(CS)²AI Podcast Show: Control System Cyber Security podcast

14:48

In this insightful episode of the (CS)²AI Podcast, host Derek Harp welcomes Jay Gignac, Vice President of Sales at FoxGuard Solutions, (CS)²AI Fellow and a passionate OT cybersecurity evangelist. The conversation centers around some of the most pressing challenges in the control systems industry—asset visibility, patch management, and community collaboration. Jay, who will be speaking at the upcoming Level Zero OT Cybersecurity Conference, offers expert-level advice for professionals navigating the complex world of operational technology security. Listeners will hear real-world examples of how OT differs from IT, particularly in areas like patching and compliance. Jay shares how asset discovery and lifecycle management remain fundamental hurdles, even after over a decade of cybersecurity initiatives. The discussion explores the nuances across industry verticals—energy, manufacturing, oil & gas—and underscores why tailored approaches are critical when securing diverse OT environments. This episode is a must-listen for OT professionals, cybersecurity leaders, and anyone attending Level Zero or looking to deepen their understanding of control systems security. Discover why collaboration, not just technology, is key to long-term success in the OT space. Whether you’re an engineer, a procurement officer, or a seasoned CISO, there’s valuable insight here for everyone working to protect the core of their company’s operations.…

1
128: From the Pentagon to Public Safety: Lucian Niemeyer’s Mission to Secure OT 28:24

10 weeks ago28:24

28:24

Lucian Niemeyer , Chief Executive Officer of Building Cyber Security and former Assistant Secretary of Defense, joins Derek Harp to discuss the growing cyber risks to operational technology (OT) systems and the urgent need for proactive frameworks to protect public safety. Recorded live at Hack the Capitol 7.0 , this episode delves into the vulnerabilities in smart buildings, connected infrastructure, and critical systems that could have life-threatening consequences if exploited. Lucian shares how his experience in national security shaped his focus on OT cybersecurity, emphasizing the physical impacts of cyberattacks on HVAC systems, elevators, and even water utilities. He introduces the concept of cyber commissioning , a process that ensures building systems are configured securely from the start. Lucian also explains how Building Cyber Security is creating industry-specific frameworks to help facility managers, building owners, and policymakers mitigate risks and reduce insurance liabilities. With increasing threats from ransomware, nation-states, and insider errors, this episode highlights why securing operational technology is critical to protecting both property and lives. Learn how Lucian’s nonprofit is driving collaboration across industries to address this rapidly evolving threat landscape.…

1
127: Unlocking the Power of Asset Inventory in OT Cybersecurity with Roya Gordon 24:22

11 weeks ago24:22

24:22

Roya Gordon , previously the Executive Industry Consultant - Operational Technology (OT) Cybersecurity at Hexagon Asset Lifecycle Intelligence and currently, is the Deputy CISO at ENGIE North America Inc., joins Derek Harp live from Hack the Capitol 7.0 to explore the evolving landscape of asset inventory in operational technology (OT). Roya breaks down the differences between asset visibility, inventory, and management, sharing her firsthand experiences from both passive and configuration-based methodologies. Roya highlights the critical role of asset inventory in building a strong OT cybersecurity foundation. From distinguishing between passive and active network monitoring to the importance of configuration management, she emphasizes how a multi-layered approach can offer comprehensive visibility and risk management. Roya also dives into why organizations often overlook configuration change management, and how integrating different solutions can optimize security efforts. Whether you’re a seasoned OT professional or just starting your cybersecurity journey, this episode offers valuable insights into improving asset management, reducing risks, and fostering collaboration between vendors and operators.…

