Zero Trust in OT: A Look Back at Lessons Across IT and OT
In this special rewind episode, Dino Busalachi and Jim Cook address the messy but critical reality of implementing Zero Trust in operational technology (OT) environments. Drawing from years of hands-on experience, they break down why traditional IT frameworks often fail on the plant floor, especially when facing flat OT networks, legacy assets, and limited change windows. They introduce a "bucket approach" to segmenting and securing OT networks from the ground up. With real-world insights into asset inventory, process integrity, remote access challenges, and cross-functional collaboration, this episode is invaluable.Whether you're a CISO, CTO, an OT engineer, or IT expert; this episode offers solid advice on navigating the convergence of IT and OT in complex industrial systems and environments.Chapters:00:00:00 – Why Zero Trust Doesn’t Fit the Plant Floor (Yet)00:00:45 - Zero Trust : IT versus OT with Dino Busalachi and Jim Cook00:15:59 - Zero Trust in OT: Adapting IT's Playbook for Enhanced SecurityLinks And Resources:Industrial Cybersecurity InsiderLinkedIn Cybersecurity Group PageDino Busalachi on LinkedInJim Cook on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
--------
31:29
Cybersecurity by Design: Building OT Security Into Your Manufacturing Plant Floor
In this episode, Dino and Craig address the practicalities of building cyber resilience directly into manufacturing environments - rather than after the fact. Using real-world analogies and field-tested insights, they break down why treating OT security like physical safety is crucial. They challenge the outdated mindset of retrofitting cybersecurity protection after deployment of industrial plant floor equipment.This episode covers all the key elements of protecting your plant floor. From the importance of designing cybersecurity upfront, to implementing the SANS 5 Critical Controls, specific to cybersecurity in operational technology (OT) environments. Whether you're planning a greenfield build or managing legacy systems, this episode equips mid-to-senior leaders with actionable strategies to align IT and OT teams, boost visibility across XIoT assets, and future-proof operational environments in high-risk industries.Chapters:00:00:00 - Kicking Off: Why Cybersecurity Can’t Be an Afterthought in Manufacturing00:01:52 - Dino’s Five Must-Have OT Security Controls You Should Already Be Using00:03:45 - When IT and OT Collide: Real Talk on Silos, Strategy, and Responsibility00:06:08 - You Can’t Protect What You Can’t See: The Visibility Wake-Up Call00:11:24 - Build It In, Don’t Bolt It On: Making Cybersecurity Part of the Machine00:19:26 - Lost Docs and Retiring Experts: Managing Risk Across the Lifecycle00:20:41 - Dino and Craig’s Final Word: Start Now, Start Smart—Security Is the New SafetyLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity Insider NewsletterDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
--------
23:18
The CISO & Talent Crisis: Turnover Meets OT Cybersecurity Gaps
In this episode, Dino and Craig dive deep into the disturbing talent exodus in cybersecurity. The discussion is sparked by Gartner’s prediction that 25% of cybersecurity professionals will leave the field in the next year. They explore the growing gap between IT and OT teams, the lack of CISO influence in executive leadership, and the friction between cybersecurity goals and operational uptime. With real-world anecdotes and hard-hitting insights, they unpack everything from rogue assets and malware in OT environments to the challenges of implementing EDR tools in live production lines. Whether you're a CISO, CIO, or plant manager, this episode offers a candid look at the complex dynamics of securing industrial environments — and how collaboration is the only path forward.Chapters:00:00:00 – Kicking Off with a Brutal Reality Check on Cybersecurity00:01:06 – Gartner Says 25% of Cyber Pros Are Leaving — Here’s Why That Matters00:03:15 – IT vs OT: The Culture Clash Still Killing Cyber Progress00:09:35 – Why the Wrong Service Partner Could Be Your Biggest Risk00:14:05 – Malware, Rogue Assets, and the Ugly Truth About Your Plant Floor00:18:22 – Real Strategies for Fixing the IT/OT Disconnect (Without Killing Uptime)00:24:06 – Stop Talking. Start Acting. What Cyber Leaders Need to Do TodayLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity Insider NewsletterDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
--------
26:22
The #1 Myth Putting Your Industrial OT Assets at Risk
In this episode, Dino and Craig tackle one of the most overlooked vulnerabilities in industrial cybersecurity: the unintentional chaos caused when IT security procedures are blindly applied to OT environments. Using real-world examples like the CrowdStrike EDR failure, they illustrate how tools meant to protect can actually shut down production lines, cripple HMIs, and introduce massive operational risk. They call out the air-gap myth, the need for shared authority between IT and OT, and the critical importance of context when deploying cybersecurity solutions on the plant floor. For executives and practitioners alike, this episode is a wake-up call to rethink governance, accountability, and collaboration between traditionally siloed IT and OT teams.Chapters:00:00:00 – IT vs. OT: The Unspoken War00:01:03 – Meet Your Guides: Dino & Craig00:01:05 – IT/OT Explained… Without the Jargon00:02:26 – How IT Crashed the Plant Floor00:05:12 – Talk to Me Like I’m Production00:08:53 – Security Priorities: Worlds Collide00:13:40 – Vendors, Integrators & Invisible Risks00:21:52 – Who Owns the Fallout?Links And Resources:Cybersecurity & Digital Safety Group on LinkedInDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
--------
24:17
Staying Ahead of an Industrial Cybersecurity Attack with Carlos Buenaño, Armis CTO
Dino Busalachi sits down with Carlos Buenaño, CTO of Armis, to explore the evolving cybersecurity challenges in industrial control systems (ICS) and operational technology (OT). Carlos shares insights from his extensive experience in process control engineering, industrial network security, and IT-OT convergence. He sheds light on how organizations can gain visibility into their OT environments, mitigate cyber risks, and implement effective security frameworks. From real-world ransomware incidents to strategies for network segmentation and asset monitoring, this discussion provides actionable insights for anyone involved in securing industrial infrastructure. Whether you're a plant manager, security leader, or IT-OT strategist, this episode is packed with valuable takeaways.Chapters:00:00:00 - The High-Stakes World of Plant Management and Control Systems00:01:20 - Meet the Experts: Dino and Carlos on Industrial Cybersecurity00:01:55 - From Engineer to CTO: Carlos’ Journey in Securing ICS00:03:15 - Designing Secure Control Networks: Lessons from Australia00:05:17 - IT vs. OT: Why the Security Approach Must Change00:08:14 - Breaking Down IT-OT Conflicts and Finding Common Ground00:13:52 - Hidden Cyber Threats in Industrial Control Systems00:23:16 - How to Stay Ahead of Cyber Attacks in OT Environments00:24:15 - Key Takeaways and Actionable Steps for Industrial SecurityLinks And Resources:Juan Carlos (Carlos) Buenaño on LinkedInCybersecurity & Digital Safety Group on LinkedInDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
Industrial Cybersecurity Insider offers a thorough look into the field of industrial cybersecurity for manufacturing and critical infrastructure. The podcast delves into key topics, including industry trends, policy changes, and groundbreaking innovations. Each episode will feature insights from key influencers, policy makers, and industry leaders. Subscribe and tune in weekly to stay in the know on everything important in the industrial cybersecurity world!
Ireland