OT After Hours
OT After Hours, a podcast about operational technology security, brings you candid conversations with ICS engineers and experts who get the unique challenges you face. Join us for unfiltered stories and advice from the front lines of industrial cybersecurity as we share best practices, lessons learned, and a few laughs along the way.
info_outline
The CIA Triad in OT & Automation
05/21/2025
The CIA Triad in OT & Automation
In this episode, we grapple with a deceptively simple question: in an operational technology environment, which element of the CIA triad—confidentiality, integrity or availability—should reign supreme? Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests Natalie Kalinowski (OT Security Analyst), Tyler Bergman (Industrial Cybersecurity Engineer) and Zach Woltjer (ICS Security Specialist) as they debate real-world incidents, legacy system constraints and industry priorities that shape how we secure critical infrastructure. Key Takeaways Availability often takes center stage in OT—downtime can cost millions and trigger regulatory shutdowns. Integrity attacks (like Stuxnet-style tampering) are scarier than outright outages: misleading data can hide dangerous conditions. Confidentiality matters too—information gathering paves the way for future, highly targeted attacks. In practice, availability and integrity are inseparable: validating data flow can bolster both pillars simultaneously. A holistic, risk-based “crown jewels” assessment helps organizations focus on the devices and data that matter most. Timestamps 00:00 – Introduction and sound check 00:43 – Welcome to Season Two of OT After Hours 01:06 – Guest introductions: Natalie, Tyler & Zach 04:00 – Defining confidentiality, integrity and availability 07:57 – Tyler on why availability skyrockets in OT environments 11:53 – Natalie on integrity attacks and the legacy of Stuxnet 25:05 – Ken and team explore integrity-based attack scenarios and encryption trade-offs 39:47 – Natalie on confidentiality’s long-term impact (Ukraine grid outages, HAVoC) 43:04 – Roundtable closing thoughts: tying availability & integrity together 47:12 – Outro and how to submit your questions Guest Information Natalie Kalinowski: OT Security Analyst at Verve Industrial, specializes in vulnerability management and threat research. Tyler Bergman: Industrial Cybersecurity Engineer at Verve Industrial, expert in SCADA availability and risk mitigation. Zach Woltjer: ICS Security Specialist at Verve Industrial, focuses on OT-IT convergence and strategic assessments. Subscribe Get in Touch | | | I
/episode/index/show/12c2aa51-9739-4449-9d83-fddccc0d0521/id/36658460
info_outline
To CVE or Not to CVE?
04/23/2025
To CVE or Not to CVE?
In this episode, we explore how often OT teams really need to refresh asset-inventory data and what MITRE’s near-miss funding lapse for the CVE program means for vulnerability management. Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests Natalie Kalinowski (OT Security Specialist), Lance Lamont (Team Lead, Special Projects & Protocols), Andrew Wintermeyer (Senior ICS Architect), and Tyler Bergman (Principal Security Consultant) as they discuss scan cadences, change-detection value, and building redundancy into threat-intel pipelines. Key Takeaways Context drives cadence. Fan speed may need minute-level polling, firmware often does not. Redundancy is resilience. Blend NVD, CISA, MITRE, and vendor advisories to survive feed outages. CVE is a language, not the cure. Losing it wouldn’t add vulnerabilities, but it would cripple prioritization. Change detection turns inventory data into real-time alerts for unauthorized config tweaks. Timestamps 00:00 – Introduction and sound check 03:30 – Why “asset-data freshness” landed on today’s agenda 04:10 – MITRE CVE funding scare: what happened and why it matters 10:50 – OT vs. IT views on vulnerability backlog and enrichment 18:00 – Mapping scan frequency to business need 24:40 – Change management and configuration-drift detection 33:00 – Diversifying data sources beyond NVD 38:50 – The proposed “CVE Foundation” for long-term stability 42:40 – Building redundancy into threat-intel pipelines 44:50 – Listener poll results: hard-rock “Legacy Code” wins 46:15 – Sign-off and credits Listener Q&A We're happy to announce that the hard rock version of Legacy Code on the Conveyor Belt was far-and-away the fan favorite! ! Guest Information Natalie Kalinowski: OT Security Specialist at Verve Industrial; leads proof-of-value engagements and vulnerability mapping. Lance Lamont: VP, Solutions Engineering at Verve Industrial; directs driver development and asset-inventory strategy. Andrew Wintermeyer: Senior ICS Architect at Verve Industrial; designs secure network architecture for critical infrastructure. Tyler Bergman: Principal Security Consultant at Verve Industrial; focuses on risk prioritization and framework alignment. Subscribe Get in Touch | | | I
