Today, Derek Harp interviews Matt Wyckhouse, the Founder and CEO of Finite State. Before founding Finite State, Matt spent 15 years leading and developing advanced solutions to some of the hardest problems in cyber security, with experience across the spectrum of offensive and defensive cyber operations. Notably, he was the technical founder and CTO of Battelle's Cyber Innovations business unit. Throughout his career, Matt has spearheaded complex national security programs ranging from the detection of malicious integrated circuits in the supply chain to next-generation intrusion detection systems for automotive systems. Matt directed numerous intelligence programs related to the security of embedded and IoT devices and has been a speaker on the subject at security events.Matt grew up in Ohio, in a small suburb outside of Toledo. In addition to being an entrepreneur and technologist, he is also a husband, chef, foodie, world traveler, and water sports enthusiast! In this episode, he shares his backstory, discusses his education and professional journey, and offers nuggets of advice for anyone looking to get into cybersecurity. Show highlights:Matt was in a gifted program in elementary school and started writing codes. He also did a fair amount of programming on the side when in high school.Matt did an internship and spent 13 years with the Battelle Center for Science, Engineering, and Public Policy at the Ohio State University.Matt explains why he believes in the power of internships.Matt discusses the benefits of mentorship and explains how it played out for him early on and the role it plays today.The various projects and programs Matt worked on at Battelle.How did Matt become a technical leader of the brand-new cybersecurity business unit at Battelle?What led to Matt leaving Battelle?Matt talks about what he did after leaving Battelle and before founding Finite State.Things Matt was afraid of when thinking of starting a company.Matt offers advice for anyone contemplating starting a company.What does it take for entrepreneurs to raise capital to start a business?What does Finite State focus on, and who do they serve?

Today, Derek Harp interviews Michael Schroeder, the Founder, CEO, and Director of OT, FRCS, and ICS Security at 3 Territory Solutions. Michael leads an organization that conceptualizes, develops, and implements cybersecurity standards and policies for Facility-Related Control Systems, Medical Devices, Industrial Control Systems, PIT and PIT Systems, Operational Technologies, and most generally, the Internet of Things. They are passionate, challenge the status quo, innovate, and fail forward.Michael was born and raised in Pittsburgh, Pennsylvania. He is a long-time contributor to the cybersecurity space. In the early years, he was a Chapter Board Member in the Washington DC Chapter of the Control System Cyber Security Association International. He is also a father, husband, entrepreneur, engineer, project manager, traveler, and race-car driver. He joins Derek today to discuss his education and career path, talk about what he does today, and offer advice for anyone considering a career in cybersecurity.Show highlights:Michael explains what drew him toward the discipline of engineering and why he decided to study mechanical engineering.Michael discusses what he did after graduating from Pennsylvania State University.How Michael jumped from engineering and working in construction to cybersecurity in 2015.Why should you leave jobs with professionalism and strive to keep the doors open?Michael explains why his stint working at a large company was so short.Michael shares his motivation for starting his own company and gets into the genesis process.How Michael chose the name 3 Territory Solutions.Michael shares some insight for entrepreneurs. How Michael built his career by taking advantage of opportunities as they presented themselves.Michael offers advice for people coming into the cybersecurity space.The role mentorship has played in Michael’s career path.Links and resources:(CS)²AIMichael Schroeder on LinkedIn3 Territory Solutions

Dale Peterson, the Founder of the S4 Conference, joins Derek Harp today. Dale was on an earlier podcast last year where he spoke about the founding and history of the S4 Conference. Today, he joins Derek to discuss the S4x23 Conference coming up shortly. It will open with a preliminary day on February 13th, and the event will take place on the 14th, 15th, and 16th of February.For more than 15 years, Dale Peterson has been on the leading/bleeding edge helping security-conscious asset owners effectively and efficiently manage risk to their critical assets. He has pioneered numerous ICS security tools and techniques, such as the first intrusion detection signatures for ICS that are now in every commercial product. In 2007 Dale created the S4 Events to showcase the best offensive and defensive work in ICS security and build a community. S4 is now the largest and most advanced ICS event in the world. Dale is constantly pushing and prodding the ICS community to move faster and get better.The S4 Conference has been growing and evolving for many years. In this episode, Dale dives into what to expect and look forward to for this year’s S4x23 Conference.Show highlights:Dale gets into what to expect from the upcoming S4x23 ConferenceDale discusses what excites him about the upcoming eventDale talks about the women’s social event that will take place on the night of Monday the 13thThere will be a My Favorite Metric game show on the morning of Thursday the 16thThere will be 100 free tickets for women in ICSThere will be a special space for worthy cause exhibitorsWho the event is geared towardLinks and resources: (CS)²AIDale Peterson’s websiteDale Peterson on LinkedInGo to www.s4xevents.com for more information about the upcoming S4x23 Conference.Books mentioned:Start with Why: How Great Leaders Inspire Everyone to Take Action by Simon Sinek

Today, Markus Braendle joins Derek Harp as his guest for today’s show. He is Head of Information and Automotive Security at the Volkswagen company, CARIAD. Markus has been in the industry for a long time! He is a high-energy and result-driven professional offering extensive leadership and business experience. He has a proven track record of building, strengthening, and leading international teams, evolving organizations to meet future needs, as well as creating a customer-focused culture. He is confident and engaging with refined communication skills. He brings deep technical know-how to areas of information technology, cyber security, or industrial automation.Markus was born in Iran and grew up in a small town near Zurich, Switzerland. In addition to being a technologist and an all-around geek, he is also a husband, father, hobby carpenter, mountain biker, and formally-trained software engineer. In this episode, he tells his story, discusses his education and career trajectory, and gets into what they are doing at CARIAD.Stay tuned for more!Show highlights:His dad was into technology, and it became clear early on that Markus would also go into technology.He studied for four years to get his Master’s in Computer Science and then did a P.h.D. in Theoretical Computer Science.Markus talks about the value of the year he spent in the US as an exchange student.He explains why he ended up in a corporate research lab after completing his studies.Markus discusses his first intersections with control systems and cybersecurity.How Markus learned to always ask about the most important thing a product does before trying to link security to it.Markus discusses his approach to building a network to advance your career.The qualities Markus looks for in candidates when interviewing them.What diversity means to him, and why he feels it is essential when building teams.How Markus discovered the benefits of working with people with autism.Why he left ABB to join Airbus, and why he joined Cariad eight months ago.Markus shares some advice for what people starting in their careers should study.

Today, Derek Harp shines the spotlight on Verve Industrial Protection. Verve has been around for some time and has been evolving over the last several years. Rick Kaun is the VP of Solutions at Verve Industrial Protection. He joins Derek today to share his insights and talk about Verve, explain what sets them apart from the rest, and discuss where they are heading.   Rick is a CS2AI fellow and a former CS2AI Chapter President. He has been involved with CS2AI since the very early days.You will not want to miss this episode if you are interested in learning about what goes on and what people are doing in the OT realm and cybersecurity space. Stay tuned to find out what Verve Industrial Protection does, the verticals they are in, who they help, and how they do it. Show highlights:Verve’s origin story.How Verve differs from its competitors.Rick discusses the various verticals Verve is in.How and why Rick joined Verve.Rick dives into what protection requires.The main differences between Verve and traditional tools.Why does Verve do managed services?Rick unpacks what he finds exciting about where Verve is and the way they do things.How do people get selected to do OT or ICS cybersecurity?

Derek Harp interviews Donovan Tindill today. Donovan is the Director of OT Cybersecurity at DeNexus. Donovan Tindill is a control systems cybersecurity subject matter expert with the Honeywell Industrial Cybersecurity team. He spent over 17 years customer-facing as a control systems cybersecurity consultant in Canada, training/mentoring the technical team, and leading major projects across Consulting Services. Donovan supports global industrial cybersecurity by volunteering to teach, contributing to standards, supporting industry conferences, and sharing thought-provoking presentations. He is a former ISA-99/62443 trainer, working group co-chair, and contributor. Donovan is an advisor to both the United States and Canadian government control systems cybersecurity conferences (i.e. US DHS ICSJWG Vice-Chair and Public Safety Canada ICS Symposium Vendor Seat) helping select speakers, drive awareness, and increase knowledge in North America. Donovan has an applied Bachelor’s Degree in Network Engineering and Management (NET:1999, BAIST-NM:-2003) from the Northern Alberta Institute of Technology (NAIT) and holds CISSP and GICSP certifications.Donovan grew up in Canada, in rural Alberta, and currently lives in Edmonton. He is a long-time contributor to the cybersecurity space. He has been involved for much longer than most and is way more than just a cybersecurity enthusiast. He is also a professional speaker, husband, father, coach, outdoor enthusiast, camper, handyman, and tinkerer. He joins Derek in this episode to tell his story, unpack his career journey, share his experience, and offer advice.You won’t want to miss this episode if you are considering a career in cybersecurity. Stay tuned to hear Donovan’s story and benefit from his experience in control systems and cybersecurity!Show highlights: How video games and networking computers together led Donovan to get into network engineering.What the network engineering program is all about and what you can do with it. Donovan discusses a roadblock to growth in the Honeywell cybersecurity business.Donavan talks about the first project he worked on at the start of the integration between control systems and networks.How has the cybersecurity journey evolved since the early 2000s?Donovan talks about his decision to take a leave of absence from Matrikon to complete his degree program.The different roles Donovan has been in throughout his career.The benefits of volunteering.Donovan discusses his motivation for doing what he does in the controls systems cyberspace.What will you gain from giving and receiving mentorship?Why Donovan decided to move to DeNexus.Donovan shares his view of the future.Links and resources:(CS)²AIDonovan Tindill on LinkedInDeNexus

Joseph Weiss is an industry expert on control systems and electronic security of control systems, with more than 40 years of experience in the energy industry. Mr. Weiss spent more than 14 years at the Electric Power Research Institute (EPRI) where he led a variety of programs including the Nuclear Plant Instrumentation and Diagnostics Program, the Fossil Plant Instrumentation & Controls Program, the Y2K Embedded Systems Program and, the cyber security for digital control systems.As Technical Manager of the Enterprise Infrastructure Security (EIS) Program, he provided technical and outreach leadership for the energy industry’s critical infrastructure protection (CIP) program. He was responsible for developing many utility industry security primers and implementation guidelines. He was also the EPRI Exploratory Research lead on instrumentation, controls, and communications.Mr. Weiss serves as a member of numerous organizations related to control system security. These include the North American Electric Reliability Corporation (NERC) Control Systems Security Working Group (CSSWG), the International Electrotechnical Commission (IEC) Technical Committee (TC) 57 Working Group 15 – Data and Communication Security, the Process Controls Security Requirements Forum, CIGRÉ WG D2.22 – Treatment of Information Security for Electric Power Utilities (EPUs), and other industry working groups.He served as the Task Force Lead for review of information security impacts on IEEE standards. He is also a Director on ISA’s Standards and Practices Board. He has provided oral and written testimony to three House subcommittees, one Senate Committee, and a formal statement for the record to another House Committee. He has also responded to numerous Government Accountability Office (GAO) information requests on cyber security and Smart Grid issues.He is also an invited speaker at many industry and vendor user group security conferences, has chaired numerous panel sessions on control system security, and is often quoted throughout the industry.He has published over 80 papers on instrumentation, controls, and diagnostics including chapters on cyber security for Electric Power Substations Engineering and Securing Water and Wastewater Systems. He coauthored Cyber Security Policy Guidebook and authored Protecting Industrial Control Systems from Electronic Threats. He supported MITRE and NIST in extending NIST SP800-53 to include control systems and the development of NIST SP800-82.He was tasked to write the White Paper on Industrial Control Systems Security for the Center for Strategic and International Studies Blue Ribbon Panel preparing cyber security recommendations for the Obama administration.In February 2016, Mr. Weiss gave the keynote to the National Academy of Science, Engineering, and Medicine on control system cyber security. Mr. Weiss has conducted SCADA, substation, plant control system, and water systems vulnerability and risk assessments and conducted short courses on control system security. He has amassed a database of more than 950 actual control system cyber incidents.He is a member of Transportation Safety Board Committee on Cyber Security for Mass Transit. He was a subject matter expert to the International Atomic Energy Agency on nuclear plant control system cyber security. He also established the annual Industrial Control System (ICS) Cyber Security Conference. Mr. Weiss has received numerous industry awards, including the EPRI Presidents Award (2002) and is an ISA Fellow, Managing Director of ISA Fossil Plant Standards, ISA Nuclear Plant Standards, ISA Industrial Automation and Control System Security (ISA99), a Ponemon Institute Fellow, and an IEEE Senior Member. He has been identified as a Smart Grid Pioneer by Smart Grid Today.He is a Voting Member of the TC65 TAG and a US Expert to TC65 WG10, Security...

