Industrial Cybersecurity Insider

Industrial Cybersecurity Insider
  • 0.0 (0)
  • MANAGEMENT
  • UPDATED WEEKLY

Industrial Cybersecurity Insider offers a thorough look into the field of industrial cybersecurity for manufacturing and critical infrastructure. The podcast delves into key topics, including industry trends, policy changes, and groundbreaking innovations. Each episode will feature insights from key influencers, policy makers, and industry leaders. Subscribe and tune in weekly to stay in the know on everything important in the industrial cybersecurity world!

  1. 2 DAYS AGO

    Federal Agencies Can Enter Private Networks to Hunt Malware. Is Your Plant Prepared?

    Dino and Jim break down a major shift in the cyber threat landscape: federal agencies obtaining legal authority to enter private networks to hunt down state-sponsored malware, and what that signals for industrial organizations. They discuss why critical infrastructure and supply chains are prime targets, how “soft targets” in OT and building automation get exploited, and why many companies still lack visibility into what’s happening on the plant floor. The conversation zooms in on real-world exposure points, especially unmanaged vendor remote access and end-of-life equipment, and closes with practical themes for leadership. Stop assuming “IT has it covered” Define measurable OT security outcomesStart taking steps that make disruption harder and detection faster. Chapters: (00:00:00) Why identity, trust, and vendor access are breaking down in modern plants(00:01:00) The episode’s trigger: government-led operations to remove malware from private networks(00:03:00) “Machete scanning” and why IT-style tactics can disrupt OT operations(00:05:00) The real target set: critical infrastructure, supply chains, and smaller utilities with limited resources(00:08:00) Collateral damage and how cyber “weapons” trickle down to criminal ransomware(00:13:00) Why OT is still a soft target: visibility gaps, unpatched systems, and weak segmentation(00:14:00) Remote access everywhere: OEM/SI pathways, unknown identities, and lack of governance(00:20:00) The logging gap: what IT sees vs. what OT can’t see (and why that matters for incident response)(00:24:00) Building automation and facilities systems as weak links attackers love(00:26:00) Executive accountability: what boards should be measuring after breaches (and why progress stalls) Links And Resources: Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedIn Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

    32 min

  2. 29 APR

    The Phishing Attack That Could Have Shut Down a Plant Floor

    A real-world case study shows how a single phishing email led to credential and MFA compromise, creating an urgent question for any industrial organization: Did the attacker reach the OT environment? Dino and Jim walk through how OT visibility, secure remote access controls, and continuous monitoring enabled rapid validation of what happened. They were able to prove the breach did not impact control systems and avoid an expensive, safety-driven shutdown of a continuous manufacturing process. The episode connects technical controls to executive outcomes, including resilience, duty of care, and the financial reality that “not knowing” can be as costly as an actual compromise. Chapters: (00:00:00) Why continuous manufacturing makes “abundance of caution” shutdowns so costly(00:01:00) What “OT continuous monitoring” means and why it matters in real incidents(00:03:00) Safety and connected environments: why “it can go boom” changes the stakes(00:05:00) Baselines: defining “normal” so abnormal behavior is actionable(00:07:00) Incident story: phishing email leads to credential and MFA compromise(00:09:00) What the team validated: tracing access and confirming OT was not impacted(00:10:00) Lessons from Colonial Pipeline: inability to validate can force shutdowns(00:11:00) OT reality check: Windows assets, HMIs, historians, and engineering workstations(00:13:00) Secure OT remote access: why VPN-only access is not sufficient(00:16:00) The payoff: avoided downtime, avoided product loss, and avoided disruption(00:19:00) Executive view: duty of care, liability, compliance, and protecting enterprise value(00:23:00) The “air gap” myth and why defense-in-depth is the only practical path Links And Resources: Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedIn Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

    26 min

  3. 21 APR

    Your Most Valuable & Underutilized Cybersecurity Asset

    In this episode, Dino and LuRae address why system integrators, OEMs, and ecosystem partners are often a manufacturer’s most underused cybersecurity resource. Dino explains why many IT leaders lack real visibility into the plant floor, what it takes to operationalize OT security beyond “checking the box,” and why asset inventory is the first practical step toward protecting control systems. The conversation also covers the realities of remote access after COVID, the need for governance measures such as change control and auditing, and why manufacturers should build real partner relationships rather than purely transactional vendor engagements. Chapters: (00:00:00) OT security requires time inside the plant, not an “ivory tower” view(00:01:00) Introducing Dino and the topic: partners as a cybersecurity asset(00:02:00) Why OT assets get excluded from cybersecurity strategy(00:03:00) The real opportunity: system integrators and OEMs already in the plant(00:05:00) Getting started: identify who’s working in each facility(00:08:00) Step one: accurate OT asset inventory and visibility(00:10:00) Remote access: detect, audit, and control what partners are doing(00:12:00) “Compliance” vs. operational reality on the plant floor(00:16:00) Resourcing reality: why most teams cannot self-perform OT security(00:20:00) Final advice: budget, ROI of downtime, and act before the incident Links And Resources: Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedIn Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