/episode/index/show/12c2aa51-9739-4449-9d83-fddccc0d0521/id/36280320
info_outline
Active vs. Passive
03/19/2025
Active vs. Passive
In this episode, we explore the complexities of asset management in operational technology (OT) security. Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests Tyler Bergman, Zachary Woltjer, Natalie Kalinowski, and Lance Lamont as they discuss the challenges of tracking and securing assets in industrial environments, the impact of legacy systems, and the best strategies for improving visibility and resilience. Key Takeaways Asset management is a foundational element of OT security, yet many organizations struggle with visibility. Manual, passive, and active asset discovery each have unique benefits and limitations. IT/OT convergence presents additional challenges in integrating and securing legacy systems. The right combination of asset discovery methods is critical for maintaining security and operational efficiency. Organizations must balance security with practicality when implementing asset inventory strategies. Listener Q&A for your favorite version of Legacy Code on the Conveyor Belt! Version 1: Version 2: Want to ask a question for the experts at Verve to answer? ! Timestamps 00:00 – Introduction and sound check 06:00 – Why asset management is critical to OT security 10:30 – The impact of legacy systems on asset visibility 15:20 – Manual asset discovery: Pros, cons, and best practices 22:10 – Passive asset discovery: Leveraging network traffic for insights 30:55 – Active asset discovery: Gaining deeper visibility without disrupting operations 40:30 – IT/OT integration challenges and strategies 50:10 – Closing thoughts and recommendations Guest Information Tyler Bergman: Operations Manager, providing insights into the practical challenges of cybersecurity in industrial environments. Zachary Woltjer: Customer Success Specialist at Verve Industrial, with expertise in helping organizations implement OT cybersecurity solutions. Natalie Kalinowski: Cybersecurity Specialist, bringing research-driven insights into network security and asset discovery. Lance Lamont: OT Security & Asset Management Expert, discussing best practices for inventorying and securing critical assets. Subscribe Get in Touch | | | I
/episode/index/show/12c2aa51-9739-4449-9d83-fddccc0d0521/id/35777145
info_outline
Asset Inventory
02/19/2025
Asset Inventory
In this episode, we explore the challenges and best practices for identifying and inventorying assets in operational technology (OT) environments. Join host Ken Kully, Systems Support Lead at Verve Industrial, along with guests Lance Lamont, Andrew Wintermeyer, Tyler Bergman, and Rick Herzing, as they discuss how to establish trust, safely discover assets, and navigate network complexities without disrupting operations. Key Takeaways Establishing Trust & Engagement: Successful asset identification starts with building relationships with site personnel, including ICS engineers and facility managers. Safe Asset Discovery Techniques: Using non-disruptive methods like passive network monitoring, ARP table collection, and targeted scans is key in OT networks. Common Challenges: Mismatched documentation, unknown legacy devices, and unconventional network setups often complicate the process. Collaboration is Crucial: Teams at Verve integrate expertise from research, engineering, and cybersecurity to ensure efficient and secure asset inventorying. Continuous Monitoring & Adaptation: The process doesn’t end with identification—maintaining an up-to-date inventory is an ongoing effort. Listener Q&A Want to ask a question for the experts at Verve to answer? ! Timestamps 00:00 – Introduction and sound check 01:10 – Welcome back to Season 2 of OT After Hours 03:14 – What is the core functionality of Verve in OT environments? 06:45 – Trust-building and engaging with OT personnel 12:30 – Real-world surprises: Unexpected device discoveries 18:05 – How Verve safely identifies assets without disrupting operations 27:38 – Leveraging Verve’s capabilities for accurate inventorying 41:11 – Importance of communication and customer engagement 46:53 – The evolving role of Verve and IT-OT integration Guest Information Lance Lamont – Lead, Special Projects & Protocols, Verve Industrial Andrew Wintermeyer – Lead, Device & Integration Team, Verve Industrial Tyler Bergman – Lead, Field Deployment Team, Verve Industrial Rick Herzing – OT Systems Support Analyst, Verve Industrial Subscribe Get in Touch | | | I
/episode/index/show/12c2aa51-9739-4449-9d83-fddccc0d0521/id/35351970
info_outline
What's Next in OT?
12/18/2024
What's Next in OT?
