The conversation explores why OT monitoring and SOC capabilities must come before incident response, and how poor network architecture, lack of visibility, and organizational silos continue to undermine response efforts when incidents occur. Jonathan outlines the architectural foundations required to support effective detection, response, and recovery, while Marc emphasizes the practical realities of implementing OT monitoring—from working with factory engineers to reducing alert fatigue and building usable SOC workflows.

Bryan brings the incident responder’s perspective, sharing real-world insights from global OT incidents, including prolonged dwell times, ransomware impacts on production, and why organizations without proper segmentation and monitoring often experience the most severe and prolonged outages. The discussion also tackles common questions around Fusion SOCs vs. dedicated OT SOCs, the human challenges of translating OT data into actionable intelligence, and what asset owners should realistically expect from incident response retainers.

This episode is a must-listen for OT practitioners, security leaders, and asset owners looking to move beyond theory and understand what actually works in the field. Whether you are just beginning your OT monitoring journey or refining mature SOC and IR capabilities, this discussion offers practical guidance rooted in real operational experience.

Dale explains why the 2026 S4 Conference theme, Connect, is not just about networking people, but about the explosive growth of connections between OT systems, enterprise platforms, and analytics driven by AI. From MES, ERP, and PLCs to asset inventories and security telemetry, these connections are accelerating faster than most security teams are prepared for—often driven by business value rather than security design.

Listeners will hear why manufacturing is emerging as the epicenter of this transformation, how AI is enabling real-time querying across operational systems, and why OT security teams must prepare for a future where their tools become just another data source in larger operational workflows. Dale also shares how this shift will reshape risk, attack surfaces, and even the role of humans in control and response.

The episode also provides an inside look at S4 2026, including this year’s Proof-of-Concept Pavilion, where vendors will be forced to demonstrate their technologies live on a real manufacturing environment, as well as updates on attendance, ticket availability, and why this will be the final year S4 is held in Miami Beach before moving back to Tampa.

This is a must-listen for OT security professionals, automation leaders, and anyone trying to understand how AI-driven connectivity will redefine both risk and opportunity across industrial environments in the years ahead.

Listeners will hear real-world examples of how OT differs from IT, particularly in areas like patching and compliance. Jay shares how asset discovery and lifecycle management remain fundamental hurdles, even after over a decade of cybersecurity initiatives. The discussion explores the nuances across industry verticals—energy, manufacturing, oil & gas—and underscores why tailored approaches are critical when securing diverse OT environments.

This episode is a must-listen for OT professionals, cybersecurity leaders, and anyone attending Level Zero or looking to deepen their understanding of control systems security. Discover why collaboration, not just technology, is key to long-term success in the OT space. Whether you’re an engineer, a procurement officer, or a seasoned CISO, there’s valuable insight here for everyone working to protect the core of their company’s operations.

Lucian shares how his experience in national security shaped his focus on OT cybersecurity, emphasizing the physical impacts of cyberattacks on HVAC systems, elevators, and even water utilities. He introduces the concept of cyber commissioning, a process that ensures building systems are configured securely from the start. Lucian also explains how Building Cyber Security is creating industry-specific frameworks to help facility managers, building owners, and policymakers mitigate risks and reduce insurance liabilities.

With increasing threats from ransomware, nation-states, and insider errors, this episode highlights why securing operational technology is critical to protecting both property and lives. Learn how Lucian’s nonprofit is driving collaboration across industries to address this rapidly evolving threat landscape.

Roya highlights the critical role of asset inventory in building a strong OT cybersecurity foundation. From distinguishing between passive and active network monitoring to the importance of configuration management, she emphasizes how a multi-layered approach can offer comprehensive visibility and risk management. Roya also dives into why organizations often overlook configuration change management, and how integrating different solutions can optimize security efforts.

Whether you’re a seasoned OT professional or just starting your cybersecurity journey, this episode offers valuable insights into improving asset management, reducing risks, and fostering collaboration between vendors and operators.

The conversation dives deep into the risks of insecure by design software, the challenges of implementing true security practices, and the role of government policies in shifting liability from users to vendors. Mehdi explains the importance of threat modeling, attack surface analysis, and secure architecture frameworks to mitigate cyber threats before they arise. He also highlights how software development must evolve beyond rapid deployment cycles to integrate security as a core design principle.

If you’re an ICS professional, cybersecurity engineer, or software developer, this episode provides actionable insights on reducing vulnerabilities at scale, implementing proactive security measures, and preparing for the future of cyber threats. Subscribe now and stay ahead in the ever-evolving world of industrial cybersecurity!

Kyle dives into the origins of SBOMs, their role in addressing vulnerabilities like Log4J, and their potential to transform procurement, risk management, and incident response. He emphasizes the importance of balancing transparency with practicality, noting that SBOMs are a starting point for broader cybersecurity conversations. With his unique perspective from a leading equipment manufacturer, Kyle shares insights into how SBOMs can help bridge the gap between IT and OT systems.

This episode is essential for anyone looking to understand the future of cybersecurity and the critical role of SBOMs in securing industrial control systems. Learn how these tools can foster trust, streamline risk management, and improve collaboration across the industry.

Kenneth explains how CTFs offer opportunities to tackle real-world scenarios, from navigating complex networks to interacting with industrial control protocols. Whether you're an experienced professional or a newcomer to the field, CTFs provide a unique way to build and refine your skills. He also highlights how gamification reaches audiences that traditional training might miss, making learning engaging and accessible.

This episode provides insights into the growing role of gamified learning in cybersecurity and how it’s inspiring the next generation of professionals. Discover how these competitions foster collaboration, creativity, and innovation in a rapidly evolving industry.

The escape rooms integrate learning objectives from INL’s renowned 301 Red Team/Blue Team training, transforming them into engaging, gamified challenges. These exercises offer participants a chance to simulate real-world scenarios, improve teamwork, and develop critical cybersecurity skills. Jeff also highlights the importance of bridging gaps between IT and OT teams through collaborative training initiatives.

Whether you're a seasoned professional or a newcomer to the field, this episode explores how gamification and experiential education can help prepare the next generation of cybersecurity experts. Discover how these escape rooms are traveling the world, raising awareness, and making learning accessible to everyone.

The conversation highlights the growing need for transparency in supply chains, the legal gaps in cybersecurity requirements for technology companies, and the rise of services like ransomware-as-a-service, which lower the bar for cybercriminals. Rob also shares his perspective on education and workforce challenges in cybersecurity, emphasizing the importance of foundational skills and the risks of over-relying on influencer culture.

Packed with actionable insights, this episode offers a nuanced look at the complexities of securing critical infrastructure, balancing innovation with security, and preparing for a more connected, yet vulnerable, future.

Kristin highlights key vulnerabilities, including risks in automated farming equipment, robotic processing lines, and self-driving refrigerated trucks. She advocates for embedding cybersecurity into food safety practices to protect both trust and the integrity of what we eat. As the industry embraces groundbreaking innovations like AI and lab-grown food, addressing these challenges is more crucial than ever.

Listeners will gain valuable insights into the urgent need for collaboration, awareness, and action to secure the systems that sustain our daily lives. This dialogue sheds light on the essential role of cybersecurity in ensuring a safe and reliable food supply for everyone.

Jay delves into the mission of ResetCon, an inaugural conference designed to connect academic researchers, defense experts, and key players from the civilian and commercial sectors. Together, they aim to anticipate emerging threats, mitigate risks, and reduce recovery times for critical systems. The discussion also explores the challenges of integrating IT and OT security teams, the importance of "cyber-informed engineering," and the need for secure-by-design principles.

Listeners will gain insights into the future of cybersecurity, including lessons learned from DARPA research, the importance of bridging silos, and how to build more resilient systems. Don’t miss this episode if you’re passionate about protecting critical infrastructure and fostering innovation.

Listeners will hear about the top attack vectors impacting critical infrastructure: remote access vulnerabilities, supply chain risks, and lateral movement across networks. Adam discusses the importance of network segmentation, cross-team collaboration between IT and OT, and innovative tools like the Cyberwall, a hands-on demonstration environment showcasing real-world OT threats.

Whether you're an OT security professional or new to the field, this episode delivers practical takeaways to enhance your cybersecurity strategies. Don’t miss this engaging conversation focused on securing control systems and building stronger, collaborative defenses.

Mark discusses the significant mismatch between the capabilities of the Department of Defense and intelligence agencies, and the authorities of civilian federal agencies responsible for protecting sectors like power, water, and transportation. He also highlights the pressing issue of underperforming federal agencies tasked with safeguarding critical infrastructure, and the dire need for a comprehensive, bipartisan approach to cybersecurity legislation. With over 32 years in the U.S. Navy and years of policy work in the federal government, Mark offers a unique perspective on the future of cybersecurity and what needs to change to address these challenges effectively.

One of the key takeaways from this episode is Mark’s call for a more cohesive strategy to defend against cyber threats and protect public safety and economic productivity. Despite the ongoing challenges, there’s a sense of hope as Mark emphasizes the bipartisan nature of cybersecurity solutions and the possibility of enacting meaningful changes. This conversation is essential for anyone involved in cybersecurity, national security, or government policy and provides crucial insights into the future of cyber defense in the United States.

In this episode, the panel discusses real-world examples of managing ICS threats, the nuances of integrating OT into traditional IT security frameworks, and the importance of trust and communication in bridging gaps between teams. Learn how managed security services are adapting to meet the unique demands of OT environments and why collaboration across roles and expertise is essential.

Whether you’re a seasoned professional or new to the field, this episode offers actionable insights and inspiring stories that highlight the importance of securing critical infrastructure in today’s evolving threat landscape.

Visit cs2ai.org to learn more about resources, events, and professional development opportunities in OT and ICS cybersecurity.

From vulnerabilities in water systems to the cyber-physical risks of modern vehicles, this conversation highlights the pressing need for a collective defense strategy. Lucian shares actionable insights on the roles of the private sector and national defense in addressing these challenges and calls for a bipartisan commitment to safeguard life-essential systems.

If you're curious about how cybersecurity intersects with human safety and national security, this episode is a must-listen. Learn about proactive measures, emerging frameworks, and how you can contribute to strengthening our defenses.

Roya is an executive industry consultant specializing in operational technology, cybersecurity, and Hexagon. She is a military veteran, an accomplished technologist, and a prolific speaker in our industry. Her creativity knows no bounds, encompassing her passion for the arts and her love of opera and symphonies. She is also an avid traveler and a super fun person to have around.

Roya brings a unique and engaging perspective to our discussion today. She shares her journey from a pre-law magnet program to becoming a skilled speaker in the Navy, highlighting the value of communication skills for conveying technical information to audiences and sharing the challenges and opportunities veterans face when breaking into the cybersecurity industry.

Stay tuned as Roya shares her invaluable insights and experiences, offering guidance for veterans aspiring to enter the cybersecurity field. You will not want to miss the wisdom and stories Roya shares with us today.

Show highlights:

• Roya shares her background as an army brat.
• Roya discusses her six-year experience in the Navy.
• How Roya gradually realized she was involved in technology through her Navy intelligence work
• Roya talks about her studies in international relations and national security after leaving the Navy and how she pivoted to studying cyber-warfare
• Roya landed a job as a security researcher at Idaho National Laboratory (INL) despite lacking an IT background.
• Roya talks about the foundational training she received in OT cybersecurity at INL. 
• How advanced tools often get underutilized due to a lack of trained personnel   
• Roya highlights the value of certifications. 
• How non-technical roles like journalism and event planning can offer entryways into the cybersecurity space.

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Hexagon

Roya Gordon on LinkedIn

Max is a military veteran and motorcycle enthusiast who enjoys doing voluntary work. He is a prolific contributor to the cybersecurity community, always willing to be of service to others. When Max was three, his father applied for American citizenship at the US Embassy in India. It was an extremely long process, and after losing all hope, he and his family finally migrated to Oklahoma a decade later. 

Join us to learn how Max transitioned from the military to founding the successful Ignyte Assurance Platform. He also shares his views on regulations, discusses how AI has impacted the security field, and offers prudent and practical advice for anyone interested in pursuing a cybersecurity career. 

Stay tuned for today’s candid and fascinating interview with Max Aulakh, the Founder and CEO of Ignyte.

Show highlights:

• How Max’s military experience led to his career in security
• Max’s Air Force mentor encouraged voluntary service.
• How working with the Department of Treasury, scrubbing hard drives, led to Max’s interest in security.
• Max explains how his military experience instilled a service mindset beneficial for security roles.
• While in service, he attended the American Military University due to its flexible programs for deployed personnel.
• The challenges he faced transitioning from a services company to a product-based company
• Max shares how he launched Ignyte in 2019/2020
• How Max assists companies with the Cybersecurity Maturity Model, particularly in thedefense sector.
• Why standardization and testing are essential in operational technology
• Max shares his views on the potential of AI

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Ignyte Assurance Platform

Max Aulakh on LinkedIn

Mike is both a fellow and a cybersecurity director, and he currently serves as the ICS OT Cybersecurity Global Lead at Fluor, a massive multinational engineering and construction firm with over 40,000 employees. He has participated in many major building projects, and we are excited to learn from his extensive experience today. 

Stay tuned as Mike shares his insights and expertise.

Show Highlights:

• Mike discusses the two years he spent in China building bowling alleys
• Mike talks about his time teaching and consulting at a training company in San Diego
• How Mike had the opportunity to double his salary and work with the Navy SEALs during 9/11
• Mike discusses his experience working in IT security
• Mike explains that Fluor has built some of the largest control system environments in the world 
• Mike discusses challenges in the energy sector
• How regulations impact cybersecurity in various industries
• Why cybersecurity regulations are essential within critical infrastructure
• Mike discusses the challenge of aligning IT and OT cybersecurity teams 

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Bridewell

Michael Holcomb on LinkedIn

Fluor

Bridewell boasts a rich history in industrials, offering comprehensive cybersecurity services across the entire cybersecurity spectrum, including operating technology. 

Recently, Bridewell came up with an insightful report on cybersecurity within the US critical infrastructure. In this episode, Chase dives into the current state of cybersecurity regulations in critical infrastructure and shares the details and origin of the upcoming Bridewell report, which falls squarely within the interest of CSAI. 

Tune in to learn more about this exciting project.

Show highlights:

• How the attacks experienced by CISOs and cyber managers have decreased despite an increase in risk sentiment 
• The challenges small and mid-sized airports face when implementing regulations due to their limited cybersecurity budgets
• How cybersecurity regulations in the US differ from those in the UK
• What is the link between IT and OT security?
• Why it is essential to implement a hybrid of IT and OT security measures to protect critical infrastructure
• Why organizations need to comply with relevant cybersecurity standards and regulations
• Chase shares key findings and insights from Bridewell's upcoming cybersecurity report for critical infrastructure.

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Bridewell

Chase Richardson on LinkedIn

We are changing things slightly for this episode, with Martin and Chase diving into how to integrate OT systems into your sim rather than presenting our regular biographical format. Their focus today is predominantly on the increasingly relevant topic of managing data across diverse platforms, particularly in OT applications. 

Join us as we explore this integration and unravel the challenges it presents.

Show highlights:

• The evolution of cybersecurity technology
• How the industry struggles with integrating IoT and OT data into security sims
• Why integrating separate systems into one platform is crucial for security teams
• How security and operational technology leadership teams converge
• Why hybrid teams are essential for managing cybersecurity risks
• The importance of asset visibility and understanding the architecture for effectively implementing security solutions
• How AI and machine learning can help to reduce noise in security operations
• Why threat intelligence is essential for business risk and control validation
• The importance of threat intelligence in the cybersecurity industry

Links and resources:

(CS)²AI 

Chase Richardson on LinkedIn

Martin Riley on LinkedIn

Bridewell

Derek Harp on LinkedIn

Carlos is the Chief Technology Officer for OT at Armis. He is a born technologist and an engineer by training. Beyond his professional endeavors, he embraces a life filled with adventure, enjoying many outdoor activities, including scuba diving, mountain biking, and exploring the scenic expanses of unspoiled nature. 

Carlos was born in Venezuela and grew up in a small town outside Caracas. After graduating as an electronic engineer in Venezuela, he traveled to Australia to learn English, fell in love with the country, the lifestyle, and the nature, and has lived there for the last 23 years.

Carlos brings a unique perspective to today’s show, shaped by his professional and personal experiences. Join us for an engaging discussion as he shares his wealth of experiences and insights and explains how he serves his community.

Show Highlights:

• Carlos shares his journey to becoming an engineer in the energy industry
• How his interest in control systems began
• Carlos recounts his early cybersecurity experiences in industrial systems during the early 2000s
• The importance of keeping operating systems up to date to prevent vulnerabilities and ensure reliability
• Why it is essential to understand how technology works in both physical security and cybersecurity
• Carlos discusses the challenges of integrating cybersecurity into process control systems
• Carlos offers advice for engineers who want to get into cybersecurity
• The importance of mentorship and learning from others in their industry
• Carlos discusses the weekly open mic Ask Me Anything sessions he does at work

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Carlos Buenano on LinkedIn

Armis

Ken is a Partner and Co-founder of Pen Test Partners. He is a seasoned technologist, the founder of multiple ventures, a pilot, a skier, and a dynamic and adventurous contributor to our community. 

Ken brings a wealth of experience and expertise that promises to enrich our understanding of the evolving landscape in cybersecurity. In today's discussion, we dive into his remarkable career journey and explore his perspective on OT and ICS-related cybersecurity.

Join us for this informative session with Ken as he shares his valuable perspectives.

Show Highlights:

• Ken discusses his cybersecurity industry journey
• How Ken’s past Air Force experience relates to his current work in cybersecurity
• The benefits of telling a story when communicating complex concepts
• Ken shares a story to highlight the importance of safety and security within the aviation industry
• Ken talks about the unique systems on board planes and their vulnerabilities
• How the isolated protocols used in older aircraft systems are more robust and stable than the modern systems
• How even simple display systems can cause airport outages
• Ken shares his concerns about cybersecurity risks within cloud management platforms for industrial control systems
• How including contractual language for liability in procurement contracts can protect organizations against cybersecurity risks
• Ken shares his thoughts on the future of the cybersecurity industry

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Ken Munro on LinkedIn

Pen TestPartners

In this episode, we interview Michelle Balderson, the Principal Security Architect at Issquared. Michelle is a seasoned professional. In addition to having extensive experience as an established contributor and leader within the industry, she is a technologist, devoted mother, wife, chef, and a true jack of all trades. Beyond her contributions to the industry, Michelle finds joy in the great outdoors, whether she is conquering hiking trails, setting up camp, or enjoying four-by-four adventures. 

In our discussion today, Michelle talks about her personal and professional journey, sharing insights she gained along the way and shedding light on the path that brought her to where she is in her current role as a security specialist.

Join us as we dive into the rich reservoir of wisdom and experience that Michelle brings to the table.

Show Highlights:

• How moving around a lot while growing up allowed Michelle to develop an excellent rapport with others
• Michelle describes her first experience with technology
• Michelle shares her experience of working at Fortinet and SonicWALL
• Work opportunities within the OT security space
• Why a more holistic approach to security is needed
• The importance of changing the culture within businesses to bridge the gap between different domains 
• How empathy and active listening can drive business success
• Michelle discusses her role at Issquared
• Michelle shares the advice she would give to her younger self

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Michelle Balderson on LinkedIn

ISSQUARED Inc.

We are delighted to launch the Author Spotlight by shining our light on Andrew Ginter, the VP of Industrial Security at Waterfall Security Solutions. Andrew has been a steadfast CS2AI supporter since its inception, dedicating considerable time to CS2AI initiatives, and Waterfall is one of our oldest sponsors. 

We are grateful to Andrew for generously sharing his insights and all the invaluable contributions he and his company, Waterfall, have made. Andrew's offerings include editing, reading, and committing much of his time to community projects. 

Join us today as we explore Andrew's wealth of wisdom and experience.

Show Highlights

• Andrew reflects on his writing process and discusses his new book, The Golden Black Book.
• Andrew talks about a new approach of combining cybersecurity and engineering to manage risk.
• How Andrew structured his book for a mixed audience of engineers and managers
• The importance of using mathematical modeling when making cybersecurity decisions rather than relying on intuition or guesswork
• Andrew highlights the lack of cybersecurity expertise within industrial settings.
• How complex risks have created the need for a multi-faceted approach to cybersecurity
• Andrew emphasizes the importance of security by design within product development.
• Why it’s essential to understand the broader definition of vulnerability 
• Andrew discusses the challenges of writing a book on industrial cybersecurity

 Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Andrew Ginter on LinkedIn

WaterfallSecurity

Ron Fabela is the Field Chief Technology Officer at Xona. He is a multifaceted individual who has been a stalwart contributor to the industry for many years. His impressive resume includes being an Industrial Security champion, a military veteran, and a technologist. Beyond his professional achievements, Ron is also a founder, a father, a husband, an astronomy expert interested in anything space-related, and, believe it or not, a goat herder. 

Ron has had a wealth of experiences, making him an all-around fascinating guest. Get ready for a long-overdue and truly insightful discussion with Ron Fabela!

Show highlights:

• How Ron’s interest in technology began
• Ron discusses his career in the military and talks about his cybersecurity training
• Ron offers advice for young people 
• The benefits of working for large organizations, doing internships, and doing volunteer work
• How Ron progressed in his cybersecurity career
• Why no opportunity for exposure to systems and networks should ever get squandered
• How Ron’s military experience shaped his approach to work
• Ron shares insights on the challenges of consulting
• The importance of having hobbies and passions outside of work
• Ron talks about his role as a Field CTO
• How the control systems cybersecurity industry has evolved
• Why it is essential to persevere with projects, even when facing challenges or the progress is slow 

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Ron Fabela on LinkedIn

Xona

For those unfamiliar with Bill, he is a well-rounded and multifaceted individual. He is a technologist, artist, and a loving father and husband, in addition to being a talented singer, Navy veteran, and pilot.

Bill is known in the industry for his many achievements. In today’s conversation, we unveil the various layers of his experiences and perspectives, and he shares insights into the unique facets that have defined his professional and personal journey. 

Stay tuned as we delve into the steps and milestones that have shaped Bill’s dynamic career!

Show highlights:

• How Bill started programming in the fourth or fifth grade
• How a movie inspire him to join the military
• Bill shares some of his exciting fighter pilot experiences 
• Bill’s Naval Academy experiences included computer science studies and exposure to cybersecurity
• Bill reflects on teaching cybersecurity at the Naval Academy
• How he transitioned in his career after quitting the Naval Academy 
• Bill discusses his time spent as a project manager at NERC
• How Grid X evolved and grew
• Cybersecurity and compliance within the energy industry
• The importance of reading books and applying them to life to make a positive impact
• Why Bill finds quantum computing and AI exciting prospects 

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Bill Lawrence on LinkedIn

ItegritiCorporation

Books mentioned:

The Ideal Team Player by Patrick Lencioni 

How to Be Perfect by Michael Perry

Dr. Jesus Molina, the Director of Industrial IoT at Waterfall Security Solutions, is a seasoned cybersecurity practitioner and well-known OT cybersecurity thought leader. He is a technologist and inventor driven by an insatiable curiosity. In addition to being a copious reader and an electrical engineer with a Master's degree and a Ph.D. in the field, Dr. Molina is a dedicated researcher, a sailor, an intrepid traveler, a compelling public speaker, and an ardent educator. 

Dr. Molina’s passion for cybersecurity, particularly in the context of IoT and OT, is evident in everything he does. Join us today as we delve into the insights and experiences of this accomplished cybersecurity expert.

Show highlights:

• Dr. Molina talks about his early life experiences
• How his interest in cybersecurity began
• Dr. Molina explains how he created a virus that infected every computer in his high school
• Dr. Molina shares his experience of pursuing a Master's degree in the US after studying in Spain
• A valuable lesson learned about remaining cautious and protecting a group or organization after a security breach
• Cybersecurity challenges and solutions in various industries
• How Dr. Molina discovered he could control every room in a hotel by exploiting a wireless network vulnerability
• Dr. Molina shares a cautionary story about the importance of watching what you say around journalists
• How curiosity drives creativity
• Dr. Molina discusses his views on the future

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Dr. Jesus Molina on LinkedIn

Waterfall Security Solutions

Rob is the Global OT Security Services Leader for IBM. Beyond his corporate role, he is a military veteran, a tech enthusiast, a devoted father and husband, a proud grandfather, and an avid scuba diver. 

His extensive experience overseeing key service areas within an industry giant like IBM makes Rob an exceptional guest for this milestone podcast. He joins us today to share his insights on control systems, operating technology, and cybersecurity practices.

Rob truly brings a wealth of knowledge and clarity to today’s discussion. Stay tuned for more!

Show highlights:

• How Rob’s interest in technology influenced his desire to explore new things and push boundaries
• The challenges of setting up a business continuity plan in a remote location
• How security measures have evolved from the early days of network security to modern-day cybersecurity
• The importance of understanding the network for OT security
• How software developers can bring valuable skills to cybersecurity after mastering the fundamentals of networking
• Rob shares his insights on entrepreneurship in the cybersecurity space
• How Rob got offered a job with IBM in 2012 after a quick and unexpected interview process 
• Rob explains how he transitioned to full-time OT security work in 2016 
• Why is there a need for a different mindset and cultural understanding within the OT cybersecurity industry? 
• Rob offers advice for people who have recently begun their career journeys

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Rob Dyson on LinkedIn

IBM

Gary is a multifaceted individual with a diverse array of interests. He has been involved in many different projects over time and has worn various hats under the umbrella of his company, Gary Kessler Associates. 

