Derek Harp hosts Virginia "Ginger" Wright, a program manager at Idaho National Laboratory, known for her pioneering work in cybersecurity for critical infrastructure. Ginger shares the history and importance of Cyber Informed Engineering (CIE) and how this engineering philosophy integrates safety protocols directly into the design of industrial systems, making them resilient against cyber threats. They discuss the origins of CIE in nuclear energy safety, the unique assets of Idaho National Laboratory, and the vital role engineers play in safeguarding critical infrastructure. Ginger also dives into practical resources like the Cyber Informed Engineering Implementation Guide, sharing how organizations and educators can adopt this methodology. Join us for insights into CIE’s impact on the future of OT and ICS cybersecurity.

In this episode, host Derek Harp sits down with Bryson Bort and Tom Van Norman, co-founders of ICS Village and creators of Hack the Capitol. They discuss the origins and evolution of Hack the Capitol, now in its seventh year, and the conference’s unique focus on bridging cybersecurity professionals with policy makers and industry leaders. They dive into the value of hands-on learning, the launch of Workforce Development Day, and the ongoing need for practical cybersecurity education and career opportunities for all. Bryson and Tom also highlight the significance of candor in the field and what attendees can look forward to at future conferences. Tune in for insights into the world of OT and ICS cybersecurity, hands-on training, and the importance of building community partnerships.

In this episode, the conversation centers on the critical role of operational technology (OT) security and the unique contributions of the S4 Conference. Dale Peterson shares his journey and insights into the challenges of underrepresentation in cybersecurity, especially for women and other groups, and highlights innovative scholarship initiatives aimed at bridging this gap. The discussion also delves into the evolving landscape of AI in cybersecurity, addressing both its potential and the complexities it brings. Listeners will gain valuable perspectives on managing cybersecurity risks, prioritizing investments, and developing effective recovery strategies in OT environments. As we look forward to S4 2025 in Tampa, Florida, this episode offers a glimpse into the future of cybersecurity and the importance of resilience in our systems

Today, we are thrilled to welcome Roya Gordon as our guest. Roya is an executive industry consultant specializing in operational technology, cybersecurity, and Hexagon. She is a military veteran, an accomplished technologist, and a prolific speaker in our industry. Her creativity knows no bounds, encompassing her passion for the arts and her love of opera and symphonies. She is also an avid traveler and a super fun person to have around.Roya brings a unique and engaging perspective to our discussion today. She shares her journey from a pre-law magnet program to becoming a skilled speaker in the Navy, highlighting the value of communication skills for conveying technical information to audiences and sharing the challenges and opportunities veterans face when breaking into the cybersecurity industry.Stay tuned as Roya shares her invaluable insights and experiences, offering guidance for veterans aspiring to enter the cybersecurity field. You will not want to miss the wisdom and stories Roya shares with us today.Show highlights:Roya shares her background as an army brat.Roya discusses her six-year experience in the Navy.How Roya gradually realized she was involved in technology through her Navy intelligence workRoya talks about her studies in international relations and national security after leaving the Navy and how she pivoted to studying cyber-warfareRoya landed a job as a security researcher at Idaho National Laboratory (INL) despite lacking an IT background.Roya talks about the foundational training she received in OT cybersecurity at INL. How advanced tools often get underutilized due to a lack of trained personnel   Roya highlights the value of certifications. How non-technical roles like journalism and event planning can offer entryways into the cybersecurity space.Links and resources:(CS)²AI Derek Harp on LinkedInHexagonRoya Gordon on LinkedIn

We are thrilled to have Max Aulakh, the Founder and CEO of Ignyte Assurance Platform, joining us today. Max is a military veteran and motorcycle enthusiast who enjoys doing voluntary work. He is a prolific contributor to the cybersecurity community, always willing to be of service to others. When Max was three, his father applied for American citizenship at the US Embassy in India. It was an extremely long process, and after losing all hope, he and his family finally migrated to Oklahoma a decade later. Join us to learn how Max transitioned from the military to founding the successful Ignyte Assurance Platform. He also shares his views on regulations, discusses how AI has impacted the security field, and offers prudent and practical advice for anyone interested in pursuing a cybersecurity career. Stay tuned for today’s candid and fascinating interview with Max Aulakh, the Founder and CEO of Ignyte.Show highlights:How Max’s military experience led to his career in securityMax’s Air Force mentor encouraged voluntary service.How working with the Department of Treasury, scrubbing hard drives, led to Max’s interest in security.Max explains how his military experience instilled a service mindset beneficial for security roles.While in service, he attended the American Military University due to its flexible programs for deployed personnel.The challenges he faced transitioning from a services company to a product-based companyMax shares how he launched Ignyte in 2019/2020How Max assists companies with the Cybersecurity Maturity Model, particularly in thedefense sector.Why standardization and testing are essential in operational technologyMax shares his views on the potential of AILinks and resources:(CS)²AI Derek Harp on LinkedInIgnyte Assurance PlatformMax Aulakh on LinkedIn

We are delighted to have Mike Holcomb joining us on the show today.Mike is both a fellow and a cybersecurity director, and he currently serves as the ICS OT Cybersecurity Global Lead at Fluor, a massive multinational engineering and construction firm with over 40,000 employees. He has participated in many major building projects, and we are excited to learn from his extensive experience today. Stay tuned as Mike shares his insights and expertise.Show Highlights:Mike discusses the two years he spent in China building bowling alleysMike talks about his time teaching and consulting at a training company in San DiegoHow Mike had the opportunity to double his salary and work with the Navy SEALs during 9/11Mike discusses his experience working in IT securityMike explains that Fluor has built some of the largest control system environments in the world Mike discusses challenges in the energy sectorHow regulations impact cybersecurity in various industriesWhy cybersecurity regulations are essential within critical infrastructureMike discusses the challenge of aligning IT and OT cybersecurity teams Links and resources:(CS)²AI Derek Harp on LinkedInBridewellMichael Holcomb on LinkedInFluor

We are delighted to have Chase Richardson, the VP of Consulting at Bridewell, back on the show today. Bridewell boasts a rich history in industrials, offering comprehensive cybersecurity services across the entire cybersecurity spectrum, including operating technology. Recently, Bridewell came up with an insightful report on cybersecurity within the US critical infrastructure. In this episode, Chase dives into the current state of cybersecurity regulations in critical infrastructure and shares the details and origin of the upcoming Bridewell report, which falls squarely within the interest of CSAI. Tune in to learn more about this exciting project.Show highlights:How the attacks experienced by CISOs and cyber managers have decreased despite an increase in risk sentiment The challenges small and mid-sized airports face when implementing regulations due to their limited cybersecurity budgetsHow cybersecurity regulations in the US differ from those in the UKWhat is the link between IT and OT security?Why it is essential to implement a hybrid of IT and OT security measures to protect critical infrastructureWhy organizations need to comply with relevant cybersecurity standards and regulationsChase shares key findings and insights from Bridewell's upcoming cybersecurity report for critical infrastructure.Links and resources:(CS)²AI Derek Harp on LinkedInBridewellChase Richardson on LinkedIn

We are delighted to have Chase Richardson, Head of US Operations for Bridewell, and Martin Riley, Director of Managed Services for Bridewell, joining us today!We are changing things slightly for this episode, with Martin and Chase diving into how to integrate OT systems into your sim rather than presenting our regular biographical format. Their focus today is predominantly on the increasingly relevant topic of managing data across diverse platforms, particularly in OT applications. Join us as we explore this integration and unravel the challenges it presents.Show highlights:The evolution of cybersecurity technologyHow the industry struggles with integrating IoT and OT data into security simsWhy integrating separate systems into one platform is crucial for security teams How security and operational technology leadership teams convergeWhy hybrid teams are essential for managing cybersecurity risksThe importance of asset visibility and understanding the architecture for effectively implementing security solutions How AI and machine learning can help to reduce noise in security operationsWhy threat intelligence is essential for business risk and control validationThe importance of threat intelligence in the cybersecurity industryLinks and resources:(CS)²AI Chase Richardson on LinkedInMartin Riley on LinkedInBridewellDerek Harp on LinkedIn

We are thrilled to welcome Juan Carlos Buenano as our distinguished guest for today’s episode of the CS2AI podcast! Carlos is the Chief Technology Officer for OT at Armis. He is a born technologist and an engineer by training. Beyond his professional endeavors, he embraces a life filled with adventure, enjoying many outdoor activities, including scuba diving, mountain biking, and exploring the scenic expanses of unspoiled nature. Carlos was born in Venezuela and grew up in a small town outside Caracas. After graduating as an electronic engineer in Venezuela, he traveled to Australia to learn English, fell in love with the country, the lifestyle, and the nature, and has lived there for the last 23 years.Carlos brings a unique perspective to today’s show, shaped by his professional and personal experiences. Join us for an engaging discussion as he shares his wealth of experiences and insights and explains how he serves his community.Show Highlights:Carlos shares his journey to becoming an engineer in the energy industryHow his interest in control systems beganCarlos recounts his early cybersecurity experiences in industrial systems during the early 2000sThe importance of keeping operating systems up to date to prevent vulnerabilities and ensure reliabilityWhy it is essential to understand how technology works in both physical security and cybersecurityCarlos discusses the challenges of integrating cybersecurity into process control systemsCarlos offers advice for engineers who want to get into cybersecurityThe importance of mentorship and learning from others in their industryCarlos discusses the weekly open mic Ask Me Anything sessions he does at workLinks and resources:(CS)²AI Derek Harp on LinkedInCarlos Buenano on LinkedInArmis

