Listen Now

SSVC is a new standard decision process for deciding what to do about new vulnerabilities and patches. Thomas Schmidt of the German BSI joins us to look at how SSVC decision trees work, and where and why to use them.

Different kinds of organizations in different stages of their cybersecurity evolution need to look for different kinds of people to contribute to their industrial security programs. Jason Rivera a Director at Security Risk Advisors joins us to look at workforce capability gaps and different approaches needed to fill those gaps in different scenarios.

The new US Department of Energy Cyber Informed Engineering Strategy includes unhackable safeties, manual operations, and other engineering-grade protections, in addition to traditional cybersecurity. Join Cheri Caddy, USA Deputy Assistant Cyber Director as we look at a strategy to develop a discipline of security engineering.

Windows and Linux operating systems provide a lot of detail as to what software & versions of the operating system, applications & libraries are installed. Most firmware provides almost nothing - only a single firmware version number. Thomas Pace, Co-Founder and CEO of Netrise joins us to look at gaining visibility into industrial device firmware and vulnerabilities.

Industrial network monitoring and intrusion detection tend to start at the highest level networks - the ones closest to the IT network. Ron Fabella, CTO and Co-Founder of Synsaber joins us to look at the problem the other way around - at how important and how useful it is to monitor our lowest level networks - the edge networks closest to the physical process.

How does secure software development work for industrial products (SDLC) and what is a zero-trust supply chain? Gonda Lamberink of Fortress Information Security leads us on a deep dive of what's new in secure software development, and especially how supply chain security is impacting that lifecycle.

Worst-case consequences of compromise determine government and societal policies, so consequences matter, especially for critical infrastructure security. Danielle Jablanski, OT Cybersecurity Strategist at Nozomi Networks joins us to look at threats, consequences and policies for critical infrastructure security.

Supply chain security is bigger than one standard or one approach. Supply chain has fingers into remote access and cloud services and many other things beyond SBOMs and vendor questionnaires. Pedro Fernandes of Accenture joins us to look at the big picture and at what it takes to really commit to supply chain security.

Cybersecurity investments, like safety investments, involve ROI calculations. But unlike safety, security ROI is not baked into engineering practice. Wally Magda - a senior standards and security instructor, advisor and former NERC CIP auditor joins us to look at today's ROI problems and what to do about them.

Complex networks "drift" over time - maintaining an original security vision is hard. Robin Berthier, CEO and Co-Founder of Network Perception joins us to look at a new technology for understanding what's happening to our networks.

Forescout's recent Icefall report documents 56 new OT vulnerabilities, many in certified "secure" industrial equipment. Daniel Dos Santos, Head of Security Research, joins us to look at the vulnerabilities and at what they mean for industrial security.

The big picture of industrial security programs is why we do security, who does what, and to what standards or risk tolerances. Darren Conway of Capula joins us to look at documenting industrial security policies and programs, not just technology.

Moving target defence is increasingly used for remote access systems and other high risk connections between and into systems. Ian Schmertzler, President and Co-Founder of Dispel joins us to dig into the technology.

Many people ask "why can't we just encrypt all those industrial protocols?" It turns out it's harder than it looks. Andrew West of Subnet Solutions and the Technical Chair of the DNP User group looks at Secure DNP3 - take three.

Relationships, humour and a complete lack of creepiness - Laura Torres and Sarah Jennings of FoxGuard join us to look at the art of marketing industrial security solutions.

Building automation cybersecurity is starting to happen, but most buildings are way back of their industrial peers. Mirel Sehic, Cyber Practice GM for Honeywell Building Technology, joins us to look at security for building automation, smart cities, and the results of a recent survey re: state of the practice. The full survey report is available at https://buildings.honeywell.com/us/en/solutions/healthy-buildings/trends-report

Jens Wiesner of the German BSI joins us - new German critical infrastructure laws demand immediate reporting and certified state-of-the-art attack detection.

"Silent" cyber coverage has vanished in most insurance policies, and you can't get cyber insurance any more without cyber security. Georgina Williams, Senior Cyber Underwriter at Murich RE joins us to look at how insurers are digging deep into both engineering and security aspects of industrial cyber risk.

A lot can go wrong - Enrique Martinez Technical Solutions Architect for OT Security at WWT joins us to look at common mistakes when deploying OT asset inventory, IDS and other visibility solutions - and how to avoid them.

Industrial security programs have to touch all the bases. Alexandru Suditu of the Enevo Group joins us to look at - not everything - just the tricky bits.