Summary The conversation covers various topics related to cybersecurity, including offensive security, IoT devices, hidden threats in cables, advanced hacking devices, privacy concerns with smart devices, cyber hygiene, securing personal data, risks of social media platforms, importance of cybersecurity education, government regulations, and trends in cybersecurity for 2024. The conversation explores the prevalence of social engineering attacks and the effectiveness of generative AI in social engineering. It discusses the challenges of detecting phishing emails generated by AI and the difficulty of defending against AI-powered attacks. The role of password managers and firewalls in defense is highlighted, as well as the importance of recognizing the limitations of human perception. The conversation emphasizes the need for cyber defense measures in organizations and the vulnerability of the weakest link in the chain. It also addresses the risks associated with third-party vendors and the impact of cyber attacks on critical infrastructure. The importance of cyber-informed engineering and designing with security in mind is discussed, along with the challenges of securing outdated OT systems. This conversation covers various topics related to securing OT networks, including the challenges of upgrading OT systems, the complexity of OT networks, and the use of OT firewalls. The discussion also explores the importance of understanding OT protocols and the security risks of unencrypted OT protocols. Additionally, the conversation delves into the impact of Active Directory issues and the role of AI in cybersecurity. The future of AI and quantum computing in cybersecurity is also discussed.   More About The Episode Hosted by: Aaron Crow Guest: Duane Laflotte   Connect with Duane Laflotte: Website: www.pulsarsecurity.com/LinkedIn: https://www.linkedin.com/in/duanelaflotte/ Connect with Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook:  h

Summary The conversation covers the challenges and risks associated with aging infrastructure, particularly in critical sectors such as power generation and water treatment. The lack of maintenance and neglect of infrastructure pose significant threats to public safety and national security. The integration of IT and OT systems in these sectors creates vulnerabilities that can be exploited by cyber attackers. The conversation emphasizes the need for a comprehensive strategy and funding to address these issues. Additionally, the importance of vocational education and job creation in the infrastructure sector is highlighted. The conversation covers various aspects of infrastructure, including the government bidding process, the slow process of infrastructure projects, the need for streamlining government processes, the importance of continuous maintenance and upgrades, the need for oversight and compliance, the importance of a proactive approach to infrastructure, the consequences of neglecting infrastructure, the impact of cyber attacks on infrastructure, personal journeys into cybersecurity, opportunities in OT cybersecurity, and a call to action to get involved in OT cybersecurity.   Takeaways Aging infrastructure in critical sectors poses significant risks to public safety and national security.The integration of IT and OT systems in critical infrastructure creates vulnerabilities that can be exploited by cyber attackers.Comprehensive strategies and funding are needed to address the challenges and risks associated with aging infrastructure.Vocational education and job creation in the infrastructure sector are crucial for addressing the maintenance and upgrade needs. Infrastructure projects involve a slow and complex government bidding process.Infrastructure projects can take several years to complete and require continuous maintenance and upgrades.Streamlining government processes and consolidating oversight can help expedite infrastructure projects.Continuous maintenance and upgrades are essential to ensure the reliability and security of infrastructure systems.Proactive measures are necessary to prevent infrastructure failures and mitigate the impact of cyber attacks.There are job opportunities in the field of OT cybersecurity, and vocational education and training are available.Engaging with experts and organizations in the field can provide valuable insights and guidance.   More About The Episode

In this conversation, Bryson Bort discusses his background and the creation of Scythe, an offensive security platform. He also talks about the ICS Village and the Vulnerability Management Pavilion, as well as his collaboration with the Department of Energy on a vulnerability management research project. Bryson emphasizes the importance of prioritizing vulnerabilities in operational technology (OT) and understanding the risks in power plants. He also highlights the need to build trust with asset owners and gain leadership buy-in for cybersecurity initiatives. Finally, he discusses the importance of connecting technical expertise to business priorities. The conversation explores the importance of building trust and collaboration in the field of cybersecurity, particularly in the context of power utilities. It emphasizes the need for security professionals to be partners rather than adversaries, and highlights the role of organizations like the ICS Village in fostering collaboration and education. The conversation also delves into the concept of purple team exercises and the importance of starting small and growing in cybersecurity initiatives. Additionally, it discusses the significance of conversations with policymakers and the need for more cybersecurity professionals in the industry.   More About The Episode Hosted by: Aaron Crow Guest: Sevak Avakians   Connect with Bryson Bort: Website: scythe.ioLinkedIn: https://www.linkedin.com/in/brysonbort/ Connect with Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://www.protectitall.coX: https://twitter.com/protectitallYouTube: https://www.youtube.com/@PrOTectITAllFaceBook:  https://facebook.com/protectitallpodcast To be a guest, or suggest a guest/episode please email us at info@protectitall.co — Show notes by NMP. Audio production by NMP. We hear you loud and clear.