1
126: Shifting Left: Why Secure Software Starts at the Design Stage 35:00

12 weeks ago35:00

35:00

In this episode of the (CS)²AI Podcast, host Derek Harp welcomes Mehdi Tarrit Mirakhorli , Associate Professor at the University of Hawaii and a Cybersecurity Expert , to discuss Secure by Design—a fundamental shift in how we develop and deploy software in industrial control systems (ICS) and operational technology (OT). With over 15 years of R&D experience for DARPA, the Air Force, and DHS, Mehdi shares why modern software is inherently vulnerable and how we can learn from aviation, medical, and safety-critical industries to build resilient systems from the ground up. The conversation dives deep into the risks of insecure by design software, the challenges of implementing true security practices, and the role of government policies in shifting liability from users to vendors. Mehdi explains the importance of threat modeling, attack surface analysis, and secure architecture frameworks to mitigate cyber threats before they arise. He also highlights how software development must evolve beyond rapid deployment cycles to integrate security as a core design principle. If you’re an ICS professional, cybersecurity engineer, or software developer, this episode provides actionable insights on reducing vulnerabilities at scale, implementing proactive security measures, and preparing for the future of cyber threats. Subscribe now and stay ahead in the ever-evolving world of industrial cybersecurity!…

1
125: Decoding SBOMs: Kyle McMillian on Cybersecurity and Supply Chain Transparency 27:24

13 weeks ago27:24

27:24

Derek Harp welcomes Kyle McMillian , Product Security Officer at Siemens, to discuss the evolving landscape of software bill of materials (SBOMs) and their role in modern cybersecurity. Recorded live at Hack the Capitol 7.0 , this conversation unpacks the challenges and opportunities posed by SBOMs in an industry grappling with legacy systems and modern threats. Kyle dives into the origins of SBOMs, their role in addressing vulnerabilities like Log4J, and their potential to transform procurement, risk management, and incident response. He emphasizes the importance of balancing transparency with practicality, noting that SBOMs are a starting point for broader cybersecurity conversations. With his unique perspective from a leading equipment manufacturer, Kyle shares insights into how SBOMs can help bridge the gap between IT and OT systems. This episode is essential for anyone looking to understand the future of cybersecurity and the critical role of SBOMs in securing industrial control systems. Learn how these tools can foster trust, streamline risk management, and improve collaboration across the industry.…

1
124: Capture the Flag: Transforming Cybersecurity Training with Kenneth Warren 23:12

14 weeks ago23:12

23:12

Derek Harp sits down with Kenneth Warren , Staff OT and Offensive Security Engineer at GRIMM Cyber, to discuss how gamification and Capture the Flag (CTF) competitions are revolutionizing cybersecurity training. Recorded live at Hack the Capitol 7.0 , this conversation explores how CTFs and cyber ranges create safe, hands-on environments for learning offensive and defensive cybersecurity skills. Kenneth explains how CTFs offer opportunities to tackle real-world scenarios, from navigating complex networks to interacting with industrial control protocols. Whether you're an experienced professional or a newcomer to the field, CTFs provide a unique way to build and refine your skills. He also highlights how gamification reaches audiences that traditional training might miss, making learning engaging and accessible. This episode provides insights into the growing role of gamified learning in cybersecurity and how it’s inspiring the next generation of professionals. Discover how these competitions foster collaboration, creativity, and innovation in a rapidly evolving industry.…

1
123: From Classroom to Crisis: Immersive Training for ICS Security Professionals 23:00

15 weeks ago23:00

23:00

Derek Harp hosts Jeff Hahn , Project Manager at Idaho National Laboratory (INL), to discuss innovative approaches to training in the ICS and OT cybersecurity space. Recorded live at Hack the Capitol 7.0 , Jeff shares insights into how INL’s escape rooms provide hands-on, immersive learning experiences for professionals and students alike. The escape rooms integrate learning objectives from INL’s renowned 301 Red Team/Blue Team training, transforming them into engaging, gamified challenges. These exercises offer participants a chance to simulate real-world scenarios, improve teamwork, and develop critical cybersecurity skills. Jeff also highlights the importance of bridging gaps between IT and OT teams through collaborative training initiatives. Whether you're a seasoned professional or a newcomer to the field, this episode explores how gamification and experiential education can help prepare the next generation of cybersecurity experts. Discover how these escape rooms are traveling the world, raising awareness, and making learning accessible to everyone.…

