@BEERISAC: OT/ICS Security Podcast Playlist

Podcast: Industrial Cybersecurity InsiderEpisode: IT and OT Are Still Siloed - Here's Why That's DangerousPub date: 2025-12-30Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this rewind episode, Craig and Dino tackle a critical disconnect in industrial cybersecurity: the gap between IT teams deploying OT security tools and the plant floor teams who desperately need the data these tools collect.They reveal why 85% of data from industrial cybersecurity platforms is meant for OT personnel, yet rarely reaches them.The conversation exposes how organizations invest heavily in tools like IDS platforms but fail to share vulnerability data, asset inventories, and network intelligence with the system integrators, OEMs, and plant teams actually working on their control systems.Craig and Dino discuss the consequences of this siloed approach—from incomplete asset visibility to duplicated tooling—and offer practical guidance on achieving true IT-OT convergence.They emphasize that organizations must work with partners who can "build the car, not just buy it," and stress the importance of tabletop exercises, proper vendor vetting, and collaborative frameworks that include the entire industrial ecosystem in cybersecurity planning and execution.Chapters:(00:00:00) - The Growing Problem: OT Teams Lack Access to Critical Security Data(00:01:47) - IT-OT Convergence in Practice: Are We Really Doing It?(00:04:42) - Why IT Teams Keep Security Data Siloed from Plant Floor Partners(00:06:38) - The Consequence: System Integrators Bring Their Own Tools(00:08:38) - The Disconnect Between IT Security Tools and OT Reality(00:11:48) - How to Bridge the Gap: Questions System Integrators Should Ask(00:15:42) - Vetting Your Security Partners: Can They Build the Car or Just Buy It?(00:17:46) - The Three-Legged Stool: Why IT-Only Security Fails in Manufacturing(00:20:48) - Action Steps: Creating a Comprehensive List of Your Industrial Ecosystem(00:22:48) - Final Thoughts: Moving Beyond Security Theater to True CollaborationLinks And Resources:Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Exploited: The Cyber Truth Episode: 2026 ICS Security Predictions: What’s Next for Critical InfrastructurePub date: 2025-12-30Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAs industrial control systems become more connected, more Linux-based, and more exposed to IT-style threats, 2026 is shaping up to be a turning point for ICS security. In this end-of-year predictions episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder & CEO Joseph M. Saunders and CTO Shane Fry to discuss what will define ICS and critical infrastructure security in 2026. The episode explores a bold prediction: We will see a major ICS breach originating from a web application vulnerability running directly on an embedded control device. As full Linux operating systems, Node.js apps, and web servers increasingly appear inside OT equipment, long-standing IT vulnerabilities are colliding with systems that are difficult—or impossible—to patch. Joe and Shane dig into why detection-only strategies fall short in constrained, long-lived devices, and why secure by design engineering, memory safety, and runtime protections are becoming essential. They also discuss the importance of accurate, build-time Software Bills of Materials, especially as regulations like the EU Cyber Resilience Act push manufacturers toward transparency, accountability, and provable supply-chain visibility. Together, they cover: Why ICS exploitation is shifting from theoretical to operationalHow web app and RCE vulnerabilities are creeping into OT devicesThe limits of detection-only security strategiesWhy memory safety and runtime protections reduce exploitable riskHow build-time SBOMs improve vulnerability tracking and trustThe podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: ICS Arabia PodcastEpisode: Securing the Food Industry | 63Pub date: 2025-12-26Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this insightful episode, host Dr Sulaiman Alhasawi sits down with Adnan Ahmad, CISO at Ornua, the global dairy cooperative behind Kerrygold, operating 11 factories across Europe, the US, and Saudi Arabia.They dive into the unique world of OT security in food manufacturing, where:🔹 Production uptime & safety > cybersecurity (until something breaks)🔹 Equipment can be 10–50 years old — replaced only when broken🔹 A cyberattack could mean contaminated products, recalls, or brand damageAdnan shares how he leads both IT & OT security with a unified strategy based on IEC 62443 and ISO27001, emphasizing:✅ Asset visibility✅ Network segmentation✅ Joint IT-OT governance✅ Tailored training for floor workers to leadershipHe also discusses compliance under EU’s NIS2 Directive, the risks of recipe tampering via PLCs, and the need for stronger collaboration — especially in the Middle East.The podcast and artwork embedded on this page are from ICS ARABIA PODCAST, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: PrOTect It All (LS 26 · TOP 10% what is this?)Episode: AI Isn’t the Answer: Why Cybersecurity Fundamentals Still Decide OT and IT SuccessPub date: 2025-12-29Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAI is everywhere - but it won’t fix broken cybersecurity foundations. In this end-of-year wrap-up episode of Protect It All, host Aaron Crow takes a hard look at the growing hype around AI in cybersecurity and explains why fundamentals still matter more than any shiny new tool, especially in OT environments. Drawing from real-world experience and industry observations, Aaron challenges the belief that AI can compensate for missing basics like asset inventory, network segmentation, and clear ownership. He reframes AI as a powerful assistant not a savior and warns against the risks of rushing into automation without understanding what you’re protecting in the first place. You’ll learn: Why basic cybersecurity hygiene still determines success or failure How AI fits best when foundations are already in place The dangers of shadow AI in OT and industrial environments Why asset visibility and segmentation remain non-negotiable How leaders should think about AI as a support tool - not a shortcut What OT and IT teams should prioritize heading into 2026Whether you’re closing out the year or planning ahead, this episode delivers a grounded, experience-driven perspective on building resilient cybersecurity programs—without chasing hype. Tune in to hear why mastering the basics is still the smartest cyber strategy - only on Protect It All. Key Moments:  03:32 "Technology Complexity vs. Practicality" 09:33 "AI as an Entry-Level Intern" 12:29 "AI: A Powerful Team Tool" 16:24 "AI Alone Won't Fix Cyber" 19:34 "Mastering Basics Before AI Integration" 21:46 "Shadow AI and Resilience" 25:26 "Addressing Gaps and Ownership" 30:27 "Foundations Matter for Success" Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: [email protected]  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast  To be a guest or suggest a guest/episode, please email us at [email protected] Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: ICS Arabia PodcastEpisode: Rail Cybersecurity & OT SOCs in the Middle East (Arabic) | 56Pub date: 2025-12-26Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIn this first-ever ICS Arabia Podcast episode focused on rail cybersecurity and OT Security Operations Centers (SOCs), I sit down with Omar Sherin, Consulting Partner at PwC Middle East and a pioneer in the region’s critical infrastructure protection.We explore:1- Rail-specific cyber threats and how OT SOCs are built to defend them2- Real-world challenges in the Middle East’s transportation sector3- National efforts to build security labs for firmware, SBOMs, and ICS hardware4- How Arab countries can strategically improve their OT cybersecurity postureThe podcast and artwork embedded on this page are from ICS ARABIA PODCAST, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.