PrOTect It All

Aaron Crow

PrOTect IT All is a weekly cybersecurity podcast covering the full spectrum. IT, OT, cloud, AI, IoT, and everything in between. Host Aaron Crow sits down with practitioners, leaders, and builders for real conversations about people, process, and technology. From securing power plants and manufacturing floors to navigating enterprise risk and emerging threats, this show is about how we actually protect the things that matter. No product pitches. No hype. Just the people doing the work, sharing what they've learned.

  1. Breaking Into OT Cybersecurity: Closing the Skills Gap and Protecting Critical Infrastructure

    2D AGO

    Breaking Into OT Cybersecurity: Closing the Skills Gap and Protecting Critical Infrastructure

    The biggest challenge in OT cybersecurity isn’t just technology - it’s people. In this episode of Protect It All, host Aaron Crow sits down with Mike Holcomb to explore one of the most urgent issues facing the industry today: the growing skills gap in OT and ICS cybersecurity. Mike shares his journey from IT into operational technology security and breaks down why more professionals are needed to defend the systems that power energy, manufacturing, and critical infrastructure worldwide. This conversation goes beyond awareness - it’s about practical pathways into the field and how the community is stepping up to make OT cybersecurity more accessible. You’ll learn: Why OT cybersecurity is one of the most in-demand and underserved fields How to transition from IT to OT cybersecurity The biggest barriers newcomers face - and how to overcome them What foundational skills and controls matter most in ICS environments The role of community initiatives like BSides ICS in closing the gap Why training, mentorship, and collaboration are critical for the future Whether you’re looking to break into cybersecurity, pivot your career, or build stronger teams, this episode delivers actionable guidance and inspiration from someone actively shaping the future of OT security. Tune in to learn how to build a career while helping protect the infrastructure the world depends on - only on Protect It All. Key Moments:  03:07 Getting started in cybersecurity 06:33 Early passion for cybersecurity 11:54 Hurricane Katrina aftermath discussion 15:50 Awareness and education on OT security 17:49 First experiences with GRID class 25:07 Early challenges in OT cybersecurity 29:17 Importance of effective communication 35:11 Global expansion of cybersecurity events 39:52 Building a foundation in OT cybersecurity 43:36 Excitement for new CompTIA exam 46:48 Expressing appreciation for community involvement About the guest:  Mike Holcomb is an independent consultant focused on OT/ICS cybersecurity and an educational content creator. Prior to supporting clients full-time through UtilSec, he was the Fellow of Cybersecurity and the OT/ICS Cybersecurity Global Lead for one of the world’s largest engineering and construction companies, providing him with the opportunity to work in securing some of the world’s largest OT/ICS environments, from power plants and commuter rail to manufacturing facilities and refineries. As part of his community efforts, Michael founded the BSidesICS/OT with multiple events planned globally in 2026. He has his master’s degree in OT/ICS cybersecurity from the SANS Technology Institute. Additionally, he maintains cyber security and OT/ICS certifications such as the CISSP, GRID, GICSP, GCIP, GPEN, GCIH, ISA 62443, and more. He was awarded the SANS Difference Maker Award for Practitioner of the Year: ICS/OT Defender for 2025 and BEER-ISAC's Community Builder Award for 2026. He posts regularly on LinkedIn and YouTube to help others learn more about securing OT/ICS and critical infrastructure.  How to connect Mike:  Main Site: mikeholcomb.com LinkedIn: linkedin.com/in/mikeholcomb YouTube: youtube.com/@utilsec Instagram: instagram/_mikeholcomb/ Newsletter: utilsec.kit.com/95e31307f7 BSidesICS/OT: bsidesics.org Connect With Aaron Crow: Webs...

    49 min
  2. OT Risk Management That Works: Asset Visibility, Risk Quantification & CISO-Level Strategy

    APR 13

    OT Risk Management That Works: Asset Visibility, Risk Quantification & CISO-Level Strategy

