Cybersecurity Under Pressure. Real Attacks, Real Lessons

Antonio González

This podcast breaks down real cybersecurity incidents to understand what actually went wrong, not in theory, but in practice. Each episode analyzes a recent attack, explains the technical mechanics in clear language, and translates them into concrete lessons for security, engineering, and business teams. Topics covered: OT security, ICS cybersecurity, industrial control systems, critical infrastructure protection, NIS2 compliance, Zero Trust architecture, operational technology resilience, railway cybersecurity, automotive security, and cyber-physical systems.

  1. 1 DAY AGO

    [2026] Deep Dive: Some of the hardest OT risks in rail | Zero Trust

    Some of the hardest OT risks in rail stay online for one simple reason If you cannot harden the asset, you isolate the risk around it with controls that actually understand the traffic. That means segmentation designed for the signalling cell, tightly brokered remote access, and inspection layers that can parse the protocols the system really uses instead of treating them as opaque packets. 🎯 IN THIS EPISODE: • Zero Trust architecture in OT environments • Railway and transportation cybersecurity • AI and machine learning security risks 📋 KEY TOPICS COVERED: • Zero Trust Architecture • Railway Cybersecurity • AI Security 🔑 KEY INSIGHTS: 1. Some of the hardest OT risks in rail stay online for one simple reason 2. You are not allowed to touch the box 3. An operator knows a signalling component, wayside appliance, or maintenance subsystem needs tighter controls 🔧 TECHNOLOGIES & STANDARDS: CERT • ISO • CAN Bus • ECU 👥 WHO SHOULD LISTEN: This episode is perfect for CISOs, OT security engineers, infrastructure operators, compliance officers, cybersecurity consultants, and anyone responsible for protecting critical systems. 💡 WHAT YOU WILL LEARN: • How real attacks unfold in OT/ICS environments • Practical defense strategies you can implement today • Compliance considerations (NIS2, IEC 62443, NIST) • Lessons from recent high-profile incidents 🎧 SUBSCRIBE & CONNECT: Subscribe for weekly deep dives into real cybersecurity incidents affecting OT, ICS, and critical infrastructure. New episodes every week. 💬 ENGAGE WITH US: Have questions or topics you'd like us to cover? Reach out! We love hearing from our community. #OTSecurity #OperationalTechnology #RailwaySecurity #TransportSecurity #ZeroTrust #IdentitySecurity #AISecurity #MachineLearning #CriticalInfrastructure #CIP #CyberSecurity #InfoSec

    36 min

  2. 3 DAYS AGO

    [2026] Deep Dive: A bad weld passes inspection | OT Security

    A bad weld passes inspection That is why periodic challenge parts are useful, but not sufficient on their own. They validate model behaviour against physical reality. They do not give you cybersecurity visibility. 🎯 IN THIS EPISODE: • Automotive and connected vehicle security • AI and machine learning security risks 📋 KEY TOPICS COVERED: • Automotive Security • AI Security 🔑 KEY INSIGHTS: 1. The PLC accepts the result, the diverter stays idle, and the part moves downstream as if nothing happened 2. That is how AI risk usually enters OT 3. Not as a dramatic outage, but as a wrong decision repeated at production speed 🔧 TECHNOLOGIES & STANDARDS: ISO • PLC • ECU 👥 WHO SHOULD LISTEN: This episode is perfect for CISOs, OT security engineers, infrastructure operators, compliance officers, cybersecurity consultants, and anyone responsible for protecting critical systems. 💡 WHAT YOU WILL LEARN: • How real attacks unfold in OT/ICS environments • Practical defense strategies you can implement today • Compliance considerations (NIS2, IEC 62443, NIST) • Lessons from recent high-profile incidents 🎧 SUBSCRIBE & CONNECT: Subscribe for weekly deep dives into real cybersecurity incidents affecting OT, ICS, and critical infrastructure. New episodes every week. 💬 ENGAGE WITH US: Have questions or topics you'd like us to cover? Reach out! We love hearing from our community. #OTSecurity #OperationalTechnology #AutomotiveSecurity #ConnectedCar #AISecurity #MachineLearning #CyberSecurity #InfoSec #CybersecurityUnderPressure

