Podcast
@BEERISAC: OT/ICS Security Podcast Playlist
Hosted by Anton Shipulin / Listen Notes · EN
A curated playlist of Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity podcast episodes in any language, compiled by ICS security enthusiasts. Missing something? Contact Anton Shipulin on LinkedIn. Subscribe for updates!
93episodes
Episodes
Newest firstAll episodes
AI in OT Cybersecurity: Real-World Risks, Smarter Defenses & the Future of Critical Infrastructure
2d ago00:49:09Tap to summarizePodcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: AI in OT Cybersecurity: Real-World Risks, Smarter Defenses & the Future of Critical InfrastructurePub date: 2026-05-18Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAI is rapidly transforming cybersecurity but are critical infrastructure environments ready for what comes next? In this episode of Protect It All, host Aaron Crow sits down with longtime colleague and cybersecurity expert Clark Liu to explore how artificial intelligence is reshaping both IT and OT security operations. From incident response and compliance frameworks to workforce shifts and operational resilience, Aaron and Clark unpack the real-world opportunities and very real risks of integrating AI into industrial environments. Together, they tackle the evolving role of frameworks like NERC CIP and NIST, the challenges of balancing compliance with actual security outcomes, and how organizations can responsibly adopt AI without increasing exposure. You’ll learn: How AI is changing OT and IT cybersecurity operations The role of AI in incident response, documentation, and monitoring Why compliance frameworks alone don’t guarantee resilience The risks of adopting AI without strong operational foundations How organizations can prepare for AI-powered threats and workforce changes Practical insights for balancing innovation, budgets, and security priorities Whether you’re leading OT security, managing critical infrastructure, or evaluating AI adoption in your organization, this episode delivers practical guidance for navigating cybersecurity’s next major shift. Tune in to learn how AI is transforming cyber defense and what organizations must do to stay resilient only on Protect It All. Key Moments; 05:33 Understanding cybersecurity compliance frameworks 07:11 Overlooked vulnerabilities in systems 09:59 Balancing multiple firewall vendors 15:17 Delegating tasks to AI 19:11 Importance of documenting commits 21:51 Hospital system shutdown crisis 25:11 AI uncovering software vulnerabilities 26:37 Engineers implementing AI in automation 31:26 AI tools and personal security 32:55 Password security practices 36:46 Using AI for basic tasks 39:38 Transition to off-the-shelf software 42:29 Going back to basics with appliances 47:02 Excitement About Future AI Capabilities Guest Profile : Clark Liu is a veteran OT cybersecurity expert and one of the original contributors to the NERC CIP standards. With nearly two decades in energy and critical infrastructure security - including leadership roles at EY and GALLO - Clark specializes in OT risk management, compliance strategy, and securing industrial operations from the plant floor to the cloud. How to connect Clark: LinkedIn : https://www.linkedin.com/in/clarkliu/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Transcribe →
3/4 Acciones de la Resiliencia Colectiva en el Sector Ferroviario
3d ago00:15:23Tap to summarizePodcast: Casos de Ciberseguridad IndustrialEpisode: 3/4 Acciones de la Resiliencia Colectiva en el Sector FerroviarioPub date: 2026-05-18Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn este episodio se aborda la gestión práctica de riesgos, superando el enfoque basado puramente en el cumplimiento documental. Se analizan los mecanismos contractuales e industriales más efectivos para garantizar la ciberseguridad a lo largo de todo el ciclo de vida del proyecto y se comparten casos reales donde la colaboración estrecha entre operadores, fabricantes […]The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Transcribe →
The Next Cyber Crisis Won’t Be One Hospital—It Could Be the Entire Health System
5d ago00:28:49Tap to summarizePodcast: Exploited: The Cyber Truth Episode: The Next Cyber Crisis Won’t Be One Hospital—It Could Be the Entire Health SystemPub date: 2026-05-14Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Greg Garcia, Executive Director for Cybersecurity of the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group, to examine how ransomware, third-party dependencies, and interconnected healthcare infrastructure are shaping cyber risk across the healthcare sector. Drawing on experience spanning DHS, critical infrastructure protection, and healthcare cybersecurity coordination, Garcia explains how disruptions at a single vendor or service provider can cascade across hospitals, pharmacies, insurers, and patients nationwide. Together, they explore: Why healthcare cyber risk is shifting from isolated breaches to systemic disruptionHow ransomware and third-party compromises create cascading operational impactsLessons from the Change Healthcare ransomware attackThe growing challenge of securing connected healthcare systems and medical devicesWhy patching alone cannot keep pace with modern cyber threatsThe role of collaboration and resilience in protecting critical healthcare infrastructure From healthcare providers and medical device manufacturers to policymakers and critical infrastructure leaders, this episode explores what organizations must understand to prepare for the next generation of healthcare cyber threats.The podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Transcribe →
OT Cybersecurity: Is the Purdue Model Still Useful?
