Security Breach

Eric Sorensen
  • 5.0 (1)
  • TECH NEWS
  • UPDATED WEEKLY

A weekly discussion of new developments and the latest cybersecurity threats, including ransomware, malware, phishing schemes, DDoS attacks and more, facing the U.S. industrial sector.

  1. You Don't Have to Out-Tech the Hacker

    DEC 19

    You Don't Have to Out-Tech the Hacker

    Send us a text We’ve all heard the euphemism about knowledge being power. But perhaps the more accurate assessment comes from my favorite childhood cartoon. Yes, I’ve referenced it before, but when GI Joe signed off each episode by letting us know that “Knowing is Half the Battle”, Duke and his crew were echoing the same sentiment as our guest for today’s episode. Evan Dornbush is the CEO of Desired Effect. A former DoD-trained state hacker, he’s now working with cyber researchers to help promote their findings and get the vulnerabilities they detect into the hands of the software, network or equipment suppliers before hackers can leverage these findings, and wreak havoc on industrial control systems and production workflows.  Listen as we discuss this strategy, as well: How to define roles and responsibilities in pushing Secure-by-Design initiatives forward.Why manufactures shouldn't look to out-tech the hacker.Strategies to help defenders from having to keep playing catch-up.How cybersecurity can be utilized as an operational tool.The ongoing challenges created by Zero Day vulnerabilities.Creating a culture that goes beyond just "spending for the cyber nerd."New ways to calculate ROI in advancing cybersecurity priorities.The cost benefits of investing in cyber talent.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    41 min
  2. Speaking the Right Language

    DEC 4

    Speaking the Right Language

    Send us a text Perhaps you’re familiar with the quote, “The greatest trick the Devil ever pulled was convincing the world he didn’t exist.” While its use in the movie The Usual Suspects might resonate with most, the original attribution goes to French poet Charles Baudelaire. The quote came to mind in preparing for my conversation with Tim Chase, Principal Technical Evangelist for Orca Security. I knew we were going to be discussing topics where the biggest implementation challenges typically resonate from OT asset owners who don’t see the need to address these topics. Or, with all due respect to Baudelaire, the greatest trick hackers ever pulled was convincing the industrial sector that they didn’t care. The good news is that folks like Tim are aware of these situations, and working to offer some new solutions. Watch/listen as we discuss: How vital it is to define security responsibilities.The growing need for cloud security education.Why a top-down approach is vital for creating a security-focused culture.The benefits of creating internal security champions.The annoying, but growing significance of SBOMs.Combatting alert fatigue.The biggest challenges AI is creating for cybersecurity.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    47 min
  3. Why People Are Not the Biggest Risk

    NOV 14

    Why People Are Not the Biggest Risk

    Send us a text While I’ll resist drawing comparisons about industrial cybersecurity to butterflies and bees, producing this episode did remind me of another great Muhammad Ali quote: "The hands can't hit what the eyes can't see.” This could provide an easy segue into the ongoing challenges about asset visibility, but really, it goes a bit deeper than that. In addition to being able to see all the things we need to defend against, we also have to understand what to look for in establishing those defenses.  In this episode, we discuss  these challenges and solutions with Bryson Bort, the founder and CEO of SCYTHE, a leading provider of Adversarial Exposure Validation (AEV) solutions. Watch/listen as we also discuss: The increasing impact of hacktivists.The rise of ransomware gangs.What AEV is all about.Why there is no such thing as an accidental hack.The human impact on cybersecurity and why it is rarely the human's fault.How his former military life has impacted his cybersecurity career.Why supply chains could be the most important threat landscape going forward.To check out the work he and his colleagues are up to, you can go to scythe.io, as well as icsvillage.com. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    49 min
  4. Preserving Uptime in the Face of Evolving Attacks

    OCT 31

    Preserving Uptime in the Face of Evolving Attacks

    Send us a text Uptime.  It’s the lifeblood of manufacturing and the precise target of industrial sector hackers. By knocking systems offline, stealing credentials, holding data for ransom, or crippling supply chains, the bad guys know their ultimate goals of disruption or extortion will be realized. And as we’ve discussed numerous times here on Security Breach, keeping these bad actors out has become more and more difficult as new technology, connectivity and endpoints are added to the OT landscape. Hackers are getting smarter and more complex, but the good news is so are the tools and strategies for the good guys. Here to offer some perspective on dealing with the leading threats targeting the people, systems and data of the industrial sector is a collection of experts focused on minimizing disruptions and preparing you to react and respond to cyberattacks. Watch/listen as: Max Clausen, senior VP of Network Connectivity at Zayo dives into the factors and strategies driving DDoS or distributed denial of service attacks.John Carse, Field CISO at SquareX discusses the ongoing impact of developing and legacy vulnerabilities, as well as some of the novel strategies hackers are using to introduce new strands of highly disruptive malware.Amit Hammer, CEO of Salvador Tech talks about lessons learned from the recent Jaguar Land Rover attack and how response strategies will continue to play a key role in minimizing attack-related downtime.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    31 min
  5. New Patching Strategies for Old Vulnerabilities

