Industrial Cybersecurity Insider

Industrial Cybersecurity Insider

Industrial Cybersecurity Insider
Negara Amerika Serikat
Bahasa EN
Episode 131
Terbaru 30.06.2026

Industrial Cybersecurity Insider offers a thorough look into the field of industrial cybersecurity for manufacturing and critical infrastructure. The podcast delves into key topics, including industry trends, policy changes, and groundbreaking innovations. Each episode features insights from key influencers, policy makers, and industry leaders. Subscribe and tune in weekly to stay in the know on everything important in the industrial cybersecurity world.

Episode

  • Your Organization Says It's 'Green' on Manufacturing Security: Here's Why That's Dangerous 30.06.2026 22mnt
    Who actually owns OT cybersecurity? And when something breaks, who's accountable?In this episode, Craig and Dino tackle a question most manufacturing organizations still haven't answered.They address why CISOs are often handed responsibility for OT security without the authority to act on it, and how plants can score "green" on a compliance dashboard while remaining blind to 80% of their actual assets.They also dig into the role OEMs and system integrators should be playing in building security into project proposals from day one, and why most still aren't.From virtual patching for legacy systems that can't be touched, to the fast-growing OT security market, this is a grounded conversation for plant leaders, engineers, and security teams trying to close the gap between IT and OT.Chapters:(00:00:00) - Who Really Owns OT Cybersecurity?(00:02:00) - Asset Owners Bear the Ultimate Responsibility(00:04:00) - Responsibility Without Authority: The CISO's Dilemma(00:06:00) - Why OEMs and SIs Aren't Including Cybersecurity in Their Proposals(00:08:00) - The False Sense of Security Driving Dangerous Blind Spots(00:10:00) - How Organizations Claim "Green" While Missing 80% of Their Assets(00:13:00) - Half Measures vs. a Real OT Cybersecurity Strategy(00:16:00) - The Growing OT Security Market and Why Some Still Aren't Paying Attention(00:18:00) - Incident Response Drills and AI Accelerating the Threat Landscape(00:20:00) - Breaking Down the IT/OT Trust Barrier for GoodLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • It's Control System Integrity not just OT Cybersecurity 24.06.2026 18mnt
    Many manufacturers don't realize that an investment in OT Cybersecurity also enhances Control System Integrity.In this rewind episode, Craig and Dino dig into why so many OT intrusion detection platforms get installed but never become truly operational.They address what gets lost when IT owns the tool while OT owns the equipment, and why the word “cybersecurity” itself can stall progress the moment it lands on the plant floor.They land on a question every CISO, plant leader, and engineering director should be asking right now: who at your sites actually knows how to use the tools you have already paid for, and how do you bring the OT ecosystem into the room before the next outage forces you to?Chapters:(00:00:00) Cold Open: The Diagnostic Tool Sitting Unused in Your Plant(00:01:00) Shadow OT Versus Shadow IT and Why the Distinction Matters(00:02:30) Why IT Gets Left Out of Industrial Lifecycle Decisions(00:04:00) Reframing Cybersecurity as Control System Integrity(00:05:00) The 8:10 AM Production Shutdown Mystery(00:07:00) Three Rogue Servers Hiding in Plain Sight(00:08:00) A Brewery, a Misconfigured Module, and a Network No One Could Diagnose(00:10:00) Buying an MRI Machine and Refusing to Turn It On(00:12:00) Bringing the OT Ecosystem to the Table(00:15:00) Why IT Needs New Friends in ManufacturingLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • Is AI Becoming Your Plant Floor's Biggest Vulnerability? 15.06.2026 27mnt
    Craig and Dino dig into the widening gap between IT and OT and why the plant floor keeps getting left behind. They break down what Dragos ' acquisition of Phosphorus signals for the future of IoT security in manufacturing, from cameras and label printers to X-ray inspection systems that ship with default passwords and almost never get patched. The conversation gets sharp on artificial intelligence: the same models helping plants work smarter are now lowering the barrier for attackers, putting Stuxnet-style capabilities into the hands of people who lack the resources and sophistication that nation states once needed. Craig and Dino expose the everyday habits that leave operations vulnerable, including system integrators plugging personal laptops straight into production networks, locked USB ports that solve only half the problem, and remote access so wide open that a single entry point can expose an entire plant. They argue that nobody truly owns OT cyber hygiene, that frameworks like IEC 62443 and the NIST 800 82 series get named in RFPs but rarely