Cybersecurity Under Pressure. Real Attacks, Real Lessons

Antonio González

This podcast breaks down real cybersecurity incidents to understand what actually went wrong, not in theory, but in practice. Each episode analyzes a recent attack, explains the technical mechanics in clear language, and translates them into concrete lessons for security, engineering, and business teams. Topics covered: OT security, ICS cybersecurity, industrial control systems, critical infrastructure protection, NIS2 compliance, Zero Trust architecture, operational technology resilience, railway cybersecurity, automotive security, and cyber-physical systems.

  1. 22 HR AGO

    Supply Chain: When the supplier will not cooperate resilience must become

    When the supplier will not cooperate, resilience must become hostile Too many OT risk programs still assume the vendor will help when it matters. In real plants, that assumption breaks fast. Large integrators often resist SBOM requests, reject monitoring agents, and defend remote access as if it were untouchable because of warranty, latency or system integrity. 🎯 IN THIS EPISODE: • Regulatory compliance frameworks (NIS2, IEC 62443) • NIST cybersecurity framework implementation • AI and machine learning security risks • Supply chain security and third-party risk 📋 KEY TOPICS COVERED: • Supply Chain Security • AI Security 🔑 KEY INSIGHTS: 1. When the supplier will not cooperate, resilience must become hostile 2. Too many OT risk programs still assume the vendor will help when it matters 3. In real plants, that assumption breaks fast 🔧 TECHNOLOGIES & STANDARDS: NIST • ISO • IEC • PLC • CAN Bus • ECU 👥 WHO SHOULD LISTEN: This episode is perfect for CISOs, OT security engineers, infrastructure operators, compliance officers, cybersecurity consultants, and anyone responsible for protecting critical systems. 💡 WHAT YOU WILL LEARN: • How real attacks unfold in OT/ICS environments • Practical defense strategies you can implement today • Compliance considerations (NIS2, IEC 62443, NIST) • Lessons from recent high-profile incidents 🎧 SUBSCRIBE & CONNECT: Subscribe for weekly deep dives into real cybersecurity incidents affecting OT, ICS, and critical infrastructure. New episodes every week. 💬 ENGAGE WITH US: Have questions or topics you'd like us to cover? Reach out! We love hearing from our community. #OTSecurity #OperationalTechnology #AISecurity #MachineLearning #SupplyChain #ThirdPartyRisk #Compliance #CyberSecurity #InfoSec #CybersecurityUnderPressure

    34 min

  2. 2 DAYS AGO

    Zero Trust in OT does not start at the HMI

    Zero Trust in OT does not start at the HMI That is why mature OT security does not force cloud-style identity into the final device when the device, and the workflow around it, were never built for it. 🎯 IN THIS EPISODE: • Zero Trust architecture in OT environments • Automotive and connected vehicle security • AI and machine learning security risks • Identity and credential-based attacks • Authentication and access control weaknesses 📋 KEY TOPICS COVERED: • OT Security • Zero Trust Architecture • Automotive Security • AI Security • Credential-Based Attacks 🔑 KEY INSIGHTS: 1. Zero Trust in OT does not start at the HMI 2. It starts where incentives break traceability 3. On an automotive assembly line, asking every operator to use strict modern identity on a shared HMI looks great on a slide 🔧 TECHNOLOGIES & STANDARDS: ISO • IEC • HMI • ECU 👥 WHO SHOULD LISTEN: This episode is perfect for CISOs, OT security engineers, infrastructure operators, compliance officers, cybersecurity consultants, and anyone responsible for protecting critical systems. 💡 WHAT YOU WILL LEARN: • How real attacks unfold in OT/ICS environments • Practical defense strategies you can implement today • Compliance considerations (NIS2, IEC 62443, NIST) • Lessons from recent high-profile incidents 🎧 SUBSCRIBE & CONNECT: Subscribe for weekly deep dives into real cybersecurity incidents affecting OT, ICS, and critical infrastructure. New episodes every week. 💬 ENGAGE WITH US: Have questions or topics you'd like us to cover? Reach out! We love hearing from our community. #OTSecurity #OperationalTechnology #AutomotiveSecurity #ConnectedCar #ZeroTrust #IdentitySecurity #AISecurity #MachineLearning #Authentication #CyberSecurity #InfoSec #CybersecurityUnderPressure

