Episodes

  • Send us Fan Mail

    Perhaps you’re familiar with the phrase, “ignorance is bliss.” It was first written by English poet Thomas Gray in 1742. He was reflecting on the carefree aspect of childhood, and how, "In knowing nothing, life is most delightful."

    Well, I have to admit, he’s got a point. Not recognizing or dealing with problems does eliminate them from your day-to-day. Unfortunately, that doesn’t mean they fail to exist. The reality is that choosing to remain ignorant about ongoing problems is far from delightful, especially for all those who continue to operate with their heads above sand level and beneath the clouds.

    Our guest for today’s episode, CyberProof’s Nick Lantuh, illustrates this pretty plainly when discussing two of industrial cybersecurity’s biggest pain points – supply chain security and the surge in ransomware attacks.

    Both seem to share the same underlying causality – industrial organizations simply think they’re too small or too unimportant to be attacked – something that is repeatedly, and painfully, being realized as ignorant, and far from blissful.

    Listen as Nick and I discuss:

    The surge in foreign threat actors.The right approach to handling ransom demands.How a lack of response planning is making the industrial sector a favorite target of hackers.The keys to ensuring AI is deployed and operating correctly for cybersecurity applications.How smaller, and often less secure, manufacturers are the key to supply chain security, and why audits, education and regulation are so important.The importance of MDR tools being able to function at "machine speed."

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    The unsexy blocking and tacking that creates more win-win cybersecurity scenarios.

    It struck me in putting this episode together that working in industrial cybersecurity is kind of like playing special teams in football. Regardless of how many times you do something right, all it takes is that one blocked kick, long return, or missed field goal to get you noticed in the wrong way.

    All the instances of flawless defense and precise execution is negated with one, single lapse that brings the whole operation down. I'd invite you to watch/listen as Richard Springer, Senior Director of Marketing for OT Solutions at Fortinet offers some insight on how we can build on those wins by:

    Embracing the "when", not "if" dynamic of being attacked.Not losing sight of the basics, despite all the challenges and potential tools and technological solutions.Continuing to build awareness of OT security challenges and priorities.Bringing IT and OT together with the shared mission of "keeping the lights on."Implementing Continuous Improvement strategies used in operations for security.Using AI to help establish priorities and assist with patching vulnerabilities.Learning from other sectors on how to identify, react and recover from attacks.

    The report Richard mentions can be found here.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Missing episodes?

    Click here to refresh the feed.

  • Send us Fan Mail

    I feel very fortunate to work in the industries that I do, because I get to speak with a lot of really innovative people doing really interesting work with cutting edge technology. And even though I get to have a fair number of these conversations, there are some that really stick out.

    This can be for reasons ranging from strongly agreeing and appreciating what is being said, to strongly disagreeing, or just respecting a different take on a familiar topic. When it comes to our guest for this episode, you might find yourself feeling a combination of all three.

    Watch/listen as Accenture’s Global Cyber Resiliency Management Lead, Charlie Hosner, offers his take on:

    The futility of trying to be perfect.Why "You don't need lasers, just lock the door.”How uncomfortable he gets with OT segmentation strategies.A different take on OT identity management.Why he feels defense in depth is dead as we know it.The "anxious truce" comprising most IT/OT working relationships.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    Cybersecurity is unlike any other Industry or environment I’ve ever covered. But more than the technology, the intriguing players and the somewhat spooky elements surrounding it, is how the things we discuss on this podcast impact nearly every element of our day-to-day lives.

    It’s not just how artificial intelligence is impacting email phishing schemes, but how clicking on that link could let a state-sponsored hacker steel login credentials for obtaining access to an industrial control system that is not only used by a power tool manufacturer, but by a defense contractor or water treatment facility.

    The interconnected nature of the industrial sector makes an appreciation for cybersecurity vital to the ongoing safety and success of manufacturing – which, again, impacts nearly every facet of every person’s daily life.