In this episode, we delve into the pressing challenges and exciting opportunities in OT cybersecurity as we look toward 2025. Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests Natalie Kalinowski, Tyler Bergman, and Zach Woltjer as they share insights on industry trends, compliance requirements, and the evolving role of AI in securing operational environments. Key Takeaways Hybrid Workforces and Device Risks: Personal and work devices in operational environments pose security risks, requiring stronger BYOD policies. Regulatory Compliance: Evolving regulations, like NIST and NIS2, drive cybersecurity adoption but lag in addressing sectors like water infrastructure. AI in Cybersecurity: AI enhances detection, patching, and gap analysis, but foundational security issues must be addressed first. Dynamic Detection: AI and machine learning are replacing outdated static rules for real-time anomaly detection. Zero Trust Architecture: The shift to identity- and access-based security is accelerating, especially in hybrid workforce scenarios. Legacy Device Security: Secure proxies and similar tools help protect aging OT devices, but challenges with latency persist. Monitoring Approaches: Continuous monitoring offers immediate insights but increases network load, while scheduled checks provide stability but risk delays. Third-Party Risks: Organizations are diversifying security tools and assessing vendor practices to reduce supply chain vulnerabilities. Timestamps 0:00 – Introduction 02:15 – Guest introductions 06:10 – The water industry as a critical infrastructure concern 12:36 – Predictions for OT cybersecurity trends in 2025 20:17 – AI in OT cybersecurity: workforce gaps and anomaly detection 30:12 – The shift from static rules to advanced detection techniques 33:01 – Zero trust architecture: buzzword or paradigm shift? 47:39 – Continuous vs. scheduled monitoring in OT environments 55:03 – Protecting legacy devices in operational technology 1:08:08 – Final thoughts: hybrid work risks, compliance, and AI in 2025 Guest Information Natalie Kalinowski: Cyber Technology Consultant at Rockwell Automation and Verve, with a background as a network engineer working in diverse operational environments, from food and beverage to natural gas. Tyler Bergman: Cyber Operations Manager at Verve, bringing over 20 years of experience in utility and energy industries with a focus on IT/OT integration. Zach Woltjer: Cyber Data Analyst at Verve with a passion for simplifying complex cybersecurity challenges for industrial clients. Subscribe Get in Touch | | |
/episode/index/show/12c2aa51-9739-4449-9d83-fddccc0d0521/id/34504595
info_outline
Cyber (Im)Maturity
11/20/2024
Cyber (Im)Maturity
In this episode, we explore the evolving challenges of cybersecurity maturity in operational technology (OT) environments. Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests Lauren Blocker, Industrial Cybersecurity Consulting Partner at Rockwell Automation; Drew Wintermyer from Verve’s OT Research Lab; Zachary Woltjer from the Customer Success Team; Tyler Bergman, Operations Manager; and Rick Herzing from Verve Systems Support as they discuss the importance of assessing cyber maturity, bridging IT/OT security gaps, and implementing effective strategies for resilience. Key Takeaways Cyber maturity is not a one-size-fits-all process; it requires tailoring to specific organizational risks and priorities. IT/OT convergence brings unique challenges, necessitating a deep understanding of industrial environments. Frameworks like NIST CSF and ISA/IEC 62443 provide actionable pathways for improving OT cybersecurity maturity. Overcoming resource and talent shortages is critical to achieving sustainable cyber maturity. Collaboration across leadership, operators, and external partners is essential for effective implementation. Timestamps 00:00 – Introduction and sound check 01:26 – Welcome and episode overview 02:05 – Guest introductions and background 06:45 – What does “cybersecurity maturity” mean in an OT context? 15:20 – The challenges of IT/OT convergence 22:10 – Building and executing a cybersecurity maturity roadmap 30:55 – Real-world success stories and common pitfalls 40:30 – The future of OT cybersecurity and emerging technologies 50:10 – Closing thoughts Guest Information Lauren Blocker: Industrial Cybersecurity Consulting Partner at Rockwell Automation. Lauren specializes in assessing and enhancing cybersecurity maturity, helping enterprises implement globally consistent, standards-based strategies. Drew Wintermyer: Research Lead at Verve’s OT Research Lab, focusing on OT-specific vulnerabilities and resilience strategies. Zachary Woltjer Customer Success Specialist at Verve Industrial, with expertise in helping organizations implement OT cybersecurity solutions. Tyler Bergman: Operations Manager, providing insights into the practical challenges of cybersecurity in industrial environments. Rick Herzing: Verve Systems Support analyst, and former industrial controls engineer. Subscribe Get in Touch | | |
/episode/index/show/12c2aa51-9739-4449-9d83-fddccc0d0521/id/34035502
info_outline
The Auto Wreckers of OT
10/11/2024
The Auto Wreckers of OT