    29 min

  3. 5 DAYS AGO

    [2026] Critical: The NIS2 problem is no longer whether the | Incident Response

    The NIS2 problem is no longer whether the small supplier agrees with the requirement The NIS2 problem is no longer whether the small supplier agrees with the requirement 🎯 IN THIS EPISODE: ​ Critical vulnerability assessments and mitigations​ AI and machine learning security risks​ Incident response and crisis management 📋 KEY TOPICS COVERED: ​ NIS2 Compliance​ AI Security 🔑 KEY INSIGHTS: ​ The NIS2 problem is no longer whether the small supplier agrees with the requirement​ It is whether they can afford to live inside it​ That is where many industrial programmes are hitting the wall 🔧 TECHNOLOGIES & STANDARDS: CAN Bus • ECU 👥 WHO SHOULD LISTEN: This episode is perfect for CISOs, OT security engineers, infrastructure operators, compliance officers, cybersecurity consultants, and anyone responsible for protecting critical systems. 💡 WHAT YOU WILL LEARN: ​ How real attacks unfold in OT/ICS environments​ Practical defense strategies you can implement today​ Compliance considerations (NIS2, IEC 62443, NIST)​ Lessons from recent high-profile incidents 🎧 SUBSCRIBE & CONNECT: Subscribe for weekly deep dives into real cybersecurity incidents affecting OT, ICS, and critical infrastructure. New episodes every week. 💬 ENGAGE WITH US: Have questions or topics you'd like us to cover? Reach out! We love hearing from our community. #OTSecurity #OperationalTechnology #NIS2 #EUCybersecurity #AISecurity #MachineLearning #IncidentResponse #SOC #CriticalInfrastructure #CIP #CyberSecurity #InfoSec

    41 min

  4. 22 APR

    [2026] Deep Dive: Some of the hardest OT risks in rail | Zero Trust

    Some of the hardest OT risks in rail stay online for one simple reason If you cannot harden the asset, you isolate the risk around it with controls that actually understand the traffic. That means segmentation designed for the signalling cell, tightly brokered remote access, and inspection layers that can parse the protocols the system really uses instead of treating them as opaque packets. 🎯 IN THIS EPISODE: • Zero Trust architecture in OT environments • Railway and transportation cybersecurity • AI and machine learning security risks 📋 KEY TOPICS COVERED: • Zero Trust Architecture • Railway Cybersecurity • AI Security 🔑 KEY INSIGHTS: 1. Some of the hardest OT risks in rail stay online for one simple reason 2. You are not allowed to touch the box 3. An operator knows a signalling component, wayside appliance, or maintenance subsystem needs tighter controls 🔧 TECHNOLOGIES & STANDARDS: CERT • ISO • CAN Bus • ECU 👥 WHO SHOULD LISTEN: This episode is perfect for CISOs, OT security engineers, infrastructure operators, compliance officers, cybersecurity consultants, and anyone responsible for protecting critical systems. 💡 WHAT YOU WILL LEARN: • How real attacks unfold in OT/ICS environments • Practical defense strategies you can implement today • Compliance considerations (NIS2, IEC 62443, NIST) • Lessons from recent high-profile incidents 🎧 SUBSCRIBE & CONNECT: Subscribe for weekly deep dives into real cybersecurity incidents affecting OT, ICS, and critical infrastructure. New episodes every week. 💬 ENGAGE WITH US: Have questions or topics you'd like us to cover? Reach out! We love hearing from our community. #OTSecurity #OperationalTechnology #RailwaySecurity #TransportSecurity #ZeroTrust #IdentitySecurity #AISecurity #MachineLearning #CriticalInfrastructure #CIP #CyberSecurity #InfoSec

    36 min

  5. 20 APR

    [2026] Deep Dive: A bad weld passes inspection | OT Security

    A bad weld passes inspection That is why periodic challenge parts are useful, but not sufficient on their own. They validate model behaviour against physical reality. They do not give you cybersecurity visibility. 🎯 IN THIS EPISODE: • Automotive and connected vehicle security • AI and machine learning security risks 📋 KEY TOPICS COVERED: • Automotive Security • AI Security 🔑 KEY INSIGHTS: 1. The PLC accepts the result, the diverter stays idle, and the part moves downstream as if nothing happened 2. That is how AI risk usually enters OT 3. Not as a dramatic outage, but as a wrong decision repeated at production speed 🔧 TECHNOLOGIES & STANDARDS: ISO • PLC • ECU 👥 WHO SHOULD LISTEN: This episode is perfect for CISOs, OT security engineers, infrastructure operators, compliance officers, cybersecurity consultants, and anyone responsible for protecting critical systems. 💡 WHAT YOU WILL LEARN: • How real attacks unfold in OT/ICS environments • Practical defense strategies you can implement today • Compliance considerations (NIS2, IEC 62443, NIST) • Lessons from recent high-profile incidents 🎧 SUBSCRIBE & CONNECT: Subscribe for weekly deep dives into real cybersecurity incidents affecting OT, ICS, and critical infrastructure. New episodes every week. 💬 ENGAGE WITH US: Have questions or topics you'd like us to cover? Reach out! We love hearing from our community. #OTSecurity #OperationalTechnology #AutomotiveSecurity #ConnectedCar #AISecurity #MachineLearning #CyberSecurity #InfoSec #CybersecurityUnderPressure