    That’s why I enjoy talking to people like Aaron Shraberg, Senior Team Lead at Flashpoint – a leading provider of threat landscape intelligence. The stuff Aaron talks about is frightening, which is another challenge of covering cybersecurity – balancing education with data sharing without fear mongering.

    But I’d encourage you to really wach/listen as Aaron talks about the evolution of threats from China, Russia and Iran, and how cyber threats are converging with physical battlefields to fuel threats thousands of miles from where the missiles are flying.

    The bottom line is – we’re all connected and we’re all impacted, so we need to be prepared - regardless of how far removed you think you are. There's also good news in terms of solutions, which can start with sharing some of this scary information.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    We’ve all seen or heard the reports about how hackers are using AI to elevate their attacks in obtaining funds and intellectual property from unsuspecting victims, or accessing some of their critical systems. Often, these nightmare incidents leave the names and companies out of the story to avoid any reputational fallout.

    However, this episode's guest takes us beyond studies and second-hand accounts of AI’s potential in the hands of hackers. I’m not going to say too much, but I do hope that after watching or listening to Ryan LaSalle’s up close and personal encounter with a North Korean scammer, you’ll appreciate the need to take all that threat intelligence regarding AI and foreign blackhat operations very seriously.

    Watch/listen as Ryan LaSalle, CEO of the human risk management company Nisos, describes how his company identified and disrupted this AI-fueled scam, the wide-reaching impacts such intrusions are having on key industries - especially manufacturing, and how to insulate your company from falling victim to such scams.

    You can also read a full report on the investigation here.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    One of my least favorite tasks of Basic Training was weapons maintenance. I didn’t really mind cleaning my M-16A2 rifle, but sometimes it just felt pointless. We’d spend hours stripping, cleaning, reassembling, inspecting and, ultimately, being told it still wasn’t clean enough by the drill sergeant or armor.

    It took me a while, but eventually, I realized that the benefits of this process went beyond just a clean weapon. Although there are obvious lessons there, I also got to know that rifle down to its firing pin retaining pin. So, if it misfired during field training exercises, I knew exactly how to correct the issue in the moment and perform more extensive actions in an expediate manner when time allowed.

    I wasn’t just cleaning a rifle, I was gaining insight into all aspects of an essential battlefield tool.

    I think there are some parallels to my training experience and your approaches to implementing Zero Trust frameworks. While the upfront benefits are pretty straightforward, my guest for this episode lays out a number of other gains that organizations realize while implementing Zero Trust.

    Watch/listen as Kam Chumley-Soltani, Managing Director, OT Security at Armis, discusses:

    How Zero Trust initiatives can lead to greater cyber hygiene by demanding greater scrutiny of visibility, vulnerability management and threat detection capabilities.Managing the need to patch versus the realities of operational downtime.Defining and establishing priorities around your crown jewels.How Dungeons & Dragons can help improve tabletop training exercises.Why new Department of War regulations are having a far-reaching impact on Zero Trust.Avoiding common segmentation mistakes.Why the foundation for successful AI implementation is still being built.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    Not to continue to beat our collective heads into the same wall, but by now everyone knows that manufacturing leads the way in targeted cyberattacks, as well as year-over-year increases in areas like ransomware attacks, DDoS shutdowns and data breaches.

    Yet, the industry continues to demonstrate some troubling behaviors in the face of these realities.

    Kiteworks recently found that only 36% of organizations have visibility into where their data is utilized by external partners. So, think supply chains, distributor fulfillment agreements and technology contractors that have access to your data, but may not be applying the appropriate security strategies.

    This means you could be the victim of an attack, but remain in the dark about its origins, enabling the intrusion to happen again and again.

    Fortunately, we do have some good guys working to correct these vulnerabilities, and we’ll talk with one in this episode. Watch/listen as Tim Freestone, the Chief Strategy Officer at the aforementioned Kiteworks, discusses:

    How attackers are leveraging new technology more quickly than the white hats, and why AI might be the tool that evens the playing field.Why response plans need to focus more on "the big rocks than the little ones."The difference between input from "champions" versus "complainers."How CMMC could have an impact beyond just the defense supply chain.The continued use of IT and OT silos that might might make sense from a business perspective, but demand a paradigm shift when dealing with cybersecurity.Why regulations might be the most important agents of change.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    We all know that cybersecurity, and industrial cybersecurity in particular, is facing a huge talent deficit.

