Episodes
-
Derek Harp hosts Virginia "Ginger" Wright, a program manager at Idaho National Laboratory, known for her pioneering work in cybersecurity for critical infrastructure. Ginger shares the history and importance of Cyber Informed Engineering (CIE) and how this engineering philosophy integrates safety protocols directly into the design of industrial systems, making them resilient against cyber threats. They discuss the origins of CIE in nuclear energy safety, the unique assets of Idaho National Laboratory, and the vital role engineers play in safeguarding critical infrastructure. Ginger also dives into practical resources like the Cyber Informed Engineering Implementation Guide, sharing how organizations and educators can adopt this methodology. Join us for insights into CIE’s impact on the future of OT and ICS cybersecurity.
-
In this episode, host Derek Harp sits down with Bryson Bort and Tom Van Norman, co-founders of ICS Village and creators of Hack the Capitol. They discuss the origins and evolution of Hack the Capitol, now in its seventh year, and the conference’s unique focus on bridging cybersecurity professionals with policy makers and industry leaders. They dive into the value of hands-on learning, the launch of Workforce Development Day, and the ongoing need for practical cybersecurity education and career opportunities for all. Bryson and Tom also highlight the significance of candor in the field and what attendees can look forward to at future conferences. Tune in for insights into the world of OT and ICS cybersecurity, hands-on training, and the importance of building community partnerships.
-
Missing episodes?
-
In this episode, the conversation centers on the critical role of operational technology (OT) security and the unique contributions of the S4 Conference. Dale Peterson shares his journey and insights into the challenges of underrepresentation in cybersecurity, especially for women and other groups, and highlights innovative scholarship initiatives aimed at bridging this gap. The discussion also delves into the evolving landscape of AI in cybersecurity, addressing both its potential and the complexities it brings. Listeners will gain valuable perspectives on managing cybersecurity risks, prioritizing investments, and developing effective recovery strategies in OT environments. As we look forward to S4 2025 in Tampa, Florida, this episode offers a glimpse into the future of cybersecurity and the importance of resilience in our systems
-
Today, we are thrilled to welcome Roya Gordon as our guest.
Roya is an executive industry consultant specializing in operational technology, cybersecurity, and Hexagon. She is a military veteran, an accomplished technologist, and a prolific speaker in our industry. Her creativity knows no bounds, encompassing her passion for the arts and her love of opera and symphonies. She is also an avid traveler and a super fun person to have around.
Roya brings a unique and engaging perspective to our discussion today. She shares her journey from a pre-law magnet program to becoming a skilled speaker in the Navy, highlighting the value of communication skills for conveying technical information to audiences and sharing the challenges and opportunities veterans face when breaking into the cybersecurity industry.
Stay tuned as Roya shares her invaluable insights and experiences, offering guidance for veterans aspiring to enter the cybersecurity field. You will not want to miss the wisdom and stories Roya shares with us today.
Show highlights:
Roya shares her background as an army brat.Roya discusses her six-year experience in the Navy.How Roya gradually realized she was involved in technology through her Navy intelligence workRoya talks about her studies in international relations and national security after leaving the Navy and how she pivoted to studying cyber-warfareRoya landed a job as a security researcher at Idaho National Laboratory (INL) despite lacking an IT background.Roya talks about the foundational training she received in OT cybersecurity at INL. How advanced tools often get underutilized due to a lack of trained personnel Roya highlights the value of certifications. How non-technical roles like journalism and event planning can offer entryways into the cybersecurity space.Links and resources:
(CS)²AI
Derek Harp on LinkedIn
Hexagon
Roya Gordon on LinkedIn
-
We are thrilled to have Max Aulakh, the Founder and CEO of Ignyte Assurance Platform, joining us today.
Max is a military veteran and motorcycle enthusiast who enjoys doing voluntary work. He is a prolific contributor to the cybersecurity community, always willing to be of service to others. When Max was three, his father applied for American citizenship at the US Embassy in India. It was an extremely long process, and after losing all hope, he and his family finally migrated to Oklahoma a decade later.
Join us to learn how Max transitioned from the military to founding the successful Ignyte Assurance Platform. He also shares his views on regulations, discusses how AI has impacted the security field, and offers prudent and practical advice for anyone interested in pursuing a cybersecurity career.