His impressive literary contributions include over 75 articles and three books, establishing him as a prolific authority on cybersecurity. He started his journey as a computer programmer and continues to embrace that today. He is a former EMT firefighter, a passionate outdoorsman, an avid cyclist, and an accomplished master scuba diver trainer. He also is a boat captain, a retired college professor, and a dedicated husband and father. 

Stay tuned for Gary’s interesting backstory and fascinating insights on maritime cybersecurity!

Show highlights:

• Gary shares his backstory and cybersecurity journey 
• How Gary got into maritime cybersecurity
• Some early computer security vulnerabilities and hacking techniques
• Gary dives into current shipbuilding practices
• Some potential maritime cybersecurity risks and threats
• Gary discusses his initial focal point with maritime cybersecurity
• Can a ship be hacked to gain potentially damaging data?
• Security by design and resilience in engineering
• Why bridge crews and officers have to be more technologically aware now than ever before

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Gary Kessler on LinkedIn

Gary KesslerAssociates

Vincent is a distinguished figure within the cybersecurity industry who has profoundly impacted the field in recent years. He is a multifaceted individual with a passion for uniting people- even tens of thousands of individuals at times, for various causes. He is a French Navy veteran, a technologist, a founder, a dedicated father, a loving husband, a culinary artist, and above all, an all-around stand-up guy! 

Vincent has a wealth of knowledge to share with us today! He joins us to discuss some pertinent cybersecurity issues and concerns and the upcoming FIC event in Montreal on October 25th and 26th.

Stay tuned for more!

Show highlights:

• The story behind the FIC Conference that took place in Lille, France, just over a year ago
• Why were the FIC events started?
• How cybersecurity is part of the fabric of every type of business organization, institution, and government body
• Vincent explains why he organizes open events focusing on those who rely on the digital transformation of the world
• Vincent talks about the OT part of the Montreal event and explains how it started
• Vincent explains what comes first when he organizes an event
• How the Montreal event will differ from the event that took place in Lille last year
• Vincent pulls back the curtain to reveal how the big conferences work and what it is like to run them
• Vincent shares his future vision for news conferences in North America

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Vincent Riou on LinkedIn

SAVE THE DATE FIC North America – October 25 and 26, 2023

Susan is a Transformational Operational Technology leader with 20 years of experience in profitably scaling innovative software-based businesses, including automation, IIOT, and cyber security. She has a proven track record of growing and structuring early-stage, profitable digital software-driven P&Ls in excess of $150M. She specializes in change management, product management, M&A, and strategic alliances. Susan serves on advisory boards of Cognite, Innosphere Ventures & One Warm Coat. 

Susan is an incredible individual with vast experience! She’s an empath, DEI champion, mentor, board advisor, and volunteer focused on poverty alleviation. 

In this episode, she discusses her background, talks to Derek about her professional journey, and offers helpful tips and advice.

You won’t want to miss this episode if you are considering a career in the cybersecurity space. Tune in to hear Susan’s fascinating story and benefit from her years of experience in the security field. 

Show highlights:

• Susan talks about her studies.
• Her motivation for pivoting into energy after graduating from college.
• What she gained from her career in international affairs.
• Some of Susan’s interesting roles early on in her career.
• The benefits of getting in-the-field experience.
• There are many different leadership paths to be chosen within the industry.
• What you can gain from working abroad with distributed teams.
• Where security first intersected with Susan’s career.
• Why it’s worth investing your time in networks.
• How being vulnerable can help you develop valuable relationships.
• The role mentorship has played in Susan’s career.
• How Susan ended up in her current role as a CISO.
• Motherhood can be very challenging for women in senior roles. 
• The importance of moving on from any workplace where you don’t feel safe to express your needs.

Links and resources:

(CS)²AI

Cognite

Susan Peterson Sturm on LinkedIn

Dr. Chipley has over 30 years of consulting experience in the areas of Program and Project Management, Cybersecurity, Energy and Environmental (LEED, Energy Star, and Carbon Footprint); Critical Infrastructure Protection and Analysis; Building Information Modeling (BIM) Technology; Base Realignment and Closure (BRAC), and Emergency Management/Disaster Recovery. 

Dr. Chipley served 24 years as a Civil Engineer in the US Air Force and has been consulting since 2001. He is a former adjunct faculty member at George Mason University, where he taught the Infrastructure Security Engineering, Building Security, and Building Information Modeling courses.

Dr. Chipley grew up on a farm in Oregon. He is a long-time contributor to cybersecurity for control systems, civil engineer, US Airforce veteran, husband, father, grandfather, outdoor enthusiast, and wine enthusiast. He joins Derek Harp today to discuss his military background and career journey and share his insights and advice. 

You will not want to miss this episode if you are leaving the military and considering a career in cybersecurity. Stay tuned to hear Dr. Chipley’s story and benefit from his breadth of experience!

Show highlights:

• What Dr. Chipley did and studied during the 24 years he spent in the military. 
• Dr. Chipley talks about Shodan.io and what it can do.
• Some advice about skills and opportunities in the control systems space.
• How Dr. Chipley benefited from joining the military.
• Why you can never stop learning in the control systems world.
• Why women tend to excel in the cyber field.
• How students can find opportunities to join internship programs.
• Potential challenges that people in cybersecurity could face.
• Some of the projects with which Dr. Chipley is currently involved.
• What can young people do to add to their knowledge and education to increase their value five years from now?

Links and resources:

(CS)²AI

The PMC Group

Michael Chipley on LinkedIn

With a distinguished career spanning many years of dedicated service within the Coast Guard and the Department of Homeland Security, Administrator Pekoske has held various pivotal roles. Now, he stands at the helm of the Transportation Security Administration.  With his wealth of experience and insights, this episode promises to offer a unique perspective on the challenges and innovations in transportation security. Stay tuned for more!

Show highlights:

• What the TSA does for security beyond the aviation system
• Administrator Pekoske discusses cybersecurity measures for critical infrastructure
• What are the cybersecurity regulations for critical infrastructure?
• The importance of cybersecurity and the need for a coordinated response to cyber attacks
• Which measures have been put in place for cybersecurity in the transportation sector?
• Cybersecurity regulations and compliance
• Which cybersecurity measures in place for critical infrastructure? 
• What should the regulator have a basic understanding of and be willing to do to achieve their goals?
• How insider threats within the aviation industry
• Cybersecurity and workforce development in the aviation industry
• Options for cybersecurity careers in the government and private sectors

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

David Pekoske on LinkedIn

TransportationSecurity Administration (TSA)

Joe Weiss, the Managing Partner at Applied Control Solutions LLC, initially appeared on the show in episode 61. If you have not already done so, you can listen to that episode to learn more about his biography and personal journey. 

Joe's reputation in the industry precedes him, as he is among the select few who can honestly claim to have dedicated more time and expertise to the field of cybersecurity field than almost anyone else. His career includes tenures at renowned organizations, and he is the curator of one of the world's largest incident databases.

As in the words of Paul Simon, there have been incidents, accidents, hints, and allegations, and Joe Weiss has been at the forefront of understanding and dissecting all of those challenges. Join us for a thought-provoking episode where we dive into the complexities of cyber incidents, attribution, and the ever-evolving landscape of industrial security. 

You are in for an enlightening conversation today, so stay tuned for more!

Show highlights:

• The story of how Joe started his database 
• Cybersecurity in the context of nuclear safety and control systems
• Joe discusses his database of incidents, explaining how it provides valuable insights into the history of cybersecurity incidents.
• Control system cybersecurity incidents and their causes
• Cybersecurity threats and vulnerabilities in industrial control systems
• The importance of securing sensors and actuators in industrial control system
• Why do engineers need training on policies and procedures to address security concerns with field devices?
• Security issues within the industry
• Joe shares his frustration with the lack of progress in IoT security.
• Ways to live with insecure systems and even turn them into money-making machines for end users
• Why is Joe calling for a holistic approach to control systems?

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Joe Weiss on LinkedIn

Applied ControlSolutions LLC

Ron is originally from upstate New York. He was born in Rochester, grew up in Syracuse, and went to Clarkson University. He has had a multifaceted background and has worn many hats throughout his career. First and foremost, he is a technologist, with his roots tracing back to his formal training as an electrical engineer. He is also a programmer, founder, and CEO. 

Beyond his professional accomplishments, Ron is a military veteran after serving in the United States Air Force. He is a husband, father, podcasting enthusiast, masterful 3D animator, and scuba diver. He also indulges in cigar appreciation, holds roles as an investor, advisor, and board member across diverse ventures, and is a passionate champion of philanthropy. 

Today's conversation promises to be enlightening and inspiring! Stay tuned as we delve into the multifaceted tapestry of Ron's life and myriad experiences!

Show highlights:

• How Ron became a hacker
• One of Ron’s worst experiences
• The importance of understanding the mission of a company
• Ron talks about Dragon, network security, and how Dragon got acquired by another company
• Ron shares his motivation for starting his business and explains how he did it
• Ron shares his advice for doing a startup
• How Ron and his business partner co-founded Tenable 
• Why Ron called his company Gula Tech Adventures
• What they do at Gula Tech Adventures 

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Ron Gula on LinkedIn

Gula Tech Adventures

Rob Putman is the Global Manager of Cybersecurity Services at ABB Process Automation. At the core of his journey lies an unquenchable thirst for understanding that has fueled his prowess within the cybersecurity world and beyond. Apart from his impressive professional portfolio, his life encompasses interwoven threads of diverse experiences. He is a US Army veteran, a devoted father, a relentless technologist, a car enthusiast, an intrepid skier, adaring rock climber, and a masterful team builder. 

With Rob hailing from the scenic Bainbridge Island in Washington State, just beyond the heart of Seattle, his insatiable curiosity about the mechanics of the world ignited his trailblazing path. With a penchant for dismantling and deciphering, he embarked on a lifelong mission to unravel the inner workings of things, often charting unorthodox courses to unveil hidden truths. 

Rob's curiosity and unyielding quest for understanding demonstrate the boundless possibilities that emerge when dedication intersects with ingenuity. Join Derek in witnessing the blend of expertise and passion embodied by Rob's exceptional journey as he peels back the layers of his life and work. 

This episode will enrich your understanding of cybersecurity and illuminate the transformative power of unbridled curiosity and purpose-driven endeavors! Stay tuned for more!

Show highlights:

• Rob shares his superhero backstory.
• The jobs Rob did early in his career.
• How Rob transitioned into the tech world.
• The benefits of being opportunistic.
• How Rob managed to stay connected with interesting people as they moved around.
• How did he get into industrial control?
• The importance of having a diverse workforce to protect critical and control systems.
• Building trust and building bridges within a company.
• The challenges Rob faces and something he has to think about continuously in his current role. 
• Some sage advice from Rob.

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Rob Putman on LinkedIn

ABB ProcessAutomation

Chris is a man of multifaceted talents and roles. In addition to being the Co-founder and CEO of runZero , he is also a husband, a runner, a social engineer, an unwavering devotee to cybersecurity, a seasoned member of various security ventures, and a chef specializing in the art of bread baking! 

With his company serving as a bridge to the operational technology community, Chris's journey is a tale that weaves through diverse geographies. He grew up and went to primary school in Germany. He then attended boarding school in Switzerland, after which he continued his education in the United Kingdom.

As we journey through Chris's narrative, we dive into his role as a longstanding contributor to the cybersecurity landscape and his pivotal role in bridging the gap between the digital domain and operational technology. 

Join us as we delve into the diverse facets of the narrative of Chris Kirsch, a remarkable force in the cybersecurity world! You’re bound to be enthralled by his unique story that intertwines his personal experiences with his unyielding commitment to the cybersecurity domain!

Show highlights:

• Some lessons learned from PGP.
• Bridging the gap between hardware and software.
• How adding a second product to the sales process changes the hearts and minds of a sales team.
• Transitioning from working with crypto-geeks to hackers. (18:51)
• The value of cold-calling managers. (26:01)
• Two essential attitudes you can have to an acquisition.
• The benefits of being open and having conversations without expectations.
• Fingerprinting flaky devices.
• The importance of having a good inventory. 
• Chris’s advice to his younger self.

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Chris Kirsch on LinkedIn

RunZero

Today’s show features Bryson Bort, the CEO and luminary Founder of Scythe. Bryson’s influence spans the domains he has touched, nurtured, advised, and meticulously built from the ground up. As the creator of the renowned ICS Village and the driving force behind Grimm, his story is an intricate tapestry of innovation and impact. 

A military veteran from the US Army, a nurturing father, a culinary maestro hosting his own show, a kayaker, a relentless charity fundraiser, and an all-around exceptional individual, Bryson embodies a remarkable depth that will most certainly captivate all listeners! 

Bryson spent his formative years in Germany and the Soviet Union. His linguistic journey began with German, followed by immersion language programs to master English, which was crucial for his educational pursuits. He spent his early years in Berlin until 1988, then in Moscow until 1990. His journey eventually culminated in the United States during his teenage years.

Grab a seat and tune in as Derek unravels the narrative that shaped the exceptional Bryson Bort!

Show highlights:

• How Bryson got into cybersecurity.
• How Bryson learned that procurement is your best friend.
• The importance of building relationships and providing exceptional service.
• Bryson shares his recommendations for working with individuals with technical backgrounds and getting them on board. 
• The importance of understanding the business and mission of the company you work for.
• How cybersecurity eventually took over Bryson’s career path.
• How Bryson got the nickname, Grimm.
• Bryson talks about starting his company.
• Bryson shares some advice for taking on new ideas.
• Bryson explains what the ICS Village is all about.

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Bryson Bort on LinkedIn

Scythe

GRIMM

Episode 79 withMegan Sanford

Today, we have the distinct honor of hosting a true trailblazer in the field of academia and industry as Dr. Barton Miller, the esteemed Vilas Distinguished Achievement Professor at the University of Wisconsin-Madison, joins Derek to share his passion, talk about what he does in the industry, and discuss how we can create a better tomorrow. 

Since first setting foot on the grounds of the prestigious Wisconsin-Madison University in 1984, Bart has spent nearly four decades at the forefront of research and innovation. With his roots in Southern California and his current abode in Johnson, his passion continues to burn as bright as the Californian sun he grew up under! 

Join us for an enlightening journey as Bart embarks on a riveting conversation, unraveling his unwavering passion, pioneering contributions in the industry, and vision for a brighter future! 

Get ready to delve into a world of cutting-edge ideas and explore how we can shape a promising future holding boundless potential!

Show highlights: 

• Bart shares his origin story. 
• Why is it essential to get early exposure to control systems and focus on a specific area of interest?
• The value of resiliency and keeping systems up.
• What is plus-testing?
• Bart dives into how he uses terms like deep-fried security, crispy on the outside and juicy on the inside, when teaching.
• Examples of physical attacks on industrial systems. 
• How did Bart get started in computer science? 
• Bart explains fuzz-testing.
• The pros and cons of open source. 
• Bart gets into his Introduction to Software Security course. 
• Bart discusses something he has been looking at most recently- ransomware.

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Dr. Barton Miller on LinkedIn

University of Wisconsin-Madison

Today, we feature an exclusive interview with Daniel Bardenstein, a former USG official turned entrepreneur. Having recently launched a groundbreaking start-up centered on the critical concept of SBOM, Daniel brings a wealth of insider knowledge and experience to the table! 

Daniel is the Co-founder and Chief Technology Officer of Manifest, a pioneering company specializing in comprehensive SBOM management. Their core mission is to facilitate organizations in embracing this innovative and relatively new concept with utmost simplicity and automation. Through their state-of-the-art solutions, Manifest empowers businesses to navigate the complexities of SBOM seamlessly, ushering in a new era of efficiency and ease.

In today’s riveting discussion, hosted by Bryson Bort, Daniel pulls back the curtain on what truly happens in the trenches of SBOM and unlocks the secrets to implementing his game-changing approach within organizations. 

If you have ever wondered what SBOM is all about and how it could transform the way in which your organization operates, this interview is a must-listen! Get ready to dive into the nitty-gritty of SBOM as Daniel spills the beans on what is happening in the thick of it, offering invaluable insights on how to begin implementing this cutting-edge technology within your organization, starting today!

Fasten your seatbelt and gear up to elevate your cybersecurity game to unprecedented heights!

Show highlights:

• What is an SBOM? 
• Why SBOM is essential for asset owners. 
• Two key ways to collect SBOMs.
• Integrating vulnerability management with asset management. 
• Looking retroactively at legacy systems.
• How SBOM makes vulnerability management better.
• The importance of vulnerability management. 
• How to get started with internal product security.
• How to get customers to take action. 
• How long will it take to see value? 

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Daniel Bardenstein on LinkedIn

Manifest

Joining Derek on the podcast today is the multi-talented Mike Radigan! Mike is a seasoned cyber risk advisor at Cisco with a diverse background and a knack for problem-solving.

Mike's current role is impressive, and his entire journey has been nothing short of extraordinary! Renowned for his creativity and expertise, and with a background in electrical engineering, he has proven himself a formidable problem-solver. Beyond his professional pursuits, Mike is also an avid educator, a master networker, and a passionate connector within Ohio's business and security events. Additionally, he boasts a fascinating range of interests, from being a semi-retired basketball player to a devoted cigar enthusiast and dog lover. 

With Derek having been privileged to know Mike for years, today’s interview promises to unveil intriguing insights and stories that will captivate cybersecurity enthusiasts and general audiences alike! Stay tuned to hear about Mike’s fascinating journey and learn from his many years of cybersecurity experience!

Show highlights:

• How Mike became interested in technology.
• When security first came into play at Cisco.
• The evolution of cybersecurity from the early days to today.
• Risk quantification and cybersecurity. 
• The importance of reliability in cyber security. 
• An agnostic model for defining how risk works.
• How are those models applied in OT environments?
• The importance of reliability in cyber security.
• Why risk is a derived value. 
• Lessons learned from the DRC Organization. 

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Mike Radigan on LinkedIn

Cisco

Omar Sherin is a renowned cybersecurity expert. He is a partner at Ernst and Young Digital Solutions and Cybersecurity and former director of OT Cybersecurity for the same prestigious firm. However, Omar is multifaceted, and his story goes beyond his professional achievements. He is also a founder, dedicated father, adventurous scuba diver, and an avid lover of cars and motorcycles! 

With his vast experience and diverse interests, Omar has traversed the realms of technology and exploration, making him a captivating and inspiring figure in the cybersecurity world. In today’s discussion, he sheds light on his journey and delves into his remarkable contributions as a regional leader, sharing intriguing insights from his region of the world. He also gets into an exciting topic that lies ahead- prepping for the World Cup! 

Omar Sherin is not just a technologist but also a true adventurer and global citizen! Brace yourself for an enlightening conversation that transcends the boundaries of cybersecurity!

Show highlights:

• How Omar got into cybersecurity.
• Two occurrences in Omar's life triggered his professional momentum.
• Omar discusses the incident that opened his eyes to the value of data.
• Why state-sponsored attacks require state-sponsored defenses.
• Omar shares his unique perspective on cybersecurity.
• How safety culture is embedded in cybersecurity.
• Omar talks about building an OT team in Africa.
• The ramifications of holding a world cup in Qatar.
• How to prepare for a major event.
• Why is cybersecurity a golden opportunity for young people?
• 
  

We are honored to introduce our esteemed panelists, three remarkable individuals with a wealth of knowledge and expertise. Their diverse backgrounds and extensive experience in their respective domains make them invaluable contributors to today's discussion.

Miki Shifman holds the esteemed positions of CTO and Co-founder of Cylus, a company wholly dedicated to cybersecurity. With an impressive career spanning over 15 years, his expertise encompasses cybersecurity research and development, as well as communications and embedded systems. For the past six years, he has been at the helm of Cylus, focusing on rail cybersecurity and actively participating as a member of global standardization groups, advocating for awareness and best practices. Recognized as part of Forbes 30 under 30, Miki also enjoys indulging in the strategic game of chess.

Omar Sherin is a partner at EY. He leads the OT cybersecurity efforts for the MENA region. With an impressive 20-year track record in cybersecurity and a wealth of practical knowledge, his expertise extends to national security and the establishment of resilient infrastructures, including those within the rail systems. 

Jo Dalton is a seasoned cybersecurity professional with 17 years of comprehensive industry experience. Her versatile background encompasses various facets of the field, from business compliance to operational components, along with the groundbreaking research conducted at Pen Test Partners. 

Today’s enlightening panel discussion will provide a comprehensive view of the transportation industry, focusing on the scenarios within the rail sector. 

Stay tuned for a thought-provoking exploration that will give you a broader perspective on railway transportation security.

Show highlights:

• How the connected world has changed things.
• The complexity of the rail industry.
• Why do we need more detailed standards?
• Global regulations for critical infrastructure.
• How old is the technology in rail?
• Challenges to be faced in the next three years.
• The typical life cycle of a rail safety system.
• The importance of having multiple companies working together.
• Cyber resilience in the rail industry.
• The need for industry-driven regulation of security.

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Omar Sherin on LinkedIn

Ernst & Young (EY)

Jo Dalton on LinkedIn

Pen Test Partners

Miki Shifman on LinkedIn

Cylus

Gary Kessler and James Cabe are two remarkable individuals who will shed light on the vast spectrum of applications that intertwine maritime operations and the crucial realm of cybersecurity. 

Gary Kessler is a retired cybersecurity professor who has embraced diverse roles. With a remarkable career starting in the late 1970s, Gary has immersed himself in information security. However, his passion for maritime cyber has captivated his attention for the past five to six years. During the challenging times of the COVID-19 pandemic, Gary undertook a personal project close to his heart: writing a book on maritime cyber. Presently, he dedicates his life to exploring the depths of the water, both physically and intellectually, as he navigates the intricacies of cybersecurity in the maritime realm.

James Cabe is a seasoned cybersecurity specialist. He hails from a background deeply rooted in the history of the industry. Having spent his formative years at BBN Planet, James carries a wealth of experience. He ventured into diverse sectors during his career, including retail, foreign national critical infrastructure, and the oil and gas industry. He is currently immersed in the IoT realm, spearheading his own startup focused on developing a chaos-resilient Human-Machine Interface (HMI) independent of Windows. While James acknowledges his comparatively lesser experience in the maritime domain, his expertise in the oil and gas sector, particularly in anchoring systems, vibration analysis, and mud logging, adds a unique perspective to this distinguished panel. 

In today’s exhilarating exploration, we delve into the intricate world where technology meets the high seas and discover how safeguarding our industry has become paramount in the face of emerging digital challenges. The diverse backgrounds and perspectives of the panelists ensure an engaging and comprehensive discussion on the topic at hand.

Stay tuned for an enlightening and dynamic conversation that promises to capture the essence of the maritime industry's cybersecurity landscape!

Show highlights:

• The importance of cybersecurity in the maritime sector.
• Why maritime is essential for national security, defense, energy, food security, and economic security.
• Dealing with high-consequence events.
• The cost of retrofitting new technologies onto old ships.
• The push for autonomy on ships.
• The dangers of relying on digital information.
• The future of big boats and smart ships.
• The lack of resiliency in maritime systems.
• Automation and digitalization of the Maritime industry.
• Building a cyber safety culture.

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Gary Kessler on LinkedIn

Gary Kessler Associates

James Cabe on LinkedIn

ZPE Systems

Today, we delve into the captivating realm of cyber security for aviation and aerospace! We are honored to introduce our three remarkable panelists, each of whom possesses a wealth of knowledge and expertise in their respective domain:

Jonathan Pollet is a renowned figure at Red Tiger Security, known for his 22 years of dedicated work in OT and industrial control systems cybersecurity. 

Barbara Grofe hails from the esteemed Institute of Space and Cyber Research, where she specializes in space asset security and resiliency.  

Shawn Goudge is a seasoned professional who has made significant contributions to physical security in aviation globally while actively exploring the convergence of physical security and cybersecurity. 

This esteemed trio of experts joins forces to shed light on the vital connection between physical security and cybersecurity. 

Stay tuned for today’s enlightening panel discussion on cyber security for aviation and aerospace that promises to unravel the intricacies of safeguarding our skies and beyond!

Show highlights:

• Jonathan talks about a recent assessment of airport systems in Doha, Qatar.
• Why is cybersecurity very immature from the aerospace and satellite perspective? 
• Who is responsible for OT cybersecurity at the airport?
• There is a lot of confusion within organizations about who is responsible for looking at threats.
• Why does cybersecurity legislation need to catch up?
• How physical and cybersecurity systems do not intertwine properly.
• Who is responsible for aviation security?
• Are satellites still easy to hack if they are sophisticated and compartmentalized?
• Do 5G and 6G pose specific risks for the aviation and aerospace sectors?
• The most common types of attacks on airlines.
• Barbara shares the key to addressing aerospace cybersecurity.

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Jonathan Pollet on LinkedIn

Red Tiger Security

Barbara Grofe on LinkedIn

Institute of Space and Cyber Research

Shawn Goudge on LinkedIn

The Calgary Airport Authority

Today, we are privileged to host a remarkable trio of experts who will provide us with invaluable insights and diverse perspectives. We are delighted to introduce our esteemed panelists, Michael Clifford, Nikhil Bogam, and Antwan Banks. Each of these luminaries brings a unique perspective, promising a diverse and enlightening discussion that will unveil the inner workings of their respective organizations.