We are delighted to have Ken Munro joining us from the UK today! Ken is a Partner and Co-founder of Pen Test Partners. He is a seasoned technologist, the founder of multiple ventures, a pilot, a skier, and a dynamic and adventurous contributor to our community. Ken brings a wealth of experience and expertise that promises to enrich our understanding of the evolving landscape in cybersecurity. In today's discussion, we dive into his remarkable career journey and explore his perspective on OT and ICS-related cybersecurity.Join us for this informative session with Ken as he shares his valuable perspectives.Show Highlights:Ken discusses his cybersecurity industry journeyHow Ken’s past Air Force experience relates to his current work in cybersecurityThe benefits of telling a story when communicating complex conceptsKen shares a story to highlight the importance of safety and security within the aviation industryKen talks about the unique systems on board planes and their vulnerabilitiesHow the isolated protocols used in older aircraft systems are more robust and stable than the modern systemsHow even simple display systems can cause airport outagesKen shares his concerns about cybersecurity risks within cloud management platforms for industrial control systemsHow including contractual language for liability in procurement contracts can protect organizations against cybersecurity risksKen shares his thoughts on the future of the cybersecurity industryLinks and resources:(CS)²AI Derek Harp on LinkedInKen Munro on LinkedInPen TestPartners

We are excited to bring you another captivating industry leader interview today.  In this episode, we interview Michelle Balderson, the Principal Security Architect at Issquared. Michelle is a seasoned professional. In addition to having extensive experience as an established contributor and leader within the industry, she is a technologist, devoted mother, wife, chef, and a true jack of all trades. Beyond her contributions to the industry, Michelle finds joy in the great outdoors, whether she is conquering hiking trails, setting up camp, or enjoying four-by-four adventures. In our discussion today, Michelle talks about her personal and professional journey, sharing insights she gained along the way and shedding light on the path that brought her to where she is in her current role as a security specialist.Join us as we dive into the rich reservoir of wisdom and experience that Michelle brings to the table.Show Highlights:How moving around a lot while growing up allowed Michelle to develop an excellent rapport with othersMichelle describes her first experience with technologyMichelle shares her experience of working at Fortinet and SonicWALLWork opportunities within the OT security spaceWhy a more holistic approach to security is neededThe importance of changing the culture within businesses to bridge the gap between different domains How empathy and active listening can drive business successMichelle discusses her role at IssquaredMichelle shares the advice she would give to her younger selfLinks and resources:(CS)²AI Derek Harp on LinkedInMichelle Balderson on LinkedInISSQUARED Inc.

Today, we are bringing you a fresh, new format called the Author Spotlight, where we focus on the authors within our community. We are delighted to launch the Author Spotlight by shining our light on Andrew Ginter, the VP of Industrial Security at Waterfall Security Solutions. Andrew has been a steadfast CS2AI supporter since its inception, dedicating considerable time to CS2AI initiatives, and Waterfall is one of our oldest sponsors. We are grateful to Andrew for generously sharing his insights and all the invaluable contributions he and his company, Waterfall, have made. Andrew's offerings include editing, reading, and committing much of his time to community projects.  Join us today as we explore Andrew's wealth of wisdom and experience.Show HighlightsAndrew reflects on his writing process and discusses his new book, The Golden Black Book.Andrew talks about a new approach of combining cybersecurity and engineering to manage risk.How Andrew structured his book for a mixed audience of engineers and managersThe importance of using mathematical modeling when making cybersecurity decisions rather than relying on intuition or guessworkAndrew highlights the lack of cybersecurity expertise within industrial settings.How complex risks have created the need for a multi-faceted approach to cybersecurityAndrew emphasizes the importance of security by design within product development.Why it’s essential to understand the broader definition of vulnerability Andrew discusses the challenges of writing a book on industrial cybersecurity Links and resources:(CS)²AI Derek Harp on LinkedInAndrew Ginter on LinkedInWaterfallSecurity

We are thrilled to have another exceptional guest on the show today!Ron Fabela is the Field Chief Technology Officer at Xona. He is a multifaceted individual who has been a stalwart contributor to the industry for many years. His impressive resume includes being an Industrial Security champion, a military veteran, and a technologist. Beyond his professional achievements, Ron is also a founder, a father, a husband, an astronomy expert interested in anything space-related, and, believe it or not, a goat herder. Ron has had a wealth of experiences, making him an all-around fascinating guest. Get ready for a long-overdue and truly insightful discussion with Ron Fabela!Show highlights:How Ron’s interest in technology beganRon discusses his career in the military and talks about his cybersecurity trainingRon offers advice for young people The benefits of working for large organizations, doing internships, and doing volunteer workHow Ron progressed in his cybersecurity careerWhy no opportunity for exposure to systems and networks should ever get squanderedHow Ron’s military experience shaped his approach to workRon shares insights on the challenges of consultingThe importance of having hobbies and passions outside of workRon talks about his role as a Field CTOHow the control systems cybersecurity industry has evolvedWhy it is essential to persevere with projects, even when facing challenges or the progress is slow Links and resources:(CS)²AI Derek Harp on LinkedInRon Fabela on LinkedInXona

We are delighted to have Bill Lawrence, the Chief Delivery Officer at Itegriti Corporation, joining us on the podcast today! For those unfamiliar with Bill, he is a well-rounded and multifaceted individual. He is a technologist, artist, and a loving father and husband, in addition to being a talented singer, Navy veteran, and pilot.Bill is known in the industry for his many achievements. In today’s conversation, we unveil the various layers of his experiences and perspectives, and he shares insights into the unique facets that have defined his professional and personal journey. Stay tuned as we delve into the steps and milestones that have shaped Bill’s dynamic career!Show highlights:How Bill started programming in the fourth or fifth gradeHow a movie inspire him to join the militaryBill shares some of his exciting fighter pilot experiences Bill’s Naval Academy experiences included computer science studies and exposure to cybersecurityBill reflects on teaching cybersecurity at the Naval Academy How he transitioned in his career after quitting the Naval Academy Bill discusses his time spent as a project manager at NERCHow Grid X evolved and grewCybersecurity and compliance within the energy industryThe importance of reading books and applying them to life to make a positive impactWhy Bill finds quantum computing and AI exciting prospects Links and resources:(CS)²AI Derek Harp on LinkedInBill Lawrence on LinkedInItegritiCorporationBooks mentioned:The Ideal Team Player by Patrick Lencioni How to Be Perfect by Michael Perry

We are delighted to have another remarkable guest joining us on the podcast today!  Dr. Jesus Molina, the Director of Industrial IoT at Waterfall Security Solutions, is a seasoned cybersecurity practitioner and well-known OT cybersecurity thought leader. He is a technologist and inventor driven by an insatiable curiosity. In addition to being a copious reader and an electrical engineer with a Master's degree and a Ph.D. in the field, Dr. Molina is a dedicated researcher, a sailor, an intrepid traveler, a compelling public speaker, and an ardent educator. Dr. Molina’s passion for cybersecurity, particularly in the context of IoT and OT, is evident in everything he does. Join us today as we delve into the insights and experiences of this accomplished cybersecurity expert.Show highlights:Dr. Molina talks about his early life experiencesHow his interest in cybersecurity beganDr. Molina explains how he created a virus that infected every computer in his high schoolDr. Molina shares his experience of pursuing a Master's degree in the US after studying in SpainA valuable lesson learned about remaining cautious and protecting a group or organization after a security breachCybersecurity challenges and solutions in various industriesHow Dr. Molina discovered he could control every room in a hotel by exploiting a wireless network vulnerabilityDr. Molina shares a cautionary story about the importance of watching what you say around journalistsHow curiosity drives creativityDr. Molina discusses his views on the futureLinks and resources:(CS)²AI Derek Harp on LinkedInDr. Jesus Molina on LinkedInWaterfall Security Solutions

