Powered by RND
PodcastsTechnologyOT After Hours
Listen to OT After Hours in the App
Listen to OT After Hours in the App
(524)(250,057)
Save favourites
Alarm
Sleep timer

OT After Hours

Podcast OT After Hours
Verve Industrial
OT After Hours, a podcast about operational technology security, brings you candid conversations with ICS engineers and experts who get the unique challenges yo...

Available Episodes

5 of 10
  • What's Next in OT?
    In this episode, we delve into the pressing challenges and exciting opportunities in OT cybersecurity as we look toward 2025. Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests Natalie Kalinowski, Tyler Bergman, and Zach Woltjer as they share insights on industry trends, compliance requirements, and the evolving role of AI in securing operational environments. Key Takeaways Hybrid Workforces and Device Risks: Personal and work devices in operational environments pose security risks, requiring stronger BYOD policies. Regulatory Compliance: Evolving regulations, like NIST and NIS2, drive cybersecurity adoption but lag in addressing sectors like water infrastructure. AI in Cybersecurity: AI enhances detection, patching, and gap analysis, but foundational security issues must be addressed first. Dynamic Detection: AI and machine learning are replacing outdated static rules for real-time anomaly detection. Zero Trust Architecture: The shift to identity- and access-based security is accelerating, especially in hybrid workforce scenarios. Legacy Device Security: Secure proxies and similar tools help protect aging OT devices, but challenges with latency persist. Monitoring Approaches: Continuous monitoring offers immediate insights but increases network load, while scheduled checks provide stability but risk delays. Third-Party Risks: Organizations are diversifying security tools and assessing vendor practices to reduce supply chain vulnerabilities. Timestamps 0:00 – Introduction 02:15 – Guest introductions 06:10 – The water industry as a critical infrastructure concern 12:36 – Predictions for OT cybersecurity trends in 2025 20:17 – AI in OT cybersecurity: workforce gaps and anomaly detection 30:12 – The shift from static rules to advanced detection techniques 33:01 – Zero trust architecture: buzzword or paradigm shift? 47:39 – Continuous vs. scheduled monitoring in OT environments 55:03 – Protecting legacy devices in operational technology 1:08:08 – Final thoughts: hybrid work risks, compliance, and AI in 2025 Guest Information Natalie Kalinowski: Cyber Technology Consultant at Rockwell Automation and Verve, with a background as a network engineer working in diverse operational environments, from food and beverage to natural gas. Tyler Bergman: Cyber Operations Manager at Verve, bringing over 20 years of experience in utility and energy industries with a focus on IT/OT integration. Zach Woltjer: Cyber Data Analyst at Verve with a passion for simplifying complex cybersecurity challenges for industrial clients. Subscribe Follow and Subscribe Get in Touch LinkedIn | YouTube | Twitter/X | Contact Verve
    --------  
    1:13:12
  • Cyber (Im)Maturity
    In this episode, we explore the evolving challenges of cybersecurity maturity in operational technology (OT) environments. Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests Lauren Blocker, Industrial Cybersecurity Consulting Partner at Rockwell Automation; Drew Wintermyer from Verve’s OT Research Lab; Zachary Woltjer from the Customer Success Team; Tyler Bergman, Operations Manager; and Rick Herzing from Verve Systems Support as they discuss the importance of assessing cyber maturity, bridging IT/OT security gaps, and implementing effective strategies for resilience. Key Takeaways Cyber maturity is not a one-size-fits-all process; it requires tailoring to specific organizational risks and priorities. IT/OT convergence brings unique challenges, necessitating a deep understanding of industrial environments. Frameworks like NIST CSF and ISA/IEC 62443 provide actionable pathways for improving OT cybersecurity maturity. Overcoming resource and talent shortages is critical to achieving sustainable cyber maturity. Collaboration across leadership, operators, and external partners is essential for effective implementation. Timestamps 00:00 – Introduction and sound check 01:26 – Welcome and episode overview 02:05 – Guest introductions and background 06:45 – What does “cybersecurity maturity” mean in an OT context? 15:20 – The challenges of IT/OT convergence 22:10 – Building and executing a cybersecurity maturity roadmap 30:55 – Real-world success stories and common pitfalls 40:30 – The future of OT cybersecurity and emerging technologies 50:10 – Closing thoughts Guest Information Lauren Blocker: Industrial Cybersecurity Consulting Partner at Rockwell Automation. Lauren specializes in assessing and enhancing cybersecurity maturity, helping enterprises implement globally consistent, standards-based strategies. Drew Wintermyer: Research Lead at Verve’s OT Research Lab, focusing on OT-specific vulnerabilities and resilience strategies. Zachary Woltjer Customer Success Specialist at Verve Industrial, with expertise in helping organizations implement OT cybersecurity solutions. Tyler Bergman: Operations Manager, providing insights into the practical challenges of cybersecurity in industrial environments. Rick Herzing: Verve Systems Support analyst, and former industrial controls engineer. Subscribe Follow and Subscribe Get in Touch LinkedIn | YouTube | Twitter/X | Contact Verve
    --------  
    52:05
  • The Auto Wreckers of OT
