PrOTect It All

• From Plant Operator to OT Security: Stories of Failures and Breakthroughs

  In this episode, host Aaron Crow dives deep into the intersection of IT and OT cybersecurity with special guest Gavin Dilworth—a plant operator turned automation engineer and cybersecurity expert. Listen in as Gavin shares his candid and often humorous journey from factory floors to global consulting, including how a workplace near-miss sparked his “lightbulb moment” about the similarities between health and safety and cybersecurity. Aaron and Gavin discuss everything from operators’ creative workarounds on the plant floor, to the importance of trust and rapport between IT and OT teams, and why having hands-on experience is key to building effective cybersecurity programs in critical infrastructure environments.  You’ll also hear real-world stories of technology mishaps, the critical role of plant culture, and the practical challenges organizations face in securing legacy systems while keeping operations running. If you want honest, relatable insights and actionable advice on bridging the IT-OT divide—and a few laughs along the way—this episode is for you. Key Moments:  10:12 Operator Rounds and RFID Challenges 12:56 Operators' Ingenuity and Knowledge 21:29 IT vs. OT: Firmware Update Challenges 26:49 Understanding and Accepting Risk 28:12 Standards, Frameworks, and Continuity 33:08 High Voltage Safety Precautions 40:41 Bridging OT and IT Skills 43:46 Cybersecurity Cross-Training Surge 52:38 CISO Knowledge Gap in OT Security 54:32 "Experience: Essential for Understanding" 01:03:34 DCS System Configuration Challenges 01:06:52 Neglecting Redundancy Risks Operations 01:11:00 Optimizing Underutilized IT Resources 01:20:04 "Understanding Systems Before Advice" 01:22:06 Old Cables Remain Untouched About the guest :  Gavin Dilworth’s career took an unconventional path. As a plant operator, he was tasked with keeping production running smoothly and monitoring sensor readings, both on the computer and around the factory. However, Gavin was never quite the model operator—rather than dutifully making rounds and comparing readings, he often found himself absorbed in books, dreaming of a future in IT. Though he laughs about being a “pretty terrible operator,” Gavin’s story reflects his early drive to pursue his true interests in technology, even when duty called elsewhere. How to connect Gavin :  Linkedin : https://www.linkedin.com/in/gavin-dilworth/ Website: https://assessmentplus.co.nz/ Connect With Aaron Crow: Website: www.corvosec.com 

  --------  

  1:25:34
• Why Cybersecurity Is More Than Just Technology and Tools with Paul Marco

  In this episode, host Aaron Crow welcomes lifelong cybersecurity professional Paul Marco to the podcast. Fresh off of a fun, bourbon-fueled appearance on Paul and Evan’s podcast, Cyber After Hours, Aaron and Paul sit down for a candid conversation that covers everything from the pitfalls of shiny new cyber tools, to the real-world challenges of defending both networks and people.   Tune in as they discuss the importance of making the most of what you already have, the realities of cyber as a “cost center,” and how availability increasingly trumps confidentiality in today’s threat landscape. Paul shares powerful insights from decades in cyber operations, the difference between theory and real value, and why storytelling and business skills are now just as vital as technical chops.   From protecting small businesses to demystifying the impact of AI and quantum computing on everyday cybersecurity, this episode is packed with practical advice, plenty of war stories, and even a few laughs. Whether you’re a seasoned security pro or just starting out, you won’t want to miss this lively and wide-ranging discussion on how to protect it all.   Key Moments:  05:38 Tech Rationalization Over Product Dependence 10:42 "Cybersecurity: A Costly Necessity" 17:44 Privacy Is Obsolete 25:51 Cyber Crime Funds Dark Activities 26:39 "Preventing Cyber-Facilitated Crime" 37:50 "Exploiting AI: Ethics Versus Greed" 46:44 Understanding Business Elevates Cybersecurity 48:01 Broadening Skills Beyond Cybersecurity 54:19 CISOs Need More Than Tech Skills 58:56 "Tech Threatens Critical Thinking"   About the guest :    Paul is the Co-Founder of TALAS Security and the Co-Host of the Cyber After Hours Podcast. With over twenty years of experience in IT and Cybersecurity, Paul is a senior cybersecurity leader who has built, maintained, and operated enterprise-grade Cybersecurity programs in highly complex environments. His expertise lies in taking a "controls first" approach to Cybersecurity. He specializes in designing programs that maximize the use of existing capabilities to balance both defense and compliance to accelerate organizational maturity. He creates sustainable solutions that enable organizations to effectively manage their cybersecurity risks and is committed to staying ahead of the curve in an ever-evolving cybersecurity landscape and helping organizations securely achieve their business objectives. How to connect Paul:  LinkedIn: https://www.linkedin.com/in/pm01/ Talas Security: https://www.talas.io/ Cyber after Hours Podcast: https://www.cahpodcast.com/   Connect With Aaron Crow: Website: www.corvosec.com 

