Avsnitt
-
In this episode of the (CS)²AI Podcast, host Derek Harp welcomes Mehdi Tarrit Mirakhorli, Associate Professor at the University of Hawaii and a Cybersecurity Expert, to discuss Secure by Design—a fundamental shift in how we develop and deploy software in industrial control systems (ICS) and operational technology (OT). With over 15 years of R&D experience for DARPA, the Air Force, and DHS, Mehdi shares why modern software is inherently vulnerable and how we can learn from aviation, medical, and safety-critical industries to build resilient systems from the ground up.
The conversation dives deep into the risks of insecure by design software, the challenges of implementing true security practices, and the role of government policies in shifting liability from users to vendors. Mehdi explains the importance of threat modeling, attack surface analysis, and secure architecture frameworks to mitigate cyber threats before they arise. He also highlights how software development must evolve beyond rapid deployment cycles to integrate security as a core design principle.
If you’re an ICS professional, cybersecurity engineer, or software developer, this episode provides actionable insights on reducing vulnerabilities at scale, implementing proactive security measures, and preparing for the future of cyber threats. Subscribe now and stay ahead in the ever-evolving world of industrial cybersecurity!
-
Derek Harp welcomes Kyle McMillian, Product Security Officer at Siemens, to discuss the evolving landscape of software bill of materials (SBOMs) and their role in modern cybersecurity. Recorded live at Hack the Capitol 7.0, this conversation unpacks the challenges and opportunities posed by SBOMs in an industry grappling with legacy systems and modern threats.
Kyle dives into the origins of SBOMs, their role in addressing vulnerabilities like Log4J, and their potential to transform procurement, risk management, and incident response. He emphasizes the importance of balancing transparency with practicality, noting that SBOMs are a starting point for broader cybersecurity conversations. With his unique perspective from a leading equipment manufacturer, Kyle shares insights into how SBOMs can help bridge the gap between IT and OT systems.
This episode is essential for anyone looking to understand the future of cybersecurity and the critical role of SBOMs in securing industrial control systems. Learn how these tools can foster trust, streamline risk management, and improve collaboration across the industry.
-
Saknas det avsnitt?
-
Derek Harp sits down with Kenneth Warren, Staff OT and Offensive Security Engineer at GRIMM Cyber, to discuss how gamification and Capture the Flag (CTF) competitions are revolutionizing cybersecurity training. Recorded live at Hack the Capitol 7.0, this conversation explores how CTFs and cyber ranges create safe, hands-on environments for learning offensive and defensive cybersecurity skills.
Kenneth explains how CTFs offer opportunities to tackle real-world scenarios, from navigating complex networks to interacting with industrial control protocols. Whether you're an experienced professional or a newcomer to the field, CTFs provide a unique way to build and refine your skills. He also highlights how gamification reaches audiences that traditional training might miss, making learning engaging and accessible.
This episode provides insights into the growing role of gamified learning in cybersecurity and how it’s inspiring the next generation of professionals. Discover how these competitions foster collaboration, creativity, and innovation in a rapidly evolving industry.
-
Derek Harp hosts Jeff Hahn, Project Manager at Idaho National Laboratory (INL), to discuss innovative approaches to training in the ICS and OT cybersecurity space. Recorded live at Hack the Capitol 7.0, Jeff shares insights into how INL’s escape rooms provide hands-on, immersive learning experiences for professionals and students alike.
The escape rooms integrate learning objectives from INL’s renowned 301 Red Team/Blue Team training, transforming them into engaging, gamified challenges. These exercises offer participants a chance to simulate real-world scenarios, improve teamwork, and develop critical cybersecurity skills. Jeff also highlights the importance of bridging gaps between IT and OT teams through collaborative training initiatives.
Whether you're a seasoned professional or a newcomer to the field, this episode explores how gamification and experiential education can help prepare the next generation of cybersecurity experts. Discover how these escape rooms are traveling the world, raising awareness, and making learning accessible to everyone.
-
Derek Harp welcomes Rob Shaughnessy, President & CEO, Director of Psymetis, Inc., to discuss critical issues in the world of ICS and OT security, recorded live at Hack the Capitol 7.0. Rob dives into the vulnerabilities surrounding the development of innovative technologies, supply chain risks, and the evolving threat landscape posed by nation-state actors.
