@BEERISAC: OT/ICS Security Podcast Playlist

Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)
Episode: AI in OT Cybersecurity: Real-World Risks, Smarter Defenses & the Future of Critical Infrastructure
Pub date: 2026-05-18

Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization

AI is rapidly transforming cybersecurity but are critical infrastructure environments ready for what comes next?

In this episode of Protect It All, host Aaron Crow sits down with longtime colleague and cybersecurity expert Clark Liu to explore how artificial intelligence is reshaping both IT and OT security operations.

From incident response and compliance frameworks to workforce shifts and operational resilience, Aaron and Clark unpack the real-world opportunities and very real risks of integrating AI into industrial environments.

Together, they tackle the evolving role of frameworks like NERC CIP and NIST, the challenges of balancing compliance with actual security outcomes, and how organizations can responsibly adopt AI without increasing exposure.

You’ll learn:

How AI is changing OT and IT cybersecurity operations

The role of AI in incident response, documentation, and monitoring

Why compliance frameworks alone don’t guarantee resilience

The risks of adopting AI without strong operational foundations

How organizations can prepare for AI-powered threats and workforce changes

Practical insights for balancing innovation, budgets, and security priorities

Whether you’re leading OT security, managing critical infrastructure, or evaluating AI adoption in your organization, this episode delivers practical guidance for navigating cybersecurity’s next major shift.

Tune in to learn how AI is transforming cyber defense and what organizations must do to stay resilient only on Protect It All.

Key Moments; 

05:33 Understanding cybersecurity compliance frameworks

07:11 Overlooked vulnerabilities in systems

09:59 Balancing multiple firewall vendors

15:17 Delegating tasks to AI

19:11 Importance of documenting commits

21:51 Hospital system shutdown crisis

25:11 AI uncovering software vulnerabilities

26:37 Engineers implementing AI in automation

31:26 AI tools and personal security

32:55 Password security practices

36:46 Using AI for basic tasks

39:38 Transition to off-the-shelf software

42:29 Going back to basics with appliances

47:02 Excitement About Future AI Capabilities

Guest Profile : 

Clark Liu is a veteran OT cybersecurity expert and one of the original contributors to the NERC CIP standards. With nearly two decades in energy and critical infrastructure security - including leadership roles at EY and GALLO - Clark specializes in OT risk management, compliance strategy, and securing industrial operations from the plant floor to the cloud.

How to connect Clark: 

LinkedIn :  https://www.linkedin.com/in/clarkliu/

Connect With Aaron Crow:

Website: www.corvosec.com 

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

Email: [email protected] 

Website: https://protectitall.co/ 

X: https://twitter.com/protectitall 

YouTube: https://www.youtube.com/@PrOTectITAll 

FaceBook:  https://facebook.com/protectitallpodcast

To be a guest or suggest a guest/episode, please email us at [email protected]

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Casos de Ciberseguridad Industrial
Episode: 3/4 Acciones de la Resiliencia Colectiva en el Sector Ferroviario
Pub date: 2026-05-18

Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization

En este episodio se aborda la gestión práctica de riesgos, superando el enfoque basado puramente en el cumplimiento documental. Se analizan los mecanismos contractuales e industriales más efectivos para garantizar la ciberseguridad a lo largo de todo el ciclo de vida del proyecto y se comparten casos reales donde la colaboración estrecha entre operadores, fabricantes […]

The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Exploited: The Cyber Truth
Episode: The Next Cyber Crisis Won’t Be One Hospital—It Could Be the Entire Health System
Pub date: 2026-05-14

Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization

In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Greg Garcia, Executive Director for Cybersecurity of the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group, to examine how ransomware, third-party dependencies, and interconnected healthcare infrastructure are shaping cyber risk across the healthcare sector.

Drawing on experience spanning DHS, critical infrastructure protection, and healthcare cybersecurity coordination, Garcia explains how disruptions at a single vendor or service provider can cascade across hospitals, pharmacies, insurers, and patients nationwide.

Together, they explore:

Why healthcare cyber risk is shifting from isolated breaches to systemic disruption
How ransomware and third-party compromises create cascading operational impacts
Lessons from the Change Healthcare ransomware attack
The growing challenge of securing connected healthcare systems and medical devices
Why patching alone cannot keep pace with modern cyber threats
The role of collaboration and resilience in protecting critical healthcare infrastructure

From healthcare providers and medical device manufacturers to policymakers and critical infrastructure leaders, this episode explores what organizations must understand to prepare for the next generation of healthcare cyber threats.

The podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Industrial Cybersecurity Insider
Episode: OT Cybersecurity: Is the Purdue Model Still Useful?
Pub date: 2026-05-12

Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization

Is the Purdue Model outdated, or simply misunderstood? In this episode, Dino sits down with Ken Kully (Rockwell Automation) for a candid, practitioner-level conversation about what the Purdue Model still gets right.
They discuss where it falls short in modern environments, and why “IT/OT convergence” remains more of a people-and-process challenge than a technology problem.
They break down the reality on the plant floor: long-lived legacy systems, inconsistent architectures across sites, limited maintenance windows, and the operational consequences of downtime.
The discussion also tackles the everyday friction points: MFA, shared operator accounts, unmanaged vendor laptops, and remote access “surprises”, and why you can’t improve OT security posture without a trustworthy asset inventory and segmentation that keeps systems “in their lane.”
Chapters:
(00:00:00) Intro + why this Purdue conversation matters now
(00:01:00) Ken’s background: from process environments to OT cyber delivery readiness
(00:04:00) The big question: has the Purdue Model outlived its usefulness?
(00:07:00) Framework vs. strict blueprint: “Purdue enough” in real plants
(00:09:00) IT/OT convergence: why it’s a people + process problem (not tech)
(00:12:00) The “silver tsunami” and why security UX fails on the plant floor
(00:15:30) MFA, shared logins, and why “security gets in the way” still shows up
(00:18:00) Legacy reality: Windows 98/7 boxes, vendor lock-in, and downtime economics
(00:21:00) Discovery first: diagrams, configs, and why documentation is always missing
(00:23:30) Purdue as a map: brokering traffic, one-up/one-down, and the “3.5” DMZ
(00:26:00) When devices try to “escape the box”: unexpected outbound comms + exposure risk
(00:28:30) Vendor/OEM access: the unmanaged laptop problem in OT
(00:32:00) Asset inventory as the unlock: you can’t defend what you don’t know exists
(00:34:00) Why IT often won’t “crawl the plant,” and what that means operationally
(00:36:30) Scale problem: 30 plants, 30 realities—standardize globally, execute locally
(00:38:30) The SI/OEM “third leg”: why trusted integrators are key to sustainable OT security
(00:40:30) Closing + crossover: continuing the discussion on Ken’s OT After Hours podcast

Links And Resources:
Kenneth Kully on LinkedIn
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Error Code (LS 27 · TOP 10% what is this?)
Episode: EP 86: The Trusted Channel: AT Command Exploits and Cellular IoT Security
Pub date: 2026-05-12

Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization

Cellular modules in your IoT devices are trusted and that trust can be an insecure  pivot point into your network for attackers. Deral Heiland, Principal Security Research for IoT at Rapid 7 discusses his presentation at RSAC 2026 on AT command exploits and supply chain risk.

The podcast and artwork embedded on this page are from Robert Vamosi, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.