Stay tuned for today’s candid and fascinating interview with Max Aulakh, the Founder and CEO of Ignyte.
Show highlights:
How Max’s military experience led to his career in securityMax’s Air Force mentor encouraged voluntary service.How working with the Department of Treasury, scrubbing hard drives, led to Max’s interest in security.Max explains how his military experience instilled a service mindset beneficial for security roles.While in service, he attended the American Military University due to its flexible programs for deployed personnel.The challenges he faced transitioning from a services company to a product-based companyMax shares how he launched Ignyte in 2019/2020How Max assists companies with the Cybersecurity Maturity Model, particularly in thedefense sector.Why standardization and testing are essential in operational technologyMax shares his views on the potential of AILinks and resources:
(CS)²AI
Derek Harp on LinkedIn
Ignyte Assurance Platform
Max Aulakh on LinkedIn
-
We are delighted to have Mike Holcomb joining us on the show today.
Mike is both a fellow and a cybersecurity director, and he currently serves as the ICS OT Cybersecurity Global Lead at Fluor, a massive multinational engineering and construction firm with over 40,000 employees. He has participated in many major building projects, and we are excited to learn from his extensive experience today.
Stay tuned as Mike shares his insights and expertise.
Show Highlights:
Mike discusses the two years he spent in China building bowling alleysMike talks about his time teaching and consulting at a training company in San DiegoHow Mike had the opportunity to double his salary and work with the Navy SEALs during 9/11Mike discusses his experience working in IT securityMike explains that Fluor has built some of the largest control system environments in the world Mike discusses challenges in the energy sectorHow regulations impact cybersecurity in various industriesWhy cybersecurity regulations are essential within critical infrastructureMike discusses the challenge of aligning IT and OT cybersecurity teamsLinks and resources:
(CS)²AI
Derek Harp on LinkedIn
Bridewell
Michael Holcomb on LinkedIn
Fluor
-
We are delighted to have Chase Richardson, the VP of Consulting at Bridewell, back on the show today.
Bridewell boasts a rich history in industrials, offering comprehensive cybersecurity services across the entire cybersecurity spectrum, including operating technology.
Recently, Bridewell came up with an insightful report on cybersecurity within the US critical infrastructure. In this episode, Chase dives into the current state of cybersecurity regulations in critical infrastructure and shares the details and origin of the upcoming Bridewell report, which falls squarely within the interest of CSAI.
Tune in to learn more about this exciting project.
Show highlights:
How the attacks experienced by CISOs and cyber managers have decreased despite an increase in risk sentiment The challenges small and mid-sized airports face when implementing regulations due to their limited cybersecurity budgetsHow cybersecurity regulations in the US differ from those in the UKWhat is the link between IT and OT security?Why it is essential to implement a hybrid of IT and OT security measures to protect critical infrastructureWhy organizations need to comply with relevant cybersecurity standards and regulationsChase shares key findings and insights from Bridewell's upcoming cybersecurity report for critical infrastructure.Links and resources:
(CS)²AI
Derek Harp on LinkedIn
Bridewell
Chase Richardson on LinkedIn
-
We are delighted to have Chase Richardson, Head of US Operations for Bridewell, and Martin Riley, Director of Managed Services for Bridewell, joining us today!
We are changing things slightly for this episode, with Martin and Chase diving into how to integrate OT systems into your sim rather than presenting our regular biographical format. Their focus today is predominantly on the increasingly relevant topic of managing data across diverse platforms, particularly in OT applications.
Join us as we explore this integration and unravel the challenges it presents.
Show highlights:
The evolution of cybersecurity technologyHow the industry struggles with integrating IoT and OT data into security simsWhy integrating separate systems into one platform is crucial for security teams How security and operational technology leadership teams convergeWhy hybrid teams are essential for managing cybersecurity risksThe importance of asset visibility and understanding the architecture for effectively implementing security solutions How AI and machine learning can help to reduce noise in security operationsWhy threat intelligence is essential for business risk and control validationThe importance of threat intelligence in the cybersecurity industryLinks and resources:
(CS)²AI
Chase Richardson on LinkedIn
Martin Riley on LinkedIn
Bridewell
Derek Harp on LinkedIn
-
We are thrilled to welcome Juan Carlos Buenano as our distinguished guest for today’s episode of the CS2AI podcast!
