36 min
Greg Valentine: You’re Compliant. Now Prove it. The PrOTect OT Cybersecurity Podcast
-
- Management
About Greg Valentine: He has over 30 years of experience in the software industry. The past 15 of which have been focused on cyber security. Greg currently holds two certifications including an ISC2 – CISSP, and GIAC – GRID. Greg is responsible for building technical solutions for Industrial Defender so that our clients receive the most effective, and most efficient implementations of the Industrial Defender software. Prior to working at Industrial Defender, Greg held cybersecurity roles at Lockheed Martin, Capgemini, CoreTrace Software and Winternals Software (a sister company to Sysinternals, now owned by Microsoft).
In this episode, Aaron and Greg Valentine discuss:
The challenge with proving compliance (e.g. NERC CIP)Gathering quality data without manual walk-downsMaking the data useful, reportable and audit-friendly
Key Takeaways:
Proving compliance could be challenging. There’s a lot of manual work that goes into collecting data for the auditor. The data that you give has to be secure in a way where the data is unalterable, unmodifiable, or otherwise not possible to tamper with in order to ease the auditor’s peace of mind. You need the right tool to gather the right data that you’ll need for your compliance report. When looking for a product, you need to find a company that’s credible. You need to minimize risk if you want to automate the process and have it run on a regular cadence to solve your compliance reporting problem. The information that's collected for a PLC is very different from the information we collect from an HMI or firewall or switch but it's all critical. Once you have that data in a central repository. Now you can ask interesting questions to find that solution. There's a lot of benefit to aggregating all of this information into a single queryable location.
"[Compliance] is a good first step, you're kind of being forced. And that's not nice. But it's a minimal level of cybersecurity posture to be in. Hopefully, you take that and run with it, you extend and improve from there. But this is your foundation level for cybersecurity. it doesn't matter whatever it happens to be, that you're complying with, that should be your base standing from which you can grow." — Greg Valentine
Connect with Greg Valentine:
LinkedIn: https://www.linkedin.com/in/gvalentine/
Connect with Aaron:
LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about Industrial Defender:
Website: https://www.industrialdefender.com/
LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/
Twitter: https://twitter.com/iDefend_ICS
YouTube: https://www.youtube.com/@industrialdefender7120
Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.
About Greg Valentine: He has over 30 years of experience in the software industry. The past 15 of which have been focused on cyber security. Greg currently holds two certifications including an ISC2 – CISSP, and GIAC – GRID. Greg is responsible for building technical solutions for Industrial Defender so that our clients receive the most effective, and most efficient implementations of the Industrial Defender software. Prior to working at Industrial Defender, Greg held cybersecurity roles at Lockheed Martin, Capgemini, CoreTrace Software and Winternals Software (a sister company to Sysinternals, now owned by Microsoft).
In this episode, Aaron and Greg Valentine discuss:
The challenge with proving compliance (e.g. NERC CIP)Gathering quality data without manual walk-downsMaking the data useful, reportable and audit-friendly
Key Takeaways:
Proving compliance could be challenging. There’s a lot of manual work that goes into collecting data for the auditor. The data that you give has to be secure in a way where the data is unalterable, unmodifiable, or otherwise not possible to tamper with in order to ease the auditor’s peace of mind. You need the right tool to gather the right data that you’ll need for your compliance report. When looking for a product, you need to find a company that’s credible. You need to minimize risk if you want to automate the process and have it run on a regular cadence to solve your compliance reporting problem. The information that's collected for a PLC is very different from the information we collect from an HMI or firewall or switch but it's all critical. Once you have that data in a central repository. Now you can ask interesting questions to find that solution. There's a lot of benefit to aggregating all of this information into a single queryable location.
"[Compliance] is a good first step, you're kind of being forced. And that's not nice. But it's a minimal level of cybersecurity posture to be in. Hopefully, you take that and run with it, you extend and improve from there. But this is your foundation level for cybersecurity. it doesn't matter whatever it happens to be, that you're complying with, that should be your base standing from which you can grow." — Greg Valentine
Connect with Greg Valentine:
LinkedIn: https://www.linkedin.com/in/gvalentine/
Connect with Aaron:
LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about Industrial Defender:
Website: https://www.industrialdefender.com/
LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/
Twitter: https://twitter.com/iDefend_ICS
YouTube: https://www.youtube.com/@industrialdefender7120
Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.
36 min