enforced, and that leaders keep tripping over dollars to pick up nickels by choosing the cheapest bid over real protection. It's a candid, experience-driven look at why industrial security moves so slowly and what plant leaders, engineers, and security teams can actually do about it.Chapters:(00:00:00) - AI Enters the OT Battlefield(00:01:30) - Why IoT Is Creeping Onto the Plant Floor(00:03:30) - Printers, Cameras, and the Default Passwords Nobody Owns(00:06:00) - Dragos, Phosphorus, and the Managed Services Question(00:08:00) - How AI Lowers the Bar for Attacking Control Systems(00:09:40) - Stuxnet Then vs. AI-Powered Attacks Now(00:12:00) - The Laptop in the Plant: Contractors, USBs, and Open Networks(00:16:00) - Frameworks on Paper vs. Reality (IEC 62443 & NIST 800-82)(00:19:00) - Tripping Over Dollars to Pick Up Nickels(00:24:00) - Short-Tenure CISOs and Why You Shouldn't Go It AloneLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • Is Your IIoT Strategy Creating More Security Risks? 08.06.2026 22mnt
    Craig and Dino address one of the most overlooked problems in OT security: the IIoT devices your security tools don't automatically detect.Most OT intrusion detection platforms do a reasonable job of identifying core control-layer assets such as PLCs, drives, and motor control centers. The problem is everything else. Laptops plugged into the network, third-party devices brought in by contractors, and a growing range of connected IIoT equipment often go completely undetected. Those are the gaps where risk accumulates.Craig and Dino explain why the belief that machines are air-gapped is a dangerous myth, how PLCs acting as gateways prevent intrusion detection platforms from seeing the devices behind them, and why an asset inventory is not the same as knowing your real risk and CVE exposure in multi-vendor environments.They reframe OT cybersecurity as a process-integrity problem and show how unmanaged network activity, third-party remote access, and even routine IT security scans can quietly degrade OEE and trigger unplanned downtime that costs millions.Using predictive-maintenance analogies such as thermal, harmonics, and vibration sensing, they make the case for treating digital anomalies the same way mature plants already treat mechanical ones.They close by examining why so many OT detection tools become shelfware, how to escape alert fatigue, and the two practical paths to real IT/OT convergence: building the right relationships with OEMs, system integrators, and AEC partners, and designing security-ready facilities from the ground up.It's a practical listen for CISOs, plant and engineering leaders, and OT/IT teams responsible for securing manufacturing and critical infrastructure.Chapters:(00:00:00) - Why No Industrial Asset Is Truly Air-Gapped(00:01:08) - IoT vs. IIoT: How OT Assets Get Classified(00:03:15) - The Control-Layer Blind Spot: Drives, Robots, and Motor Controls(00:05:25) - How PLC Gateways Hide Assets From Intrusion Detection(00:07:30) - Asset Inventory Isn't Risk: The CVE Gap in Multi-Vendor Plants(00:08:55) - When Cyber Blind Spots Become Costly Downtime(00:10:05) - Process Integrity: How Security Scans Disrupt Production(00:11:35) - Predictive Maintenance Meets Digital Anomaly Detection(00:17:45) - Avoiding OT Shelfware and Alert Fatigue(00:19:45) - IT/OT Convergence: Choosing a Partner and Building Secure-by-DesignLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • Five Federal Agencies. One Zero-Trust OT Briefing. Most Haven't Read it. 03.06.2026 35mnt
    The joint CISA, FBI, Department of War, Department of Energy, and Department of State briefing on adapting Zero Trust to operational technology landed on April 29. Has OT leadership read it?In this episode, Craig and Dino address how the European Cyber Resilience Act is quietly forcing US plants into failed audits, why IT teams still see less than a third of OT assets, how EDR tools are taking down $100K-an-hour packaging lines, and why only a handful of integrators in North America have a real OT cybersecurity practice. They walk through what zero trust and micro-segmentation actually look like inside a 20-year-old plant with flat layer-two networks, DLR rings, jump boxes, and Cradlepoint workarounds, and lay out the first concrete move every CISO and CIO should make to start closing the IT/OT gap.Chapters:(00:00:00) - Cold Open: How the European CRA Is Failing US Plants(00:01:30) - The April 29 CISA/FBI Zero Trust in OT Briefing Nobody Read(00:05:00) - Compliance Without Teeth: Why US Regulations Aren't Moving the Needle(00:07:30) - When CrowdStrike Shuts Down a $100K-an-Hour Packaging Line(00:10:30) - The Visibility Gap: IT Sees Less Than a Third of OT Assets(00:15:30) - OEM Resistance: The Million-Dollar, Six-Month Cybersecurity Tax(00:18:30) - The Cradlepoint Workaround: How Plant Managers Bypass IT(00:21:30) - Layering Zero Trust onto a 20-Year-Old Plant Without Rip-and-Replace(00:25:30) - Why Only 5–10 of 1,000 Integrators Have a Real OT Cyber Practice(00:31:30) - Where CISOs Should Actually Be Looking (Hint: Not RSA or Black Hat)Links And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • IT vs OT: The Internal Misalignment Costing Manufacturers Millions 27.05.2026 34mnt