Today, Derek Harp interviews Charlie Givens, the Project Manager at Bechtel. Charlie is an experienced professional with a demonstrated history of working in Information Technology, Engineering Automation, and Cybersecurity. He is a Certified Software Quality Assurance Engineer, Global Industrial Cyber Security Professional, and Control System Cyber Security Association International Fellow. He has invested his career in database design, data analysis, software engineering, system management, software quality assurance, process improvement, procedure development, work process enhancement, digital transformation, and software and system integration. He has also focused on cybersecurity as it relates to industrial control systems. Charlie hails from a small town in Georgia. As well as being an engineer, he is also a veteran, father, husband, fishing enthusiast, photographer, and a lifetime learner. In this episode, he tells his backstory, discusses his career trajectory, and offers some valuable nuggets of advice for anyone looking to get into cybersecurity.This episode is a must if you are considering a career in cybersecurity or the control systems space. Stay tuned to hear how Charlie got to where he is today and benefit from his insights and many years of experience in the field.Show highlights:Charlie talks about the time he spent in the Navy.What Charlie studied after leaving the Navy.How he encountered cybersecurity when he joined Bechtel as a software engineer.What he learned over time from his perspective as a computer scientist in the engineering field.Charlie’s recommendations for the first steps to get into the cybersecurity domain.The process used for the ICS center program Charlie helped create.The role mentorship has played in Charlie’s journey.Some advice for people coming out of school or the military looking to break into cybersecurity.Some of the challenges Charlie has faced in his career.Links and resources:(CS)²AIBechtelCharlie Givens on LinkedIn

Derek Harp interviews David Bacque today. David is currently the Vice President of Strategic Development and Director of OT/ICS Cybersecurity at RED Group. RED Group is an Industrial Control Systems (ICS) technology development and integration firm specializing in Process Automation, IT/OT Consulting, and Industrial Cybersecurity. Dave is an experienced industrial cybersecurity and operational technology (OT) professional who has led, advised on, and delivered cybersecurity projects and initiatives with industrial clients around the world to help operators of critical infrastructure become more resilient to cyber threats. He has a B.S. in Information Systems and Decision Sciences from Louisiana State University and is a holder of the Global Industrial Cybersecurity Professional (GICSP) and Project Management Professional (PMP) certifications.Dave grew up and went to school in a small town in South Louisiana. He has many years of experience in the OT space. As well as being an OT/ICS Cybersecurity leader, he is also a father, sailor, chef, barista, traveler, motorcyclist, and hiker. He joins Derek today to talk about his background, education, and career trajectory and discuss the importance of staying curious and being open to learning new things.This episode is a must for anyone looking to get into the cybersecurity space! Tune in to hear Dave’s story, learn from his insights and experience, and benefit from his valuable nuggets of career advice! Show highlights:How his dad’s background in mechanical design led to David’s first interactions with technology.The many interesting things that took place around the time Dave graduated from LSU in 2001.What Dave did and learned when he started his career with Total in the early days of IT and OT convergence.The value of getting to know your co-workers personally and building community within organizations.Some changes in the OT security space that happened during the course of Dave’s career.What does it take for engineers and IT people to become OT cybersecurity qualified and savvy?Dave offers advice for leaders looking to get people together to build cross-functional teams.What Dave did in his first career roles.Dave dives into the power of building long-term relationshipsDave discusses the informal mentor/mentee relationships he has had in his careerThe value of being able to tell people your story.Links and resources:(CS)²AIRED GroupDave Bacque on LinkedIn

Dr. Michael Chipley, the Founder and President of the PMC Group, is the guest for today’s podcast.Dr. Chipley has over 30 years of consulting experience in the areas of Program and Project Management, Cybersecurity, Energy and Environmental (LEED, Energy Star, and Carbon Footprint); Critical Infrastructure Protection and Analysis; Building Information Modeling (BIM) Technology; Base Realignment and Closure (BRAC), and Emergency Management/Disaster Recovery. Dr. Chipley served 24 years as a Civil Engineer in the US Air Force and has been consulting since 2001. He is a former adjunct faculty member at George Mason University, where he taught the Infrastructure Security Engineering, Building Security, and Building Information Modeling courses.Dr. Chipley grew up on a farm in Oregon. He is a long-time contributor to cybersecurity for control systems, civil engineer, US Airforce veteran, husband, father, grandfather, outdoor enthusiast, and wine enthusiast. He joins Derek Harp today to discuss his military background and career journey and share his insights and advice. You will not want to miss this episode if you are leaving the military and considering a career in cybersecurity. Stay tuned to hear Dr. Chipley’s story and benefit from his breadth of experience!Show highlights:What Dr. Chipley did and studied during the 24 years he spent in the military. Dr. Chipley talks about Shodan.io and what it can do.Some advice about skills and opportunities in the control systems space.How Dr. Chipley benefited from joining the military.Why you can never stop learning in the control systems world.Why women tend to excel in the cyber field.How students can find opportunities to join internship programs.Potential challenges that people in cybersecurity could face.Some of the projects with which Dr. Chipley is currently involved.What can young people do to add to their knowledge and education to increase their value five years from now?Links and resources:(CS)²AIThe PMC GroupMichael Chipley on LinkedIn

Today, Derek Harp interviews Susan Peterson Sturm, the Chief Information Security Officer at Cognite. Susan is a Transformational Operational Technology leader with 20 years of experience in profitably scaling innovative software-based businesses, including automation, IIOT, and cyber security. She has a proven track record of growing and structuring early-stage, profitable digital software-driven P&Ls in excess of $150M. She specializes in change management, product management, M&A, and strategic alliances. Susan serves on advisory boards of Cognite, Innosphere Ventures & One Warm Coat. Susan is an incredible individual with vast experience! She’s an empath, DEI champion, mentor, board advisor, and volunteer focused on poverty alleviation. In this episode, she discusses her background, talks to Derek about her professional journey, and offers helpful tips and advice.You won’t want to miss this episode if you are considering a career in the cybersecurity space. Tune in to hear Susan’s fascinating story and benefit from her years of experience in the security field. Show highlights:Susan talks about her studies.Her motivation for pivoting into energy after graduating from college.What she gained from her career in international affairs.Some of Susan’s interesting roles early on in her career.The benefits of getting in-the-field experience.There are many different leadership paths to be chosen within the industry.What you can gain from working abroad with distributed teams.Where security first intersected with Susan’s career.Why it’s worth investing your time in networks.How being vulnerable can help you develop valuable relationships.The role mentorship has played in Susan’s career.How Susan ended up in her current role as a CISO.Motherhood can be very challenging for women in senior roles. The importance of moving on from any workplace where you don’t feel safe to express your needs.Links and resources:(CS)²AICogniteSusan Peterson Sturm on LinkedIn

Today, Derek Harp interviews Anton Shipulin. Anton is an Industrial Cybersecurity Evangelist at Nozomi Networks. His primary responsibilities in his current position include working with Nozomi teams and external stakeholders to understand current challenges and threats, enhance best practices, and mitigate risks. He evaluates the industrial environment's security posture, and future technologies and strategies, for protecting critical infrastructure. He works with industry and non-profit organizations to build and strengthen the OT/ICS cybersecurity community for industrial sectors. He researches global security topics and promotes OT and ICS cybersecurity awareness throughout the industry. He is also a husband, father, sports enthusiast, runner, cyclist, and public speaker Anton grew up in Kazakhstan and Russia and currently lives in Dubai, UAE. He is passionate about industrial cybersecurity, critical infrastructure protection, knowledge, and information exchange.  He joins Derek today to discuss his career journey, education, and career experiences and share his insights. You will gain a lot from this episode if you are thinking of starting a career in cybersecurity or moving into the field from a different industry. Stay tuned to hear Anton’s story and get his valuable tips and advice!Show highlights:Anton discovered the power of programming when his parents bought him a PC when he was about nine years old.Anton explains why he decided to make cybersecurity his university specialty and has continued working with it since then.Anton gets into why he learned more working for Croc than in university.There is currently a shortage of cybersecurity experts all over the world.Anton gets into what he has learned about cybersecurity while working at Croc.What he focused on while working for Kaspersky.Anton talks about his experience co-founding the RUSCADASEC community.Anton offers advice for entry-level individuals looking for resources to develop their professional careers.Anton discusses his voluntary position at CCI.The power of volunteering and helping others.Why does he believe that networking is critical?The benefits of both giving and receiving mentorship.What excites Anton about the future?

Dave Salwen, the VP of Embedded Systems at RunSafe Security Inc., is the guest for today’s podcast.Dave is a business leader who delivers emerging technologies to commercial and government markets. He achieves the above plan results with products and services for cyber defense, wireless communications, RF sensing, and electronic warfare areas. He has been successful in building highly effective teams. He has demonstrated his ability to drive the effectiveness of all aspects of the business, from strategic planning and concept development to financial results.Dave’s career has always been about technology and people. He has spent his entire career supporting technologists and other super-smart people, helping them have more impact and realize their dreams. He is a father, husband, hiker, skier, tennis player, avid reader, and world traveler. He joins Derek today to discuss his education and career trajectory and share his experience. He gets into how he supports his fellow technologists and the benefits of working in cybersecurity and offers some valuable nuggets of advice.This episode is for you if you are thinking of starting a career in cybersecurity or moving over from a different industry. Tune in to get Dave’s career advice and hear about his professional journey.Show highlights:What Dave has focused on throughout his career is to help technologists have more impact.Dave grew up with technology, and it has always been part of his life.The benefits of working as part of a team.The different technological environments in which Dave has worked.Dave gets into the different use cases for RunSafe.Dave offers advice for anyone thinking about their career.How electronic warfare ties up with cybersecurity.People are crucial for developing and implementing security solutions, but electronic warfare still relies on the autonomous capabilities of automation.Skills people may already have that they could adapt or extend to work in cybersecurity.Dave defines embedded systems.Some exciting areas of work within the cybersecurity space.The benefits of risk-taking. Links and resources:(CS)²AIRunSafe SecurityDave Salwen on LinkedIn

Derek Harp is delighted to have long-time expert thought leader, Daniel Ehrenreich, join him today for another episode in the series of interviews with control system-related cybersecurity leaders.Daniel is from Secure Communications and Control Experts. He is an established industry contributor, educator, teacher, and speaker, known to be detail-oriented with some strongly-held opinions. He is an experienced world traveler who has lived in various parts of the world. He is also a writer, safety advocate, father, and grandfather In this episode of the (CS)²AI Podcast, Daniel shares his backstory and discusses his education, career journey, and years of experience in the industry. You will gain a lot from this episode if you are you are considering an occupation in the cybersecurity space. Stay tuned to get Dan’s advice and learn from his many years of experience in the field.Show highlights:In 1983, Daniel was selected by an Israeli component vendor to be a subject matter expert for lithium batteries in the USA.While at university, Daniel earned an income fixing televisions.How SCADA systems got developed by Motorola in Israel in the mid-1980s.Why Daniel believes SCADA security should happen on the level of architecture and not on the PLC component level.Cybersecurity came up for Daniel toward the end of the twenty years he spent with Motorola.Daniel dives into his current areas of focus.Daniel discusses the power of giving and receiving mentorship.Daniel talks about his training classes and explains why he is detail-oriented.Why Daniel believes IT and OT should never converge.Some advice for engineers or others considering joining the cybersecurity industry.The difference between IoT and IIOT.Daniel talks about the ICS Cybersec conference he has coming up in Israel in November.  