    OCT 16

    New Patching Strategies for Old Vulnerabilities

    Send us a text While there are plenty to pick from, one of the biggest challenges for cybersecurity professionals in the industrial realm can be getting financial support. In manufacturing there are always a number of viable spending options, and working to make cybersecurity a priority can be tough, especially when enterprises are faced with initiatives seen as more fundamental to the core mission of getting finished product out the door. However, a couple of recent reports could help connect the dots between production and security, and the need to fund both. First, there’s Adaptiva’s State of Patch Management Report that found 75 percent of manufacturing companies have critical vulnerabilities with a CVSS score of 8 or higher, and 65 percent have at least one vulnerability listed in the CISA Known Exploited Vulnerabilities Catalog. So, hackers know about these weaknesses and they’re taking advantage of them. And, according to Black Kite’s 2025 Manufacturing Report, 51 percent of those surveyed indicate that patching has become a bigger challenge than intrusion detection, and more than 75 percent indicate that both IT and security must approve patches before deployment. Reading between the lines – patching takes too long and is too complicated, so the vulnerabilities persist and the hackers keep winning. Watch/listen as we discuss these and other topics with Chaz Spahn, the Director of Product Management at Adaptiva.  As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    26 min

  6. OCT 3

    The Wild & Weird of Industrial Cybersecurity

    Send us a text When talking to the experts and leading authorities that have participated in the 140+ episodes of Security Breach, there’s always a slight pause when directing their attention specifically to the industrial sector. That’s because, well, we’re special.  There’s the unique juxtaposition of old and bleeding edge technology.  There’s the influx of greater connectivity combatting the struggles to identify and secure the growing number of endpoints.  And there are the ongoing battles related to secure-by-design responsibilities, cloud networks and the ever popular building and breaking down of IT/OT silos.  The good news is that we’re getting better. Better at identifying the problems and better at elevating solutions from some of the sharpest minds in the sector. And we’re fortunate to be able share these insights from an incredible collective on today’s episode. Watch/listen as Max Clausen, senior VP of Network Connectivity at Zayo, John Carse, Field CISO at SquareX, Sophos’ Chester Wisniewski and ExtraHop’s Chad Lemaire tackle topics that include: VisibilitySecure-by-DesignArtificial IntelligenceIT/OT SilosPatchingLOTL and Phishing AttacksNon-standard OT ArchitectureAs a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    31 min
  7. Using AI to Stay Ahead of the Hack

    SEP 18

    Using AI to Stay Ahead of the Hack

    Send us a text I know that we’re constantly talking about artificial intelligence - the best ways to use it, the ways hackers are using it, and the overall good, bad and ugly of implementing AI into your security infrastructure. But what if we took a little different route. In this episode we're going to explore how AI can help make your people better at managing cybersecurity. We know there’s a huge talent pool shortage, and the challenges of keeping employees vigilant against repeated attacks continues to grow. So, watch/listen as I explore these dynamics, well as many others, with Grant Oviatt - Head of Security Operations for Prophet Security – a company that recently unveiled their State of AI in SecOps 2025 research report. A lot of the data from the report was rather shocking, especially when the survey repeatedly uncovered how many SOCs, inundated with constant intrusion alerts, have experienced numerous breaches simply because the volume of critical alert notifications has made them easier to ignore. It was a great conversation, with numerous takeaways, including: Why 60 percent of security teams have experienced critical breaches stemming from overlooked alerts.How security leaders anticipate AI solutions handling more tasks within the SOC over the next 3 years.Reasons for 57 percent of organizations deliberately suppressing detection rules and accepting higher risks to keep operations moving.How hackers are using AI beyond just phishing campaigns to get access to critical assets and networks.How the industrial sector can better implement AI without yielding to internal pressures.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    32 min
  8. Threat Landscape Update

    SEP 5

    Threat Landscape Update

    Send us a text Discussing the ever-expanding threat landscape is something we do a lot on Security Breach, but this episode is dedicated exclusively to topics like zero-day vulnerabilities, nation-state threats, phishing schemes, ransomware, and of course, the role artificial intelligence continues to play in making the good guys smarter and the bad guys tougher to pin down. But we’re not doing to dwell on the doom and gloom, we’ll also touch on the growing number of solutions and strategies that can help ensure your OT environment is as secure as possible. To help guide us on this journey, we’ll first hear from Chad LeMaire at ExtraHop, followed by Chester (Chet) Wisniewski at Sophos. Watch/listen as we discuss: Llegacy and human-based vulnerabilities.Ransomware.Deepfakes.Patch management.Supply chain defenses.Social engineering ploys.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    50 min
See All (147)

Ratings & Reviews

About

A weekly discussion of new developments and the latest cybersecurity threats, including ransomware, malware, phishing schemes, DDoS attacks and more, facing the U.S. industrial sector.

Information

  • Creator
    Eric Sorensen
  • Years Active
    2022 - 2025
  • Episodes
    147
  • Rating
    Clean
  • Copyright
    © 2025 Security Breach
  • Show Website
    Security Breach