    Most manufacturing organizations still operate with a dangerous blind spot: IT and OT teams working in completely different dimensions with no shared visibility into plant floor cybersecurity.In this episode, Dino and Jim break down why 90% of manufacturers remain in the unaware-to-awareness phase when it comes to OT cybersecurity. They address what happens when IT tries to shoehorn enterprise security into operational environments they don't understand, and how the lack of collaboration between these two groups leads to costly unplanned downtime — sometimes at $100,000 per hour or more.Drawing from real client engagements, they reveal why OT must take a leadership role in cybersecurity (just like safety), how OT IDS tools can deliver operational value far beyond threat detection, and what it actually takes to get IT and OT speaking the same language before a breach forces them to.Chapters:(00:00:00) - Why IT and OT Need to Get to the Table Now(00:01:47) - Cats and Dogs Living Together: The IT/OT Culture Clash(00:03:00) - 90% of Manufacturers Are Still in the Dark on OT Cyber(00:06:00) - What Is OT and Why Don't OT People Know They're OT?(00:08:45) - Real Client Story: The Missing OT Team on a Global Kickoff(00:13:00) - Ask Forgiveness, Not Permission: How OT Workarounds Create Risk(00:15:00) - The OT IDS Tool Nobody's Sharing With OT(00:19:30) - Why Manual Discovery Assessments Are Throwing Money Away(00:21:00) - 15 Switch Manufacturers in One Plant: The Architecture Nightmare(00:25:30) - OT Cybersecurity Is the New Safety — Treat It Like One(00:29:00) - Final Advice for IT and OT Teams Ready to ConvergeLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • OT Security Isn't an IT Problem: What it Takes to Get it Right 18.05.2026 27mnt
    Craig sits down with Wil Klusovsky, a 26-year cybersecurity veteran and CRO at viLogics, to break down why asset visibility and exposure management are the foundation of any solid OT security strategy.From the myth of the air-gapped shop floor to the real-world math behind quantifying cyber risk in dollars and cents, Will and Craig explore how manufacturers can move beyond fear-based selling, bridge the gap between IT and operations, and build programmatic cybersecurity that protects both production uptime and the bottom line.They discuss how to frame cyber risk as business risk, why compensating controls and context matter more than raw vulnerability numbers, and why the CISO's real job is "chief inside selling officer."Chapters:(00:00:00) - Welcoming Will to the Podcast!(00:02:12) - Why Asset Visibility Is the Starting Point for OT Security(00:03:48) - The Air Gap Myth and Legacy Systems on the Shop Floor(00:04:52) - Translating Cyber Risk Into Dollars and Cents(00:07:05) - Quantifying Downtime: Mean Time to Recovery and True Cost of Ownership(00:09:55) - Risk Appetite: Spend to Mitigate or Accept the Exposure?(00:11:32) - Who Really Owns the Risk? Executives, Not CISOs(00:13:00) - Uptime, OEE, and Why Cybersecurity Risk Is Business Risk(00:15:45) - Remote Access Risks and Competing Priorities on the Shop Floor(00:18:04) - The "Chief Inside Selling Officer" — Getting Buy-In Before Budget(00:19:48) - The Get Out of Jail Free Card: Aligning Incentives Across Teams(00:22:30) - Context Over CVE Counts: 600 Critical Vulns, Zero Exploitable(00:25:42) - Prioritizing Remediation by Business Impact, Not Severity Score(00:26:30) - Wrap-Up and Part 2 Preview: Business Impact AnalysisLinks And Resources:Wil Klusovsky on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • OT Cybersecurity: Is the Purdue Model Still Useful? 12.05.2026 48mnt
    Is the Purdue Model outdated, or simply misunderstood? In this episode, Dino sits down with Ken Kully (Rockwell Automation) for a candid, practitioner-level conversation about what the Purdue Model still gets right.They discuss where it falls short in modern environments, and why “IT/OT convergence” remains more of a people-and-process challenge than a technology problem. They break down the reality on the plant floor: long-lived legacy systems, inconsistent architectures across sites, limited maintenance windows, and the operational consequences of downtime. The discussion also tackles the everyday friction points: MFA, shared operator accounts, unmanaged vendor laptops, and remote access “surprises”, and why you can’t improve OT security posture without a trustworthy asset inventory and segmentation that keeps systems “in their lane.”Chapters:(00:00:00) Intro + why this Purdue conversation matters now(00:01:00) Ken’s background: from process environments to OT cyber delivery readiness(00:04:00) The big question: has the Purdue Model outlived its usefulness?