Cybersecurity in healthcare is facing heightened challenges as regulations shift, IoT devices proliferate, and ransomware attacks become increasingly devastating. Josh Spencer, Founder, and CIO at FortaTech Security and with over fifteen years in the field including time as CISO/CTO at UT Southwestern, explores why HIPAA changes are necessary, the high stakes of securing medical devices, and how both technology and culture play roles in protecting patient data and safety. The conversation breaks down risks, practical mitigation strategies, and the ongoing evolution of both threats and defensive tools -- including AI -- and covers the evolving HIPAA landscape and the move from “addressable” to required controls, ransomware’s impact on hospitals and patient safety, challenges and best practices in securing connected medical (IoT/OT) devices, the importance of real-world risk assessment and penetration testing in healthcare, and human factors, including security awareness training and leveraging AI both for defense and as a threat. Let’s connect about IoT Security! Follow John Vecchi at https://www.linkedin.com/in/johnvecchi The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast…

Cybersecurity is redefined as a discipline for the curious and adaptable, with a focus on continuous learning, imagination, and embracing change. On location at the RSA Conference, host Phillip Wylie and Anand Singh discusses the evolving challenges of IoT and OT security, the rapid integration of AI, and how organizations must address overlooked endpoints and fragmented infrastructures. There is an emphasis on practical advice for CISOs and cybersecurity practitioners, underscoring the importance of foundational security practices, data visibility, identity management, and mental well-being in high-stress leadership roles. The role of curiosity and adaptability in cybersecurity careers Overlooked risks and challenges in IoT and OT device security The transformative impact of AI and the importance of securing AI adoption Practical strategies for asset, identity, and data management Maintaining work-life balance and resilience for CISOs and security leaders Let’s connect about IoT Security! Follow John Vecchi at https://www.linkedin.com/in/johnvecchi The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast…

Healthcare IoT systems are increasingly targeted by cyber threats, necessitating a shift in strategy from isolated, organization-specific responses to a collaborative, ecosystem-wide approach. James McCarthy sits down with vCISO and 30-year information assurance and cybersecurity veteran Jason Taule. Taule brings important insights into the challenges faced by healthcare providers due to regulatory pressures, financial constraints, and technological advancements, urging both manufacturers and providers to participate in a unified security effort. Emphasizing the critical need for proactivity, Taule also calls for a balance between regulation and adaptability in safeguarding these critical infrastructures. Let’s connect about IoT Security! Follow John Vecchi at https://www.linkedin.com/in/johnvecchi The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast…

Matt Brown, Hardware Security Researcher, Bug Bounty Hunter, and Founder of Brown Fine Security, leaves nothing to the imagination in this conversation with host Eric Johansen on the world of embedded devices and cybersecurity. Matt shares his journey from childhood tinkering to professional vulnerability research, offering insights into the complexities of IoT attack surfaces, legacy system challenges, and real-world hacking experiences. The conversation covers everything from surprising device vulnerabilities to practical advice for aspiring IoT hackers, including why off-brand devices are a great starting point. Plus, Matt reveals some of the sketchy smart devices in his own home and why understanding your threat model is key to robust security. It's an unfiltered look into the intersection of curiosity, technology, and defense strategies in today's connected world. You may know Matt from his hit YouTube channel at https://www.youtube.com/@mattbrwn. If you like hardware, taking gear apart, and digging into what makes devices vulnerable, you're definitely going to want to give it a look. You can also find Matt Brown at the following places: brownfinesecurity.com linkedin.com/in/mattbrwn twitter.com/nmatt0 github.com/nmatt0 reddit.com/user/mattbrwn0 Let’s connect about IoT Security! Follow John Vecchi at https://www.linkedin.com/in/johnvecchi The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast…

In this episode, host Eric Johansen welcomes Bill Lucas, Senior Director of Cybersecurity at Mastronardi Produce, to explore the evolving security challenges in agricultural IoT. With over sixteen years of experience across the automotive, healthcare, and tech industries, Bill brings a deep understanding of enterprise risk management, endpoint security, and cyber defense—now applied to one of the world's most critical industries: food production. Bill and Eric explore the unique cybersecurity risks in modern agriculture, from UV robots to robotic bees, and discuss how automation, sensor networks, and supply chain security play pivotal roles in securing these technologies. Bill also shares his personal career journey, offering valuable insights for professionals looking to strengthen their IoT security strategies. Join us for a compelling conversation about the intersection of innovation and cybersecurity in the agricultural sector—and what it takes to secure the future of connected farming. Let’s connect about IoT Security! Follow John Vecchi at https://www.linkedin.com/in/johnvecchi The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast…