    Finding an individual who not only understands the technical elements of cybersecurity, but also appreciates the dynamics of keeping a manufacturing operation up and running is extremely difficult, as they need to balance security with uptime, defense with productivity, and investment with implementation timelines.

    Our guest for today’s episode can empathize. Watch/listen as Yaniv Kapluto, the Chief Revenue Officer at Nukudo, offers insight on the unique ways his company trains cybersecurity talent, including:

    Why he looks for individuals who work with the precision of a Navy SEAL and the soul of a pirate.The challenges of placing someone who sees how to break things amongst organizations charged with creating new products every day.The value in viewing tests or challenges as games or puzzles.The importance of developing and contributing to a culture focused on cybersecurity.Making training fun in order to keep people engaged.The unique impacts of artificial intelligence on cybersecurity.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    Although discussing the military activities currently taking place in Iran runs the risk or bringing up polarizing political views, the cybersecurity realities simply can’t be ignored. And they absolutely have to be discussed.

    One of these realities is that Iran has a legacy of supporting organizations involved with cyberattacks on networks, infrastructure and companies in Israel and the United States. Companies that utilize industrial control systems. Companies like yours.

    In light of current events, there is absolutely no question that these groups will escalate their efforts. Although the bombs are falling thousands of miles beyond U.S. borders, know that U.S. manufacturing is a primary target.

    Historically, many of the groups carrying out these types of cyberattacks were hacktivists or outliers, operating independent of any government or country. They followed their own agenda in realizing personal or political goals.

    However, as highlighted by the war in Ukraine, these groups have begun to pick sides. They’re embracing financial support from nation states and successfully executing attacks meant to shut down, steal data, extort money and/or disrupt critical production or infrastructure operations – regardless of size, sector or location.

    Thankfully, there are also guys like our guest for today’s episode. JP Castellanos is the Director of Threat Intelligence at Binary Defense. Watch/listen as he discusses:

    The evolving hacktivist community and what recent events could mean for industrial cybersecurity.How manufacturers can prepare and respond to an inevitable uptick in attacks.How IT/OT silos perpetuate these attacks and make manufacturing a more lucrative and appealing target.The motives and operational strategies of state-sponsored Iranian hacker groups.The soft spots in your defenses that these groups take advantage of in targeting the industrial sector.The simple solutions that can have far-reaching and extremely positive impacts on your defenses.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    Last December the Cybersecurity and Infrastructure Security Agency, or CISA, issued an advisory warning manufacturers, operators of critical infrastructure, and really anybody associated with industrial control systems about the threats being presented by pro-Russian hacktivist groups.

    The advisory, issued in conjunction with numerous federal and international agencies, called out groups like the Cyber Army of Russia Reborn (CARR), Z-Pentest, NoName057 and Sector16 for taking advantage of insecure connection points and other vulnerabilities that allowed these state-sponsored actors to infiltrate, shut down, and ransom their targets in the United States.

    Historically, many manufacturers would find it hard to believe that their mid-size business in the heartland of America would be on the radar of foreign terrorist groups, but as our guest for today’s episode explains, that is exactly the case.

    Will Dixon is a senior executive of Government & Law Enforcement at Intel 471 – a leading authority on the OT threat landscape. Watch/listen as he explains:

    How these group’s initial plans to disrupt water treatment and other critical infrastructure has evolved into the strategic targeting of the U.S. manufacturing sector.Why hacktivist no longer applies to these "strategically aligned state groups."Why AI will not be as impactful for either side as many think.How these groups are part of Russia's bigger plans against the West.The important role vendors and suppliers can play in establishing cyber defenses.The ongoing challenges of breaking down IT-OT silos, and how hackers are using this dynamic against you.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    When we talk about the challenges presented to those trying to secure the operational landscape of manufacturing, it’s tough to avoid what I’d call the usual suspects - endpoints, connection points, credentials, vulnerabilities, silos and, of course, the impact of artificial intelligence.