    You can’t manage risk you can’t measure - or even see. In this episode of Protect It All, host Aaron Crow sits down with Nicholas Friedman to explore how organizations can move beyond compliance and build real, measurable cybersecurity programs across IT and OT environments. With experience spanning banking, aerospace, and critical infrastructure, Nicholas shares how risk management principles translate across industries - and why understanding business context is critical to protecting operational systems. This conversation dives into one of the biggest challenges in OT today: asset visibility and risk quantification. From outdated spreadsheets to modern automation, Aaron and Nicholas break down what it actually takes to understand exposure, justify investment, and communicate risk at the board level. You’ll learn: Why asset inventory is the foundation of OT security How to move from compliance checklists to real risk reduction The importance of risk quantification for CISOs and executives How to communicate cybersecurity in business and financial terms The role of automation and knowledge transfer in scaling security programs Lessons from banking and aerospace applied to utilities and critical infrastructure Whether you’re leading a cybersecurity program, managing OT environments, or presenting to the board, this episode delivers practical strategies to align security with business value and measurable outcomes. Tune in to learn how to turn cybersecurity into a risk-driven, business-aligned strategy - only on Protect It All. Key Moments:  05:14 Understanding business risk basics 08:40 Building effective OT cybersecurity teams 13:26 Challenges with aging IT and OT systems 14:19 Organizing IT and OT assets 18:31 Understanding OT and IT risks 21:53 Evaluating security risks and priorities 25:31 Improving asset deployment and management 29:14 Evaluating and prioritizing risks 31:12 Shifting focus to success plans 35:59 Selling tech that delivers results 37:22 Hands-on approach to cybersecurity 42:39 Challenges with NERC audit processes 44:47 Balancing compliance and security 49:45 Challenges in power utility operations 51:55 AI, OT, and risk management 56:31 Importance of early compliance planning About the guest :  Nicholas Friedman is an enterprise risk and governance leader with 25+ years of experience across Fortune 500 companies and government sectors. He specializes in integrated risk management, compliance, and AI governance - helping organizations build scalable frameworks that align security, risk, and business resilience. How to connect Nicholas Friedman :  Linkedin :  https://www.linkedin.com/in/nicholasfriedman/ Website : https://www.templarshield.com/ Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall

    1h 1m
  3. 100 Episodes of Protect It All: Aaron Crow’s Journey Through IT, OT & Cybersecurity

    APR 6

    100 Episodes of Protect It All: Aaron Crow’s Journey Through IT, OT & Cybersecurity

    In this special milestone episode of Protect It All, host Aaron Crow steps away from the usual format to share his personal journey - from early days working with PLCs at a kitchen table to building a platform that connects and educates cybersecurity professionals around the world. This episode is more than a reflection - it’s a story of persistence, curiosity, and community. Aaron walks through the evolution of IT and OT cybersecurity, the lessons learned from decades in the field, and how conversations with experts across 100 episodes have shaped his perspective on what it truly means to “Protect It All.” You’ll hear: How Aaron’s career in IT and OT began - and what kept him going The biggest lessons learned across 30+ years in cybersecurity What building a podcast taught him about community and leadership How the industry has evolved - and what still hasn’t changed Why relationships and shared knowledge matter more than ever What’s next for the future of cybersecurity and the podcast Whether you’ve been listening since episode one or you’re just discovering the show, this episode offers inspiration, perspective, and a deeper look behind the mic. Tune in to celebrate 100 episodes and the journey of protecting what matters most - only on Protect It All. Key Moments:  04:12 Early tech projects and hobbies 09:31 First tech job setting up classrooms 11:20 Getting certified in IT 16:49 Early career in power and cybersecurity 18:08 Building a versatile IT team 24:23 Starting the cybersecurity podcast journey 26:28 Feeling recognized in the podcast world 29:22 Getting started in cybersecurity Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

    32 min
  4. OT Cybersecurity That Works: Budgets, Soft Skills & AI Reality for Stronger Defense

    MAR 30

    OT Cybersecurity That Works: Budgets, Soft Skills & AI Reality for Stronger Defense