Today’s guest is Danielle Jablanski. Danielle is an OT Cybersecurity Strategist for Nozomi Networks.Danielle was born and raised in Upstate New York and moved to Southern Missouri when she was in high school. Since then, she has moved around a lot and lived and worked in many different places. For the first few years of her career, she got deeply involved in philanthropy and academia. She is a self-proclaimed nerd, researcher, volunteer, vagabond, idea lady, community builder, outdoor enthusiast, and big-time dog mom! In this episode of the (CS)²AI Podcast, Danielle discusses her personal and professional journeys and experience and offers excellent advice for women considering a career in the cybersecurity or OT space.You will not want to miss this show, particularly if you are a woman thinking of starting a career or shifting into technology, cybersecurity, or control systems! Stay tuned for more!Show highlights:Studying genocide in Rwanda sparked Danielle’s interest in international relations. She explains how that led her to the cybersecurity space.Danielle talks about how she was poached out of grad school for her first job.How national security and cybersecurity intersected with her career path.Danielle explains why she got poached for a second time, to go to Stanford University. Why she chose to pivot to energy before becoming a general OT cybersecurity strategistDanielle goes into where the cybersecurity industry is today.Where will the industry be twenty years from now?What prompted her to get into cybersecurity?What she focuses on, as a non-resident fellow at the Atlantic Council.Danielle talks about mentorship and discusses her experience as a female expert in the industry.  Some gold nuggets of advice for women in the early stage of their careers.The benefits of focusing on your strengths.Links and resources:(CS)²AINozomi NetworksBooks mentioned:The Cuckoo’s Egg by Cliff Stoll

Today, Ron Brash joins Derek Harp for another great episode in the series on security leaders! Ron is the VP of Technical Research and Integrations at aDolus Technology. Ron Brash is a household name when it comes to ICS/OT cybersecurity and embedded vulnerability research. He was instrumental in creating the datasets for the S4 ICS Detection Challenges, received the Top 40 under 40 award for Engineering Leaders 2020 from Plant Engineering, was an embedded developer at Tofino Security, advised several large asset owners in a variety of industries for OT security, and brought several products to market, including consumer neuroscience devices and several industrial networking appliances.Ron grew up in a rainforest on Vancouver Island, on the west coast of Canada. He is a problem-solver, a wake-boarder, a mini-Chihuahua-owner, a do-it-yourselfer, a geek, a sharer of information, and an all-around adventurous guy with water sports. In this episode of the (CS)²AI Podcast, he shares his backstory, discusses his career path, and talks about what he is doing in the industry. He also offers some nuggets of advice around sequential education and degrees, sound resume advice, and some great career tips. You will not want to miss this episode if you are considering starting a career in cybersecurity or breaking into that industry and want to know the best way to approach your education. Stay tuned for more!Show highlights:Ron talks about where he comes from and shares his backstory. What he learned from his first paid job, working in a pizza shop.Ron’s parents had computers for their business, so that was where his first intersection with technology happened. He got into technology because he joined a tech program at his local university that put gifted high school students into certificate and diploma programs for free.Ron knew he had to protect himself by planning and starting to save early on.Ron’s ICS career started after a chance encounter with Eric Byres, one of the grandfathers of cybersecurity.It is important to separate your personal life from your professional life.Ron shares how he approached his education. A resume tip to better your chances in interviews, and some great career tips. Ron discusses the best way to approach university education and explains what your job is when you do a master’s degree.What he gained from getting his master’s degree.Some advice for people considering sequential education and degrees to further their careers.The benefits of doing a SWOT analysis before embarking on a specific career path.Ron dives into giving and receiving mentorship.Some advice for anyone doing a startup.How to set yourself up for a successful future.

Derek Harp is happy to have Steve Mustard, President, and CEO of National Automation Inc., joining him on the show today! Steve has been a long-term contributor to the control systems cybersecurity space. Steve Mustard is a Licensed Professional Engineer (Texas, Kansas) and UK Chartered Engineer with technical development and management experience in process automation and business process re-engineering across multiple sectors. He is also a volunteer and past president of the International Society of Automation (ISA), a home brewer, cyclist, guitarist, triathlete, husband, and father.Steve grew up in Sunderland, an industrial region famous for coal mining and shipbuilding in the North East of England. Joseph Swan, the inventor of the incandescent light bulb, also came from Sunderland, and Lewis Carroll based much of the Alice in Wonderland story on the times he spent there.In this episode of the (CS)²AI Podcast, Steve shares his backstory, discusses his education, gets into his career trajectory, and offers nuggets of career advice.You will gain a lot from this show if you are thinking about making a career in cybersecurity or considering moving from a different field into the security space. Stay tuned for more!Show highlights:How and where Steve’s interest in technology, cybersecurity, and control systems engineering disciplines originated.The event in 1999 that led to Steve’s first intersection with cybersecurity.How the National Infrastructure Security Coordination Center (NICC), now called the Center for the Protection of National Infrastructure (CPNI), began in the UK.Steve discusses the different areas he gets involved with.Why he does not like the idea of cybersecurity always being its own discipline, separate from everything else.Steve shares his concerns about digital transformation. You don’t have to conform when selecting a career path. Rather think about what motivates you and what you enjoy doing, and forge your own direction. Steve dives into his volunteer positions with IET and ISA.People should be qualified to work in the cybersecurity or automation space. You can take courses and become certified through ISA.There are many advantages to informing your career path with knowledge of safety and cybersecurity.Steve offers career advice and tips for engineers looking for some additional knowledge.Steve shares his concerns for the future of cybersecurity.Links and resources:(CS)²AINational Automation Inc.Steve Mustard on LinkedInBooks mentioned:Alice in Sunderland by Bryan Talbot

We are excited to introduce The Solutions Spotlight, our new format for the (CS)²AI Podcast! Today’s guests, Lior Frenkel and Andrew Ginter have both been on the show before to share their biographies and personal journeys in our series of interviews with various leaders across the industry in cybersecurity for control systems. Lior is the Co-founder of Waterfall Security, and Andrew is Waterfall’s VP of Industrial Security. Lior and Andrew are long-time industry supporters and supporters of (CS)²AI. They join us today for today’s episode of The Solutions Spotlight to talk about Waterfall Security, what it does, and how the company got to where it is today.Stay tuned to hear what Lior and Andrew have to say about how Waterfall originated and what they do!Show highlights:Why they do not like to use the term segmentation at Waterfall and prefer to think of it as safe connectivity.How Waterfall provides all the benefits of connectivity without the risks. How ransomware has changed the market.What data diodes are, what they get used for, and how they differ from unidirectional gateways. How Waterfall’s unidirectional security gateway connects and protects industrial and corporate networks.How does Waterfall’s unidirectional security gateway work?Where Waterfall’s technology gets applied today.Lior shares Waterfall’s origin story. Lior expected the industry to be more advanced than it is currentlyWhat excites Lior for the future?The changes Andrew foresees for the future.

Today, Derek Harp is excited to have David Hatchell, the Founder, and Principal of Industrial Cyber Secure, joining him for another episode in the interview series on security leaders. David will soon announce his CEO-ship of a new company dedicated to cybersecurity for the OT space. David is recognized as one of the top leaders in the field of ICS/(IoT cybersecurity, leading multiple efforts over the past 10 years to develop new businesses in this emerging cybersecurity field. Leveraging a proven formula of partnerships, positioning, and product around vertical execution, he has worked in multiple roles in strategy development, product development, G2M development, and leading acquisition and integration efforts.David comes from a small town in east Texas known for football, pub links, and good barbecue. He is a leader in the industry, a father, a singer, a frustrated runner, and a chef. In this episode of the (CS)²AI Podcast, he talks to Derek about his background, discusses how he got to where he is today and shares his experience. He also gets into the various decisions he made along the way and offers valuable nuggets of advice.There is an explosion in the cybersecurity industry right now! This show is a must for you if are considering a career in that space. Stay tuned for more!Show highlights:David shares his backstory and talks about his first introduction to work.How the music industry featured and got him into the computer business. David got to sell the first MP3 player that ever existed.How his journey into the world of cybersecurity began and progressed.How David learned about resiliency and safety.Some advice for listeners from an IT background who would like to get into that area of cybersecurity.How cross-discipline empathy can broaden your career perspective.What did David learn from his tenure at Belden?Why now is a great time to get into cybersecurity, regardless of your background.The role mentorship has played in David’s career.Links and resources:(CS)²AIDavid Hatchell on LinkedIn

Derek Harp is excited to have David Brearley joining him today! David is currently the Operational Technology Cybersecurity Director at HDR.David Brearley (GICSP, PMP) is a senior professional associate and the operational technology cybersecurity director at HDR in Charlotte, North Carolina. David has nearly 20 years of international experience providing IT and OT (operational technologies/industrial controls) solutions, services, and consulting. In providing hands-on configuration, assessment, design, and consulting services, his experience covers the comprehensive control system life cycle. David is motivated by helping improve the security awareness and risk posture for HDR’s cross-sector clients.David grew up in New Jersey, just off Long Beach Island, and went to school in South Carolina. He is a husband, sailor, chef, outdoorsman, programmer, controls, and cybersecurity enthusiast. In this episode of the (CS)²AI Podcast, he talks to Derek about his professional journey, how his career has evolved, and his current role at HDR. He also offers some nuggets of advice for anyone considering a career in cybersecurity.  You are sure to gain a lot from this episode if you want to get into the cybersecurity space or are an engineer who would like to augment what you do. Stay tuned for more!Show highlights:David shares his modern-day superhero backstory.He started looking at computer engineering after getting into programming in high school.David discusses his experience as an intern with GE and talks about the benefits of doing an internship.GE went through several transitions and eventually returned to being a privately-held company. David talks about an opportunity that let him learn a lot more about networks and programming in an industrial environment.He discusses the breadth of environments he has worked in his career.How did David end up in his current role?Where did cybersecurity first intersect with his career?A book David recommends for getting one’s mindset geared for the cybersecurity space. David discusses the mentorship and cybersecurity training programs he is involved in, both within and outside of HDR.David describes how they are building a cybersecurity culture at HDR.The benefits of having experience across diverse platforms.What you should study to be on the cutting edge in the future.

We have another interesting episode in our series of interviews with cybersecurity leaders and practitioners in the industrial controls systems or operating technology space.Derek Harp is excited to have Ron Indeck, the CEO of Q-Net Security, and a Director, Founder, and Technology Advisor to Exegy and VelociData joining him on the show. Ron grew up in Minneapolis, Minnesota, and got his degrees from the University of Minnesota. He is an inventor (he holds more than 100 patents), a distinguished professor at Washington University, a fellow at IEEE and several other professional organizations, an expert in all things magnetic, a serial entrepreneur, a scuba diver, and a father. In this episode of the (CS)²AI Podcast, Ron discusses his career journey and shares his unique perspective on cybersecurity. He also offers some gold nuggets of career advice and gives insight into upcoming trends in the cybersecurity space.You won’t want to miss this episode if you are looking for career inspiration or are interested in moving from the academic space into the world of cybersecurity. Stay tuned for more!Show highlights:Ron discusses his career path and his motivation for becoming an entrepreneur.Ron’s approach to his work at Washington University.Why did he transition across various engineering disciplines before ending up in research and patents?Ron’s introduction to security came early on in his career while working with people from the FBI.How security for industrial control systems evolved throughout Ron’s career.How Ron built his patent portfolio.Ron’s approach to solving the generational cybersecurity problem.What made Ron decide to leave his successful academic career to become an entrepreneur?Exciting and rewarding possibilities exist for academics in the industrial technology space.How can you get into tech transfer?Ron talks about his work at the Airforce Research Laboratory.How to recognize an opportunity.Teamwork and cooperation are vital for success.Ron defines the term hardsec and compares it with a software approach to security solutions for the future.Why does Ron believe that cybersecurity is an issue of human rights?You can create exciting and rewarding career opportunities in cybersecurity.Bio:Ronald S. Indeck, Ph.D., received degrees from the University of Minnesota. He is CEO of Q-Net Security and a Director, Founder, and Technology Advisor to Exegy and VelociData. He was a National Science Foundation Research Fellow at Tohoku University in Sendai, Japan. From 1988 to 2009 he was in the Department of Electrical Engineering at Washington University where he was the Das Family Distinguished Professor and Director of the Center for Security Technologies.He has published more than 60 peer-reviewed technical papers and been awarded more than a hundred patents including MagnePrint. He has received many awards including the NSF Presidential Young Investigator Award from President Bush, the Missouri Bar Association Inventor of the Year, the IBM Faculty Development Award, the Washington University Distinguished Faculty Award, and the IEEE Centennial Key to the Future Award, and the IEEE Young Professional Award. He is a Fellow of the IEEE, a member of the American Physical Society, and many other professional organizations. He has served on many local committees and group activities, was on the board of the FBI InfraGard, chaired sessions, and served at several international conferences including General Chairman for International Magnetics Conference, was an editor for the IEEE Transactions on Magnetics, President of the IEEE Magnetics Society, and IEEE Magnetics Society Distinguished Lecturer. Specialties: Indeck is experienced...