The conversation highlights the growing need for transparency in supply chains, the legal gaps in cybersecurity requirements for technology companies, and the rise of services like ransomware-as-a-service, which lower the bar for cybercriminals. Rob also shares his perspective on education and workforce challenges in cybersecurity, emphasizing the importance of foundational skills and the risks of over-relying on influencer culture.
Packed with actionable insights, this episode offers a nuanced look at the complexities of securing critical infrastructure, balancing innovation with security, and preparing for a more connected, yet vulnerable, future.
-
The intersection of cybersecurity and the food industry takes center stage as Kristin Demoranville, founder and CEO of Anson Sage and host of Bytes and Bites, joins Derek Harp at Hack the Capitol 7.0. This compelling conversation reveals how digital systems impact every aspect of the food supply chain, from farming and production to transportation and storage.
Kristin highlights key vulnerabilities, including risks in automated farming equipment, robotic processing lines, and self-driving refrigerated trucks. She advocates for embedding cybersecurity into food safety practices to protect both trust and the integrity of what we eat. As the industry embraces groundbreaking innovations like AI and lab-grown food, addressing these challenges is more crucial than ever.
Listeners will gain valuable insights into the urgent need for collaboration, awareness, and action to secure the systems that sustain our daily lives. This dialogue sheds light on the essential role of cybersecurity in ensuring a safe and reliable food supply for everyone.
-
In this episode of the (CS)²AI Podcast, host Derek Harp welcomes Jay Warne, co-founder of ResetCon, to discuss the intersection of cybersecurity research, critical infrastructure, and collaborative defense strategies. Recorded live at Hack the Capitol 7.0, this conversation highlights the pressing need to close gaps between academia, offensive researchers, and critical industries.
Jay delves into the mission of ResetCon, an inaugural conference designed to connect academic researchers, defense experts, and key players from the civilian and commercial sectors. Together, they aim to anticipate emerging threats, mitigate risks, and reduce recovery times for critical systems. The discussion also explores the challenges of integrating IT and OT security teams, the importance of "cyber-informed engineering," and the need for secure-by-design principles.
Listeners will gain insights into the future of cybersecurity, including lessons learned from DARPA research, the importance of bridging silos, and how to build more resilient systems. Don’t miss this episode if you’re passionate about protecting critical infrastructure and fostering innovation.
-
Our host Derek Harp sits down with Adam Robbie, Head of OT Threat Research at Palo Alto Networks, live from Hack the Capitol 7.0. Adam shares critical insights into emerging cybersecurity challenges within Operational Technology (OT) environments, including findings from Palo Alto's extensive OT threat landscape research.
Listeners will hear about the top attack vectors impacting critical infrastructure: remote access vulnerabilities, supply chain risks, and lateral movement across networks. Adam discusses the importance of network segmentation, cross-team collaboration between IT and OT, and innovative tools like the Cyberwall, a hands-on demonstration environment showcasing real-world OT threats.
Whether you're an OT security professional or new to the field, this episode delivers practical takeaways to enhance your cybersecurity strategies. Don’t miss this engaging conversation focused on securing control systems and building stronger, collaborative defenses.
-
In this episode of the CS2AI Podcast, host Derek Harp dives deep into the evolving threats to national security and critical infrastructure with Mark Montgomery, Senior Fellow at the Foundation for Defense of Democracies. Recorded live at the Hack the Capitol 7.0 conference in Washington D.C., this episode sheds light on the increasing cyber vulnerabilities faced by the United States from nation-states like China and Russia, as well as criminal actors exploiting critical infrastructure. Mark shares his extensive experience and expertise, offering insights into how the U.S. government can better prepare and protect itself in the face of modern cyber threats.
Mark discusses the significant mismatch between the capabilities of the Department of Defense and intelligence agencies, and the authorities of civilian federal agencies responsible for protecting sectors like power, water, and transportation. He also highlights the pressing issue of underperforming federal agencies tasked with safeguarding critical infrastructure, and the dire need for a comprehensive, bipartisan approach to cybersecurity legislation. With over 32 years in the U.S. Navy and years of policy work in the federal government, Mark offers a unique perspective on the future of cybersecurity and what needs to change to address these challenges effectively.
