Industrial Cybersecurity Insider

Industrial Cybersecurity Insider
  • 0.0 (0)
  • Management
  • Updated weekly

Industrial Cybersecurity Insider offers a thorough look into the field of industrial cybersecurity for manufacturing and critical infrastructure. The podcast delves into key topics, including industry trends, policy changes, and groundbreaking innovations. Each episode will feature insights from key influencers, policy makers, and industry leaders. Subscribe and tune in weekly to stay in the know on everything important in the industrial cybersecurity world!

  1. 5 days ago

    It's Control System Integrity not just OT Cybersecurity

    Many manufacturers don't realize that an investment in OT Cybersecurity also enhances Control System Integrity. In this rewind episode, Craig and Dino dig into why so many OT intrusion detection platforms get installed but never become truly operational. They address what gets lost when IT owns the tool while OT owns the equipment, and why the word “cybersecurity” itself can stall progress the moment it lands on the plant floor. They land on a question every CISO, plant leader, and engineering director should be asking right now: who at your sites actually knows how to use the tools you have already paid for, and how do you bring the OT ecosystem into the room before the next outage forces you to? Chapters: (00:00:00) Cold Open: The Diagnostic Tool Sitting Unused in Your Plant(00:01:00) Shadow OT Versus Shadow IT and Why the Distinction Matters(00:02:30) Why IT Gets Left Out of Industrial Lifecycle Decisions(00:04:00) Reframing Cybersecurity as Control System Integrity(00:05:00) The 8:10 AM Production Shutdown Mystery(00:07:00) Three Rogue Servers Hiding in Plain Sight(00:08:00) A Brewery, a Misconfigured Module, and a Network No One Could Diagnose(00:10:00) Buying an MRI Machine and Refusing to Turn It On(00:12:00) Bringing the OT Ecosystem to the Table(00:15:00) Why IT Needs New Friends in Manufacturing Links And Resources: Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedIn Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

    18 min

  2. 15 Jun

    Is AI Becoming Your Plant Floor's Biggest Vulnerability?

    Craig and Dino dig into the widening gap between IT and OT and why the plant floor keeps getting left behind. They break down what Dragos ' acquisition of Phosphorus signals for the future of IoT security in manufacturing, from cameras and label printers to X-ray inspection systems that ship with default passwords and almost never get patched. The conversation gets sharp on artificial intelligence: the same models helping plants work smarter are now lowering the barrier for attackers, putting Stuxnet-style capabilities into the hands of people who lack the resources and sophistication that nation states once needed. Craig and Dino expose the everyday habits that leave operations vulnerable, including system integrators plugging personal laptops straight into production networks, locked USB ports that solve only half the problem, and remote access so wide open that a single entry point can expose an entire plant. They argue that nobody truly owns OT cyber hygiene, that frameworks like IEC 62443 and the NIST 800 82 series get named in RFPs but rarely enforced, and that leaders keep tripping over dollars to pick up nickels by choosing the cheapest bid over real protection. It's a candid, experience-driven look at why industrial security moves so slowly and what plant leaders, engineers, and security teams can actually do about it. Chapters: (00:00:00) - AI Enters the OT Battlefield(00:01:30) - Why IoT Is Creeping Onto the Plant Floor(00:03:30) - Printers, Cameras, and the Default Passwords Nobody Owns(00:06:00) - Dragos, Phosphorus, and the Managed Services Question(00:08:00) - How AI Lowers the Bar for Attacking Control Systems(00:09:40) - Stuxnet Then vs. AI-Powered Attacks Now(00:12:00) - The Laptop in the Plant: Contractors, USBs, and Open Networks(00:16:00) - Frameworks on Paper vs. Reality (IEC 62443 & NIST 800-82)(00:19:00) - Tripping Over Dollars to Pick Up Nickels(00:24:00) - Short-Tenure CISOs and Why You Shouldn't Go It Alone Links And Resources: Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedIn Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

    27 min

  3. 9 Jun

    Is Your IIoT Strategy Creating More Security Risks?