Derek Harp is excited to have Rob Garry joining him on the show today! Rob is currently the Executive Chief Engineer and VP of Product Security at GE Power. Rob is an experienced Chief Executive with a demonstrated history of working in the oil & energy industry. He is skilled in Power Plants, Root Cause Analysis, Power Systems, Renewable Energy, and Engineering. He is a strong finance professional with a BS focused in Electrical Engineering from Union College.As well as being an engineer, Rob is also a father, husband, avid cyclist, master ski-racer, handy-around-the-house person, and an enthusiast in many different areas! In this episode of the (CS)²AI Podcast, he offers advice for people looking to enter the cybersecurity space and talks about his shift from control systems to cybersecurity, good leadership, inter-disciplinary team management, and why his job resonates so well with him.Rob is passionate about discussing controls, how cyber plays into it, and the emerging role in the industry. You won’t want to miss this episode if you want to know more about cybersecurity from the perspective of a chief engineer. Stay tuned for more!Show highlights:Growing up, Rob was always working on things and fixing farm equipment.As an engineer, Rob opted to go the electrical route. Throughout his career, he has developed and worked on control systems for heavy-duty gas, steam, and wind turbines for power generation. How did cybersecurity intersect with Rob’s career?Rob describes the work he did with networks in the years before anyone was speaking about security. A lesson he learned from cybersecurity helped him where he is in his career today.Why is risk in a power plant not binary?Knowing how to describe risk in a way that layers into the equation has helped Rob in his current role more than his networking background.Rob explains how a mature leader in his field enters discussions and makes judgment calls.How does cybersecurity intersect with the monitoring and diagnostics of heavy industrial equipment? The importance of inter-disciplinary team building and team management.Rob talks about the career challenges people with technical minds sometimes face. Rob’s approach to giving and getting mentorship. Rob describes the best way to pass a chief engineer review.Which area should you focus on learning that would make you invaluable as an employee in the next few years?Links:(CS)²AIRob Garry on LinkedInGE Power

Derek Harp is happy to have Ted Greene, the Chief Operating Officer at Network Perception, join him today! Ted is a Visionary Leader with a strong customer focus. He has a proven record of creating high revenue growth businesses that create shareholder value through new product introduction, identifying new market opportunities, leveraging opportunities with existing customers, solution-oriented sales, acquisition, and strong relationship development.Ted is an entrepreneur. He is also a husband, father of three, thinker, strategist, and workaholic. In this episode of the (CS)²AI Podcast, he talks about his background, career journey, and various entrepreneurial ventures. This episode will interest you if you are a leader in another industry and thinking of entering the field of cybersecurity. Stay tuned for more!Show highlights:When he was twelve years old, Ted got a job as a paper boy. He has been working ever since then. (3:37)Ted explains why he went into banking and talks about the different banks where he has worked. (5:38)He explains why he quit his job to start his first business with a friend who was an early technologist. (7:32)They became one of the first internet technology companies in the Midwest in 1994. (9:28)Why will people entering the ICS space have decades of job security in that space? (13:58)At this point, people in our country expect the critical infrastructure to be there and work. So it’s often hard to get their attention around that. (17:21)Ted talks about his experience of co-founding several different companies. (21:09)How Ted’s early experiences led to him starting Network Perception. (25:40)Ted shares the key to being a successful entrepreneur. (27:40)Ted always focuses on staying relevant and strategies for growth in his businesses. (31:41)Ted offers advice for people considering bringing their experience from senior levels in other sectors to the cybersecurity sector. (40:44)There are many exciting opportunities for growth in the cybersecurity space. (46:55)Links:(CS)²AITed Greene on LinkedInNetwork Perception

Derek Harp is happy to have Brian Foster, the GMS Security Lead at Southern California Edison, joining him on the show today! Brian Foster is a highly-skilled former Controls Engineer turned OT Cyber Security expert turned Security Leader. He has multiple degrees in engineering and years of experience in managing and leading within the OT Cyber Security field. Brian is a well-rounded individual! He is a known speaker and contributor in the cybersecurity industry. He is an engineer, controls systems cybersecurity expert, pilot, brewmaster, outdoorsman, hunter, mentor, dog lover, and husband. In this episode of the (CS)²AI Podcast, he talks about his backstory, discusses his career journey, and shares many nuggets of advice from his years of experience in the industry. He also highlights the importance of clear communication.You won’t want to miss this episode if you want to learn more about cybersecurity or you’re looking for ways to get a foot in the door of the industry! Stay tuned for more!Show highlights:Brian’s journey was not a clean one. It was more a series of good mistakes. (2:14)Brian has had computers and technology around him for as long as he can remember, and he loved playing games when he was growing up! (4:49)He did not intend to go into controls engineering. (8:45)Having an understanding of networking is fundamental for a successful career. (10:42)Brian learned a lot about technology from the mistakes he made. (11:53)Cybersecurity was always in the background, but it became a part of Brian’s life when he got bored with controls. (13:17)One of his first professional forays into cybersecurity happened when he was an expert witness in a court case. (15:04)There is often friction and distrust between OT people and those in IT cybersecurity. Brian shares his thoughts. (18:43)Many people struggle to use spoken language to communicate their ideas to one another articulately. That leads to many challenges. (28:37)Southern California Edison has much more of an eye on security than many other utilities Brian has worked with, either directly or indirectly. (32:23)Brian views cybersecurity systems as no different from safety systems. (37:02)The industry needs more people who know what they are doing. Brian struggles to find them, so he mentors people trying to get a foot in the door and learn about cybersecurity. (39:21)Brian offers tactical advice for people entering the cybersecurity space. (43:34)Brian sees a lot of promise for the future with containerization technology in the OT space. (48:20)Links:(CS)²AIBrian Foster on LinkedInSouthern California Edison (SCE)

Today, Derek Harp is excited to be talking with Sean McGurk, the Executive Director of Global Cyber Security Operations at Las Vegas Sands Corp. Sean McGurk is a man of many talents! He has walked a long and interesting road with many different stops in the world of cybersecurity! He has served in various roles in the federal government, military, and private sector, focusing on information assurance and cybersecurity. He has more than 40 years of experience in advanced systems operation, cyber threat intelligence, and information systems security.Sean was born and raised in the greater Philadelphia area. He is a military veteran, sailor, scuba diver, speaker, brewmaster, cyclist, and author. In this episode of the (CS)²AI Podcast, he shares his modern-day superhero backstory and talks about his career path. He talks about what he learned about cybersecurity in the Navy, his transition from a career in the Navy to the civilian sector, mentorship, team management, and risk-taking.You will definitely gain a lot from today’s fascinating conversation with Sean McGurk! Especially if you are new to the cybersecurity field or considering transitioning from the military to a career in cybersecurity. Stay tuned for more!Show highlights:Sean’s first computer was a Zilog Z80A. He wanted to learn how to program it so that he could copy games and swap them with his friends. (3:20)In the Navy, Sean was a Fire Control Technician: Ballistic Missile. The technologies associated with operating within that environment jumpstarted his interest in the field of cyber-physical. (6:39)Throughout the inception of power control and nuclear engineering, the focus was primarily on safety. So it was one of the safest industries ever developed. (8:37)The complexities associated with the systems for preparing a missile for launch on a submerged submarine made an impression on Sean about the importance of cybersecurity. (10:33)Sean culminated his Navy career in one of the most senior enlisted positions- working directly for the Master Chief Petty Officer of the Navy. (11:26)Sean talks about his opportunity in the Navy to use technology in a reverse engineering process in the Soviet Union. (12:19)The things Sean considered and did when he transitioned from a career in the Navy to the civilian sector. (14:29)Sean got exposed to control systems cybersecurity after joining the Department of Homeland Security as the Director of Controls Systems Security Program in December of 2007. (16:31)Get out of your comfort zone and learn new ways to translate things and express them without using technical language if you get promoted to leadership management. (18:58)Sean shares some lessons he learned about mentorship. (21:40)What can mentees do to find a mentor in the world of cybersecurity? (23:49)Some advice for managing teams effectively. (26:19)The importance of taking risks. (28:37)Sean talks about the security systems in modern-day casinos. (32:58)About what should new engineers learn more? (38:01)Links:(CS)²AISean McGurk on LinkedinLas Vegas Sands Corp.

Derek Harp is happy to have Art Conklin, another legendary ICS control systems cybersecurity figure joining him on the show today!&nbsp;Art is an experienced Information Systems Security professional. He has a background in software development, systems science, and information security.&nbsp;He is qualified with CISSP, GICSP, GRID, GCIP, GCFA, GCIA, GCDA, CSSLP, CRISC, and Security+.His specialties include information systems security management, network, and systems security, intrusion detection and intrusion detection monitoring, penetration testing, Incident Response, security policy and procedures, risk/threat assessments, Security training/awareness, user interface design and evaluation, FISMA, Secure code design/software engineering, cyber-physical systems security, and security metrics.Art is a hacker at heart. Art was born in St. Louis, Missouri, in 1960. He has been a professor at the University of Houston for many years! He is also a well-known speaker, military veteran, technologist, author, sailor, rocket scientist, father, husband, and grandfather. In this episode of the (CS)²AI Podcast, he talks about his formative years, a life-changing Navy experience, taking advantage of learning situations outside of college, the application of knowledge, the benefits of getting an MBA, and the benefits of on the job training,If you want to get into the cybersecurity space, you will not want to miss this episode - even if you have qualifications in a different area.&nbsp;Show highlights:There is a different level of thinking that gets taught and applied today. (5:49)After doing courses at different universities and then starting med school, Art realized it was not where he wanted to go because it was science, not tech, and it was very theory-driven. (8:10)Art wanted a career where he could do stuff, so he was advised to get an MBA from Harvard or join the military to learn how to lead men, manage a budget, and learn the difference between those things. Harvard was out of reach, so he joined the Navy. (9:07)Art talks about the unique military experience that changed his perspective and made him who he is today. (11:05)The cyber-world can benefit from people with no college degree who have problem-solving abilities, communication skills, and the ability to lead. (15:08)Learning is about more than just knowledge because knowledge needs to be applied. (18:38)Art wanted to leave the Navy to join IBM, but the Admiral did not want him to leave and offered him the opportunity to go to Navy Post Graduate School with no payback. So Art spent three years studying space system engineering, got a Ph.D. equivalent, and flew on a spacecraft. (20:40)In some respects, transitioning out of the military is not easy, from a job perspective. (24:01)Art explains why he did another degree after getting his doctorate. (27:44)Art talks about the qualities of his various mentors and the importance of having connections with people with aspects that will broaden you and make you smarter. (29:14)What he has done and is currently doing at the University of Houston. (32:32)If you want to work in cybersecurity and you have a breadth of knowledge and experience, you are likely to succeed in the space. (39:16)If you want to learn more about OT, many resources are available. Use and apply them. You can also email Art for local resources at&nbsp;[email protected].&nbsp;Most people are willing to share their knowledge and become mentors, so reach out to those you look up to. (44:42)How to invest in yourself. (46:20)Links:(CS)²AI<a...

Derek Harp is happy to welcome Pascal Ackerman as his guest for today’s podcast!Pascal is a security professional, focused on industrial control systems and he's currently the Sr Security Consultant for Operational Technology - Threat &amp; Attack Simulation at GuidePoint Security. He has a Master’s of Science degree in Electrical Engineering (MSEE/CE). He has had 18 years of experience in industrial Ethernet design and support, information and network security, risk assessments, pen-testing, forensics, and threat hunting, WAN/LAN/Internet and Wireless Technologies, Windows Environments, Unix, Linux, IIS, and Apache.He specialized in the architecture, engineering, and securing of plant-wide Ethernet networks using Purdue-model design strategies, IDS/IPS sensors, network monitoring, Security Information, and Event Management (SIEM) solutions, next-gen firewalls, MS domain services, WSUS servers, MS SQL server clusters, etc.Pascal was born and raised in the Netherlands. Right after leaving high school, he was put behind a POC by a company that sent him out across the world installing prototype machinery for filling machines.&nbsp;He is an engineer, programmer, gamer, hacker, traveler, tinkerer, pen-tester, and father.&nbsp;In this episode of the (CS)²AI Podcast, he shares his superhero backstory and discusses his certifications, his education, and his career path. He also offers advice for those who would like to get into the field of cybersecurity and people thinking about writing a book.If you are considering a career in cybersecurity or if you are an engineer and want to specialize in cyber security, you will gain a lot from this podcast! Stay tuned for more!Show highlights:After leaving college, Pascal stayed with the company where he did his internship. The company got him to set up a software simulation to test their POC programs and later put him on their commissioning team. (6:51)Pascal talks about what he did while working as a controls engineer. (8:08)How Pascal got invited to move to the US to continue with his work. (9:50)Pascal explains how many doors opened for him after presenting his first report in 2005. (12:27)Pascal talks about how security measures first intersected with his work in 2008-2009. (14:07)Pascal pinpoints the moment when he decided to change his career path. (16:00)Pascal offers advice for traditional engineers who want to improve what they do and join the cyber security workforce. (17:35)A Network Plus certification will help controls engineers understand the fundamentals of networking. (18:19)&nbsp;Pascal explains why he got hired as a commercial engineer in Network and Security at Rockwell. (21:16)Pascal talks about his book,&nbsp;Industrial Cybersecurity. (23:39)The book Hacking Exposed by Clint Bodungen inspired Pascal to write his first book. (27:50)How Threat GEN became a company based around a game Pascal developed. (29:10)Pascal offers advice on where people in IT who want to know more about safety, reliability, resiliency, and POCs can start. (32:36)The most successful companies have a combined IT and OT team with knowledgeable people on both sides. (36:43)Why do you need to figure out what you like the most and focus on that technology? (37:58)Architecture will be the next big step for monitoring everything. (45:06)Pascal discusses the process of writing his books and offers advice for those who would like to write a book. (45:49)Links:(CS)²AIPascal Ackerman on LinkedIn<a...