(00:07:00) Framework vs. strict blueprint: “Purdue enough” in real plants(00:09:00) IT/OT convergence: why it’s a people + process problem (not tech)(00:12:00) The “silver tsunami” and why security UX fails on the plant floor(00:15:30) MFA, shared logins, and why “security gets in the way” still shows up(00:18:00) Legacy reality: Windows 98/7 boxes, vendor lock-in, and downtime economics(00:21:00) Discovery first: diagrams, configs, and why documentation is always missing(00:23:30) Purdue as a map: brokering traffic, one-up/one-down, and the “3.5” DMZ(00:26:00) When devices try to “escape the box”: unexpected outbound comms + exposure risk(00:28:30) Vendor/OEM access: the unmanaged laptop problem in OT(00:32:00) Asset inventory as the unlock: you can’t defend what you don’t know exists(00:34:00) Why IT often won’t “crawl the plant,” and what that means operationally(00:36:30) Scale problem: 30 plants, 30 realities—standardize globally, execute locally(00:38:30) The SI/OEM “third leg”: why trusted integrators are key to sustainable OT security(00:40:30) Closing + crossover: continuing the discussion on Ken’s OT After Hours podcastLinks And Resources:Kenneth Kully on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • Federal Agencies Can Enter Private Networks to Hunt Malware. Is Your Plant Prepared? 06.05.2026 31mnt
    Dino and Jim break down a major shift in the cyber threat landscape: federal agencies obtaining legal authority to enter private networks to hunt down state-sponsored malware, and what that signals for industrial organizations. They discuss why critical infrastructure and supply chains are prime targets, how “soft targets” in OT and building automation get exploited, and why many companies still lack visibility into what’s happening on the plant floor. The conversation zooms in on real-world exposure points, especially unmanaged vendor remote access and end-of-life equipment, and closes with practical themes for leadership.Stop assuming “IT has it covered” Define measurable OT security outcomesStart taking steps that make disruption harder and detection faster.Chapters:(00:00:00) Why identity, trust, and vendor access are breaking down in modern plants(00:01:00) The episode’s trigger: government-led operations to remove malware from private networks(00:03:00) “Machete scanning” and why IT-style tactics can disrupt OT operations(00:05:00) The real target set: critical infrastructure, supply chains, and smaller utilities with limited resources(00:08:00) Collateral damage and how cyber “weapons” trickle down to criminal ransomware(00:13:00) Why OT is still a soft target: visibility gaps, unpatched systems, and weak segmentation(00:14:00) Remote access everywhere: OEM/SI pathways, unknown identities, and lack of governance(00:20:00) The logging gap: what IT sees vs. what OT can’t see (and why that matters for incident response)(00:24:00) Building automation and facilities systems as weak links attackers love(00:26:00) Executive accountability: what boards should be measuring after breaches (and why progress stalls)Links And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • The Phishing Attack That Could Have Shut Down a Plant Floor 29.04.2026 26mnt
    A real-world case study shows how a single phishing email led to credential and MFA compromise, creating an urgent question for any industrial organization: Did the attacker reach the OT environment? Dino and Jim walk through how OT visibility, secure remote access controls, and continuous monitoring enabled rapid validation of what happened. They were able to prove the breach did not impact control systems and avoid an expensive, safety-driven shutdown of a continuous manufacturing process. The episode connects technical controls to executive outcomes, including resilience, duty of care, and the financial reality that “not knowing” can be as costly as an actual compromise.Chapters:(00:00:00) Why continuous manufacturing makes “abundance of caution” shutdowns so costly(00:01:00) What “OT continuous monitoring” means and why it matters in real incidents(00:03:00) Safety and connected environments: why “it can go boom” changes the stakes(00:05:00) Baselines: defining “normal” so abnormal behavior is actionable(00:07:00) Incident story: phishing email leads to credential and MFA compromise(00:09:00) What the team validated: tracing access and confirming OT was not impacted(00:10:00) Lessons from Colonial Pipeline: inability to validate can force shutdowns(00:11:00) OT reality check: Windows assets, HMIs, historians, and engineering workstations(00:13:00) Secure OT remote access: why VPN-only access is not sufficient(00:16:00) The payoff: avoided downtime, avoided product loss, and avoided disruption(00:19:00) Executive view: duty of care, liability, compliance, and protecting enterprise value(00:23:00) The “air gap” myth and why defense-in-depth is the only practical pathLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • Your Most Valuable & Underutilized Cybersecurity Asset 21.04.2026 25mnt