    Craig and Dino address one of the most overlooked problems in OT security: the IIoT devices your security tools don't automatically detect. Most OT intrusion detection platforms do a reasonable job of identifying core control-layer assets such as PLCs, drives, and motor control centers. The problem is everything else. Laptops plugged into the network, third-party devices brought in by contractors, and a growing range of connected IIoT equipment often go completely undetected. Those are the gaps where risk accumulates. Craig and Dino explain why the belief that machines are air-gapped is a dangerous myth, how PLCs acting as gateways prevent intrusion detection platforms from seeing the devices behind them, and why an asset inventory is not the same as knowing your real risk and CVE exposure in multi-vendor environments. They reframe OT cybersecurity as a process-integrity problem and show how unmanaged network activity, third-party remote access, and even routine IT security scans can quietly degrade OEE and trigger unplanned downtime that costs millions. Using predictive-maintenance analogies such as thermal, harmonics, and vibration sensing, they make the case for treating digital anomalies the same way mature plants already treat mechanical ones. They close by examining why so many OT detection tools become shelfware, how to escape alert fatigue, and the two practical paths to real IT/OT convergence: building the right relationships with OEMs, system integrators, and AEC partners, and designing security-ready facilities from the ground up. It's a practical listen for CISOs, plant and engineering leaders, and OT/IT teams responsible for securing manufacturing and critical infrastructure. Chapters: (00:00:00) - Why No Industrial Asset Is Truly Air-Gapped(00:01:08) - IoT vs. IIoT: How OT Assets Get Classified(00:03:15) - The Control-Layer Blind Spot: Drives, Robots, and Motor Controls(00:05:25) - How PLC Gateways Hide Assets From Intrusion Detection(00:07:30) - Asset Inventory Isn't Risk: The CVE Gap in Multi-Vendor Plants(00:08:55) - When Cyber Blind Spots Become Costly Downtime(00:10:05) - Process Integrity: How Security Scans Disrupt Production(00:11:35) - Predictive Maintenance Meets Digital Anomaly Detection(00:17:45) - Avoiding OT Shelfware and Alert Fatigue(00:19:45) - IT/OT Convergence: Choosing a Partner and Building Secure-by-Design Links And Resources: Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedIn Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

    22 min

  4. 3 Jun

    Five Federal Agencies. One Zero-Trust OT Briefing. Most Haven't Read it.

    The joint CISA, FBI, Department of War, Department of Energy, and Department of State briefing on adapting Zero Trust to operational technology landed on April 29. Has OT leadership read it? In this episode, Craig and Dino address how the European Cyber Resilience Act is quietly forcing US plants into failed audits, why IT teams still see less than a third of OT assets, how EDR tools are taking down $100K-an-hour packaging lines, and why only a handful of integrators in North America have a real OT cybersecurity practice. They walk through what zero trust and micro-segmentation actually look like inside a 20-year-old plant with flat layer-two networks, DLR rings, jump boxes, and Cradlepoint workarounds, and lay out the first concrete move every CISO and CIO should make to start closing the IT/OT gap. Chapters: (00:00:00) - Cold Open: How the European CRA Is Failing US Plants(00:01:30) - The April 29 CISA/FBI Zero Trust in OT Briefing Nobody Read(00:05:00) - Compliance Without Teeth: Why US Regulations Aren't Moving the Needle(00:07:30) - When CrowdStrike Shuts Down a $100K-an-Hour Packaging Line(00:10:30) - The Visibility Gap: IT Sees Less Than a Third of OT Assets(00:15:30) - OEM Resistance: The Million-Dollar, Six-Month Cybersecurity Tax(00:18:30) - The Cradlepoint Workaround: How Plant Managers Bypass IT(00:21:30) - Layering Zero Trust onto a 20-Year-Old Plant Without Rip-and-Replace(00:25:30) - Why Only 5–10 of 1,000 Integrators Have a Real OT Cyber Practice(00:31:30) - Where CISOs Should Actually Be Looking (Hint: Not RSA or Black Hat) Links And Resources: Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedIn Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

