Welcome to "PrOTect It All," the podcast where we peel back the layers of cybersecurity to reveal the core strategies, challenges, and triumphs of protecting ou...
The Future of Automation and AI in Operational Technology with Shane Cox
In Episode 33, Aaron Crow explores the transformative impact of automation and AI in the Operational Technology (OT) sector, joined by industry expert Shane Cox from Morgan Franklin Cyber. This episode deepens how AI and automation can enhance security operations when balanced with human oversight and strategic implementation.
Shane Cox shares insights on Morgan Franklin's flexible and expert-driven approach to Managed Detection and Response (MDR) services, emphasizing the importance of tailored client partnerships and continuous collaboration. The discussion highlights the potential of AI to revolutionize security while addressing the unique challenges and risks of integrating automated solutions.
Tune in to learn how the right blend of technology, expertise, and strategy can drive effective security solutions and foster long-term client relationships in today's evolving cybersecurity landscape.
Key Moments:
05:15 Flexible, evolving security service, partnership-focused approach.
07:06 Diverse tools are essential for all organizations.
12:58 Weekend setup complete; improved over subsequent months.
15:30 MDR/XDR: Cloud-based threat detection and response.
18:21 Flexible MDR service integrates client environments efficiently.
21:38 Integration speeds up threat detection and response.
24:52 Cautious automation best balances efficiency and control.
29:50 AI assists coding by highlighting potential errors.
32:12 People are crucial for effective security automation.
35:51 Superior team preferred over superior product.
39:06 AI integration risks due to untested promises.
41:46 Adapting security training amidst AI automation challenges.
Guest Profile:
Shane Cox leads the Cyber Fusion Center at MorganFranklin Cyber where he is responsible for the delivery of managed services such as Orion MDR, Advanced Detection and Response (ADR), Threat Hunting, Adversary Simulation, Cyber Threat Intelligence (CTI), and Incident Response and Management.
Shane has over 25 years of experience in IT and Cyber Security, leading the development and optimization of security programs within enterprise and managed services environments. He has deep experience and success providing customized, business-aligned security outcomes for a diverse range of client environments and industry verticals.
How to connect with Shane:
https://www.linkedin.com/feed/update/urn:li:activity:7264640034891337730
https://www.sdxcentral.com/articles/stringerai-announcements/morganfranklin-consulting-launches-orion-mdr-service-with-stellar-cyber/2024/11/
Connect With Aaron Crow:
...
--------
47:40
Enhancing OT Cybersecurity: From Legacy Systems to Cloud Solutions with Paul Shaver
In this episode, Aaron is joined by Paul Shaver, an experienced OT security consultant from Mandiant, part of Google Cloud. Together, they navigate the nuanced landscape of operational technology (OT) cybersecurity.
The episode begins with Aaron recalling a critical incident at a power plant that underscores the potential pitfalls in OT environments. This sets the stage for a rich discussion on the evolution of OT technology, with Aaron and Paul reminiscing about primary domain controllers and early NT workstations.
The conversation shifts to the future of OT in the cloud, where Paul highlights the benefits of cloud solutions, including enhanced resiliency, security, and data optimization through AI. A compelling customer case study illustrates modern technology adoption with web-based HMIs and Chromeboxes.
Paul offers a detailed analysis of the current OT cybersecurity landscape, addressing the persistent legacy system challenges and the need for a cohesive IT-OT security strategy. He discusses the evolving threat landscape influenced by global geopolitical tensions and the rise of zero-day vulnerabilities.
Listeners will gain practical insights into foundational cybersecurity measures, such as network segmentation, asset inventory management, and robust access control..
Key Moments:
04:14 Connecting IT and OT optimizes processes securely.
09:54 Lost production severely impacts manufacturing revenue recovery.
14:06 Ensure network notifications; control access, separate credentials.
17:10 Engineers need secure access to adjust parameters.
21:55 Endpoint detection on older systems is critical.
28:47 Resilience is crucial in CrowdStrike incident response effectiveness.
32:11 Limited resources for global incident response efforts.=
39:22 Rebuilt domain controller caused authentication issues.