Carlos is the Chief Technology Officer for OT at Armis. He is a born technologist and an engineer by training. Beyond his professional endeavors, he embraces a life filled with adventure, enjoying many outdoor activities, including scuba diving, mountain biking, and exploring the scenic expanses of unspoiled nature.
Carlos was born in Venezuela and grew up in a small town outside Caracas. After graduating as an electronic engineer in Venezuela, he traveled to Australia to learn English, fell in love with the country, the lifestyle, and the nature, and has lived there for the last 23 years.
Carlos brings a unique perspective to today’s show, shaped by his professional and personal experiences. Join us for an engaging discussion as he shares his wealth of experiences and insights and explains how he serves his community.
Show Highlights:
Carlos shares his journey to becoming an engineer in the energy industryHow his interest in control systems beganCarlos recounts his early cybersecurity experiences in industrial systems during the early 2000sThe importance of keeping operating systems up to date to prevent vulnerabilities and ensure reliabilityWhy it is essential to understand how technology works in both physical security and cybersecurityCarlos discusses the challenges of integrating cybersecurity into process control systemsCarlos offers advice for engineers who want to get into cybersecurityThe importance of mentorship and learning from others in their industryCarlos discusses the weekly open mic Ask Me Anything sessions he does at workLinks and resources:
(CS)²AI
Derek Harp on LinkedIn
Carlos Buenano on LinkedIn
Armis
-
We are delighted to have Ken Munro joining us from the UK today!
Ken is a Partner and Co-founder of Pen Test Partners. He is a seasoned technologist, the founder of multiple ventures, a pilot, a skier, and a dynamic and adventurous contributor to our community.
Ken brings a wealth of experience and expertise that promises to enrich our understanding of the evolving landscape in cybersecurity. In today's discussion, we dive into his remarkable career journey and explore his perspective on OT and ICS-related cybersecurity.
Join us for this informative session with Ken as he shares his valuable perspectives.
Show Highlights:
Ken discusses his cybersecurity industry journeyHow Ken’s past Air Force experience relates to his current work in cybersecurityThe benefits of telling a story when communicating complex conceptsKen shares a story to highlight the importance of safety and security within the aviation industryKen talks about the unique systems on board planes and their vulnerabilitiesHow the isolated protocols used in older aircraft systems are more robust and stable than the modern systemsHow even simple display systems can cause airport outagesKen shares his concerns about cybersecurity risks within cloud management platforms for industrial control systemsHow including contractual language for liability in procurement contracts can protect organizations against cybersecurity risksKen shares his thoughts on the future of the cybersecurity industryLinks and resources:
(CS)²AI
Derek Harp on LinkedIn
Ken Munro on LinkedIn
Pen TestPartners
-
We are excited to bring you another captivating industry leader interview today.
In this episode, we interview Michelle Balderson, the Principal Security Architect at Issquared. Michelle is a seasoned professional. In addition to having extensive experience as an established contributor and leader within the industry, she is a technologist, devoted mother, wife, chef, and a true jack of all trades. Beyond her contributions to the industry, Michelle finds joy in the great outdoors, whether she is conquering hiking trails, setting up camp, or enjoying four-by-four adventures.
In our discussion today, Michelle talks about her personal and professional journey, sharing insights she gained along the way and shedding light on the path that brought her to where she is in her current role as a security specialist.
Join us as we dive into the rich reservoir of wisdom and experience that Michelle brings to the table.
Show Highlights:
How moving around a lot while growing up allowed Michelle to develop an excellent rapport with othersMichelle describes her first experience with technologyMichelle shares her experience of working at Fortinet and SonicWALLWork opportunities within the OT security spaceWhy a more holistic approach to security is neededThe importance of changing the culture within businesses to bridge the gap between different domains How empathy and active listening can drive business successMichelle discusses her role at IssquaredMichelle shares the advice she would give to her younger selfLinks and resources:
(CS)²AI
Derek Harp on LinkedIn
Michelle Balderson on LinkedIn
ISSQUARED Inc.
-
Today, we are bringing you a fresh, new format called the Author Spotlight, where we focus on the authors within our community.
