53 min
Michael Welch: Tying Resilience, Availability, Compliance and Cybersecurity Together Into a GRC Program The PrOTect OT Cybersecurity Podcast
-
- Management
About Michael Welch: Michael Welch is the Director, GRCaaS within T&D Governance, Risk, Cybersecurity & Compliance group at Burns & McDonnell. He has over 25 years of professional experience in risk management, compliance, and critical infrastructure. Michael previously served as global chief information security officer for OSI Group, a privately-owned food processing holding company throughout 17 countries. In addition, he has worked with Duke Energy Corp and Florida Power & Light, among other companies.
In this episode, Aaron and Michael Welch discuss:
Integrating compliance, cybersecurity posture, and risk management in governanceEnhancing cybersecurity through asset inventory and collaborative communication for critical infrastructure protectionManaging cross-industry compliance for resilient risk management in operational technology (OT) environmentsThe importance of experience and knowledge in implementing large-scale programs and compliance for effective cybersecurity
Key Takeaways:
To effectively manage risk and ensure the resilience and availability of critical systems, compliance and cybersecurity need to collaborate within a comprehensive governance, risk, and compliance program, fostering teamwork among engineers, cybersecurity experts, and OEM vendors, especially in complex and retrofitting environments.Building a strong rapport and fostering open dialogue between cybersecurity experts and operational personnel is crucial for safeguarding critical infrastructure, maintaining operational dependability, and harmonizing cybersecurity initiatives with business goals and operational needs.It is crucial to promote a strong culture of safety and prioritize cybersecurity in operational technology (OT) environments in order to protect lives, infrastructure, and ensure the smooth continuation of business, while effectively managing compliance through collaboration and effective leadership within the organization.Experienced professionals and organizations with knowledge in program implementations, compliance, audits, and regional variations can effectively manage risks, maintain compliance, and address cybersecurity challenges proactively to add value and stay ahead of evolving threats.
"We do have to adapt to technologies continuously changing. We've talked about it a little earlier that years ago, everything was manual. When technology came in, it's now more automatic. Business wants information, wants data. So that's never going to change, right? So we always have to make sure we're staying continuous. We're continually improving the way we do things." — Michael Welch
Connect with Michael Welch:
Email: mdwelch@burnsmcd.com
Website: https://www.burnsmcd.com/
LinkedIn: https://www.linkedin.com/in/michael-welch-93375a4/
Connect with Aaron:
LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about Industrial Defender:
Website: https://www.industrialdefender.com/podcast
LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/
Twitter: https://twitter.com/iDefend_ICS
YouTube: https://www.youtube.com/@industrialdefender7120
Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.
About Michael Welch: Michael Welch is the Director, GRCaaS within T&D Governance, Risk, Cybersecurity & Compliance group at Burns & McDonnell. He has over 25 years of professional experience in risk management, compliance, and critical infrastructure. Michael previously served as global chief information security officer for OSI Group, a privately-owned food processing holding company throughout 17 countries. In addition, he has worked with Duke Energy Corp and Florida Power & Light, among other companies.
In this episode, Aaron and Michael Welch discuss:
Integrating compliance, cybersecurity posture, and risk management in governanceEnhancing cybersecurity through asset inventory and collaborative communication for critical infrastructure protectionManaging cross-industry compliance for resilient risk management in operational technology (OT) environmentsThe importance of experience and knowledge in implementing large-scale programs and compliance for effective cybersecurity
Key Takeaways:
To effectively manage risk and ensure the resilience and availability of critical systems, compliance and cybersecurity need to collaborate within a comprehensive governance, risk, and compliance program, fostering teamwork among engineers, cybersecurity experts, and OEM vendors, especially in complex and retrofitting environments.Building a strong rapport and fostering open dialogue between cybersecurity experts and operational personnel is crucial for safeguarding critical infrastructure, maintaining operational dependability, and harmonizing cybersecurity initiatives with business goals and operational needs.It is crucial to promote a strong culture of safety and prioritize cybersecurity in operational technology (OT) environments in order to protect lives, infrastructure, and ensure the smooth continuation of business, while effectively managing compliance through collaboration and effective leadership within the organization.Experienced professionals and organizations with knowledge in program implementations, compliance, audits, and regional variations can effectively manage risks, maintain compliance, and address cybersecurity challenges proactively to add value and stay ahead of evolving threats.
"We do have to adapt to technologies continuously changing. We've talked about it a little earlier that years ago, everything was manual. When technology came in, it's now more automatic. Business wants information, wants data. So that's never going to change, right? So we always have to make sure we're staying continuous. We're continually improving the way we do things." — Michael Welch
Connect with Michael Welch:
Email: mdwelch@burnsmcd.com
Website: https://www.burnsmcd.com/
LinkedIn: https://www.linkedin.com/in/michael-welch-93375a4/
Connect with Aaron:
LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about Industrial Defender:
Website: https://www.industrialdefender.com/podcast
LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/
Twitter: https://twitter.com/iDefend_ICS
YouTube: https://www.youtube.com/@industrialdefender7120
Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.
53 min