(CS)²AI Podcast Show: Control System Cyber Security

Derek Harp
  • 5.0 (2)
  • TECHNOLOGY
  • UPDATED WEEKLY

Control System Cyber Security Association International, or (CS)²AI, is the premier global non-profit workforce development organization supporting professionals of all levels charged with securing control systems. With over 34,000 members worldwide, we provide the platform for members to help members, foster meaningful peer-to-peer exchange, continue professional education, and directly support OT and ICS cyber security professional development in every way. Our founder, Derek Harp, interviews cyber security leaders and brings relevant insights to help any company handle cybersecurity effectively.

  1. 131: OT Monitoring & SOC and Incident Response — Lessons from the Field with Cambios Academy

    FEB 4

    131: OT Monitoring & SOC and Incident Response — Lessons from the Field with Cambios Academy

    In this episode of the (CS)²AI Podcast, host Derek Harp is joined by Jonathan Pollet, Marc Visser, and Bryan Singer for a deep-dive Q&A discussion following CS2AI’s January 21st community event on OT Monitoring & SOC and Incident Response. Drawing on decades of hands-on experience across industrial environments worldwide, the panel expands on questions that couldn’t be fully addressed during the live sessions. The conversation explores why OT monitoring and SOC capabilities must come before incident response, and how poor network architecture, lack of visibility, and organizational silos continue to undermine response efforts when incidents occur. Jonathan outlines the architectural foundations required to support effective detection, response, and recovery, while Marc emphasizes the practical realities of implementing OT monitoring—from working with factory engineers to reducing alert fatigue and building usable SOC workflows. Bryan brings the incident responder’s perspective, sharing real-world insights from global OT incidents, including prolonged dwell times, ransomware impacts on production, and why organizations without proper segmentation and monitoring often experience the most severe and prolonged outages. The discussion also tackles common questions around Fusion SOCs vs. dedicated OT SOCs, the human challenges of translating OT data into actionable intelligence, and what asset owners should realistically expect from incident response retainers. This episode is a must-listen for OT practitioners, security leaders, and asset owners looking to move beyond theory and understand what actually works in the field. Whether you are just beginning your OT monitoring journey or refining mature SOC and IR capabilities, this discussion offers practical guidance rooted in real operational experience.

    43 min
  2. 130: S4’s “Connect” Theme Explained — Dale Peterson on OT Security’s Hyper-Connected Future

    JAN 14

    130: S4’s “Connect” Theme Explained — Dale Peterson on OT Security’s Hyper-Connected Future

    In this episode of the (CS)²AI Podcast, host Derek Harp is joined once again by Dale Peterson, Founder of the S4 Conference and one of the longest-standing voices in OT cybersecurity. As Dale marks 25 years in the industry, the conversation takes a forward-looking turn toward what he believes is the next major inflection point for industrial security: connectivity driven by AI, data, and business systems. Dale explains why the 2026 S4 Conference theme, Connect, is not just about networking people, but about the explosive growth of connections between OT systems, enterprise platforms, and analytics driven by AI. From MES, ERP, and PLCs to asset inventories and security telemetry, these connections are accelerating faster than most security teams are prepared for—often driven by business value rather than security design. Listeners will hear why manufacturing is emerging as the epicenter of this transformation, how AI is enabling real-time querying across operational systems, and why OT security teams must prepare for a future where their tools become just another data source in larger operational workflows. Dale also shares how this shift will reshape risk, attack surfaces, and even the role of humans in control and response. The episode also provides an inside look at S4 2026, including this year’s Proof-of-Concept Pavilion, where vendors will be forced to demonstrate their technologies live on a real manufacturing environment, as well as updates on attendance, ticket availability, and why this will be the final year S4 is held in Miami Beach before moving back to Tampa. This is a must-listen for OT security professionals, automation leaders, and anyone trying to understand how AI-driven connectivity will redefine both risk and opportunity across industrial environments in the years ahead.