    And just as there are benefits to discussing these individual aspects, it’s equally important to look at things from a bigger picture in tying them all together. This not only helps us strengthen the chain, but appreciate the significance of reinforcing each of those links.

    Perhaps no one has helped tie all of these different players together better than our guest for this episode. Vinod D’Souza leads the manufacturing and industry vertical for Google Cloud’s Office of the CISO. Watch/listen as we discuss:

    Emerging vulnerabilities and response plans.Segmentation challenges in the era of constant technological expansion.New-age approaches to patching.The connected fibers of artificial intelligence and the human factors of cybersecurity.Addressing IT and OT silos.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    Back in 2020, the Department of Defense, as it was called at the time, introduced the Cybersecurity Maturity Model Certification (CMMC). It carried the goal of ensuring companies would be able to protect sensitive information when working on government contracts.

    The program requires contractors handling Federal Contract Information (FCI) and Controlled Unclassified Information (CUI) to meet specified cybersecurity standards. Prior to CMMC, DoD contractors were required to self-attest cybersecurity compliance with frameworks set up by the National Institute of Standards of Technology (NIST).

    Fast forward to September 10 of last year and the Department of War as it’s now known, published an update to the CMMC – basically launching a three-year rollout of elevated cybersecurity requirements.

    To help clarify some of the challenges and benefits associated with CMMC, I invited Mark Knight to the program. He's a Partner and Cybersecurity Risk Advisory Leader at Armanino. Listen as he offers:

    Details on what the updated CMMC is all about.The challenges of meeting these new compliance standards.Embracing the good and bad of government ambiguity in complying with CMMC.The impact this certification could have on all manufacturers, regardless of whether or not you’re going after DOW contracts.The good and bad of utilizing AI for compliance work.How CMMC could spur M&A activity within the cybersecurity tool sector.The potential supply chain impacts of companies deciding against pursuing CMMC compliance.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    "You don't have to get hacked to understand how you can get hacked."

    While I utilize that editorial director title to introduce myself before every episode of Security Breach, it’s not the title that I’ve used the longest, think about the most, or with which I would hope to obtain the most acclaim. Rather, the job descriptor that meets all those requirements is the title of ... Dad.

    And perhaps the phrase most commonly utilized during my ongoing tenure in this position is some form of "are you ready?"

    Whether it was preparing to push a swing, toss a pitch or start a car, inquiring as to the state of my daughter’s readiness was always the first, most important, and yet most basic action I took.

    I was reminded of this when speaking with our guest for this episode, Itzik Kotler, the co-founder and CTO of SafeBreach. While our conversation took us down a number of paths in discussing “shiny objects”, the problems with silos, and the evolution of hackers, he kept coming back to the basics, or what I like to constantly describe as the blocking and tackling of cybersecurity.

    At the heart of the focus on the basics is taking steps to be prepared for when, not if, you’re targeted by hackers.

    So, if you're ready, listen as we discuss:

    Why every manufacturer is either a target or connected to a bigger target via their supply chain connections.The lure of "shiny objects", and how they can distract from the best approaches to cybersecurity upgrades.How hackers are exploiting the complexities of your environment.Why security strategies need to start with understanding what is truly at risk, and what level of risk is acceptable.The growing need for detection engineering.Evolving your enterprise in realizing that "hackers don't work in silos."The role AI can play in addressing alert fatigue.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    We’ve all heard the euphemism about knowledge being power. But perhaps the more accurate assessment comes from my favorite childhood cartoon. Yes, I’ve referenced it before, but when GI Joe signed off each episode by letting us know that “Knowing is Half the Battle”, Duke and his crew were echoing the same sentiment as our guest for today’s episode.