We are delighted to launch the Author Spotlight by shining our light on Andrew Ginter, the VP of Industrial Security at Waterfall Security Solutions. Andrew has been a steadfast CS2AI supporter since its inception, dedicating considerable time to CS2AI initiatives, and Waterfall is one of our oldest sponsors.
We are grateful to Andrew for generously sharing his insights and all the invaluable contributions he and his company, Waterfall, have made. Andrew's offerings include editing, reading, and committing much of his time to community projects.
Join us today as we explore Andrew's wealth of wisdom and experience.
Show Highlights
Andrew reflects on his writing process and discusses his new book, The Golden Black Book.Andrew talks about a new approach of combining cybersecurity and engineering to manage risk.How Andrew structured his book for a mixed audience of engineers and managersThe importance of using mathematical modeling when making cybersecurity decisions rather than relying on intuition or guessworkAndrew highlights the lack of cybersecurity expertise within industrial settings.How complex risks have created the need for a multi-faceted approach to cybersecurityAndrew emphasizes the importance of security by design within product development.Why it’s essential to understand the broader definition of vulnerability Andrew discusses the challenges of writing a book on industrial cybersecurityLinks and resources:
(CS)²AI
Derek Harp on LinkedIn
Andrew Ginter on LinkedIn
WaterfallSecurity
-
We are thrilled to have another exceptional guest on the show today!
Ron Fabela is the Field Chief Technology Officer at Xona. He is a multifaceted individual who has been a stalwart contributor to the industry for many years. His impressive resume includes being an Industrial Security champion, a military veteran, and a technologist. Beyond his professional achievements, Ron is also a founder, a father, a husband, an astronomy expert interested in anything space-related, and, believe it or not, a goat herder.
Ron has had a wealth of experiences, making him an all-around fascinating guest. Get ready for a long-overdue and truly insightful discussion with Ron Fabela!
Show highlights:
How Ron’s interest in technology beganRon discusses his career in the military and talks about his cybersecurity trainingRon offers advice for young people The benefits of working for large organizations, doing internships, and doing volunteer workHow Ron progressed in his cybersecurity careerWhy no opportunity for exposure to systems and networks should ever get squanderedHow Ron’s military experience shaped his approach to workRon shares insights on the challenges of consultingThe importance of having hobbies and passions outside of workRon talks about his role as a Field CTOHow the control systems cybersecurity industry has evolvedWhy it is essential to persevere with projects, even when facing challenges or the progress is slowLinks and resources:
(CS)²AI
Derek Harp on LinkedIn
Ron Fabela on LinkedIn
Xona
-
We are delighted to have Bill Lawrence, the Chief Delivery Officer at Itegriti Corporation, joining us on the podcast today!
For those unfamiliar with Bill, he is a well-rounded and multifaceted individual. He is a technologist, artist, and a loving father and husband, in addition to being a talented singer, Navy veteran, and pilot.
Bill is known in the industry for his many achievements. In today’s conversation, we unveil the various layers of his experiences and perspectives, and he shares insights into the unique facets that have defined his professional and personal journey.
Stay tuned as we delve into the steps and milestones that have shaped Bill’s dynamic career!
Show highlights:
How Bill started programming in the fourth or fifth gradeHow a movie inspire him to join the militaryBill shares some of his exciting fighter pilot experiences Bill’s Naval Academy experiences included computer science studies and exposure to cybersecurityBill reflects on teaching cybersecurity at the Naval Academy How he transitioned in his career after quitting the Naval Academy Bill discusses his time spent as a project manager at NERCHow Grid X evolved and grewCybersecurity and compliance within the energy industryThe importance of reading books and applying them to life to make a positive impactWhy Bill finds quantum computing and AI exciting prospectsLinks and resources:
(CS)²AI
Derek Harp on LinkedIn
Bill Lawrence on LinkedIn
ItegritiCorporation
Books mentioned:
The Ideal Team Player by Patrick Lencioni
How to Be Perfect by Michael Perry
-
We are delighted to have another remarkable guest joining us on the podcast today!
Dr. Jesus Molina, the Director of Industrial IoT at Waterfall Security Solutions, is a seasoned cybersecurity practitioner and well-known OT cybersecurity thought leader. He is a technologist and inventor driven by an insatiable curiosity. In addition to being a copious reader and an electrical engineer with a Master's degree and a Ph.D. in the field, Dr. Molina is a dedicated researcher, a sailor, an intrepid traveler, a compelling public speaker, and an ardent educator.