    In this episode, Dino and LuRae address why system integrators, OEMs, and ecosystem partners are often a manufacturer’s most underused cybersecurity resource. Dino explains why many IT leaders lack real visibility into the plant floor, what it takes to operationalize OT security beyond “checking the box,” and why asset inventory is the first practical step toward protecting control systems. The conversation also covers the realities of remote access after COVID, the need for governance measures such as change control and auditing, and why manufacturers should build real partner relationships rather than purely transactional vendor engagements.Chapters:(00:00:00) OT security requires time inside the plant, not an “ivory tower” view(00:01:00) Introducing Dino and the topic: partners as a cybersecurity asset(00:02:00) Why OT assets get excluded from cybersecurity strategy(00:03:00) The real opportunity: system integrators and OEMs already in the plant(00:05:00) Getting started: identify who’s working in each facility(00:08:00) Step one: accurate OT asset inventory and visibility(00:10:00) Remote access: detect, audit, and control what partners are doing(00:12:00) “Compliance” vs. operational reality on the plant floor(00:16:00) Resourcing reality: why most teams cannot self-perform OT security(00:20:00) Final advice: budget, ROI of downtime, and act before the incidentLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • OT Patching vs IT Patching: What's Commonly Misunderstood 14.04.2026 27mnt
    Most cybersecurity teams treat patching like a universal fix. In manufacturing, that assumption can take down a production line, trigger a safety event, or void the warranty on a $2 million piece of equipment.In this episode, Dino Busalachi and Craig Duckworth break down why patching in operational technology environments is a fundamentally different problem than patching enterprise IT — and why closing that gap requires more than just pushing an update.The bottom line: A firewall is not a patching strategy. Neither is hoping your systems are isolated. Organizations that get this right use risk-based prioritization, lab testing, virtual patching, and real collaboration between IT and OT teams.If you are responsible for a plant floor — or for the people who are — this conversation is for you.🎙️ Industrial Cybersecurity Insider is where C-suite leaders, plant managers, engineers, and security teams come to close the gap between IT and OT.🔔 Subscribe so you never miss an episode.Chapters:(00:00:00) Why assessing OT cybersecurity posture and asset visibility is hard(00:01:00) IT patches constantly, OT rarely does, and why that gap matters(00:03:00) Downtime costs: a broken patch in OT can stop the entire plant(00:05:00) OEM “don’t touch it” policies and warranty pressure(00:08:00) M&A due diligence: buying plants without knowing the cyber condition(00:09:00) CrowdStrike outage example and why agent-based tools are risky in OT(00:10:00) Virtual patching: protecting PLCs and legacy assets you cannot patch(00:14:00) Vendor guidance, upgrade rewrites, and “acceptable risk” decisions(00:17:00) Hidden exposure: guest Wi‑Fi, tablets, remote access, and “air gaps”(00:20:00) Best practices: inventory, continuous monitoring, vulnerability metrics, and cross-team alignmentLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • Who Actually Owns OT Cybersecurity? Not Who You Think 06.04.2026 30mnt
    Dino and Craig break down what they are seeing in real industrial environments as companies begin the OT cybersecurity journey. They outline why most organizations are still in an “unaware to awareness” phase, what creates the “oh wow” moment after the first pilot, and why ownership and execution often falls to plant-floor teams and their OEM and integrator partners.The conversation covers the limits of surface-level visibility, why accurate asset inventory and remote access control are foundational, and how practical constraints like flat networks, legacy switches, warranty concerns, and limited human capital can stall progress.They also share cautionary examples of IT-first security tooling causing operational impact, and they close with a clear message: think globally, act locally, and build a defensible OT program that matches how plants actually run.Chapters:(00:00:00) Why OT vulnerabilities and remote access are the real “kicker”(00:01:00) The market reality: 60% unaware, 30% starting, 10% operationalized(00:03:00) Who owns remediation: IT vs OT and the plant-floor accountability gap(00:05:00) Why “visibility” often stops at Purdue Level 3 and misses Level 2 assets(00:07:00) OEMs, integrators, and why support models matter in OT cybersecurity(00:09:00) Flat networks, north-south traffic, and why you still miss panel-level devices(00:11:00) The human capital problem and why outsourcing is often unavoidable(00:18:00) A real-world warning: EDR in ICS can create massive operational cost(00:20:00) Safety, quality, and cybersecurity: the three things leaders will fund(00:24:00) Change management failures and why monitoring PLC edits mattersLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • You Think Your Plant Is Secure. Your Data Says Otherwise. 30.03.2026 33mnt