One of the key takeaways from this episode is Mark’s call for a more cohesive strategy to defend against cyber threats and protect public safety and economic productivity. Despite the ongoing challenges, there’s a sense of hope as Mark emphasizes the bipartisan nature of cybersecurity solutions and the possibility of enacting meaningful changes. This conversation is essential for anyone involved in cybersecurity, national security, or government policy and provides crucial insights into the future of cyber defense in the United States.
-
Join Derek Harp and his guests from Rapid7—Lonnie Best, William Price, and Nicholas Butcher—as they delve into the critical challenges and exciting opportunities within the Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity landscape. Recorded live at Hack the Capitol 7.0, this episode highlights the growing demand for OT cybersecurity, innovative approaches to managing threats, and the evolving dynamics between IT and OT professionals.
In this episode, the panel discusses real-world examples of managing ICS threats, the nuances of integrating OT into traditional IT security frameworks, and the importance of trust and communication in bridging gaps between teams. Learn how managed security services are adapting to meet the unique demands of OT environments and why collaboration across roles and expertise is essential.
Whether you’re a seasoned professional or new to the field, this episode offers actionable insights and inspiring stories that highlight the importance of securing critical infrastructure in today’s evolving threat landscape.
Visit cs2ai.org to learn more about resources, events, and professional development opportunities in OT and ICS cybersecurity.
-
In this episode of the CS²AI Podcast, host Derek Harp is joined by Lucian Niemeyer, CEO of Building Cybersecurity, for an enlightening discussion on the critical importance of protecting operational technology (OT) systems. Recorded at the Hack the Capitol 7.0 conference, Lucian emphasizes the increasing threats to critical infrastructure posed by nation-state actors and other adversaries, describing the current landscape as a "Sputnik moment" for cybersecurity.
From vulnerabilities in water systems to the cyber-physical risks of modern vehicles, this conversation highlights the pressing need for a collective defense strategy. Lucian shares actionable insights on the roles of the private sector and national defense in addressing these challenges and calls for a bipartisan commitment to safeguard life-essential systems.
If you're curious about how cybersecurity intersects with human safety and national security, this episode is a must-listen. Learn about proactive measures, emerging frameworks, and how you can contribute to strengthening our defenses.
-
Derek Harp hosts Virginia "Ginger" Wright, a program manager at Idaho National Laboratory, known for her pioneering work in cybersecurity for critical infrastructure. Ginger shares the history and importance of Cyber Informed Engineering (CIE) and how this engineering philosophy integrates safety protocols directly into the design of industrial systems, making them resilient against cyber threats. They discuss the origins of CIE in nuclear energy safety, the unique assets of Idaho National Laboratory, and the vital role engineers play in safeguarding critical infrastructure. Ginger also dives into practical resources like the Cyber Informed Engineering Implementation Guide, sharing how organizations and educators can adopt this methodology. Join us for insights into CIE’s impact on the future of OT and ICS cybersecurity.
-
In this episode, host Derek Harp sits down with Bryson Bort and Tom Van Norman, co-founders of ICS Village and creators of Hack the Capitol. They discuss the origins and evolution of Hack the Capitol, now in its seventh year, and the conference’s unique focus on bridging cybersecurity professionals with policy makers and industry leaders. They dive into the value of hands-on learning, the launch of Workforce Development Day, and the ongoing need for practical cybersecurity education and career opportunities for all. Bryson and Tom also highlight the significance of candor in the field and what attendees can look forward to at future conferences. Tune in for insights into the world of OT and ICS cybersecurity, hands-on training, and the importance of building community partnerships.