What did 2024 teach us about securing the IoT and OT landscape? In this special 2024 lookback episode, Alex Nehmy, Asia Pacific CTO at Phosphorus, revisits impactful moments from industry experts and IoT Security Podcast guests, including Jason Taule, Patrick Gillespie, Sean Tufts, Michael Lester, Joel Goins, Khris Woodring, Mike Holcomb, and John Threat who share their unique journeys and lessons-learned in the realm of IoT security and beyond. Reflecting on learnings from 2024 and looking ahead at 2025, the discussion spans... • Why remediation beats endless assessments in IoT security. • Overcoming challenges with legacy systems and device management. • Trends shaping the future of Cyber-Physical Systems. • The power of community in tackling cybersecurity risks. Let’s connect about IoT Security! Follow John Vecchi at https://www.linkedin.com/in/johnvecchi The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast…

In this episode, host and xIoT security evangelist John Vecchi sits down with Enrique Martinez, OT/IoT Practice Lead at World Wide Technology (WWT), to explore the critical challenges and solutions in securing OT and IoT environments. Enrique shares his journey into cybersecurity, highlights the importance of asset visibility, and discusses how AI is transforming both defense and risk in the cyber-physical world. Key Topics Covered: The foundational importance of asset awareness and behavior analysis. How IT/OT convergence increases vulnerabilities and the need for layered security. Challenges in securing legacy systems and balancing risk with safety. How AI can enhance data analytics, decision-making, and security in OT. Practical insights on remediation and accelerating asset discovery. Featured Insights: “It all starts with asset awareness—knowing what you have and how it behaves is the first step to securing it.” “AI offers great potential for security, but with cyber-physical systems, safety and availability must always come first.” Let’s connect about IoT Security! Follow John Vecchi at https://www.linkedin.com/in/johnvecchi The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast…

In this episode, Mark Mattei, Global Director of Industrial Managed Security Services at 1898 & Company, unpacks the high-stakes challenges of protecting vital systems from sophisticated attacks. Host John Vecchi highlights the critical issues surrounding IoT and OT security within industrial critical infrastructure. From the importance of cybersecurity in industrial environments to the practical challenges of compliance and regulation and strategies for mitigating cybersecurity threats without compromising operational integrity, Mark shares key insights and actionable advice for operators in today’s volatile security landscape. Listeners of this episode will hear about... The Growing Complexity of OT and IT Security Needs : Mark discusses the increasing sophistication of threats targeting critical infrastructure, including state-sponsored attacks and ransomware, and the complexities operators face in balancing security needs with uninterrupted operations. Challenges with Compliance and Budget Constraints : Critical infrastructure operators often face budgetary and regulatory challenges that limit their ability to invest in cybersecurity. Navigating mandates like NERC CIP and adapting to regulatory changes is essential but can detract from proactive security efforts. Building a Supportive Community : Mark encourages operators to reach out within the OT security community for advice and support. With limited experts in this field, sharing knowledge and collaborating can make a significant difference for smaller utilities and organizations facing resource constraints. Let’s connect about IoT Security! Follow John Vecchi at https://www.linkedin.com/in/johnvecchi The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast…

Emphasizing the importance of collaboration and communication, Mike Holcomb shares his extensive experience and practical insights into securing ICS and IoT environments. Holcomb, ICS/OT cybersecurity global lead at Fluor, stresses mastering basic cybersecurity fundamentals and asset inventory, along with the nuances of integrating IT and OT security. The episode aims to bridge gaps between IT and OT teams to fortify defenses against sophisticated cyber threats. Listeners will gain valuable insights into critical takeaways, including: Real-World Impact of Cyber Attacks : Mike explains how high-profile incidents, such as Colonial Pipeline and Triton, highlighted the physical consequences of cyber threats, making clear that OT security is a top priority for critical infrastructure. Bridging the IT-OT Divide : The discussion underscores the need for IT and OT teams to collaborate, as a lack of communication and understanding can leave vulnerabilities open to exploitation. Achievable Defense Strategies : From basic network segmentation to secure remote access, Mike provides practical, accessible steps to strengthen ICS/OT security without overwhelming smaller teams. Let’s connect about IoT Security! Follow John Vecchi at https://www.linkedin.com/in/johnvecchi The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast…