Today, we've got a special episode to highlight a really neat initiative that’s been in the works for awhile. My guests are Bryson Bort and Tom VanNorman.Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow with the Atlantic Council’s Cyber Statecraft Initiative, the National Security Institute, and an Advisor to the Army Cyber Institute. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. He was recognized as one of the Top 50 in Cyber in 2020 by Business Insider.Tom leads the CyPhy Product group at GRIMM, where his primary focus is securing Industrial Control Systems and the networking of such systems. Tom brings an unparalleled level of operational knowledge and experience, as he has been working in the Operational Technology (OT) field for almost three decades. He also has considerable knowledge in constructing Cyber Physical testing environments for OT systems.Tom co-founded the ICS Village, a non-profit organization focused on Control System security and awareness. He is also retired from the Air National Guard, where he worked in Cyber Warfare Operations.ICS Village is holding Def Con 29, a 100% virtual event that takes place Aug 6th-8th. There are sessions and workshops covering all aspects of ICS.&nbsp;Show Highlights:How ICS Village was startedThe original 2 events - RSA and DefConGRIMM and their involvement in ICS VillageWhy no one was thinking about Industrial control systems before ICS VillageThe artwork that started it allAll of the events that ICS Village has throughout the yearHow the pandemic changed DefCon and the other ICS Village eventsThe birth of Hack the Plant PodcastCapture the Flag and what we can learn from itHighlights of Def Con Table Talks and other sessionsLinks:CS2AI.orgICS VillageDefCon Event happening Aug 6-8

Derek Harp is happy to have Wanda Lenkewich, the Founder and CEO of Chinook Systems joining him on the podcast today!Wanda Lenkewich harnesses her subject matter expertise in engineering and construction, lifecycle commissioning, and facility management to advance the security and resiliency of critical infrastructure. She is the CEO of Chinook Systems Inc., leading an interdisciplinary team dedicated to commissioning, building systems and controls upgrades and replacements, and cybersecurity for facility-related control systems. Lenkewich has a passion for digital transformation and continues to innovate and advance technology that will protect and extend the life of buildings. That includes the full integration of cybersecurity into Chinook’s commissioning technology; Chinook's CyberCxTM program. Lenkewich is an industry advocate and founding fellow of the Control System Cyber Security Association International - (CS)²AI.Wanda is an excellent example of a great set of career path choices! She is a well-rounded individual who brings a fresh perspective and experience to what she does today! She is an entrepreneur, a speaker, and a mechanical-minded engineer with a well-developed creative side! She is a painter, musician, horse enthusiast, and cook.&nbsp;In this episode of the (CS)²AI Podcast, Wanda tells her story, talks about her career journey, and shares some great nuggets of information about opportunities within the cyber security space.You will not want to miss this episode if you are thinking about embarking on a career in cyber security or considering starting a company of your own! Stay tuned for more!Show highlights:Technology first came into Wanda’s life at a trade show she attended while working at her first job. It fascinated her, and she fell in love with it immediately! (4:21)Wanda talks about the first job she did after graduating as a Mechanical Engineer at the Northern Alberta Institute of Technology. (6:15)Wanda talks about her satisfying experience when she first got into digital controls. (9:17)Wanda started building commissioning in 1991. It was all about the validation of control systems, and it was where she fell in love with databases. (12:16)Wanda discusses the catalyst that prompted her to leave the government and start her first company. (13:55)Wanda experienced a lot of frustration with the industry because it was slow to adopt new practices. She believes that things are changing, however. (17:45)Wanda talks about what happened in the period between the first and the second companies she founded. (18:36)The impact that Y2K had on her career path. (23:09)Wanda talks about being invited to the Pentagon to help launch their renovation project. She has had a constant and consistent relationship with the Pentagon via Chinook ever since. (29:14)Wanda talks about the challenges she faced while moving her business operation from Canada to the US. (32:09)When cyber security first intersected with Chinook. (35:33)The challenges with new construction and with existing buildings. (39:01)Wanda shares some advice based on her years of experience for people entering the field of cyber security. (45:14)It takes a lot of skill sets to build a strong cyber team in the OT world. (53:29)Links:(CS)²AIWanda Lenkewich on&nbsp;LinkedInChinook Systems

Derek Harp would like to invite you, the listener, to next week’s (CS)²AI Online Symposium on Secure Control Systems for Smart Manufacturing. Manufacturing is a critical sector that forms a large portion of the American economy. It has over twelve-million workers and currently has 2.3 trillion dollars of output in the US alone!&nbsp;The symposium will be in two parts: Part 1 will take place on Wednesday, May the 25th, 2022, at 1 pm EST. Some great prizes will be given to the participants in the question process, including some valuable industry books! Part 2 will happen in August 2022. More topics on manufacturing will be covered in the second part by some additional speakers.As a society, we take much of what gets produced within the manufacturing sector for granted, yet cyber threat actors take advantage of every vertical within that sector. Today, Colin Dunn, one of the (CS)²AI sponsors and the CEO of Fend Incorporated, and Isiah Jones, a (CS)²AI Founding Fellow and a well-known cyber security researcher and practitioner, join Derek to share their thoughts on the importance of cyber security for manufacturing. Stay tuned for more!Show highlights:Isiah saw the kind of problems that happen under normal circumstances with manufacturing baby food years ago when he was with Jacobs Engineering.&nbsp;Messing with manufacturing and the supply chain is sure to disrupt any society.&nbsp;Supply chains have many vulnerable parts and do not need any additional stress like cyber-attacks right now.There are ways to keep cyber attackers out. The symposium is a way to explore some of those options.&nbsp;All sectors, especially manufacturing, need to start spending more money on employing trained safety staff.One of the assets the manufacturing sector has is the safety culture.Thinking about cyber security as key to safety will help it get taken more seriously within the manufacturing sector.More attention needs to be paid to problems like ransom threats, the manipulation of logic, and intellectual property theft within the manufacturing sector.Much more action needs to be taken around security issues in the manufacturing sector.&nbsp;Links:(CS)²AI(CS)²AI Online Symposium Secure Control Systems for Smart ManufacturingColin Dunn on&nbsp;LinkedInFend IncorporatedIsiah Jones on LinkedIn

Derek Harp is excited to have Vivek Ponnada, the Regional Sales Director for Nozomi Networks, joining him for another episode in the series on security leaders! Vivek was also a long-time contributor at GE.Vivek Ponnada has over 23 years of experience in Industrial Control Systems. He currently serves customers in Western Canada for Nozomi Networks with market-leading OT and IoT Security &amp; Visibility solutions.&nbsp;He started his career in ICS as an Instrumentation Technician and then became a Controls Engineer and commissioned Gas Turbine Controls systems in Europe, Middle-East, Africa, and South-East Asia. During his career, Vivek has held multiple roles including Sales, Marketing &amp; Business Development, and Services covering Control systems &amp; Cybersecurity solutions for Critical Infrastructure (Power, Oil &amp; Gas, Water, and Mining) industries at GE and ICI Electrical Engineering in North America. He is a co-lead for the Top 20 Secure PLC Coding Practices Project and his recent talks and contributions include ICS Village (DefCon 29), Industrial Security Conference in Copenhagen &amp; several BSides.&nbsp;Vivek has a bachelor's degree in Electrical Engineering from I.E. India, an MBA from The University of Texas at Austin, and GICSP certification from GIAC. He is an active member of the Infosec community in Vancouver, BC as a Board Member for Mainland Advanced Research Society, Volunteers for ISACA, and is a member of the ISA.Vivek is a thoughtful and fun individual! He is an engineer, analyst, and finance guy! He is also a motorcycle enthusiast, an intermediate skier, and a husband!&nbsp;In this episode of the (CS)²AI Podcast, Vivek shares his backstory, discusses his education, and talks about his career trajectory. He also offers gold nuggets of advice for engineers with an interest in cyber security.This is one show you will not want to miss- particularly if you are an engineer considering moving into the field of cyber security. Stay tuned for more!Show highlights:Vivek grew up in South India. He became an engineer and developed skills in control systems long before he became a cybersecurity guy. (1:50)The first job Vivek remembers doing was helping someone with gardening when he was seven or eight years old. (2:98)When Vivek graduated from high school, he was in a technical program. So he was already in an electronics and communication phase. (4:10)Vivek studied his engineering undergrad part-time because he was also working full-time. It all worked out well because the work he was doing and his studies were all connected. (4:43)He enjoyed learning how to connect his work-life with his education organically. (6:25)Vivek discusses his twenty-year history with GE. (7:10)Security is a discipline that is a constant learning process. (12:26)Some helpful advice for engineers who have an interest in cyber security, but don’t know where to start or how to break into the field. (14:52)Vivek talks about the career challenges he faced at GE and how he navigated them. (19:00)Two things that most engineers tend to struggle with. (21:01)Vivek jumped around in his career path, so he never had a mentor. He had some excellent coaches and managers, however. (23:17)People in the cybersecurity community are always open to advising and helping one another. (25:14)How sales came into Vivek’s career journey. (27:09)Vivek talks about the Top 20 Secure PLC Coding Practices Project to which he is contributing. (30:40)It is always good to have a plan for the next few years. (32:57)Vivek shares his recommendations for career choices in the field of cyber security. (39:13)Links:(CS)²AI<a...

The S4 Conference is one of the pinnacle events of the year for anyone interested in hearing deep subject matter experts speak. It is definitely worth attending if you are not formally part of the (CS)²AI community. Today, Derek Harp shares a short podcast he created after attending the 22nd S4 Conference, held from the 19th to the 21st of April this year.Dale Peterson is the Founder, Creator, and MC of the S4 Conference. He was on a recent (CS)²AI Podcast episode, talking about how S4 came about. Patrick Miller was also a recent guest on the (CS)²AI Podcast. He “accidentally” founded the informal yet powerful and informative after-hours BEER ISAC part of the S4 event. The recent S4 Conference was a great opportunity for everyone to get back together, in person after Covid! This year, 800 people attended the event. The speaker line-up was just as amazing as it has always been in the past! Many women were present, and there was also a well-attended Women in ICS social pre-event that took place on the Monday before the main event.In this episode, we share some comments on the recent S4 event made by Andrew Ginter, VP Industrial Security from Waterfall Security Solutions and Isiah Jones, Principal Security Engineer-ICS Security Integration from Resilience. Stay tuned for more!Show highlights:Andrew’s biggest takeaway from the event was finding out that the industry wants cyber security regulations.&nbsp;The shipping industry is price sensitive. They should spend some money and effort on cyber security but won’t spend a penny unless their competition does the same.Andrew explains why he was surprised to learn that the industry wants cyber security regulations.Isiah enjoyed the diversity at the event! He was happy to see so many female technical engineers and black people attending the event.&nbsp;&nbsp;Isiah enjoyed seeing many new people interested in the more technical topics.Isiah explains why he was happy to see Jen Easterly show up at the event to address the community directly.Isiah enjoyed listening to new topics on PLCs, containers, and the latest attackers living off the land.Seeing and interacting with everyone at the latest S4 event, and seeing new people get their coins, was good for Isiah’s mental health!