We are delighted to welcome Rob Dyson as our special guest for the 100th episode of the CS2AI podcast!  Rob is the Global OT Security Services Leader for IBM. Beyond his corporate role, he is a military veteran, a tech enthusiast, a devoted father and husband, a proud grandfather, and an avid scuba diver. His extensive experience overseeing key service areas within an industry giant like IBM makes Rob an exceptional guest for this milestone podcast. He joins us today to share his insights on control systems, operating technology, and cybersecurity practices.Rob truly brings a wealth of knowledge and clarity to today’s discussion. Stay tuned for more!Show highlights:How Rob’s interest in technology influenced his desire to explore new things and push boundariesThe challenges of setting up a business continuity plan in a remote locationHow security measures have evolved from the early days of network security to modern-day cybersecurityThe importance of understanding the network for OT securityHow software developers can bring valuable skills to cybersecurity after mastering the fundamentals of networkingRob shares his insights on entrepreneurship in the cybersecurity spaceHow Rob got offered a job with IBM in 2012 after a quick and unexpected interview process  Rob explains how he transitioned to full-time OT security work in 2016 Why is there a need for a different mindset and cultural understanding within the OT cybersecurity industry? Rob offers advice for people who have recently begun their career journeysLinks and resources:(CS)²AI Derek Harp on LinkedInRob Dyson on LinkedInIBM

We are delighted to have Gary Kessler joining us as our special guest for today's episode of the CS2AI podcast show! Gary is a multifaceted individual with a diverse array of interests. He has been involved in many different projects over time and has worn various hats under the umbrella of his company, Gary Kessler Associates. His impressive literary contributions include over 75 articles and three books, establishing him as a prolific authority on cybersecurity. He started his journey as a computer programmer and continues to embrace that today. He is a former EMT firefighter, a passionate outdoorsman, an avid cyclist, and an accomplished master scuba diver trainer. He also is a boat captain, a retired college professor, and a dedicated husband and father. Stay tuned for Gary’s interesting backstory and fascinating insights on maritime cybersecurity!Show highlights:Gary shares his backstory and cybersecurity journey How Gary got into maritime cybersecuritySome early computer security vulnerabilities and hacking techniquesGary dives into current shipbuilding practicesSome potential maritime cybersecurity risks and threatsGary discusses his initial focal point with maritime cybersecurityCan a ship be hacked to gain potentially damaging data?Security by design and resilience in engineeringWhy bridge crews and officers have to be more technologically aware now than ever beforeLinks and resources:(CS)²AI Derek Harp on LinkedInGary Kessler on LinkedInGary KesslerAssociates

We are delighted to welcome Vincent Riou as our special guest for today’s CS2AI podcast!  Vincent is a distinguished figure within the cybersecurity industry who has profoundly impacted the field in recent years. He is a multifaceted individual with a passion for uniting people- even tens of thousands of individuals at times, for various causes. He is a French Navy veteran, a technologist, a founder, a dedicated father, a loving husband, a culinary artist, and above all, an all-around stand-up guy! Vincent has a wealth of knowledge to share with us today! He joins us to discuss some pertinent cybersecurity issues and concerns and the upcoming FIC event in Montreal on October 25th and 26th. Stay tuned for more!Show highlights:The story behind the FIC Conference that took place in Lille, France, just over a year agoWhy were the FIC events started?How cybersecurity is part of the fabric of every type of business organization, institution, and government bodyVincent explains why he organizes open events focusing on those who rely on the digital transformation of the worldVincent talks about the OT part of the Montreal event and explains how it started Vincent explains what comes first when he organizes an eventHow the Montreal event will differ from the event that took place in Lille last yearVincent pulls back the curtain to reveal how the big conferences work and what it is like to run themVincent shares his future vision for news conferences in North AmericaLinks and resources:(CS)²AI Derek Harp on LinkedInVincent Riou on LinkedInSAVE THE DATE FIC North America – October 25 and 26, 2023

Today, Derek Harp interviews Susan Peterson Sturm, the Chief Information Security Officer at Cognite. Susan is a Transformational Operational Technology leader with 20 years of experience in profitably scaling innovative software-based businesses, including automation, IIOT, and cyber security. She has a proven track record of growing and structuring early-stage, profitable digital software-driven P&Ls in excess of $150M. She specializes in change management, product management, M&A, and strategic alliances. Susan serves on advisory boards of Cognite, Innosphere Ventures & One Warm Coat. Susan is an incredible individual with vast experience! She’s an empath, DEI champion, mentor, board advisor, and volunteer focused on poverty alleviation. In this episode, she discusses her background, talks to Derek about her professional journey, and offers helpful tips and advice.You won’t want to miss this episode if you are considering a career in the cybersecurity space. Tune in to hear Susan’s fascinating story and benefit from her years of experience in the security field. Show highlights:Susan talks about her studies.Her motivation for pivoting into energy after graduating from college.What she gained from her career in international affairs.Some of Susan’s interesting roles early on in her career.The benefits of getting in-the-field experience.There are many different leadership paths to be chosen within the industry.What you can gain from working abroad with distributed teams.Where security first intersected with Susan’s career.Why it’s worth investing your time in networks.How being vulnerable can help you develop valuable relationships.The role mentorship has played in Susan’s career.How Susan ended up in her current role as a CISO.Motherhood can be very challenging for women in senior roles. The importance of moving on from any workplace where you don’t feel safe to express your needs.Links and resources:(CS)²AICogniteSusan Peterson Sturm on LinkedIn

Dr. Michael Chipley, the Founder and President of the PMC Group, is the guest for today’s podcast.Dr. Chipley has over 30 years of consulting experience in the areas of Program and Project Management, Cybersecurity, Energy and Environmental (LEED, Energy Star, and Carbon Footprint); Critical Infrastructure Protection and Analysis; Building Information Modeling (BIM) Technology; Base Realignment and Closure (BRAC), and Emergency Management/Disaster Recovery. Dr. Chipley served 24 years as a Civil Engineer in the US Air Force and has been consulting since 2001. He is a former adjunct faculty member at George Mason University, where he taught the Infrastructure Security Engineering, Building Security, and Building Information Modeling courses.Dr. Chipley grew up on a farm in Oregon. He is a long-time contributor to cybersecurity for control systems, civil engineer, US Airforce veteran, husband, father, grandfather, outdoor enthusiast, and wine enthusiast. He joins Derek Harp today to discuss his military background and career journey and share his insights and advice. You will not want to miss this episode if you are leaving the military and considering a career in cybersecurity. Stay tuned to hear Dr. Chipley’s story and benefit from his breadth of experience!Show highlights:What Dr. Chipley did and studied during the 24 years he spent in the military. Dr. Chipley talks about Shodan.io and what it can do.Some advice about skills and opportunities in the control systems space.How Dr. Chipley benefited from joining the military.Why you can never stop learning in the control systems world.Why women tend to excel in the cyber field.How students can find opportunities to join internship programs.Potential challenges that people in cybersecurity could face.Some of the projects with which Dr. Chipley is currently involved.What can young people do to add to their knowledge and education to increase their value five years from now?Links and resources:(CS)²AIThe PMC GroupMichael Chipley on LinkedIn

We are excited and very grateful to have David Pekoske, the current Administrator for the Transportation Security Administration (TSA), joining us today to share a closeout keynote he recently delivered. With a distinguished career spanning many years of dedicated service within the Coast Guard and the Department of Homeland Security, Administrator Pekoske has held various pivotal roles. Now, he stands at the helm of the Transportation Security Administration.  With his wealth of experience and insights, this episode promises to offer a unique perspective on the challenges and innovations in transportation security. Stay tuned for more!Show highlights:What the TSA does for security beyond the aviation systemAdministrator Pekoske discusses cybersecurity measures for critical infrastructureWhat are the cybersecurity regulations for critical infrastructure?The importance of cybersecurity and the need for a coordinated response to cyber attacksWhich measures have been put in place for cybersecurity in the transportation sector?Cybersecurity regulations and complianceWhich cybersecurity measures in place for critical infrastructure? What should the regulator have a basic understanding of and be willing to do to achieve their goals?How insider threats within the aviation industryCybersecurity and workforce development in the aviation industryOptions for cybersecurity careers in the government and private sectorsLinks and resources:(CS)²AI Derek Harp on LinkedInDavid Pekoske on LinkedInTransportationSecurity Administration (TSA)

Derek is thrilled to have a true industry legend returning to the podcast today!Joe Weiss, the Managing Partner at Applied Control Solutions LLC, initially appeared on the show in episode 61. If you have not already done so, you can listen to that episode to learn more about his biography and personal journey. Joe's reputation in the industry precedes him, as he is among the select few who can honestly claim to have dedicated more time and expertise to the field of cybersecurity field than almost anyone else. His career includes tenures at renowned organizations, and he is the curator of one of the world's largest incident databases. As in the words of Paul Simon, there have been incidents, accidents, hints, and allegations, and Joe Weiss has been at the forefront of understanding and dissecting all of those challenges. Join us for a thought-provoking episode where we dive into the complexities of cyber incidents, attribution, and the ever-evolving landscape of industrial security. You are in for an enlightening conversation today, so stay tuned for more!Show highlights:The story of how Joe started his database Cybersecurity in the context of nuclear safety and control systemsJoe discusses his database of incidents, explaining how it provides valuable insights into the history of cybersecurity incidents.Control system cybersecurity incidents and their causes Cybersecurity threats and vulnerabilities in industrial control systemsThe importance of securing sensors and actuators in industrial control systemWhy do engineers need training on policies and procedures to address security concerns with field devices?Security issues within the industryJoe shares his frustration with the lack of progress in IoT security.Ways to live with insecure systems and even turn them into money-making machines for end usersWhy is Joe calling for a holistic approach to control systems?Links and resources:(CS)²AI Derek Harp on LinkedInJoe Weiss on LinkedInApplied ControlSolutions LLC