    Craig Duckworth sits down with CIO and Chief Enterprise Architect Shellie D'Angelo to address why so many OT and IT modernization efforts stall out at the foundation.Shellie explains why data governance must come before “another tool,” how inconsistent data quality quietly sabotages reporting and risk decisions, and why leadership transparency is the fastest path to maturity. Craig and Shellie also explore the reality of shadow IT on the plant floor, the growing impact of AI as both a defensive advantage and an attacker accelerator, and the practical steps teams can take to move from reactive chaos to measurable business outcomes.Chapters:(00:00:00) Why honest risk conversations are the starting line(00:01:00) Shellie’s background: rebuilding enterprise tech foundations(00:02:00) OT/IT convergence: start with business drivers and data governance(00:05:00) “Tools first” vs business-first security decisions(00:08:00) Knowing what you have before buying more tools(00:11:00) How far along are most organizations, really?(00:15:00) AI as a double-edged sword: defense vs attacker acceleration(00:18:00) Where to start: inventory first vs governance structure(00:22:00) OT tech is often easier prey: PLCs, HMI/SCADA, cameras(00:25:00) Partnering vs going it alone: don’t reinvent the wheel(00:26:00) Tech debt and why technology can’t be an afterthought(00:29:00) Governance should increase speed, not slow it down(00:30:00) Final advice: “turn chaos into cash” and own your impactLinks And Resources:Shellie D'Angelo on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • Two Major Cybersecurity Shifts the Industry Isn't Prepared For with Simon Chassar 24.03.2026 31mnt
    Dino Busalachi sits down with Simon Chassar, former Chief Revenue Officer at Claroty and current OT cybersecurity advisor and investor, to explore the evolution and future of industrial cybersecurity. Simon shares insights from his decade-long journey in the space, discussing how OT asset visibility has become commoditized and why the industry is experiencing two major shifts: moving right toward threat-led SOC services and perimeter protection, and moving left toward secure-by-design approaches and attack simulation. They dive into the persistent challenge of self-performing versus partnering with specialized integrators, the critical skills shortage commanding 30-40% salary premiums, and why AI is both accelerating security challenges and offering new solutions. Simon reveals how private equity firms are finally prioritizing OT cybersecurity at the board level, discusses the emerging OT SOC landscape, and explains why the traditional IT security budget model is failing operational technology environments. The conversation addresses the disconnect between IT leadership and the OT ecosystem, the proliferation of unmanaged remote access technologies, and the urgent need for manufacturers to engage their trusted system integrators and OEMs as cybersecurity partners before the next major incident occurs.Chapters:(00:00:00) - Meet Simon : From Claroty's Hypergrowth to OT Security's Next Chapter(00:02:00) - The Commoditization of OT Asset Visibility(00:04:00) - Two Major Industry Shifts: Right and Left(00:07:00) - The Self-Performing Problem: Why OT Security Becomes Shelfware(00:10:00) - IT/OT Convergence and the Skills Gap Crisis(00:13:00) - Secure by Design and the AI Leapfrog(00:15:00) - AI Uncovers Hidden OT Vulnerabilities and Risks(00:18:00) - Funding Models and Private Equity's Cybersecurity Awakening(00:22:00) - Why the OT Ecosystem Must Drive Its Own Security Strategy(00:25:00) - M&A Activity and Consolidation in OT Cybersecurity(00:27:00) - The Rise of OT SOCs and MSP PartnershipsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • The Connected Plant Floor: What S4X26 Revealed 16.03.2026 20mnt