42:37 Focus on resiliency and cloud opportunities, leveraging multi-cloud.
44:59 Improve grid operations using cloud and hyper-converged technology.
48:38 Local cloud provides redundancy for remote sites.
51:15 Critical for acquisition process and problem-solving.
About the guest :
Paul Shaver has dedicated more than two decades to various roles in Operational Technology (OT), primarily within the oil and gas industry. His expertise spans OT architecture, design, and build, along with run and maintaining responsibilities as an asset owner.
Before transitioning into cybersecurity, Paul served as a Technology Director for an oil and gas company in California. Driven by a burgeoning interest in security, he joined Mandiant nearly five years ago. At Mandiant, now part of Google, Paul relishes the mission of enhancing security postures in OT and critical infrastructure, contributing to significant advancements in the field.
How to connect Paul: https://www.linkedin.com/in/pbshaver/
Connect With Aaron Crow:
--------
57:11
Essential Cybersecurity Strategies for Small and Medium-Sized Enterprises
In this episode, host Aaron Crow addresses the pressing issue of cybersecurity for small and medium-sized businesses. With their limited budgets and resources, these enterprises are often prime cyberattack targets.
Aaron explains why these businesses are particularly vulnerable, the potentially devastating impacts of a cyber incident, and practical measures they can adopt to strengthen their cybersecurity without incurring significant costs.
Listeners will uncover insights on establishing basic cybersecurity policies, the critical importance of monitoring, and strategies for preparing for potential breaches.
This episode is filled with valuable tips that could ensure the survival and success of your business amid today's escalating cyber threats.
Key Moments;
00:00 Cybersecurity challenges and solutions for small businesses.
03:24 Startups are vulnerable due to inadequate cybersecurity measures.
06:30 Use secure passwords, educate employees, and use tools.
11:26 Segregate networks to protect sensitive data.
14:46 Effective monitoring requires time, effort, and setup.
16:10 DNS filtering blocks malicious sites, prevents attacks.
20:29 Plan proactively to manage events before crises.
Connect With Aaron Crow:
Website: www.corvosec.com
LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about PrOTect IT All:
Email: [email protected]
Website: https://protectitall.co/
X: https://twitter.com/protectitall
YouTube: https://www.youtube.com/@PrOTectITAll
FaceBook: https://facebook.com/protectitallpodcast
To be a guest or suggest a guest/episode, please email us at [email protected]
--------
25:22
Navigating Cybersecurity Challenges: AI, Tabletop Exercises, and Operational Technology
In this episode, host Aaron Crow is joined by Clint Bodungen, Director of Cybersecurity Innovation at Morgan Franklin Cyber and founder of Threatgen, alongside Michael Welch, Managing Director at Morgan Franklin Cyber. Together, they delve into the ever-evolving world of cybersecurity in honor of Cybersecurity Awareness Month.
Aaron kicks things off by discussing the importance of iterative processes and tabletop exercises in enhancing decision-making and preparedness. The conversation then shifts to the exciting yet complex role of AI in cybersecurity, particularly in operational technology (OT) and critical infrastructure. The experts emphasize the potential of generative AI for data analysis while underscoring the need for human oversight to avoid biases and misinformation.
Clint introduces an “engineering informed cyber” approach to better integrate OT and IT in managing cybersecurity risks, while Aaron stresses the importance of collaboration between cybersecurity professionals and engineers. The episode also tackles balancing convenience and security, the intricacies of password management, and the critical role of communication and trust.
Listeners will gain valuable insights into AI’s role in enhancing security operations, the consequences of system failures, and the debate between compliance and true security. This episode offers expert opinions, real-world examples, and practical advice for navigating today’s cybersecurity challenges. Join us for a comprehensive discussion on protecting our digital world.
Key Moments:
04:20 Generative AI aids efficient GRC and cybersecurity management.
08:40 AI lacks context for verifying asset information.
11:38 Generative AI creating and automating malware tools.
15:58 Building data centers using decommissioned power plants.
17:14 Regulation growing in infrastructure for compliance security.