    In this episode, we dive into the challenges of managing legacy operational technology (OT) systems. Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests Tyler Bergman, Doug Artze, Dylan Stencil, and Andrew Wintermeyer, as they discuss the complexities of legacy systems, spare parts ("grey") markets, and the importance of security in maintaining older technologies. They explore real-world stories, the economics of keeping legacy systems running, and offer insights into potential solutions. Key Takeaways Legacy OT equipment can have extremely long lifespans, often much longer than typical IT hardware. This leads to challenges in finding support and spare parts as the equipment ages. There is a thriving market for reconditioned and resold legacy OT equipment, but the chain of custody and security vetting of these devices can be unclear. Maintaining documentation and access to legacy software/configuration tools is critical for supporting and troubleshooting older OT systems, which can be difficult as vendors discontinue support. The economic and operational costs of upgrading legacy OT systems can be prohibitive, leading many facilities to try to keep them running as long as possible through creative means like sourcing spare parts. Planned obsolescence by vendors and the lack of right-to-repair policies can exacerbate the challenges of maintaining legacy OT equipment over time. Visibility into the OT asset inventory and having a plan for securing legacy systems are important for managing cybersecurity risks in these environments. Timestamps 00:00 – Introduction and sound check 02:00 – Ken’s story: Decommissioning PDP-11/84 systems 04:50 – Challenges with legacy equipment and backup solutions 09:00 – The aftermarket for OT equipment and security risks 14:00 – Securing legacy OT systems and ensuring safety standards 27:00 – Real-world experiences with aging OT infrastructure 39:00 – How cybersecurity standards affect legacy systems 50:00 – Solutions for managing legacy equipment Guest Information Tyler Bergman: Experienced in utilities and OT security with over 20 years in the industry. Dylan Stencil: Research team member with a background in technology and controls work. Doug Artze: Operations team member with experience in nuclear power and wastewater treatment. Drew Wintermeyer: Research team member and overseer of Verve’s internal labs of OT devices. Subscribe Follow and Subscribe Get in Touch LinkedIn | YouTube | Twitter/X | Contact Verve
    --------  
    48:32
  • A Calculated Risk
    In this episode, we explore the concept of Calculated Risk Rating (CRR) and its importance in OT cybersecurity. Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests – Zachary Woltjer, Cyber Data Analyst at Verve, and Lance Lamont – as they discuss how to prioritize and address vulnerabilities in industrial environments. Key Takeaways Calculated Risk Rating helps tailor cybersecurity solutions to specific industrial environments CRR considers both the impact and likelihood of vulnerabilities being exploited The approach helps organizations prioritize their limited resources for maximum security benefit Trust between cybersecurity providers and industrial operators is crucial for effective risk management Active asset inventory solutions provide richer data for more effective risk mitigation strategies Timestamps 00:00 – Introduction and sound check 01:00 – Introduction of guest Zachary Woltjer 02:50 – Explanation of Calculated Risk Rating (CRR) 06:21 – Importance of contextualizing vulnerability information 09:47 – Discussion on EPSS (Exploit Prediction Scoring System) 12:43 – Identifying “crown jewels” in industrial environments 18:48 – Process of assigning criticality and likelihood ratings 26:50 – Importance of defense in depth strategies 31:01 – How Verve’s teams work together to implement CRR 35:56 – Benefits of active asset inventory solutions 42:35 – Conclusion and outtro Guest Information Zachary Woltjer: Cyber Data Analyst on the Customer Success team at Verve Industrial Lance Lamont: Creator and Explorer at Verve Industrial Protection, leading the research team in exploring OT devices and their security. Subscribe Follow and Subscribe Get in Touch LinkedIn | YouTube | Twitter/X | Contact Verve
    --------  
    42:44
  • The Case for Active OT Security
    In this episode, we explore the challenges and benefits of active detection in OT security environments. Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests Rick Kaun and Sally Mellinger as they discuss the limitations of passive detection and the importance of comprehensive asset inventory in industrial cybersecurity. Key Takeaways Passive detection, while useful, has significant limitations in providing a comprehensive view of OT environments Active detection, including the use of agents, can provide more detailed and actionable information about assets Many operators have valid concerns about touching OT systems, but these fears can be addressed with proper expertise and non-disruptive solutions A comprehensive asset inventory is crucial for understanding and managing cybersecurity risks in OT environments The industry needs to overcome the fear of touching OT devices to achieve better security outcomes Timestamps 00:00 – Introduction and sound check 01:21 – Introduction of Sally Mellinger and Ken Kully 04:54 – Discussion on passive detection and its limitations 10:51 – Analogy comparing passive detection to traffic monitoring 24:56 – The importance of comprehensive asset inventory 31:17 – Examples of hidden vulnerabilities in OT environments 36:22 – The need to overcome vendor restrictions on security tools 39:26 – Addressing the root of OT security fears 45:49 – The importance of educating the market on active detection solutions Guest Information Rick Kaun: Expert in OT security with over 23 years of experience in the industry Sally Mellinger: Senior Manager of Content Marketing at Verve Industrial, with over 10 years of experience in B2B and technical content marketing Subscribe Follow and Subscribe Get in Touch LinkedIn | YouTube | Twitter/X | Contact Verve
    --------  
    47:40

More Technology podcasts

About OT After Hours

OT After Hours, a podcast about operational technology security, brings you candid conversations with ICS engineers and experts who get the unique challenges you face. Join us for unfiltered stories and advice from the front lines of industrial cybersecurity as we share best practices, lessons learned, and a few laughs along the way.
Podcast website

Listen to OT After Hours, All-In with Chamath, Jason, Sacks & Friedberg and many other podcasts from around the world with the radio.net app

Get the free radio.net app

  • Stations and podcasts to bookmark
  • Stream via Wi-Fi or Bluetooth
  • Supports Carplay & Android Auto
  • Many other app features
Social
v7.7.0 | © 2007-2025 radio.de GmbH
Generated: 2/17/2025 - 3:55:42 AM