    Craig and Dino recap their experience at S4X26, the leading global OT cybersecurity conference in Miami.They discuss the conference's "connected" theme and how AI is creating an inflection point in industrial cybersecurity, driving unprecedented connectivity between IT and OT environments.The hosts explore the challenges of the "silver tsunami" as experienced engineers retire, how AI-powered tools are being embedded directly into edge devices and industrial products from vendors like Cisco and Fortinet, and why the regulatory landscape in Europe is advancing faster than other regions.They emphasize the importance of connecting with peers and partners in the OT security community, highlight key vendors and technologies showcased at the event, and explain why both IT and OT professionals should attend S4X together to bridge the knowledge gap.The episode concludes with details about next year's expanded conference in Tampa, February 8-11.Chapters:(00:00:00) - Random Encounter with Team USA Hockey in Miami(00:01:00) - S4X26 Conference Kickoff: The "Connected" Theme(00:03:00) - AI as the Inflection Point for OT Connectivity(00:05:00) - AI Embedded in Edge Devices and Vendor Technologies(00:07:00) - First-Time Attendee Experiences and Key Takeaways(00:10:00) - Europe's Cyber Resiliency Act and Regulatory Advancements(00:12:00) - Vendor Presence and the OT Technology Marketplace(00:14:00) - S4X27 Moving to Tampa: February 8-11, 2027(00:16:00) - AI's Role in Addressing the Silver Tsunami(00:18:00) - Final Thoughts: Why IT and OT Teams Should Attend TogetherLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • The Hidden Cost of Siloed OT Security Tools 11.03.2026 25mnt
    As we look back, Craig and Dino tackle a critical disconnect in industrial cybersecurity: the failure to share OT security tool data with the people who actually need it.They explore why IT teams often purchase and deploy OT IDS platforms without engaging plant floor teams, system integrators, and OEMs who are actively working in manufacturing environments.The conversation reveals that 85% of data collected by these tools is meant for OT teams to act on, yet it rarely reaches them.They discuss the consequences of this siloed approach—including system integrators bringing their own tools to fill the gap—and provide practical advice on achieving true IT/OT convergence.The episode emphasizes the importance of working with partners who can "build the car" rather than just "sell the car," and challenges organizations to evaluate whether they're truly practicing IT/OT convergence or just paying lip service to it.Chapters:(00:00:00) - The Data Sharing Problem in OT Cybersecurity(00:01:00) - Why System Integrators Can't Access Security Tool Data(00:04:00) - Who's Keeping the Data and Why(00:08:00) - The IT/OT Oil and Water Problem(00:11:00) - When System Integrators Bring Their Own Tools(00:14:00) - Questions to Ask Your Cybersecurity Partners(00:17:00) - The Car Analogy: Buyers vs. Builders(00:19:00) - Who Asset Owners Really Trust(00:21:00) - The Three-Legged Stool of OT Security(00:23:00) - The Path to True IT/OT ConvergenceLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • The Blind Spots Putting Manufacturers at Risk: WEF 2026 Global Cybersecurity Outlook 02.03.2026 31mnt
    LuRae Lumpkin, Producer of Industrial Cybersecurity Insider, sits down with industrial cybersecurity expert Dino Busalachi to break down the 2026 World Economic Forum Global Cybersecurity Outlook Report and what it really means for manufacturers. While the report surveyed nearly a thousand CEOs, CIOs, and CISOs, Dino reveals a critical blind spot: industrial control systems and OT environments are being left dangerously exposed. They discuss how AI is becoming a double-edged sword for attackers and defenders, why supply chain vulnerabilities remain unaddressed, the shocking lack of cybersecurity skills on plant floors, and why most companies still aren't conducting incident response exercises. Dino shares real-world insights from working in nearly 2,000 plants over four decades, explaining why IT and OT remain disconnected, how remote access creates massive security gaps, and why outdated equipment with decades-old vulnerabilities sits unpatched in critical manufacturing environments. The conversation reveals that while enterprises focus on IT security, the plant floor—where revenue is actually generated—remains critically vulnerable, with potentially catastrophic consequences for businesses, supply chains, and even national GDP. Chapters: (00:00:00) - Introduction and Overview of WEF 2026 Cybersecurity Report (00:01:00) - Where Cybersecurity Funding Actually Goes: IT vs OT Reality (00:03:00) - The Myth of Disconnected Legacy Equipment (00:05:00) - AI as a Double-Edged Sword in Industrial Environments (00:08:00) - The Vulnerability Crisis: Thousands of Unpatched Systems (00:09:00) - Third-Party and Supply Chain Security Gaps (00:12:00) - Remote Access: The Hidden Attack Vector (00:14:00) - Critical Supplier Dependencies and Decentralized OT (00:15:00) - The Skills Gap: Why Industrial Cybersecurity Expertise is Scarce (00:19:00) - The Shocking Truth About Incident Response Exercises (00:22:00) - Real-World Impact: When Manufacturers Get Hit (00:24:00) - Getting All Stakeholders in the Same Room (00:28:00) - Insurance vs Prevention: The True Cost of Cyber Incidents (00:29:00) - Final Thoughts: Who Should Own OT Cybersecurity? Links And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • IT SOC vs OT SOC How & Why They’re Different 25.02.2026 26mnt