    Evan Dornbush is the CEO of Desired Effect. A former DoD-trained state hacker, he’s now working with cyber researchers to help promote their findings and get the vulnerabilities they detect into the hands of the software, network or equipment suppliers before hackers can leverage these findings, and wreak havoc on industrial control systems and production workflows.

    Listen as we discuss this strategy, as well:

    How to define roles and responsibilities in pushing Secure-by-Design initiatives forward.Why manufactures shouldn't look to out-tech the hacker.Strategies to help defenders from having to keep playing catch-up.How cybersecurity can be utilized as an operational tool.The ongoing challenges created by Zero Day vulnerabilities.Creating a culture that goes beyond just "spending for the cyber nerd."New ways to calculate ROI in advancing cybersecurity priorities.The cost benefits of investing in cyber talent.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    Perhaps you’re familiar with the quote, “The greatest trick the Devil ever pulled was convincing the world he didn’t exist.” While its use in the movie The Usual Suspects might resonate with most, the original attribution goes to French poet Charles Baudelaire.

    The quote came to mind in preparing for my conversation with Tim Chase, Principal Technical Evangelist for Orca Security. I knew we were going to be discussing topics where the biggest implementation challenges typically resonate from OT asset owners who don’t see the need to address these topics.

    Or, with all due respect to Baudelaire, the greatest trick hackers ever pulled was convincing the industrial sector that they didn’t care.

    The good news is that folks like Tim are aware of these situations, and working to offer some new solutions. Watch/listen as we discuss:

    How vital it is to define security responsibilities.The growing need for cloud security education.Why a top-down approach is vital for creating a security-focused culture.The benefits of creating internal security champions.The annoying, but growing significance of SBOMs.Combatting alert fatigue.The biggest challenges AI is creating for cybersecurity.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    While I’ll resist drawing comparisons about industrial cybersecurity to butterflies and bees, producing this episode did remind me of another great Muhammad Ali quote: "The hands can't hit what the eyes can't see.”

    This could provide an easy segue into the ongoing challenges about asset visibility, but really, it goes a bit deeper than that. In addition to being able to see all the things we need to defend against, we also have to understand what to look for in establishing those defenses.

    In this episode, we discuss these challenges and solutions with Bryson Bort, the founder and CEO of SCYTHE, a leading provider of Adversarial Exposure Validation (AEV) solutions. Watch/listen as we also discuss:

    The increasing impact of hacktivists.The rise of ransomware gangs.What AEV is all about.Why there is no such thing as an accidental hack.The human impact on cybersecurity and why it is rarely the human's fault.How his former military life has impacted his cybersecurity career.Why supply chains could be the most important threat landscape going forward.

    To check out the work he and his colleagues are up to, you can go to scythe.io, as well as icsvillage.com.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    Uptime.

    It’s the lifeblood of manufacturing and the precise target of industrial sector hackers. By knocking systems offline, stealing credentials, holding data for ransom, or crippling supply chains, the bad guys know their ultimate goals of disruption or extortion will be realized.

    And as we’ve discussed numerous times here on Security Breach, keeping these bad actors out has become more and more difficult as new technology, connectivity and endpoints are added to the OT landscape.

    Hackers are getting smarter and more complex, but the good news is so are the tools and strategies for the good guys. Here to offer some perspective on dealing with the leading threats targeting the people, systems and data of the industrial sector is a collection of experts focused on minimizing disruptions and preparing you to react and respond to cyberattacks.

    Watch/listen as:

    Max Clausen, senior VP of Network Connectivity at Zayo dives into the factors and strategies driving DDoS or distributed denial of service attacks.John Carse, Field CISO at SquareX discusses the ongoing impact of developing and legacy vulnerabilities, as well as some of the novel strategies hackers are using to introduce new strands of highly disruptive malware.Amit Hammer, CEO of Salvador Tech talks about lessons learned from the recent Jaguar Land Rover attack and how response strategies will continue to play a key role in minimizing attack-related downtime.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    While there are plenty to pick from, one of the biggest challenges for cybersecurity professionals in the industrial realm can be getting financial support. In manufacturing there are always a number of viable spending options, and working to make cybersecurity a priority can be tough, especially when enterprises are faced with initiatives seen as more fundamental to the core mission of getting finished product out the door.