Dr. Molina’s passion for cybersecurity, particularly in the context of IoT and OT, is evident in everything he does. Join us today as we delve into the insights and experiences of this accomplished cybersecurity expert.
Show highlights:
Dr. Molina talks about his early life experiencesHow his interest in cybersecurity beganDr. Molina explains how he created a virus that infected every computer in his high schoolDr. Molina shares his experience of pursuing a Master's degree in the US after studying in SpainA valuable lesson learned about remaining cautious and protecting a group or organization after a security breachCybersecurity challenges and solutions in various industriesHow Dr. Molina discovered he could control every room in a hotel by exploiting a wireless network vulnerabilityDr. Molina shares a cautionary story about the importance of watching what you say around journalistsHow curiosity drives creativityDr. Molina discusses his views on the futureLinks and resources:
(CS)²AI
Derek Harp on LinkedIn
Dr. Jesus Molina on LinkedIn
Waterfall Security Solutions
-
We are delighted to welcome Rob Dyson as our special guest for the 100th episode of the CS2AI podcast!
Rob is the Global OT Security Services Leader for IBM. Beyond his corporate role, he is a military veteran, a tech enthusiast, a devoted father and husband, a proud grandfather, and an avid scuba diver.
His extensive experience overseeing key service areas within an industry giant like IBM makes Rob an exceptional guest for this milestone podcast. He joins us today to share his insights on control systems, operating technology, and cybersecurity practices.
Rob truly brings a wealth of knowledge and clarity to today’s discussion. Stay tuned for more!
Show highlights:
How Rob’s interest in technology influenced his desire to explore new things and push boundariesThe challenges of setting up a business continuity plan in a remote locationHow security measures have evolved from the early days of network security to modern-day cybersecurityThe importance of understanding the network for OT securityHow software developers can bring valuable skills to cybersecurity after mastering the fundamentals of networkingRob shares his insights on entrepreneurship in the cybersecurity spaceHow Rob got offered a job with IBM in 2012 after a quick and unexpected interview process Rob explains how he transitioned to full-time OT security work in 2016 Why is there a need for a different mindset and cultural understanding within the OT cybersecurity industry? Rob offers advice for people who have recently begun their career journeysLinks and resources:
(CS)²AI
Derek Harp on LinkedIn
Rob Dyson on LinkedIn
IBM
-
We are delighted to have Gary Kessler joining us as our special guest for today's episode of the CS2AI podcast show!
Gary is a multifaceted individual with a diverse array of interests. He has been involved in many different projects over time and has worn various hats under the umbrella of his company, Gary Kessler Associates.
His impressive literary contributions include over 75 articles and three books, establishing him as a prolific authority on cybersecurity. He started his journey as a computer programmer and continues to embrace that today. He is a former EMT firefighter, a passionate outdoorsman, an avid cyclist, and an accomplished master scuba diver trainer. He also is a boat captain, a retired college professor, and a dedicated husband and father.
Stay tuned for Gary’s interesting backstory and fascinating insights on maritime cybersecurity!
Show highlights:
Gary shares his backstory and cybersecurity journey How Gary got into maritime cybersecuritySome early computer security vulnerabilities and hacking techniquesGary dives into current shipbuilding practicesSome potential maritime cybersecurity risks and threatsGary discusses his initial focal point with maritime cybersecurityCan a ship be hacked to gain potentially damaging data?Security by design and resilience in engineeringWhy bridge crews and officers have to be more technologically aware now than ever beforeLinks and resources:
(CS)²AI
Derek Harp on LinkedIn
Gary Kessler on LinkedIn
Gary KesslerAssociates
-
We are delighted to welcome Vincent Riou as our special guest for today’s CS2AI podcast!
Vincent is a distinguished figure within the cybersecurity industry who has profoundly impacted the field in recent years. He is a multifaceted individual with a passion for uniting people- even tens of thousands of individuals at times, for various causes. He is a French Navy veteran, a technologist, a founder, a dedicated father, a loving husband, a culinary artist, and above all, an all-around stand-up guy!