Derek is delighted to welcome Ron Gula of Gula Tech Adventures and Co-Founder of Tenable as the guest for today’s show! His name is synonymous with innovation and expertise, and many listeners are bound to recognize the companies he has either birthed or influenced. Ron is originally from upstate New York. He was born in Rochester, grew up in Syracuse, and went to Clarkson University. He has had a multifaceted background and has worn many hats throughout his career. First and foremost, he is a technologist, with his roots tracing back to his formal training as an electrical engineer. He is also a programmer, founder, and CEO. Beyond his professional accomplishments, Ron is a military veteran after serving in the United States Air Force. He is a husband, father, podcasting enthusiast, masterful 3D animator, and scuba diver. He also indulges in cigar appreciation, holds roles as an investor, advisor, and board member across diverse ventures, and is a passionate champion of philanthropy. Today's conversation promises to be enlightening and inspiring! Stay tuned as we delve into the multifaceted tapestry of Ron's life and myriad experiences!Show highlights:How Ron became a hackerOne of Ron’s worst experiencesThe importance of understanding the mission of a companyRon talks about Dragon, network security, and how Dragon got acquired by another companyRon shares his motivation for starting his business and explains how he did itRon shares his advice for doing a startupHow Ron and his business partner co-founded Tenable Why Ron called his company Gula Tech AdventuresWhat they do at Gula Tech Adventures Links and resources:(CS)²AI Derek Harp on LinkedInRon Gula on LinkedInGula Tech Adventures

Step into the cybersecurity world alongside Derek today as he brings you another riveting discussion with an esteemed expert! Rob Putman is the Global Manager of Cybersecurity Services at ABB Process Automation. At the core of his journey lies an unquenchable thirst for understanding that has fueled his prowess within the cybersecurity world and beyond. Apart from his impressive professional portfolio, his life encompasses interwoven threads of diverse experiences. He is a US Army veteran, a devoted father, a relentless technologist, a car enthusiast, an intrepid skier, adaring rock climber, and a masterful team builder. With Rob hailing from the scenic Bainbridge Island in Washington State, just beyond the heart of Seattle, his insatiable curiosity about the mechanics of the world ignited his trailblazing path. With a penchant for dismantling and deciphering, he embarked on a lifelong mission to unravel the inner workings of things, often charting unorthodox courses to unveil hidden truths. Rob's curiosity and unyielding quest for understanding demonstrate the boundless possibilities that emerge when dedication intersects with ingenuity. Join Derek in witnessing the blend of expertise and passion embodied by Rob's exceptional journey as he peels back the layers of his life and work. This episode will enrich your understanding of cybersecurity and illuminate the transformative power of unbridled curiosity and purpose-driven endeavors! Stay tuned for more!Show highlights:Rob shares his superhero backstory.The jobs Rob did early in his career.How Rob transitioned into the tech world.The benefits of being opportunistic.How Rob managed to stay connected with interesting people as they moved around.How did he get into industrial control?The importance of having a diverse workforce to protect critical and control systems.Building trust and building bridges within a company.The challenges Rob faces and something he has to think about continuously in his current role. Some sage advice from Rob.Links and resources:(CS)²AI Derek Harp on LinkedInRob Putman on LinkedInABB ProcessAutomation

In the captivating world of cybersecurity, where technology and innovation intersect to safeguard our digital landscapes, Derek is delighted to welcome today's distinguished guest, Chris Kirsch! Chris is a man of multifaceted talents and roles. In addition to being the Co-founder and CEO of runZero , he is also a husband, a runner, a social engineer, an unwavering devotee to cybersecurity, a seasoned member of various security ventures, and a chef specializing in the art of bread baking! With his company serving as a bridge to the operational technology community, Chris's journey is a tale that weaves through diverse geographies. He grew up and went to primary school in Germany. He then attended boarding school in Switzerland, after which he continued his education in the United Kingdom.As we journey through Chris's narrative, we dive into his role as a longstanding contributor to the cybersecurity landscape and his pivotal role in bridging the gap between the digital domain and operational technology. Join us as we delve into the diverse facets of the narrative of Chris Kirsch, a remarkable force in the cybersecurity world! You’re bound to be enthralled by his unique story that intertwines his personal experiences with his unyielding commitment to the cybersecurity domain!Show highlights:Some lessons learned from PGP.Bridging the gap between hardware and software.How adding a second product to the sales process changes the hearts and minds of a sales team.Transitioning from working with crypto-geeks to hackers. (18:51)The value of cold-calling managers. (26:01)Two essential attitudes you can have to an acquisition.The benefits of being open and having conversations without expectations.Fingerprinting flaky devices.The importance of having a good inventory. Chris’s advice to his younger self.Links and resources:(CS)²AI Derek Harp on LinkedInChris Kirsch on LinkedInRunZero

Step into the cybersecurity world with Derek Harp for another riveting episode of the CS2AI podcast show! Derek has welcomed a vast array of industry titans onto the podcast, and this episode is no exception!Today’s show features Bryson Bort, the CEO and luminary Founder of Scythe. Bryson’s influence spans the domains he has touched, nurtured, advised, and meticulously built from the ground up. As the creator of the renowned ICS Village and the driving force behind Grimm, his story is an intricate tapestry of innovation and impact. A military veteran from the US Army, a nurturing father, a culinary maestro hosting his own show, a kayaker, a relentless charity fundraiser, and an all-around exceptional individual, Bryson embodies a remarkable depth that will most certainly captivate all listeners! Bryson spent his formative years in Germany and the Soviet Union. His linguistic journey began with German, followed by immersion language programs to master English, which was crucial for his educational pursuits. He spent his early years in Berlin until 1988, then in Moscow until 1990. His journey eventually culminated in the United States during his teenage years.Grab a seat and tune in as Derek unravels the narrative that shaped the exceptional Bryson Bort!Show highlights:How Bryson got into cybersecurity.How Bryson learned that procurement is your best friend.The importance of building relationships and providing exceptional service.Bryson shares his recommendations for working with individuals with technical backgrounds and getting them on board. The importance of understanding the business and mission of the company you work for.How cybersecurity eventually took over Bryson’s career path.How Bryson got the nickname, Grimm.Bryson talks about starting his company.Bryson shares some advice for taking on new ideas.Bryson explains what the ICS Village is all about.Links and resources:(CS)²AI Derek Harp on LinkedInBryson Bort on LinkedInScytheGRIMMEpisode 79 withMegan Sanford

In an ever-evolving world where progress accelerates exponentially, the pursuit of knowledge and an unwavering commitment to shaping a prosperous future have never been more vital.Today, we have the distinct honor of hosting a true trailblazer in the field of academia and industry as Dr. Barton Miller, the esteemed Vilas Distinguished Achievement Professor at the University of Wisconsin-Madison, joins Derek to share his passion, talk about what he does in the industry, and discuss how we can create a better tomorrow. Since first setting foot on the grounds of the prestigious Wisconsin-Madison University in 1984, Bart has spent nearly four decades at the forefront of research and innovation. With his roots in Southern California and his current abode in Johnson, his passion continues to burn as bright as the Californian sun he grew up under! Join us for an enlightening journey as Bart embarks on a riveting conversation, unraveling his unwavering passion, pioneering contributions in the industry, and vision for a brighter future! Get ready to delve into a world of cutting-edge ideas and explore how we can shape a promising future holding boundless potential!Show highlights: Bart shares his origin story. Why is it essential to get early exposure to control systems and focus on a specific area of interest?The value of resiliency and keeping systems up.What is plus-testing?Bart dives into how he uses terms like deep-fried security, crispy on the outside and juicy on the inside, when teaching.Examples of physical attacks on industrial systems. How did Bart get started in computer science? Bart explains fuzz-testing.The pros and cons of open source. Bart gets into his Introduction to Software Security course. Bart discusses something he has been looking at most recently- ransomware.Links and resources:(CS)²AI Derek Harp on LinkedInDr. Barton Miller on LinkedInUniversity of Wisconsin-Madison