    However, a couple of recent reports could help connect the dots between production and security, and the need to fund both.

    First, there’s Adaptiva’s State of Patch Management Report that found 75 percent of manufacturing companies have critical vulnerabilities with a CVSS score of 8 or higher, and 65 percent have at least one vulnerability listed in the CISA Known Exploited Vulnerabilities Catalog. So, hackers know about these weaknesses and they’re taking advantage of them.

    And, according to Black Kite’s 2025 Manufacturing Report, 51 percent of those surveyed indicate that patching has become a bigger challenge than intrusion detection, and more than 75 percent indicate that both IT and security must approve patches before deployment.

    Reading between the lines – patching takes too long and is too complicated, so the vulnerabilities persist and the hackers keep winning.

    Watch/listen as we discuss these and other topics with Chaz Spahn, the Director of Product Management at Adaptiva.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    When talking to the experts and leading authorities that have participated in the 140+ episodes of Security Breach, there’s always a slight pause when directing their attention specifically to the industrial sector. That’s because, well, we’re special.

    There’s the unique juxtaposition of old and bleeding edge technology.

    There’s the influx of greater connectivity combatting the struggles to identify and secure the growing number of endpoints.

    And there are the ongoing battles related to secure-by-design responsibilities, cloud networks and the ever popular building and breaking down of IT/OT silos.

    The good news is that we’re getting better. Better at identifying the problems and better at elevating solutions from some of the sharpest minds in the sector. And we’re fortunate to be able share these insights from an incredible collective on today’s episode.

    Watch/listen as Max Clausen, senior VP of Network Connectivity at Zayo, John Carse, Field CISO at SquareX, Sophos’ Chester Wisniewski and ExtraHop’s Chad Lemaire tackle topics that include:

    VisibilitySecure-by-DesignArtificial IntelligenceIT/OT SilosPatchingLOTL and Phishing AttacksNon-standard OT Architecture

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].

  • Send us Fan Mail

    I know that we’re constantly talking about artificial intelligence - the best ways to use it, the ways hackers are using it, and the overall good, bad and ugly of implementing AI into your security infrastructure.

    But what if we took a little different route.

    In this episode we're going to explore how AI can help make your people better at managing cybersecurity. We know there’s a huge talent pool shortage, and the challenges of keeping employees vigilant against repeated attacks continues to grow.

    So, watch/listen as I explore these dynamics, well as many others, with Grant Oviatt - Head of Security Operations for Prophet Security – a company that recently unveiled their State of AI in SecOps 2025 research report. A lot of the data from the report was rather shocking, especially when the survey repeatedly uncovered how many SOCs, inundated with constant intrusion alerts, have experienced numerous breaches simply because the volume of critical alert notifications has made them easier to ignore.

    It was a great conversation, with numerous takeaways, including:

    Why 60 percent of security teams have experienced critical breaches stemming from overlooked alerts.How security leaders anticipate AI solutions handling more tasks within the SOC over the next 3 years.Reasons for 57 percent of organizations deliberately suppressing detection rules and accepting higher risks to keep operations moving.How hackers are using AI beyond just phishing campaigns to get access to critical assets and networks.How the industrial sector can better implement AI without yielding to internal pressures.

    As a go-to podcast for our listeners, we want to help you align your brand with our expertise. By sponsoring our podcast, your brand will build trust, and your message will stand out to an audience searching for tools to assist their cybersecurity efforts.
    Click Here to Become a Sponsor.

    To catch up on past episodes, you can go to Manufacturing.net, IEN.com or MBTmag.com. You can also check Security Breach out wherever you get your podcasts, including Apple, Amazon and Overcast.

    If you have a cybersecurity story or topic that you’d like to have us explore on Security Breach, you can reach me at [email protected].