Vincent has a wealth of knowledge to share with us today! He joins us to discuss some pertinent cybersecurity issues and concerns and the upcoming FIC event in Montreal on October 25th and 26th.
Stay tuned for more!
Show highlights:
The story behind the FIC Conference that took place in Lille, France, just over a year agoWhy were the FIC events started?How cybersecurity is part of the fabric of every type of business organization, institution, and government bodyVincent explains why he organizes open events focusing on those who rely on the digital transformation of the worldVincent talks about the OT part of the Montreal event and explains how it started Vincent explains what comes first when he organizes an eventHow the Montreal event will differ from the event that took place in Lille last yearVincent pulls back the curtain to reveal how the big conferences work and what it is like to run themVincent shares his future vision for news conferences in North AmericaLinks and resources:
(CS)²AI
Derek Harp on LinkedIn
Vincent Riou on LinkedIn
SAVE THE DATE FIC North America – October 25 and 26, 2023
-
Today, Derek Harp interviews Susan Peterson Sturm, the Chief Information Security Officer at Cognite.
Susan is a Transformational Operational Technology leader with 20 years of experience in profitably scaling innovative software-based businesses, including automation, IIOT, and cyber security. She has a proven track record of growing and structuring early-stage, profitable digital software-driven P&Ls in excess of $150M. She specializes in change management, product management, M&A, and strategic alliances. Susan serves on advisory boards of Cognite, Innosphere Ventures & One Warm Coat.
Susan is an incredible individual with vast experience! She’s an empath, DEI champion, mentor, board advisor, and volunteer focused on poverty alleviation.
In this episode, she discusses her background, talks to Derek about her professional journey, and offers helpful tips and advice.
You won’t want to miss this episode if you are considering a career in the cybersecurity space. Tune in to hear Susan’s fascinating story and benefit from her years of experience in the security field.
Show highlights:
Susan talks about her studies.Her motivation for pivoting into energy after graduating from college.What she gained from her career in international affairs.Some of Susan’s interesting roles early on in her career.The benefits of getting in-the-field experience.There are many different leadership paths to be chosen within the industry.What you can gain from working abroad with distributed teams.Where security first intersected with Susan’s career.Why it’s worth investing your time in networks.How being vulnerable can help you develop valuable relationships.The role mentorship has played in Susan’s career.How Susan ended up in her current role as a CISO.Motherhood can be very challenging for women in senior roles. The importance of moving on from any workplace where you don’t feel safe to express your needs.Links and resources:
(CS)²AI
Cognite
Susan Peterson Sturm on LinkedIn
-
Dr. Michael Chipley, the Founder and President of the PMC Group, is the guest for today’s podcast.
Dr. Chipley has over 30 years of consulting experience in the areas of Program and Project Management, Cybersecurity, Energy and Environmental (LEED, Energy Star, and Carbon Footprint); Critical Infrastructure Protection and Analysis; Building Information Modeling (BIM) Technology; Base Realignment and Closure (BRAC), and Emergency Management/Disaster Recovery.
Dr. Chipley served 24 years as a Civil Engineer in the US Air Force and has been consulting since 2001. He is a former adjunct faculty member at George Mason University, where he taught the Infrastructure Security Engineering, Building Security, and Building Information Modeling courses.
Dr. Chipley grew up on a farm in Oregon. He is a long-time contributor to cybersecurity for control systems, civil engineer, US Airforce veteran, husband, father, grandfather, outdoor enthusiast, and wine enthusiast. He joins Derek Harp today to discuss his military background and career journey and share his insights and advice.
You will not want to miss this episode if you are leaving the military and considering a career in cybersecurity. Stay tuned to hear Dr. Chipley’s story and benefit from his breadth of experience!
Show highlights:
What Dr. Chipley did and studied during the 24 years he spent in the military. Dr. Chipley talks about Shodan.io and what it can do.Some advice about skills and opportunities in the control systems space.How Dr. Chipley benefited from joining the military.Why you can never stop learning in the control systems world.Why women tend to excel in the cyber field.How students can find opportunities to join internship programs.Potential challenges that people in cybersecurity could face.Some of the projects with which Dr. Chipley is currently involved.What can young people do to add to their knowledge and education to increase their value five years from now?Links and resources:
(CS)²AI
The PMC Group
Michael Chipley on LinkedIn
- Show more