Industrial Cybersecurity Insider

Most manufacturing organizations still operate with a dangerous blind spot: IT and OT teams working in completely different dimensions with no shared visibility into plant floor cybersecurity.
In this episode, Dino and Jim break down why 90% of manufacturers remain in the unaware-to-awareness phase when it comes to OT cybersecurity. They address what happens when IT tries to shoehorn enterprise security into operational environments they don't understand, and how the lack of collaboration between these two groups leads to costly unplanned downtime — sometimes at $100,000 per hour or more.
Drawing from real client engagements, they reveal why OT must take a leadership role in cybersecurity (just like safety), how OT IDS tools can deliver operational value far beyond threat detection, and what it actually takes to get IT and OT speaking the same language before a breach forces them to.
Chapters:
(00:00:00) - Why IT and OT Need to Get to the Table Now
(00:01:47) - Cats and Dogs Living Together: The IT/OT Culture Clash
(00:03:00) - 90% of Manufacturers Are Still in the Dark on OT Cyber
(00:06:00) - What Is OT and Why Don't OT People Know They're OT?
(00:08:45) - Real Client Story: The Missing OT Team on a Global Kickoff
(00:13:00) - Ask Forgiveness, Not Permission: How OT Workarounds Create Risk
(00:15:00) - The OT IDS Tool Nobody's Sharing With OT
(00:19:30) - Why Manual Discovery Assessments Are Throwing Money Away
(00:21:00) - 15 Switch Manufacturers in One Plant: The Architecture Nightmare
(00:25:30) - OT Cybersecurity Is the New Safety — Treat It Like One
(00:29:00) - Final Advice for IT and OT Teams Ready to Converge

Links And Resources:
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Craig sits down with Wil Klusovsky, a 26-year cybersecurity veteran and CRO at viLogics, to break down why asset visibility and exposure management are the foundation of any solid OT security strategy.
From the myth of the air-gapped shop floor to the real-world math behind quantifying cyber risk in dollars and cents, Will and Craig explore how manufacturers can move beyond fear-based selling, bridge the gap between IT and operations, and build programmatic cybersecurity that protects both production uptime and the bottom line.
They discuss how to frame cyber risk as business risk, why compensating controls and context matter more than raw vulnerability numbers, and why the CISO's real job is "chief inside selling officer."
Chapters:
(00:00:00) - Welcoming Will to the Podcast!
(00:02:12) - Why Asset Visibility Is the Starting Point for OT Security
(00:03:48) - The Air Gap Myth and Legacy Systems on the Shop Floor
(00:04:52) - Translating Cyber Risk Into Dollars and Cents
(00:07:05) - Quantifying Downtime: Mean Time to Recovery and True Cost of Ownership
(00:09:55) - Risk Appetite: Spend to Mitigate or Accept the Exposure?
(00:11:32) - Who Really Owns the Risk? Executives, Not CISOs
(00:13:00) - Uptime, OEE, and Why Cybersecurity Risk Is Business Risk
(00:15:45) - Remote Access Risks and Competing Priorities on the Shop Floor
(00:18:04) - The "Chief Inside Selling Officer" — Getting Buy-In Before Budget
(00:19:48) - The Get Out of Jail Free Card: Aligning Incentives Across Teams
(00:22:30) - Context Over CVE Counts: 600 Critical Vulns, Zero Exploitable
(00:25:42) - Prioritizing Remediation by Business Impact, Not Severity Score
(00:26:30) - Wrap-Up and Part 2 Preview: Business Impact Analysis