Prepare yourself for another captivating episode of the CS2AI Podcast! Today, we feature an exclusive interview with Daniel Bardenstein, a former USG official turned entrepreneur. Having recently launched a groundbreaking start-up centered on the critical concept of SBOM, Daniel brings a wealth of insider knowledge and experience to the table! Daniel is the Co-founder and Chief Technology Officer of Manifest, a pioneering company specializing in comprehensive SBOM management. Their core mission is to facilitate organizations in embracing this innovative and relatively new concept with utmost simplicity and automation. Through their state-of-the-art solutions, Manifest empowers businesses to navigate the complexities of SBOM seamlessly, ushering in a new era of efficiency and ease.In today’s riveting discussion, hosted by Bryson Bort, Daniel pulls back the curtain on what truly happens in the trenches of SBOM and unlocks the secrets to implementing his game-changing approach within organizations. If you have ever wondered what SBOM is all about and how it could transform the way in which your organization operates, this interview is a must-listen! Get ready to dive into the nitty-gritty of SBOM as Daniel spills the beans on what is happening in the thick of it, offering invaluable insights on how to begin implementing this cutting-edge technology within your organization, starting today!Fasten your seatbelt and gear up to elevate your cybersecurity game to unprecedented heights!Show highlights: What is an SBOM?  Why SBOM is essential for asset owners. Two key ways to collect SBOMs.Integrating vulnerability management with asset management. Looking retroactively at legacy systems. How SBOM makes vulnerability management better. The importance of vulnerability management. How to get started with internal product security.How to get customers to take action. How long will it take to see value? Links and resources:(CS)²AI Derek Harp on LinkedInDaniel Bardenstein on LinkedInManifest 

Get ready for another captivating interview with a true cybersecurity luminary!Joining Derek on the podcast today is the multi-talented Mike Radigan! Mike is a seasoned cyber risk advisor at Cisco with a diverse background and a knack for problem-solving.Mike's current role is impressive, and his entire journey has been nothing short of extraordinary! Renowned for his creativity and expertise, and with a background in electrical engineering, he has proven himself a formidable problem-solver. Beyond his professional pursuits, Mike is also an avid educator, a master networker, and a passionate connector within Ohio's business and security events. Additionally, he boasts a fascinating range of interests, from being a semi-retired basketball player to a devoted cigar enthusiast and dog lover. With Derek having been privileged to know Mike for years, today’s interview promises to unveil intriguing insights and stories that will captivate cybersecurity enthusiasts and general audiences alike! Stay tuned to hear about Mike’s fascinating journey and learn from his many years of cybersecurity experience!Show highlights:How Mike became interested in technology.When security first came into play at Cisco.The evolution of cybersecurity from the early days to today.Risk quantification and cybersecurity. The importance of reliability in cyber security. An agnostic model for defining how risk works.How are those models applied in OT environments?The importance of reliability in cyber security.Why risk is a derived value. Lessons learned from the DRC Organization. Links and resources:(CS)²AI Derek Harp on LinkedInMike Radigan on LinkedInCisco

You are in for a treat today because we have an extraordinary guest and true industry titan joining us!Omar Sherin is a renowned cybersecurity expert. He is a partner at Ernst and Young Digital Solutions and Cybersecurity and former director of OT Cybersecurity for the same prestigious firm. However, Omar is multifaceted, and his story goes beyond his professional achievements. He is also a founder, dedicated father, adventurous scuba diver, and an avid lover of cars and motorcycles! With his vast experience and diverse interests, Omar has traversed the realms of technology and exploration, making him a captivating and inspiring figure in the cybersecurity world. In today’s discussion, he sheds light on his journey and delves into his remarkable contributions as a regional leader, sharing intriguing insights from his region of the world. He also gets into an exciting topic that lies ahead- prepping for the World Cup! Omar Sherin is not just a technologist but also a true adventurer and global citizen! Brace yourself for an enlightening conversation that transcends the boundaries of cybersecurity!Show highlights:How Omar got into cybersecurity.Two occurrences in Omar's life triggered his professional momentum.Omar discusses the incident that opened his eyes to the value of data.Why state-sponsored attacks require state-sponsored defenses.Omar shares his unique perspective on cybersecurity.How safety culture is embedded in cybersecurity.Omar talks about building an OT team in Africa.The ramifications of holding a world cup in Qatar.How to prepare for a major event.Why is cybersecurity a golden opportunity for young people?

Today, we are excited to share a riveting panel discussion on cybersecurity for Rails! We are honored to introduce our esteemed panelists, three remarkable individuals with a wealth of knowledge and expertise. Their diverse backgrounds and extensive experience in their respective domains make them invaluable contributors to today's discussion.Miki Shifman holds the esteemed positions of CTO and Co-founder of Cylus, a company wholly dedicated to cybersecurity. With an impressive career spanning over 15 years, his expertise encompasses cybersecurity research and development, as well as communications and embedded systems. For the past six years, he has been at the helm of Cylus, focusing on rail cybersecurity and actively participating as a member of global standardization groups, advocating for awareness and best practices. Recognized as part of Forbes 30 under 30, Miki also enjoys indulging in the strategic game of chess.Omar Sherin is a partner at EY. He leads the OT cybersecurity efforts for the MENA region. With an impressive 20-year track record in cybersecurity and a wealth of practical knowledge, his expertise extends to national security and the establishment of resilient infrastructures, including those within the rail systems. Jo Dalton is a seasoned cybersecurity professional with 17 years of comprehensive industry experience. Her versatile background encompasses various facets of the field, from business compliance to operational components, along with the groundbreaking research conducted at Pen Test Partners. Today’s enlightening panel discussion will provide a comprehensive view of the transportation industry, focusing on the scenarios within the rail sector. Stay tuned for a thought-provoking exploration that will give you a broader perspective on railway transportation security.Show highlights:How the connected world has changed things.The complexity of the rail industry.Why do we need more detailed standards?Global regulations for critical infrastructure.How old is the technology in rail?Challenges to be faced in the next three years.The typical life cycle of a rail safety system.The importance of having multiple companies working together.Cyber resilience in the rail industry.The need for industry-driven regulation of security.Links and resources:(CS)²AI Derek Harp on LinkedInOmar Sherin on LinkedInErnst & Young (EY)Jo Dalton on LinkedInPen Test PartnersMiki Shifman on LinkedInCylus

Today, we have the pleasure of introducing two esteemed panelists poised to ignite our minds with their profound expertise on cybersecurity in the maritime sector. Gary Kessler and James Cabe are two remarkable individuals who will shed light on the vast spectrum of applications that intertwine maritime operations and the crucial realm of cybersecurity. Gary Kessler is a retired cybersecurity professor who has embraced diverse roles. With a remarkable career starting in the late 1970s, Gary has immersed himself in information security. However, his passion for maritime cyber has captivated his attention for the past five to six years. During the challenging times of the COVID-19 pandemic, Gary undertook a personal project close to his heart: writing a book on maritime cyber. Presently, he dedicates his life to exploring the depths of the water, both physically and intellectually, as he navigates the intricacies of cybersecurity in the maritime realm.James Cabe is a seasoned cybersecurity specialist. He hails from a background deeply rooted in the history of the industry. Having spent his formative years at BBN Planet, James carries a wealth of experience. He ventured into diverse sectors during his career, including retail, foreign national critical infrastructure, and the oil and gas industry. He is currently immersed in the IoT realm, spearheading his own startup focused on developing a chaos-resilient Human-Machine Interface (HMI) independent of Windows. While James acknowledges his comparatively lesser experience in the maritime domain, his expertise in the oil and gas sector, particularly in anchoring systems, vibration analysis, and mud logging, adds a unique perspective to this distinguished panel. In today’s exhilarating exploration, we delve into the intricate world where technology meets the high seas and discover how safeguarding our industry has become paramount in the face of emerging digital challenges. The diverse backgrounds and perspectives of the panelists ensure an engaging and comprehensive discussion on the topic at hand.Stay tuned for an enlightening and dynamic conversation that promises to capture the essence of the maritime industry's cybersecurity landscape!Show highlights:The importance of cybersecurity in the maritime sector.Why maritime is essential for national security, defense, energy, food security, and economic security.Dealing with high-consequence events.The cost of retrofitting new technologies onto old ships.The push for autonomy on ships.The dangers of relying on digital information.The future of big boats and smart ships.The lack of resiliency in maritime systems.Automation and digitalization of the Maritime industry.Building a cyber safety culture.Links and resources:(CS)²AI Derek Harp on LinkedInGary Kessler on LinkedInGary Kessler AssociatesJames Cabe on LinkedInZPE Systems