    Strong OT cybersecurity programs aren’t built on tools alone, they're built on strategy, communication, and smart investment. In this episode of Protect It All, host Aaron Crow is joined by cybersecurity expert Don C. Weber for a candid, real-world discussion on what it actually takes to build and sustain effective security programs across IT and OT environments. From CapEx vs OpEx decisions to the growing role of AI in both attack and defense, this conversation cuts through the noise and focuses on what drives real outcomes: understanding business workflows, aligning with leadership, and developing the soft skills needed to turn strategy into action. You’ll learn: Why budgeting (CapEx vs OpEx) directly impacts security success The underrated power of soft skills in driving security programs How to connect cybersecurity efforts to business value and operations The role of pen testing and assessments in improving maturity Where AI adds value and where it introduces new risk How training and process understanding strengthen long-term resilience Whether you’re building a new security program or scaling an existing one, this episode delivers practical, experience-driven insights to help you make smarter decisions and drive real impact. Tune in to learn how to align strategy, people, and investment for stronger OT cybersecurity only on Protect It All. Key Moments:  05:49 Technical skills and security requirements 09:10 Understanding data workflows 12:29 Building a vulnerability management program 13:26 Understanding organizational decision history 17:44 Budgeting challenges with CAPEX and OPEX 21:36 Steps in a security assessment 24:17 Starting a cybersecurity program 28:02 Prioritizing remote access security 31:21 Discussing AI's impact on cybersecurity 32:55 Using AI in cybersecurity 38:07 AI simplifying complex knowledge 40:35 AI tools making data queries easier 45:02 Detecting and responding faster 46:05 Networking and shared experiences About the guest:  Don C. Weber is a visionary cybersecurity leader who helps defenders safely prove security where it matters most in industrial operations. He is a SANS Principal Instructor, Founder of Cutaway Security, co-author of SANS ICS613: ICS/OT Penetration Testing & Assessments, and he also teaches SANS ICS410: ICS/SCADA Security Essentials to SANS student around the world. He brings years of field work into creating step-by-step labs and planning methods teams can use right away. How to connect Don:  LinkedIn: https://www.linkedin.com/in/cutaway/  Cutaway Security: https://www.linkedin.com/company/cutaway-security-llc  CutSec Github: https://github.com/cutaway-security  CutSec GasPot HMI Lab: https://github.com/cutaway-security/gaspot-hmi-lab  SANS ICS ICS613 ICS/OT Penetration Testing and Assessments: https://www.sans.org/cyber-security-courses/ics-ot-penetration-testing-assessments Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow L...

    52 min
  5. The Striker Attack: What It Reveals About OT Cybersecurity and Why Tabletop Exercises Matter

    MAR 23

    The Striker Attack: What It Reveals About OT Cybersecurity and Why Tabletop Exercises Matter

    Cyberattacks don’t just test your systems - they test your preparedness. In this episode of Protect It All, host Aaron Crow breaks down key lessons from the Striker attack and what it reveals about today’s evolving threat landscape across IT and OT environments. From energy and healthcare to manufacturing systems, attackers are increasingly using sophisticated techniques like “living off the land” - blending into normal operations instead of deploying obvious malware. Aaron takes this beyond theory, focusing on what organizations must do before an attack happens. A major theme? Tabletop exercises. Not as a compliance activity - but as a critical tool for building real incident response readiness, improving team coordination, and exposing gaps that tools alone can’t catch. You’ll learn: What the Striker attack teaches about modern cyber warfare How living-off-the-land tactics bypass traditional defenses Why tabletop exercises are essential for real-world readiness The role of threat hunting and collaboration across teams How attackers exploit weaknesses in both IT and OT environments Why small, consistent actions can dramatically improve resilience Whether you’re defending critical infrastructure, leading a cyber team, or just starting your security journey, this episode delivers practical insights you can apply immediately. Tune in to learn how to prepare before the next attack - not react after it - only on Protect It All. Key Moments:  04:59 "Modern Warfare: Cyber and Beyond" 08:47 "Security Risks of Remote Wipe" 10:31 "Living Off the Land Tactics" 13:11 "Balancing Power and Security" 19:12 "Vulnerabilities Demand Swift Action" 20:21 Prioritize Risk, Justify Investment 25:04 Practice Preparedness Before Crisis 26:48 Weak Links Threaten Cybersecurity Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

    32 min
  6. OT Under Siege: How to Defend Critical Infrastructure From Nation-State Cyber Threats

    MAR 16

    OT Under Siege: How to Defend Critical Infrastructure From Nation-State Cyber Threats

    Global conflicts are no longer confined to physical battlefields - they’re spilling into cyberspace. In this urgent episode of Protect It All, host Aaron Crow breaks down the rising wave of cyber threats targeting critical infrastructure, from energy and water utilities to manufacturing and transportation systems. Drawing on recent global events and real-world incidents, Aaron explores how nation-state actors, hacktivists, and advanced adversaries are increasingly targeting operational technology environments. These attacks often rely on “living off the land” techniques - leveraging existing tools and access inside networks rather than deploying obvious malware. But this episode isn’t about panic. It’s about practical defense. Aaron outlines the immediate steps OT security teams can take to strengthen resilience - even with limited resources and tight budgets. In this episode, you’ll learn: Why global instability increases cyber risk for critical infrastructure How attackers exploit existing tools using living-off-the-land tactics The importance of vigilance, monitoring, and patching in OT environments Why access control and identity management are critical defenses How organizations can improve security posture without massive investments The role of collaboration and awareness in defending essential systems Whether you operate power systems, water facilities, industrial plants, or transportation infrastructure, this episode provides real-world guidance to help you stay ahead of evolving threats. Tune in to learn how OT teams can strengthen defenses and protect the systems society depends on - only on Protect It All. Key Moments: 03:41 "Rising Cyber Threats Amid Tensions" 08:24 Nation-State Cyber Threats Unveiled 11:23 "Advanced Cybersecurity and Monitoring" 14:24 Prioritizing and Addressing Security Risks 17:24 Practical Steps for Cybersecurity Improvements 19:34 "Focus on Resources and Action" Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast   To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