6d ago00:48:09Tap to summarizePodcast: Industrial Cybersecurity InsiderEpisode: OT Cybersecurity: Is the Purdue Model Still Useful?Pub date: 2026-05-12Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIs the Purdue Model outdated, or simply misunderstood? In this episode, Dino sits down with Ken Kully (Rockwell Automation) for a candid, practitioner-level conversation about what the Purdue Model still gets right.They discuss where it falls short in modern environments, and why “IT/OT convergence” remains more of a people-and-process challenge than a technology problem. They break down the reality on the plant floor: long-lived legacy systems, inconsistent architectures across sites, limited maintenance windows, and the operational consequences of downtime. The discussion also tackles the everyday friction points: MFA, shared operator accounts, unmanaged vendor laptops, and remote access “surprises”, and why you can’t improve OT security posture without a trustworthy asset inventory and segmentation that keeps systems “in their lane.”Chapters:(00:00:00) Intro + why this Purdue conversation matters now(00:01:00) Ken’s background: from process environments to OT cyber delivery readiness(00:04:00) The big question: has the Purdue Model outlived its usefulness?(00:07:00) Framework vs. strict blueprint: “Purdue enough” in real plants(00:09:00) IT/OT convergence: why it’s a people + process problem (not tech)(00:12:00) The “silver tsunami” and why security UX fails on the plant floor(00:15:30) MFA, shared logins, and why “security gets in the way” still shows up(00:18:00) Legacy reality: Windows 98/7 boxes, vendor lock-in, and downtime economics(00:21:00) Discovery first: diagrams, configs, and why documentation is always missing(00:23:30) Purdue as a map: brokering traffic, one-up/one-down, and the “3.5” DMZ(00:26:00) When devices try to “escape the box”: unexpected outbound comms + exposure risk(00:28:30) Vendor/OEM access: the unmanaged laptop problem in OT(00:32:00) Asset inventory as the unlock: you can’t defend what you don’t know exists(00:34:00) Why IT often won’t “crawl the plant,” and what that means operationally(00:36:30) Scale problem: 30 plants, 30 realities—standardize globally, execute locally(00:38:30) The SI/OEM “third leg”: why trusted integrators are key to sustainable OT security(00:40:30) Closing + crossover: continuing the discussion on Ken’s OT After Hours podcastLinks And Resources:Kenneth Kully on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Transcribe →
EP 86: The Trusted Channel: AT Command Exploits and Cellular IoT Security
1w ago00:32:00Tap to summarizePodcast: Error Code (LS 27 · TOP 10% what is this?)Episode: EP 86: The Trusted Channel: AT Command Exploits and Cellular IoT SecurityPub date: 2026-05-12Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCellular modules in your IoT devices are trusted and that trust can be an insecure pivot point into your network for attackers. Deral Heiland, Principal Security Research for IoT at Rapid 7 discusses his presentation at RSAC 2026 on AT command exploits and supply chain risk.The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Transcribe →
Das digitale Nervensystem: Warum Gebäudeautomation echte OT ist | OT Security Made Simple
1w ago00:26:27Tap to summarizePodcast: OT Security Made SimpleEpisode: Das digitale Nervensystem: Warum Gebäudeautomation echte OT ist | OT Security Made SimplePub date: 2026-05-12Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationKlaus Mochalski und Tim Bauer (ak-itsga) diskutieren den blinden Fleck in Smart Buildings. Erfahren Sie, warum Gebäudeautomation knallharte OT ist, weshalb die Branche der Industrie-Security um Jahre hinterherhinkt und warum Auftraggeber das Thema ab sofort zwingend in ihre Lastenhefte schreiben müssen.Mehr zum Thema OT Security Made simple findet Ihr auf rhebo.com oder schreibt uns mit Euren Ideen, Fragen oder Gastvorschlägen an podcast@rhebo.com. The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Transcribe →
Policy Pulse: Regulatory Roundtable - Cyber Strategy, Large Loads, AI & CISA in Flux
1w ago01:00:18Tap to summarizePodcast: Critical Assets PodcastEpisode: Policy Pulse: Regulatory Roundtable - Cyber Strategy, Large Loads, AI & CISA in FluxPub date: 2026-05-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationPatrick Miller reconvenes with Joy Ditto (Joy Ditto Consulting) and Earl Shockley (INPOWERD) for a tour of the past two months in critical infrastructure policy. The episode opens on the administration's new National Cybersecurity Strategy and its six pillars, with focus on the openly offensive "shape adversary behavior" posture and the asymmetric risk it creates for asset owners likely to absorb retaliation.The panel then digs into the pressures reshaping the bulk electric system: data center designation, cloud-hosted control centers running NERC standards while the underlying compute is unregulated, and the physics of computational loads that behave nothing like traditional load. Earl walks through the recent NERC Level 3 alert on large load connections, an unusually serious signal that industry processes are behind.The discussion also covers April infrastructure executive orders that release funding but ignore cybersecurity, hyperscalers displacing utilities as the top buyers of bulk electrical equipment, the multi-agency zero trust in OT guidance, and CISA's leadership uncertainty after Sean Plankey withdrew his nomination. On the AI front, the group unpacks what Anthropic's Mythos and the Glasswing response mean for vulnerability discovery at scale, and why no OT vendors are on the Glasswing list.Closing