  --------  

  1:07:57
• Building Trust in OT Cybersecurity: Patching, Communication, and Personal Branding for Success

  In this episode, host Aaron Crow is joined by his longtime friend and fellow OT (Operational Technology) aficionado, Oren Niskin. Oren dives into his unconventional journey from Navy electrician to offshore rig automation, through to OT cybersecurity consulting—sharing the highs, the lessons learned, and the unique perspective gained from crawling through the “belly of the ship” rather than a college lecture hall. Aaron and Oren discuss the real-world value of hands-on experience versus formal education, the evolving relationship between IT and OT teams, and why personal branding and communication skills are key for career growth in the cybersecurity field. They unpack the challenges and misconceptions around patching in the OT environment, and Oren reveals practical advice from his recent presentation on how organizations can dramatically reduce their vulnerability management workload while maintaining operational safety. Tune in for thoughtful reflections, war stories from the rig, and actionable tips for aspiring and seasoned cybersecurity professionals alike—plus a heartwarming nod to inspiring the next generation. Whether you’re just getting started in OT or looking to take your cyber game to the next level, this episode is packed with honest advice and community spirit. Key Moments:  05:58 College: Not the Ultimate Answer 08:26 Consulting Perspective Accelerates Career Growth 13:36 "Building Value with Personal Branding" 16:49 "Everyone's a Salesman Everywhere" 19:44 "Patching Essential for System Health" 21:14 Firmware Updates Resolve Most Issues 26:18 Robots Dominate Manufacturing Line 28:08 Prioritizing Critical Drilling Vulnerability Fixes 33:29 "Prioritizing Business-Critical Systems" 36:57 Cyber-Resilient Tech Design 39:20 "Virtualization Best Practices: Snapshot Safety" 41:18 OT Cybersecurity: Focus on Basics 44:37 Unexpected Changes Disrupt Startup Plans 47:44 "Building Trust in Business" 50:52 "IT-OT Collaboration Importance" Oren Niskin – From the Navy to OT Cybersecurity: Bridging the Gap Between the Plant Floor and Secure Operations Oren Niskin is an OT cybersecurity consultant with over two decades of hands-on industrial experience spanning the U.S. Navy, offshore drilling operations, and global OT network management. His career began not in a classroom, but aboard the USS Harry S. Truman, where he served as an electrician and shutdown reactor operator after enlisting in the Navy post-9/11. Since then, he’s steadily climbed the OT ranks—from maintaining electrical systems at sea to managing IACS networks for a global fleet of drilling rigs, and now, advising critical infrastructure on how to secure their operational environments. Oren brings a rare combination of deep technical insight and real-world plant floor experience to the evolving challenges of OT cybersecurity. He holds a Bachelor's degree in Nuclear Engineering Technology and a Master’s in Information Security Engineering from the SANS Institute. Oren is passionat...