Antwan Banks joined the National Motor Freight Traffic Association (NMFTA) about two months ago. His primary role is advocating for security practices as the industry advances into autonomous trucks, electric vehicles, and interconnected networks. With the overarching aim of safeguarding the welfare of motor carriers, Antwan's mission aligns with the NMFTA's dedication to fostering a thriving and secure environment within the motor freight industry.

Nikhil Bogam is a seasoned professional with a remarkable career spanning 17 years in the automotive industry. He currently serves as a technical lead in functional safety and cybersecurity at Faurecia Forvia. With over six years dedicated to cybersecurity, Nikhil possesses a profound understanding of the intricate relationship between automotive technology and cybersecurity, recognizing its unique nature compared to conventional infrastructure security. He brings extensive expertise in the 21434 Standard, a recently published industry benchmark, and is actively involved in shaping forthcoming European regulations concerning automotive cybersecurity. 

Michael Clifford is a highly regarded professional and principal researcher in cybersecurity and privacy at Toyota Infotech Labs, the prestigious advanced research and development division of Toyota. With a unique focus on long-term projections, Michael engages in projects that anticipate developments a decade or more into the future. His responsibilities involve predicting and addressing security challenges for technologies that have yet to materialize. Moreover, Michael takes on a leadership role in a consortium of universities dedicated to cutting-edge cybersecurity research, encompassing a diverse range of domains such as security theory, cyber-physical attacks and defenses, and machine learning. His extensive expertise in cybersecurity research dates back to 1998, and his interests span a wide spectrum, including security, privacy, machine learning, autonomy, ad hoc networks, energy efficiency, engineering, transportation, manufacturing, and user-centric design. With a wealth of knowledge and a forward-thinking mindset, Michael plays a pivotal role in driving innovation and ensuring the security of future technologies.

We invite you to join us as we embark on this compelling odyssey of knowledge and discovery and uncover the intricacies of the automotive and trucking industries and the remarkable visions that lie ahead. Stay tuned for more!

Show highlights:

• The differences between trucking industrial control system cybersecurity and traditional cybersecurity.
• Michael shares his thoughts on electric vehicle (EV) charging stations.
• Security and privacy for autonomous vehicles.
• Why the automotive industry needs to think about problems that will occur.
• The evolution of the automotive industry.
• The future of security in the transportation industry.
• Does the automotive and trucking industry view federal rules as positive for cybersecurity or a hindrance?
• Looking at standards within the industry.
• Where automakers are, in terms of taking on cybersecurity for cars and trucks.
• How AI plays into the future of the automotive industry.
• Are common protocols and standards shared across the automotive industry?
• Can EVs be used to spread malicious...]]>We are excited to welcome you to our eagerly anticipated panel discussion on the ever-evolving automotive and trucking industries! 

  Today, we are privileged to host a remarkable trio of experts who will provide us with invaluable insights and diverse perspectives. We are delighted to introduce our esteemed panelists, Michael Clifford, Nikhil Bogam, and Antwan Banks. Each of these luminaries brings a unique perspective, promising a diverse and enlightening discussion that will unveil the inner workings of their respective organizations.

  Antwan Banks joined the National Motor Freight Traffic Association (NMFTA) about two months ago. His primary role is advocating for security practices as the industry advances into autonomous trucks, electric vehicles, and interconnected networks. With the overarching aim of safeguarding the welfare of motor carriers, Antwan's mission aligns with the NMFTA's dedication to fostering a thriving and secure environment within the motor freight industry.

  Nikhil Bogam is a seasoned professional with a remarkable career spanning 17 years in the automotive industry. He currently serves as a technical lead in functional safety and cybersecurity at Faurecia Forvia. With over six years dedicated to cybersecurity, Nikhil possesses a profound understanding of the intricate relationship between automotive technology and cybersecurity, recognizing its unique nature compared to conventional infrastructure security. He brings extensive expertise in the 21434 Standard, a recently published industry benchmark, and is actively involved in shaping forthcoming European regulations concerning automotive cybersecurity. 

  Michael Clifford is a highly regarded professional and principal researcher in cybersecurity and privacy at Toyota Infotech Labs, the prestigious advanced research and development division of Toyota. With a unique focus on long-term projections, Michael engages in projects that anticipate developments a decade or more into the future. His responsibilities involve predicting and addressing security challenges for technologies that have yet to materialize. Moreover, Michael takes on a leadership role in a consortium of universities dedicated to cutting-edge cybersecurity research, encompassing a diverse range of domains such as security theory, cyber-physical attacks and defenses, and machine learning. His extensive expertise in cybersecurity research dates back to 1998, and his interests span a wide spectrum, including security, privacy, machine learning, autonomy, ad hoc networks, energy efficiency, engineering, transportation, manufacturing, and user-centric design. With a wealth of knowledge and a forward-thinking mindset, Michael plays a pivotal role in driving innovation and ensuring the security of future technologies.

  We invite you to join us as we embark on this compelling odyssey of knowledge and discovery and uncover the intricacies of the automotive and trucking industries and the remarkable visions that lie ahead. Stay tuned for more!

  Show highlights:

  • The differences between trucking industrial control system cybersecurity and traditional cybersecurity.
  • Michael shares his thoughts on electric vehicle (EV) charging stations.
  • Security and privacy for autonomous vehicles.
  • Why the automotive industry needs to think about problems that will occur.
  • The evolution of the automotive industry.
  • The future of security in the transportation industry.
  • Does the automotive and trucking industry view federal rules as positive for cybersecurity or a hindrance?
  • Looking at standards within the industry.
  • Where automakers are, in terms of taking on cybersecurity for cars and trucks.
  • How AI plays into the future of the automotive industry.
  • Are common protocols and standards shared across the automotive industry?
  • Can EVs be used to spread malicious codes?
  
  

  Links and resources:

  (CS)²AI 

  Derek Harp on LinkedIn

  Antwan Banks on LinkedIn

  National Motor Freight Traffic Association

  Nikhil Bogam on LinkedIn

  Forvia Faurecia

  Michael Clifford on LinkedIn

  Toyota InfoTech Labs

  ]]>416bcbe6-a3d6-416d-83ec-a7ab3ba8f814Tue, 13 Jun 2023 03:00:00 -050056:51falsefull848483: Steve Mustard with Bob Radvanovsky: Latest Developments, Challenges, and Emerging Trends in CybersecurityWelcome to today’s ground-breaking episode of the CS2AI podcast, where we have the privilege of hosting a dynamic duo of cybersecurity specialists who have dedicated their careers to protecting our critical infrastructure! 

  Steve Mustard is a seasoned automation engineer from Houston, Texas, with a passion for securing automation and control systems. Having served as President of the International Society of Automation in 2021, his commitment to this field runs deep. 

  Bob Radvanovsky is a true pioneer in industrial cybersecurity! He is the Co-founder of the renowned SCADASEC mailing list and the mastermind behind Project Shine. With his vast expertise in safeguarding control systems, IoT, and industrial IoT systems, Bob is currently at the forefront of fortifying our energy sector and protecting the grid. 

  In this innovative episode, Steve Mustard, with his unwavering commitment to the field, and Bob Radvanovsky, a true trailblazer in industrial cybersecurity, share their wealth of knowledge and experience in securing automation and control systems. 

  Stay tuned as Steve and Bob unravel the latest developments, challenges, and emerging trends in the ever-evolving world of cybersecurity!

  Show highlights:

  • Why are we still having serious major incidents when there is so much awareness around cybersecurity?
  • Bob talks about the idea behind Skidmark, his publically-accessible database for collecting information about industrial cybersecurity incidents.
  • Staying up to date with cyber security.
  • Why is there a disconnect between CEOs and operations?
  • Managing cybersecurity on a risk basis.
  • Problems with remote access.
  • Do regulations actually help improve cybersecurity?
  • Why must people who help people have an intimate understanding of the subject?
  • What is a holistic approach to critical infrastructure?
  • Simple things that can prevent egregious attacks.
  • What can you expect from the fifth edition of Bob’s book, Critical Infrastructure, Homeland Security, and Emergency Preparedness?
  
  

  Links and resources:

  (CS)²AI 

  Derek Harp on LinkedIn

  Bob Radvanovsky on LinkedIn

  Steve Mustard on LinkedIn

  ]]>Welcome to today’s ground-breaking episode of the CS2AI podcast, where we have the privilege of hosting a dynamic duo of cybersecurity specialists who have dedicated their careers to protecting our critical infrastructure! 

  Steve Mustard is a seasoned automation engineer from Houston, Texas, with a passion for securing automation and control systems. Having served as President of the International Society of Automation in 2021, his commitment to this field runs deep. 

  Bob Radvanovsky is a true pioneer in industrial cybersecurity! He is the Co-founder of the renowned SCADASEC mailing list and the mastermind behind Project Shine. With his vast expertise in safeguarding control systems, IoT, and industrial IoT systems, Bob is currently at the forefront of fortifying our energy sector and protecting the grid. 

  In this innovative episode, Steve Mustard, with his unwavering commitment to the field, and Bob Radvanovsky, a true trailblazer in industrial cybersecurity, share their wealth of knowledge and experience in securing automation and control systems. 

  Stay tuned as Steve and Bob unravel the latest developments, challenges, and emerging trends in the ever-evolving world of cybersecurity!

  Show highlights:

  • Why are we still having serious major incidents when there is so much awareness around cybersecurity?
  • Bob talks about the idea behind Skidmark, his publically-accessible database for collecting information about industrial cybersecurity incidents.
  • Staying up to date with cyber security.
  • Why is there a disconnect between CEOs and operations?
  • Managing cybersecurity on a risk basis.
  • Problems with remote access.
  • Do regulations actually help improve cybersecurity?
  • Why must people who help people have an intimate understanding of the subject?
  • What is a holistic approach to critical infrastructure?
  • Simple things that can prevent egregious attacks.
  • What can you expect from the fifth edition of Bob’s book, Critical Infrastructure, Homeland Security, and Emergency Preparedness?
  
  

  Links and resources:

  (CS)²AI 

  Derek Harp on LinkedIn

  Bob Radvanovsky on LinkedIn

  Steve Mustard on LinkedIn

  ]]>b49c0986-3d86-4c81-a290-2bd9257b39ceTue, 06 Jun 2023 03:00:00 -050054:57falsefull838382: Shaping the Cybersecurity Industry Through Persistent Innovation with Jonathan PolletDerek is super excited to welcome a true trailblazer in the world of cybersecurity today!

  Jonathan Pollet is the Founder and Executive Director of Red Tiger Security. He is an invaluable pioneer and a long-time contributor to the cybersecurity community. He has been a guiding light for those who ventured into cybersecurity from traditional IP backgrounds over a decade ago. 

  Red Tiger Security is a focused SCADA Security consultancy, training, and research firm dedicated to the resiliency of national critical infrastructure and mission-critical business systems that must be available on a 24x7 basis. Red Tiger Security has developed and implemented a 6-layer Vulnerability Assessment approach that encompasses both Physical and Cyber security for ICS (Industrial Control Systems).

  Hailing from the vibrant city of New Orleans, Louisiana, Jonathan’s upbringing was shaped by the unwavering dedication of his single mother. Determined to pursue a path in electrical engineering, he tirelessly sought opportunities to secure a full scholarship, ultimately leading him to the doors of Louisiana State University. Fortunately, his efforts paid off, and he emerged holding a four-year degree at the age of 21. Growing up in the lively streets of New Orleans instilled in him a belief that anything is possible when met with resilience and a zest for life!

  With an illustrious background as a SCADA engineer, Jonathan has become an AI and OT security evangelist, leaving an indelible mark as an entrepreneur and business owner. In addition, he is also an instructor, speaker, scuba diver, and even a talented sax player!

  Join us as we uncover the extraordinary life of Jonathan Pollet, a multifaceted force shaping the landscape of cybersecurity!

  Show highlights:

  • How Jonathan got started in digital process control.
  • Jonathan shares a pivotal moment in his cybersecurity journey where he witnessed the entire system repeatedly crashing due to a network issue caused by a user in Australia attempting to draw a network diagram.
  • Jonathan explains how he taught himself cybersecurity and became an advocate for it.
  • What prompted him to create a course in cybersecurity?
  • Jonathan dives into his transition from working for Chevron to becoming an entrepreneur.
  • Why selling cybersecurity is not always easy.
  • Is the industry waking up to the importance of cyber hygiene?
  • How is OT learning from the IT world?
  • Jonathan explains how things will become more and more connected in the future.
  
  

  Links and resources:

  (CS)²AI 

  Derek Harp on LinkedIn

  Red Tiger Security

  Jonathan Pollet on LinkedIn

  Red Tiger Security on LinkedIn

  ]]>Derek is super excited to welcome a true trailblazer in the world of cybersecurity today!

  Jonathan Pollet is the Founder and Executive Director of Red Tiger Security. He is an invaluable pioneer and a long-time contributor to the cybersecurity community. He has been a guiding light for those who ventured into cybersecurity from traditional IP backgrounds over a decade ago. 

  Red Tiger Security is a focused SCADA Security consultancy, training, and research firm dedicated to the resiliency of national critical infrastructure and mission-critical business systems that must be available on a 24x7 basis. Red Tiger Security has developed and implemented a 6-layer Vulnerability Assessment approach that encompasses both Physical and Cyber security for ICS (Industrial Control Systems).

  Hailing from the vibrant city of New Orleans, Louisiana, Jonathan’s upbringing was shaped by the unwavering dedication of his single mother. Determined to pursue a path in electrical engineering, he tirelessly sought opportunities to secure a full scholarship, ultimately leading him to the doors of Louisiana State University. Fortunately, his efforts paid off, and he emerged holding a four-year degree at the age of 21. Growing up in the lively streets of New Orleans instilled in him a belief that anything is possible when met with resilience and a zest for life!

  With an illustrious background as a SCADA engineer, Jonathan has become an AI and OT security evangelist, leaving an indelible mark as an entrepreneur and business owner. In addition, he is also an instructor, speaker, scuba diver, and even a talented sax player!

  Join us as we uncover the extraordinary life of Jonathan Pollet, a multifaceted force shaping the landscape of cybersecurity!

  Show highlights:

  • How Jonathan got started in digital process control.
  • Jonathan shares a pivotal moment in his cybersecurity journey where he witnessed the entire system repeatedly crashing due to a network issue caused by a user in Australia attempting to draw a network diagram.
  • Jonathan explains how he taught himself cybersecurity and became an advocate for it.
  • What prompted him to create a course in cybersecurity?
  • Jonathan dives into his transition from working for Chevron to becoming an entrepreneur.
  • Why selling cybersecurity is not always easy.
  • Is the industry waking up to the importance of cyber hygiene?
  • How is OT learning from the IT world?
  • Jonathan explains how things will become more and more connected in the future.
  
  

  Links and resources:

  (CS)²AI 

  Derek Harp on LinkedIn

  Red Tiger Security

  Jonathan Pollet on LinkedIn

  Red Tiger Security on LinkedIn

  ]]>a782b88d-301e-488f-b1c8-6cdfa934a454Tue, 23 May 2023 03:00:00 -050043:49falsefull828281: Cyber Security for Railway Systems with Olivier De VisscherDerek is delighted to have a special guest calling in from Brussels today! 

  Olivier De Visscher is the current Head of Railway Industrial Cybersecurity at the Expleo Group. He joins Derek to shed light on the importance of cybersecurity for the railway industry and discuss its implications for the future.

  With a total of 25 years of experience, Olivier has dedicated ten of those years to the field of Industrial Cybersecurity. He shares his expertise and promotes collaboration with the cybersecurity domain of the European Transportation sector. He remains closely connected to the railway community, including RU, IM, and the Industry, as it provides him with a valuable opportunity to work across different areas. Olivier continues to support various European initiatives in the field of railway cybersecurity.

  As we kick off our focus on transportation this month, starting with a series of events, seminars, and podcast episodes on May 17th, we could not be more excited to have Olivier joining us. With over 25 years of experience in IT and technology, Olivier brings a wealth of knowledge and expertise in railway systems and other industrial applications. Stay tuned to learn more about Olivier and his insights on railway cybersecurity!

  Show highlights:

  • Olivier discusses his background in cybersecurity.
  • What led Olivier to specialize in rail security?
  • Olivier dives into the need for a new cybersecurity standard for rail.
  • Why is cyber security so important in the transport sector?
  • The importance of a cybersecurity approach in the safety case.
  • Why you cannot protect against everything, especially when the threats are high-level.
  • What is the tech refresh rate? 
  • Is ancient technology still in play?
  • What is going uniquely well in the rail industry?
  
  

  Links and resources:

  (CS)²AI 

  Derek Harp on LinkedIn

  Expleo Group

  Olivier De Visscher on LinkedIn

  ]]>Derek is delighted to have a special guest calling in from Brussels today! 

  Olivier De Visscher is the current Head of Railway Industrial Cybersecurity at the Expleo Group. He joins Derek to shed light on the importance of cybersecurity for the railway industry and discuss its implications for the future.

  With a total of 25 years of experience, Olivier has dedicated ten of those years to the field of Industrial Cybersecurity. He shares his expertise and promotes collaboration with the cybersecurity domain of the European Transportation sector. He remains closely connected to the railway community, including RU, IM, and the Industry, as it provides him with a valuable opportunity to work across different areas. Olivier continues to support various European initiatives in the field of railway cybersecurity.

  As we kick off our focus on transportation this month, starting with a series of events, seminars, and podcast episodes on May 17th, we could not be more excited to have Olivier joining us. With over 25 years of experience in IT and technology, Olivier brings a wealth of knowledge and expertise in railway systems and other industrial applications. Stay tuned to learn more about Olivier and his insights on railway cybersecurity!

  Show highlights:

  • Olivier discusses his background in cybersecurity.
  • What led Olivier to specialize in rail security?
  • Olivier dives into the need for a new cybersecurity standard for rail.
  • Why is cyber security so important in the transport sector?
  • The importance of a cybersecurity approach in the safety case.
  • Why you cannot protect against everything, especially when the threats are high-level.
  • What is the tech refresh rate? 
  • Is ancient technology still in play?
  • What is going uniquely well in the rail industry?
  
  

  Links and resources:

  (CS)²AI 

  Derek Harp on LinkedIn

  Expleo Group

  Olivier De Visscher on LinkedIn

  ]]>4f00978f-4d02-45b5-ac11-e4f7b01d1486Tue, 16 May 2023 03:00:00 -050025:32falsefull818180: Robots, Rails, Bytes and Risk A Modern ICS Success Story with Brent HustonWe have a special treat for you today! Our friend and colleague, Brent Huston, joins Derek for an online CS2AI session to explore the fascinating modern ICS success story of robots, rails, bytes, and risk. 

  Brent Huston is a cybersecurity expert who has been a business owner in this space for over three decades. He has a deep technical background but can explain complex concepts in a way that is easily understandable by everyone. 

  In the 30 years he has been in the technology business, Brent has worked on various projects involving automated warehousing, inventory control systems, and point-of-sale systems. He also has expertise in cybersecurity and industrial automation. 

  With his years of experience and expertise in the field, Brent will take us on a journey through the evolution of ICS security and share some valuable insights on achieving success in this constantly evolving landscape. Stay tuned for more!

  Show highlights:

  • Why warehousing is becoming a hot area for disruption.
  • How robots move at high speeds and are user-programmable.
  • Were there any considerations given to EMF attacks or sonic attacks?
  • Brent dives into staffing with a team used to OT protocols.
  • Using NLP to parse documentation and generate inventory reports and configuration maps.
  • Creating an initial attack surface map.
  • Using machine learning to analyze the network data to build a network map.
  • Brent talks about moving the same techniques from automated warehousing into production environments.
  • When they first got the system, everyone on the team expected the robots to be smarter than they are.
  • How much automation is available today?
  • Were there any considerations given to EMF attacks or sonic attacks?
  • Brent shares his prediction for the future of cybersecurity.
  
  

  Links and resources:

  (CS)²AI 

  Derek Harp on LinkedIn

  Brent Huston on LinkedIn

  ]]>We have a special treat for you today! Our friend and colleague, Brent Huston, joins Derek for an online CS2AI session to explore the fascinating modern ICS success story of robots, rails, bytes, and risk. 

  Brent Huston is a cybersecurity expert who has been a business owner in this space for over three decades. He has a deep technical background but can explain complex concepts in a way that is easily understandable by everyone. 

  In the 30 years he has been in the technology business, Brent has worked on various projects involving automated warehousing, inventory control systems, and point-of-sale systems. He also has expertise in cybersecurity and industrial automation. 

  With his years of experience and expertise in the field, Brent will take us on a journey through the evolution of ICS security and share some valuable insights on achieving success in this constantly evolving landscape. Stay tuned for more!

  Show highlights:

  • Why warehousing is becoming a hot area for disruption.
  • How robots move at high speeds and are user-programmable.
  • Were there any considerations given to EMF attacks or sonic attacks?
  • Brent dives into staffing with a team used to OT protocols.
  • Using NLP to parse documentation and generate inventory reports and configuration maps.
  • Creating an initial attack surface map.
  • Using machine learning to analyze the network data to build a network map.
  • Brent talks about moving the same techniques from automated warehousing into production environments.
  • When they first got the system, everyone on the team expected the robots to be smarter than they are.
  • How much automation is available today?
  • Were there any considerations given to EMF attacks or sonic attacks?
  • Brent shares his prediction for the future of cybersecurity.
  
  

  Links and resources:

  (CS)²AI 

  Derek Harp on LinkedIn

  Brent Huston on LinkedIn

  ]]>6c8cca68-05fe-4f72-b258-b9d8a8905741Tue, 09 May 2023 03:00:00 -050001:11:24falsefull808079: Achieving Leadership Roles in an Early Cybersecurity Career with Megan SamfordDerek is delighted to have Megan Samford joining him today!

  Megan is an executive experienced in Product Security programs, ICS/OT, PSIRTs, Threat Intel, and Critical Infrastructure Protection. She is currently the VP and Chief Product Security Officer of Energy Management at Schneider Electric.

  Megan is a well-rounded and fascinating person! In addition to being a cyber-emergency manager, she is a critical infrastructure protection hero, the founder of many things, a mother, a rock hunter, and a genealogy enthusiast! She loves shopping, interior design, and cars-specifically 300zx!

  In today’s episode, Megan tells her story, discusses her career trajectory, and shares her experience, insight, advice, and free resources for anyone considering a career in cybersecurity.

  Show highlights:

  • How Megan's mother helped Megan grow into her full potential.
  • Megan talks about being part of the first graduating class of the world's first accredited degree program in Homeland Security and Emergency Preparedness at Virginia University.
  • How Megan gained a core foundation for critical infrastructure while doing an internship at the governor’s office in 2007.
  • Megan discusses her first encounter with policy work and explains how much she loved it.
  • Megan talks about being promoted to leading critical infrastructure for the Commonwealth of Virginia when she was only twenty-six.
  • What Megan did that allowed her to get promoted to lead critical infrastructure for the Commonwealth of Virginia at only twenty-six years of age.
  • Why do people like working with Megan professionally?
  • How Megan got to work at GE, and how she ended up working at Schneider Electric.
  • Megan dives into the work she does with ICS4ICS.
  • Megan shares free resources via ICS4ICS for FEMA online incident command system training.
  
  

  Links and resources:

  (CS)²AI 

  Derek Harp on LinkedIn

  Schneider Electric

  Megan Samford on LinkedIn

  ICS4ICS training

  ]]>Derek is delighted to have Megan Samford joining him today!

  Megan is an executive experienced in Product Security programs, ICS/OT, PSIRTs, Threat Intel, and Critical Infrastructure Protection. She is currently the VP and Chief Product Security Officer of Energy Management at Schneider Electric.

  Megan is a well-rounded and fascinating person! In addition to being a cyber-emergency manager, she is a critical infrastructure protection hero, the founder of many things, a mother, a rock hunter, and a genealogy enthusiast! She loves shopping, interior design, and cars-specifically 300zx!

  In today’s episode, Megan tells her story, discusses her career trajectory, and shares her experience, insight, advice, and free resources for anyone considering a career in cybersecurity.

  Show highlights:

  • How Megan's mother helped Megan grow into her full potential.
  • Megan talks about being part of the first graduating class of the world's first accredited degree program in Homeland Security and Emergency Preparedness at Virginia University.
  • How Megan gained a core foundation for critical infrastructure while doing an internship at the governor’s office in 2007.
  • Megan discusses her first encounter with policy work and explains how much she loved it.
  • Megan talks about being promoted to leading critical infrastructure for the Commonwealth of Virginia when she was only twenty-six.
  • What Megan did that allowed her to get promoted to lead critical infrastructure for the Commonwealth of Virginia at only twenty-six years of age.
  • Why do people like working with Megan professionally?
  • How Megan got to work at GE, and how she ended up working at Schneider Electric.
  • Megan dives into the work she does with ICS4ICS.
  • Megan shares free resources via ICS4ICS for FEMA online incident command system training.
  