In this episode, we dive into the challenges of managing legacy operational technology (OT) systems. Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests Tyler Bergman, Doug Artze, Dylan Stencil, and Andrew Wintermeyer, as they discuss the complexities of legacy systems, spare parts ("grey") markets, and the importance of security in maintaining older technologies. They explore real-world stories, the economics of keeping legacy systems running, and offer insights into potential solutions. Key Takeaways Legacy OT equipment can have extremely long lifespans, often much longer than typical IT hardware. This leads to challenges in finding support and spare parts as the equipment ages. There is a thriving market for reconditioned and resold legacy OT equipment, but the chain of custody and security vetting of these devices can be unclear. Maintaining documentation and access to legacy software/configuration tools is critical for supporting and troubleshooting older OT systems, which can be difficult as vendors discontinue support. The economic and operational costs of upgrading legacy OT systems can be prohibitive, leading many facilities to try to keep them running as long as possible through creative means like sourcing spare parts. Planned obsolescence by vendors and the lack of right-to-repair policies can exacerbate the challenges of maintaining legacy OT equipment over time. Visibility into the OT asset inventory and having a plan for securing legacy systems are important for managing cybersecurity risks in these environments. Timestamps 00:00 – Introduction and sound check 02:00 – Ken’s story: Decommissioning PDP-11/84 systems 04:50 – Challenges with legacy equipment and backup solutions 09:00 – The aftermarket for OT equipment and security risks 14:00 – Securing legacy OT systems and ensuring safety standards 27:00 – Real-world experiences with aging OT infrastructure 39:00 – How cybersecurity standards affect legacy systems 50:00 – Solutions for managing legacy equipment Guest Information Tyler Bergman: Experienced in utilities and OT security with over 20 years in the industry. Dylan Stencil: Research team member with a background in technology and controls work. Doug Artze: Operations team member with experience in nuclear power and wastewater treatment. Drew Wintermeyer: Research team member and overseer of Verve’s internal labs of OT devices. Subscribe Get in Touch | | |
/episode/index/show/12c2aa51-9739-4449-9d83-fddccc0d0521/id/33423727
info_outline
A Calculated Risk
09/11/2024
A Calculated Risk
In this episode, we explore the concept of Calculated Risk Rating (CRR) and its importance in OT cybersecurity. Join host , Systems Support Lead at Verve Industrial, and his guests – Zachary Woltjer, Cyber Data Analyst at Verve, and Lance Lamont – as they discuss how to prioritize and address vulnerabilities in industrial environments. Key Takeaways Calculated Risk Rating helps tailor cybersecurity solutions to specific industrial environments CRR considers both the impact and likelihood of vulnerabilities being exploited The approach helps organizations prioritize their limited resources for maximum security benefit Trust between cybersecurity providers and industrial operators is crucial for effective risk management Active asset inventory solutions provide richer data for more effective risk mitigation strategies Timestamps 00:00 – Introduction and sound check 01:00 – Introduction of guest Zachary Woltjer 02:50 – Explanation of Calculated Risk Rating (CRR) 06:21 – Importance of contextualizing vulnerability information 09:47 – Discussion on EPSS (Exploit Prediction Scoring System) 12:43 – Identifying “crown jewels” in industrial environments 18:48 – Process of assigning criticality and likelihood ratings 26:50 – Importance of defense in depth strategies 31:01 – How Verve’s teams work together to implement CRR 35:56 – Benefits of active asset inventory solutions 42:35 – Conclusion and outtro Guest Information Zachary Woltjer: Cyber Data Analyst on the Customer Success team at Verve Industrial Lance Lamont: Creator and Explorer at Verve Industrial Protection, leading the research team in exploring OT devices and their security. Subscribe Get in Touch | | |
/episode/index/show/12c2aa51-9739-4449-9d83-fddccc0d0521/id/33008432
info_outline
The Case for Active OT Security
08/28/2024
The Case for Active OT Security
In this episode, we explore the challenges and benefits of active detection in OT security environments. Join host , Systems Support Lead at Verve Industrial, and his guests Rick Kaun and Sally Mellinger as they discuss the limitations of passive detection and the importance of comprehensive asset inventory in industrial cybersecurity. Key Takeaways Passive detection, while useful, has significant limitations in providing a comprehensive view of OT environments Active detection, including the use of agents, can provide more detailed and actionable information about assets Many operators have valid concerns about touching OT systems, but these fears can be addressed with proper expertise and non-disruptive solutions A comprehensive asset inventory is crucial for understanding and managing cybersecurity risks in OT environments The