We are delighted to welcome you to a riveting panel discussion on a subject at the intersection of technology, security, and the boundless skies! Today, we delve into the captivating realm of cyber security for aviation and aerospace! We are honored to introduce our three remarkable panelists, each of whom possesses a wealth of knowledge and expertise in their respective domain:Jonathan Pollet is a renowned figure at Red Tiger Security, known for his 22 years of dedicated work in OT and industrial control systems cybersecurity. Barbara Grofe hails from the esteemed Institute of Space and Cyber Research, where she specializes in space asset security and resiliency.  Shawn Goudge is a seasoned professional who has made significant contributions to physical security in aviation globally while actively exploring the convergence of physical security and cybersecurity. This esteemed trio of experts joins forces to shed light on the vital connection between physical security and cybersecurity. Stay tuned for today’s enlightening panel discussion on cyber security for aviation and aerospace that promises to unravel the intricacies of safeguarding our skies and beyond!Show highlights:Jonathan talks about a recent assessment of airport systems in Doha, Qatar.Why is cybersecurity very immature from the aerospace and satellite perspective? Who is responsible for OT cybersecurity at the airport?There is a lot of confusion within organizations about who is responsible for looking at threats.Why does cybersecurity legislation need to catch up?How physical and cybersecurity systems do not intertwine properly.Who is responsible for aviation security?Are satellites still easy to hack if they are sophisticated and compartmentalized?Do 5G and 6G pose specific risks for the aviation and aerospace sectors?The most common types of attacks on airlines.Barbara shares the key to addressing aerospace cybersecurity.Links and resources:(CS)²AI Derek Harp on LinkedInJonathan Pollet on LinkedInRed Tiger SecurityBarbara Grofe on LinkedInInstitute of Space and Cyber ResearchShawn Goudge on LinkedInThe Calgary Airport Authority

We are excited to welcome you to our eagerly anticipated panel discussion on the ever-evolving automotive and trucking industries! Today, we are privileged to host a remarkable trio of experts who will provide us with invaluable insights and diverse perspectives. We are delighted to introduce our esteemed panelists, Michael Clifford, Nikhil Bogam, and Antwan Banks. Each of these luminaries brings a unique perspective, promising a diverse and enlightening discussion that will unveil the inner workings of their respective organizations.Antwan Banks joined the National Motor Freight Traffic Association (NMFTA) about two months ago. His primary role is advocating for security practices as the industry advances into autonomous trucks, electric vehicles, and interconnected networks. With the overarching aim of safeguarding the welfare of motor carriers, Antwan's mission aligns with the NMFTA's dedication to fostering a thriving and secure environment within the motor freight industry.Nikhil Bogam is a seasoned professional with a remarkable career spanning 17 years in the automotive industry. He currently serves as a technical lead in functional safety and cybersecurity at Faurecia Forvia. With over six years dedicated to cybersecurity, Nikhil possesses a profound understanding of the intricate relationship between automotive technology and cybersecurity, recognizing its unique nature compared to conventional infrastructure security. He brings extensive expertise in the 21434 Standard, a recently published industry benchmark, and is actively involved in shaping forthcoming European regulations concerning automotive cybersecurity. Michael Clifford is a highly regarded professional and principal researcher in cybersecurity and privacy at Toyota Infotech Labs, the prestigious advanced research and development division of Toyota. With a unique focus on long-term projections, Michael engages in projects that anticipate developments a decade or more into the future. His responsibilities involve predicting and addressing security challenges for technologies that have yet to materialize. Moreover, Michael takes on a leadership role in a consortium of universities dedicated to cutting-edge cybersecurity research, encompassing a diverse range of domains such as security theory, cyber-physical attacks and defenses, and machine learning. His extensive expertise in cybersecurity research dates back to 1998, and his interests span a wide spectrum, including security, privacy, machine learning, autonomy, ad hoc networks, energy efficiency, engineering, transportation, manufacturing, and user-centric design. With a wealth of knowledge and a forward-thinking mindset, Michael plays a pivotal role in driving innovation and ensuring the security of future technologies.We invite you to join us as we embark on this compelling odyssey of knowledge and discovery and uncover the intricacies of the automotive and trucking industries and the remarkable visions that lie ahead. Stay tuned for more!Show highlights:The differences between trucking industrial control system cybersecurity and traditional cybersecurity.Michael shares his thoughts on electric vehicle (EV) charging stations.Security and privacy for autonomous vehicles.Why the automotive industry needs to think about problems that will occur.The evolution of the automotive industry.The future of security in the transportation industry.Does the automotive and trucking industry view federal rules as positive for cybersecurity or a hindrance?Looking at standards within the industry.Where automakers are, in terms of taking on cybersecurity for cars and trucks.How AI plays into the future of the automotive industry.Are common protocols and standards shared across the automotive industry?Can EVs be used to spread malicious...

Welcome to today’s ground-breaking episode of the CS2AI podcast, where we have the privilege of hosting a dynamic duo of cybersecurity specialists who have dedicated their careers to protecting our critical infrastructure! Steve Mustard is a seasoned automation engineer from Houston, Texas, with a passion for securing automation and control systems. Having served as President of the International Society of Automation in 2021, his commitment to this field runs deep. Bob Radvanovsky is a true pioneer in industrial cybersecurity! He is the Co-founder of the renowned SCADASEC mailing list and the mastermind behind Project Shine. With his vast expertise in safeguarding control systems, IoT, and industrial IoT systems, Bob is currently at the forefront of fortifying our energy sector and protecting the grid. In this innovative episode, Steve Mustard, with his unwavering commitment to the field, and Bob Radvanovsky, a true trailblazer in industrial cybersecurity, share their wealth of knowledge and experience in securing automation and control systems. Stay tuned as Steve and Bob unravel the latest developments, challenges, and emerging trends in the ever-evolving world of cybersecurity!Show highlights:Why are we still having serious major incidents when there is so much awareness around cybersecurity?Bob talks about the idea behind Skidmark, his publically-accessible database for collecting information about industrial cybersecurity incidents.Staying up to date with cyber security.Why is there a disconnect between CEOs and operations?Managing cybersecurity on a risk basis.Problems with remote access.Do regulations actually help improve cybersecurity?Why must people who help people have an intimate understanding of the subject?What is a holistic approach to critical infrastructure?Simple things that can prevent egregious attacks.What can you expect from the fifth edition of Bob’s book, Critical Infrastructure, Homeland Security, and Emergency Preparedness?Links and resources:(CS)²AI Derek Harp on LinkedInBob Radvanovsky on LinkedInSteve Mustard on LinkedIn

Derek is super excited to welcome a true trailblazer in the world of cybersecurity today!Jonathan Pollet is the Founder and Executive Director of Red Tiger Security. He is an invaluable pioneer and a long-time contributor to the cybersecurity community. He has been a guiding light for those who ventured into cybersecurity from traditional IP backgrounds over a decade ago. Red Tiger Security is a focused SCADA Security consultancy, training, and research firm dedicated to the resiliency of national critical infrastructure and mission-critical business systems that must be available on a 24x7 basis. Red Tiger Security has developed and implemented a 6-layer Vulnerability Assessment approach that encompasses both Physical and Cyber security for ICS (Industrial Control Systems).Hailing from the vibrant city of New Orleans, Louisiana, Jonathan’s upbringing was shaped by the unwavering dedication of his single mother. Determined to pursue a path in electrical engineering, he tirelessly sought opportunities to secure a full scholarship, ultimately leading him to the doors of Louisiana State University. Fortunately, his efforts paid off, and he emerged holding a four-year degree at the age of 21. Growing up in the lively streets of New Orleans instilled in him a belief that anything is possible when met with resilience and a zest for life!With an illustrious background as a SCADA engineer, Jonathan has become an AI and OT security evangelist, leaving an indelible mark as an entrepreneur and business owner. In addition, he is also an instructor, speaker, scuba diver, and even a talented sax player!Join us as we uncover the extraordinary life of Jonathan Pollet, a multifaceted force shaping the landscape of cybersecurity!Show highlights:How Jonathan got started in digital process control.Jonathan shares a pivotal moment in his cybersecurity journey where he witnessed the entire system repeatedly crashing due to a network issue caused by a user in Australia attempting to draw a network diagram.Jonathan explains how he taught himself cybersecurity and became an advocate for it.What prompted him to create a course in cybersecurity?Jonathan dives into his transition from working for Chevron to becoming an entrepreneur.Why selling cybersecurity is not always easy.Is the industry waking up to the importance of cyber hygiene?How is OT learning from the IT world?Jonathan explains how things will become more and more connected in the future.Links and resources:(CS)²AI Derek Harp on LinkedInRed Tiger SecurityJonathan Pollet on LinkedInRed Tiger Security on LinkedIn