  

  Links and resources:

  (CS)²AI 

  Derek Harp on LinkedIn

  Schneider Electric

  Megan Samford on LinkedIn

  ICS4ICS training

  ]]>51025cd8-2ae9-417f-be92-801535bda9e2Tue, 25 Apr 2023 03:00:00 -050044:42falsefull797978: How to Have a Cybersecurity Career in the Navy with Daniel RicciDerek is delighted to have Daniel Ricci joining him on today’s podcast! 

  Dan wears many different hats. He is currently the Senior Information Security Officer and Senior System Security Engineer at Frequentis Defense. He is also the founder of the ICS Advisory Project, which focuses on providing small and medium size ICS asset owners with a free data visualization capability to track applicable vulnerabilities and secure Critical Infrastructure. Dan retired from the U.S. Navy after serving 21 years in the Information Warfare community. During his career, he supported and enabled full-spectrum Cyberspace operations, Naval Air, Sea, and Special Warfare operations. 

  Dan comes from a small town in the south suburbs of Chicago. In addition to being an engineer, he is also the founder of many things, a military veteran, musician, scuba diver, and data hound. He joins Derek today to discuss his background and career journey, share his insights and experience, and offer nuggets of advice for anyone considering a Naval cybersecurity career.

  Show highlights:

  • Why Dan joined the Navy, and what he learned there.
  • Dan got introduced to security while in the Navy. He discusses the different aspects he focused on during his tours and the latter part of his Naval career.
  • Dan dives into the cybersecurity training opportunities available in the Navy.
  • Dan talks about his transition out of the Navy.
  • What Dan is working on in his current role.
  • Dan discusses the ICS Advisory Project he started.
  • Dan shares his vision and concerns for the future of his ICS Advisory Project.
  • Dan shares his vision for the future in general.
  
  ]]>Derek is delighted to have Daniel Ricci joining him on today’s podcast! 

  Dan wears many different hats. He is currently the Senior Information Security Officer and Senior System Security Engineer at Frequentis Defense. He is also the founder of the ICS Advisory Project, which focuses on providing small and medium size ICS asset owners with a free data visualization capability to track applicable vulnerabilities and secure Critical Infrastructure. Dan retired from the U.S. Navy after serving 21 years in the Information Warfare community. During his career, he supported and enabled full-spectrum Cyberspace operations, Naval Air, Sea, and Special Warfare operations. 

  Dan comes from a small town in the south suburbs of Chicago. In addition to being an engineer, he is also the founder of many things, a military veteran, musician, scuba diver, and data hound. He joins Derek today to discuss his background and career journey, share his insights and experience, and offer nuggets of advice for anyone considering a Naval cybersecurity career.

  Show highlights:

  • Why Dan joined the Navy, and what he learned there.
  • Dan got introduced to security while in the Navy. He discusses the different aspects he focused on during his tours and the latter part of his Naval career.
  • Dan dives into the cybersecurity training opportunities available in the Navy.
  • Dan talks about his transition out of the Navy.
  • What Dan is working on in his current role.
  • Dan discusses the ICS Advisory Project he started.
  • Dan shares his vision and concerns for the future of his ICS Advisory Project.
  • Dan shares his vision for the future in general.
  
  ]]>61b95ed0-0ac0-41e2-a339-98e977a0f201Tue, 18 Apr 2023 03:00:00 -050044:44falsefull787877: ABB Ransom-Aware OT Defense Virtual Summit Keynote Preview with Derek HarpThis special edition of the CS2AI podcast features the highlights of a recent interview with Derek, broadcast on the ABB Energy Pod podcast. 

  In this episode, Patrik Boo, the Portfolio Manager for Cybersecurity Services at ABB Process Automation, interviews Derek Harp, the Founder and Chairman of CS2AI, about his upcoming keynote presentation that will open the OT Cybersecurity Leaders Virtual Summit on ransomware, which will take place on April 19th, 2023.  

  Stay tuned to hear what Derek will cover in his keynote presentation at the OT Cybersecurity Leaders Virtual Summit. 

  The summit is hosted by ABB in collaboration with other sponsors.

  Show highlights:

  • Derek discusses his main takeaways from the 2022 report.
  • Who are the greatest threat actors?
  • Derek dives into the need for OT cyber-informed training within the operating environment.
  • How ransomware is on the rise in all the different sectors.
  • The link between various groups of cyber criminals and the sharp increase in ransomware.
  • Who is at risk?
  • Other topics that will also be covered at the summit.
  
  

  Links and resources:

  (CS)²AI 

  Derek Harp on LinkedIn

  ]]>This special edition of the CS2AI podcast features the highlights of a recent interview with Derek, broadcast on the ABB Energy Pod podcast. 

  In this episode, Patrik Boo, the Portfolio Manager for Cybersecurity Services at ABB Process Automation, interviews Derek Harp, the Founder and Chairman of CS2AI, about his upcoming keynote presentation that will open the OT Cybersecurity Leaders Virtual Summit on ransomware, which will take place on April 19th, 2023.  

  Stay tuned to hear what Derek will cover in his keynote presentation at the OT Cybersecurity Leaders Virtual Summit. 

  The summit is hosted by ABB in collaboration with other sponsors.

  Show highlights:

  • Derek discusses his main takeaways from the 2022 report.
  • Who are the greatest threat actors?
  • Derek dives into the need for OT cyber-informed training within the operating environment.
  • How ransomware is on the rise in all the different sectors.
  • The link between various groups of cyber criminals and the sharp increase in ransomware.
  • Who is at risk?
  • Other topics that will also be covered at the summit.
  
  

  Links and resources:

  (CS)²AI 

  Derek Harp on LinkedIn

  ]]>033677cf-c766-4c0f-9ede-7c7a12d77cc6Fri, 14 Apr 2023 03:00:00 -050025:09falsefull777776: A (CS)2AI Fellows Panel: S4 Takeaways and a Look Ahead at Our industryToday, Chris Blask, the Vice President of Strategy at Cybeats, and Patrick Miller, the CEO at Ampere, join Derek in an online seminar stimulated by a blog article Patrick wrote just after the last S4 conference.

  Chris and Patrick are both (CS)²AI fellows who have attended many S4 events. In today’s online session, they review the latest S4 conference. They dive into various topics important for the industrial security and OT security communities, answer questions from listeners, and discuss the future of the cybersecurity industry.

  S4 is one of the longest-standing annual cybersecurity conferences focused on control systems, OT, and ICS. Dale Petersen is the founder, creator, and MC of the S4 conferences.

  Show highlights:

  • Chris shares a main takeaway from this year’s S4 event.
  • How technology is changing.
  • Why more people are needed to make cybersecurity work going forward.
  • Question: Are discussions of wireless security growing or declining at the conference? Is there a session (or sessions) dedicated to wireless yet?
  • Question: Within all OT and IT cybersecurity professionals, what would be the ratio of OT cybersecurity real professionals? 
  • Why it is normal and expected not to know the answer to some things, and how to find the answer if there is something you don’t know.
  • Question: Tribal knowledge is a real threat to OT/ICS security. The aging workforce in OT engineering is part of this problem. What is the best way for organizations to address this challenge?
  • Chris and Patrick share their thoughts on executives taking the risk of solving ICS/OT security issues.
  • Question: What are your thoughts on Ford applying for a patent on a car that can repossess itself?
  • Chris and Patrick discuss metrics, risk management, and cyber insurance.
  • Patrick and Chris dive into diversity, equity, and inclusion in the OT space.
  • Question: When will we get past the notion that ICS pen-testing has to be a separate category?
  • Question: Looking forward, what would you foresee as the big themes of S4/24?
  
  ]]>Today, Chris Blask, the Vice President of Strategy at Cybeats, and Patrick Miller, the CEO at Ampere, join Derek in an online seminar stimulated by a blog article Patrick wrote just after the last S4 conference.

  Chris and Patrick are both (CS)²AI fellows who have attended many S4 events. In today’s online session, they review the latest S4 conference. They dive into various topics important for the industrial security and OT security communities, answer questions from listeners, and discuss the future of the cybersecurity industry.

  S4 is one of the longest-standing annual cybersecurity conferences focused on control systems, OT, and ICS. Dale Petersen is the founder, creator, and MC of the S4 conferences.

  Show highlights:

  • Chris shares a main takeaway from this year’s S4 event.
  • How technology is changing.
  • Why more people are needed to make cybersecurity work going forward.
  • Question: Are discussions of wireless security growing or declining at the conference? Is there a session (or sessions) dedicated to wireless yet?
  • Question: Within all OT and IT cybersecurity professionals, what would be the ratio of OT cybersecurity real professionals? 
  • Why it is normal and expected not to know the answer to some things, and how to find the answer if there is something you don’t know.
  • Question: Tribal knowledge is a real threat to OT/ICS security. The aging workforce in OT engineering is part of this problem. What is the best way for organizations to address this challenge?
  • Chris and Patrick share their thoughts on executives taking the risk of solving ICS/OT security issues.
  • Question: What are your thoughts on Ford applying for a patent on a car that can repossess itself?
  • Chris and Patrick discuss metrics, risk management, and cyber insurance.
  • Patrick and Chris dive into diversity, equity, and inclusion in the OT space.
  • Question: When will we get past the notion that ICS pen-testing has to be a separate category?
  • Question: Looking forward, what would you foresee as the big themes of S4/24?
  
  ]]>f23a9850-291f-43e8-83f4-577ab43ebaffTue, 04 Apr 2023 03:00:00 -050001:30:14falsefull767675: Project Management and How It Can Fuel a Cybersecurity CareerToday, Derek interviews Jonathan Tubb, the Director of Industrial Cybersecurity at Siemens Energy in Ohio. 

  Jonathan is an experienced Senior Lead with a demonstrated history of working in the power generation industry. He is skilled in Power Plants, Electric Power, Power Systems, Integration, and Research. He has strong project management skills and a Computer Science and Engineering degree from The Ohio State University.

  Jonathan is a well-rounded and interesting individual! He is also a great contributor to the cybersecurity community and a true blue engineer, software engineer, tinkerer, bird and animal lover, Ohio State Buckeye, and art enthusiast. He joins Derek to discuss his background, education, and career trajectory, along with nuggets of advice for anyone considering a career in the cybersecurity space.

  Show highlights:

  • Growing up, Jonathan spent much of his time focusing on science and technology.
  • How volunteering at the Museum of Science and Industry fed Jonathan’s curiosity and impacted his approach to technology.
  • How cybersecurity informed where Jonathan began his career.
  • Jonathan discusses his internship with American Electric Power.
  • What are the benefits of doing an internship?
  • Why must we utilize other people’s knowledge to help solve problems?
  • Jonathan discusses his transition to Siemens Energy.
  • Jonathan gets into what he has focused on for the last few years at Siemens Energy.
  • What makes a good cybersecurity practitioner?
  • Jonathan dives into the industrial cybersecurity apprenticeship concept Siemens Energy has put together but not yet implemented.
  
  ]]>Today, Derek interviews Jonathan Tubb, the Director of Industrial Cybersecurity at Siemens Energy in Ohio. 

  Jonathan is an experienced Senior Lead with a demonstrated history of working in the power generation industry. He is skilled in Power Plants, Electric Power, Power Systems, Integration, and Research. He has strong project management skills and a Computer Science and Engineering degree from The Ohio State University.

  Jonathan is a well-rounded and interesting individual! He is also a great contributor to the cybersecurity community and a true blue engineer, software engineer, tinkerer, bird and animal lover, Ohio State Buckeye, and art enthusiast. He joins Derek to discuss his background, education, and career trajectory, along with nuggets of advice for anyone considering a career in the cybersecurity space.

  Show highlights:

  • Growing up, Jonathan spent much of his time focusing on science and technology.
  • How volunteering at the Museum of Science and Industry fed Jonathan’s curiosity and impacted his approach to technology.
  • How cybersecurity informed where Jonathan began his career.
  • Jonathan discusses his internship with American Electric Power.
  • What are the benefits of doing an internship?
  • Why must we utilize other people’s knowledge to help solve problems?
  • Jonathan discusses his transition to Siemens Energy.
  • Jonathan gets into what he has focused on for the last few years at Siemens Energy.
  • What makes a good cybersecurity practitioner?
  • Jonathan dives into the industrial cybersecurity apprenticeship concept Siemens Energy has put together but not yet implemented.
  
  ]]>4cb37eae-334c-45ce-a4ca-7dca5e347b56Tue, 28 Mar 2023 03:00:00 -050045:17falsefull757574: Tapping Into Natural Curiosity to Develop Your Cybersecurity Career with Chris SistrunkToday, Chris Sistrunk joins Derek Harp on the podcast. Chris is currently the Technical Manager at Mandiant, which is now part of Google Cloud.

  Chris is a Technical Manager in Mandiant's ICS/OT Consulting practice, focusing on cyber security for industrial control systems (ICS) and critical infrastructure. He focuses on helping secure ICS and critical infrastructure around the world.

  Chris grew up in the hills and hollows of North Louisiana, surrounded by swamps, red clay, and pine trees. He is a relied-on expert in the cybersecurity space. He is also a husband and father, one of the co-founders of the BEER-ISAC, musician, dad joke-teller, bourbon aficionado, and an aspiring BBQ pit-master. 

  In this episode, Chris shares his backstory. He also discusses his education and career path and offers helpful advice for anyone interested in working with control systems and control systems security.

  Show highlights:

  • Chris had an engineering mindset and was always curious about how things worked while growing up.
  • How he got into working with SCADA systems early on in his career.
  • How hurricanes taught Chris about instant response and disaster recovery, and prepared him for what he does today.
  • Chris offers advice, encouragement, and assistance to anyone who wants to work with control systems and control systems security.
  • What Chris learned while working for the power company. 
  • The kind of thinking he employs when working with cybersecurity.
  • How Chris shifted from being an engineer to working with cybersecurity for control systems.
  • The various roles Chris has played and the steps he has taken along his career path.
  • How Chris got to work at Mandiant.
  • The importance of building trust, respect, and working together, to solve difficult problems.
  
  

  Links and resources:

  (CS)²AI 

  Mandiant

  Chris Sistrunk on LinkedIn

  Chris Sistrunk on Twitter

  ]]>Today, Chris Sistrunk joins Derek Harp on the podcast. Chris is currently the Technical Manager at Mandiant, which is now part of Google Cloud.

  Chris is a Technical Manager in Mandiant's ICS/OT Consulting practice, focusing on cyber security for industrial control systems (ICS) and critical infrastructure. He focuses on helping secure ICS and critical infrastructure around the world.

  Chris grew up in the hills and hollows of North Louisiana, surrounded by swamps, red clay, and pine trees. He is a relied-on expert in the cybersecurity space. He is also a husband and father, one of the co-founders of the BEER-ISAC, musician, dad joke-teller, bourbon aficionado, and an aspiring BBQ pit-master. 

  In this episode, Chris shares his backstory. He also discusses his education and career path and offers helpful advice for anyone interested in working with control systems and control systems security.

  Show highlights:

  • Chris had an engineering mindset and was always curious about how things worked while growing up.
  • How he got into working with SCADA systems early on in his career.
  • How hurricanes taught Chris about instant response and disaster recovery, and prepared him for what he does today.
  • Chris offers advice, encouragement, and assistance to anyone who wants to work with control systems and control systems security.
  • What Chris learned while working for the power company. 
  • The kind of thinking he employs when working with cybersecurity.
  • How Chris shifted from being an engineer to working with cybersecurity for control systems.
  • The various roles Chris has played and the steps he has taken along his career path.
  • How Chris got to work at Mandiant.
  • The importance of building trust, respect, and working together, to solve difficult problems.
  
  

  Links and resources:

  (CS)²AI 

  Mandiant

  Chris Sistrunk on LinkedIn

  Chris Sistrunk on Twitter

  ]]>823b14a7-b15a-40a1-b5a0-c925f7f3cc14Tue, 21 Mar 2023 03:00:00 -050052:46falsefull747473: Navigating Cybersecurity Start Ups and Scaling to $100M with Jose SearaToday, Derek Harp interviews Jose Seara, the Founder, and CEO of DeNexus.

  Jose is an entrepreneur with 25+ years of experience building enterprises around critical infrastructure assets across different technologies and geographies. He turned a start-up concept into an international corporation with $100M in revenues. He is now building the global standard for Industrial Cyber Risk quantification at DeNexus and bridging the chasm between cyber threats and business impact.

  Jose comes from Spain. He was born in Barcelona and grew up in Madrid. He is an intriguing person with a fascinating background. In addition to being an entrepreneur, he is also a husband, father, sailor, scuba diver, pilot, skier, builder, runner, and biker. He joins Derek today to discuss his background, professional journey, and the interesting work that gets done at DeNexus. He also shares his experience and offers nuggets of advice for budding entrepreneurs.

  Show highlights:

  • Jose discusses his career journey, which began with him studying Naval Engineering at a college in Madrid.
  • Even though he is not very technologically savvy, Jose got exposed to technology through various work ventures.
  • Jose explains what brought him into the technology and cybersecurity space.
  • Jose explains how he shifted from working with traditional energy to becoming an entrepreneur working with wind and solar energies.
  • Jose explains how risk-taking has always taken him out of his comfort zone.
  • Learning lessons the hard way ensured Jose never forgot what he had learned.
  • How Jose inadvertently planted the seeds for DeNexus before starting it.
  • Jose reflects on his own entrepreneurial journey and offers advice for entrepreneurs new to the cybersecurity segment and entrepreneurs and CEOs selling cybersecurity to the OT space. 
  • The various steps Jose took before launching DeNexus.
  • What are they doing at DeNexus?
  • The role the insurance industry plays in the control systems space.
  • What excites Jose about the future?
  
  

  Links and resources:

  (CS)²AI 

  Jose Seara on LinkedIn

  DeNexus

  ]]>Today, Derek Harp interviews Jose Seara, the Founder, and CEO of DeNexus.

  Jose is an entrepreneur with 25+ years of experience building enterprises around critical infrastructure assets across different technologies and geographies. He turned a start-up concept into an international corporation with $100M in revenues. He is now building the global standard for Industrial Cyber Risk quantification at DeNexus and bridging the chasm between cyber threats and business impact.

  Jose comes from Spain. He was born in Barcelona and grew up in Madrid. He is an intriguing person with a fascinating background. In addition to being an entrepreneur, he is also a husband, father, sailor, scuba diver, pilot, skier, builder, runner, and biker. He joins Derek today to discuss his background, professional journey, and the interesting work that gets done at DeNexus. He also shares his experience and offers nuggets of advice for budding entrepreneurs.

  Show highlights:

  • Jose discusses his career journey, which began with him studying Naval Engineering at a college in Madrid.
  • Even though he is not very technologically savvy, Jose got exposed to technology through various work ventures.
  • Jose explains what brought him into the technology and cybersecurity space.
  • Jose explains how he shifted from working with traditional energy to becoming an entrepreneur working with wind and solar energies.
  • Jose explains how risk-taking has always taken him out of his comfort zone.
  • Learning lessons the hard way ensured Jose never forgot what he had learned.
  • How Jose inadvertently planted the seeds for DeNexus before starting it.
  • Jose reflects on his own entrepreneurial journey and offers advice for entrepreneurs new to the cybersecurity segment and entrepreneurs and CEOs selling cybersecurity to the OT space. 
  • The various steps Jose took before launching DeNexus.
  • What are they doing at DeNexus?
  • The role the insurance industry plays in the control systems space.
  • What excites Jose about the future?
  
  

  Links and resources:

  (CS)²AI 

  Jose Seara on LinkedIn

  DeNexus

  ]]>377f5cb5-07d8-4f7b-91e4-b58444c972a5Tue, 14 Mar 2023 03:00:00 -050045:56falsefull737372: On the Road, with Derek Harp and Tilo Kaschubek! Post Seminar Q&AOn the 7th of December 2022, (CS)²AI hosted a symposium where more questions got asked than could get answered within the allotted time. Tilo Kaschubek was one of the speakers at the event. He joins Derek today on the podcast to respond to some of the unanswered questions.

  Tilo is currently the Director of Cloud Ecosystem and Regional Alliances in EMEA for AVEVA. He was previously with OSIsoft before the merger. (AVEVA is now a subsidiary of a large recognized equipment manufacturer.)

  In this episode, Tilo discusses his role in the recent AVEVA transaction, describes the (CS)²AI symposium in detail, and dives into some of the questions he did not get to answer at the event. 

  Show highlights:

  • Tilo discusses the changes that recently occurred with AVEVA.
  • Tilo summarises his presentation at the (CS)²AI symposium.
  • Question: How do you see IIoT (Industrial Internet of Things) playing a role via cloud models for predictive analytics to enhance decision-making for owner-operators?
  • Question: On a personal level, big data analytics has raised huge privacy and legal issues. How can these issues not be exacerbated in a commercial market of trading companies’ data into sellable products?
  • Tilo discusses the best approach to data vulnerabilities.
  • Question: Help me visualize a 100% on-prem PI deployment with all of its virtual machines versus a 100% on-cloud PI deployment. In terms of hybrid, what does that mean, in the sense that I only have on-prem systems talking to the PI on-premises virtual machines, and what exactly is running in the cloud? Alternatively, is the cloud-based solution offered as SaaS, or would the asset owner deploy their favorite cloud?
  • Question: Regarding the AVEVA data, is that similar to the AWS Marketplace? For instance, if an organization built a digital twin of a transformer system from Utility Hacks, is the data hub created going to make it easy for Utility Hacks to publish the model so others can use or vie? If not, is there an AVEVA marketplace where organizations can build or share models?
  • Question: As an oil and gas control system engineer and user who has applied software for many years, I’d like to know if you have already adopted this new solution and used it for any oil and gas company.
  • Tilo explains the PI system philosophy.
  • What has AVEVA done to overcome the existing legal constraints and make it easier to share operational data?
  • Question: What do ISACs (Information Sharing and Analysis Centers) do?
  • What are the benefits of the subscription model?
  • What is available for auditing, testing, and verifying technologies like unidirectional gateways and data diodes?
  
  ]]>On the 7th of December 2022, (CS)²AI hosted a symposium where more questions got asked than could get answered within the allotted time. Tilo Kaschubek was one of the speakers at the event. He joins Derek today on the podcast to respond to some of the unanswered questions.

  Tilo is currently the Director of Cloud Ecosystem and Regional Alliances in EMEA for AVEVA. He was previously with OSIsoft before the merger. (AVEVA is now a subsidiary of a large recognized equipment manufacturer.)

  In this episode, Tilo discusses his role in the recent AVEVA transaction, describes the (CS)²AI symposium in detail, and dives into some of the questions he did not get to answer at the event. 

  Show highlights:

  • Tilo discusses the changes that recently occurred with AVEVA.
  • Tilo summarises his presentation at the (CS)²AI symposium.
  • Question: How do you see IIoT (Industrial Internet of Things) playing a role via cloud models for predictive analytics to enhance decision-making for owner-operators?
  • Question: On a personal level, big data analytics has raised huge privacy and legal issues. How can these issues not be exacerbated in a commercial market of trading companies’ data into sellable products?
  • Tilo discusses the best approach to data vulnerabilities.
  • Question: Help me visualize a 100% on-prem PI deployment with all of its virtual machines versus a 100% on-cloud PI deployment. In terms of hybrid, what does that mean, in the sense that I only have on-prem systems talking to the PI on-premises virtual machines, and what exactly is running in the cloud? Alternatively, is the cloud-based solution offered as SaaS, or would the asset owner deploy their favorite cloud?
  • Question: Regarding the AVEVA data, is that similar to the AWS Marketplace? For instance, if an organization built a digital twin of a transformer system from Utility Hacks, is the data hub created going to make it easy for Utility Hacks to publish the model so others can use or vie? If not, is there an AVEVA marketplace where organizations can build or share models?
  • Question: As an oil and gas control system engineer and user who has applied software for many years, I’d like to know if you have already adopted this new solution and used it for any oil and gas company.
  • Tilo explains the PI system philosophy.
  • What has AVEVA done to overcome the existing legal constraints and make it easier to share operational data?
  • Question: What do ISACs (Information Sharing and Analysis Centers) do?
  • What are the benefits of the subscription model?
  • What is available for auditing, testing, and verifying technologies like unidirectional gateways and data diodes?
  
  ]]>52fe72aa-4480-48f8-9ffe-0eedeaa2d65cTue, 07 Mar 2023 03:00:00 -050052:26falsefull727271: Leadership and Executive Development in the Cybersecurity Industry with Willi NelsonDerek Harp interviews Willi Nelson in this episode. Willi is currently the Field CISO of Operation Technology at Fortinet, one of the oldest and longest-standing sponsors of the (CS)²AI organization.

  Willi is a Security/Technology/Visionary who focuses on thought leadership and executive influence for Fortinet. He is responsible for developing security thought leadership, strategy, threat, vulnerability & mitigation insights, and world-class practices for the cybersecurity community and business executives.

  Willi is a technologist, military veteran, woodworker, bee-keeper, outdoorsman, fisherman, metal artist, hunter, cyclist, husband, and father. 

  In this episode, he shares his backstory and unpacks what he does for the industry. He also offers valuable nuggets of advice for people with an OT and engineering background who don’t know cyber and those with a cybersecurity background with no knowledge of control systems and OT.