industry needs to overcome the fear of touching OT devices to achieve better security outcomes Timestamps 00:00 – Introduction and sound check 01:21 – Introduction of Sally Mellinger and Ken Kully 04:54 – Discussion on passive detection and its limitations 10:51 – Analogy comparing passive detection to traffic monitoring 24:56 – The importance of comprehensive asset inventory 31:17 – Examples of hidden vulnerabilities in OT environments 36:22 – The need to overcome vendor restrictions on security tools 39:26 – Addressing the root of OT security fears 45:49 – The importance of educating the market on active detection solutions Guest Information Rick Kaun: Expert in OT security with over 23 years of experience in the industry Sally Mellinger: Senior Manager of Content Marketing at Verve Industrial, with over 10 years of experience in B2B and technical content marketing Subscribe Get in Touch | | |
/episode/index/show/12c2aa51-9739-4449-9d83-fddccc0d0521/id/32777517
info_outline
The Crowdstrike Incident: Lessons for OT Cybersecurity
07/31/2024
The Crowdstrike Incident: Lessons for OT Cybersecurity
In this episode, we explore the implications of the recent Crowdstrike incident for OT cybersecurity. Join host , Systems Support Lead at Verve Industrial, and his guests Tyler Bergman and Ryan Zahn as they discuss the impact of IT security tools on OT environments, the importance of staged rollouts, and the delicate balance between automated updates and manual controls. Key Takeaways: The Crowdstrike incident highlights the risks of using IT-focused security tools in OT environments Staged rollouts and thorough testing are crucial for minimizing risks in critical infrastructure OT environments require a different approach to updates and security compared to IT systems The incident underscores the need for better collaboration between IT and OT teams Kernel-level access in security software presents both benefits and risks that must be carefully managed Timestamps: 00:00 – Introduction and discussion of recent events 03:08 – Overview of the Crowdstrike incident and its impact 05:50 – Discussing the differences between IT and OT security approaches 14:57 – Exploration of staged rollouts and testing processes 23:43 – The importance of human safety in OT environments 28:36 – The need for OT-specific considerations in security tool deployment 35:36 – Discussion on the risks associated with kernel-level access 43:18 – Reflecting on the broader implications for cybersecurity and critical infrastructure 48:06 – Closing thoughts and wrap-up Guest Information: Tyler Bergman: Utility engineering expert with 20 years of experience, focusing on cybersecurity efforts for the past five years. Ryan Zahn: Customer Success professional at Verve Industrial with over 11 years of experience and a background in OT as a state engineer for a Midwest power utility. Subscribe: Get in Touch: | | |
/episode/index/show/12c2aa51-9739-4449-9d83-fddccc0d0521/id/32367432
info_outline
OT Security is a Program
07/17/2024
OT Security is a Program
In this episode, we explore the importance of treating OT security as a comprehensive program rather than a collection of individual functions. Join host Ken Kully, Cyber Tech Lead at Verve Industrial, and his guest Rick Kaun, VP of Sales at Verve Industrial, as they discuss the challenges of implementing OT security, the differences between IT and OT approaches, and the need for a holistic view of security in industrial environments. Key Takeaways: OT security requires a programmatic approach that integrates multiple disciplines and functions, rather than treating them as isolated tasks. Context is crucial in OT environments, as the same device can have different implications depending on its role in the process. Implementing individual security functions separately in OT can lead to inefficiencies, increased costs, and potential risks. OT security requires collaboration between IT and OT teams, with a deep understanding of the unique challenges and requirements of industrial systems. A centralized approach to OT security can significantly reduce time, effort, and potential errors in managing industrial cybersecurity. Timestamps: 00:00 – Introduction and topic overview 01:03 – Guest introduction: Rick Kaun, VP of Sales at Verve Industrial 01:18 – Rick's background and experience in OT security 04:57 – The importance of treating security as a program in OT 07:05 – Challenges of implementing individual security functions in OT 11:03 – The role of context in OT security decisions 15:26 – Examples of OT-specific security considerations 22:01 – The impact of IT approaches on OT environments 25:19 – The need for collaboration between IT and OT teams 28:51 – Real-world impacts of OT security failures 32:40 – The importance of skill sets and resources in OT security 33:50 – Concluding thoughts and contact information Guest Information: Rick Kaun: VP of Sales at Verve Industrial, with over 23 years of experience in OT security, helping clients build comprehensive security programs across various industries globally. Subscribe Get in Touch | | |
/episode/index/show/12c2aa51-9739-4449-9d83-fddccc0d0521/id/32179427
info_outline
What is OT?