    31 min
  3. 129: Why OT Cybersecurity Isn't a One-Tool Problem: Insights to be discussed at Level Zero

    03/27/2025

    129: Why OT Cybersecurity Isn't a One-Tool Problem: Insights to be discussed at Level Zero

    In this insightful episode of the (CS)²AI Podcast, host Derek Harp welcomes Jay Gignac, Vice President of Sales at FoxGuard Solutions, (CS)²AI Fellow and a passionate OT cybersecurity evangelist. The conversation centers around some of the most pressing challenges in the control systems industry—asset visibility, patch management, and community collaboration. Jay, who will be speaking at the upcoming Level Zero OT Cybersecurity Conference, offers expert-level advice for professionals navigating the complex world of operational technology security. Listeners will hear real-world examples of how OT differs from IT, particularly in areas like patching and compliance. Jay shares how asset discovery and lifecycle management remain fundamental hurdles, even after over a decade of cybersecurity initiatives. The discussion explores the nuances across industry verticals—energy, manufacturing, oil & gas—and underscores why tailored approaches are critical when securing diverse OT environments. This episode is a must-listen for OT professionals, cybersecurity leaders, and anyone attending Level Zero or looking to deepen their understanding of control systems security. Discover why collaboration, not just technology, is key to long-term success in the OT space. Whether you’re an engineer, a procurement officer, or a seasoned CISO, there’s valuable insight here for everyone working to protect the core of their company’s operations.

    15 min
  4. 128: From the Pentagon to Public Safety: Lucian Niemeyer’s Mission to Secure OT

    02/18/2025

    128: From the Pentagon to Public Safety: Lucian Niemeyer’s Mission to Secure OT

    Lucian Niemeyer, Chief Executive Officer of Building Cyber Security and former Assistant Secretary of Defense, joins Derek Harp to discuss the growing cyber risks to operational technology (OT) systems and the urgent need for proactive frameworks to protect public safety. Recorded live at Hack the Capitol 7.0, this episode delves into the vulnerabilities in smart buildings, connected infrastructure, and critical systems that could have life-threatening consequences if exploited. Lucian shares how his experience in national security shaped his focus on OT cybersecurity, emphasizing the physical impacts of cyberattacks on HVAC systems, elevators, and even water utilities. He introduces the concept of cyber commissioning, a process that ensures building systems are configured securely from the start. Lucian also explains how Building Cyber Security is creating industry-specific frameworks to help facility managers, building owners, and policymakers mitigate risks and reduce insurance liabilities. With increasing threats from ransomware, nation-states, and insider errors, this episode highlights why securing operational technology is critical to protecting both property and lives. Learn how Lucian’s nonprofit is driving collaboration across industries to address this rapidly evolving threat landscape.

    28 min
  5. 127: Unlocking the Power of Asset Inventory in OT Cybersecurity with Roya Gordon

    02/11/2025

    127: Unlocking the Power of Asset Inventory in OT Cybersecurity with Roya Gordon

    Roya Gordon, previously the Executive Industry Consultant - Operational Technology (OT) Cybersecurity at Hexagon Asset Lifecycle Intelligence and currently, is the Deputy CISO at ENGIE North America Inc., joins Derek Harp live from Hack the Capitol 7.0 to explore the evolving landscape of asset inventory in operational technology (OT). Roya breaks down the differences between asset visibility, inventory, and management, sharing her firsthand experiences from both passive and configuration-based methodologies. Roya highlights the critical role of asset inventory in building a strong OT cybersecurity foundation. From distinguishing between passive and active network monitoring to the importance of configuration management, she emphasizes how a multi-layered approach can offer comprehensive visibility and risk management. Roya also dives into why organizations often overlook configuration change management, and how integrating different solutions can optimize security efforts. Whether you’re a seasoned OT professional or just starting your cybersecurity journey, this episode offers valuable insights into improving asset management, reducing risks, and fostering collaboration between vendors and operators.