  Show highlights:

  • Willi joined the US Army immediately after graduating high school. He gets into what he learned there and why he left.
  • Why resiliency is essential.
  • How Willi got into computers.
  • Willi discusses the importance of education and explains what prompted him to return to college at 27.
  • The power of being humble, having a thirst for knowledge, and a work ethic in the workforce.
  • Qualities Willi looks for when recruiting people.
  • Where OT and cybersecurity first intersected with Willi’s career.
  • How he got the opportunity to step into leadership while spending some time working in financials.
  • The difference between influential and mandatory leadership.
  • What operational technology means in the context of Willi’s current line of work.
  • What makes Willi optimistic about the future?
  
  ]]>Derek Harp interviews Willi Nelson in this episode. Willi is currently the Field CISO of Operation Technology at Fortinet, one of the oldest and longest-standing sponsors of the (CS)²AI organization.

  Willi is a Security/Technology/Visionary who focuses on thought leadership and executive influence for Fortinet. He is responsible for developing security thought leadership, strategy, threat, vulnerability & mitigation insights, and world-class practices for the cybersecurity community and business executives.

  Willi is a technologist, military veteran, woodworker, bee-keeper, outdoorsman, fisherman, metal artist, hunter, cyclist, husband, and father. 

  In this episode, he shares his backstory and unpacks what he does for the industry. He also offers valuable nuggets of advice for people with an OT and engineering background who don’t know cyber and those with a cybersecurity background with no knowledge of control systems and OT.

  Show highlights:

  • Willi joined the US Army immediately after graduating high school. He gets into what he learned there and why he left.
  • Why resiliency is essential.
  • How Willi got into computers.
  • Willi discusses the importance of education and explains what prompted him to return to college at 27.
  • The power of being humble, having a thirst for knowledge, and a work ethic in the workforce.
  • Qualities Willi looks for when recruiting people.
  • Where OT and cybersecurity first intersected with Willi’s career.
  • How he got the opportunity to step into leadership while spending some time working in financials.
  • The difference between influential and mandatory leadership.
  • What operational technology means in the context of Willi’s current line of work.
  • What makes Willi optimistic about the future?
  
  ]]>f02f817d-1e5a-4d53-acf8-40af42b7a9cbTue, 28 Feb 2023 03:00:00 -050047:11falsefull717170: OT Monitoring Tools- A Case Study on How to Choose One- Post Q&A with Raph ArakelianRaphael Arakelian joins Derek Harp today for a slightly different podcast.

  Raphael is currently the Manager of OT and IoT Cybersecurity at PwC Canada. He is a cybersecurity practitioner specializing in Operational Technology (OT), the Internet of Things (IoT), and Industrial Control Systems (ICS).

  It has always been challenging for purchasers and end-users to understand how to differentiate between various OT products and determine which tools to select. Raph has developed a methodology for comparing monitoring tools. On the 25th of January this year, he did a CS2AI online show with Derek called OT Monitoring Tools: A Case Study on How to Choose One. It was a popular event, and many questions got submitted. Unfortunately, all the questions could not get answered within the allotted time. So they decided to follow up with a collaborative bonus session to get to the bottom of more of those questions.

  In his episode, Raph discusses his systematic methodology for overcoming the challenge that organizations often face when looking at different vendors in the OT security space to select the right tool for a given situation. He also responds to several unanswered questions from the online CS2AI event. 

  Show highlights:

  • Raph shares the idea behind his systematic approach and explains what led him to devise it.
  • The nine technical areas that get evaluated with Raph’s methodology.
  • The nuances that led Raph to the three candidate vendors with whom he did his proof of concept.
  • Raph recaps his methodology, discusses the source of truth data critical for the assessment, and explains what happens if an organization does not have the asset inventory beforehand.
  • How to differentiate between IT and OT assets.
  • Raph gives a quick explanation of industrial protocols.
  • Question: During the proof of concept, was there a concern about connecting the tools and a laptop to an active utility system? Was port mirroring enough to ensure one-way communication?
  • How to address devices that are not active on the network.
  • Question: “Based on your study, How is Asset Characterization for OT Monitoring Tools it seems that there could be a lot of manual edits needed to fix mischaracterization.”
  • Raph shares his thoughts on the following: “For most tools, it seems that CDE detection and remediation guidance has a shotgun approach without regard to the hardware on which the CDE is found.” 
  • Instances in which vendors will be willing to update their products.
  • Why Raph believes OT monitoring tools are helpful.
  
  

  Links and resources:

  (CS)²AI 

  Sign up here to become a member of our on-demand library. 

  PwC Canada

  Raphael Arakelian on LinkedIn

  ]]>Raphael Arakelian joins Derek Harp today for a slightly different podcast.

  Raphael is currently the Manager of OT and IoT Cybersecurity at PwC Canada. He is a cybersecurity practitioner specializing in Operational Technology (OT), the Internet of Things (IoT), and Industrial Control Systems (ICS).

  It has always been challenging for purchasers and end-users to understand how to differentiate between various OT products and determine which tools to select. Raph has developed a methodology for comparing monitoring tools. On the 25th of January this year, he did a CS2AI online show with Derek called OT Monitoring Tools: A Case Study on How to Choose One. It was a popular event, and many questions got submitted. Unfortunately, all the questions could not get answered within the allotted time. So they decided to follow up with a collaborative bonus session to get to the bottom of more of those questions.

  In his episode, Raph discusses his systematic methodology for overcoming the challenge that organizations often face when looking at different vendors in the OT security space to select the right tool for a given situation. He also responds to several unanswered questions from the online CS2AI event. 

  Show highlights:

  • Raph shares the idea behind his systematic approach and explains what led him to devise it.
  • The nine technical areas that get evaluated with Raph’s methodology.
  • The nuances that led Raph to the three candidate vendors with whom he did his proof of concept.
  • Raph recaps his methodology, discusses the source of truth data critical for the assessment, and explains what happens if an organization does not have the asset inventory beforehand.
  • How to differentiate between IT and OT assets.
  • Raph gives a quick explanation of industrial protocols.
  • Question: During the proof of concept, was there a concern about connecting the tools and a laptop to an active utility system? Was port mirroring enough to ensure one-way communication?
  • How to address devices that are not active on the network.
  • Question: “Based on your study, How is Asset Characterization for OT Monitoring Tools it seems that there could be a lot of manual edits needed to fix mischaracterization.”
  • Raph shares his thoughts on the following: “For most tools, it seems that CDE detection and remediation guidance has a shotgun approach without regard to the hardware on which the CDE is found.” 
  • Instances in which vendors will be willing to update their products.
  • Why Raph believes OT monitoring tools are helpful.
  
  

  Links and resources:

  (CS)²AI 

  Sign up here to become a member of our on-demand library. 

  PwC Canada

  Raphael Arakelian on LinkedIn

  ]]>67aed387-3168-4517-9e20-5e393d4d9f10Tue, 21 Feb 2023 03:00:00 -050044:39falsefull707069: From Military Service to the Commercial Cybersecurity Industry with Billy RiosToday, Derek Harp interviews Billy Rios, the Co-Founder of QED Secure Solutions.

  Billy is an experienced technical leader with a strong background in successful strategic security planning, security program development, and security program execution. He excels at seeing the big picture, identifying gaps, and managing initiatives. He is comfortable managing security initiatives for high-profile, high-visibility products and services. He plays an integral role within organizations by providing collaboration, motivation, and direction across teams in diverse and demanding environments. 

  Billy’s Dad was in the army, so his family moved around a lot while he was growing up. He currently lives in Colorado. As well as being a long-term contributor to the cybersecurity field, Billy is a former military veteran, active reservist, technologist, author, entrepreneur, security ninja, snowboarder, Jiu-Jitsu brown belt, a well-known researcher in the cybersecurity space, husband, and father. 

  He joins Derek today to discuss his background, career journey, and career highlights. He also offers many valuable nuggets of advice for entrepreneurs and anyone in military units looking to break into the commercial cybersecurity industry.

  Show highlights:

  • Billy explains how his entry into cybersecurity started with hacking video games as a young kid.
  • Billy received scholarships for the Airforce and Marine Corps. He shares his motivation for choosing the Marine Corps and discusses what he did while serving there.
  • Billy talks about his study program at the University of Washington. 
  • Billy has focused on cybersecurity since he left active duty in the Marine Corps almost 20 years ago.
  • Billy discusses the guidance he received from leaders and mentors in the organizations he worked for before becoming an entrepreneur.
  • How Billy’s diverse roles and experiences shaped his perspective and helped him get to where he is today.
  • Billy shares advice for anyone interested in becoming an entrepreneur.
  • What do they do at QED Solutions?
  • Billy shares his advice for those who want to transition from military to corporate cybersecurity. 
  • Billy gets into the awesome yet scary things about being a researcher.
  
  

  Links and resources:

  (CS)²AI

  QED Secure Solutions  

  Billy Rios on LinkedIn

  ]]>Today, Derek Harp interviews Billy Rios, the Co-Founder of QED Secure Solutions.

  Billy is an experienced technical leader with a strong background in successful strategic security planning, security program development, and security program execution. He excels at seeing the big picture, identifying gaps, and managing initiatives. He is comfortable managing security initiatives for high-profile, high-visibility products and services. He plays an integral role within organizations by providing collaboration, motivation, and direction across teams in diverse and demanding environments. 

  Billy’s Dad was in the army, so his family moved around a lot while he was growing up. He currently lives in Colorado. As well as being a long-term contributor to the cybersecurity field, Billy is a former military veteran, active reservist, technologist, author, entrepreneur, security ninja, snowboarder, Jiu-Jitsu brown belt, a well-known researcher in the cybersecurity space, husband, and father. 

  He joins Derek today to discuss his background, career journey, and career highlights. He also offers many valuable nuggets of advice for entrepreneurs and anyone in military units looking to break into the commercial cybersecurity industry.

  Show highlights:

  • Billy explains how his entry into cybersecurity started with hacking video games as a young kid.
  • Billy received scholarships for the Airforce and Marine Corps. He shares his motivation for choosing the Marine Corps and discusses what he did while serving there.
  • Billy talks about his study program at the University of Washington. 
  • Billy has focused on cybersecurity since he left active duty in the Marine Corps almost 20 years ago.
  • Billy discusses the guidance he received from leaders and mentors in the organizations he worked for before becoming an entrepreneur.
  • How Billy’s diverse roles and experiences shaped his perspective and helped him get to where he is today.
  • Billy shares advice for anyone interested in becoming an entrepreneur.
  • What do they do at QED Solutions?
  • Billy shares his advice for those who want to transition from military to corporate cybersecurity. 
  • Billy gets into the awesome yet scary things about being a researcher.
  
  

  Links and resources:

  (CS)²AI

  QED Secure Solutions  

  Billy Rios on LinkedIn

  ]]>24c1d551-6632-496e-922e-2c1b1614ae60Tue, 14 Feb 2023 03:00:00 -050042:09falsefull696968: Using Engineering + OT to Launch Your CyberSecurity CareerToday, Khalid Ansari joins Derek Harp. He is a Senior Engineer of Industrial Control Cybersecurity at FM Approvals in Boston. 

  Khalid Ansari is an ICS/OT Cybersecurity Engineer with in-the-trenches experience in industrial automation, control systems, and MES. He is a proponent of secure-by-design products and a secure software development lifecycle. 

  Khalid has been working in the control systems field for 25 years. He grew up and went to school and university in a small city in Southern India. In addition to being an engineer and a long-time contributor to the OT control systems cybersecurity community, he is also a husband, father, coder, lifetime learner, avid reader, outdoor enthusiast, and struggling skier. 

  In this episode, Khalid shares his modern-day superhero backstory and discusses his education path and career journey. He also shares his insight and offers valuable nuggets of advice for anyone considering a career in cybersecurity.

   Show highlights:

  • Khalid was first exposed to technology when his dad bought him a Commodore 500 during high school.
  • Khalid did his first paid job while he was in college.
  • Khalid discusses his educational experiences in India, the UK, and the US.
  • What would Khalid do differently today? (In terms of his studies.)
  • Khalid discusses a job opportunity that arose because he was active on the control systems bulletin board while doing his MBA.
  • Khalid talks about moving to the Middle East to gain the asset-owner experience he lacked in his portfolio.
  • Khalid offers a global perspective on cybersecurity for control systems.
  • Khalid shares his view on government regulations within the industry.
  • Some suggestions for certifications and other ways for young professionals to acquire knowledge and gain career experience.
  • The benefits of volunteering, and how to go about it.
  • The role mentorship has played in Khalid’s career.
  
  ]]>Today, Khalid Ansari joins Derek Harp. He is a Senior Engineer of Industrial Control Cybersecurity at FM Approvals in Boston. 

  Khalid Ansari is an ICS/OT Cybersecurity Engineer with in-the-trenches experience in industrial automation, control systems, and MES. He is a proponent of secure-by-design products and a secure software development lifecycle. 

  Khalid has been working in the control systems field for 25 years. He grew up and went to school and university in a small city in Southern India. In addition to being an engineer and a long-time contributor to the OT control systems cybersecurity community, he is also a husband, father, coder, lifetime learner, avid reader, outdoor enthusiast, and struggling skier. 

  In this episode, Khalid shares his modern-day superhero backstory and discusses his education path and career journey. He also shares his insight and offers valuable nuggets of advice for anyone considering a career in cybersecurity.

   Show highlights:

  • Khalid was first exposed to technology when his dad bought him a Commodore 500 during high school.
  • Khalid did his first paid job while he was in college.
  • Khalid discusses his educational experiences in India, the UK, and the US.
  • What would Khalid do differently today? (In terms of his studies.)
  • Khalid discusses a job opportunity that arose because he was active on the control systems bulletin board while doing his MBA.
  • Khalid talks about moving to the Middle East to gain the asset-owner experience he lacked in his portfolio.
  • Khalid offers a global perspective on cybersecurity for control systems.
  • Khalid shares his view on government regulations within the industry.
  • Some suggestions for certifications and other ways for young professionals to acquire knowledge and gain career experience.
  • The benefits of volunteering, and how to go about it.
  • The role mentorship has played in Khalid’s career.
  
  ]]>34af6775-fc46-4e5a-bc06-f0229657a6adTue, 07 Feb 2023 03:00:00 -050042:21falsefull686867: Coding as a Springboard Into Cybersecurity with Matt WyckhouseToday, Derek Harp interviews Matt Wyckhouse, the Founder and CEO of Finite State. 

  Before founding Finite State, Matt spent 15 years leading and developing advanced solutions to some of the hardest problems in cyber security, with experience across the spectrum of offensive and defensive cyber operations. Notably, he was the technical founder and CTO of Battelle's Cyber Innovations business unit. Throughout his career, Matt has spearheaded complex national security programs ranging from the detection of malicious integrated circuits in the supply chain to next-generation intrusion detection systems for automotive systems. Matt directed numerous intelligence programs related to the security of embedded and IoT devices and has been a speaker on the subject at security events.

  Matt grew up in Ohio, in a small suburb outside of Toledo. In addition to being an entrepreneur and technologist, he is also a husband, chef, foodie, world traveler, and water sports enthusiast! In this episode, he shares his backstory, discusses his education and professional journey, and offers nuggets of advice for anyone looking to get into cybersecurity. 

  Show highlights:

  • Matt was in a gifted program in elementary school and started writing codes. He also did a fair amount of programming on the side when in high school.
  • Matt did an internship and spent 13 years with the Battelle Center for Science, Engineering, and Public Policy at the Ohio State University.
  • Matt explains why he believes in the power of internships.
  • Matt discusses the benefits of mentorship and explains how it played out for him early on and the role it plays today.
  • The various projects and programs Matt worked on at Battelle.
  • How did Matt become a technical leader of the brand-new cybersecurity business unit at Battelle?
  • What led to Matt leaving Battelle?
  • Matt talks about what he did after leaving Battelle and before founding Finite State.
  • Things Matt was afraid of when thinking of starting a company.
  • Matt offers advice for anyone contemplating starting a company.
  • What does it take for entrepreneurs to raise capital to start a business?
  • What does Finite State focus on, and who do they serve?
  
  

  
  

  ]]>Today, Derek Harp interviews Matt Wyckhouse, the Founder and CEO of Finite State. 

  Before founding Finite State, Matt spent 15 years leading and developing advanced solutions to some of the hardest problems in cyber security, with experience across the spectrum of offensive and defensive cyber operations. Notably, he was the technical founder and CTO of Battelle's Cyber Innovations business unit. Throughout his career, Matt has spearheaded complex national security programs ranging from the detection of malicious integrated circuits in the supply chain to next-generation intrusion detection systems for automotive systems. Matt directed numerous intelligence programs related to the security of embedded and IoT devices and has been a speaker on the subject at security events.

  Matt grew up in Ohio, in a small suburb outside of Toledo. In addition to being an entrepreneur and technologist, he is also a husband, chef, foodie, world traveler, and water sports enthusiast! In this episode, he shares his backstory, discusses his education and professional journey, and offers nuggets of advice for anyone looking to get into cybersecurity. 

  Show highlights:

  • Matt was in a gifted program in elementary school and started writing codes. He also did a fair amount of programming on the side when in high school.
  • Matt did an internship and spent 13 years with the Battelle Center for Science, Engineering, and Public Policy at the Ohio State University.
  • Matt explains why he believes in the power of internships.
  • Matt discusses the benefits of mentorship and explains how it played out for him early on and the role it plays today.
  • The various projects and programs Matt worked on at Battelle.
  • How did Matt become a technical leader of the brand-new cybersecurity business unit at Battelle?
  • What led to Matt leaving Battelle?
  • Matt talks about what he did after leaving Battelle and before founding Finite State.
  • Things Matt was afraid of when thinking of starting a company.
  • Matt offers advice for anyone contemplating starting a company.
  • What does it take for entrepreneurs to raise capital to start a business?
  • What does Finite State focus on, and who do they serve?
  
  

  
  

  ]]>e4f3f615-f032-4ff7-ad2b-916c4dc91059Tue, 31 Jan 2023 03:00:00 -050055:06falsefull676766: Become a Cybersecurity Entrepreneur with Michael SchroederToday, Derek Harp interviews Michael Schroeder, the Founder, CEO, and Director of OT, FRCS, and ICS Security at 3 Territory Solutions. 

  Michael leads an organization that conceptualizes, develops, and implements cybersecurity standards and policies for Facility-Related Control Systems, Medical Devices, Industrial Control Systems, PIT and PIT Systems, Operational Technologies, and most generally, the Internet of Things. They are passionate, challenge the status quo, innovate, and fail forward.

  Michael was born and raised in Pittsburgh, Pennsylvania. He is a long-time contributor to the cybersecurity space. In the early years, he was a Chapter Board Member in the Washington DC Chapter of the Control System Cyber Security Association International. He is also a father, husband, entrepreneur, engineer, project manager, traveler, and race-car driver. He joins Derek today to discuss his education and career path, talk about what he does today, and offer advice for anyone considering a career in cybersecurity.

  Show highlights:

  • Michael explains what drew him toward the discipline of engineering and why he decided to study mechanical engineering.
  • Michael discusses what he did after graduating from Pennsylvania State University.
  • How Michael jumped from engineering and working in construction to cybersecurity in 2015.
  • Why should you leave jobs with professionalism and strive to keep the doors open?
  • Michael explains why his stint working at a large company was so short.
  • Michael shares his motivation for starting his own company and gets into the genesis process.
  • How Michael chose the name 3 Territory Solutions.
  • Michael shares some insight for entrepreneurs. 
  • How Michael built his career by taking advantage of opportunities as they presented themselves.
  • Michael offers advice for people coming into the cybersecurity space.
  • The role mentorship has played in Michael’s career path.
  
  

  Links and resources:

  (CS)²AI

  Michael Schroeder on LinkedIn

  3 Territory Solutions

  ]]>Today, Derek Harp interviews Michael Schroeder, the Founder, CEO, and Director of OT, FRCS, and ICS Security at 3 Territory Solutions. 

  Michael leads an organization that conceptualizes, develops, and implements cybersecurity standards and policies for Facility-Related Control Systems, Medical Devices, Industrial Control Systems, PIT and PIT Systems, Operational Technologies, and most generally, the Internet of Things. They are passionate, challenge the status quo, innovate, and fail forward.

  Michael was born and raised in Pittsburgh, Pennsylvania. He is a long-time contributor to the cybersecurity space. In the early years, he was a Chapter Board Member in the Washington DC Chapter of the Control System Cyber Security Association International. He is also a father, husband, entrepreneur, engineer, project manager, traveler, and race-car driver. He joins Derek today to discuss his education and career path, talk about what he does today, and offer advice for anyone considering a career in cybersecurity.

  Show highlights:

  • Michael explains what drew him toward the discipline of engineering and why he decided to study mechanical engineering.
  • Michael discusses what he did after graduating from Pennsylvania State University.
  • How Michael jumped from engineering and working in construction to cybersecurity in 2015.
  • Why should you leave jobs with professionalism and strive to keep the doors open?
  • Michael explains why his stint working at a large company was so short.
  • Michael shares his motivation for starting his own company and gets into the genesis process.
  • How Michael chose the name 3 Territory Solutions.
  • Michael shares some insight for entrepreneurs. 
  • How Michael built his career by taking advantage of opportunities as they presented themselves.
  • Michael offers advice for people coming into the cybersecurity space.
  • The role mentorship has played in Michael’s career path.
  
  

  Links and resources:

  (CS)²AI

  Michael Schroeder on LinkedIn

  3 Territory Solutions

  ]]>19bf4c96-a913-4de7-b97b-98c36112c24fTue, 24 Jan 2023 03:00:00 -050043:23falsefull666665: How the S4x23 Conference Can Help Your CyberSecurity CareerDale Peterson, the Founder of the S4 Conference, joins Derek Harp today. 

  Dale was on an earlier podcast last year where he spoke about the founding and history of the S4 Conference. Today, he joins Derek to discuss the S4x23 Conference coming up shortly. It will open with a preliminary day on February 13th, and the event will take place on the 14th, 15th, and 16th of February.

  For more than 15 years, Dale Peterson has been on the leading/bleeding edge helping security-conscious asset owners effectively and efficiently manage risk to their critical assets. He has pioneered numerous ICS security tools and techniques, such as the first intrusion detection signatures for ICS that are now in every commercial product. In 2007 Dale created the S4 Events to showcase the best offensive and defensive work in ICS security and build a community. S4 is now the largest and most advanced ICS event in the world. Dale is constantly pushing and prodding the ICS community to move faster and get better.

  The S4 Conference has been growing and evolving for many years. In this episode, Dale dives into what to expect and look forward to for this year’s S4x23 Conference.

  Show highlights:

  • Dale gets into what to expect from the upcoming S4x23 Conference
  • Dale discusses what excites him about the upcoming event
  • Dale talks about the women’s social event that will take place on the night of Monday the 13th
  • There will be a My Favorite Metric game show on the morning of Thursday the 16th
  • There will be 100 free tickets for women in ICS
  • There will be a special space for worthy cause exhibitors
  • Who the event is geared toward
  
  

  Links and resources: 

  (CS)²AI

  Dale Peterson’s website

  Dale Peterson on LinkedIn

  Go to www.s4xevents.com for more information about the upcoming S4x23 Conference.

  Books mentioned:

  Start with Why: How Great Leaders Inspire Everyone to Take Action by Simon Sinek

  ]]>Dale Peterson, the Founder of the S4 Conference, joins Derek Harp today. 

  Dale was on an earlier podcast last year where he spoke about the founding and history of the S4 Conference. Today, he joins Derek to discuss the S4x23 Conference coming up shortly. It will open with a preliminary day on February 13th, and the event will take place on the 14th, 15th, and 16th of February.

  For more than 15 years, Dale Peterson has been on the leading/bleeding edge helping security-conscious asset owners effectively and efficiently manage risk to their critical assets. He has pioneered numerous ICS security tools and techniques, such as the first intrusion detection signatures for ICS that are now in every commercial product. In 2007 Dale created the S4 Events to showcase the best offensive and defensive work in ICS security and build a community. S4 is now the largest and most advanced ICS event in the world. Dale is constantly pushing and prodding the ICS community to move faster and get better.

  The S4 Conference has been growing and evolving for many years. In this episode, Dale dives into what to expect and look forward to for this year’s S4x23 Conference.

  Show highlights:

  • Dale gets into what to expect from the upcoming S4x23 Conference
  • Dale discusses what excites him about the upcoming event
  • Dale talks about the women’s social event that will take place on the night of Monday the 13th
  • There will be a My Favorite Metric game show on the morning of Thursday the 16th
  • There will be 100 free tickets for women in ICS
  • There will be a special space for worthy cause exhibitors
  • Who the event is geared toward
  
  

  Links and resources: 

  (CS)²AI

  Dale Peterson’s website

  Dale Peterson on LinkedIn

  Go to www.s4xevents.com for more information about the upcoming S4x23 Conference.

  Books mentioned:

  Start with Why: How Great Leaders Inspire Everyone to Take Action by Simon Sinek

  ]]>99ad8fb7-30eb-4231-a06f-e609283f52afWed, 18 Jan 2023 03:00:00 -050015:35falsefull656564: Education That Alters Your Career TrajectoryToday, Markus Braendle joins Derek Harp as his guest for today’s show. He is Head of Information and Automotive Security at the Volkswagen company, CARIAD. 

  Markus has been in the industry for a long time! He is a high-energy and result-driven professional offering extensive leadership and business experience. He has a proven track record of building, strengthening, and leading international teams, evolving organizations to meet future needs, as well as creating a customer-focused culture. He is confident and engaging with refined communication skills. He brings deep technical know-how to areas of information technology, cyber security, or industrial automation.