Derek Harp is happy to have Patrick Miller joining him today for another episode in the Security Leaders series! Patrick is a well-known legend in the ICS cyber security space. He is currently the Chief Executive Officer of Ampere Industrial Security.&nbsp;(www.amperesec.com)Patrick Miller has dedicated his career to the protection and defense of critical infrastructures. As President and CEO of Ampere Industrial Security, he is a trusted independent security and regulatory advisor for industrial control systems worldwide. In addition to his role at Ampere, Mr. Miller is also the founder, director, and president emeritus of EnergySec and US. Coordinator for the Industrial Cybersecurity Center. Patrick's diverse background spans the Energy, Telecommunications, Water, Wastewater, Manufacturing, and Financial Services verticals, including key positions with regulatory agencies, private consulting firms, utility asset owners, and commercial organizations. Patrick was instrumental in the establishment of the NERC CIP standards in the US as a drafting team member and the first CIP auditor in the nation. He currently serves on or contributes to multiple NERC CIP guidance and standards drafting teams. Patrick is also an instructor for the ICS456 NERC CIP course with the SANS Institute.Patrick loves tech and the outdoors! As well as being a technologist, he is also a chef, a keen kayaker, a father, and a builder of communities! In this episode of the (CS)²AI Podcast, he tells his modern-day superhero origin story, talks about the various milestones in his professional journey, and shares valuable nuggets of advice for people from different backgrounds who would like to get into the cyber security industry.&nbsp;You won’t want to miss this episode if you would like to make a career in cyber security, become a better security professional, or start a cybersecurity business of your own. Stay tuned for more!Show highlights:Entrepreneurship is in Patrick’s blood. (3:05)Growing up in the early days of technology, Patrick was lucky enough to get the new tech as it came out. (4:15)Patrick was using cutting-edge technology to do a senior capstone biology project just before he dropped out of school to do tech. (6:32)Any kind of background can be helpful for you as a security professional. (9:00)How phone systems have advanced and transformed over the last few decades. (10:30)Patrick’s first “hacking job”. (11:29)Patrick talks about when he decided to specialize in security and the point when industrial security first intersected with his journey. (13:23)Patrick discusses his stint as a regulator for WECC (Western Electricity Coordinating Council.) (17:54)Joining standards bodies in the early stage can help people break into the cyber security industry. (24:26)What motivated Patrick to start a consulting firm? (26:14)The Dawn of Energy Sec (Energy Sector Security Consortium). (32:24)Patrick shares his vision for Ampere. (35:15)Why good communication skills are essential. (38:40)What is ISAC all about, and how did Patrick instigate it? (41:40)&nbsp;

Derek Harp is thrilled to have Dale Peterson of Digital Bond joining him for another great episode in the series on security leaders! Dale is a legend and leader in the cyber security industry!For over 15 years, Dale Peterson has been on the leading/bleeding edge helping security-conscious asset owners effectively and efficiently manage risk to their critical assets. He has pioneered numerous ICS security tools and techniques, such as the first intrusion detection signatures for ICS that are now in every commercial product. In 2007 Dale created the S4 Events to showcase the best offensive and defensive work in ICS security and build a community. S4 is now the largest and most advanced ICS event in the world. Dale is constantly pushing and prodding the ICS community to move faster and get better.Dale is a catalyst in the ICS cyber security space. He is most famous for his S4 Events. (The latest S4 Event will be coming up between the 19th and 21st of April 2022.) He is also an author, former cryptologist, skier, hiker, outdoorsman, well-known speaker, husband, and father.&nbsp;In this episode of the (CS)²AI Podcast, Dale shares his origin story and discusses his career trajectory. He explains what led him to start Digital Bond, he talks about how the S4 Events came about, and he also offers some valuable nuggets of advice for people looking to start a business.You won’t want to miss this episode if you are looking for ways to get into the cyber security industry or if you want to know which moves to make to become a leader within the industry or start a company of your own. Stay tuned for more!Show highlights:The most interesting and influential work that Dale did early on. (3:10)What it takes to produce S4 Events. (4:46)Dale first worked on computers when he was in junior high school. (6:06)After getting a degree in finance, Dale worked for the NSA as a cryptologist and then went on to work for a company selling military encryption equipment before starting his own company. (8:10)&nbsp;Starting a company is not for everyone. (12:48)What led to Dale starting Digital Bond? (13:13)Dale shares his biggest failure so that others need not make the same mistake. He also offers advice for anyone wanting to start a business. (16:13)How the S4 events came about in 2007. (12:53)The highlights and the worst moments Dale remembers from doing S4 events. (30:15)You need never be afraid to try something new in your business or career. (32:05)Dale talks about where he has helped the most as a mentor. (36:54)If you are very good at something, you can quickly make yourself known and become the best in the world at it in new sectors. (38:06)Where you can start reading and researching to augment your professional knowledge. (42:39)You need to understand your mission when you start a conference or an event. (48:42)Links:(CS)²AIDale Peterson’s websiteDale Peterson on&nbsp;LinkedInBooks mentioned:The Brand You 50&nbsp;by Tom Peters

Derek Harp is excited to welcome Justin Searle as his guest for another episode in the series on security leaders!&nbsp;Justin is the Director of ICS Security at InGuardians, specializing in ICS security architecture design and penetration testing. He has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences. He is currently a Senior Instructor for the SANS Institute and a faculty member at IANS. In addition to electric power industry conferences, he frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, Nullcon, and AusCERT.Justin is well-balanced and versatile and a super fascinating person! He was born in Utah and has lived there for most of his life. He has a Bachelor’s Degree in Technology Education with minors in computer science and electrical engineering, and a Master’s Degree in International Business and Information Systems. He is an entrepreneur, researcher, security practitioner, open-source advocate, instructor, teacher, and author. He is an outdoor enthusiast and has some cool hobbies, like scuba diving and rock climbing. He is also a falconer, a helicopter pilot, and a globetrotter.&nbsp;In this episode of the (CS)²AI Podcast, he shares his modern-day superhero backstory, and he talks to Derek about how his career journey led to him becoming immersed neck-deep in cyber security for control systems. He also talks about the value of certifications and becoming an instructor. You will gain a lot from this show if you would like to make a career in cyber security or become an instructor in the field. Stay tuned for more!Show highlights:Justin started doing basic programming when he was in elementary school and almost earned an Associate’s Degree in Electronics Engineering in high school. (4:58)Justin talks about the certifications he obtained to build credibility and advance his career. (9:40)Justin shares his thoughts about certifications. (11:50)Getting a certification will help students stand out trying to find an internship. (Justin recommends the CompTIA Security+ Certification because it is an inexpensive option.) (13:22)Graduates should consider getting a&nbsp;CISSP Certification. (13:48)Justin explains why he shifted to focus on networking technologies, IT technologies, and cyber security in 2000-2001. (18:10)Getting into his niche area- penetration testing in industrial control systems. (19:50)How can listeners break into becoming teachers or instructors? ( 22:38)The pros and cons of joining communities and collaborative groups. (27:08)Justin enjoys being an informal mentor to others and providing feedback when people ask questions. (31:04)Justin offers advice for maximizing your benefit when you change jobs or your positions within a company. (33:22)You will be valued in the field if you get into any area of cyber security. (40:10)Links:(CS)²AIJustin Searle on LinkedInIn GuardiansCISSP Certification

Today, Derek Harp is excited to interview Rick Kaun for another episode in the security leaders series. Rick is the VP of Solutions at Verve Industrial Protection.&nbsp;&nbsp;Rick is a well-versed OT cyber security thought leader, evangelist, advocate, and solution provider with more than 20 years in the identification, development, and provision of all sizes and shapes of security programs. Regardless of the industry, security maturity level, or standard (corporate, regulatory, or best practice) Rick has focused on helping clients to find solutions that are effective, affordable, and manageable. With a special experience in production environments, he has had the pleasure of working around the world with multiple organizations ranging from Power to Oil and Gas, Refining, Mining, Pulp and Paper, discrete manufacturing to corporate and regulatory projects.Rick is an honest and authentic person. He is a straight talker, known for getting right to the heart of the matter. He is a husband and father and a keen outdoorsman. He is also an ice hockey fan, traveler, boater, and dog lover.&nbsp;In this episode of the (CS)²AI Podcast, he tells his story and shares his wisdom. He talks about his career, discusses the decisions he made that led him to where he is today and shares some gold nuggets of career advice.You won’t want to miss this episode if you are looking for career direction, considering a career in cyber security, or already in the security field and would like to move forward in your career. Stay tuned for more!Show highlights:Rick shares his superhero origin story. (5:28)In grade four, Rick became the computer lab administrator for his class. (8:34)Rick did not start his career in cyber security with a technical degree. He explains how he went from studying sociology to learning about technology. (11:26)Technology is such a complex field, and it has so many opportunities that you can have an entire career and a specialty within it. (12:04)There are various technical studies courses that you can do at the Northern Alberta Institute of Technology (NAIT). (13:04)Rick believes that security basics should underpin every course that anyone ever does. He would love to have a panel discussion on safety culture! (16:58)Rick explains how he jumped into security for control systems at Honeywell twenty-one years ago. (18:53)Rick joined Verve about five years ago, and since then, they have doubled twice. (24:23)We need meaningful and sustainable risk reduction for the future. (25:19)People you know now could become important in the future. That’s why you need to invest in as many quality relationships as possible within the cyber security industry. (25:51)Some of the challenges Rick has faced while navigating his career journey. (28:28)Rick discusses the importance of collaboration. (34:21)With trainees, it is way better to be humble and honest about things you don’t know than to make something up. (41:49)Rick feels that mentorship is the key component for anybody to get anywhere. (44:27)You need to enjoy the work you do. (47:28)Links:(CS)²AIRick Kaun on LinkedInVerve Industrial ProtectionNorthern Alberta Institute of Technology (NAIT)

Today, Derek Harp is excited to interview Eric J. Byres, the Founder of and Chief Technology Officer of aDolus Technology Inc., in another episode of the Security Leaders series. Eric is a pioneer in industrial cyber security. He is a technologist, entrepreneur, author, inventor, outdoor enthusiast, and sailor.&nbsp;Eric grew up in North Vancouver and later graduated with a Bachelor of Applied Science Degree from The University of British Columbia, focusing on geological engineering and mining operations. He is widely recognized as one of the world’s top experts in the SCADA security field. As the inventor of the Tofino Security technology, Eric and his partner Joann guided the product through its evolution from an academic research project and startup to a successful acquisition by Belden Inc (NYSE: BDC). Tofino received numerous industry awards and was licensed by industry giants such as Honeywell, Schneider Electric, and Caterpillar. Today it is probably the most widely deployed ICS-specific firewall in the world.&nbsp; &nbsp;In this episode of the (CS)²AI Podcast, Eric shares his background and discusses his career trajectory. He also offers many gold nuggets of advice for listeners who would like to do a startup, launch a product, be useful for the industry later on, or use what they already have to add value to the cyber security industry.&nbsp;This episode is one you will not want to miss if you are looking to start your career in cyber security or considering starting a company in the cyber security space.Show highlights:Eric started his first business, making and selling root beer when he was about eight years old. He gained some valuable entrepreneurial experience doing that! (2:35)His dad bought him a Digi-Comp 1 mechanical digital computer with three bits of memory when he was about eight years old. (5:31)Eric's first job after graduating was with a small but prestigious consulting firm that designed mines. They shipped him off to Australia, South Africa, and Columbia. (7:09)After three or four years, Eric got out of mining and imbedded himself into the data communications and industrial computer markets. (8:01)Eric explains what went on in his early days in control systems. (10:36)Writing a peer-reviewed paper for the IEEE on cyber security for control systems while he was at DCIT was a turning point in Eric’s career. (16:30)Eric discusses the birth of Tofino Security. (20:35)Eric talks about the challenges he faced and offers advice for listeners who would like to follow a similar career path. (22:35)Why does he feel that startups have an advantage? (25:48)Eric describes the Tofino firewall and explains what is. (26:39)Eric talks about his mentors and the advisory roles he has been in. (33:50)Eric explains how aDolus came into existence and discusses the complicated software supply chain. (36:40)What is an S-bom? How does it differ from a D-bom? (46:02)Some advice for listeners who want to start laying the tracks to be on the cutting edge of something or be of value to the cyber security industry. (52:17)&nbsp;Links:(CS)²AIEric Byres on LinkedInaDolus Technology Inc.Books mentioned:The Cuckoo’s Egg by Cliff Stoll