    26 min

  4. 14 APR

    OT Patching vs IT Patching: What's Commonly Misunderstood

    Most cybersecurity teams treat patching like a universal fix. In manufacturing, that assumption can take down a production line, trigger a safety event, or void the warranty on a $2 million piece of equipment. In this episode, Dino Busalachi and Craig Duckworth break down why patching in operational technology environments is a fundamentally different problem than patching enterprise IT — and why closing that gap requires more than just pushing an update. The bottom line: A firewall is not a patching strategy. Neither is hoping your systems are isolated. Organizations that get this right use risk-based prioritization, lab testing, virtual patching, and real collaboration between IT and OT teams. If you are responsible for a plant floor — or for the people who are — this conversation is for you. 🎙️ Industrial Cybersecurity Insider is where C-suite leaders, plant managers, engineers, and security teams come to close the gap between IT and OT. 🔔 Subscribe so you never miss an episode. Chapters: (00:00:00) Why assessing OT cybersecurity posture and asset visibility is hard(00:01:00) IT patches constantly, OT rarely does, and why that gap matters(00:03:00) Downtime costs: a broken patch in OT can stop the entire plant(00:05:00) OEM “don’t touch it” policies and warranty pressure(00:08:00) M&A due diligence: buying plants without knowing the cyber condition(00:09:00) CrowdStrike outage example and why agent-based tools are risky in OT(00:10:00) Virtual patching: protecting PLCs and legacy assets you cannot patch(00:14:00) Vendor guidance, upgrade rewrites, and “acceptable risk” decisions(00:17:00) Hidden exposure: guest Wi‑Fi, tablets, remote access, and “air gaps”(00:20:00) Best practices: inventory, continuous monitoring, vulnerability metrics, and cross-team alignment Links And Resources: Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedIn Thanks so much for joining us this week. Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

    28 min

  5. 6 APR

    Who Actually Owns OT Cybersecurity? Not Who You Think

    Dino and Craig break down what they are seeing in real industrial environments as companies begin the OT cybersecurity journey. They outline why most organizations are still in an “unaware to awareness” phase, what creates the “oh wow” moment after the first pilot, and why ownership and execution often falls to plant-floor teams and their OEM and integrator partners. The conversation covers the limits of surface-level visibility, why accurate asset inventory and remote access control are foundational, and how practical constraints like flat networks, legacy switches, warranty concerns, and limited human capital can stall progress. They also share cautionary examples of IT-first security tooling causing operational impact, and they close with a clear message: think globally, act locally, and build a defensible OT program that matches how plants actually run. Chapters: (00:00:00) Why OT vulnerabilities and remote access are the real “kicker”(00:01:00) The market reality: 60% unaware, 30% starting, 10% operationalized(00:03:00) Who owns remediation: IT vs OT and the plant-floor accountability gap(00:05:00) Why “visibility” often stops at Purdue Level 3 and misses Level 2 assets(00:07:00) OEMs, integrators, and why support models matter in OT cybersecurity(00:09:00) Flat networks, north-south traffic, and why you still miss panel-level devices(00:11:00) The human capital problem and why outsourcing is often unavoidable(00:18:00) A real-world warning: EDR in ICS can create massive operational cost(00:20:00) Safety, quality, and cybersecurity: the three things leaders will fund(00:24:00) Change management failures and why monitoring PLC edits matters Links And Resources: Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedIn Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

    31 min

  6. 30 MAR

    You Think Your Plant Is Secure. Your Data Says Otherwise.

    Craig Duckworth sits down with CIO and Chief Enterprise Architect Shellie D'Angelo to address why so many OT and IT modernization efforts stall out at the foundation. Shellie explains why data governance must come before “another tool,” how inconsistent data quality quietly sabotages reporting and risk decisions, and why leadership transparency is the fastest path to maturity. Craig and Shellie also explore the reality of shadow IT on the plant floor, the growing impact of AI as both a defensive advantage and an attacker accelerator, and the practical steps teams can take to move from reactive chaos to measurable business outcomes. Chapters: (00:00:00) Why honest risk conversations are the starting line(00:01:00) Shellie’s background: rebuilding enterprise tech foundations(00:02:00) OT/IT convergence: start with business drivers and data governance(00:05:00) “Tools first” vs business-first security decisions(00:08:00) Knowing what you have before buying more tools(00:11:00) How far along are most organizations, really?(00:15:00) AI as a double-edged sword: defense vs attacker acceleration(00:18:00) Where to start: inventory first vs governance structure(00:22:00) OT tech is often easier prey: PLCs, HMI/SCADA, cameras(00:25:00) Partnering vs going it alone: don’t reinvent the wheel(00:26:00) Tech debt and why technology can’t be an afterthought(00:29:00) Governance should increase speed, not slow it down(00:30:00) Final advice: “turn chaos into cash” and own your impact Links And Resources: Shellie D'Angelo on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedIn Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

