Security Breach

Eric Sorensen
  • 5,0 (1)
  • НОВОСТИ ТЕХНОЛОГИЙ
  • ЕЖЕНЕДЕЛЬНО

A weekly discussion of new developments and the latest cybersecurity threats, including ransomware, malware, phishing schemes, DDoS attacks and more, facing the U.S. industrial sector.

  1. Hybrid Warfare is Upon You

    -6 ДН.

    Hybrid Warfare is Upon You

    Send a text Last December the Cybersecurity and Infrastructure Security Agency, or CISA, issued an advisory warning manufacturers, operators of critical infrastructure, and really anybody associated with industrial control systems about the threats being presented by pro-Russian hacktivist groups. The advisory, issued in conjunction with numerous federal and international agencies, called out groups like the Cyber Army of Russia Reborn (CARR), Z-Pentest, NoName057 and Sector16 for taking advantage of insecure connection points and other vulnerabilities that allowed these state-sponsored actors to infiltrate, shut down, and ransom their targets in the United States. Historically, many manufacturers would find it hard to believe that their mid-size business in the heartland of America would be on the radar of foreign terrorist groups, but as our guest for today’s episode explains, that is exactly the case. Will Dixon is a senior executive of Government & Law Enforcement at Intel 471 – a leading authority on the OT threat landscape. Watch/listen as he explains: How these group’s initial plans to disrupt water treatment and other critical infrastructure has evolved into the strategic targeting of the U.S. manufacturing sector.Why hacktivist no longer applies to these "strategically aligned state groups."Why AI will not be as impactful for either side as many think.How these groups are part of Russia's bigger plans against the West.The important role vendors and suppliers can play in establishing cyber defenses.The ongoing challenges of breaking down IT-OT silos, and how hackers are using this dynamic against you.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    32 мин.
  2. Security Breach: Strengthening Your Weakest Links

    5 ФЕВР.

    Security Breach: Strengthening Your Weakest Links

    Send us a text When we talk about the challenges presented to those trying to secure the operational landscape of manufacturing, it’s tough to avoid what I’d call the usual suspects - endpoints, connection points, credentials, vulnerabilities, silos and, of course, the impact of artificial intelligence. And just as there are benefits to discussing these individual aspects, it’s equally important to look at things from a bigger picture in tying them all together. This not only helps us strengthen the chain, but appreciate the significance of reinforcing each of those links. Perhaps no one has helped tie all of these different players together better than our guest for this episode. Vinod D’Souza leads the manufacturing and industry vertical for Google Cloud’s Office of the CISO. Watch/listen as we discuss: Emerging vulnerabilities and response plans.Segmentation challenges in the era of constant technological expansion.New-age approaches to patching.The connected fibers of artificial intelligence and the human factors of cybersecurity.Addressing IT and OT silos.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    33 мин.
  3. Clarifying the Big-Picture Impacts of CMMC

    22 ЯНВ.

    Clarifying the Big-Picture Impacts of CMMC

    Send us a text Back in 2020, the Department of Defense, as it was called at the time, introduced the Cybersecurity Maturity Model Certification (CMMC). It carried the goal of ensuring companies would be able to protect sensitive information when working on government contracts.  The program requires contractors handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) to meet specified cybersecurity standards. Prior to CMMC, DoD contractors were required to self-attest cybersecurity compliance with frameworks set up by the National Institute of Standards of Technology (NIST).  Fast forward to September 10 of last year and the Department of War as it’s now known, published an update to the CMMC – basically launching a three-year rollout of elevated cybersecurity requirements.  To help clarify some of the challenges and benefits associated with CMMC, I invited Mark Knight to the program. He's a Partner and Cybersecurity Risk Advisory Leader at Armanino. Listen as he offers: Details on what the updated CMMC is all about.The challenges of meeting these new compliance standards.Embracing the good and bad of government ambiguity in complying with CMMC.The impact this certification could have on all manufacturers, regardless of whether or not you’re going after DOW contracts.The good and bad of utilizing AI for compliance work.How CMMC could spur M&A activity within the cybersecurity tool sector.The potential supply chain impacts of companies deciding against pursuing CMMC compliance.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    41 мин.
  4. Shiny Objects and the Power of Preparation

    9 ЯНВ.

    Shiny Objects and the Power of Preparation

    Send us a text "You don't have to get hacked to understand how you can get hacked." While I utilize that editorial director title to introduce myself before every episode of Security Breach, it’s not the title that I’ve used the longest, think about the most, or with which I would hope to obtain the most acclaim. Rather, the job descriptor that meets all those requirements is the title of ... Dad.  And perhaps the phrase most commonly utilized during my ongoing tenure in this position is some form of "are you ready?"  Whether it was preparing to push a swing, toss a pitch or start a car, inquiring as to the state of my daughter’s readiness was always the first, most important, and yet most basic action I took.  I was reminded of this when speaking with our guest for this episode, Itzik Kotler, the co-founder and CTO of SafeBreach. While our conversation took us down a number of paths in discussing “shiny objects”, the problems with silos, and the evolution of hackers, he kept coming back to the basics, or what I like to constantly describe as the blocking and tackling of cybersecurity. At the heart of the focus on the basics is taking steps to be prepared for when, not if, you’re targeted by hackers.  So, if you're ready, listen as we discuss: Why every manufacturer is either a target or connected to a bigger target via their supply chain connections.The lure of "shiny objects", and how they can distract from the best approaches to cybersecurity upgrades.How hackers are exploiting the complexities of your environment.Why security strategies need to start with understanding what is truly at risk, and what level of risk is acceptable.The growing need for detection engineering.Evolving your enterprise in realizing that "hackers don't work in silos."The role AI can play in addressing alert fatigue.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    44 мин.
  5. You Don't Have to Out-Tech the Hacker

