PrOTect It All

What happens when attackers target the systems that keep the lights on?

In this episode of Protect It All, host Aaron Crow breaks down the December 2025 cyberattack on Poland’s energy infrastructure, where coordinated attackers disrupted wind farms, solar installations, and heat and power plants - impacting nearly half a million people.

This real-world incident highlights the growing risks facing distributed energy resources (DER) and modern power grids. As energy systems become more connected and decentralized, the attack surface expands - often faster than security programs can adapt.

Aaron walks through what actually went wrong: default passwords, unpatched devices, and weak network segmentation that allowed attackers to brick OT equipment and blind operators to what was happening in their own systems.

You’ll learn:

How attackers targeted renewable energy infrastructure at scale

Why edge devices and distributed assets create new vulnerabilities

The importance of eliminating default credentials and poor configurations

Why network segmentation and secure remote access are essential

What grid operators and OT teams must prioritize immediately

How lessons from Poland apply to power grids worldwide

For engineers, operators, and cybersecurity leaders responsible for critical infrastructure, this episode delivers practical insights on defending modern energy systems before attackers strike again.

Tune in to understand what Poland’s grid attack reveals about the future of OT security - only on Protect It All.

Key Moments: 

04:57 "Corrupted Firmware Disables System Control"

10:01 DER Risks and Scaling Threats

10:55 Risks of Expanding Energy Grids

16:30 OT Security Vulnerabilities and Risks

18:34 Prioritize OT Security Systems

23:06 Change Default Passwords Immediately

24:49 "Critical ICS Security Measures"

30:15 "OT Cyber-Physical Response Plan"

32:56 "Critical Security Steps for Resilience"

Connect With Aaron Crow:

Website: www.corvosec.com 

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

Email: [email protected] 

Website: https://protectitall.co/ 

X: https://twitter.com/protectitall 

YouTube: https://www.youtube.com/@PrOTectITAll 

FaceBook:  https://facebook.com/protectitallpodcast

 

To be a guest or suggest a guest/episode, please email us at [email protected]

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

AI can accelerate cybersecurity - or accidentally expose it.

In this solo episode of Protect It All, host Aaron Crow breaks down how cybersecurity professionals can safely integrate AI into their IT and OT workflows. As tools like ChatGPT, Copilot, and enterprise AI platforms become part of daily operations, the question isn’t whether to use AI - it’s how to use it responsibly.

Aaron moves beyond buzzwords to focus on practical, everyday applications: automating reports, summarizing threat intelligence, drafting policies, enhancing documentation, and streamlining repetitive tasks. At the same time, he tackles the real concerns leaders face - data privacy, compliance, policy alignment, and shadow AI risks.

You’ll learn:

Where AI delivers immediate value in cybersecurity workflows

How to automate without exposing proprietary or regulated data

The difference between enterprise AI tools and public platforms

How to align AI usage with corporate security policies

Practical ways CISOs and analysts can boost productivity safely

Why governance and awareness matter as much as innovation

Whether you’re leading a security program or working hands-on in IT or OT environments, this episode delivers actionable strategies to use AI smarter—not riskier.

Tune in to learn how to automate with confidence and stay ahead of the curve—only on Protect It All.

Connect With Aaron Crow:

Website: www.corvosec.com 

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

Email: [email protected] 

Website: https://protectitall.co/ 

X: https://twitter.com/protectitall 

YouTube: https://www.youtube.com/@PrOTectITAll 

FaceBook:  https://facebook.com/protectitallpodcast

 

To be a guest or suggest a guest/episode, please email us at [email protected]

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Passing an audit doesn’t mean you’re secure.

In this episode of Protect It All, host Aaron Crow dives into one of the biggest misconceptions in operational technology: the belief that compliance equals protection. Using NERC CIP 15 as a real-world case study, Aaron explores why meeting regulatory requirements is only the starting point - not the finish line.

A major focus of this conversation is OT network monitoring, especially the often-overlooked east-west traffic inside your environment. Many organizations monitor perimeter traffic while internal blind spots remain wide open.

You’ll learn:

Why compliance frameworks don’t automatically create security

The real challenges of implementing NERC CIP 15 at scale

Why internal network visibility (east-west monitoring) matters

How to establish meaningful baselines in legacy OT environments

The difference between audit success and operational resilience

Why architecture, tooling, and skilled personnel must work together

Whether you’re working in utilities, manufacturing, or critical infrastructure, this episode provides practical guidance on how to move beyond checklists and build security programs that truly reduce risk.

Tune in to learn how to transform compliance requirements into real operational protection - only on Protect It All.

Key Moments: 

00:00 OT Security Blind Spots

05:15 "OT Security and Monitoring Challenges"

10:41 Aging Switches and Monitoring Challenges

13:16 OT Protocols and Infrastructure Challenges

15:42 "IT vs OT: Complexity Challenges"

18:03 "Balancing Compliance and Security"

21:57 Securing Critical Infrastructure Spaces

Connect With Aaron Crow:

Website: www.corvosec.com 

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

Email: [email protected] 

Website: https://protectitall.co/ 

X: https://twitter.com/protectitall 

YouTube: https://www.youtube.com/@PrOTectITAll 

FaceBook:  https://facebook.com/protectitallpodcast

 

To be a guest or suggest a guest/episode, please email us at [email protected]

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

You can’t secure OT environments with checklists alone - you secure them with trust, clarity, and focused action.

In this episode of Protect It All, host Aaron Crow sits down with OT security expert Dean Parsons to unpack what actually improves cybersecurity maturity in manufacturing, water, and wastewater environments. From remote access blind spots to outdated network architecture, they explore the practical gaps many organizations face - and how to fix them without massive budgets.

A central theme? Tabletop exercises. Not as a compliance checkbox - but as a powerful tool to build collaboration between IT and OT teams, clarify roles, and stress-test real incident response plans before a crisis hits.

You’ll learn:

Why tabletop exercises accelerate OT maturity

The importance of trust between engineers and IT teams

How focusing on the SANS 5 Critical Controls drives meaningful progress

Why visibility and architecture matter more than shiny tools

How to improve OT security without overwhelming teams or budgets

The human and process factors that determine response success

Whether you’re leading OT security, managing critical infrastructure, or trying to bridge IT and engineering teams, this episode delivers practical, experience-backed strategies you can implement immediately.

Tune in to learn how to strengthen OT security through people, process, and purposeful action - only on Protect It All.

Key Moments: 

03:57 "Improved IT-OT Collaboration Tabletops"

08:57 "ICS Security Priorities"

12:16 "Accelerating ICS Cybersecurity Programs"

15:07 Trusted Expertise Builds Credibility

17:28 "Engineering Role in Incident Response"

20:53 "Cybersecurity: Tabletops Gain Traction"

26:34 "Control Systems, Protocol Abuse Insights"

27:51 Secure Architecture Enables Network Visibility

33:07 "Targeted Network Monitoring Essentials"

35:23 Prioritize Critical Assets Strategically

37:50 "Bridging IT and OT Expertise"

41:56 Critical Infrastructure Security Risks

44:30 ICS Leadership and Threat Strategy

48:14 "Power Plant Walkthrough Insights"

52:02 Critical Cyber Asset Management

57:29 "SANS Courses: Essential and Valuable"

About the guest : 

Dean Parsons is a SANS Principal Instructor and the CEO and Principal Consultant of ICS Defense Force. Over the past two decades, Dean has built and led industrial cyber defense programs, conducted incident response and digital forensics in live plants and partnered with operators and engineers to maintain both safety and uptime across major industrial sectors.

He helps organizations align investment and policy decisions with operational priorities, developing risk metrics and tabletop exercises that unify operations, engineering, and cybersecurity so organizations in any industrial sector can prioritize and measure what matters.

How to connect Dean : https://www.linkedin.com/in/dean-parsons-cybersecurity

Connect With Aaron Crow:

Website: www.corvosec.com 

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

Email: [email protected] 

Website: https://protectitall.co/ 

X:

Shiny tools don’t break attackers in basic mistakes.

In Episode 92 of Protect It All, host Aaron Crow sits down with Corey LeBleu, founder of Relix Security and seasoned penetration tester, for a candid look at what actually causes organizations to get compromised and why fundamentals still matter more than the latest security trends.

Drawing from years of red-team and penetration-testing experience, Corey shares real stories from the field: forgotten printers, unmanaged IoT devices, legacy systems no one owns anymore, and misconfigurations hiding in plain sight. Together, Aaron and Corey unpack why asset visibility, patching, and change management continue to be the weakest links - even as AI and automation enter the security conversation.

You’ll learn:

Why old printers, IoT devices, and “temporary” systems are prime attack paths

What most organizations misunderstand about pen testing and red teaming

How poor asset inventory and change management undermine security programs

The real risks behind shadow IT and unmanaged tools

Where AI helps in pen testing and where experience still wins

Why mastering the basics beats chasing new security gadgets every time

Whether you’re a security professional, IT leader, or someone looking to break into cybersecurity, this episode delivers practical, no-nonsense lessons from the front lines - focused on what actually reduces risk.

Tune in to hear why cybersecurity success still starts with the fundamentals - only on Protect It All.

Key Moments: 

03:57 Critical Infrastructure: Finding Vulnerabilities

06:44 "Cyber Risks from Hidden Devices"

11:25 Cybersecurity: Focus on Basics

16:09 Complex Systems Demand Continuous Testing

18:17 Understanding Complex System Security

22:54 "Testing: External vs. Internal"

24:12 Enterprise Challenges with AI Integration

27:40 AI Lowers Barriers for Hacking

About the guest : 

Corey LeBleu has built a career around application security testing, becoming deeply involved in integrating vulnerability assessments throughout the software testing lifecycle. Noticing shifts in industry practices, Corey observed major international financial institutions moving to routinely pentest every application- even legacy IBM systems - leading the way in robust cybersecurity practices. In contrast, Corey also highlights the challenges faced by manufacturing, where operational technology often suffers from outdated, vulnerable systems. Corey’s experience showcases the evolving landscape of application security, emphasizing the need for continuous testing and vigilance across diverse industries.

How to connect Corey :
https://www.linkedin.com/in/coreylebleu/

Connect With Aaron Crow:

Website: www.corvosec.com 

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

Email: [email protected] 

Website: https://protectitall.co/ 

X: https://twitter.com/protectitall 

YouTube: https://www.youtube.com/@PrOTectITAll 

FaceBook:  https://facebook.com/protectitallpodcast