    47 min

  6. 17 APR

    [2026] Critical: Zero Trust for Brownfield OT - IEC 62443

    "Do we have Zero Trust 🎯 IN THIS EPISODE: ​Regulatory compliance frameworks (NIS2, IEC 62443)​Zero Trust architecture in OT environments​AI and machine learning security risks​Incident response and crisis management​Supply chain attacks and software security 📋 KEY TOPICS COVERED: ​Critical Infrastructure Protection​Zero Trust Architecture​NIS2 Compliance​IEC 62443 Standard​AI Security 🔧 TECHNOLOGIES & STANDARDS: CERT • ISO • IEC • PLC • ECU 👥 WHO SHOULD LISTEN: This episode is perfect for CISOs, OT security engineers, infrastructure operators, compliance officers, cybersecurity consultants, and anyone responsible for protecting critical systems. 💡 WHAT YOU WILL LEARN: ​How real attacks unfold in OT/ICS environments​Practical defense strategies you can implement today​Compliance considerations (NIS2, IEC 62443, NIST)​Lessons from recent high-profile incidents 🎧 SUBSCRIBE & CONNECT: Subscribe for weekly deep dives into real cybersecurity incidents affecting OT, ICS, and critical infrastructure. New episodes every week. 💬 ENGAGE WITH US: Have questions or topics you'd like us to cover? Reach out! We love hearing from our community. #OTSecurity #OperationalTechnology #ICSSecurity #IndustrialControl #ZeroTrust #IdentitySecurity #NIS2 #EUCybersecurity #AISecurity #MachineLearning #IncidentResponse #SOC

    39 min

  7. 15 APR

    [2026] Critical: Vendor Lock-in - Ransomware

    Your automation vendor just announced a ransomware breach 🎯 IN THIS EPISODE: ​ Data breach analysis and incident response lessons​ Ransomware defense and recovery strategies​ AI and machine learning security risks​ Supply chain security and third-party risk​ Incident response and crisis management 📋 KEY TOPICS COVERED: ​ Critical Infrastructure Protection​ Ransomware Defense​ Supply Chain Security​ IEC 62443 Standard​ SCADA Security​ AI Security​ Vehicle Network Security 🔧 TECHNOLOGIES & STANDARDS: CERT • ISO • IEC • SCADA • PLC • CAN Bus 👥 WHO SHOULD LISTEN: This episode is perfect for CISOs, OT security engineers, infrastructure operators, compliance officers, cybersecurity consultants, and anyone responsible for protecting critical systems. 💡 WHAT YOU WILL LEARN: ​ How real attacks unfold in OT/ICS environments​ Practical defense strategies you can implement today​ Compliance considerations (NIS2, IEC 62443, NIST)​ Lessons from recent high-profile incidents 🎧 SUBSCRIBE & CONNECT: Subscribe for weekly deep dives into real cybersecurity incidents affecting OT, ICS, and critical infrastructure. New episodes every week. 💬 ENGAGE WITH US: Have questions or topics you'd like us to cover? Reach out! We love hearing from our community. #OTSecurity #OperationalTechnology #ICSSecurity #IndustrialControl #SCADA #Ransomware #Malware #AISecurity #MachineLearning #SupplyChain #ThirdPartyRisk #IncidentResponse

    44 min

  8. 13 APR

    [2026] Critical: The Plausibility Gap - IEC 62443

    Machine learning is now embedded in Level 0 field devices, making autonomous calibration decisions that your deterministic PLC blindly trusts 🎯 IN THIS EPISODE: ​ NIST cybersecurity framework implementation​ Railway and transportation cybersecurity​ AI and machine learning security risks​ Incident response and crisis management​ Shadow AI and unsanctioned machine learning 📋 KEY TOPICS COVERED: ​ Critical Infrastructure Protection​ Railway Cybersecurity​ IEC 62443 Standard​ AI Security​ Shadow AI Risks​ Sensor Validation 🔧 TECHNOLOGIES & STANDARDS: NIST • ISO • IEC • PLC • ECU 👥 WHO SHOULD LISTEN: This episode is perfect for CISOs, OT security engineers, infrastructure operators, compliance officers, cybersecurity consultants, and anyone responsible for protecting critical systems. 💡 WHAT YOU WILL LEARN: ​ How real attacks unfold in OT/ICS environments​ Practical defense strategies you can implement today​ Compliance considerations (NIS2, IEC 62443, NIST)​ Lessons from recent high-profile incidents 🎧 SUBSCRIBE & CONNECT: Subscribe for weekly deep dives into real cybersecurity incidents affecting OT, ICS, and critical infrastructure. New episodes every week. 💬 ENGAGE WITH US: Have questions or topics you'd like us to cover? Reach out! We love hearing from our community. #OTSecurity #OperationalTechnology #ICSSecurity #IndustrialControl #RailwaySecurity #TransportSecurity #AISecurity #MachineLearning #IncidentResponse #SOC #CriticalInfrastructure #CIP

    40 min
See All (37)

About

This podcast breaks down real cybersecurity incidents to understand what actually went wrong, not in theory, but in practice. Each episode analyzes a recent attack, explains the technical mechanics in clear language, and translates them into concrete lessons for security, engineering, and business teams. Topics covered: OT security, ICS cybersecurity, industrial control systems, critical infrastructure protection, NIS2 compliance, Zero Trust architecture, operational technology resilience, railway cybersecurity, automotive security, and cyber-physical systems.

Information