Sevak Avakians, CEO of Intelligent Artifacts, discusses the limitations of neural networks and the need for a new approach to artificial intelligence. He introduces Gaius, a platform that replaces underlying neural networks with a transparent and explainable technology. Avakians highlights the challenges of regulating AI and emphasizes the importance of deterministic systems in critical industries. He also discusses the potential applications of AI in cybersecurity and the need for human involvement in AI decision-making. Looking ahead, Avakians is excited about the possibilities of AI but also acknowledges the concerns and risks associated with its implementation. The conversation explores the concerns and potential risks associated with autonomous aircraft and the use of AI and ML in safety-critical systems. Adversarial attacks are discussed as a potential threat, highlighting the need for robust safety regulations. The application of safety standards, such as the DO178C standard, to AI and ML technologies is proposed as a solution. On the positive side, AI is seen as a tool to enhance human capabilities and improve efficiency. The importance of training and wargaming exercises using AI is emphasized. The conversation concludes by discussing the balance between the risks and benefits of AI and providing information on how to learn more about AI. About Sevak Avakians As the founder and CEO of Intelligent Artifacts, Inc., Sevak Avakians has been leadingthe development and commercialization of a groundbreaking information processing andAI/ML/R framework, GAIuS, since 2008. GAIuS is a deterministic, fully explainable, anduse-case agnostic symbolic connectionist AI solution that can be applied to mission andsafety-critical domains, such as defense, aerospace, healthcare, and law enforcement. With a background in physics, telecommunications, information theory, cybersecurity,and artificial intelligence, Sevak has a unique and comprehensive understanding of thechallenges and opportunities in the field of cognitive computing. He is passionate aboutcreating AI solutions that can act, interact, and adapt as information, goals, andrequirements evolve while providing full transparency and accountability for theirdecisions and actions. Sevak's vision is to empower developers, customers, and end-users with the ability to create, deploy, and maintain machine intelligence with ease,efficiency, and confidence. In 2010, Sevak founded Intelligent Artifacts initially as an R&D and consulting service forcognitive computing. Over the years, he built the GAIuS Cognitive Computing Platformas a commercial product launched in 2016. GAIuS Cognitive Computing Platform, allowsdevelopers to rapidly create, test, deploy, and maintain machine intelligence, learning,classification, predictions, analytics, etc. into their products. In 2020, the team at Intelligent Artifacts built a reasoning engine into GAIuS, creating thevery first modular, repeatable, use-case agnostic, complete, Artificial Intelligence /Machine Learning / Reasoning (AI/ML/R) platform that adheres to ExCITE AI principles. GAIuS handles all the complexity of machine intelligence in 4 API calls. GAIuS agentscan be made and deployed in less than 3 minutes. Developers copy-and-paste a GAIuSagent’s API URL into their application. GAIuS agents have DNA and evolve within theirenvironment, eliminating many of the hurdles to achieving true machine intelligence.   More About The Episode Hosted by: Aaron Crow Guest: Sevak Avakians