06/12/2024
What is OT?
In our second episode, we ask the question: “what is OT?”, and attempt to provide an answer. Join host Ken Kully, Cyber Tech Lead at Verve Industrial, and his guests and colleagues Lance Lamont, Tyler Bergman, Doug Artze, and Drew Wintermyer as they discuss what characterizes an OT environment and OT equipment, the impact of IT/OT convergence on distinguishing one realm from the other, and how a device’s usage is often the deciding factor as to whether it is an IT device…or an OT device. Key Takeaways: OT is the collection of hardware and software that is principally concerned with process availability: monitoring the process, providing safety oversight, and the automation, supervision, and control of the core processes for any industry. The same device can be both an IT device and an OT device, depending on usage. OT systems are often – though not always – characterized by device isolation, and can also be spread over a large geographic area. There are some industries – healthcare is an example – where the distinction between IT and OT becomes very blurred. Timestamps: 00:00 – Introduction and sound check 00:35 – Welcome to OT After Hours 00:43 – Host introductions and background 03:40 – What is OT? 04:32 – Parallel terms: IT and OT 05:56 – Other terms: DCS, SCADA, etc. 11:43 – Hardware differences between IT and OT 14:20 – The role of context in defining OT devices 17:34 – The evolution and convergence of OT and IT 19:52 – The CIA triad and its different priorities in IT and OT 22:36 – The timeliness element in OT systems 23:30 – Engineering workstations and their classification 32:36 – The criticality of availability in OT environments 34:30 – The sensitivity of OT control systems 37:41 – Examples of OT in non-industrial settings 44:27 – The importance of physical access in OT security 46:55 – The unique challenges of healthcare OT 50:59 – Concluding thoughts on defining OT Guest Information: Lance Lamont: Creator and Explorer at Verve Industrial Protection, leading the research team in exploring OT devices and their security. Tyler Bergman: Experienced in utilities and OT security with over 20 years in the industry. Doug Artze: Operations team lead with experience in nuclear power and wastewater treatment. Drew Wintermyer: Research team member and overseer of Verve’s internal labs of OT devices. Subscribe Get in Touch | | |
/episode/index/show/12c2aa51-9739-4449-9d83-fddccc0d0521/id/31717722
info_outline
Why It Matters
05/15/2024
Why It Matters
In our pilot episode, we dive into the crucial world of OT security. Join host Ken Kully, Cyber Tech Lead at Verve Industrial, and his guests and colleagues Lance Lamont, Tyler Bergman, and Dylan Stencil as they discuss the importance of industrial cybersecurity, the unique challenges it presents, and why it truly matters. From understanding OT environments to real-world incidents like Stuxnet, this episode is packed with insights and practical advice for navigating the complexities of OT security. Key Takeaways: OT security is critical due to the unique challenges and vulnerabilities in industrial environments. Real-world incidents like Stuxnet highlight the importance of securing OT systems. Maintaining availability and integrity in OT environments is essential to prevent costly downtimes and disruptions. Effective communication with management about OT security needs is crucial for obtaining necessary support and resources. Timestamps: 00:00 – Introduction and sound check 00:40 – Welcome to OT After Hours 01:33 – Host introductions and backgrounds 06:57 – Why industrial cybersecurity matters 08:23 – Stuxnet: A brief overview 15:00 – Vulnerabilities in OT environments 20:08 – Examples of OT device failures 25:19 – The importance of availability in OT systems 40:11 – Conversations about OT security with management 50:33 – Closing thoughts Guest Information: Lance Lamont: Creator and Explorer at Verve Industrial Protection, leading the research team in exploring OT devices and their security. Tyler Bergman: Experienced in utilities and OT security with over 20 years in the industry. Dylan Stencil: Research team member with a background in technology and controls work. Subscribe Get in Touch | | |
/episode/index/show/12c2aa51-9739-4449-9d83-fddccc0d0521/id/31307102
info_outline
Teaser
05/14/2024
Teaser
The trailer for "OT After Hours": unfiltered stories and advice from the front lines of industrial cybersecurity. Subscribe Get in Touch | | |
/episode/index/show/12c2aa51-9739-4449-9d83-fddccc0d0521/id/31293692