    Craig and Dino tackle the critical differences between IT and OT Security Operations Centers, revealing why traditional IT-centric SOCs are failing to protect manufacturing environments.Drawing from real-world examples, including a global beverage company that discovered they were only monitoring one-third of their OT assets, the hosts expose the fundamental disconnect between IT security teams and operational technology environments.They discuss why IT SOCs struggle with OT visibility, the challenges of asset inventory in dynamic manufacturing environments, and the critical importance of localization in security operations.The conversation covers practical barriers like line changeovers, PLC modifications, remote access vulnerabilities, and the need for OT-specific incident response protocols.Craig and Dino emphasize that effective OT security requires IT teams to become embedded in plant operations, working collaboratively with OEMs and system integrators, and understanding the unique operational context of manufacturing assets.This episode is essential listening for CISOs, plant managers, and security professionals trying to bridge the IT-OT security gap.Chapters:(00:00:00) - The Two-Thirds Problem: When Your SOC Can't See Your Plant Floor(00:01:00) - The OT SOC Asset Visibility Problem: A Case Study(00:03:00) - Why IT SOCs Can't Manage OT Assets(00:05:00) - Line Changeovers and Operational Context(00:07:00) - First Responders and Incident Response Challenges(00:10:00) - The WannaCry Response Gap(00:12:00) - Asset Inventory and Baseline Challenges(00:15:00) - Incident Response and Phone Trees(00:17:00) - Organizational Accountability Problems(00:19:00) - Greenfield Opportunities and Standardization(00:22:00) - The IT-OT Collaboration Challenge(00:24:00) - Think Global, Act Local: Embedding IT in PlantsLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
  • Your OT Cybersecurity Strategy Is Failing: Here's Why 17.02.2026 30mnt
    Dino and Craig reunite to tackle the shifts occuring in industrial cybersecurity in 2026.They discuss how OT-focused IDS software companies are shifting away from managed services to partner with systems integrators who understand the plant floor.The conversation explores the challenges manufacturers face—from aging infrastructure spanning decades to flat layer-2 networks that give remote vendors unrestricted access.They emphasize that IT departments cannot effectively manage OT assets they don't own or understand, especially when dealing with equipment older than their cybersecurity staff.The episode covers the pitfalls of penetration testing in live manufacturing environments, the reality of shadow IT versus shadow OT, and why EDR solutions struggle in control system environments.Dino and Craig stress the importance of treating cybersecurity as a marathon rather than a sprint, starting with basic asset inventory and microsegmentation.They call on manufacturing leaders to stop deferring to IT for OT security, attend industry-specific conferences like S4X26, and partner with systems integrators who have deep automation expertise.With threats mounting, the time for action is now—not next quarter.Chapters:(00:00:00) - Welcome & What We've Been Up To(00:00:48) - The Big Shift: Why OT IDS Companies Are Backing Away From Managed Services(00:03:00) - The Shelfware Problem: When Security Tools Sit Unused(00:04:12) - Why Pen Testing Can Be Disruptive (or Dangerous) in Manufacturing Environments(00:05:54) - The Reality of Legacy Infrastructure: Equipment Older Than Your Cybersecurity Team(00:07:43) - Who Can Actually Patch Your Control Systems?(00:09:04) - Supply Chain Vulnerabilities: You're Only as Strong as Your Weakest Link(00:11:01) - The Last Mile Challenge: Asset Inventory, Microsegmentation & Starting Small(00:13:55) - The Shelfware to Tool-Switching Problem: Why Companies Are Reconsidering Their First Choice(00:16:18) - Shadow IT vs. Shadow OT: Who Really Owns Plant Floor Security?(00:19:00) - Why EDR Struggles in Control System Environments(00:21:35) - Time to Step Up: Why Manufacturing Leaders Can't Defer to IT Anymore(00:23:00) - Where to Learn: S4, Automation Fair, and Why You Need to Attend Industry Conferences(00:25:00) - Finding the Right Partner: Systems Integrators Who Speak Automation and Cybersecurity(00:27:00) - Final Thoughts: The Time for Action Is NowLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Populer di

Podcast ini juga muncul di daftar podcast negara-negara ini.