thoughts include Joy's note on satellite cybersecurity and a rare bipartisan Senate trip to China, Earl's emphasis that computational load is now an enterprise governance issue rather than a technical one, and Patrick's plea to stop making the adversary's job easy.Topics coveredThe new National Cybersecurity Strategy and its six pillarsOffensive cyber posture and the asymmetric risk to asset ownersData center designation as critical infrastructureCloud control centers and the NERC 100-series standardsComputational load, grid stability, and loss of system inertiaNERC Level 3 alert on large load connectionsApril infrastructure executive orders and the missing cyber languageSupply chain shifts and hyperscalers as the top equipment buyersZero trust principles for OT environmentsCISA Fortify guidance and CISA's current leadership statusAnthropic's Mythos, the Glasswing response, and the OT vendor gapSatellite cybersecurity and bipartisan engagement on China policyBasic hygiene: get exposed devices off the internetThe podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Transcribe →AI Agents & Cybersecurity: Identity, Compliance, and the New Risks Facing IT and OT
1w ago01:06:44Tap to summarizePodcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: AI Agents & Cybersecurity: Identity, Compliance, and the New Risks Facing IT and OTPub date: 2026-05-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarization AI agents are changing cybersecurity faster than most organizations can adapt. In this episode of Protect It All, host Aaron Crow welcomes back cybersecurity veteran Ken Foster for a deep dive into how AI is reshaping risk, identity, and resilience across IT and OT environments. With more than 30 years of experience spanning the Navy, manufacturing, fintech, government programs, and startups, Ken brings a grounded, real-world perspective on what organizations are getting right and dangerously wrong about AI adoption. Together, Aaron and Ken explore the growing challenges around AI agents, identity governance, shadow AI, compliance, and attribution in highly regulated industries. As AI tools become embedded into workflows and decision-making, organizations must rethink how they manage access, monitor activity, and maintain resilience against rapidly evolving threats. You’ll learn: Why AI agents introduce new identity and governance risks The dangers of shadow AI inside enterprise environments How AI impacts compliance, attribution, and accountability Why foundational practices like patching, segmentation, and documentation still matter The role of continuous monitoring in AI-driven environments How organizations can balance innovation with resilience and control Whether you’re leading cybersecurity strategy, managing critical infrastructure, or navigating AI adoption inside regulated environments, this episode delivers practical insights for securing the next generation of digital operations. Tune in to learn how AI is transforming cybersecurity - and what leaders must do to stay ahead - only on Protect It All. Key Moments: 07:47 AI guardrails discussion 12:02 Patching and network segmentation 20:44 AI changing job roles 24:24 FISMA and FedRAMP concerns 29:18 Emergency response planning 35:36 Choosing the right tech team 37:14 Discussing accountability and risk 46:31 Developer access problems 51:50 AI Dependence Risks 57:36 AI in pen testing 58:55 AI in risk prevention About the guest : Ken Foster is a veteran cybersecurity leader with 25+ years of experience in enterprise security, risk governance, and global infrastructure strategy. Currently Head of Global Architecture at Adient, Ken has previously led cybersecurity and compliance programs at Fleetcor and Fiserv, specializing in IAM, cloud security, regulatory compliance, and risk-based cybersecurity strategy. He is known for helping organizations balance innovation, resilience, and operational execution in highly regulated environments. How to connect Ken: http://linkedin.com/in/kennethfoster/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Transcribe →2/4 Análisis de la Resiliencia Colectiva en el Sector Ferroviario
1w ago00:11:26Tap to summarizePodcast: Casos de Ciberseguridad IndustrialEpisode: 2/4 Análisis de la Resiliencia Colectiva en el Sector FerroviarioPub date: 2026-05-11Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationEn este episodio se analiza los riesgos sistémicos derivados de la disparidad en la madurez de ciberseguridad entre operadores, fabricantes y proveedores. Se examina el impacto de las brechas regulatorias en la cadena de suministro y se evalúan las prácticas europeas de cooperación, intercambio de inteligencia y armonización normativa como pilares para alcanzar una resiliencia […]The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Transcribe →
Deral Heiland on Weaponizing Cellular-Based IoT
1w ago00:26:04Tap to summarizePodcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)Episode: Deral Heiland on Weaponizing Cellular-Based IoTPub date: 2026-05-10Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationRapid7 Principal Security Research (IoT) lead Deral Heiland joins the Nexus Podcast to discuss work his team did on how attackers might weaponize cellular-based IoT. Rapid7 conducted three phases of this research, with the most recent digging into how attackers with access to these systems can abuse them to gain unauthorized access, potentially exfiltrate critical data, or pivot into backend network infrastructure. Subscribe and listen to the Nexus Podcast here. Read the Rapid7 research report.The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Transcribe →