  --------  

  56:51
• Beyond Compliance Cybersecurity Insights With Blake Hoge and Aaron Crow

  In this episode, host Aaron Crow sits down with cybersecurity professional Blake Hoge for an unscripted deep dive into the world of IT, OT, and everything in between. In this engaging conversation, Aaron and Blake share their personal journeys through the cybersecurity landscape—from consulting roots and data center audits, to navigating third-party risk, compliance programs, and even some unforgettable experiences in global call centers and power plants.   This episode goes beyond the technicalities, exploring the importance of hands-on assessments, the unexpected vulnerabilities that linger in even the most sophisticated environments, and why fresh eyes are crucial for spotting hidden risks.  Aaron and Blake also open up about their favorite use cases for AI—both on and off the job, and how these evolving tools are reshaping everything from incident response planning to everyday productivity.   But it’s not all about cyber threats and compliance checklists. The conversation takes a thoughtful turn as the two discuss the vital role of mental health, physical wellness, and community in sustaining long careers in high-pressure fields. From rucking at dawn and cycling in Moab to decompressing at cyber shootouts and embracing new technologies, Aaron and Blake remind us that protecting it all starts with taking care of ourselves and each other. Join us for a lively, candid episode packed with actionable insights, relatable stories, and a reminder that cybersecurity is, above all, a people business.   Key Moments:    09:47 Power Plant Fire Recovery Chaos 13:36 Infrastructure Maintenance & Security Compliance 16:10 Access Control Testing Concerns 23:22 "Design Process: Theory vs. Reality" 31:22 Dynamic Incident Response Planning 33:07 Commitment to Security and Transparency 39:21 Customized Consultancy for Unique Needs 47:05 "Understanding Contract Essentials" 50:42 In-House AI to Safeguard Data 57:47 AI Simplifies Search and Booking 59:13 Mental Wellness Strategies in Tech 01:03:52 Fitness and Energy Through Activity 01:10:44 "Business is a People Endeavor"   About the guest :  Blake Hoge leads third-party security at Airbnb, strengthening partnerships, and founded AmplifyGRC to support small businesses in building security and trust. At Instacart, he developed and scaled security and trust programs and compliance programs. At Salesforce, he managed security for global data and call centers. With over a decade in governance, risk, and compliance, Blake holds CISA, CDPSE, and PMP certifications, reflecting his expertise. Blake lives in the greater Austin, Texas area, and enjoys connecting with other professionals locally.   How to connect Blake:  Linkedin page: https://www.linkedin.com/in/blakehoge/...

  --------  

  1:13:17
• How AI is Transforming the SOC: Automation, Challenges, and the Future of Cybersecurity with Amy Tom

  In this episode,  host Aaron Crow dives deep into the buzzing world of AI in cybersecurity, joined by special guest Amy Tom, Community Manager at D3 Security. With everyone chatting about AI these days, Aaron and Amy cut through the noise to explore how artificial intelligence is shaking up Security Operations Centers (SOCs)—from automating manual processes to transforming traditional analyst roles.  Amy shares her unconventional journey into cybersecurity, demystifies what it means to be a "nerd translator," and unpacks how AI-driven platforms like D3’s Morpheus are changing the game for SOC teams. Whether you’re a student considering a path in cybersecurity, a seasoned pro, or just curious about the future of AI in this field, you’ll hear practical advice, real-world examples, and insight into both the promise and challenges of adopting AI in high-stakes security environments.  Plus, they touch on hot topics like AI fatigue, the evolving role of junior analysts, and the importance of business and communication skills in tech. Tune in for a candid, informative conversation to get you up to speed on one of cybersecurity’s most exciting frontiers! Key Moments:  04:27 "Nerd Translator: Bridging Tech Gaps" 08:29 "Questioning Data Metrics and Value" 10:57 AI Streamlining Security Automation 15:14 "AI and Low-Code Automation Evolution" 17:27 API Management Complexity 22:12 Migrating from Legacy SOAR Platforms 26:55 Streamlining Phishing Response with SOAR 36:05 AI-Driven Incident Remediation 39:49 AI Summaries vs. Human Summaries 41:19 Effective Communication for All Audiences 46:24 AI Transforming SOC Analyst Roles 48:33 Versatile Skills Boost Career Success 51:58 "Explore and Experiment Creatively" About the guest :  Amy Tom’s journey into cybersecurity is anything but conventional. With no background in IT or security, she started out answering phones, unsure of how to respond to technical questions and heavily relying on engineers for answers. Through curiosity and persistence, Amy asked questions, learned on the job, and gradually built a deep understanding of the cybersecurity landscape. Today, she works on the business side, supporting engineers and helping solve real problems by bridging the gap between business needs and technical solutions. Her path is a testament to learning by doing and growing into expertise through determination and collaboration.   How to connect Amy :  LinkedIn: https://www.linkedin.com/in/amymtom/ D3 security podcast:  https://d3security.com/lets-soc-about-it-podcast/= Connect With Aaron Crow: Website: www.corvosec.com

  --------  

  57:43

More Technology podcasts

Trending Technology podcasts

About PrOTect It All