Derek is delighted to have a special guest calling in from Brussels today! Olivier De Visscher is the current Head of Railway Industrial Cybersecurity at the Expleo Group. He joins Derek to shed light on the importance of cybersecurity for the railway industry and discuss its implications for the future.With a total of 25 years of experience, Olivier has dedicated ten of those years to the field of Industrial Cybersecurity. He shares his expertise and promotes collaboration with the cybersecurity domain of the European Transportation sector. He remains closely connected to the railway community, including RU, IM, and the Industry, as it provides him with a valuable opportunity to work across different areas. Olivier continues to support various European initiatives in the field of railway cybersecurity.As we kick off our focus on transportation this month, starting with a series of events, seminars, and podcast episodes on May 17th, we could not be more excited to have Olivier joining us. With over 25 years of experience in IT and technology, Olivier brings a wealth of knowledge and expertise in railway systems and other industrial applications. Stay tuned to learn more about Olivier and his insights on railway cybersecurity!Show highlights:Olivier discusses his background in cybersecurity.What led Olivier to specialize in rail security?Olivier dives into the need for a new cybersecurity standard for rail.Why is cyber security so important in the transport sector?The importance of a cybersecurity approach in the safety case.Why you cannot protect against everything, especially when the threats are high-level.What is the tech refresh rate? Is ancient technology still in play?What is going uniquely well in the rail industry?Links and resources:(CS)²AI Derek Harp on LinkedInExpleo GroupOlivier De Visscher on LinkedIn

We have a special treat for you today! Our friend and colleague, Brent Huston, joins Derek for an online CS2AI session to explore the fascinating modern ICS success story of robots, rails, bytes, and risk. Brent Huston is a cybersecurity expert who has been a business owner in this space for over three decades. He has a deep technical background but can explain complex concepts in a way that is easily understandable by everyone. In the 30 years he has been in the technology business, Brent has worked on various projects involving automated warehousing, inventory control systems, and point-of-sale systems. He also has expertise in cybersecurity and industrial automation. With his years of experience and expertise in the field, Brent will take us on a journey through the evolution of ICS security and share some valuable insights on achieving success in this constantly evolving landscape. Stay tuned for more!Show highlights:Why warehousing is becoming a hot area for disruption.How robots move at high speeds and are user-programmable.Were there any considerations given to EMF attacks or sonic attacks?Brent dives into staffing with a team used to OT protocols.Using NLP to parse documentation and generate inventory reports and configuration maps.Creating an initial attack surface map.Using machine learning to analyze the network data to build a network map.Brent talks about moving the same techniques from automated warehousing into production environments.When they first got the system, everyone on the team expected the robots to be smarter than they are.How much automation is available today?Were there any considerations given to EMF attacks or sonic attacks?Brent shares his prediction for the future of cybersecurity.Links and resources:(CS)²AI Derek Harp on LinkedInBrent Huston on LinkedIn

Derek is delighted to have Megan Samford joining him today!Megan is an executive experienced in Product Security programs, ICS/OT, PSIRTs, Threat Intel, and Critical Infrastructure Protection. She is currently the VP and Chief Product Security Officer of Energy Management at Schneider Electric.Megan is a well-rounded and fascinating person! In addition to being a cyber-emergency manager, she is a critical infrastructure protection hero, the founder of many things, a mother, a rock hunter, and a genealogy enthusiast! She loves shopping, interior design, and cars-specifically 300zx!In today’s episode, Megan tells her story, discusses her career trajectory, and shares her experience, insight, advice, and free resources for anyone considering a career in cybersecurity.Show highlights:How Megan's mother helped Megan grow into her full potential.Megan talks about being part of the first graduating class of the world's first accredited degree program in Homeland Security and Emergency Preparedness at Virginia University.How Megan gained a core foundation for critical infrastructure while doing an internship at the governor’s office in 2007.Megan discusses her first encounter with policy work and explains how much she loved it.Megan talks about being promoted to leading critical infrastructure for the Commonwealth of Virginia when she was only twenty-six.What Megan did that allowed her to get promoted to lead critical infrastructure for the Commonwealth of Virginia at only twenty-six years of age.Why do people like working with Megan professionally?How Megan got to work at GE, and how she ended up working at Schneider Electric.Megan dives into the work she does with ICS4ICS.Megan shares free resources via ICS4ICS for FEMA online incident command system training.Links and resources:(CS)²AI Derek Harp on LinkedInSchneider ElectricMegan Samford on LinkedInICS4ICS training

Derek is delighted to have Daniel Ricci joining him on today’s podcast! Dan wears many different hats. He is currently the Senior Information Security Officer and Senior System Security Engineer at Frequentis Defense. He is also the founder of the ICS Advisory Project, which focuses on providing small and medium size ICS asset owners with a free data visualization capability to track applicable vulnerabilities and secure Critical Infrastructure. Dan retired from the U.S. Navy after serving 21 years in the Information Warfare community. During his career, he supported and enabled full-spectrum Cyberspace operations, Naval Air, Sea, and Special Warfare operations. Dan comes from a small town in the south suburbs of Chicago. In addition to being an engineer, he is also the founder of many things, a military veteran, musician, scuba diver, and data hound. He joins Derek today to discuss his background and career journey, share his insights and experience, and offer nuggets of advice for anyone considering a Naval cybersecurity career.Show highlights:Why Dan joined the Navy, and what he learned there.Dan got introduced to security while in the Navy. He discusses the different aspects he focused on during his tours and the latter part of his Naval career.Dan dives into the cybersecurity training opportunities available in the Navy.Dan talks about his transition out of the Navy.What Dan is working on in his current role.Dan discusses the ICS Advisory Project he started.Dan shares his vision and concerns for the future of his ICS Advisory Project.Dan shares his vision for the future in general.

This special edition of the CS2AI podcast features the highlights of a recent interview with Derek, broadcast on the ABB Energy Pod podcast. In this episode, Patrik Boo, the Portfolio Manager for Cybersecurity Services at ABB Process Automation, interviews Derek Harp, the Founder and Chairman of CS2AI, about his upcoming keynote presentation that will open the OT Cybersecurity Leaders Virtual Summit on ransomware, which will take place on April 19th, 2023.  Stay tuned to hear what Derek will cover in his keynote presentation at the OT Cybersecurity Leaders Virtual Summit. The summit is hosted by ABB in collaboration with other sponsors.Show highlights:Derek discusses his main takeaways from the 2022 report.Who are the greatest threat actors?Derek dives into the need for OT cyber-informed training within the operating environment.How ransomware is on the rise in all the different sectors.The link between various groups of cyber criminals and the sharp increase in ransomware.Who is at risk?Other topics that will also be covered at the summit.Links and resources:(CS)²AI Derek Harp on LinkedIn

Today, Chris Blask, the Vice President of Strategy at Cybeats, and Patrick Miller, the CEO at Ampere, join Derek in an online seminar stimulated by a blog article Patrick wrote just after the last S4 conference.Chris and Patrick are both (CS)²AI fellows who have attended many S4 events. In today’s online session, they review the latest S4 conference. They dive into various topics important for the industrial security and OT security communities, answer questions from listeners, and discuss the future of the cybersecurity industry.S4 is one of the longest-standing annual cybersecurity conferences focused on control systems, OT, and ICS. Dale Petersen is the founder, creator, and MC of the S4 conferences.Show highlights:Chris shares a main takeaway from this year’s S4 event.How technology is changing.Why more people are needed to make cybersecurity work going forward.Question: Are discussions of wireless security growing or declining at the conference? Is there a session (or sessions) dedicated to wireless yet?Question: Within all OT and IT cybersecurity professionals, what would be the ratio of OT cybersecurity real professionals? Why it is normal and expected not to know the answer to some things, and how to find the answer if there is something you don’t know.Question: Tribal knowledge is a real threat to OT/ICS security. The aging workforce in OT engineering is part of this problem. What is the best way for organizations to address this challenge?Chris and Patrick share their thoughts on executives taking the risk of solving ICS/OT security issues.Question: What are your thoughts on Ford applying for a patent on a car that can repossess itself?Chris and Patrick discuss metrics, risk management, and cyber insurance.Patrick and Chris dive into diversity, equity, and inclusion in the OT space.Question: When will we get past the notion that ICS pen-testing has to be a separate category?Question: Looking forward, what would you foresee as the big themes of S4/24?

Today, Derek interviews Jonathan Tubb, the Director of Industrial Cybersecurity at Siemens Energy in Ohio. Jonathan is an experienced Senior Lead with a demonstrated history of working in the power generation industry. He is skilled in Power Plants, Electric Power, Power Systems, Integration, and Research. He has strong project management skills and a Computer Science and Engineering degree from The Ohio State University.Jonathan is a well-rounded and interesting individual! He is also a great contributor to the cybersecurity community and a true blue engineer, software engineer, tinkerer, bird and animal lover, Ohio State Buckeye, and art enthusiast. He joins Derek to discuss his background, education, and career trajectory, along with nuggets of advice for anyone considering a career in the cybersecurity space.Show highlights:Growing up, Jonathan spent much of his time focusing on science and technology.How volunteering at the Museum of Science and Industry fed Jonathan’s curiosity and impacted his approach to technology.How cybersecurity informed where Jonathan began his career.Jonathan discusses his internship with American Electric Power.What are the benefits of doing an internship?Why must we utilize other people’s knowledge to help solve problems?Jonathan discusses his transition to Siemens Energy.Jonathan gets into what he has focused on for the last few years at Siemens Energy.What makes a good cybersecurity practitioner?Jonathan dives into the industrial cybersecurity apprenticeship concept Siemens Energy has put together but not yet implemented.