    47 min

  3. 6 DAYS AGO

    [2026] Critical: Zero Trust for Brownfield OT - IEC 62443

    "Do we have Zero Trust 🎯 IN THIS EPISODE: ​Regulatory compliance frameworks (NIS2, IEC 62443)​Zero Trust architecture in OT environments​AI and machine learning security risks​Incident response and crisis management​Supply chain attacks and software security 📋 KEY TOPICS COVERED: ​Critical Infrastructure Protection​Zero Trust Architecture​NIS2 Compliance​IEC 62443 Standard​AI Security 🔧 TECHNOLOGIES & STANDARDS: CERT • ISO • IEC • PLC • ECU 👥 WHO SHOULD LISTEN: This episode is perfect for CISOs, OT security engineers, infrastructure operators, compliance officers, cybersecurity consultants, and anyone responsible for protecting critical systems. 💡 WHAT YOU WILL LEARN: ​How real attacks unfold in OT/ICS environments​Practical defense strategies you can implement today​Compliance considerations (NIS2, IEC 62443, NIST)​Lessons from recent high-profile incidents 🎧 SUBSCRIBE & CONNECT: Subscribe for weekly deep dives into real cybersecurity incidents affecting OT, ICS, and critical infrastructure. New episodes every week. 💬 ENGAGE WITH US: Have questions or topics you'd like us to cover? Reach out! We love hearing from our community. #OTSecurity #OperationalTechnology #ICSSecurity #IndustrialControl #ZeroTrust #IdentitySecurity #NIS2 #EUCybersecurity #AISecurity #MachineLearning #IncidentResponse #SOC

    39 min

  4. 15 APR

    [2026] Critical: Vendor Lock-in - Ransomware

    Your automation vendor just announced a ransomware breach 🎯 IN THIS EPISODE: ​ Data breach analysis and incident response lessons​ Ransomware defense and recovery strategies​ AI and machine learning security risks​ Supply chain security and third-party risk​ Incident response and crisis management 📋 KEY TOPICS COVERED: ​ Critical Infrastructure Protection​ Ransomware Defense​ Supply Chain Security​ IEC 62443 Standard​ SCADA Security​ AI Security​ Vehicle Network Security 🔧 TECHNOLOGIES & STANDARDS: CERT • ISO • IEC • SCADA • PLC • CAN Bus 👥 WHO SHOULD LISTEN: This episode is perfect for CISOs, OT security engineers, infrastructure operators, compliance officers, cybersecurity consultants, and anyone responsible for protecting critical systems. 💡 WHAT YOU WILL LEARN: ​ How real attacks unfold in OT/ICS environments​ Practical defense strategies you can implement today​ Compliance considerations (NIS2, IEC 62443, NIST)​ Lessons from recent high-profile incidents 🎧 SUBSCRIBE & CONNECT: Subscribe for weekly deep dives into real cybersecurity incidents affecting OT, ICS, and critical infrastructure. New episodes every week. 💬 ENGAGE WITH US: Have questions or topics you'd like us to cover? Reach out! We love hearing from our community. #OTSecurity #OperationalTechnology #ICSSecurity #IndustrialControl #SCADA #Ransomware #Malware #AISecurity #MachineLearning #SupplyChain #ThirdPartyRisk #IncidentResponse

    44 min

  5. 13 APR

    [2026] Critical: The Plausibility Gap - IEC 62443

    Machine learning is now embedded in Level 0 field devices, making autonomous calibration decisions that your deterministic PLC blindly trusts 🎯 IN THIS EPISODE: ​ NIST cybersecurity framework implementation​ Railway and transportation cybersecurity​ AI and machine learning security risks​ Incident response and crisis management​ Shadow AI and unsanctioned machine learning 📋 KEY TOPICS COVERED: ​ Critical Infrastructure Protection​ Railway Cybersecurity​ IEC 62443 Standard​ AI Security​ Shadow AI Risks​ Sensor Validation 🔧 TECHNOLOGIES & STANDARDS: NIST • ISO • IEC • PLC • ECU 👥 WHO SHOULD LISTEN: This episode is perfect for CISOs, OT security engineers, infrastructure operators, compliance officers, cybersecurity consultants, and anyone responsible for protecting critical systems. 💡 WHAT YOU WILL LEARN: ​ How real attacks unfold in OT/ICS environments​ Practical defense strategies you can implement today​ Compliance considerations (NIS2, IEC 62443, NIST)​ Lessons from recent high-profile incidents 🎧 SUBSCRIBE & CONNECT: Subscribe for weekly deep dives into real cybersecurity incidents affecting OT, ICS, and critical infrastructure. New episodes every week. 💬 ENGAGE WITH US: Have questions or topics you'd like us to cover? Reach out! We love hearing from our community. #OTSecurity #OperationalTechnology #ICSSecurity #IndustrialControl #RailwaySecurity #TransportSecurity #AISecurity #MachineLearning #IncidentResponse #SOC #CriticalInfrastructure #CIP