    23 min
  7. Poland’s Power Grid Cyberattack What It Teaches Us About OT Security and Renewable Energy Risks

    MAR 9

    Poland’s Power Grid Cyberattack What It Teaches Us About OT Security and Renewable Energy Risks

    What happens when attackers target the systems that keep the lights on? In this episode of Protect It All, host Aaron Crow breaks down the December 2025 cyberattack on Poland’s energy infrastructure, where coordinated attackers disrupted wind farms, solar installations, and heat and power plants - impacting nearly half a million people. This real-world incident highlights the growing risks facing distributed energy resources (DER) and modern power grids. As energy systems become more connected and decentralized, the attack surface expands - often faster than security programs can adapt. Aaron walks through what actually went wrong: default passwords, unpatched devices, and weak network segmentation that allowed attackers to brick OT equipment and blind operators to what was happening in their own systems. You’ll learn: How attackers targeted renewable energy infrastructure at scale Why edge devices and distributed assets create new vulnerabilities The importance of eliminating default credentials and poor configurations Why network segmentation and secure remote access are essential What grid operators and OT teams must prioritize immediately How lessons from Poland apply to power grids worldwide For engineers, operators, and cybersecurity leaders responsible for critical infrastructure, this episode delivers practical insights on defending modern energy systems before attackers strike again. Tune in to understand what Poland’s grid attack reveals about the future of OT security - only on Protect It All. Key Moments:  04:57 "Corrupted Firmware Disables System Control" 10:01 DER Risks and Scaling Threats 10:55 Risks of Expanding Energy Grids 16:30 OT Security Vulnerabilities and Risks 18:34 Prioritize OT Security Systems 23:06 Change Default Passwords Immediately 24:49 "Critical ICS Security Measures" 30:15 "OT Cyber-Physical Response Plan" 32:56 "Critical Security Steps for Resilience" Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast   To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

    34 min
  8. Safe AI Automation for Cybersecurity: Practical Workflows Without the Risk

    MAR 2

    Safe AI Automation for Cybersecurity: Practical Workflows Without the Risk

    AI can accelerate cybersecurity - or accidentally expose it. In this solo episode of Protect It All, host Aaron Crow breaks down how cybersecurity professionals can safely integrate AI into their IT and OT workflows. As tools like ChatGPT, Copilot, and enterprise AI platforms become part of daily operations, the question isn’t whether to use AI - it’s how to use it responsibly. Aaron moves beyond buzzwords to focus on practical, everyday applications: automating reports, summarizing threat intelligence, drafting policies, enhancing documentation, and streamlining repetitive tasks. At the same time, he tackles the real concerns leaders face - data privacy, compliance, policy alignment, and shadow AI risks. You’ll learn: Where AI delivers immediate value in cybersecurity workflows How to automate without exposing proprietary or regulated data The difference between enterprise AI tools and public platforms How to align AI usage with corporate security policies Practical ways CISOs and analysts can boost productivity safely Why governance and awareness matter as much as innovation Whether you’re leading a security program or working hands-on in IT or OT environments, this episode delivers actionable strategies to use AI smarter—not riskier. Tune in to learn how to automate with confidence and stay ahead of the curve—only on Protect It All. Connect With Aaron Crow: Website: www.corvosec.com  LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co  Website: https://protectitall.co/  X: https://twitter.com/protectitall  YouTube: https://www.youtube.com/@PrOTectITAll  FaceBook:  https://facebook.com/protectitallpodcast   To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

    16 min
See All (102)

Ratings & Reviews

5
out of 5
7 Ratings

About

PrOTect IT All is a weekly cybersecurity podcast covering the full spectrum. IT, OT, cloud, AI, IoT, and everything in between. Host Aaron Crow sits down with practitioners, leaders, and builders for real conversations about people, process, and technology. From securing power plants and manufacturing floors to navigating enterprise risk and emerging threats, this show is about how we actually protect the things that matter. No product pitches. No hype. Just the people doing the work, sharing what they've learned.

Information

  • Creator
    Aaron Crow
  • Years Active
    2024 - 2026
  • Episodes
    102
  • Rating
    Clean
  • Copyright
    © 2024
  • Show Website
    PrOTect It All

You Might Also Like