Today, Derek Harp is excited to have Graham Speake, the Director of Industrial Security at Waterfall Security Solutions, joining him on the show! Graham started very early on as an engineer in control systems. He is an interesting and well-rounded individual with a long history in engineering.&nbsp;Graham was born in Wales and moved to London when he started working. He has been living in America for the past twenty years. He is a senior Cyber Security professional with broad experience leading global Operational Technology (OT) and Information Technology (IT) cybersecurity programs for protecting mission-critical systems and infrastructure. He is an expert in developing and delivering security training courses and security awareness. He has subject-matter expertise in Industrial Control Systems (ICS) and SCADA cybersecurity, particularly in oil and gas majors, and for risk managing large capital value projects and architecting global solutions for Oil and Gas and Industrial Automation customers. He is a music lover, photographer, and world traveler who has recently become an RV traveler. He is also a husband, father, grandfather, and raspberry pie enthusiast!In this episode of the (CS)²AI Podcast, Graham talks about his background and career journey and discusses what led him to where he is today. He also offers valuable nuggets of advice for listeners who would like to make a career in or transition into cyber security.This is one episode you will not want to miss if you are looking to make a career in the cyber security space or are an engineer and would like to add cyber security to your career path. Stay tuned for more!Show highlights:Graham's early experiences inspired him to do electrical/ electronic engineering at college and then move into working with electronics and electricity in an industrial setting. (3:13)The benefits of having an engineering background. (8:05)Graham shares his recommendations for engineers who would like to add cyber security to their professional path. (9:08)The US government offers free security training through the Idaho National Laboratory (INL). (10:22)Graham talks about the mentorship he received and offers advice for finding a mentor and doing a mentorship exchange. (12:07)Security only intersected with his journey much later in his career. (17:16)9/11 was a pivot- point in his career. (20:08)Graham talks about various types of industrial proprietary communication protocols. (26:04)Graham talks about how he got into his interesting role at Yokogawa and how it differed from what he did at BP. (29:58)Graham discusses what happened in the security space after being invited to be part of a training course and certification program in 2011. (36:58)Learning the basic working vocabulary and terminology is a way to build bridges and get teams from different industries to work together. (42:22)Graham explains why he could not say no to working for Waterfall. (54:00)Relationships you form early in your career in the security space end up being very powerful later on. (57:40)Links:(CS)²AIWaterfall Security SolutionsGraham Speake on LinkedInINL Critical Infrastructure Protection Training

Derek Harp is happy to have Mark Weatherford, the CSO at AlertEnterprise, and the Chief Strategy Officer at the National Cybersecurity Center, joining him today for another episode in the series of security leader interviews!Mark grew up on a farm in an agricultural community in Northern California and left the farming life to embark on a career in the Navy and travel the world as a technologist, helping companies in cyberspace. Throughout his career, he always planned to get back into ranching. Apart from being a well-known security leader, Mark is a military veteran, technologist, beekeeper, hunter, pilot, and a soon-to-be rancher and gardener. He is also a husband and father.Mark has had various executive-level cybersecurity roles, including Global Information Security Strategist at Booking Holdings, Chief Cybersecurity Strategist at vArmour, a Principal at The Chertoff Group, Chief Security Officer at the North American Electric Reliability Corporation, and Chief Information Security Officer for the state of Colorado. He was appointed in 2008 by Governor Arnold Schwarzenegger to serve as California’s first Chief Information Security Officer. In 2011, he got appointed by the Obama Administration as the Deputy Under Secretary for Cybersecurity at the U.S. Department of Homeland Security.&nbsp;Mark is a well-rounded individual who does a variety of interesting things. In this episode of the (CS)²AI Podcast, he shares his backstory and describes his career journey. He talks about the challenge CISOs face today, explains why relationships are vital, and discusses what it takes to be a good CISO today. He also offers some valuable nuggets of career advice for listeners.You will not want to miss this episode if you are in a first-time CISO role or considering making a career in cybersecurity. Stay tuned for more!Show highlights:Growing up, Mark was always playing around with electricity, wiring up motors and lights, and often overloading circuits and blowing breakers. (3:20)Mark became a cryptologic technician in the Navy and focused on signals intelligence. (4:50)In 1994, Mark wrote his grad school thesis on information security. That changed his life and set the stage for his future. (7:59)Mark created the Navy’s first operational red team. (10:14)Mark explains why a CISO cannot be an expert today. (12:20)Mark got hired as the first CISO for the state of Colorado. It was a great learning experience! (15:06)Why is becoming a CISO is all about developing relationships? (19:47)Mentoring others is one of the most satisfying things Mark has ever done. (25:28)Mark had a lot of influence in his role at DHS. (32:01)Some advice for people thinking of taking on CISO roles. (35:34)What do you need to focus on and learn if you are aiming for a senior CISO position? (38:24)What do people in advisory board roles do? (46:08)Links:(CS)²AIMark Weatherford on LinkedInAlertEnterpriseNational Cybersecurity Center

Today, Derek Harp is excited to have Mark Bristow joining him for another episode in the interview series on security leaders! Mark is well-known in the cyber security industry. He is the Branch Chief for Cyber Defense Coordination and Operations for threat hunting at the Department of Homeland Security.Mark found his first bug in an ISV system when he was ten years old. As a teenager, he was passionate about technology and spent much of his time discovering what he could do with his computer and the nascent internet. He later earned a Computer Engineering degree from Penn State.&nbsp;Mark has been at the forefront of headline-making incident response efforts like the attack on the Ukrainian power grid, intrusions into U.S. election infrastructure, and Russian attempts to gain access to the U.S. power grid. He often does talks on worldwide industrial control systems security issues. He enjoys sharing his knowledge about the protection of critical infrastructure and using his real-life experience to help students relate the information to scenarios in the field. He is also a pilot-in-training and a scuba diver!&nbsp;Mark had access to control systems as a young child, and as a result, he developed a breaker mindset quite early on. In this episode, he tells his story, talks about his background and career, and shares his unique perspective on cyber security. He talks about working for the government and offers some nuggets of career advice for people thinking of making a career in cyber security or those currently doing development in systems design and would like to specialize in cyber security.&nbsp;If you are thinking of making a career in cyber security, you will learn a lot from today’s interview with Mark Bristow! Stay tuned for more!Show highlights:The role Mark’s father played in him becoming an early adopter of technology (3:11)How he found a bug in an ISV system at the age of ten. (5:14)Mark figured out how to bypass the safety controls and make the computer drop the space shuttle's engines before they were supposed to. (8:14)How Mark transitioned from doing programming to doing cyber security professionally. (11:25)Mark explains how programming mattered and helped him in his career journey. (13:23)Some nuggets of advice for programmers who want to add something to their career path by specializing in cyber security. (16:02)A nugget of advice for what you should do when you receive a job offer. (19:48)The mentors and people who opened doors for Mark along his career path. (23:21)What is it like working for the government? (24:37)Mark explains why he pivoted to become a federal employee. (30:40)Everyone in the cyber security industry is open to helping each other and offering advice. (35:51)What you can do right now to become sought-after and successful in five to ten years. (37:29)Mark explains his job title and talks about what he does. (45:29)Links:(CS)²AIMark Bristow on LinkedInCISA

Today, Jeff Hussey joins Derek Harp for another podcast in the Security Leader interview series.&nbsp;Jeff is the Co-Founder, President, and CEO of Tempered. He is a serial entrepreneur who has accomplished a lot throughout his career. He founded and co-founded several companies, including the well-known F5 Networks. He is a professional board member of various businesses- both for-profit and not-for-profit. He has worked hard to make the internet more resilient, hardened, and secure, bring clean water to underprivileged countries, and enrich his community through the arts. He has also been funding and broadening technology innovation and cultivating better living standards for coffee growers in Latin America. Jeff is also a speaker, mountain climber, wine-maker, father, and lover of all things tech!Starting from a very young age, Jeff has always been passionate about technology and communications! In this episode of the (CS)²AI Podcast, he talks about his background, his love of tech, the various businesses he started, and founding Tempered. He shares nuggets of advice around getting down to the fundamentals of what you are studying, dealing with customers, and networking, and offers some valuable tips for moving forward in the cyber security industry.&nbsp;&nbsp;You won’t want to miss this episode if you are starting a career in cyber security or if you are in a similar field and considering a career change! Stay tuned for more!Show highlights:Jeff explains why he creates his own jobs. (3:53)Jeff talks about his passion for tech and communications. (4:33)How the first company Jeff started became the first internet service provider in Honolulu. (9:28)The increasing internet traffic inspired Jeff to start his next business in 1996. (10:29)Jeff discusses his initial foray into security and explains how the security paradigm changed after that. (12:25)How his dad used to advise and help him early in his career. (16:30)What he did to deepen his knowledge and become more effective in his career role. (18:01)Jeff offers some excellent advice for dealing efficiently and effectively with customers. (22:05)Jeff talks about his company, Tempered. (25:53)Jeff explains what the host identity protocol does and how his company, Tempered, approaches it to create a hyper-secure network. (30:42)Jeff shares his views on corporate culture. (34:16)Jeff explains what excites him about the Airwall Solution that Tempered brought to market. (42:50)Links:(CS)²AIJeff Hussey on LinkedInTemperedBooks mentioned in the show:Steven’s TCP/IP Illustrated Volumes 1 and 2

Albert Rooyakkers, the CEO and Founder of Bedrock Automation, joins Derek Harp today for another episode in the Security Leaders series. Albert is a well-known technologist in the cyber security industry. He is also an inventor, a motorhead, and a keen outdoorsman.&nbsp;Albert was born and raised in Canada. After finishing high school, he went to the Southern Alberta Institute of Technology to learn about instrumentation and process control. After completing his studies, he spent sixteen years working at Foxboro, where he went from Sales to Applications to Projects and eventually into management. Foxboro later became Invensys and sent Albert to the Middle East. He loved that because the Middle East is a fascinating place!Albert once described himself as a future enthusiast because the future excites him so much! In this episode of the (CS)²AI Podcast, he discusses his background, education, and career path. He talks about his early work experiences, dives into the founding of Bedrock Automation, and discusses the exciting transition to run Bedrock. He also shares some nuggets of advice for getting ahead in your career and talks about the exciting changes we can look forward to seeing in the future.If you have spent most of your career working for one or two companies and are thinking about starting a business of your own, you are sure to gain a lot from today’s inspiring conversation with Albert Rooyakkers. Listen in to hear more!Show highlights:Albert worked on big projects while at Foxboro and often traveled internationally. (3:01)Albert grew up with family businesses, so he knew starting a business would involve a lot of hard work. (4:10)Why did he become a young workaholic while working in their family businesses in Canada? (5:29)Albert talks about the best and most rewarding years of his life while starting Bedrock. (7:35)What Albert believes is the most comprehensive learning experience imaginable. (8:55)Jumping from Invensys to Maxim and then jumping from Maxim to Bedrock. (9:28)Some advice for actualizing an idea or design that relates to the company you are in. (13:18)Cyber violates the premise of automation. Albert explains how we can solve that right here in the USA. (18:29)Building and maintaining relationships is vital. (25:14)Great technology moves beyond technology and becomes art. When presented in the right way, that inspires people to use it. (28:31)Some advice for overcoming challenges, growing, and evolving along your career journey. (32:57)What excites Albert about the future? (38:51)&nbsp;

Today, Derek Harp interviews Fred Gordy in another episode in the Security Leaders series. Fred is the Director of Cyber Security at Intelligent Buildings.Fred hails from Atlanta, Georgia. He is an author, musician, woodworker, technologist, travel enthusiast, and grandfather. He is also well-known as an evangelist around cyber security for building control systems and building management.Fred has worked with electronics, computers, IT, and even robotics along his career path. He had his first computer experience back in the days of basic programming in the mid-1980s when he did electronic engineering technology at college. Although his direction as an electronic engineer in technology should have been to get in on a board level, he was always more fascinated with the computer part.In this episode of the (CS)²AI Podcast, Fred tells his story, discusses his career trajectory, and talks about the highlights of his career. He shares his insights and experience and offers some helpful nuggets of advice for listeners considering a career in the controls space. If you are at the entry-level of our industry and wondering where to go next, you will not want to miss this episode! Stay tuned for more!Show highlights:Fred had the opportunity to experience control systems when doing an internship while in college. (5:01)How Fred inadvertently got exposed to computer control systems early on in his career. (6:27)Having had a computer background before moving into the world of control systems allowed him to speak both languages. It helped him a lot in his career. (8:15)Fred sees a career role emerging that will require individuals to know the full range of IT and OT. They need to understand computers and control systems. (9:01)Fred discusses the work that Intelligent Buildings does in the commercial real estate industry. (13:03)How buildings intersected with his career path. (14:22)For Fred, there is nothing quite as exhilarating as having the power, capability, and know-how to make a massive piece of equipment work in concert with hundreds of other devices. (15:55)Everything Fred has done in his life has in some way built upon itself. It's why he encourages listeners to draw on all their experiences, no matter how small they might seem. (17:40)Fred talks about overcoming challenges. (21:40)When he started his career, he knew little about what he was doing. He attributes his success to the mentors who helped him, encouraged him, and ignited his inner fire. (28:00)Fred discusses ways to get people in different areas of the building-control space to work better together. (36:18)Fred believes that the path for people in the controls industry will become easier now, since the advent of the MSI (Master System Integrator). (44:38)