  Markus was born in Iran and grew up in a small town near Zurich, Switzerland. In addition to being a technologist and an all-around geek, he is also a husband, father, hobby carpenter, mountain biker, and formally-trained software engineer. In this episode, he tells his story, discusses his education and career trajectory, and gets into what they are doing at CARIAD.

  Stay tuned for more!

  Show highlights:

  • His dad was into technology, and it became clear early on that Markus would also go into technology.
  • He studied for four years to get his Master’s in Computer Science and then did a P.h.D. in Theoretical Computer Science.
  • Markus talks about the value of the year he spent in the US as an exchange student.
  • He explains why he ended up in a corporate research lab after completing his studies.
  • Markus discusses his first intersections with control systems and cybersecurity.
  • How Markus learned to always ask about the most important thing a product does before trying to link security to it.
  • Markus discusses his approach to building a network to advance your career.
  • The qualities Markus looks for in candidates when interviewing them.
  • What diversity means to him, and why he feels it is essential when building teams.
  • How Markus discovered the benefits of working with people with autism.
  • Why he left ABB to join Airbus, and why he joined Cariad eight months ago.
  • Markus shares some advice for what people starting in their careers should study.
  
  

  
  

  ]]>Today, Markus Braendle joins Derek Harp as his guest for today’s show. He is Head of Information and Automotive Security at the Volkswagen company, CARIAD. 

  Markus has been in the industry for a long time! He is a high-energy and result-driven professional offering extensive leadership and business experience. He has a proven track record of building, strengthening, and leading international teams, evolving organizations to meet future needs, as well as creating a customer-focused culture. He is confident and engaging with refined communication skills. He brings deep technical know-how to areas of information technology, cyber security, or industrial automation.

  Markus was born in Iran and grew up in a small town near Zurich, Switzerland. In addition to being a technologist and an all-around geek, he is also a husband, father, hobby carpenter, mountain biker, and formally-trained software engineer. In this episode, he tells his story, discusses his education and career trajectory, and gets into what they are doing at CARIAD.

  Stay tuned for more!

  Show highlights:

  • His dad was into technology, and it became clear early on that Markus would also go into technology.
  • He studied for four years to get his Master’s in Computer Science and then did a P.h.D. in Theoretical Computer Science.
  • Markus talks about the value of the year he spent in the US as an exchange student.
  • He explains why he ended up in a corporate research lab after completing his studies.
  • Markus discusses his first intersections with control systems and cybersecurity.
  • How Markus learned to always ask about the most important thing a product does before trying to link security to it.
  • Markus discusses his approach to building a network to advance your career.
  • The qualities Markus looks for in candidates when interviewing them.
  • What diversity means to him, and why he feels it is essential when building teams.
  • How Markus discovered the benefits of working with people with autism.
  • Why he left ABB to join Airbus, and why he joined Cariad eight months ago.
  • Markus shares some advice for what people starting in their careers should study.
  
  

  
  

  ]]>74d8542c-1f64-4460-8770-9991b0309fd2Tue, 10 Jan 2023 03:00:00 -050041:10falsefull646463: OT and Cybersecurity Updates from Rick Kaun of Verve Industrial ProtectionToday, Derek Harp shines the spotlight on Verve Industrial Protection. Verve has been around for some time and has been evolving over the last several years. 

  Rick Kaun is the VP of Solutions at Verve Industrial Protection. He joins Derek today to share his insights and talk about Verve, explain what sets them apart from the rest, and discuss where they are heading.   

  Rick is a CS2AI fellow and a former CS2AI Chapter President. He has been involved with CS2AI since the very early days.

  You will not want to miss this episode if you are interested in learning about what goes on and what people are doing in the OT realm and cybersecurity space. Stay tuned to find out what Verve Industrial Protection does, the verticals they are in, who they help, and how they do it. 

  Show highlights:

  • Verve’s origin story.
  • How Verve differs from its competitors.
  • Rick discusses the various verticals Verve is in.
  • How and why Rick joined Verve.
  • Rick dives into what protection requires.
  • The main differences between Verve and traditional tools.
  • Why does Verve do managed services?
  • Rick unpacks what he finds exciting about where Verve is and the way they do things.
  • How do people get selected to do OT or ICS cybersecurity?
  
  ]]>Today, Derek Harp shines the spotlight on Verve Industrial Protection. Verve has been around for some time and has been evolving over the last several years. 

  Rick Kaun is the VP of Solutions at Verve Industrial Protection. He joins Derek today to share his insights and talk about Verve, explain what sets them apart from the rest, and discuss where they are heading.   

  Rick is a CS2AI fellow and a former CS2AI Chapter President. He has been involved with CS2AI since the very early days.

  You will not want to miss this episode if you are interested in learning about what goes on and what people are doing in the OT realm and cybersecurity space. Stay tuned to find out what Verve Industrial Protection does, the verticals they are in, who they help, and how they do it. 

  Show highlights:

  • Verve’s origin story.
  • How Verve differs from its competitors.
  • Rick discusses the various verticals Verve is in.
  • How and why Rick joined Verve.
  • Rick dives into what protection requires.
  • The main differences between Verve and traditional tools.
  • Why does Verve do managed services?
  • Rick unpacks what he finds exciting about where Verve is and the way they do things.
  • How do people get selected to do OT or ICS cybersecurity?
  
  ]]>934be58f-4992-4b75-ae28-8cfc59b83885Tue, 27 Dec 2022 03:00:00 -050043:40falsefull636362: Going from Gamer to Cybersecurity Expert with Donovan TindillDerek Harp interviews Donovan Tindill today. Donovan is the Director of OT Cybersecurity at DeNexus. 

  Donovan Tindill is a control systems cybersecurity subject matter expert with the Honeywell Industrial Cybersecurity team. He spent over 17 years customer-facing as a control systems cybersecurity consultant in Canada, training/mentoring the technical team, and leading major projects across Consulting Services. Donovan supports global industrial cybersecurity by volunteering to teach, contributing to standards, supporting industry conferences, and sharing thought-provoking presentations. 

  He is a former ISA-99/62443 trainer, working group co-chair, and contributor. Donovan is an advisor to both the United States and Canadian government control systems cybersecurity conferences (i.e. US DHS ICSJWG Vice-Chair and Public Safety Canada ICS Symposium Vendor Seat) helping select speakers, drive awareness, and increase knowledge in North America. Donovan has an applied Bachelor’s Degree in Network Engineering and Management (NET:1999, BAIST-NM:-2003) from the Northern Alberta Institute of Technology (NAIT) and holds CISSP and GICSP certifications.

  Donovan grew up in Canada, in rural Alberta, and currently lives in Edmonton. He is a long-time contributor to the cybersecurity space. He has been involved for much longer than most and is way more than just a cybersecurity enthusiast. He is also a professional speaker, husband, father, coach, outdoor enthusiast, camper, handyman, and tinkerer. He joins Derek in this episode to tell his story, unpack his career journey, share his experience, and offer advice.

  You won’t want to miss this episode if you are considering a career in cybersecurity. Stay tuned to hear Donovan’s story and benefit from his experience in control systems and cybersecurity!

  Show highlights: 

  • How video games and networking computers together led Donovan to get into network engineering.
  • What the network engineering program is all about and what you can do with it. 
  • Donovan discusses a roadblock to growth in the Honeywell cybersecurity business.
  • Donavan talks about the first project he worked on at the start of the integration between control systems and networks.
  • How has the cybersecurity journey evolved since the early 2000s?
  • Donovan talks about his decision to take a leave of absence from Matrikon to complete his degree program.
  • The different roles Donovan has been in throughout his career.
  • The benefits of volunteering.
  • Donovan discusses his motivation for doing what he does in the controls systems cyberspace.
  • What will you gain from giving and receiving mentorship?
  • Why Donovan decided to move to DeNexus.
  • Donovan shares his view of the future.
  
  

  Links and resources:

  (CS)²AI

  Donovan Tindill on LinkedIn

  DeNexus

  ]]>Derek Harp interviews Donovan Tindill today. Donovan is the Director of OT Cybersecurity at DeNexus. 

  Donovan Tindill is a control systems cybersecurity subject matter expert with the Honeywell Industrial Cybersecurity team. He spent over 17 years customer-facing as a control systems cybersecurity consultant in Canada, training/mentoring the technical team, and leading major projects across Consulting Services. Donovan supports global industrial cybersecurity by volunteering to teach, contributing to standards, supporting industry conferences, and sharing thought-provoking presentations. 

  He is a former ISA-99/62443 trainer, working group co-chair, and contributor. Donovan is an advisor to both the United States and Canadian government control systems cybersecurity conferences (i.e. US DHS ICSJWG Vice-Chair and Public Safety Canada ICS Symposium Vendor Seat) helping select speakers, drive awareness, and increase knowledge in North America. Donovan has an applied Bachelor’s Degree in Network Engineering and Management (NET:1999, BAIST-NM:-2003) from the Northern Alberta Institute of Technology (NAIT) and holds CISSP and GICSP certifications.

  Donovan grew up in Canada, in rural Alberta, and currently lives in Edmonton. He is a long-time contributor to the cybersecurity space. He has been involved for much longer than most and is way more than just a cybersecurity enthusiast. He is also a professional speaker, husband, father, coach, outdoor enthusiast, camper, handyman, and tinkerer. He joins Derek in this episode to tell his story, unpack his career journey, share his experience, and offer advice.

  You won’t want to miss this episode if you are considering a career in cybersecurity. Stay tuned to hear Donovan’s story and benefit from his experience in control systems and cybersecurity!

  Show highlights: 

  • How video games and networking computers together led Donovan to get into network engineering.
  • What the network engineering program is all about and what you can do with it. 
  • Donovan discusses a roadblock to growth in the Honeywell cybersecurity business.
  • Donavan talks about the first project he worked on at the start of the integration between control systems and networks.
  • How has the cybersecurity journey evolved since the early 2000s?
  • Donovan talks about his decision to take a leave of absence from Matrikon to complete his degree program.
  • The different roles Donovan has been in throughout his career.
  • The benefits of volunteering.
  • Donovan discusses his motivation for doing what he does in the controls systems cyberspace.
  • What will you gain from giving and receiving mentorship?
  • Why Donovan decided to move to DeNexus.
  • Donovan shares his view of the future.
  
  

  Links and resources:

  (CS)²AI

  Donovan Tindill on LinkedIn

  DeNexus

  ]]>0ff2fbf4-28cc-4eaa-97b6-d681c305c015Thu, 22 Dec 2022 03:00:00 -050054:19falsefull626261: Lessons from the Origins of Control SystemsJoseph Weiss is an industry expert on control systems and electronic security of control systems, with more than 40 years of experience in the energy industry. Mr. Weiss spent more than 14 years at the Electric Power Research Institute (EPRI) where he led a variety of programs including the Nuclear Plant Instrumentation and Diagnostics Program, the Fossil Plant Instrumentation & Controls Program, the Y2K Embedded Systems Program and, the cyber security for digital control systems.

  As Technical Manager of the Enterprise Infrastructure Security (EIS) Program, he provided technical and outreach leadership for the energy industry’s critical infrastructure protection (CIP) program. He was responsible for developing many utility industry security primers and implementation guidelines. He was also the EPRI Exploratory Research lead on instrumentation, controls, and communications.

  Mr. Weiss serves as a member of numerous organizations related to control system security. These include the North American Electric Reliability Corporation (NERC) Control Systems Security Working Group (CSSWG), the International Electrotechnical Commission (IEC) Technical Committee (TC) 57 Working Group 15 – Data and Communication Security, the Process Controls Security Requirements Forum, CIGRÉ WG D2.22 – Treatment of Information Security for Electric Power Utilities (EPUs), and other industry working groups.

  He served as the Task Force Lead for review of information security impacts on IEEE standards. He is also a Director on ISA’s Standards and Practices Board. He has provided oral and written testimony to three House subcommittees, one Senate Committee, and a formal statement for the record to another House Committee. He has also responded to numerous Government Accountability Office (GAO) information requests on cyber security and Smart Grid issues.

  He is also an invited speaker at many industry and vendor user group security conferences, has chaired numerous panel sessions on control system security, and is often quoted throughout the industry.

  He has published over 80 papers on instrumentation, controls, and diagnostics including chapters on cyber security for Electric Power Substations Engineering and Securing Water and Wastewater Systems. He coauthored Cyber Security Policy Guidebook and authored Protecting Industrial Control Systems from Electronic Threats. He supported MITRE and NIST in extending NIST SP800-53 to include control systems and the development of NIST SP800-82.

  He was tasked to write the White Paper on Industrial Control Systems Security for the Center for Strategic and International Studies Blue Ribbon Panel preparing cyber security recommendations for the Obama administration.

  In February 2016, Mr. Weiss gave the keynote to the National Academy of Science, Engineering, and Medicine on control system cyber security. Mr. Weiss has conducted SCADA, substation, plant control system, and water systems vulnerability and risk assessments and conducted short courses on control system security. He has amassed a database of more than 950 actual control system cyber incidents.

  He is a member of Transportation Safety Board Committee on Cyber Security for Mass Transit. He was a subject matter expert to the International Atomic Energy Agency on nuclear plant control system cyber security. He also established the annual Industrial Control System (ICS) Cyber Security Conference. Mr. Weiss has received numerous industry awards, including the EPRI Presidents Award (2002) and is an ISA Fellow, Managing Director of ISA Fossil Plant Standards, ISA Nuclear Plant Standards, ISA Industrial Automation and Control System Security (ISA99), a Ponemon Institute Fellow, and an IEEE Senior Member. He has been identified as a Smart Grid Pioneer by Smart Grid Today.

  He is a Voting Member of the TC65 TAG and a US Expert to TC65 WG10, Security...]]>Joseph Weiss is an industry expert on control systems and electronic security of control systems, with more than 40 years of experience in the energy industry. Mr. Weiss spent more than 14 years at the Electric Power Research Institute (EPRI) where he led a variety of programs including the Nuclear Plant Instrumentation and Diagnostics Program, the Fossil Plant Instrumentation & Controls Program, the Y2K Embedded Systems Program and, the cyber security for digital control systems.

  As Technical Manager of the Enterprise Infrastructure Security (EIS) Program, he provided technical and outreach leadership for the energy industry’s critical infrastructure protection (CIP) program. He was responsible for developing many utility industry security primers and implementation guidelines. He was also the EPRI Exploratory Research lead on instrumentation, controls, and communications.

  Mr. Weiss serves as a member of numerous organizations related to control system security. These include the North American Electric Reliability Corporation (NERC) Control Systems Security Working Group (CSSWG), the International Electrotechnical Commission (IEC) Technical Committee (TC) 57 Working Group 15 – Data and Communication Security, the Process Controls Security Requirements Forum, CIGRÉ WG D2.22 – Treatment of Information Security for Electric Power Utilities (EPUs), and other industry working groups.

  He served as the Task Force Lead for review of information security impacts on IEEE standards. He is also a Director on ISA’s Standards and Practices Board. He has provided oral and written testimony to three House subcommittees, one Senate Committee, and a formal statement for the record to another House Committee. He has also responded to numerous Government Accountability Office (GAO) information requests on cyber security and Smart Grid issues.

  He is also an invited speaker at many industry and vendor user group security conferences, has chaired numerous panel sessions on control system security, and is often quoted throughout the industry.

  He has published over 80 papers on instrumentation, controls, and diagnostics including chapters on cyber security for Electric Power Substations Engineering and Securing Water and Wastewater Systems. He coauthored Cyber Security Policy Guidebook and authored Protecting Industrial Control Systems from Electronic Threats. He supported MITRE and NIST in extending NIST SP800-53 to include control systems and the development of NIST SP800-82.

  He was tasked to write the White Paper on Industrial Control Systems Security for the Center for Strategic and International Studies Blue Ribbon Panel preparing cyber security recommendations for the Obama administration.

  In February 2016, Mr. Weiss gave the keynote to the National Academy of Science, Engineering, and Medicine on control system cyber security. Mr. Weiss has conducted SCADA, substation, plant control system, and water systems vulnerability and risk assessments and conducted short courses on control system security. He has amassed a database of more than 950 actual control system cyber incidents.

  He is a member of Transportation Safety Board Committee on Cyber Security for Mass Transit. He was a subject matter expert to the International Atomic Energy Agency on nuclear plant control system cyber security. He also established the annual Industrial Control System (ICS) Cyber Security Conference. Mr. Weiss has received numerous industry awards, including the EPRI Presidents Award (2002) and is an ISA Fellow, Managing Director of ISA Fossil Plant Standards, ISA Nuclear Plant Standards, ISA Industrial Automation and Control System Security (ISA99), a Ponemon Institute Fellow, and an IEEE Senior Member. He has been identified as a Smart Grid Pioneer by Smart Grid Today.

  He is a Voting Member of the TC65 TAG and a US Expert to TC65 WG10, Security for industrial process measurement and control – network and system security and IEC TC45A Nuclear Plant Cyber Security. Mr. Weiss was featured in Richard Clarke and RP Eddy’s book- Warning – Finding Cassandras to Stop Catastrophes. He has two patents on instrumentation and control systems, is a registered professional engineer in the State of California, a Certified Information Security Manager (CISM) and is certified in Risk and Information Systems Control (CRISC).

  ]]>1b122267-8467-4010-82cc-37a7b971db54Tue, 13 Dec 2022 12:15:00 -050054:24falsefull616160: Coming Out of the Military to a Career in CyberSecurity with Charlie GivensToday, Derek Harp interviews Charlie Givens, the Project Manager at Bechtel. 

  Charlie is an experienced professional with a demonstrated history of working in Information Technology, Engineering Automation, and Cybersecurity. He is a Certified Software Quality Assurance Engineer, Global Industrial Cyber Security Professional, and Control System Cyber Security Association International Fellow. He has invested his career in database design, data analysis, software engineering, system management, software quality assurance, process improvement, procedure development, work process enhancement, digital transformation, and software and system integration. He has also focused on cybersecurity as it relates to industrial control systems. 

  Charlie hails from a small town in Georgia. As well as being an engineer, he is also a veteran, father, husband, fishing enthusiast, photographer, and a lifetime learner. 

  In this episode, he tells his backstory, discusses his career trajectory, and offers some valuable nuggets of advice for anyone looking to get into cybersecurity.

  This episode is a must if you are considering a career in cybersecurity or the control systems space. Stay tuned to hear how Charlie got to where he is today and benefit from his insights and many years of experience in the field.

  Show highlights:

  • Charlie talks about the time he spent in the Navy.
  • What Charlie studied after leaving the Navy.
  • How he encountered cybersecurity when he joined Bechtel as a software engineer.
  • What he learned over time from his perspective as a computer scientist in the engineering field.
  • Charlie’s recommendations for the first steps to get into the cybersecurity domain.
  • The process used for the ICS center program Charlie helped create.
  • The role mentorship has played in Charlie’s journey.
  • Some advice for people coming out of school or the military looking to break into cybersecurity.
  • Some of the challenges Charlie has faced in his career.
  
  

  Links and resources:

  (CS)²AI

  Bechtel

  Charlie Givens on LinkedIn

  ]]>Today, Derek Harp interviews Charlie Givens, the Project Manager at Bechtel. 

  Charlie is an experienced professional with a demonstrated history of working in Information Technology, Engineering Automation, and Cybersecurity. He is a Certified Software Quality Assurance Engineer, Global Industrial Cyber Security Professional, and Control System Cyber Security Association International Fellow. He has invested his career in database design, data analysis, software engineering, system management, software quality assurance, process improvement, procedure development, work process enhancement, digital transformation, and software and system integration. He has also focused on cybersecurity as it relates to industrial control systems. 

  Charlie hails from a small town in Georgia. As well as being an engineer, he is also a veteran, father, husband, fishing enthusiast, photographer, and a lifetime learner. 

  In this episode, he tells his backstory, discusses his career trajectory, and offers some valuable nuggets of advice for anyone looking to get into cybersecurity.

  This episode is a must if you are considering a career in cybersecurity or the control systems space. Stay tuned to hear how Charlie got to where he is today and benefit from his insights and many years of experience in the field.

  Show highlights:

  • Charlie talks about the time he spent in the Navy.
  • What Charlie studied after leaving the Navy.
  • How he encountered cybersecurity when he joined Bechtel as a software engineer.
  • What he learned over time from his perspective as a computer scientist in the engineering field.
  • Charlie’s recommendations for the first steps to get into the cybersecurity domain.
  • The process used for the ICS center program Charlie helped create.
  • The role mentorship has played in Charlie’s journey.
  • Some advice for people coming out of school or the military looking to break into cybersecurity.
  • Some of the challenges Charlie has faced in his career.
  
  

  Links and resources:

  (CS)²AI

  Bechtel

  Charlie Givens on LinkedIn

  ]]>700351d4-69e1-4b8e-84ee-6597c65917ceTue, 06 Dec 2022 03:00:00 -050039:36falsefull606059: Staying Curious and Learning New Things is an Asset in Cyber Security with David BacqueDerek Harp interviews David Bacque today. David is currently the Vice President of Strategic Development and Director of OT/ICS Cybersecurity at RED Group. 

  RED Group is an Industrial Control Systems (ICS) technology development and integration firm specializing in Process Automation, IT/OT Consulting, and Industrial Cybersecurity. Dave is an experienced industrial cybersecurity and operational technology (OT) professional who has led, advised on, and delivered cybersecurity projects and initiatives with industrial clients around the world to help operators of critical infrastructure become more resilient to cyber threats. He has a B.S. in Information Systems and Decision Sciences from Louisiana State University and is a holder of the Global Industrial Cybersecurity Professional (GICSP) and Project Management Professional (PMP) certifications.

  Dave grew up and went to school in a small town in South Louisiana. He has many years of experience in the OT space. As well as being an OT/ICS Cybersecurity leader, he is also a father, sailor, chef, barista, traveler, motorcyclist, and hiker. He joins Derek today to talk about his background, education, and career trajectory and discuss the importance of staying curious and being open to learning new things.

  This episode is a must for anyone looking to get into the cybersecurity space! Tune in to hear Dave’s story, learn from his insights and experience, and benefit from his valuable nuggets of career advice! 

  Show highlights:

  • How his dad’s background in mechanical design led to David’s first interactions with technology.
  • The many interesting things that took place around the time Dave graduated from LSU in 2001.
  • What Dave did and learned when he started his career with Total in the early days of IT and OT convergence.
  • The value of getting to know your co-workers personally and building community within organizations.
  • Some changes in the OT security space that happened during the course of Dave’s career.
  • What does it take for engineers and IT people to become OT cybersecurity qualified and savvy?
  • Dave offers advice for leaders looking to get people together to build cross-functional teams.
  • What Dave did in his first career roles.
  • Dave dives into the power of building long-term relationships
  • Dave discusses the informal mentor/mentee relationships he has had in his career
  • The value of being able to tell people your story.
  
  

  Links and resources:

  (CS)²AI

  RED Group

  Dave Bacque on LinkedIn

  ]]>Derek Harp interviews David Bacque today. David is currently the Vice President of Strategic Development and Director of OT/ICS Cybersecurity at RED Group. 

  RED Group is an Industrial Control Systems (ICS) technology development and integration firm specializing in Process Automation, IT/OT Consulting, and Industrial Cybersecurity. Dave is an experienced industrial cybersecurity and operational technology (OT) professional who has led, advised on, and delivered cybersecurity projects and initiatives with industrial clients around the world to help operators of critical infrastructure become more resilient to cyber threats. He has a B.S. in Information Systems and Decision Sciences from Louisiana State University and is a holder of the Global Industrial Cybersecurity Professional (GICSP) and Project Management Professional (PMP) certifications.

  Dave grew up and went to school in a small town in South Louisiana. He has many years of experience in the OT space. As well as being an OT/ICS Cybersecurity leader, he is also a father, sailor, chef, barista, traveler, motorcyclist, and hiker. He joins Derek today to talk about his background, education, and career trajectory and discuss the importance of staying curious and being open to learning new things.

  This episode is a must for anyone looking to get into the cybersecurity space! Tune in to hear Dave’s story, learn from his insights and experience, and benefit from his valuable nuggets of career advice! 

  Show highlights:

  • How his dad’s background in mechanical design led to David’s first interactions with technology.
  • The many interesting things that took place around the time Dave graduated from LSU in 2001.
  • What Dave did and learned when he started his career with Total in the early days of IT and OT convergence.
  • The value of getting to know your co-workers personally and building community within organizations.
  • Some changes in the OT security space that happened during the course of Dave’s career.
  • What does it take for engineers and IT people to become OT cybersecurity qualified and savvy?
  • Dave offers advice for leaders looking to get people together to build cross-functional teams.
  • What Dave did in his first career roles.
  • Dave dives into the power of building long-term relationships
  • Dave discusses the informal mentor/mentee relationships he has had in his career
  • The value of being able to tell people your story.
  
  

  Links and resources:

  (CS)²AI

  RED Group

  Dave Bacque on LinkedIn

  ]]>4200fbc5-5e9a-463e-881a-058f85eec829Tue, 29 Nov 2022 03:00:00 -050044:52falsefull595958: Leveraging Your Military Career to Carve Out a Cyber Security Career with Dr. Michael ChipleyDr. Michael Chipley, the Founder and President of the PMC Group, is the guest for today’s podcast.