1
122: Securing the Future: Rob Shaughnessy on Innovation, Supply Chain, and Cyber Threats 33:13

16 weeks ago33:13

33:13

Derek Harp welcomes Rob Shaughnessy , President & CEO, Director of Psymetis, Inc., to discuss critical issues in the world of ICS and OT security, recorded live at Hack the Capitol 7.0 . Rob dives into the vulnerabilities surrounding the development of innovative technologies, supply chain risks, and the evolving threat landscape posed by nation-state actors. The conversation highlights the growing need for transparency in supply chains, the legal gaps in cybersecurity requirements for technology companies, and the rise of services like ransomware-as-a-service, which lower the bar for cybercriminals. Rob also shares his perspective on education and workforce challenges in cybersecurity, emphasizing the importance of foundational skills and the risks of over-relying on influencer culture. Packed with actionable insights, this episode offers a nuanced look at the complexities of securing critical infrastructure, balancing innovation with security, and preparing for a more connected, yet vulnerable, future.…

1
121: From Farm to Fork: Kristin Demoranville on Food Safety and Cybersecurity 24:35

17 weeks ago24:35

24:35

The intersection of cybersecurity and the food industry takes center stage as Kristin Demoranville, founder and CEO of Anson Sage and host of Bytes and Bites , joins Derek Harp at Hack the Capitol 7.0 . This compelling conversation reveals how digital systems impact every aspect of the food supply chain, from farming and production to transportation and storage. Kristin highlights key vulnerabilities, including risks in automated farming equipment, robotic processing lines, and self-driving refrigerated trucks. She advocates for embedding cybersecurity into food safety practices to protect both trust and the integrity of what we eat. As the industry embraces groundbreaking innovations like AI and lab-grown food, addressing these challenges is more crucial than ever. Listeners will gain valuable insights into the urgent need for collaboration, awareness, and action to secure the systems that sustain our daily lives. This dialogue sheds light on the essential role of cybersecurity in ensuring a safe and reliable food supply for everyone.…

1
120: ResetCon and the Future of Cybersecurity: Insights from Jay Warne 22:26

18 weeks ago22:26

22:26

In this episode of the (CS)²AI Podcast , host Derek Harp welcomes Jay Warne , co-founder of ResetCon, to discuss the intersection of cybersecurity research, critical infrastructure, and collaborative defense strategies. Recorded live at Hack the Capitol 7.0 , this conversation highlights the pressing need to close gaps between academia, offensive researchers, and critical industries. Jay delves into the mission of ResetCon, an inaugural conference designed to connect academic researchers, defense experts, and key players from the civilian and commercial sectors. Together, they aim to anticipate emerging threats, mitigate risks, and reduce recovery times for critical systems. The discussion also explores the challenges of integrating IT and OT security teams, the importance of "cyber-informed engineering," and the need for secure-by-design principles. Listeners will gain insights into the future of cybersecurity, including lessons learned from DARPA research, the importance of bridging silos, and how to build more resilient systems. Don’t miss this episode if you’re passionate about protecting critical infrastructure and fostering innovation.…

1
119: Revealing the OT Threat Landscape: Remote Access, Supply Chain, and Lateral Movement 19:37

19 weeks ago19:37

19:37

Our host Derek Harp sits down with Adam Robbie , Head of OT Threat Research at Palo Alto Networks, live from Hack the Capitol 7.0 . Adam shares critical insights into emerging cybersecurity challenges within Operational Technology (OT) environments, including findings from Palo Alto's extensive OT threat landscape research. Listeners will hear about the top attack vectors impacting critical infrastructure: remote access vulnerabilities , supply chain risks , and lateral movement across networks. Adam discusses the importance of network segmentation , cross-team collaboration between IT and OT, and innovative tools like the Cyberwall , a hands-on demonstration environment showcasing real-world OT threats. Whether you're an OT security professional or new to the field, this episode delivers practical takeaways to enhance your cybersecurity strategies. Don’t miss this engaging conversation focused on securing control systems and building stronger, collaborative defenses.…