-
In this episode, the conversation centers on the critical role of operational technology (OT) security and the unique contributions of the S4 Conference. Dale Peterson shares his journey and insights into the challenges of underrepresentation in cybersecurity, especially for women and other groups, and highlights innovative scholarship initiatives aimed at bridging this gap. The discussion also delves into the evolving landscape of AI in cybersecurity, addressing both its potential and the complexities it brings. Listeners will gain valuable perspectives on managing cybersecurity risks, prioritizing investments, and developing effective recovery strategies in OT environments. As we look forward to S4 2025 in Tampa, Florida, this episode offers a glimpse into the future of cybersecurity and the importance of resilience in our systems
-
Today, we are thrilled to welcome Roya Gordon as our guest.
Roya is an executive industry consultant specializing in operational technology, cybersecurity, and Hexagon. She is a military veteran, an accomplished technologist, and a prolific speaker in our industry. Her creativity knows no bounds, encompassing her passion for the arts and her love of opera and symphonies. She is also an avid traveler and a super fun person to have around.
Roya brings a unique and engaging perspective to our discussion today. She shares her journey from a pre-law magnet program to becoming a skilled speaker in the Navy, highlighting the value of communication skills for conveying technical information to audiences and sharing the challenges and opportunities veterans face when breaking into the cybersecurity industry.
Stay tuned as Roya shares her invaluable insights and experiences, offering guidance for veterans aspiring to enter the cybersecurity field. You will not want to miss the wisdom and stories Roya shares with us today.
Show highlights:
Roya shares her background as an army brat.Roya discusses her six-year experience in the Navy.How Roya gradually realized she was involved in technology through her Navy intelligence workRoya talks about her studies in international relations and national security after leaving the Navy and how she pivoted to studying cyber-warfareRoya landed a job as a security researcher at Idaho National Laboratory (INL) despite lacking an IT background.Roya talks about the foundational training she received in OT cybersecurity at INL. How advanced tools often get underutilized due to a lack of trained personnel Roya highlights the value of certifications. How non-technical roles like journalism and event planning can offer entryways into the cybersecurity space.Links and resources:
(CS)²AI
Derek Harp on LinkedIn
Hexagon
Roya Gordon on LinkedIn
-
We are thrilled to have Max Aulakh, the Founder and CEO of Ignyte Assurance Platform, joining us today.
Max is a military veteran and motorcycle enthusiast who enjoys doing voluntary work. He is a prolific contributor to the cybersecurity community, always willing to be of service to others. When Max was three, his father applied for American citizenship at the US Embassy in India. It was an extremely long process, and after losing all hope, he and his family finally migrated to Oklahoma a decade later.
Join us to learn how Max transitioned from the military to founding the successful Ignyte Assurance Platform. He also shares his views on regulations, discusses how AI has impacted the security field, and offers prudent and practical advice for anyone interested in pursuing a cybersecurity career.
Stay tuned for today’s candid and fascinating interview with Max Aulakh, the Founder and CEO of Ignyte.
Show highlights:
How Max’s military experience led to his career in securityMax’s Air Force mentor encouraged voluntary service.How working with the Department of Treasury, scrubbing hard drives, led to Max’s interest in security.Max explains how his military experience instilled a service mindset beneficial for security roles.While in service, he attended the American Military University due to its flexible programs for deployed personnel.The challenges he faced transitioning from a services company to a product-based companyMax shares how he launched Ignyte in 2019/2020How Max assists companies with the Cybersecurity Maturity Model, particularly in thedefense sector.Why standardization and testing are essential in operational technologyMax shares his views on the potential of AILinks and resources:
(CS)²AI
Derek Harp on LinkedIn
Ignyte Assurance Platform
Max Aulakh on LinkedIn
-
We are delighted to have Mike Holcomb joining us on the show today.
Mike is both a fellow and a cybersecurity director, and he currently serves as the ICS OT Cybersecurity Global Lead at Fluor, a massive multinational engineering and construction firm with over 40,000 employees. He has participated in many major building projects, and we are excited to learn from his extensive experience today.
Stay tuned as Mike shares his insights and expertise.