  Dr. Chipley has over 30 years of consulting experience in the areas of Program and Project Management, Cybersecurity, Energy and Environmental (LEED, Energy Star, and Carbon Footprint); Critical Infrastructure Protection and Analysis; Building Information Modeling (BIM) Technology; Base Realignment and Closure (BRAC), and Emergency Management/Disaster Recovery. 

  Dr. Chipley served 24 years as a Civil Engineer in the US Air Force and has been consulting since 2001. He is a former adjunct faculty member at George Mason University, where he taught the Infrastructure Security Engineering, Building Security, and Building Information Modeling courses.

  Dr. Chipley grew up on a farm in Oregon. He is a long-time contributor to cybersecurity for control systems, civil engineer, US Airforce veteran, husband, father, grandfather, outdoor enthusiast, and wine enthusiast. He joins Derek Harp today to discuss his military background and career journey and share his insights and advice. 

  You will not want to miss this episode if you are leaving the military and considering a career in cybersecurity. Stay tuned to hear Dr. Chipley’s story and benefit from his breadth of experience!

  Show highlights:

  • What Dr. Chipley did and studied during the 24 years he spent in the military. 
  • Dr. Chipley talks about Shodan.io and what it can do.
  • Some advice about skills and opportunities in the control systems space.
  • How Dr. Chipley benefited from joining the military.
  • Why you can never stop learning in the control systems world.
  • Why women tend to excel in the cyber field.
  • How students can find opportunities to join internship programs.
  • Potential challenges that people in cybersecurity could face.
  • Some of the projects with which Dr. Chipley is currently involved.
  • What can young people do to add to their knowledge and education to increase their value five years from now?
  
  

  Links and resources:

  (CS)²AI

  The PMC Group

  Michael Chipley on LinkedIn

  ]]>Dr. Michael Chipley, the Founder and President of the PMC Group, is the guest for today’s podcast.

  Dr. Chipley has over 30 years of consulting experience in the areas of Program and Project Management, Cybersecurity, Energy and Environmental (LEED, Energy Star, and Carbon Footprint); Critical Infrastructure Protection and Analysis; Building Information Modeling (BIM) Technology; Base Realignment and Closure (BRAC), and Emergency Management/Disaster Recovery. 

  Dr. Chipley served 24 years as a Civil Engineer in the US Air Force and has been consulting since 2001. He is a former adjunct faculty member at George Mason University, where he taught the Infrastructure Security Engineering, Building Security, and Building Information Modeling courses.

  Dr. Chipley grew up on a farm in Oregon. He is a long-time contributor to cybersecurity for control systems, civil engineer, US Airforce veteran, husband, father, grandfather, outdoor enthusiast, and wine enthusiast. He joins Derek Harp today to discuss his military background and career journey and share his insights and advice. 

  You will not want to miss this episode if you are leaving the military and considering a career in cybersecurity. Stay tuned to hear Dr. Chipley’s story and benefit from his breadth of experience!

  Show highlights:

  • What Dr. Chipley did and studied during the 24 years he spent in the military. 
  • Dr. Chipley talks about Shodan.io and what it can do.
  • Some advice about skills and opportunities in the control systems space.
  • How Dr. Chipley benefited from joining the military.
  • Why you can never stop learning in the control systems world.
  • Why women tend to excel in the cyber field.
  • How students can find opportunities to join internship programs.
  • Potential challenges that people in cybersecurity could face.
  • Some of the projects with which Dr. Chipley is currently involved.
  • What can young people do to add to their knowledge and education to increase their value five years from now?
  
  

  Links and resources:

  (CS)²AI

  The PMC Group

  Michael Chipley on LinkedIn

  ]]>3a021ca6-3fa8-43e3-9977-7fff25237b28Tue, 22 Nov 2022 03:00:00 -050041:40falsefull585857: Using Mentorship to Help Advance Your Cybersecurity Career with Susan Peterson SturmToday, Derek Harp interviews Susan Peterson Sturm, the Chief Information Security Officer at Cognite. 

  Susan is a Transformational Operational Technology leader with 20 years of experience in profitably scaling innovative software-based businesses, including automation, IIOT, and cyber security. She has a proven track record of growing and structuring early-stage, profitable digital software-driven P&Ls in excess of $150M. She specializes in change management, product management, M&A, and strategic alliances. Susan serves on advisory boards of Cognite, Innosphere Ventures & One Warm Coat. 

  Susan is an incredible individual with vast experience! She’s an empath, DEI champion, mentor, board advisor, and volunteer focused on poverty alleviation. 

  In this episode, she discusses her background, talks to Derek about her professional journey, and offers helpful tips and advice.

  You won’t want to miss this episode if you are considering a career in the cybersecurity space. Tune in to hear Susan’s fascinating story and benefit from her years of experience in the security field. 

  Show highlights:

  • Susan talks about her studies.
  • Her motivation for pivoting into energy after graduating from college.
  • What she gained from her career in international affairs.
  • Some of Susan’s interesting roles early on in her career.
  • The benefits of getting in-the-field experience.
  • There are many different leadership paths to be chosen within the industry.
  • What you can gain from working abroad with distributed teams.
  • Where security first intersected with Susan’s career.
  • Why it’s worth investing your time in networks.
  • How being vulnerable can help you develop valuable relationships.
  • The role mentorship has played in Susan’s career.
  • How Susan ended up in her current role as a CISO.
  • Motherhood can be very challenging for women in senior roles. 
  • The importance of moving on from any workplace where you don’t feel safe to express your needs.
  
  

  Links and resources:

  (CS)²AI

  Cognite

  Susan Peterson Sturm on LinkedIn

  ]]>Today, Derek Harp interviews Susan Peterson Sturm, the Chief Information Security Officer at Cognite. 

  Susan is a Transformational Operational Technology leader with 20 years of experience in profitably scaling innovative software-based businesses, including automation, IIOT, and cyber security. She has a proven track record of growing and structuring early-stage, profitable digital software-driven P&Ls in excess of $150M. She specializes in change management, product management, M&A, and strategic alliances. Susan serves on advisory boards of Cognite, Innosphere Ventures & One Warm Coat. 

  Susan is an incredible individual with vast experience! She’s an empath, DEI champion, mentor, board advisor, and volunteer focused on poverty alleviation. 

  In this episode, she discusses her background, talks to Derek about her professional journey, and offers helpful tips and advice.

  You won’t want to miss this episode if you are considering a career in the cybersecurity space. Tune in to hear Susan’s fascinating story and benefit from her years of experience in the security field. 

  Show highlights:

  • Susan talks about her studies.
  • Her motivation for pivoting into energy after graduating from college.
  • What she gained from her career in international affairs.
  • Some of Susan’s interesting roles early on in her career.
  • The benefits of getting in-the-field experience.
  • There are many different leadership paths to be chosen within the industry.
  • What you can gain from working abroad with distributed teams.
  • Where security first intersected with Susan’s career.
  • Why it’s worth investing your time in networks.
  • How being vulnerable can help you develop valuable relationships.
  • The role mentorship has played in Susan’s career.
  • How Susan ended up in her current role as a CISO.
  • Motherhood can be very challenging for women in senior roles. 
  • The importance of moving on from any workplace where you don’t feel safe to express your needs.
  
  

  Links and resources:

  (CS)²AI

  Cognite

  Susan Peterson Sturm on LinkedIn

  ]]>5ba0460a-8717-4466-a540-666bef1894c1Tue, 08 Nov 2022 03:00:00 -050037:54falsefull575756: The Critical Role of Your Network in Developing Your Cybersecurity CareerToday, Derek Harp interviews Anton Shipulin. 

  Anton is an Industrial Cybersecurity Evangelist at Nozomi Networks. His primary responsibilities in his current position include working with Nozomi teams and external stakeholders to understand current challenges and threats, enhance best practices, and mitigate risks. He evaluates the industrial environment's security posture, and future technologies and strategies, for protecting critical infrastructure. He works with industry and non-profit organizations to build and strengthen the OT/ICS cybersecurity community for industrial sectors. He researches global security topics and promotes OT and ICS cybersecurity awareness throughout the industry. He is also a husband, father, sports enthusiast, runner, cyclist, and public speaker 

  Anton grew up in Kazakhstan and Russia and currently lives in Dubai, UAE. He is passionate about industrial cybersecurity, critical infrastructure protection, knowledge, and information exchange.  He joins Derek today to discuss his career journey, education, and career experiences and share his insights. 

  You will gain a lot from this episode if you are thinking of starting a career in cybersecurity or moving into the field from a different industry. Stay tuned to hear Anton’s story and get his valuable tips and advice!

  Show highlights:

  • Anton discovered the power of programming when his parents bought him a PC when he was about nine years old.
  • Anton explains why he decided to make cybersecurity his university specialty and has continued working with it since then.
  • Anton gets into why he learned more working for Croc than in university.
  • There is currently a shortage of cybersecurity experts all over the world.
  • Anton gets into what he has learned about cybersecurity while working at Croc.
  • What he focused on while working for Kaspersky.
  • Anton talks about his experience co-founding the RUSCADASEC community.
  • Anton offers advice for entry-level individuals looking for resources to develop their professional careers.
  • Anton discusses his voluntary position at CCI.
  • The power of volunteering and helping others.
  • Why does he believe that networking is critical?
  • The benefits of both giving and receiving mentorship.
  • What excites Anton about the future?
  
  ]]>Today, Derek Harp interviews Anton Shipulin. 

  Anton is an Industrial Cybersecurity Evangelist at Nozomi Networks. His primary responsibilities in his current position include working with Nozomi teams and external stakeholders to understand current challenges and threats, enhance best practices, and mitigate risks. He evaluates the industrial environment's security posture, and future technologies and strategies, for protecting critical infrastructure. He works with industry and non-profit organizations to build and strengthen the OT/ICS cybersecurity community for industrial sectors. He researches global security topics and promotes OT and ICS cybersecurity awareness throughout the industry. He is also a husband, father, sports enthusiast, runner, cyclist, and public speaker 

  Anton grew up in Kazakhstan and Russia and currently lives in Dubai, UAE. He is passionate about industrial cybersecurity, critical infrastructure protection, knowledge, and information exchange.  He joins Derek today to discuss his career journey, education, and career experiences and share his insights. 

  You will gain a lot from this episode if you are thinking of starting a career in cybersecurity or moving into the field from a different industry. Stay tuned to hear Anton’s story and get his valuable tips and advice!

  Show highlights:

  • Anton discovered the power of programming when his parents bought him a PC when he was about nine years old.
  • Anton explains why he decided to make cybersecurity his university specialty and has continued working with it since then.
  • Anton gets into why he learned more working for Croc than in university.
  • There is currently a shortage of cybersecurity experts all over the world.
  • Anton gets into what he has learned about cybersecurity while working at Croc.
  • What he focused on while working for Kaspersky.
  • Anton talks about his experience co-founding the RUSCADASEC community.
  • Anton offers advice for entry-level individuals looking for resources to develop their professional careers.
  • Anton discusses his voluntary position at CCI.
  • The power of volunteering and helping others.
  • Why does he believe that networking is critical?
  • The benefits of both giving and receiving mentorship.
  • What excites Anton about the future?
  
  ]]>3861cf96-ff96-41ff-8831-0c46649de3d3Tue, 01 Nov 2022 03:00:00 -050043:32falsefull565655: The Benefits of Working in the Cybersecurity Industry with Dave SalwenDave Salwen, the VP of Embedded Systems at RunSafe Security Inc., is the guest for today’s podcast.

  Dave is a business leader who delivers emerging technologies to commercial and government markets. He achieves the above plan results with products and services for cyber defense, wireless communications, RF sensing, and electronic warfare areas. He has been successful in building highly effective teams. He has demonstrated his ability to drive the effectiveness of all aspects of the business, from strategic planning and concept development to financial results.

  Dave’s career has always been about technology and people. He has spent his entire career supporting technologists and other super-smart people, helping them have more impact and realize their dreams. He is a father, husband, hiker, skier, tennis player, avid reader, and world traveler. He joins Derek today to discuss his education and career trajectory and share his experience. He gets into how he supports his fellow technologists and the benefits of working in cybersecurity and offers some valuable nuggets of advice.

  This episode is for you if you are thinking of starting a career in cybersecurity or moving over from a different industry. Tune in to get Dave’s career advice and hear about his professional journey.

  Show highlights:

  • What Dave has focused on throughout his career is to help technologists have more impact.
  • Dave grew up with technology, and it has always been part of his life.
  • The benefits of working as part of a team.
  • The different technological environments in which Dave has worked.
  • Dave gets into the different use cases for RunSafe.
  • Dave offers advice for anyone thinking about their career.
  • How electronic warfare ties up with cybersecurity.
  • People are crucial for developing and implementing security solutions, but electronic warfare still relies on the autonomous capabilities of automation.
  • Skills people may already have that they could adapt or extend to work in cybersecurity.
  • Dave defines embedded systems.
  • Some exciting areas of work within the cybersecurity space.
  • The benefits of risk-taking. 
  
  

  Links and resources:

  (CS)²AI

  RunSafe Security

  Dave Salwen on LinkedIn

  ]]>Dave Salwen, the VP of Embedded Systems at RunSafe Security Inc., is the guest for today’s podcast.

  Dave is a business leader who delivers emerging technologies to commercial and government markets. He achieves the above plan results with products and services for cyber defense, wireless communications, RF sensing, and electronic warfare areas. He has been successful in building highly effective teams. He has demonstrated his ability to drive the effectiveness of all aspects of the business, from strategic planning and concept development to financial results.

  Dave’s career has always been about technology and people. He has spent his entire career supporting technologists and other super-smart people, helping them have more impact and realize their dreams. He is a father, husband, hiker, skier, tennis player, avid reader, and world traveler. He joins Derek today to discuss his education and career trajectory and share his experience. He gets into how he supports his fellow technologists and the benefits of working in cybersecurity and offers some valuable nuggets of advice.

  This episode is for you if you are thinking of starting a career in cybersecurity or moving over from a different industry. Tune in to get Dave’s career advice and hear about his professional journey.

  Show highlights:

  • What Dave has focused on throughout his career is to help technologists have more impact.
  • Dave grew up with technology, and it has always been part of his life.
  • The benefits of working as part of a team.
  • The different technological environments in which Dave has worked.
  • Dave gets into the different use cases for RunSafe.
  • Dave offers advice for anyone thinking about their career.
  • How electronic warfare ties up with cybersecurity.
  • People are crucial for developing and implementing security solutions, but electronic warfare still relies on the autonomous capabilities of automation.
  • Skills people may already have that they could adapt or extend to work in cybersecurity.
  • Dave defines embedded systems.
  • Some exciting areas of work within the cybersecurity space.
  • The benefits of risk-taking. 
  
  

  Links and resources:

  (CS)²AI

  RunSafe Security

  Dave Salwen on LinkedIn

  ]]>409e59b4-252c-4838-99e9-bb39c75fb0b0Tue, 25 Oct 2022 03:00:00 -050037:13falsefull54: The Importance of Mentorship in Your Cybersecurity Career with Daniel EhrenreichDerek Harp is delighted to have long-time expert thought leader, Daniel Ehrenreich, join him today for another episode in the series of interviews with control system-related cybersecurity leaders.

  Daniel is from Secure Communications and Control Experts. He is an established industry contributor, educator, teacher, and speaker, known to be detail-oriented with some strongly-held opinions. He is an experienced world traveler who has lived in various parts of the world. He is also a writer, safety advocate, father, and grandfather 

  In this episode of the (CS)²AI Podcast, Daniel shares his backstory and discusses his education, career journey, and years of experience in the industry. 

  You will gain a lot from this episode if you are you are considering an occupation in the cybersecurity space. Stay tuned to get Dan’s advice and learn from his many years of experience in the field.

  Show highlights:

  • In 1983, Daniel was selected by an Israeli component vendor to be a subject matter expert for lithium batteries in the USA.
  • While at university, Daniel earned an income fixing televisions.
  • How SCADA systems got developed by Motorola in Israel in the mid-1980s.
  • Why Daniel believes SCADA security should happen on the level of architecture and not on the PLC component level.
  • Cybersecurity came up for Daniel toward the end of the twenty years he spent with Motorola.
  • Daniel dives into his current areas of focus.
  • Daniel discusses the power of giving and receiving mentorship.
  • Daniel talks about his training classes and explains why he is detail-oriented.
  • Why Daniel believes IT and OT should never converge.
  • Some advice for engineers or others considering joining the cybersecurity industry.
  • The difference between IoT and IIOT.
  • Daniel talks about the ICS Cybersec conference he has coming up in Israel in November.  
  
  ]]>Derek Harp is delighted to have long-time expert thought leader, Daniel Ehrenreich, join him today for another episode in the series of interviews with control system-related cybersecurity leaders.

  Daniel is from Secure Communications and Control Experts. He is an established industry contributor, educator, teacher, and speaker, known to be detail-oriented with some strongly-held opinions. He is an experienced world traveler who has lived in various parts of the world. He is also a writer, safety advocate, father, and grandfather 

  In this episode of the (CS)²AI Podcast, Daniel shares his backstory and discusses his education, career journey, and years of experience in the industry. 

  You will gain a lot from this episode if you are you are considering an occupation in the cybersecurity space. Stay tuned to get Dan’s advice and learn from his many years of experience in the field.

  Show highlights:

  • In 1983, Daniel was selected by an Israeli component vendor to be a subject matter expert for lithium batteries in the USA.
  • While at university, Daniel earned an income fixing televisions.
  • How SCADA systems got developed by Motorola in Israel in the mid-1980s.
  • Why Daniel believes SCADA security should happen on the level of architecture and not on the PLC component level.
  • Cybersecurity came up for Daniel toward the end of the twenty years he spent with Motorola.
  • Daniel dives into his current areas of focus.
  • Daniel discusses the power of giving and receiving mentorship.
  • Daniel talks about his training classes and explains why he is detail-oriented.
  • Why Daniel believes IT and OT should never converge.
  • Some advice for engineers or others considering joining the cybersecurity industry.
  • The difference between IoT and IIOT.
  • Daniel talks about the ICS Cybersec conference he has coming up in Israel in November.  
  
  ]]>1d5f1c7a-e3e5-4cfe-ae84-1510dddaf0a7Tue, 18 Oct 2022 03:00:00 -050053:40falsefull545453: Career Advice for Women Pursuing Cybersecurity PositionsToday’s guest is Danielle Jablanski. Danielle is an OT Cybersecurity Strategist for Nozomi Networks.

  Danielle was born and raised in Upstate New York and moved to Southern Missouri when she was in high school. Since then, she has moved around a lot and lived and worked in many different places. For the first few years of her career, she got deeply involved in philanthropy and academia. She is a self-proclaimed nerd, researcher, volunteer, vagabond, idea lady, community builder, outdoor enthusiast, and big-time dog mom! 

  In this episode of the (CS)²AI Podcast, Danielle discusses her personal and professional journeys and experience and offers excellent advice for women considering a career in the cybersecurity or OT space.

  You will not want to miss this show, particularly if you are a woman thinking of starting a career or shifting into technology, cybersecurity, or control systems! Stay tuned for more!

  Show highlights:

  • Studying genocide in Rwanda sparked Danielle’s interest in international relations. She explains how that led her to the cybersecurity space.
  • Danielle talks about how she was poached out of grad school for her first job.
  • How national security and cybersecurity intersected with her career path.
  • Danielle explains why she got poached for a second time, to go to Stanford University. 
  • Why she chose to pivot to energy before becoming a general OT cybersecurity strategist
  • Danielle goes into where the cybersecurity industry is today.
  • Where will the industry be twenty years from now?
  • What prompted her to get into cybersecurity?
  • What she focuses on, as a non-resident fellow at the Atlantic Council.
  • Danielle talks about mentorship and discusses her experience as a female expert in the industry.  
  • Some gold nuggets of advice for women in the early stage of their careers.
  • The benefits of focusing on your strengths.
  
  

  Links and resources:

  (CS)²AI

  Nozomi Networks

  Books mentioned:

  
  

  The Cuckoo’s Egg by Cliff Stoll

  ]]>Today’s guest is Danielle Jablanski. Danielle is an OT Cybersecurity Strategist for Nozomi Networks.

  Danielle was born and raised in Upstate New York and moved to Southern Missouri when she was in high school. Since then, she has moved around a lot and lived and worked in many different places. For the first few years of her career, she got deeply involved in philanthropy and academia. She is a self-proclaimed nerd, researcher, volunteer, vagabond, idea lady, community builder, outdoor enthusiast, and big-time dog mom! 

  In this episode of the (CS)²AI Podcast, Danielle discusses her personal and professional journeys and experience and offers excellent advice for women considering a career in the cybersecurity or OT space.

  You will not want to miss this show, particularly if you are a woman thinking of starting a career or shifting into technology, cybersecurity, or control systems! Stay tuned for more!

  Show highlights:

  • Studying genocide in Rwanda sparked Danielle’s interest in international relations. She explains how that led her to the cybersecurity space.
  • Danielle talks about how she was poached out of grad school for her first job.
  • How national security and cybersecurity intersected with her career path.
  • Danielle explains why she got poached for a second time, to go to Stanford University. 
  • Why she chose to pivot to energy before becoming a general OT cybersecurity strategist
  • Danielle goes into where the cybersecurity industry is today.
  • Where will the industry be twenty years from now?
  • What prompted her to get into cybersecurity?
  • What she focuses on, as a non-resident fellow at the Atlantic Council.
  • Danielle talks about mentorship and discusses her experience as a female expert in the industry.  
  • Some gold nuggets of advice for women in the early stage of their careers.
  • The benefits of focusing on your strengths.
  
  

  Links and resources:

  (CS)²AI

  Nozomi Networks

  Books mentioned:

  
  

  The Cuckoo’s Egg by Cliff Stoll

  ]]>c7d6591e-5f8b-4899-9237-95446e088ef6Tue, 11 Oct 2022 03:00:00 -050045:48falsefull535352: Cybersecurity Careers, Educational Requirements and Resume Advice with Ron BrashToday, Ron Brash joins Derek Harp for another great episode in the series on security leaders! Ron is the VP of Technical Research and Integrations at aDolus Technology. 

  Ron Brash is a household name when it comes to ICS/OT cybersecurity and embedded vulnerability research. He was instrumental in creating the datasets for the S4 ICS Detection Challenges, received the Top 40 under 40 award for Engineering Leaders 2020 from Plant Engineering, was an embedded developer at Tofino Security, advised several large asset owners in a variety of industries for OT security, and brought several products to market, including consumer neuroscience devices and several industrial networking appliances.

  Ron grew up in a rainforest on Vancouver Island, on the west coast of Canada. He is a problem-solver, a wake-boarder, a mini-Chihuahua-owner, a do-it-yourselfer, a geek, a sharer of information, and an all-around adventurous guy with water sports. 

  In this episode of the (CS)²AI Podcast, he shares his backstory, discusses his career path, and talks about what he is doing in the industry. He also offers some nuggets of advice around sequential education and degrees, sound resume advice, and some great career tips. 

  You will not want to miss this episode if you are considering starting a career in cybersecurity or breaking into that industry and want to know the best way to approach your education. Stay tuned for more!

  Show highlights:

  • Ron talks about where he comes from and shares his backstory. 
  • What he learned from his first paid job, working in a pizza shop.
  • Ron’s parents had computers for their business, so that was where his first intersection with technology happened. 
  • He got into technology because he joined a tech program at his local university that put gifted high school students into certificate and diploma programs for free.
  • Ron knew he had to protect himself by planning and starting to save early on.
  • Ron’s ICS career started after a chance encounter with Eric Byres, one of the grandfathers of cybersecurity.
  • It is important to separate your personal life from your professional life.
  • Ron shares how he approached his education. 
  • A resume tip to better your chances in interviews, and some great career tips. 
  • Ron discusses the best way to approach university education and explains what your job is when you do a master’s degree.
  • What he gained from getting his master’s degree.
  • Some advice for people considering sequential education and degrees to further their careers.
  • The benefits of doing a SWOT analysis before embarking on a specific career path.
  • Ron dives into giving and receiving mentorship.
  • Some advice for anyone doing a startup.
  • How to set yourself up for a successful future.
  
  ]]>Today, Ron Brash joins Derek Harp for another great episode in the series on security leaders! Ron is the VP of Technical Research and Integrations at aDolus Technology. 

  Ron Brash is a household name when it comes to ICS/OT cybersecurity and embedded vulnerability research. He was instrumental in creating the datasets for the S4 ICS Detection Challenges, received the Top 40 under 40 award for Engineering Leaders 2020 from Plant Engineering, was an embedded developer at Tofino Security, advised several large asset owners in a variety of industries for OT security, and brought several products to market, including consumer neuroscience devices and several industrial networking appliances.

  Ron grew up in a rainforest on Vancouver Island, on the west coast of Canada. He is a problem-solver, a wake-boarder, a mini-Chihuahua-owner, a do-it-yourselfer, a geek, a sharer of information, and an all-around adventurous guy with water sports. 

  In this episode of the (CS)²AI Podcast, he shares his backstory, discusses his career path, and talks about what he is doing in the industry. He also offers some nuggets of advice around sequential education and degrees, sound resume advice, and some great career tips. 

  You will not want to miss this episode if you are considering starting a career in cybersecurity or breaking into that industry and want to know the best way to approach your education. Stay tuned for more!

