SBOM is probably useless, and it is time we talked about why. In this episode, we look past the hype of vulnerability scanning to the uncomfortable reality of the software-defined vehicle. We walk through how suppliers are using VEX as a bureaucratic shield to dodge patches and why your security program is likely just a mountain of expensive noise. We argue that if you are not prepared to challenge a supplier's claim with technical evidence, you are not doing security—you are just doing paperwork. This conversation is about moving from a flood of findings to actual, defensible risk management that protects the driver, not just the budget. Subscribe and share this with a security lead who is tired of chasing ghosts in their supply chain. #cybersecurity #automotive #supplychain #SBOM #VEX