Bayron Lopez joins Derek Harp today for another podcast episode in the Security Leader series. Bayron is the Manager of Operational Technology at Kilroy Realty Corporation, a real estate investment trust company specializing in developing, acquiring, and managing real estate assets, primarily in Seattle, San Francisco, LA, and San Diego. Those four strategic areas encompass about fourteen million Class A commercial real estates. Bayron is responsible for the operational technology and security of those estates.&nbsp;Bayron was born in El Salvador and grew up in South Central Los Angeles. While in high school, he had an excellent teacher and mentors who were designing aircraft and large buildings. They exposed him to multiple areas of engineering, including electrical, mechanical, civil, and aerospace. Bayron was very lucky to have that exposure because it was unusual for kids from the South Central Los Angeles neighborhood to get introduced to the world of engineering.Bayron likes to see an objective outlined and then get things done. He has a degree in engineering and is a keen technologist. He is also a soccer fan and dreamer who likes to look ahead at what is coming up just beyond the horizon. In this episode of the (CS)²AI Podcast, he talks about his background and discusses his educational journey. He explains why he chose to work for a real estate company after graduating and talks about his current position at Kilroy. He also shares some valuable nuggets for people starting in cyber security or those who would like to get involved in the space.Cyber security is going to become a cornerstone for buildings in the future. If you are thinking about getting into the field, you will gain a lot from this episode! Stay tuned for more!Show highlights:When he was in high school, Bayron decided to become an engineer and find something in that space that worked for him. He talks about the study program he chose. (3:58)Bayron explains why he went to work for a real estate company after he graduated. (6:41)How the idea of having an Operational Technology Manager came in at Kilroy. (8:45)Bayron talks about the challenges he has faced since becoming Kilroy’s Operational Technology Manager. (10:28)A strategy for creating a valuable security solution. (13:04)Bayron discusses the day-to-day operations in his current position at Kilroy. (15:50)The luxury of new builds versus retrofitting onto existing buildings. (19:44)Some advice from Bayron for his younger self. (21:23)A way in and some words of wisdom for individuals wanting to get into the security of building control systems. ( 22:38)There are currently many different opportunities for specializing in the cyber security industry as it pertains to building systems. (26:38)

Derek Harp is excited to have Bryan Singer join him today for an episode in the Security Leader interview series!&nbsp;Bryan is a true pioneer in the cyber security space! He has an extensive background in several industries, including manufacturing, DoD, and healthcare. His proven professional skills include system architecture and design, software project management, application development, system administration, network administration, database design and administration, and multi-tier support. Currently, he is Principal Director of Security Innovation at Accenture.Bryan was born in Mountain Home, Idaho. His father was a pilot in the air force, so they lived in many different places across the country while he was growing up. He spent most of his childhood in Alabama, and he remembers being the coolest kid on the street because he had an Apple 2 Plus computer with two five-and-a-quarter-inch floppy drives. Watching WarGames inspired him to become a hacker, but he soon realized that hacking was not quite what it appeared to be on television!In this episode of the (CS)²AI Podcast, Bryan shares his superhero backstory, talks about his career journey, and discusses the valuable lessons he learned early on that he could apply later in his career. He also shares some helpful nuggets for people either considering a career in cyber security or crossing over from other areas in IT or OT. If you are interested in cyber security, stay tuned. You will not want to miss this informative episode!Show highlights:Bryan talks about when he first got an itch for hacking. (1:23)Immediately after high school, he joined the army. He worked in Intelligence and got exposed to computer and network security, now known as cyber security. (3:40)Bryan started his career doing software development. (4:58)Bryan describes his first experience of dealing with a compromise. (7:00)Having a deep systems background has been helpful when diagnosing other problems later in his career. (8:43)What Bryan tells people when they ask him how he got involved in cyber security. (9:34)How he ended up being Chairman of the ISA-99 Security Committee. (12:34)Bryan discusses mentorship and explains how he managed to connect with mentors in the world of industrial safety. (17:12)How to get involved in the standards bodies early on in your career. (21:51)The advice Bryan would give to his younger self. (29:34)Some helpful advice for facing challenges. (33:14)The impact of the pandemic on the cyber security industry. (34:01)Bryan discusses the things he chose to do in his career, outside of what his job required. (35:52)Bryan co-authored two books. (36:14)Links:(CS)²AI&nbsp;AccentureBryan L Singer on&nbsp;LinkedInResources:The books Bryan co-authored:&nbsp;Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SISHacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets &amp; Solutions

Today, Daryl Haegley joins Derek Harp for another episode in the Security Leader interview series! Daryl was a military officer and then became a civilian in DOD (Department of Defense) operations. He is now the Director of Mission Assurance and Cyber Deterrence for the DOD.&nbsp;Daryl has always been fascinated with technology. He links his fascination to the intrigue he felt when watching Star Trek episodes with his father and brothers as a child and seeing how much simpler technology can make people’s lives.&nbsp;Even though Daryl became one of the early cyber security pioneers, technology did not lead him to where he finds himself today.&nbsp;In this episode of the (CS)²AI Podcast, Daryl tells his story, talks about his journey, discusses his choices, and explains how his career path led him to where he is today. He discusses some of the practices he employed along his career path that could be valuable when selecting a specific line of work. He also talks about how individuals in the military can increase their value to the outside world and explains where people can get formal or informal security training.&nbsp;You will not want to miss this episode if you are leaning toward a career in the cyber security field, so stay tuned for more!Show highlights:The path leading Daryl to where he is today did not proceed through technology. (4:42)After completing his RTC in the Navy, Daryl thought he was done with school, but he went on to get three master’s degrees. (6:36)Daryl talks about crossing over from college RTC to become a cryptologist. (7:45)An important lesson he learned from history is about defense. (9:01)Today, Daryl still references some of the lessons he learned from his early experiences in his naval career. (11:44)Some advice for how individuals who are still in military service can strengthen their resumes and increase their value to the outside world. (14:24)Daryl discusses some areas where individuals can get either formal or informal security training. (15:53)Daryl talks about control systems and explains how they first intersected with his career. (16:55)Daryl shares some highlights of his career and discusses some of the things he would do differently today. (20:19)How mentorship has played out on his career path. (24:01)Daryl talks about the sharing of information between government entities and non-government entities. (28:32)Daryl discusses his involvement in the cyber security certification model being rolled out. (29:43)There are engineering classes at Georgetown University and George Mason University that include courses for individuals who want to study cyber security. (33:22)The career areas within cyber security that Daryl believes will be in demand five years from now. (35:17)

Today, we have another podcast in the Security Leaders interview series. In this episode, Derek Harp talks to Chris Blask, the Global Director of Industrial and IoT Security at Unisys. Chris is a man of many talents! He is an entrepreneur, an inventor, an evangelist, and a visionary. He has been involved in many different projects for work, for fun, and sometimes a mix of both.&nbsp;Chris was the inventor of one of the first firewall products. In addition, he built a multibillion-dollar firewall business at Cisco System, co-founded an early SIEM vendor, wrote the first book on SIEM, founded an information-sharing center for critical infrastructures, and advised both public and private organizations across the world in every sector. In his role at Unisys, Chris created the Operational Technology and IoT security practices, which he also leads. He also invented the Digital Bill of Materials (DBoM) structure and established the Unisys Marine Living Research Center. He currently chairs a range of non-profit cybersecurity organizations and contributes to a wide range of global security efforts.Chris is very well known, and his resume is outstanding! He has been involved in many different projects and initiatives. In this episode of the (CS)²AI Podcast, he shares some valuable nuggets from his vast experience! He tells his superhero origin story, talks about the non-linear way he got to where he is today, sheds light on his current role as a leader in the cybersecurity industry, and discusses his philosophy around problem-solving.&nbsp;Chris frequently changed course throughout his career journey. If you are in the early part of your career and thinking of making some changes down the line, you really won’t want to miss this episode! Be sure to stay tuned for more!Show highlights:Technology was a thread that ran all along Chris’s career path. (5:51)While growing up, Chris always loved taking things apart to figure out how they worked. (8:16)Moving on after every change he made in his life and education. (10:57)The history and appreciation of art have had as much to do with Chris’s success as learning to program in Cobol. (12:46)Chris explains how he started teaching people about different aspects of technology and how that led to his first job in OT with General Electric. (13:16)Chris enabled himself to do mobile video conferencing to save his company millions of dollars. (15:28)Chris explains how the security aspect of his career came into play. (21:00)Creating and releasing the BorderWare Firewall Server. (25:46)History has proved that there will always be a point in the future when every problem will get solved. (27:24)Chris has been into cybersecurity for the last 28 years. He talks about all the companies with which he was involved. (31:56)Chris talks about the genesis of firewalls. (34:05)Learning to talk the right language, to move up in the world of technology. (39:17)How mentorship has played out in Chris’s career. (43:20)Chris shares a strategy for anyone currently in OT or cybersecurity. (51:34)Chris talks about the changes he sees happening with OT and cybersecurity in the future. (58:37)Links:(CS)²AI &nbsp;Unisys&nbsp;

Today, Derek Harp is happy to welcome Paul Forney, the Chief Security Architect for Schneider Electric, as his guest for another episode in the (CS)2AI podcast series on security leaders. Paul is a true pioneer in the industry of securing industrial control systems.Paul traveled the world while growing up because his dad was a cryptographer working for Military Intelligence. His dad was serious about his job, and although he could not talk to Paul about what he did at work, he explained all the basics of encryption and taught him how to protect documents and information.&nbsp;In his first year of college, Paul joined a band. The band got a record deal, so Paul left home and college and traveled the world as a rock and roll bass player. He always wanted to learn about technology, however. So after finally returning to college, he graduated as an electrical engineer in 1990 and went into industrial control systems. Paul still plays music in a small band for fun and to raise money for various children’s causes.&nbsp;Security is a journey that is always changing! The threat-scape and the way we think about security are constantly evolving. In this episode of the (CS)²AI Podcast, Paul shares some valuable nuggets of information around the best approach to take and the right processes to design and produce resilient, high-quality security systems. He explains how to get involved with industry standards bodies, talks about how experts from across the world should take a leaf out of the book of the World Health Organization to collaborate to solve industry problems a whole lot faster, and offers his ideas for future careers. He also tells his story, talks about various elements in his professional journey, and discusses his way of bringing balance into his life.&nbsp;&nbsp;If you are interested in making a career in the field of cybersecurity, this is a conversation you won’t want to miss! Stay tuned for more!Show highlights:Paul plays bass in a group called The Jazz Execs. They are a consortium of musicians who raise money for children’s causes. (4:42)In 1969, Paul started college as an electrical engineer. (8:06)Paul went straight into industrial control systems after graduating from the University of South Florida, in Tampa, with a degree in Electrical Engineering. He eventually moved into designing security for internet portals and communications systems. (9:34)Paul finds that many aspects of control systems are similar to orchestras. (10:16)Some of the patents that Paul came up with are for technology to look for events happening on offshore oil platforms. That kind of work still excites him! (13:49)He was always involved with communications in the early part of his career. (15:25)It was 9/11 that brought Paul into the world of cybersecurity. (17:30)As a security architect, Paul always has to look at the bigger picture to see how data moves around a system to design resilient ways to protect those systems. (22:05)Paul talks about looking at the bigger picture to see how data moves around a system to design resilient ways to protect the system. (22:05)You need to have processes, procedures, and technology to design and produce a quality security product. (24:59)Paul has always sought to learn from those who think outside of the box in the control system world, like his late friend and mentor, Michael Assante. (29:14)Young people can gain a lot of value from mentorship and getting involved with today’s standards bodies. (32:19)New technologies, like blockchain, have great value and potential for future careers. (46:27)