Cybersecurity Under Pressure. Real Attacks, Real Lessons

Antonio González

This podcast breaks down real cybersecurity incidents to understand what actually went wrong, not in theory, but in practice. Each episode analyzes a recent attack, explains the technical mechanics in clear language, and translates them into concrete lessons for security, engineering, and business teams. The focus is on operational reality, decision making under pressure, and the controls that truly reduce risk in production environments.

  1. 1D AGO

    Jeep, Gateways and the Myth of Clean Isolation

    In this episode, we dive into why the infamous Jeep hack is not just nostalgia, but a live architectural problem that the automotive sector still wrestles with today. While connected features demand reach and product teams crave convenience, we explore how modern vehicle architectures struggle to neatly isolate trust boundaries in the real world.In theory, gateways, domain controllers, and embedded firewalls should separate critical functions. In practice, however, diagnostics, telematics, backend services, and over-the-air update paths keep creating privileged bridges across those very boundaries. The core challenge isn't simply about better CAN bus segmentation; it’s about whether a vehicle platform, already frozen across suppliers, validation cycles, and cost targets, can remain cleanly isolated as remote services and lifecycle updates continue to expand. The real risk is a security boundary that only exists on paper and gets looser with every program year. Join us as we unpack why the trust problem never truly left, but simply moved, and how emerging frameworks like UN R155, UN R156, and ISO/SAE 21434 are attempting to address these critical vulnerabilities

    36 min

  2. 3D AGO

    Rail Service Risk Starts Outside the SIL Boundary

    In this episode of Cybersecurity Under Pressure: Real Attacks, Real Problems, we explore the rapidly evolving threat landscape facing modern railway networks. The era of 'security by isolation' is officially over, as digital twins, AI, and interconnected operational technologies turn railways into massive, distributed attack surfaces. We break down real-world cyber incidents, including the 2023 Poland 'radio stop' attacks, the 2024 UK station Wi-Fi defacement, recent opportunistic incidents in Romania, and the severe service disruptions faced by Deutsche Bahn. We also discuss the very real, day-to-day problems facing operators today: from vulnerable legacy infrastructure and unencrypted radio frequencies, to the rising threat of supply chain sabotage and autonomous 'agentic AI' attacks. Join us as we analyze why hiding behind 'Non-SIL' (Safety Integrity Level) labels is a dangerous illusion that can collapse services and public trust, and how adopting technical specifications like TS 50701 and complying with the EU's NIS2 and CER directives can help transform reactive compliance into proactive cyber and physical resilience.

    35 min

  3. 5D AGO

    Oldsmar Was About Standing Trust

    In the realm of Operational Technology (OT), cyberattacks are not just IT problems; they are events with physical consequences, financial disasters, and threats to human safety. In this episode, we dive into how digital transformation and IT/OT convergence have expanded the attack surface, exposing critical infrastructure to unprecedented threats. We will explore devastating real-world cases that have shaped the history of industrial cybersecurity, including: ◦The attack on the Oldsmar water treatment plant (2021), where an attacker exploited remote access to attempt a dangerous increase in sodium hydroxide levels in the public water supply. ◦The ransomware attack on the Colonial Pipeline (2021), which forced a complete shutdown of physical pipeline operations supplying fuel to the US East Coast. ◦The Ukrainian power grid blackouts (2015 and 2016) caused by the BlackEnergy3 and Industroyer malware—the latter being the first malware specifically designed to attack power grids. ◦The sabotage of a German steel mill (2014), where attackers prevented the proper shutdown of a blast furnace, resulting in massive damage. ◦The infamous Stuxnet worm (2010), specifically designed to target industrial software and equipment like Iranian centrifuges. ◦The crisis at a semiconductor company (2018), which suffered $256 million in damages when a human error (connecting a new device without a virus scan) introduced the WannaCry ransomware and shut down the factory. ◦Legacy protocols: Older systems designed for reliability in noisy industrial environments, but lacking modern security controls like authentication or encryption. ◦The production vs. patching dilemma: Why applying security patches often feels riskier than leaving systems vulnerable, simply because continuous processes "cannot be stopped" without planned downtime. ◦Forgotten access: The critical issue of vendor VPNs opened for an urgent support session that mistakenly remain active months later. ◦Human error: From innocent mistakes like accidentally typing the wrong set points, to rebooting computers that cause safety systems to interpret data incorrectly and initiate plant shutdowns. Beyond the headlines, we will discuss the "real problems" that operators and engineers face in the trenches every day. Join us to understand why in the OT environment, safety and availability always trump confidentiality, and how industry standards and Zero Trust architectures offer a practical path toward resilience

    19 min

  4. MAR 20

    Why Quantum Security Paralyzes Industrial Infrastructure

    In this episode, we dive deep into a critical, long-term threat facing Operational Technology (OT) and railway infrastructure: the "harvest now, decrypt later" strategy. We explore why attackers are actively collecting telemetry histories, failure signatures, and maintenance models today, knowing their engineering value will remain highly strategic a decade from now. The transition to post-quantum cryptography (PQC) is a looming reality, but as we discuss, it is fundamentally an identity and trust architecture problem rather than just a payload encryption issue. Join us as we unpack the real-world challenges of implementing new NIST-standardized algorithms. We explain why blindly dropping larger cryptographic signatures into legacy field architectures can severely stress constrained links and embedded gateways. Finally, we reveal why the answer isn't "PQC everywhere, all at once". Listen in to learn why the future of OT security relies on crypto-agility, phased migration, and smart lifecycle design—ensuring that systems evolve without ever jeopardizing safety or availability

