Podcast
Nexus: A Claroty Podcast
Hosted by Claroty · EN
Nexus is a cybersecurity podcast hosted by Claroty Editorial Director Mike Mimoso. Nexus will feature discussions with cybersecurity leaders responsible for the security and protection of cyber-physical systems. Guests include cybersecurity researchers, executives, innovators, and influencers, discussing the topics affecting cybersecurity professionals in OT, IoT, and IoMT environments.
28episodes
Episodes
Newest firstAll episodes
Jon Holzbauer on IT/OT's Divergent Approaches to Asset Security
6d ago00:13:40Tap to summarizeJon Holzbauer, OT Systems Manager at Silgan Containers, joins the Nexus Podcast to discuss where IT security teams and OT operations run into challenges in protecting these diverse complicated environments in manufacturing. A clash of approaches may lead to rash decisions around cybersecurity that could disrupt key processes or impact safety and reliability. This interview was pulled from Episode 3 of Nexus Digest, a monthly recap of content published on Nexus. Subscribe and listen to the Nexus Podcast here.
Transcribe →Ric Derbyshire on Living-Off-the-Plant OT Cyberattacks
2w ago00:24:22Tap to summarizeRic Derbyshire, a Principal Security Researcher at Orange Cyberdefense and an Honorary Researcher at Imperial College London, joins the Nexus Podcast to discuss how attackers are able to gain lateral movement across operational technology (OT) assets through a tactic known as Living Off the Plant.Similar to Living-off-the-Land attacks, Living-Off-the-Plant TTPs leverage native functionality specific to OT, with a potential negative impact on physical assets and safety concerns. Subscribe and listen to the Nexus Podcast here.
Transcribe →Deral Heiland on Weaponizing Cellular-Based IoT
4w ago00:26:04Tap to summarizeRapid7 Principal Security Research (IoT) lead Deral Heiland joins the Nexus Podcast to discuss work his team did on how attackers might weaponize cellular-based IoT. Rapid7 conducted three phases of this research, with the most recent digging into how attackers with access to these systems can abuse them to gain unauthorized access, potentially exfiltrate critical data, or pivot into backend network infrastructure. Subscribe and listen to the Nexus Podcast here. Read the Rapid7 research report.
Transcribe →Rob King on OT Asset Exposures, Mitigations
May 300:24:12Tap to summarizeRob King, Director of Applied Research at RunZero, joins the Nexus Podcast to discuss the security risks and exposures introduced by digital transformation to operational technology environments. As many OT and cyber-physical systems assets are connected online, there could be signification exposures introduced to these internet-facing devices and systems. Rob also discusses the effectiveness of popular mitigations such as segmentation and other controls. Subscribe and listen to the Nexus Podcast here.
Transcribe →Samir Boussarhane on New MITRE Caldera for OT Attack Simulators
Apr 2600:23:23Tap to summarizeSamir Boussarhane, senior cybersecurity engineer at MITRE, joins the Nexus Podcast to discuss some new simulator plug-ins added to Caldera for OT. Caldera for OT is an open-source adversary emulation platform that automates security assessments for operational technology (OT) systems. Samir provides context on a new simulator called the Aloha Water Treatment plant, which emulates a water utility and serves as a training platform for students, engineers, and IT security teams alike. Caldera for OT now also supports protocols such as BACnet, Modbus, and includes an HVAC simulator.Subscribe and listen to the Nexus Podcast here. Access the Aloha Water Treatment simulator. Medium article on the Aloha Water Treatment simulator.
Transcribe →Jim Labonty on Data Center, Manufacturing Cybersecurity
Apr 2300:24:24Tap to summarizeFormer Pfizer head of global automation engineering Jim LaBonty joins the Nexus Podcast to discuss an article he wrote for Nexus on the need to secure data centers during kinetic conflict. He also explains the interlock between data centers and manufacturing facilities, and why a cyberattack against a data center can be devastating to the uptime and reliability of factory floors. This interview was pulled from Episode 2 of Nexus Digest, a monthly recap of content published on Nexus. Subscribe and listen to the Nexus Podcast here.
Transcribe →Tiffany Wilson on the Security Crisis of Consumer Tech in Healthcare
Apr 1900:25:42Tap to summarizeTiffany Wilson, the founder of Wilson Inclusive Solutions (WINS), a disability accessibility consulting firm, joins the Nexus Podcast to discuss the proliferation of consumer technology into healthcare infrastructure. This technology—smart speakers that help manage medications or cameras that monitor vulnerable individuals—often handles patient data and safety, and operates in a regulatory void. Wilson advocates for frameworks that manufacturers and distributors can use to protect patient information and safety, given that most of this assistive technology functions as healthcare infrastructure without existing oversight and protection given healthcare technology. Subscribe and listen to the Nexus Podcast here.
Transcribe →Joe Slowik on Exposed, Internet-Facing OT
Apr 1200:24:33Tap to summarizeJoe Slowik, Director of Cybersecurity Alerting Strategy at Dataminr, joins the Nexus Podcast to discuss the alarming trend of lesser-skilled hacktivist groups leveraging operational technlogy (OT) and cyber-physical systems (CPS) in attacks. Many of these exposed devices are easily scannable and accessible online, and attackers are hurdling low barriers to entry such as poor or missing authentication, or insecure, legacy protocols to access assets and either cause disruption or move further into the process or business networks. Often these attacks are carried out without exploits or malware. Subscribe and listen to the Nexus Podcast here. Download Team82's report: "Analyzing CPS Attack Trends"
Transcribe →Phil Englert on Medical Device Cybersecurity
Apr 500:25:46Tap to summarizePhil Englert, VP, Medical Device Security, Health-ISAC joins to discuss the cybersecurity risks introduced by legacy technology in healthcare and how it impacts patient care and safety. Phil also brings some context and insight into the U.S. Food and Drug Administration's (FDA) updated guidance on cybersecurity requirements for medical devices aimed at manufacturers and premarket product submissions. The guidance proposes stricter secure development processes, software component tracking, and more.Subscribe and listen to the Nexus Podcast here.
Transcribe →Raphael Arakelian on Operation Grim Beeper
Mar 2900:36:42Tap to summarizeRaphael Arkelian, the OT/IOT cybersecurity manager at Accenture, joins the Nexus Podcast to discuss his research into Operation Grim Beeper, the name given to a two-day attack in 2024 in the Middle East where explosives were introduced into pagers and walkie-talkies favored by Hezbollah. The explosions injured more than 1500 and killed dozens. Raphael’s research looks at several aspects of this attack and shares lessons and security gaps that can be applied across the OT and supply chain ecosystems. Subscribe and listen to the Nexus Podcast here.
Transcribe →