    36 min

  5. 27 May

    IT vs OT: The Internal Misalignment Costing Manufacturers Millions

    Most manufacturing organizations still operate with a dangerous blind spot: IT and OT teams working in completely different dimensions with no shared visibility into plant floor cybersecurity. In this episode, Dino and Jim break down why 90% of manufacturers remain in the unaware-to-awareness phase when it comes to OT cybersecurity. They address what happens when IT tries to shoehorn enterprise security into operational environments they don't understand, and how the lack of collaboration between these two groups leads to costly unplanned downtime — sometimes at $100,000 per hour or more. Drawing from real client engagements, they reveal why OT must take a leadership role in cybersecurity (just like safety), how OT IDS tools can deliver operational value far beyond threat detection, and what it actually takes to get IT and OT speaking the same language before a breach forces them to. Chapters: (00:00:00) - Why IT and OT Need to Get to the Table Now(00:01:47) - Cats and Dogs Living Together: The IT/OT Culture Clash(00:03:00) - 90% of Manufacturers Are Still in the Dark on OT Cyber(00:06:00) - What Is OT and Why Don't OT People Know They're OT?(00:08:45) - Real Client Story: The Missing OT Team on a Global Kickoff(00:13:00) - Ask Forgiveness, Not Permission: How OT Workarounds Create Risk(00:15:00) - The OT IDS Tool Nobody's Sharing With OT(00:19:30) - Why Manual Discovery Assessments Are Throwing Money Away(00:21:00) - 15 Switch Manufacturers in One Plant: The Architecture Nightmare(00:25:30) - OT Cybersecurity Is the New Safety — Treat It Like One(00:29:00) - Final Advice for IT and OT Teams Ready to Converge Links And Resources: Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedIn Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

    35 min

  6. 19 May

    OT Security Isn't an IT Problem: What it Takes to Get it Right

    Craig sits down with Wil Klusovsky, a 26-year cybersecurity veteran and CRO at viLogics, to break down why asset visibility and exposure management are the foundation of any solid OT security strategy. From the myth of the air-gapped shop floor to the real-world math behind quantifying cyber risk in dollars and cents, Will and Craig explore how manufacturers can move beyond fear-based selling, bridge the gap between IT and operations, and build programmatic cybersecurity that protects both production uptime and the bottom line. They discuss how to frame cyber risk as business risk, why compensating controls and context matter more than raw vulnerability numbers, and why the CISO's real job is "chief inside selling officer." Chapters: (00:00:00) - Welcoming Will to the Podcast!(00:02:12) - Why Asset Visibility Is the Starting Point for OT Security(00:03:48) - The Air Gap Myth and Legacy Systems on the Shop Floor(00:04:52) - Translating Cyber Risk Into Dollars and Cents(00:07:05) - Quantifying Downtime: Mean Time to Recovery and True Cost of Ownership(00:09:55) - Risk Appetite: Spend to Mitigate or Accept the Exposure?(00:11:32) - Who Really Owns the Risk? Executives, Not CISOs(00:13:00) - Uptime, OEE, and Why Cybersecurity Risk Is Business Risk(00:15:45) - Remote Access Risks and Competing Priorities on the Shop Floor(00:18:04) - The "Chief Inside Selling Officer" — Getting Buy-In Before Budget(00:19:48) - The Get Out of Jail Free Card: Aligning Incentives Across Teams(00:22:30) - Context Over CVE Counts: 600 Critical Vulns, Zero Exploitable(00:25:42) - Prioritizing Remediation by Business Impact, Not Severity Score(00:26:30) - Wrap-Up and Part 2 Preview: Business Impact Analysis Links And Resources: Wil Klusovsky on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedIn Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

    27 min

  7. 12 May

    OT Cybersecurity: Is the Purdue Model Still Useful?