Show Highlights:
Mike discusses the two years he spent in China building bowling alleysMike talks about his time teaching and consulting at a training company in San DiegoHow Mike had the opportunity to double his salary and work with the Navy SEALs during 9/11Mike discusses his experience working in IT securityMike explains that Fluor has built some of the largest control system environments in the world Mike discusses challenges in the energy sectorHow regulations impact cybersecurity in various industriesWhy cybersecurity regulations are essential within critical infrastructureMike discusses the challenge of aligning IT and OT cybersecurity teamsLinks and resources:
(CS)²AI
Derek Harp on LinkedIn
Bridewell
Michael Holcomb on LinkedIn
Fluor
-
We are delighted to have Chase Richardson, the VP of Consulting at Bridewell, back on the show today.
Bridewell boasts a rich history in industrials, offering comprehensive cybersecurity services across the entire cybersecurity spectrum, including operating technology.
Recently, Bridewell came up with an insightful report on cybersecurity within the US critical infrastructure. In this episode, Chase dives into the current state of cybersecurity regulations in critical infrastructure and shares the details and origin of the upcoming Bridewell report, which falls squarely within the interest of CSAI.
Tune in to learn more about this exciting project.
Show highlights:
How the attacks experienced by CISOs and cyber managers have decreased despite an increase in risk sentiment The challenges small and mid-sized airports face when implementing regulations due to their limited cybersecurity budgetsHow cybersecurity regulations in the US differ from those in the UKWhat is the link between IT and OT security?Why it is essential to implement a hybrid of IT and OT security measures to protect critical infrastructureWhy organizations need to comply with relevant cybersecurity standards and regulationsChase shares key findings and insights from Bridewell's upcoming cybersecurity report for critical infrastructure.Links and resources:
(CS)²AI
Derek Harp on LinkedIn
Bridewell
Chase Richardson on LinkedIn
-
We are delighted to have Chase Richardson, Head of US Operations for Bridewell, and Martin Riley, Director of Managed Services for Bridewell, joining us today!
We are changing things slightly for this episode, with Martin and Chase diving into how to integrate OT systems into your sim rather than presenting our regular biographical format. Their focus today is predominantly on the increasingly relevant topic of managing data across diverse platforms, particularly in OT applications.
Join us as we explore this integration and unravel the challenges it presents.
Show highlights:
The evolution of cybersecurity technologyHow the industry struggles with integrating IoT and OT data into security simsWhy integrating separate systems into one platform is crucial for security teams How security and operational technology leadership teams convergeWhy hybrid teams are essential for managing cybersecurity risksThe importance of asset visibility and understanding the architecture for effectively implementing security solutions How AI and machine learning can help to reduce noise in security operationsWhy threat intelligence is essential for business risk and control validationThe importance of threat intelligence in the cybersecurity industryLinks and resources:
(CS)²AI
Chase Richardson on LinkedIn
Martin Riley on LinkedIn
Bridewell
Derek Harp on LinkedIn
-
We are thrilled to welcome Juan Carlos Buenano as our distinguished guest for today’s episode of the CS2AI podcast!
Carlos is the Chief Technology Officer for OT at Armis. He is a born technologist and an engineer by training. Beyond his professional endeavors, he embraces a life filled with adventure, enjoying many outdoor activities, including scuba diving, mountain biking, and exploring the scenic expanses of unspoiled nature.
Carlos was born in Venezuela and grew up in a small town outside Caracas. After graduating as an electronic engineer in Venezuela, he traveled to Australia to learn English, fell in love with the country, the lifestyle, and the nature, and has lived there for the last 23 years.
Carlos brings a unique perspective to today’s show, shaped by his professional and personal experiences. Join us for an engaging discussion as he shares his wealth of experiences and insights and explains how he serves his community.
Show Highlights:
Carlos shares his journey to becoming an engineer in the energy industryHow his interest in control systems beganCarlos recounts his early cybersecurity experiences in industrial systems during the early 2000sThe importance of keeping operating systems up to date to prevent vulnerabilities and ensure reliabilityWhy it is essential to understand how technology works in both physical security and cybersecurityCarlos discusses the challenges of integrating cybersecurity into process control systemsCarlos offers advice for engineers who want to get into cybersecurityThe importance of mentorship and learning from others in their industryCarlos discusses the weekly open mic Ask Me Anything sessions he does at workLinks and resources:
(CS)²AI
Derek Harp on LinkedIn
Carlos Buenano on LinkedIn
Armis
- Visa fler