Today, Chris Sistrunk joins Derek Harp on the podcast. Chris is currently the Technical Manager at Mandiant, which is now part of Google Cloud.Chris is a Technical Manager in Mandiant's ICS/OT Consulting practice, focusing on cyber security for industrial control systems (ICS) and critical infrastructure. He focuses on helping secure ICS and critical infrastructure around the world.Chris grew up in the hills and hollows of North Louisiana, surrounded by swamps, red clay, and pine trees. He is a relied-on expert in the cybersecurity space. He is also a husband and father, one of the co-founders of the BEER-ISAC, musician, dad joke-teller, bourbon aficionado, and an aspiring BBQ pit-master. In this episode, Chris shares his backstory. He also discusses his education and career path and offers helpful advice for anyone interested in working with control systems and control systems security.Show highlights:Chris had an engineering mindset and was always curious about how things worked while growing up.How he got into working with SCADA systems early on in his career.How hurricanes taught Chris about instant response and disaster recovery, and prepared him for what he does today.Chris offers advice, encouragement, and assistance to anyone who wants to work with control systems and control systems security.What Chris learned while working for the power company. The kind of thinking he employs when working with cybersecurity.How Chris shifted from being an engineer to working with cybersecurity for control systems.The various roles Chris has played and the steps he has taken along his career path.How Chris got to work at Mandiant.The importance of building trust, respect, and working together, to solve difficult problems.Links and resources:(CS)²AI MandiantChris Sistrunk on LinkedInChris Sistrunk on Twitter

Today, Derek Harp interviews Jose Seara, the Founder, and CEO of DeNexus.Jose is an entrepreneur with 25+ years of experience building enterprises around critical infrastructure assets across different technologies and geographies. He turned a start-up concept into an international corporation with $100M in revenues. He is now building the global standard for Industrial Cyber Risk quantification at DeNexus and bridging the chasm between cyber threats and business impact.Jose comes from Spain. He was born in Barcelona and grew up in Madrid. He is an intriguing person with a fascinating background. In addition to being an entrepreneur, he is also a husband, father, sailor, scuba diver, pilot, skier, builder, runner, and biker. He joins Derek today to discuss his background, professional journey, and the interesting work that gets done at DeNexus. He also shares his experience and offers nuggets of advice for budding entrepreneurs.Show highlights:Jose discusses his career journey, which began with him studying Naval Engineering at a college in Madrid.Even though he is not very technologically savvy, Jose got exposed to technology through various work ventures.Jose explains what brought him into the technology and cybersecurity space.Jose explains how he shifted from working with traditional energy to becoming an entrepreneur working with wind and solar energies.Jose explains how risk-taking has always taken him out of his comfort zone.Learning lessons the hard way ensured Jose never forgot what he had learned.How Jose inadvertently planted the seeds for DeNexus before starting it.Jose reflects on his own entrepreneurial journey and offers advice for entrepreneurs new to the cybersecurity segment and entrepreneurs and CEOs selling cybersecurity to the OT space. The various steps Jose took before launching DeNexus.What are they doing at DeNexus?The role the insurance industry plays in the control systems space.What excites Jose about the future?Links and resources:(CS)²AI Jose Seara on LinkedInDeNexus

On the 7th of December 2022, (CS)²AI hosted a symposium where more questions got asked than could get answered within the allotted time. Tilo Kaschubek was one of the speakers at the event. He joins Derek today on the podcast to respond to some of the unanswered questions.Tilo is currently the Director of Cloud Ecosystem and Regional Alliances in EMEA for AVEVA. He was previously with OSIsoft before the merger. (AVEVA is now a subsidiary of a large recognized equipment manufacturer.)In this episode, Tilo discusses his role in the recent AVEVA transaction, describes the (CS)²AI symposium in detail, and dives into some of the questions he did not get to answer at the event. Show highlights:Tilo discusses the changes that recently occurred with AVEVA.Tilo summarises his presentation at the (CS)²AI symposium.Question: How do you see IIoT (Industrial Internet of Things) playing a role via cloud models for predictive analytics to enhance decision-making for owner-operators?Question: On a personal level, big data analytics has raised huge privacy and legal issues. How can these issues not be exacerbated in a commercial market of trading companies’ data into sellable products?Tilo discusses the best approach to data vulnerabilities.Question: Help me visualize a 100% on-prem PI deployment with all of its virtual machines versus a 100% on-cloud PI deployment. In terms of hybrid, what does that mean, in the sense that I only have on-prem systems talking to the PI on-premises virtual machines, and what exactly is running in the cloud? Alternatively, is the cloud-based solution offered as SaaS, or would the asset owner deploy their favorite cloud?Question: Regarding the AVEVA data, is that similar to the AWS Marketplace? For instance, if an organization built a digital twin of a transformer system from Utility Hacks, is the data hub created going to make it easy for Utility Hacks to publish the model so others can use or vie? If not, is there an AVEVA marketplace where organizations can build or share models?Question: As an oil and gas control system engineer and user who has applied software for many years, I’d like to know if you have already adopted this new solution and used it for any oil and gas company.Tilo explains the PI system philosophy.What has AVEVA done to overcome the existing legal constraints and make it easier to share operational data?Question: What do ISACs (Information Sharing and Analysis Centers) do?What are the benefits of the subscription model?What is available for auditing, testing, and verifying technologies like unidirectional gateways and data diodes?

Derek Harp interviews Willi Nelson in this episode. Willi is currently the Field CISO of Operation Technology at Fortinet, one of the oldest and longest-standing sponsors of the (CS)²AI organization.Willi is a Security/Technology/Visionary who focuses on thought leadership and executive influence for Fortinet. He is responsible for developing security thought leadership, strategy, threat, vulnerability & mitigation insights, and world-class practices for the cybersecurity community and business executives.Willi is a technologist, military veteran, woodworker, bee-keeper, outdoorsman, fisherman, metal artist, hunter, cyclist, husband, and father. In this episode, he shares his backstory and unpacks what he does for the industry. He also offers valuable nuggets of advice for people with an OT and engineering background who don’t know cyber and those with a cybersecurity background with no knowledge of control systems and OT.Show highlights:Willi joined the US Army immediately after graduating high school. He gets into what he learned there and why he left.Why resiliency is essential.How Willi got into computers.Willi discusses the importance of education and explains what prompted him to return to college at 27.The power of being humble, having a thirst for knowledge, and a work ethic in the workforce.Qualities Willi looks for when recruiting people.Where OT and cybersecurity first intersected with Willi’s career.How he got the opportunity to step into leadership while spending some time working in financials.The difference between influential and mandatory leadership.What operational technology means in the context of Willi’s current line of work.What makes Willi optimistic about the future?

Raphael Arakelian joins Derek Harp today for a slightly different podcast.Raphael is currently the Manager of OT and IoT Cybersecurity at PwC Canada. He is a cybersecurity practitioner specializing in Operational Technology (OT), the Internet of Things (IoT), and Industrial Control Systems (ICS).It has always been challenging for purchasers and end-users to understand how to differentiate between various OT products and determine which tools to select. Raph has developed a methodology for comparing monitoring tools. On the 25th of January this year, he did a CS2AI online show with Derek called OT Monitoring Tools: A Case Study on How to Choose One. It was a popular event, and many questions got submitted. Unfortunately, all the questions could not get answered within the allotted time. So they decided to follow up with a collaborative bonus session to get to the bottom of more of those questions.In his episode, Raph discusses his systematic methodology for overcoming the challenge that organizations often face when looking at different vendors in the OT security space to select the right tool for a given situation. He also responds to several unanswered questions from the online CS2AI event. Show highlights:Raph shares the idea behind his systematic approach and explains what led him to devise it.The nine technical areas that get evaluated with Raph’s methodology.The nuances that led Raph to the three candidate vendors with whom he did his proof of concept.Raph recaps his methodology, discusses the source of truth data critical for the assessment, and explains what happens if an organization does not have the asset inventory beforehand.How to differentiate between IT and OT assets.Raph gives a quick explanation of industrial protocols.Question: During the proof of concept, was there a concern about connecting the tools and a laptop to an active utility system? Was port mirroring enough to ensure one-way communication?How to address devices that are not active on the network.Question: “Based on your study, How is Asset Characterization for OT Monitoring Tools it seems that there could be a lot of manual edits needed to fix mischaracterization.”Raph shares his thoughts on the following: “For most tools, it seems that CDE detection and remediation guidance has a shotgun approach without regard to the hardware on which the CDE is found.” Instances in which vendors will be willing to update their products.Why Raph believes OT monitoring tools are helpful.Links and resources:(CS)²AI Sign up here to become a member of our on-demand library. PwC CanadaRaphael Arakelian on LinkedIn