    40 min

  6. 10 APR

    IBM Data Breach Report 2026: The $1.9M Resilience Gap and NIS2 Compliance

    Global breach costs just fell for the first time in five years. So why did US costs hit record highs? The answer reveals a market splitting in two: organizations with disciplined governance that absorb attacks and recover, and those entering a spiral of escalating costs and regulatory scrutiny. In this episode of Cybersecurity Under Pressure, we break down the technical details behind this incident and translate them into actionable lessons for security teams, engineers, and business leaders. We analyze the $1.9 million resilience gap, the 80-day detection advantage, and why AI adoption without operational discipline is just expensive theater. Topics covered: NIS2, incident response, CISO, data breach, IBM Data Breach Report. Subscribe for weekly analysis of real cybersecurity incidents affecting OT, ICS, and critical infrastructure environments. Keywords: NIS2, incident response, CISO, data breach, IBM Data Breach Report, NIS2 Compliance, Resilience Gap, Board Cybersecurity, Operational Discipline, AI Security Theater, CISO Leadership, Incident Response Metrics

    37 min

  7. 8 APR

    The 56% Problem: Why Attackers No Longer Need Passwords (IBM X-Force Analysis)

    The 2026 IBM X-Force Threat Intelligence Index reveals a chilling statistic: more than half of last year’s exploited vulnerabilities required zero authentication to breach. The barrier to entry hasn’t disappeared—it has shifted from sophistication to pure velocity. In this episode of Cybersecurity Under Pressure, we break down the technical details behind this incident and translate them into actionable lessons for security teams, engineers, and business leaders. In this episode we explore why "basic hygiene" is a dangerously vague concept and what "exposure management" actually means in practice. We break down the compression of the attack window from disclosure to exploitation, the rise of machine-to-machine identity as the new perimeter, and why your patching tempo measured in tickets is losing against adversaries measuring in API calls. Whether you’re managing cloud infrastructure or industrial control systems, this discussion reframes the boardroom conversation from "Are we protected?" to "Are we fast enough? Topics covered: industrial control, threat intelligence, xforce, problem, attackers. Subscribe for weekly analysis of real cybersecurity incidents affecting OT, ICS, and critical infrastructure environments. Keywords: industrial control, threat intelligence, xforce, problem, attackers, longer, passwords, analysis, threat, intelligence

    35 min

  8. 6 APR

    When Your Security Scanner Becomes the Trojan Horse: The CERT-EU Supply Chain Breach

    What happens when the tool you download to find vulnerabilities becomes the vulnerability itself? We dissect the European Commission breach where attackers exfiltrated 91.7GB of sensitive data through Trivy, a trusted open-source security scanner. We walk through the anatomy of a supply chain poisoning and the three concrete controls that would have contained the blast radius.. In this episode of Cybersecurity Under Pressure, we break down the technical details behind this incident and translate them into actionable lessons for security teams, engineers, and business leaders. Topics covered: supply chain attack, CERT-EU, Supply Chain Attack, Trivy, Open Source Security. Subscribe for weekly analysis of real cybersecurity incidents affecting OT, ICS, and critical infrastructure environments. Keywords: supply chain attack, CERT-EU, Supply Chain Attack, Trivy, Open Source Security, Artifact Provenance, CI/CD Security, European Commission Breach, security, supply, chain, breach

    43 min
See All (34)

About

This podcast breaks down real cybersecurity incidents to understand what actually went wrong, not in theory, but in practice. Each episode analyzes a recent attack, explains the technical mechanics in clear language, and translates them into concrete lessons for security, engineering, and business teams. Topics covered: OT security, ICS cybersecurity, industrial control systems, critical infrastructure protection, NIS2 compliance, Zero Trust architecture, operational technology resilience, railway cybersecurity, automotive security, and cyber-physical systems.

Information