    19.12.2025

    You Don't Have to Out-Tech the Hacker

    Send us a text We’ve all heard the euphemism about knowledge being power. But perhaps the more accurate assessment comes from my favorite childhood cartoon. Yes, I’ve referenced it before, but when GI Joe signed off each episode by letting us know that “Knowing is Half the Battle”, Duke and his crew were echoing the same sentiment as our guest for today’s episode. Evan Dornbush is the CEO of Desired Effect. A former DoD-trained state hacker, he’s now working with cyber researchers to help promote their findings and get the vulnerabilities they detect into the hands of the software, network or equipment suppliers before hackers can leverage these findings, and wreak havoc on industrial control systems and production workflows.  Listen as we discuss this strategy, as well: How to define roles and responsibilities in pushing Secure-by-Design initiatives forward.Why manufactures shouldn't look to out-tech the hacker.Strategies to help defenders from having to keep playing catch-up.How cybersecurity can be utilized as an operational tool.The ongoing challenges created by Zero Day vulnerabilities.Creating a culture that goes beyond just "spending for the cyber nerd."New ways to calculate ROI in advancing cybersecurity priorities.The cost benefits of investing in cyber talent.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    41 мин.
  6. Speaking the Right Language

    04.12.2025

    Speaking the Right Language

    Send us a text Perhaps you’re familiar with the quote, “The greatest trick the Devil ever pulled was convincing the world he didn’t exist.” While its use in the movie The Usual Suspects might resonate with most, the original attribution goes to French poet Charles Baudelaire. The quote came to mind in preparing for my conversation with Tim Chase, Principal Technical Evangelist for Orca Security. I knew we were going to be discussing topics where the biggest implementation challenges typically resonate from OT asset owners who don’t see the need to address these topics. Or, with all due respect to Baudelaire, the greatest trick hackers ever pulled was convincing the industrial sector that they didn’t care. The good news is that folks like Tim are aware of these situations, and working to offer some new solutions. Watch/listen as we discuss: How vital it is to define security responsibilities.The growing need for cloud security education.Why a top-down approach is vital for creating a security-focused culture.The benefits of creating internal security champions.The annoying, but growing significance of SBOMs.Combatting alert fatigue.The biggest challenges AI is creating for cybersecurity.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    47 мин.
  7. Why People Are Not the Biggest Risk

    14.11.2025

    Why People Are Not the Biggest Risk

    Send us a text While I’ll resist drawing comparisons about industrial cybersecurity to butterflies and bees, producing this episode did remind me of another great Muhammad Ali quote: "The hands can't hit what the eyes can't see.” This could provide an easy segue into the ongoing challenges about asset visibility, but really, it goes a bit deeper than that. In addition to being able to see all the things we need to defend against, we also have to understand what to look for in establishing those defenses.  In this episode, we discuss  these challenges and solutions with Bryson Bort, the founder and CEO of SCYTHE, a leading provider of Adversarial Exposure Validation (AEV) solutions. Watch/listen as we also discuss: The increasing impact of hacktivists.The rise of ransomware gangs.What AEV is all about.Why there is no such thing as an accidental hack.The human impact on cybersecurity and why it is rarely the human's fault.How his former military life has impacted his cybersecurity career.Why supply chains could be the most important threat landscape going forward.To check out the work he and his colleagues are up to, you can go to scythe.io, as well as icsvillage.com. As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    49 мин.
  8. Preserving Uptime in the Face of Evolving Attacks

    31.10.2025

    Preserving Uptime in the Face of Evolving Attacks

    Send us a text Uptime.  It’s the lifeblood of manufacturing and the precise target of industrial sector hackers. By knocking systems offline, stealing credentials, holding data for ransom, or crippling supply chains, the bad guys know their ultimate goals of disruption or extortion will be realized. And as we’ve discussed numerous times here on Security Breach, keeping these bad actors out has become more and more difficult as new technology, connectivity and endpoints are added to the OT landscape. Hackers are getting smarter and more complex, but the good news is so are the tools and strategies for the good guys. Here to offer some perspective on dealing with the leading threats targeting the people, systems and data of the industrial sector is a collection of experts focused on minimizing disruptions and preparing you to react and respond to cyberattacks. Watch/listen as: Max Clausen, senior VP of Network Connectivity at Zayo dives into the factors and strategies driving DDoS or distributed denial of service attacks.John Carse, Field CISO at SquareX discusses the ongoing impact of developing and legacy vulnerabilities, as well as some of the novel strategies hackers are using to introduce new strands of highly disruptive malware.Amit Hammer, CEO of Salvador Tech talks about lessons learned from the recent Jaguar Land Rover attack and how response strategies will continue to play a key role in minimizing attack-related downtime.As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts. Click Here to Become a Sponsor. To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast. If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at jeff@ien.com.

    31 мин.
См. все (151)

Оценки и отзывы

Об этом подкасте

A weekly discussion of new developments and the latest cybersecurity threats, including ransomware, malware, phishing schemes, DDoS attacks and more, facing the U.S. industrial sector.

Информация

  • Автор
    Eric Sorensen
  • Годы выхода
    2022 - 2026
  • Выпуски
    151
  • Ограничения
    Без ненормативной лексики
  • Авторские права
    © 2026 Security Breach
  • Сайт подкаста
    Security Breach