Recent years have seen a growing awareness of the vulnerabilities in our critical infrastructure to cyberattacks, particularly from nation-states like Russia, Iran, and China. In this episode of the IoT Security Podcast , host John Vecchi welcomes Khris Woodring, Senior Cybersecurity Architect at Syngenta, to explore the evolving challenges and opportunities in securing critical infrastructure. From his serendipitous journey into the field to actionable insights on workforce development, Khris shares how industries can overcome the persistent talent gap and drive proactive change in OT security. Key topics include: The unique challenges of bridging IT and OT security. Why workforce shortages hinder progress and how industry and academia can collaborate. The importance of standardizing roles, frameworks, and terminology. Stories of how early curiosity sparked a career in cybersecurity. Tune in for a passionate discussion on how to protect the systems that make modern life possible—and the steps we can take to secure a resilient future. Let’s connect about IoT Security! Follow John Vecchi at https://www.linkedin.com/in/johnvecchi The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast…

Businesses and government organizations have seen threats to critical US infrastructure on the rise in recent years, particularly within IoT and OT systems, posed by cyberattacks, notably from state actors like Iran. With that context, Joel Goins, a veteran of manufacturing, oil and gas, and OT security at large, talks with John Vecchi about the critical need for enhanced security measures for data centers and other vital components, the vulnerabilities present in IoT devices, and the essential steps companies must take to safeguard against both traditional and emerging cyber threats. Let’s connect about IoT Security! Follow John Vecchi at https://www.linkedin.com/in/johnvecchi The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast…

Explore the intricate challenges and solutions in managing OT cybersecurity, particularly emphasizing the importance of active querying over passive deep packet inspection, with Michael Lester, Senior Product Security Engineer at Rockwell Automation! Lester underscores the necessity of segmenting networks, improving visibility, and fostering collaboration between IT and OT teams to mitigate risks and enhance security. His journey, from passionate mentorship to pursuing a PhD, exemplifies a commitment to advancing industrial cybersecurity frameworks and education. Let’s connect about IoT Security! Follow John Vecchi at https://www.linkedin.com/in/johnvecchi The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast…

In this episode, we're diving deep into the world of Operational Technology (OT) and IoT security, exploring the critical challenges and evolving threat landscape that are impacting sectors from manufacturing to critical infrastructure and healthcare. With insights from Patrick Gillespie, an OT expert at GuidePoint Security, we'll discuss the convergence of IT and OT systems, the risks introduced by COVID-19, and the advanced solutions from providers like Phosphorus that are combatting these threats. Patrick also sheds light on his personal journey from military service to a cybersecurity career, and the essential steps organizations should take to bolster their OT security, from embracing cyber hygiene to implementing robust security programs. Join us as we uncover the pressing issues facing IoT security today and how innovations are driving a safer, more secure operational environment. Let’s connect about IoT Security! Follow John Vecchi at https://www.linkedin.com/in/johnvecchi The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast…

Are you curious about the evolving world of cybersecurity, virtual CISOs, and their vital role in different industries? In this episode, Brian and John are joined by cross-vertical vCISO Jason Taule, who brings a wealth of experience and insights from his diverse career in the field as one of the first CISOs...ever. From working with federal agencies like NASA to serving as a virtual CISO for agriculture, heavy manufacturing, and healthcare organizations, Jason offers valuable perspectives on the unique security challenges faced across different sectors. Throughout the episode, Jason discusses the evolving role of the Chief Information Security Officer (CISO) in various industries. He highlights the intricacies of implementing cybersecurity measures in sectors like healthcare, where specific jargon and risks come into play. The conversation also goes into the complexities of managing operational technology (OT) and IoT security, emphasizing the need for improved third-party access control and a better understanding of firmware vulnerabilities. Additionally, the episode explores the impact of regulations, financial pressure, and the evolving threat landscape on organizations' engagement with security. Let’s connect about IoT Security! Follow John Vecchi at https://www.linkedin.com/in/johnvecchi The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast…

Sean Tufts is in the house, and we ask him to go all the way back. All the way. From his origins to the evolving challenges and security needs in IoT and OT environments, particularly in critical infrastructure. Your hosts, Brian Contos and John Vecchi, engage in a thought-provoking conversation with special guest Sean Tufts from Optiv. The discussion goes into Tufts' background, from his transition from an NFL player to a cybersecurity and critical infrastructure expert, to managing substantial programs at Optiv. Sean touches on the changing landscape of critical infrastructure, the challenges of IoT and OT security in the wake of COVID-19, and the evolving tactics in cyber attacks. He also shares insightful anonymized stories of cyber incidents, emphasizing the importance of effectively addressing vulnerabilities in IoT devices and legacy systems to mitigate risks. After listening to the episode, be sure to subscribe to the Phosphorus IoT Security Podcast to stay updated on evolving cybersecurity challenges and strategies in the IoT and OT space. Share this impactful episode with colleagues and peers involved in securing critical infrastructure to spark insightful conversations and proactive measures for vulnerability management. Let’s connect about IoT Security! Follow John Vecchi at https://www.linkedin.com/in/johnvecchi The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast…