PrOTect It All

Cybersecurity isn’t just about technology - it’s about people.

In this episode of Protect It All, host Aaron Crow sits down with Sean Tufts for a conversation that goes far beyond tools and tactics. From the locker room to control rooms, Sean shares how his journey from professional football to OT cybersecurity shaped his approach to trust, teamwork, and leadership.

Together, they unpack one of the biggest challenges in OT environments: building trust between IT and OT teams. Because without trust, even the best tools fail.

You’ll learn:

Why trust is the foundation of OT cybersecurity success

How to bridge the gap between IT teams and engineers

The role of communication and empathy in security programs

Real-world lessons from segmentation failures and hidden network risks

Why diversity and teamwork drive stronger security outcomes

How leadership mindset shapes resilience in high-stakes environments

Whether you’re leading cybersecurity, working in OT environments, or building cross-functional teams, this episode delivers practical insights on the human side of security—where real progress happens.

Tune in to learn why the strongest cybersecurity programs are built on people, not just platforms only on Protect It All.

Key Moments: 

05:11 Importance of communication in tech

06:58 Learning from early career mistakes

11:40 Implementing network scanning in OT environments

15:50 Debating project priorities in cybersecurity

18:24 Improving system reliability and ROI

20:28 Convincing plants to self-fund projects

26:21 Creating layered RACI charts

26:57 Discussing people, process, and technology

31:15 Easy validations and big risks

34:35 Operators' productivity challenges

37:21 Network security in hospitals

42:25 Creating a safe network environment

43:10 Addressing network configuration issues

46:55 Different types of AI users

About the guest : 

Sean Tufts is Field CTO at Claroty and a cybersecurity leader with deep expertise in industrial environments. With leadership roles at GE and Optiv, he has helped asset-intensive industries navigate the intersection of OT, IT, and cyber risk. Before cybersecurity, Sean was a standout linebacker and team captain at the University of Colorado and went on to play in the NFL with the Carolina Panthers bringing the same discipline, teamwork, and leadership mindset to securing critical infrastructure today.

How to connect Sean : 

LinkedIn: https://www.linkedin.com/in/sean-tufts-36b4909/

Website: https://claroty.com/

Connect With Aaron Crow:

Website: www.corvosec.com 

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

Email: [email protected] 

Website: https://protectitall.co/ 

X: https://twitter.com/protectitall 

YouTube: https://www.youtube.com/@PrOTectITAll 

FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or s...

Construction sites are no longer just physical - they’re digital, connected, and increasingly vulnerable. In this episode of Protect It All, host Aaron Crow sits down with Lee Carsten to explore the rising cyber risks across the architecture, engineering, and construction (AEC) industry.

As digital transformation accelerates - with AI, digital twins, and connected building systems becoming standard - construction projects are expanding their attack surface in ways many organizations don’t fully understand.

Aaron and Lee unpack the unique challenges facing AEC environments, from fragmented systems and evolving workflows to the growing need for integrating cybersecurity into business decisions - not just IT functions.

You’ll learn:

Why construction and infrastructure projects are becoming prime cyber targets

How digital transformation and AI are reshaping risk in AEC environments

The role of building management systems (BMS) and OT in modern projects

Why foundational controls and human awareness still matter most

How to align cybersecurity with real-world construction workflows

Practical strategies to build resilience into projects from day one

Whether you’re in construction, engineering, IT, or OT security, this episode delivers real-world insights to help you protect the infrastructure we rely on every day.

Tune in to learn how to secure modern construction in a connected world - only on Protect It All.

Key Moments: 

05:39 Importance of interpersonal skills

08:08 Construction security and recent projects

11:46 Challenges in AEC industry adoption

19:30 Importance of disaster recovery

20:31 Discussing costs of business interruptions

24:06 RFP process and bid management

27:25 Complexity of building projects

32:02 FBI investigation triggers and readiness

36:55 Managing complex building assets

39:37 Choosing durable equipment and future tech

42:01 Understanding OT data for security

About the guest : 

Lee Carsten’s journey in technology began in the era of punch cards - painstakingly sorted and fed into compilers, where a single fumble could mean hours' worth of work undone. Lee studied COBOL in college, envisioning a future as a programmer. That path nearly led to Walmart, where Lee’s mother worked on the company’s pioneering buyer decision support system under Randy Mott. While the family connection and an offer from Kevin Turner to join a new team were tempting, Lee ultimately decided against moving to Bentonville and working for $18,000 annually. This early exposure to large-scale business technology, combined with pivotal career choices, shaped Lee Carsten’s perspective on IT and the evolving world of software development.

How to connect Lee: https://www.linkedin.com/in/leecarsten/

Website: https://whitecaprisk.com/

Connect With Aaron Crow:

Website: www.corvosec.com 

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

Email: [email protected] 

Website: https://protectitall.co/ 

X: https://twitter.com/protectitall 

YouTube: https://www.you...

The biggest challenge in OT cybersecurity isn’t just technology - it’s people.

In this episode of Protect It All, host Aaron Crow sits down with Mike Holcomb to explore one of the most urgent issues facing the industry today: the growing skills gap in OT and ICS cybersecurity.

Mike shares his journey from IT into operational technology security and breaks down why more professionals are needed to defend the systems that power energy, manufacturing, and critical infrastructure worldwide.

This conversation goes beyond awareness - it’s about practical pathways into the field and how the community is stepping up to make OT cybersecurity more accessible.

You’ll learn:

Why OT cybersecurity is one of the most in-demand and underserved fields

How to transition from IT to OT cybersecurity

The biggest barriers newcomers face - and how to overcome them

What foundational skills and controls matter most in ICS environments

The role of community initiatives like BSides ICS in closing the gap

Why training, mentorship, and collaboration are critical for the future

Whether you’re looking to break into cybersecurity, pivot your career, or build stronger teams, this episode delivers actionable guidance and inspiration from someone actively shaping the future of OT security.

Tune in to learn how to build a career while helping protect the infrastructure the world depends on - only on Protect It All.

Key Moments: 

03:07 Getting started in cybersecurity

06:33 Early passion for cybersecurity

11:54 Hurricane Katrina aftermath discussion

15:50 Awareness and education on OT security

17:49 First experiences with GRID class

25:07 Early challenges in OT cybersecurity

29:17 Importance of effective communication

35:11 Global expansion of cybersecurity events

39:52 Building a foundation in OT cybersecurity

43:36 Excitement for new CompTIA exam

46:48 Expressing appreciation for community involvement

About the guest: 

Mike Holcomb is an independent consultant focused on OT/ICS cybersecurity and an educational content creator. Prior to supporting clients full-time through UtilSec, he was the Fellow of Cybersecurity and the OT/ICS Cybersecurity Global Lead for one of the world’s largest engineering and construction companies, providing him with the opportunity to work in securing some of the world’s largest OT/ICS environments, from power plants and commuter rail to manufacturing facilities and refineries. As part of his community efforts, Michael founded the BSidesICS/OT with multiple events planned globally in 2026. He has his master’s degree in OT/ICS cybersecurity from the SANS Technology Institute. Additionally, he maintains cyber security and OT/ICS certifications such as the CISSP, GRID, GICSP, GCIP, GPEN, GCIH, ISA 62443, and more. He was awarded the SANS Difference Maker Award for Practitioner of the Year: ICS/OT Defender for 2025 and BEER-ISAC's Community Builder Award for 2026. He posts regularly on LinkedIn and YouTube to help others learn more about securing OT/ICS and critical infrastructure. 

How to connect Mike: 

Main Site: mikeholcomb.com

LinkedIn: linkedin.com/in/mikeholcomb

YouTube: youtube.com/@utilsec

Instagram: instagram/_mikeholcomb/

Newsletter: utilsec.kit.com/95e31307f7

BSidesICS/OT: bsidesics.org

Connect With Aaron Crow:

Webs...

You can’t manage risk you can’t measure - or even see.

In this episode of Protect It All, host Aaron Crow sits down with Nicholas Friedman to explore how organizations can move beyond compliance and build real, measurable cybersecurity programs across IT and OT environments.

With experience spanning banking, aerospace, and critical infrastructure, Nicholas shares how risk management principles translate across industries - and why understanding business context is critical to protecting operational systems.

This conversation dives into one of the biggest challenges in OT today: asset visibility and risk quantification. From outdated spreadsheets to modern automation, Aaron and Nicholas break down what it actually takes to understand exposure, justify investment, and communicate risk at the board level.

You’ll learn:

Why asset inventory is the foundation of OT security

How to move from compliance checklists to real risk reduction

The importance of risk quantification for CISOs and executives

How to communicate cybersecurity in business and financial terms

The role of automation and knowledge transfer in scaling security programs

Lessons from banking and aerospace applied to utilities and critical infrastructure

Whether you’re leading a cybersecurity program, managing OT environments, or presenting to the board, this episode delivers practical strategies to align security with business value and measurable outcomes.

Tune in to learn how to turn cybersecurity into a risk-driven, business-aligned strategy - only on Protect It All.

Key Moments: 

05:14 Understanding business risk basics

08:40 Building effective OT cybersecurity teams

13:26 Challenges with aging IT and OT systems

14:19 Organizing IT and OT assets

18:31 Understanding OT and IT risks

21:53 Evaluating security risks and priorities

25:31 Improving asset deployment and management

29:14 Evaluating and prioritizing risks

31:12 Shifting focus to success plans

35:59 Selling tech that delivers results

37:22 Hands-on approach to cybersecurity

42:39 Challenges with NERC audit processes

44:47 Balancing compliance and security

49:45 Challenges in power utility operations

51:55 AI, OT, and risk management

56:31 Importance of early compliance planning

About the guest : 

Nicholas Friedman is an enterprise risk and governance leader with 25+ years of experience across Fortune 500 companies and government sectors. He specializes in integrated risk management, compliance, and AI governance - helping organizations build scalable frameworks that align security, risk, and business resilience.

How to connect Nicholas Friedman : 

Linkedin :  https://www.linkedin.com/in/nicholasfriedman/

Website : https://www.templarshield.com/

Connect With Aaron Crow:

Website: www.corvosec.com 

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

Email: [email protected] 

Website: https://protectitall.co/ 

X: https://twitter.com/protectitall

In this special milestone episode of Protect It All, host Aaron Crow steps away from the usual format to share his personal journey - from early days working with PLCs at a kitchen table to building a platform that connects and educates cybersecurity professionals around the world.

This episode is more than a reflection - it’s a story of persistence, curiosity, and community.

Aaron walks through the evolution of IT and OT cybersecurity, the lessons learned from decades in the field, and how conversations with experts across 100 episodes have shaped his perspective on what it truly means to “Protect It All.”

You’ll hear:

How Aaron’s career in IT and OT began - and what kept him going

The biggest lessons learned across 30+ years in cybersecurity

What building a podcast taught him about community and leadership

How the industry has evolved - and what still hasn’t changed

Why relationships and shared knowledge matter more than ever

What’s next for the future of cybersecurity and the podcast

Whether you’ve been listening since episode one or you’re just discovering the show, this episode offers inspiration, perspective, and a deeper look behind the mic.

Tune in to celebrate 100 episodes and the journey of protecting what matters most - only on Protect It All.

Key Moments: 

04:12 Early tech projects and hobbies

09:31 First tech job setting up classrooms

11:20 Getting certified in IT

16:49 Early career in power and cybersecurity

18:08 Building a versatile IT team

24:23 Starting the cybersecurity podcast journey

26:28 Feeling recognized in the podcast world

29:22 Getting started in cybersecurity

Connect With Aaron Crow:

Website: www.corvosec.com 

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

Email: [email protected] 

Website: https://protectitall.co/ 

X: https://twitter.com/protectitall 

YouTube: https://www.youtube.com/@PrOTectITAll 

FaceBook:  https://facebook.com/protectitallpodcast

To be a guest or suggest a guest/episode, please email us at [email protected]

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4