1
118: Preparing for Cyber Threats: A Strategic Discussion with Mark Montgomery on Securing Our Future 13:26

20 weeks ago13:26

13:26

In this episode of the CS2AI Podcast , host Derek Harp dives deep into the evolving threats to national security and critical infrastructure with Mark Montgomery, Senior Fellow at the Foundation for Defense of Democracies. Recorded live at the Hack the Capitol 7.0 conference in Washington D.C., this episode sheds light on the increasing cyber vulnerabilities faced by the United States from nation-states like China and Russia, as well as criminal actors exploiting critical infrastructure. Mark shares his extensive experience and expertise, offering insights into how the U.S. government can better prepare and protect itself in the face of modern cyber threats. Mark discusses the significant mismatch between the capabilities of the Department of Defense and intelligence agencies, and the authorities of civilian federal agencies responsible for protecting sectors like power, water, and transportation. He also highlights the pressing issue of underperforming federal agencies tasked with safeguarding critical infrastructure, and the dire need for a comprehensive, bipartisan approach to cybersecurity legislation. With over 32 years in the U.S. Navy and years of policy work in the federal government, Mark offers a unique perspective on the future of cybersecurity and what needs to change to address these challenges effectively. One of the key takeaways from this episode is Mark’s call for a more cohesive strategy to defend against cyber threats and protect public safety and economic productivity. Despite the ongoing challenges, there’s a sense of hope as Mark emphasizes the bipartisan nature of cybersecurity solutions and the possibility of enacting meaningful changes. This conversation is essential for anyone involved in cybersecurity, national security, or government policy and provides crucial insights into the future of cyber defense in the United States.…

1
117: Rapid7’s Approach to ICS and OT Security: Lessons from the Field 24:45

21 weeks ago24:45

24:45

Join Derek Harp and his guests from Rapid7—Lonnie Best, William Price, and Nicholas Butcher—as they delve into the critical challenges and exciting opportunities within the Operational Technology (OT) and Industrial Control Systems (ICS) cybersecurity landscape. Recorded live at Hack the Capitol 7.0, this episode highlights the growing demand for OT cybersecurity, innovative approaches to managing threats, and the evolving dynamics between IT and OT professionals. In this episode, the panel discusses real-world examples of managing ICS threats, the nuances of integrating OT into traditional IT security frameworks, and the importance of trust and communication in bridging gaps between teams. Learn how managed security services are adapting to meet the unique demands of OT environments and why collaboration across roles and expertise is essential. Whether you’re a seasoned professional or new to the field, this episode offers actionable insights and inspiring stories that highlight the importance of securing critical infrastructure in today’s evolving threat landscape. Visit cs2ai.org to learn more about resources, events, and professional development opportunities in OT and ICS cybersecurity.…

1
116: Cyber Safety in the Age of OT Threats: Insights from Lucian Niemeyer 31:33

22 weeks ago31:33

31:33

In this episode of the CS²AI Podcast, host Derek Harp is joined by Lucian Niemeyer, CEO of Building Cybersecurity, for an enlightening discussion on the critical importance of protecting operational technology (OT) systems. Recorded at the Hack the Capitol 7.0 conference, Lucian emphasizes the increasing threats to critical infrastructure posed by nation-state actors and other adversaries, describing the current landscape as a "Sputnik moment" for cybersecurity. From vulnerabilities in water systems to the cyber-physical risks of modern vehicles, this conversation highlights the pressing need for a collective defense strategy. Lucian shares actionable insights on the roles of the private sector and national defense in addressing these challenges and calls for a bipartisan commitment to safeguard life-essential systems. If you're curious about how cybersecurity intersects with human safety and national security, this episode is a must-listen. Learn about proactive measures, emerging frameworks, and how you can contribute to strengthening our defenses.…

1
115: Cyber Informed Engineering: Protecting Critical Infrastructure with Ginger Wright 24:07

23 weeks ago24:07