In this conversation, Ted Gutierrez, the leader of Security Gate, discusses the challenges and strategies in implementing cybersecurity solutions in the critical infrastructure sector. He emphasizes the importance of common language and frameworks to bridge the gap between IT and OT. Ted also highlights the need for asset owners to start slow and focus on key controls, rather than aiming for maturity level 5 in all control frameworks. He discusses the challenges of scaling OT compared to IT and the need for consolidation in the market. Ted concludes by emphasizing the power of saying no and focusing on specific goals. In this conversation, Ted Gutierrez discusses his concerns and excitement for the future of cybersecurity. He expresses concern about the global state of conflict and its impact on cybersecurity. He also discusses the balance between order and freedom in the cyber industry. On the positive side, Gutierrez is excited about the increasing focus on the business side of cybersecurity and the growing understanding of cyber as a business problem. He emphasizes the importance of non-technical leaders understanding cybersecurity. Overall, Gutierrez is confident in the people working to protect the globe. About Ted Gutierrez Ted Gutierrez is the CEO and Co-Founder of SecurityGate, the provider of the leading SaaS Platform for OT cyber improvement. He is dedicated to protecting what matters across operational sectors and aligning industrial cyber teams on their cyber improvement journey. With an extensive background as a compliance and risk auditor for critical infrastructure, he understands the pain associated with effectively maturing organizational resilience in a decentralized ecosystem. A United States Military Academy graduate at West Point and a veteran of the US Army as a reconnaissance and surveillance expert.  Takeaways Common language and frameworks are crucial for bridging the gap between IT and OT in implementing cybersecurity solutions.Asset owners should start slow and focus on key controls rather than aiming for maturity level 5 in all control frameworks.The challenges of scaling OT compared to IT require a shift in perspective and planning.Consolidation in the market is needed to address the challenges and inflated expectations in the cybersecurity industry.The power of saying no and focusing on specific goals is essential for success in implementing cybersecurity solutions. Global conflict can have an impact on cybersecurity, but it is important to consider the balance between order and freedom in the industry.The focus on the business side of cybersecurity is increasing, and non-technical leaders are starting to understand its importance.Cybersecurity is now seen as a business problem and is being discussed in boardrooms.The cybersecurity community is filled with dedicated and passionate individuals who are working to protect the globe.   Hosted by: Aaron Crow Guest: Ted Gutierrez   Connect with Ted Gutierrez: Website: https://securitygate.ioLinkedIn: https://www.linkedin.com/in/tedgutierrez/ Connect with Aaron Crow: Website: www.corvosec.com

Hosted by: Aaron Crow Guest: Clint Bodungen Clint Bodungen is a globally recognized cybersecurity professional and thought leader with 25+ years of experience (focusing primarily on industrial cybersecurity, red teaming, and risk assessment). He is the author of two books, "Hacking Exposed: Industrial Control Systems" and “ChatGPT for Cybersecurity Cookbook. Clint is a United States Air Force veteran and has worked for notable cybersecurity firms like Symantec, Booz Allen Hamilton, and Kaspersky Lab, and is currently the co-founder and CEO of a cybersecurity training startup, ThreatGEN. Renowned for his creative approach to cybersecurity education and training, he has been at the forefront of integrating gamification and AI applications into cybersecurity training, creating his flagship product, “ThreatGEN® Red vs. Blue”, the world's first online multiplayer computer designed to teach real-world cybersecurity. His latest innovation is AutoTableTop, which uses the latest generative AI technology to automate, simplify, and revolution IR tabletop exercises. As AI technology continues to evolve, so too does his pursuit to help revolutionize the cybersecurity industry using generative AI and large language models (LLM). Summary In this conversation, Clint and Aaron discuss the value of tabletop exercises in cybersecurity and the development of auto tabletop, an AI-based tool for facilitating incident response tabletop exercises. They highlight the limitations of traditional tabletops and the benefits of using AI to enhance engagement and flexibility. They address concerns about AI in cybersecurity, such as data privacy and security, and emphasize the use of local language models to mitigate risks. They also discuss the future of AI in the industry and the workforce, emphasizing the importance of learning generative AI and prompt engineering for future job prospects. In this conversation, Clint discusses the automation of tasks using AI and the benefits of using AI as a tool to enhance human creativity. He also explores the future of AI and its potential for accelerating technological advancement. Clint acknowledges the concerns about the potential misuse of AI but emphasizes the importance of using it for good. He highlights the role of AI in reducing barriers to innovation and its significance in cybersecurity. Overall, the conversation highlights the transformative power of AI and its impact on various industries. Takeaways Tabletop exercises are important for testing incident response plans and should be conducted regularly for maximum effectiveness.AI-based tabletop exercises, such as auto tabletop, offer increased engagement and flexibility compared to traditional tabletops.Concerns about data privacy and security can be addressed by using local language models and fine-tuning models for specific tasks.AI has the potential to enhance productivity and efficiency in the industry, but proper understanding and implementation are crucial.Learning generative AI and prompt engineering can increase job prospects in the future. AI can automate menial tasks, allowing humans to focus on more valuable work.