    33 min

  7. 24 MAR

    Two Major Cybersecurity Shifts the Industry Isn't Prepared For with Simon Chassar

    Dino Busalachi sits down with Simon Chassar, former Chief Revenue Officer at Claroty and current OT cybersecurity advisor and investor, to explore the evolution and future of industrial cybersecurity. Simon shares insights from his decade-long journey in the space, discussing how OT asset visibility has become commoditized and why the industry is experiencing two major shifts: moving right toward threat-led SOC services and perimeter protection, and moving left toward secure-by-design approaches and attack simulation. They dive into the persistent challenge of self-performing versus partnering with specialized integrators, the critical skills shortage commanding 30-40% salary premiums, and why AI is both accelerating security challenges and offering new solutions. Simon reveals how private equity firms are finally prioritizing OT cybersecurity at the board level, discusses the emerging OT SOC landscape, and explains why the traditional IT security budget model is failing operational technology environments. The conversation addresses the disconnect between IT leadership and the OT ecosystem, the proliferation of unmanaged remote access technologies, and the urgent need for manufacturers to engage their trusted system integrators and OEMs as cybersecurity partners before the next major incident occurs. Chapters: (00:00:00) - Meet Simon : From Claroty's Hypergrowth to OT Security's Next Chapter(00:02:00) - The Commoditization of OT Asset Visibility(00:04:00) - Two Major Industry Shifts: Right and Left(00:07:00) - The Self-Performing Problem: Why OT Security Becomes Shelfware(00:10:00) - IT/OT Convergence and the Skills Gap Crisis(00:13:00) - Secure by Design and the AI Leapfrog(00:15:00) - AI Uncovers Hidden OT Vulnerabilities and Risks(00:18:00) - Funding Models and Private Equity's Cybersecurity Awakening(00:22:00) - Why the OT Ecosystem Must Drive Its Own Security Strategy(00:25:00) - M&A Activity and Consolidation in OT Cybersecurity(00:27:00) - The Rise of OT SOCs and MSP Partnerships Links And Resources: Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedIn Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

    31 min

  8. 16 MAR

    The Connected Plant Floor: What S4X26 Revealed

    Craig and Dino recap their experience at S4X26, the leading global OT cybersecurity conference in Miami. They discuss the conference's "connected" theme and how AI is creating an inflection point in industrial cybersecurity, driving unprecedented connectivity between IT and OT environments. The hosts explore the challenges of the "silver tsunami" as experienced engineers retire, how AI-powered tools are being embedded directly into edge devices and industrial products from vendors like Cisco and Fortinet, and why the regulatory landscape in Europe is advancing faster than other regions. They emphasize the importance of connecting with peers and partners in the OT security community, highlight key vendors and technologies showcased at the event, and explain why both IT and OT professionals should attend S4X together to bridge the knowledge gap. The episode concludes with details about next year's expanded conference in Tampa, February 8-11. Chapters: (00:00:00) - Random Encounter with Team USA Hockey in Miami(00:01:00) - S4X26 Conference Kickoff: The "Connected" Theme(00:03:00) - AI as the Inflection Point for OT Connectivity(00:05:00) - AI Embedded in Edge Devices and Vendor Technologies(00:07:00) - First-Time Attendee Experiences and Key Takeaways(00:10:00) - Europe's Cyber Resiliency Act and Regulatory Advancements(00:12:00) - Vendor Presence and the OT Technology Marketplace(00:14:00) - S4X27 Moving to Tampa: February 8-11, 2027(00:16:00) - AI's Role in Addressing the Silver Tsunami(00:18:00) - Final Thoughts: Why IT and OT Teams Should Attend Together Links And Resources: Want to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedIn Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

    20 min
See All (125)

About

Industrial Cybersecurity Insider offers a thorough look into the field of industrial cybersecurity for manufacturing and critical infrastructure. The podcast delves into key topics, including industry trends, policy changes, and groundbreaking innovations. Each episode will feature insights from key influencers, policy makers, and industry leaders. Subscribe and tune in weekly to stay in the know on everything important in the industrial cybersecurity world!

Information

  • Creator
    Industrial Cybersecurity Insider
  • Years Active
    2023 - 2026
  • Episodes
    125
  • Rating
    Clean
  • Copyright
    © Copyright 2026 Industrial Cybersecurity Insider
  • Show Website
    Industrial Cybersecurity Insider

You Might Also Like