    24 min

  5. MAR 19 ·  BONUS

    Cybersecurity Under Pressure: The Executive Brief

    Short on time? Join hosts Marcus Webb and Riley Park for a rapid, high-level summary of our deep dive into the escalating threats facing Operational Technology (OT) and enterprise IT. In this brief episode, we distill the most critical takeaways from the 2025 Verizon Data Breach Investigations Report, examining why stolen credentials and third-party vulnerabilities continue to be the dominant initial access vectors. We provide a fast-paced overview of the most pressing blind spots in modern infrastructure: non-human and machine identities. With automated systems, devices, and gateways outnumbering human users, managing these digital identities is no longer optional, it's essential. Finally, Marcus and Riley break down the core principles of implementing Zero Trust in OT environments without disrupting process determinism and safety.Perfect for busy CISOs, security engineers, and plant managers who need the essential operational resilience lessons on the go.

    8 min

  6. MAR 18

    How Stolen Credentials Break Industrial Plants

    In this episode, we dive deep into the escalating threat landscape facing both enterprise IT and Operational Technology (OT) environments. Drawing from the eye-opening 2025 Verizon Data Breach Investigations Report, we unpack why stolen credentials and third-party vulnerabilities remain the top initial access vectors for ransomware and other devastating attacks. We move beyond theory to analyze real-world cyber incidents, from disruptive ransomware attacks on healthcare providers like Synnovis in the UK, to coordinated sabotage and malware infections impacting major European railway networks. What happens when critical infrastructure is compromised, and how can organizations prevent a cyber incident from becoming a physical safety hazard? Join us as we explore practical defense strategies and the concept of operational resilience. We discuss the necessity of adapting Zero Trust architectures—aligned with the NIST SP 800-207 framework—specifically for OT and Cyber-Physical Systems, where process determinism and safety are non-negotiable. Listeners will also learn why Identity and Access Management (IAM) is the new frontline of cybersecurity. We highlight the often-overlooked challenge of securing machine and non-human identities, which vastly outnumber human users in industrial settings and represent a massive blind spot for many security programs. Finally, we explore cutting-edge solutions for legacy environments, such as crypto-agility through exchangeable smart cards and the secure deployment of the Future Railway Mobile Communication System (FRMCS). Whether you're a CISO balancing IT/OT convergence, or a security engineer securing complex supply chains, this episode delivers the actionable engineering lessons you need to keep your operations running safely under pressure

    26 min

  7. MAR 17

    Cybersecurity Under Pressure: The Executive Brief

    Short on time? Join hosts Marcus Webb and Riley Park for a fast-paced executive summary of the critical threats facing AI systems today. In this bite-sized episode of "Cybersecurity Under Pressure," Marcus and Riley distill the most important lessons from real-world AI vulnerabilities into actionable insights. We quickly break down why stealthy "black-box" TAP attacks are outpacing complex "white-box" GCG methods, the hidden dangers of Indirect Prompt Injection (IPI) lurking in everyday documents and web pages, and why shifting from DevOps to MLSecOps is no longer optional for Agentic AI. Finally, get the bottom line on what the strict requirements of the EU AI Act mean for high-risk AI deployments before you launch your next system.All the essential AI cybersecurity insights you need—delivered in a concise format perfect for a quick commute!

    12 min

  8. MAR 16

    Why Hidden Text Hacks Enterprise AI

    In this episode of "Cybersecurity Under Pressure", we dive deep into the complex and rapidly evolving world of Artificial Intelligence cybersecurity. As Large Language Models (LLMs) evolve into autonomous "Agentic AI" capable of interacting with environments and executing real-world actions, the attack surface—and the pressure on security teams—has never been greater. Join us as we unpack critical lessons from real-world vulnerabilities, explore how threat actors are actively compromising these advanced systems, and break down what the new wave of European regulations means for the future of AI innovation. Key topics covered in this episode: The Anatomy of LLM Attacks: Discover why "black-box" tactics based on iterative searches (like the TAP attack) are proving faster and more effective at deceiving AI agents than complex "white-box" mathematical methods (like GCG). The Invisible Threat of Indirect Prompt Injection (IPI): Learn how attackers hide malicious instructions in web pages, emails, and resumes—sometimes using white text on a white background—to hijack AI systems and exfiltrate sensitive data without triggering traditional defenses. The Risks of Agentic AI: We discuss how giving AI memory, tools, and autonomy exposes organizations to new dangers, including model leakage (silent extraction of internal context) and feedback loops that amplify biases and errors. Building Robust Defenses with MLSecOps: We explore the essential transition from traditional DevOps to MLSecOps. Get a practical guide on securing the entire machine learning supply chain—from data engineering to model monitoring—applying a "security by design" approach. Navigating Regulatory Pressure (EU AI Act): We break down the strict requirements and heavy penalties under the European Union's AI Act for systems classified as "High-Risk", such as those used in critical infrastructure, hiring, education, and law enforcement. Tune in to learn from these real-world threats and discover how to secure AI innovation before it's too late!

    36 min
See All (23)

About

This podcast breaks down real cybersecurity incidents to understand what actually went wrong, not in theory, but in practice. Each episode analyzes a recent attack, explains the technical mechanics in clear language, and translates them into concrete lessons for security, engineering, and business teams. The focus is on operational reality, decision making under pressure, and the controls that truly reduce risk in production environments.

Information