    Is the Purdue Model outdated, or simply misunderstood? In this episode, Dino sits down with Ken Kully (Rockwell Automation) for a candid, practitioner-level conversation about what the Purdue Model still gets right. They discuss where it falls short in modern environments, and why “IT/OT convergence” remains more of a people-and-process challenge than a technology problem. They break down the reality on the plant floor: long-lived legacy systems, inconsistent architectures across sites, limited maintenance windows, and the operational consequences of downtime. The discussion also tackles the everyday friction points: MFA, shared operator accounts, unmanaged vendor laptops, and remote access “surprises”, and why you can’t improve OT security posture without a trustworthy asset inventory and segmentation that keeps systems “in their lane.” Chapters: (00:00:00) Intro + why this Purdue conversation matters now(00:01:00) Ken’s background: from process environments to OT cyber delivery readiness(00:04:00) The big question: has the Purdue Model outlived its usefulness?(00:07:00) Framework vs. strict blueprint: “Purdue enough” in real plants(00:09:00) IT/OT convergence: why it’s a people + process problem (not tech)(00:12:00) The “silver tsunami” and why security UX fails on the plant floor(00:15:30) MFA, shared logins, and why “security gets in the way” still shows up(00:18:00) Legacy reality: Windows 98/7 boxes, vendor lock-in, and downtime economics(00:21:00) Discovery first: diagrams, configs, and why documentation is always missing(00:23:30) Purdue as a map: brokering traffic, one-up/one-down, and the “3.5” DMZ(00:26:00) When devices try to “escape the box”: unexpected outbound comms + exposure risk(00:28:30) Vendor/OEM access: the unmanaged laptop problem in OT(00:32:00) Asset inventory as the unlock: you can’t defend what you don’t know exists(00:34:00) Why IT often won’t “crawl the plant,” and what that means operationally(00:36:30) Scale problem: 30 plants, 30 realities—standardize globally, execute locally(00:38:30) The SI/OEM “third leg”: why trusted integrators are key to sustainable OT security(00:40:30) Closing + crossover: continuing the discussion on Ken’s OT After Hours podcast Links And Resources: Kenneth Kully on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedIn Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

    48 min

  8. 6 May

    Federal Agencies Can Enter Private Networks to Hunt Malware. Is Your Plant Prepared?

    Dino and Jim break down a major shift in the cyber threat landscape: federal agencies obtaining legal authority to enter private networks to hunt down state-sponsored malware, and what that signals for industrial organizations. They discuss why critical infrastructure and supply chains are prime targets, how “soft targets” in OT and building automation get exploited, and why many companies still lack visibility into what’s happening on the plant floor. The conversation zooms in on real-world exposure points, especially unmanaged vendor remote access and end-of-life equipment, and closes with practical themes for leadership. Stop assuming “IT has it covered” Define measurable OT security outcomesStart taking steps that make disruption harder and detection faster. Chapters: (00:00:00) Why identity, trust, and vendor access are breaking down in modern plants(00:01:00) The episode’s trigger: government-led operations to remove malware from private networks(00:03:00) “Machete scanning” and why IT-style tactics can disrupt OT operations(00:05:00) The real target set: critical infrastructure, supply chains, and smaller utilities with limited resources(00:08:00) Collateral damage and how cyber “weapons” trickle down to criminal ransomware(00:13:00) Why OT is still a soft target: visibility gaps, unpatched systems, and weak segmentation(00:14:00) Remote access everywhere: OEM/SI pathways, unknown identities, and lack of governance(00:20:00) The logging gap: what IT sees vs. what OT can’t see (and why that matters for incident response)(00:24:00) Building automation and facilities systems as weak links attackers love(00:26:00) Executive accountability: what boards should be measuring after breaches (and why progress stalls) Links And Resources: Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedIn Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

    32 min
See All (132)

About

Industrial Cybersecurity Insider offers a thorough look into the field of industrial cybersecurity for manufacturing and critical infrastructure. The podcast delves into key topics, including industry trends, policy changes, and groundbreaking innovations. Each episode will feature insights from key influencers, policy makers, and industry leaders. Subscribe and tune in weekly to stay in the know on everything important in the industrial cybersecurity world!

Information

  • Creator
    Industrial Cybersecurity Insider
  • Years Active
    2023 - 2026
  • Episodes
    132
  • Rating
    Clean
  • Copyright
    © Copyright 2026 Industrial Cybersecurity Insider
  • Show Website
    Industrial Cybersecurity Insider

You Might Also Like