    24 min
  6. 126: Shifting Left: Why Secure Software Starts at the Design Stage

    02/04/2025

    126: Shifting Left: Why Secure Software Starts at the Design Stage

    In this episode of the (CS)²AI Podcast, host Derek Harp welcomes Mehdi Tarrit Mirakhorli, Associate Professor at the University of Hawaii and a Cybersecurity Expert, to discuss Secure by Design—a fundamental shift in how we develop and deploy software in industrial control systems (ICS) and operational technology (OT). With over 15 years of R&D experience for DARPA, the Air Force, and DHS, Mehdi shares why modern software is inherently vulnerable and how we can learn from aviation, medical, and safety-critical industries to build resilient systems from the ground up. The conversation dives deep into the risks of insecure by design software, the challenges of implementing true security practices, and the role of government policies in shifting liability from users to vendors. Mehdi explains the importance of threat modeling, attack surface analysis, and secure architecture frameworks to mitigate cyber threats before they arise. He also highlights how software development must evolve beyond rapid deployment cycles to integrate security as a core design principle. If you’re an ICS professional, cybersecurity engineer, or software developer, this episode provides actionable insights on reducing vulnerabilities at scale, implementing proactive security measures, and preparing for the future of cyber threats. Subscribe now and stay ahead in the ever-evolving world of industrial cybersecurity!

    35 min
  7. 125: Decoding SBOMs: Kyle McMillian on Cybersecurity and Supply Chain Transparency

    01/28/2025

    125: Decoding SBOMs: Kyle McMillian on Cybersecurity and Supply Chain Transparency

    Derek Harp welcomes Kyle McMillian, Product Security Officer at Siemens, to discuss the evolving landscape of software bill of materials (SBOMs) and their role in modern cybersecurity. Recorded live at Hack the Capitol 7.0, this conversation unpacks the challenges and opportunities posed by SBOMs in an industry grappling with legacy systems and modern threats. Kyle dives into the origins of SBOMs, their role in addressing vulnerabilities like Log4J, and their potential to transform procurement, risk management, and incident response. He emphasizes the importance of balancing transparency with practicality, noting that SBOMs are a starting point for broader cybersecurity conversations. With his unique perspective from a leading equipment manufacturer, Kyle shares insights into how SBOMs can help bridge the gap between IT and OT systems. This episode is essential for anyone looking to understand the future of cybersecurity and the critical role of SBOMs in securing industrial control systems. Learn how these tools can foster trust, streamline risk management, and improve collaboration across the industry.

    27 min
  8. 124: Capture the Flag: Transforming Cybersecurity Training with Kenneth Warren

    01/21/2025

    124: Capture the Flag: Transforming Cybersecurity Training with Kenneth Warren

    Derek Harp sits down with Kenneth Warren, Staff OT and Offensive Security Engineer at GRIMM Cyber, to discuss how gamification and Capture the Flag (CTF) competitions are revolutionizing cybersecurity training. Recorded live at Hack the Capitol 7.0, this conversation explores how CTFs and cyber ranges create safe, hands-on environments for learning offensive and defensive cybersecurity skills. Kenneth explains how CTFs offer opportunities to tackle real-world scenarios, from navigating complex networks to interacting with industrial control protocols. Whether you're an experienced professional or a newcomer to the field, CTFs provide a unique way to build and refine your skills. He also highlights how gamification reaches audiences that traditional training might miss, making learning engaging and accessible. This episode provides insights into the growing role of gamified learning in cybersecurity and how it’s inspiring the next generation of professionals. Discover how these competitions foster collaboration, creativity, and innovation in a rapidly evolving industry.

    23 min
See All (133)

Ratings & Reviews

5
out of 5
2 Ratings

About

Control System Cyber Security Association International, or (CS)²AI, is the premier global non-profit workforce development organization supporting professionals of all levels charged with securing control systems. With over 34,000 members worldwide, we provide the platform for members to help members, foster meaningful peer-to-peer exchange, continue professional education, and directly support OT and ICS cyber security professional development in every way. Our founder, Derek Harp, interviews cyber security leaders and brings relevant insights to help any company handle cybersecurity effectively.

Information