@BEERISAC: OT/ICS Security Podcast Playlist

Podcast: Exploited: The Cyber Truth
Episode: The Next Cyber Crisis Won’t Be One Hospital—It Could Be the Entire Health System
Pub date: 2026-05-14

Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization

In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Greg Garcia, Executive Director for Cybersecurity of the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group, to examine how ransomware, third-party dependencies, and interconnected healthcare infrastructure are shaping cyber risk across the healthcare sector.

Drawing on experience spanning DHS, critical infrastructure protection, and healthcare cybersecurity coordination, Garcia explains how disruptions at a single vendor or service provider can cascade across hospitals, pharmacies, insurers, and patients nationwide.

Together, they explore:

Why healthcare cyber risk is shifting from isolated breaches to systemic disruption
How ransomware and third-party compromises create cascading operational impacts
Lessons from the Change Healthcare ransomware attack
The growing challenge of securing connected healthcare systems and medical devices
Why patching alone cannot keep pace with modern cyber threats
The role of collaboration and resilience in protecting critical healthcare infrastructure

From healthcare providers and medical device manufacturers to policymakers and critical infrastructure leaders, this episode explores what organizations must understand to prepare for the next generation of healthcare cyber threats.

The podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Industrial Cybersecurity Insider
Episode: OT Cybersecurity: Is the Purdue Model Still Useful?
Pub date: 2026-05-12

Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization

Is the Purdue Model outdated, or simply misunderstood? In this episode, Dino sits down with Ken Kully (Rockwell Automation) for a candid, practitioner-level conversation about what the Purdue Model still gets right.
They discuss where it falls short in modern environments, and why “IT/OT convergence” remains more of a people-and-process challenge than a technology problem.
They break down the reality on the plant floor: long-lived legacy systems, inconsistent architectures across sites, limited maintenance windows, and the operational consequences of downtime.
The discussion also tackles the everyday friction points: MFA, shared operator accounts, unmanaged vendor laptops, and remote access “surprises”, and why you can’t improve OT security posture without a trustworthy asset inventory and segmentation that keeps systems “in their lane.”
Chapters:
(00:00:00) Intro + why this Purdue conversation matters now
(00:01:00) Ken’s background: from process environments to OT cyber delivery readiness
(00:04:00) The big question: has the Purdue Model outlived its usefulness?
(00:07:00) Framework vs. strict blueprint: “Purdue enough” in real plants
(00:09:00) IT/OT convergence: why it’s a people + process problem (not tech)
(00:12:00) The “silver tsunami” and why security UX fails on the plant floor
(00:15:30) MFA, shared logins, and why “security gets in the way” still shows up
(00:18:00) Legacy reality: Windows 98/7 boxes, vendor lock-in, and downtime economics
(00:21:00) Discovery first: diagrams, configs, and why documentation is always missing
(00:23:30) Purdue as a map: brokering traffic, one-up/one-down, and the “3.5” DMZ
(00:26:00) When devices try to “escape the box”: unexpected outbound comms + exposure risk
(00:28:30) Vendor/OEM access: the unmanaged laptop problem in OT
(00:32:00) Asset inventory as the unlock: you can’t defend what you don’t know exists
(00:34:00) Why IT often won’t “crawl the plant,” and what that means operationally
(00:36:30) Scale problem: 30 plants, 30 realities—standardize globally, execute locally
(00:38:30) The SI/OEM “third leg”: why trusted integrators are key to sustainable OT security
(00:40:30) Closing + crossover: continuing the discussion on Ken’s OT After Hours podcast

Links And Resources:
Kenneth Kully on LinkedIn
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Error Code (LS 27 · TOP 10% what is this?)
Episode: EP 86: The Trusted Channel: AT Command Exploits and Cellular IoT Security
Pub date: 2026-05-12

Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization

Cellular modules in your IoT devices are trusted and that trust can be an insecure  pivot point into your network for attackers. Deral Heiland, Principal Security Research for IoT at Rapid 7 discusses his presentation at RSAC 2026 on AT command exploits and supply chain risk.

The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: OT Security Made Simple
Episode: Das digitale Nervensystem: Warum Gebäudeautomation echte OT ist | OT Security Made Simple
Pub date: 2026-05-12

Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization

Klaus Mochalski und Tim Bauer (ak-itsga) diskutieren den blinden Fleck in Smart Buildings. Erfahren Sie, warum Gebäudeautomation knallharte OT ist, weshalb die Branche der Industrie-Security um Jahre hinterherhinkt und warum Auftraggeber das Thema ab sofort zwingend in ihre Lastenhefte schreiben müssen.
Mehr zum Thema OT Security Made simple findet Ihr auf rhebo.com oder schreibt uns mit Euren Ideen, Fragen oder Gastvorschlägen an [email protected].  

The podcast and artwork embedded on this page are from Klaus Mochalski, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Critical Assets Podcast
Episode: Policy Pulse: Regulatory Roundtable - Cyber Strategy, Large Loads, AI & CISA in Flux
Pub date: 2026-05-11

Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization

Patrick Miller reconvenes with Joy Ditto (Joy Ditto Consulting) and Earl Shockley (INPOWERD) for a tour of the past two months in critical infrastructure policy. The episode opens on the administration's new National Cybersecurity Strategy and its six pillars, with focus on the openly offensive "shape adversary behavior" posture and the asymmetric risk it creates for asset owners likely to absorb retaliation.
The panel then digs into the pressures reshaping the bulk electric system: data center designation, cloud-hosted control centers running NERC standards while the underlying compute is unregulated, and the physics of computational loads that behave nothing like traditional load. Earl walks through the recent NERC Level 3 alert on large load connections, an unusually serious signal that industry processes are behind.
The discussion also covers April infrastructure executive orders that release funding but ignore cybersecurity, hyperscalers displacing utilities as the top buyers of bulk electrical equipment, the multi-agency zero trust in OT guidance, and CISA's leadership uncertainty after Sean Plankey withdrew his nomination. On the AI front, the group unpacks what Anthropic's Mythos and the Glasswing response mean for vulnerability discovery at scale, and why no OT vendors are on the Glasswing list.
Closing thoughts include Joy's note on satellite cybersecurity and a rare bipartisan Senate trip to China, Earl's emphasis that computational load is now an enterprise governance issue rather than a technical one, and Patrick's plea to stop making the adversary's job easy.
Topics covered
The new National Cybersecurity Strategy and its six pillars
Offensive cyber posture and the asymmetric risk to asset owners
Data center designation as critical infrastructure
Cloud control centers and the NERC 100-series standards
Computational load, grid stability, and loss of system inertia
NERC Level 3 alert on large load connections
April infrastructure executive orders and the missing cyber language
Supply chain shifts and hyperscalers as the top equipment buyers
Zero trust principles for OT environments
CISA Fortify guidance and CISA's current leadership status
Anthropic's Mythos, the Glasswing response, and the OT vendor gap
Satellite cybersecurity and bipartisan engagement on China policy
Basic hygiene: get exposed devices off the internet

The podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.