22:09 Compliance is binary; partial compliance isn't sufficient.
24:33 Prioritize "engineering informed cyber" for OT resilience.
28:14 Collaboration between IT and OT is essential.
33:54 Frustration with excessive video game security measures.
34:49 Cybersecurity fails due to over-engineering complexity.
40:49 Make security easy with password managers, authenticators.
42:31 AI improves tabletop exercises for comprehensive insights.
45:31 Generative AI augments human capabilities and creativity.
48:08 Automated injects streamline engagement and business continuity.
53:46 Executives misunderstand risk, leading to false security.
54:29 Strong IT security, but vulnerable weak points.
About the Guests :
Clint Bodungen:
Clint Bodungen is a globally recognized cybersecurity professional and thought leader with 30 years of experience (focusing primarily on industrial cybersecurity, red teaming, and risk assessment). He is the author of two best-selling books, "Hacking Exposed: Industrial Control Systems" and “ChatGPT for Cybersecurity...
--------
58:02
Bridging IT and OT in Cybersecurity for Power Plants with Jori VanAntwerp
In Episode 29, host Aaron Crow is joined by cybersecurity expert Jori VanAntwerp to delve into Power Grid Security and Redundancy.
This episode explores the segmented design of the US power grid, addressing the challenges and necessary upgrades to mitigate cyber vulnerabilities. Jori highlights security monitoring gaps, the impact of hardware updates, and the cost implications of modernizing infrastructure. The discussion also emphasizes the importance of asset inventory and collaborative efforts between IT and OT professionals.
Real-world incidents, such as unexplained power plant reboots, illustrate the critical role of operator awareness and system maintenance. The potential of AI in cybersecurity, alongside the need for a collaborative, learning-focused approach, is also discussed.
Tune in to gain expert insights on balancing modernization, cost, and operational efficiency to ensure the stability and security of our power infrastructure. Join us for a packed episode to learn how to "Protect It All."
Key Moments:
05:30 Restoring power grids involves complex, staged processes.
11:01 Centralizing data improves efficiency, introduces vulnerabilities.
17:47 Network segmentation essential for security, mitigates risks.
26:12 Cybersecurity tools revealed crucial system issues.
32:15 Understanding systems fully prevents unintended negative impacts.
36:31 Understand OT environment before implementing IT solutions.
41:24 Equip must survive extreme heat, unlike typical data centers.
54:28 Strict access control in nuclear power plant.
57:48 Assess likely risks for protecting plant operations.
01:00:59 Rushed training weakens foundational cybersecurity skills.
About the guest :
For nearly two decades, Jori has enabled industrial and IT organizations to be successful in reducing risk, increasing compliance, and their overall security efforts. Jori has the ability to quickly evaluate situations and determine innovative solutions and possible pitfalls due to his diverse background in security, technology, partnering and client-facing experience. Approaching situations with intuitive insight and methodology, leveraging his deep understanding of business and technology, ranging from silicon to the cloud. He had the pleasure of working with such great companies as Gravwell, Dragos, CrowdStrike, FireEye, McAfee, and is now Founder and Chief Executive Officer at EmberOT, a cybersecurity startup focused on making security a reality.
How to connect Jori :
Website : https://emberot.com/
Linkedin : https://www.linkedin.com/in/jvanantwerp/
Connect With Aaron Crow:
Website: www.corvosec.com
LinkedIn:
Welcome to "PrOTect It All," the podcast where we peel back the layers of cybersecurity to reveal the core strategies, challenges, and triumphs of protecting our digital and operational landscapes. We're thrilled to have you on board for an upcoming episode! Your insights and experiences are invaluable to our listeners who are eager to learn and engage with the leading minds in IT and OT security.
As we gear up to dive into conversation, please feel free to share any specific topics or stories you'd like to discuss. Our audience appreciates both the technical deep-dives and the high-level overviews, so bring your unique perspective, and let's make cybersecurity accessible and engaging together.
Thank you for joining us on this journey to foster a more secure future. We can't wait to hear your voice on the "PrOTect It All" podcast!