Kyle Peters is a recovering building automation and HVAC technician and programmer who was drawn to the dark side of cybersecurity and never looked back.  Today he is the senior consultant for OT Cybersecurity, focusing on building automation systems at Intelligent Buildings.  If you’d like to geek out on such things, reach out to Kyle via LinkedIn or email blackhole@secretdomain.xyz. In this conversation, Kyle discusses the world of building management systems and the importance of cybersecurity in this field. He highlights the diversity of building systems and the interconnectedness of various components. The conversation emphasizes the need for a risk-based approach to security and the importance of policies and standards. Kyle also emphasizes the value of understanding the system and planning ahead to mitigate risks. The conversation concludes with a discussion on securing remote access and implementing segmentation. The conversation explores the lack of cybersecurity preparedness in organizations, the need to translate cybersecurity risks to business risks, the likelihood of attacks and targeting, the challenge of selling likely risks, exciting technological advances in cybersecurity, concerns about AI and rapid technological changes, and closing thoughts and a call to action.   Takeaways Building management systems encompass a wide range of components, including HVAC systems, fire alarms, and lighting. A risk-based approach to security is crucial in building management, considering the diverse systems and potential vulnerabilities. Policies and standards play a significant role in ensuring the security and reliability of building management systems. Simple solutions, such as proper cable management and backup plans, can greatly enhance the security and availability of building systems. Understanding the system and planning ahead are essential for effective risk mitigation in building management. Securing remote access and implementing segmentation are key measures to protect building management systems from cyber threats. Many organizations are not adequately prepared for cybersecurity threats, either due to limited budgets or lack of expertise. It is important to translate cybersecurity risks into business risks to help organizations understand the potential impact on their operations. Cyber attacks can come from various sources, including nation-state actors, but also from simple human errors or system failures. Selling the importance of cybersecurity can be challenging, as the most likely risks may not be as sensational as nation-state attacks. Exciting technological advances in cybersecurity are on the horizon, but they also bring concerns about the potential risks and implications of AI and rapid technological changes. — Connect with Kyle: LinkedIn: https://www.linkedin.com/in/kyle-peters-2a7173116/ Connect with Aaron Crow: Website: www.corvosec.com

With a focus on the OT Cyber Security recruitment space James is the Talent Solutions Director at NDK Cyber. NDK Cyber work with high-growth businesses in the USA, UK & EMEA to provide completely tailored cybersecurity talent attraction solutions. Specialising in long-term talent acquisition and strategy, we have mastered a blend of data insights, the latest technology and our own personal network mastered over 20+ years to build 100s of cybersecurity teams across the globe. Summary Hosted by: Aaron Crow Guest: James Morris, Director, Talent Solutions at NDK Cyber  In this conversation, Aaron Crow and James Morris discuss the transition happening in the field of OT security, with a growing need for dedicated OT security engineers and teams. They explore the challenges of budgeting for OT security and the importance of building trust and collaboration between IT and OT departments. They also emphasize the value of cross-disciplinary skills and the need for apprenticeships and on-the-job training to address the skills gap in OT security. The conversation highlights the importance of translating cybersecurity into business risk and the role of education and community in promoting OT security. The conversation covers various topics related to job descriptions, hiring challenges, helping people enter the OT space, companies being more open to training and transferable skills, excitement for the future of OT security, concerns about AI and ML in cybersecurity, and the importance of OT security in uncertain times.   Takeaways There is a growing need for dedicated OT security engineers and teams.Building trust and collaboration between IT and OT departments is crucial for effective OT security.Cross-disciplinary skills and apprenticeships can help address the skills gap in OT security.Translating cybersecurity into business risk is essential for gaining budget and buy-in for OT security initiatives. Job descriptions should be written in a way that encourages more people to apply, focusing on transferable skills and being more inclusive.Companies should be open to training and developing employees who have the desire and raw skills needed for the job.The OT security space is growing rapidly, and there are opportunities for individuals to enter the field and for companies to hire the right talent.There is excitement about the future of OT security, but concerns exist about the potential risks associated with AI and ML in cybersecurity.In uncertain times, it is crucial for companies to prioritize OT security and not cut back on investments in this area. — Connect with James: Website:  https://www.ndkcyber.com/

In this episode, Aaron discusses: His background in IT, cybersecurity, and operational technologyThe vision of bridging the gap between OT and ITThe importance of securing various environments, from industrial floors to cloud and back office enterprisesThe focus of the podcast on cybersecurity trends, challenges, compliance, risk management, and cutting-edge technologiesFuture episodes featuring industry experts, thought leaders, and cybersecurity warriors Key Takeaways: Understanding the convergence of IT and OTInsights into compliance, risk management, and cybersecurity technologiesThe importance of staying vigilant and secure in the digital and physical domains Connect with Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: www.protectitall.coX: https://twitter.com/protectitallYouTube: https://www.youtube.com/@PrOTectITAllFaceBook:  https://facebook.com/protectitallpodcast To be a guest, or suggest a guest/episode please email us at info@protectitall.co — Show notes by NMP. Audio production by NMP. We hear you loud and clear.   NMeojTx5cKjy9dOiv9sV