Links And Resources:
Wil Klusovsky on LinkedIn
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Is the Purdue Model outdated, or simply misunderstood? In this episode, Dino sits down with Ken Kully (Rockwell Automation) for a candid, practitioner-level conversation about what the Purdue Model still gets right.
They discuss where it falls short in modern environments, and why “IT/OT convergence” remains more of a people-and-process challenge than a technology problem.
They break down the reality on the plant floor: long-lived legacy systems, inconsistent architectures across sites, limited maintenance windows, and the operational consequences of downtime.
The discussion also tackles the everyday friction points: MFA, shared operator accounts, unmanaged vendor laptops, and remote access “surprises”, and why you can’t improve OT security posture without a trustworthy asset inventory and segmentation that keeps systems “in their lane.”
Chapters:
(00:00:00) Intro + why this Purdue conversation matters now
(00:01:00) Ken’s background: from process environments to OT cyber delivery readiness
(00:04:00) The big question: has the Purdue Model outlived its usefulness?
(00:07:00) Framework vs. strict blueprint: “Purdue enough” in real plants
(00:09:00) IT/OT convergence: why it’s a people + process problem (not tech)
(00:12:00) The “silver tsunami” and why security UX fails on the plant floor
(00:15:30) MFA, shared logins, and why “security gets in the way” still shows up
(00:18:00) Legacy reality: Windows 98/7 boxes, vendor lock-in, and downtime economics
(00:21:00) Discovery first: diagrams, configs, and why documentation is always missing
(00:23:30) Purdue as a map: brokering traffic, one-up/one-down, and the “3.5” DMZ
(00:26:00) When devices try to “escape the box”: unexpected outbound comms + exposure risk
(00:28:30) Vendor/OEM access: the unmanaged laptop problem in OT
(00:32:00) Asset inventory as the unlock: you can’t defend what you don’t know exists
(00:34:00) Why IT often won’t “crawl the plant,” and what that means operationally
(00:36:30) Scale problem: 30 plants, 30 realities—standardize globally, execute locally
(00:38:30) The SI/OEM “third leg”: why trusted integrators are key to sustainable OT security
(00:40:30) Closing + crossover: continuing the discussion on Ken’s OT After Hours podcast

Links And Resources:
Kenneth Kully on LinkedIn
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Dino and Jim break down a major shift in the cyber threat landscape: federal agencies obtaining legal authority to enter private networks to hunt down state-sponsored malware, and what that signals for industrial organizations.
They discuss why critical infrastructure and supply chains are prime targets, how “soft targets” in OT and building automation get exploited, and why many companies still lack visibility into what’s happening on the plant floor.
The conversation zooms in on real-world exposure points, especially unmanaged vendor remote access and end-of-life equipment, and closes with practical themes for leadership.
Stop assuming “IT has it covered”
Define measurable OT security outcomes
Start taking steps that make disruption harder and detection faster.

Chapters:
(00:00:00) Why identity, trust, and vendor access are breaking down in modern plants
(00:01:00) The episode’s trigger: government-led operations to remove malware from private networks
(00:03:00) “Machete scanning” and why IT-style tactics can disrupt OT operations
(00:05:00) The real target set: critical infrastructure, supply chains, and smaller utilities with limited resources
(00:08:00) Collateral damage and how cyber “weapons” trickle down to criminal ransomware
(00:13:00) Why OT is still a soft target: visibility gaps, unpatched systems, and weak segmentation
(00:14:00) Remote access everywhere: OEM/SI pathways, unknown identities, and lack of governance
(00:20:00) The logging gap: what IT sees vs. what OT can’t see (and why that matters for incident response)
(00:24:00) Building automation and facilities systems as weak links attackers love
(00:26:00) Executive accountability: what boards should be measuring after breaches (and why progress stalls)

Links And Resources:
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

A real-world case study shows how a single phishing email led to credential and MFA compromise, creating an urgent question for any industrial organization: Did the attacker reach the OT environment?
Dino and Jim walk through how OT visibility, secure remote access controls, and continuous monitoring enabled rapid validation of what happened. They were able to prove the breach did not impact control systems and avoid an expensive, safety-driven shutdown of a continuous manufacturing process.
The episode connects technical controls to executive outcomes, including resilience, duty of care, and the financial reality that “not knowing” can be as costly as an actual compromise.
Chapters:
(00:00:00) Why continuous manufacturing makes “abundance of caution” shutdowns so costly
(00:01:00) What “OT continuous monitoring” means and why it matters in real incidents
(00:03:00) Safety and connected environments: why “it can go boom” changes the stakes
(00:05:00) Baselines: defining “normal” so abnormal behavior is actionable
(00:07:00) Incident story: phishing email leads to credential and MFA compromise
(00:09:00) What the team validated: tracing access and confirming OT was not impacted
(00:10:00) Lessons from Colonial Pipeline: inability to validate can force shutdowns
(00:11:00) OT reality check: Windows assets, HMIs, historians, and engineering workstations
(00:13:00) Secure OT remote access: why VPN-only access is not sufficient
(00:16:00) The payoff: avoided downtime, avoided product loss, and avoided disruption
(00:19:00) Executive view: duty of care, liability, compliance, and protecting enterprise value
(00:23:00) The “air gap” myth and why defense-in-depth is the only practical path

Links And Resources:
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!