  Show highlights:

  • Ron talks about where he comes from and shares his backstory. 
  • What he learned from his first paid job, working in a pizza shop.
  • Ron’s parents had computers for their business, so that was where his first intersection with technology happened. 
  • He got into technology because he joined a tech program at his local university that put gifted high school students into certificate and diploma programs for free.
  • Ron knew he had to protect himself by planning and starting to save early on.
  • Ron’s ICS career started after a chance encounter with Eric Byres, one of the grandfathers of cybersecurity.
  • It is important to separate your personal life from your professional life.
  • Ron shares how he approached his education. 
  • A resume tip to better your chances in interviews, and some great career tips. 
  • Ron discusses the best way to approach university education and explains what your job is when you do a master’s degree.
  • What he gained from getting his master’s degree.
  • Some advice for people considering sequential education and degrees to further their careers.
  • The benefits of doing a SWOT analysis before embarking on a specific career path.
  • Ron dives into giving and receiving mentorship.
  • Some advice for anyone doing a startup.
  • How to set yourself up for a successful future.
  
  ]]>846e4de8-edd4-4d9a-aa6e-d651d1695219Tue, 04 Oct 2022 03:00:00 -050059:04falsefull525251: Learning the Discipline of Cybersecurity with Steve MustardDerek Harp is happy to have Steve Mustard, President, and CEO of National Automation Inc., joining him on the show today! Steve has been a long-term contributor to the control systems cybersecurity space. 

  Steve Mustard is a Licensed Professional Engineer (Texas, Kansas) and UK Chartered Engineer with technical development and management experience in process automation and business process re-engineering across multiple sectors. He is also a volunteer and past president of the International Society of Automation (ISA), a home brewer, cyclist, guitarist, triathlete, husband, and father.

  Steve grew up in Sunderland, an industrial region famous for coal mining and shipbuilding in the North East of England. Joseph Swan, the inventor of the incandescent light bulb, also came from Sunderland, and Lewis Carroll based much of the Alice in Wonderland story on the times he spent there.

  In this episode of the (CS)²AI Podcast, Steve shares his backstory, discusses his education, gets into his career trajectory, and offers nuggets of career advice.

  You will gain a lot from this show if you are thinking about making a career in cybersecurity or considering moving from a different field into the security space. Stay tuned for more!

  Show highlights:

  • How and where Steve’s interest in technology, cybersecurity, and control systems engineering disciplines originated.
  • The event in 1999 that led to Steve’s first intersection with cybersecurity.
  • How the National Infrastructure Security Coordination Center (NICC), now called the Center for the Protection of National Infrastructure (CPNI), began in the UK.
  • Steve discusses the different areas he gets involved with.
  • Why he does not like the idea of cybersecurity always being its own discipline, separate from everything else.
  • Steve shares his concerns about digital transformation. 
  • You don’t have to conform when selecting a career path. Rather think about what motivates you and what you enjoy doing, and forge your own direction. 
  • Steve dives into his volunteer positions with IET and ISA.
  • People should be qualified to work in the cybersecurity or automation space. You can take courses and become certified through ISA.
  • There are many advantages to informing your career path with knowledge of safety and cybersecurity.
  • Steve offers career advice and tips for engineers looking for some additional knowledge.
  • Steve shares his concerns for the future of cybersecurity.
  
  

  Links and resources:

  (CS)²AI

  National Automation Inc.

  Steve Mustard on LinkedIn

  Books mentioned:

  Alice in Sunderland by Bryan Talbot

  • 
    
  
  ]]>Derek Harp is happy to have Steve Mustard, President, and CEO of National Automation Inc., joining him on the show today! Steve has been a long-term contributor to the control systems cybersecurity space. 

  Steve Mustard is a Licensed Professional Engineer (Texas, Kansas) and UK Chartered Engineer with technical development and management experience in process automation and business process re-engineering across multiple sectors. He is also a volunteer and past president of the International Society of Automation (ISA), a home brewer, cyclist, guitarist, triathlete, husband, and father.

  Steve grew up in Sunderland, an industrial region famous for coal mining and shipbuilding in the North East of England. Joseph Swan, the inventor of the incandescent light bulb, also came from Sunderland, and Lewis Carroll based much of the Alice in Wonderland story on the times he spent there.

  In this episode of the (CS)²AI Podcast, Steve shares his backstory, discusses his education, gets into his career trajectory, and offers nuggets of career advice.

  You will gain a lot from this show if you are thinking about making a career in cybersecurity or considering moving from a different field into the security space. Stay tuned for more!

  Show highlights:

  • How and where Steve’s interest in technology, cybersecurity, and control systems engineering disciplines originated.
  • The event in 1999 that led to Steve’s first intersection with cybersecurity.
  • How the National Infrastructure Security Coordination Center (NICC), now called the Center for the Protection of National Infrastructure (CPNI), began in the UK.
  • Steve discusses the different areas he gets involved with.
  • Why he does not like the idea of cybersecurity always being its own discipline, separate from everything else.
  • Steve shares his concerns about digital transformation. 
  • You don’t have to conform when selecting a career path. Rather think about what motivates you and what you enjoy doing, and forge your own direction. 
  • Steve dives into his volunteer positions with IET and ISA.
  • People should be qualified to work in the cybersecurity or automation space. You can take courses and become certified through ISA.
  • There are many advantages to informing your career path with knowledge of safety and cybersecurity.
  • Steve offers career advice and tips for engineers looking for some additional knowledge.
  • Steve shares his concerns for the future of cybersecurity.
  
  

  Links and resources:

  (CS)²AI

  National Automation Inc.

  Steve Mustard on LinkedIn

  Books mentioned:

  Alice in Sunderland by Bryan Talbot

  • 
    
  
  ]]>c79fb3d0-b082-4848-bb0b-bb173c18116eTue, 27 Sep 2022 03:00:00 -050055:04falsefull515150: Solution Spotlight: Waterfall SecurityWe are excited to introduce The Solutions Spotlight, our new format for the (CS)²AI Podcast! 

  Today’s guests, Lior Frenkel and Andrew Ginter have both been on the show before to share their biographies and personal journeys in our series of interviews with various leaders across the industry in cybersecurity for control systems. Lior is the Co-founder of Waterfall Security, and Andrew is Waterfall’s VP of Industrial Security. 

  Lior and Andrew are long-time industry supporters and supporters of (CS)²AI. They join us today for today’s episode of The Solutions Spotlight to talk about Waterfall Security, what it does, and how the company got to where it is today.

  Stay tuned to hear what Lior and Andrew have to say about how Waterfall originated and what they do!

  Show highlights:

  • Why they do not like to use the term segmentation at Waterfall and prefer to think of it as safe connectivity.
  • How Waterfall provides all the benefits of connectivity without the risks. 
  • How ransomware has changed the market.
  • What data diodes are, what they get used for, and how they differ from unidirectional gateways. 
  • How Waterfall’s unidirectional security gateway connects and protects industrial and corporate networks.
  • How does Waterfall’s unidirectional security gateway work?
  • Where Waterfall’s technology gets applied today.
  • Lior shares Waterfall’s origin story. 
  • Lior expected the industry to be more advanced than it is currently
  • What excites Lior for the future?
  • The changes Andrew foresees for the future.
  
  ]]>We are excited to introduce The Solutions Spotlight, our new format for the (CS)²AI Podcast! 

  Today’s guests, Lior Frenkel and Andrew Ginter have both been on the show before to share their biographies and personal journeys in our series of interviews with various leaders across the industry in cybersecurity for control systems. Lior is the Co-founder of Waterfall Security, and Andrew is Waterfall’s VP of Industrial Security. 

  Lior and Andrew are long-time industry supporters and supporters of (CS)²AI. They join us today for today’s episode of The Solutions Spotlight to talk about Waterfall Security, what it does, and how the company got to where it is today.

  Stay tuned to hear what Lior and Andrew have to say about how Waterfall originated and what they do!

  Show highlights:

  • Why they do not like to use the term segmentation at Waterfall and prefer to think of it as safe connectivity.
  • How Waterfall provides all the benefits of connectivity without the risks. 
  • How ransomware has changed the market.
  • What data diodes are, what they get used for, and how they differ from unidirectional gateways. 
  • How Waterfall’s unidirectional security gateway connects and protects industrial and corporate networks.
  • How does Waterfall’s unidirectional security gateway work?
  • Where Waterfall’s technology gets applied today.
  • Lior shares Waterfall’s origin story. 
  • Lior expected the industry to be more advanced than it is currently
  • What excites Lior for the future?
  • The changes Andrew foresees for the future.
  
  ]]>b38cbde3-8a25-4db7-a77b-0ad1e8fa4f31Tue, 20 Sep 2022 03:00:00 -050034:21falsefull505049: Position Yourself to Win from the Cyber Security Job Explosion with David HatchellToday, Derek Harp is excited to have David Hatchell, the Founder, and Principal of Industrial Cyber Secure, joining him for another episode in the interview series on security leaders. David will soon announce his CEO-ship of a new company dedicated to cybersecurity for the OT space. 

  David is recognized as one of the top leaders in the field of ICS/(IoT cybersecurity, leading multiple efforts over the past 10 years to develop new businesses in this emerging cybersecurity field. Leveraging a proven formula of partnerships, positioning, and product around vertical execution, he has worked in multiple roles in strategy development, product development, G2M development, and leading acquisition and integration efforts.

  David comes from a small town in east Texas known for football, pub links, and good barbecue. He is a leader in the industry, a father, a singer, a frustrated runner, and a chef. 

  In this episode of the (CS)²AI Podcast, he talks to Derek about his background, discusses how he got to where he is today and shares his experience. He also gets into the various decisions he made along the way and offers valuable nuggets of advice.

  There is an explosion in the cybersecurity industry right now! This show is a must for you if are considering a career in that space. Stay tuned for more!

  Show highlights:

  • David shares his backstory and talks about his first introduction to work.
  • How the music industry featured and got him into the computer business. 
  • David got to sell the first MP3 player that ever existed.
  • How his journey into the world of cybersecurity began and progressed.
  • How David learned about resiliency and safety.
  • Some advice for listeners from an IT background who would like to get into that area of cybersecurity.
  • How cross-discipline empathy can broaden your career perspective.
  • What did David learn from his tenure at Belden?
  • Why now is a great time to get into cybersecurity, regardless of your background.
  • The role mentorship has played in David’s career.
  
  

  
  

  Links and resources:

  (CS)²AI

  David Hatchell on LinkedIn

  ]]>Today, Derek Harp is excited to have David Hatchell, the Founder, and Principal of Industrial Cyber Secure, joining him for another episode in the interview series on security leaders. David will soon announce his CEO-ship of a new company dedicated to cybersecurity for the OT space. 

  David is recognized as one of the top leaders in the field of ICS/(IoT cybersecurity, leading multiple efforts over the past 10 years to develop new businesses in this emerging cybersecurity field. Leveraging a proven formula of partnerships, positioning, and product around vertical execution, he has worked in multiple roles in strategy development, product development, G2M development, and leading acquisition and integration efforts.

  David comes from a small town in east Texas known for football, pub links, and good barbecue. He is a leader in the industry, a father, a singer, a frustrated runner, and a chef. 

  In this episode of the (CS)²AI Podcast, he talks to Derek about his background, discusses how he got to where he is today and shares his experience. He also gets into the various decisions he made along the way and offers valuable nuggets of advice.

  There is an explosion in the cybersecurity industry right now! This show is a must for you if are considering a career in that space. Stay tuned for more!

  Show highlights:

  • David shares his backstory and talks about his first introduction to work.
  • How the music industry featured and got him into the computer business. 
  • David got to sell the first MP3 player that ever existed.
  • How his journey into the world of cybersecurity began and progressed.
  • How David learned about resiliency and safety.
  • Some advice for listeners from an IT background who would like to get into that area of cybersecurity.
  • How cross-discipline empathy can broaden your career perspective.
  • What did David learn from his tenure at Belden?
  • Why now is a great time to get into cybersecurity, regardless of your background.
  • The role mentorship has played in David’s career.
  
  

  
  

  Links and resources:

  (CS)²AI

  David Hatchell on LinkedIn

  ]]>b88bd227-c205-4d32-ba7c-ccd2c548fd79Tue, 13 Sep 2022 03:00:00 -050048:08falsefull494948: Engineering: The Perfect Transition to Cybersecurity with David BrearleyDerek Harp is excited to have David Brearley joining him today! David is currently the Operational Technology Cybersecurity Director at HDR.

  David Brearley (GICSP, PMP) is a senior professional associate and the operational technology cybersecurity director at HDR in Charlotte, North Carolina. David has nearly 20 years of international experience providing IT and OT (operational technologies/industrial controls) solutions, services, and consulting. In providing hands-on configuration, assessment, design, and consulting services, his experience covers the comprehensive control system life cycle. David is motivated by helping improve the security awareness and risk posture for HDR’s cross-sector clients.

  David grew up in New Jersey, just off Long Beach Island, and went to school in South Carolina. He is a husband, sailor, chef, outdoorsman, programmer, controls, and cybersecurity enthusiast. 

  In this episode of the (CS)²AI Podcast, he talks to Derek about his professional journey, how his career has evolved, and his current role at HDR. He also offers some nuggets of advice for anyone considering a career in cybersecurity.  

  You are sure to gain a lot from this episode if you want to get into the cybersecurity space or are an engineer who would like to augment what you do. Stay tuned for more!

  Show highlights:

  • David shares his modern-day superhero backstory.
  • He started looking at computer engineering after getting into programming in high school.
  • David discusses his experience as an intern with GE and talks about the benefits of doing an internship.
  • GE went through several transitions and eventually returned to being a privately-held company. 
  • David talks about an opportunity that let him learn a lot more about networks and programming in an industrial environment.
  • He discusses the breadth of environments he has worked in his career.
  • How did David end up in his current role?
  • Where did cybersecurity first intersect with his career?
  • A book David recommends for getting one’s mindset geared for the cybersecurity space. 
  • David discusses the mentorship and cybersecurity training programs he is involved in, both within and outside of HDR.
  • David describes how they are building a cybersecurity culture at HDR.
  • The benefits of having experience across diverse platforms.
  • What you should study to be on the cutting edge in the future.
  
  

  
  

  
  

  ]]>Derek Harp is excited to have David Brearley joining him today! David is currently the Operational Technology Cybersecurity Director at HDR.

  David Brearley (GICSP, PMP) is a senior professional associate and the operational technology cybersecurity director at HDR in Charlotte, North Carolina. David has nearly 20 years of international experience providing IT and OT (operational technologies/industrial controls) solutions, services, and consulting. In providing hands-on configuration, assessment, design, and consulting services, his experience covers the comprehensive control system life cycle. David is motivated by helping improve the security awareness and risk posture for HDR’s cross-sector clients.

  David grew up in New Jersey, just off Long Beach Island, and went to school in South Carolina. He is a husband, sailor, chef, outdoorsman, programmer, controls, and cybersecurity enthusiast. 

  In this episode of the (CS)²AI Podcast, he talks to Derek about his professional journey, how his career has evolved, and his current role at HDR. He also offers some nuggets of advice for anyone considering a career in cybersecurity.  

  You are sure to gain a lot from this episode if you want to get into the cybersecurity space or are an engineer who would like to augment what you do. Stay tuned for more!

  Show highlights:

  • David shares his modern-day superhero backstory.
  • He started looking at computer engineering after getting into programming in high school.
  • David discusses his experience as an intern with GE and talks about the benefits of doing an internship.
  • GE went through several transitions and eventually returned to being a privately-held company. 
  • David talks about an opportunity that let him learn a lot more about networks and programming in an industrial environment.
  • He discusses the breadth of environments he has worked in his career.
  • How did David end up in his current role?
  • Where did cybersecurity first intersect with his career?
  • A book David recommends for getting one’s mindset geared for the cybersecurity space. 
  • David discusses the mentorship and cybersecurity training programs he is involved in, both within and outside of HDR.
  • David describes how they are building a cybersecurity culture at HDR.
  • The benefits of having experience across diverse platforms.
  • What you should study to be on the cutting edge in the future.
  
  

  
  

  
  

  ]]>dd42fe04-feeb-40a9-a669-5ab93df6a3f4Tue, 06 Sep 2022 03:00:00 -050039:21falsefull484847: From Academia to CyberSecurity Executive with Ron IndeckWe have another interesting episode in our series of interviews with cybersecurity leaders and practitioners in the industrial controls systems or operating technology space.

  Derek Harp is excited to have Ron Indeck, the CEO of Q-Net Security, and a Director, Founder, and Technology Advisor to Exegy and VelociData joining him on the show. 

  Ron grew up in Minneapolis, Minnesota, and got his degrees from the University of Minnesota. He is an inventor (he holds more than 100 patents), a distinguished professor at Washington University, a fellow at IEEE and several other professional organizations, an expert in all things magnetic, a serial entrepreneur, a scuba diver, and a father. 

  In this episode of the (CS)²AI Podcast, Ron discusses his career journey and shares his unique perspective on cybersecurity. He also offers some gold nuggets of career advice and gives insight into upcoming trends in the cybersecurity space.

  You won’t want to miss this episode if you are looking for career inspiration or are interested in moving from the academic space into the world of cybersecurity. Stay tuned for more!

  Show highlights:

  • Ron discusses his career path and his motivation for becoming an entrepreneur.
  • Ron’s approach to his work at Washington University.
  • Why did he transition across various engineering disciplines before ending up in research and patents?
  • Ron’s introduction to security came early on in his career while working with people from the FBI.
  • How security for industrial control systems evolved throughout Ron’s career.
  • How Ron built his patent portfolio.
  • Ron’s approach to solving the generational cybersecurity problem.
  • What made Ron decide to leave his successful academic career to become an entrepreneur?
  • Exciting and rewarding possibilities exist for academics in the industrial technology space.
  • How can you get into tech transfer?
  • Ron talks about his work at the Airforce Research Laboratory.
  • How to recognize an opportunity.
  • Teamwork and cooperation are vital for success.
  • Ron defines the term hardsec and compares it with a software approach to security solutions for the future.
  • Why does Ron believe that cybersecurity is an issue of human rights?
  • You can create exciting and rewarding career opportunities in cybersecurity.
  
  

  Bio:

  Ronald S. Indeck, Ph.D., received degrees from the University of Minnesota. He is CEO of Q-Net Security and a Director, Founder, and Technology Advisor to Exegy and VelociData. 

  He was a National Science Foundation Research Fellow at Tohoku University in Sendai, Japan. From 1988 to 2009 he was in the Department of Electrical Engineering at Washington University where he was the Das Family Distinguished Professor and Director of the Center for Security Technologies.

  He has published more than 60 peer-reviewed technical papers and been awarded more than a hundred patents including MagnePrint. He has received many awards including the NSF Presidential Young Investigator Award from President Bush, the Missouri Bar Association Inventor of the Year, the IBM Faculty Development Award, the Washington University Distinguished Faculty Award, and the IEEE Centennial Key to the Future Award, and the IEEE Young Professional Award. 

  He is a Fellow of the IEEE, a member of the American Physical Society, and many other professional organizations. He has served on many local committees and group activities, was on the board of the FBI InfraGard, chaired sessions, and served at several international conferences including General Chairman for International Magnetics Conference, was an editor for the IEEE Transactions on Magnetics, President of the IEEE Magnetics Society, and IEEE Magnetics Society Distinguished Lecturer. 

  Specialties: Indeck is experienced...]]>We have another interesting episode in our series of interviews with cybersecurity leaders and practitioners in the industrial controls systems or operating technology space.

  Derek Harp is excited to have Ron Indeck, the CEO of Q-Net Security, and a Director, Founder, and Technology Advisor to Exegy and VelociData joining him on the show. 

  Ron grew up in Minneapolis, Minnesota, and got his degrees from the University of Minnesota. He is an inventor (he holds more than 100 patents), a distinguished professor at Washington University, a fellow at IEEE and several other professional organizations, an expert in all things magnetic, a serial entrepreneur, a scuba diver, and a father. 

  In this episode of the (CS)²AI Podcast, Ron discusses his career journey and shares his unique perspective on cybersecurity. He also offers some gold nuggets of career advice and gives insight into upcoming trends in the cybersecurity space.

  You won’t want to miss this episode if you are looking for career inspiration or are interested in moving from the academic space into the world of cybersecurity. Stay tuned for more!

  Show highlights:

  • Ron discusses his career path and his motivation for becoming an entrepreneur.
  • Ron’s approach to his work at Washington University.
  • Why did he transition across various engineering disciplines before ending up in research and patents?
  • Ron’s introduction to security came early on in his career while working with people from the FBI.
  • How security for industrial control systems evolved throughout Ron’s career.
  • How Ron built his patent portfolio.
  • Ron’s approach to solving the generational cybersecurity problem.
  • What made Ron decide to leave his successful academic career to become an entrepreneur?
  • Exciting and rewarding possibilities exist for academics in the industrial technology space.
  • How can you get into tech transfer?
  • Ron talks about his work at the Airforce Research Laboratory.
  • How to recognize an opportunity.
  • Teamwork and cooperation are vital for success.
  • Ron defines the term hardsec and compares it with a software approach to security solutions for the future.
  • Why does Ron believe that cybersecurity is an issue of human rights?
  • You can create exciting and rewarding career opportunities in cybersecurity.
  
  

  Bio:

  Ronald S. Indeck, Ph.D., received degrees from the University of Minnesota. He is CEO of Q-Net Security and a Director, Founder, and Technology Advisor to Exegy and VelociData. 

  He was a National Science Foundation Research Fellow at Tohoku University in Sendai, Japan. From 1988 to 2009 he was in the Department of Electrical Engineering at Washington University where he was the Das Family Distinguished Professor and Director of the Center for Security Technologies.

  He has published more than 60 peer-reviewed technical papers and been awarded more than a hundred patents including MagnePrint. He has received many awards including the NSF Presidential Young Investigator Award from President Bush, the Missouri Bar Association Inventor of the Year, the IBM Faculty Development Award, the Washington University Distinguished Faculty Award, and the IEEE Centennial Key to the Future Award, and the IEEE Young Professional Award. 

  He is a Fellow of the IEEE, a member of the American Physical Society, and many other professional organizations. He has served on many local committees and group activities, was on the board of the FBI InfraGard, chaired sessions, and served at several international conferences including General Chairman for International Magnetics Conference, was an editor for the IEEE Transactions on Magnetics, President of the IEEE Magnetics Society, and IEEE Magnetics Society Distinguished Lecturer. 

  Specialties: Indeck is experienced in cybersecurity, heterogeneous computing, data mining in massive databases, magnetic measurements and modeling, physical security and authentication, recording physics, and magnetic devices.

  ]]>f18dbc85-3a9c-4724-8247-a60a1026c227Tue, 23 Aug 2022 03:00:00 -050046:06falsefull474746: From Electrical Engineer to Cybersecurity Executive with Rob GarryDerek Harp is excited to have Rob Garry joining him on the show today! Rob is currently the Executive Chief Engineer and VP of Product Security at GE Power. 

  Rob is an experienced Chief Executive with a demonstrated history of working in the oil & energy industry. He is skilled in Power Plants, Root Cause Analysis, Power Systems, Renewable Energy, and Engineering. He is a strong finance professional with a BS focused in Electrical Engineering from Union College.

  As well as being an engineer, Rob is also a father, husband, avid cyclist, master ski-racer, handy-around-the-house person, and an enthusiast in many different areas! In this episode of the (CS)²AI Podcast, he offers advice for people looking to enter the cybersecurity space and talks about his shift from control systems to cybersecurity, good leadership, inter-disciplinary team management, and why his job resonates so well with him.

  Rob is passionate about discussing controls, how cyber plays into it, and the emerging role in the industry. You won’t want to miss this episode if you want to know more about cybersecurity from the perspective of a chief engineer. Stay tuned for more!

  Show highlights:

  • Growing up, Rob was always working on things and fixing farm equipment.
  • As an engineer, Rob opted to go the electrical route. Throughout his career, he has developed and worked on control systems for heavy-duty gas, steam, and wind turbines for power generation. 
  • How did cybersecurity intersect with Rob’s career?
  • Rob describes the work he did with networks in the years before anyone was speaking about security. 
  • A lesson he learned from cybersecurity helped him where he is in his career today.
  • Why is risk in a power plant not binary?
  • Knowing how to describe risk in a way that layers into the equation has helped Rob in his current role more than his networking background.
  • Rob explains how a mature leader in his field enters discussions and makes judgment calls.
  • How does cybersecurity intersect with the monitoring and diagnostics of heavy industrial equipment? 
  • The importance of inter-disciplinary team building and team management.
  • Rob talks about the career challenges people with technical minds sometimes face. 
  • Rob’s approach to giving and getting mentorship. 
  • Rob describes the best way to pass a chief engineer review.
  • Which area should you focus on learning that would make you invaluable as an employee in the next few years?
  
  

  Links:

  (CS)²AI

  Rob Garry on LinkedIn

  GE Power

  ]]>Derek Harp is excited to have Rob Garry joining him on the show today! Rob is currently the Executive Chief Engineer and VP of Product Security at GE Power. 

  Rob is an experienced Chief Executive with a demonstrated history of working in the oil & energy industry. He is skilled in Power Plants, Root Cause Analysis, Power Systems, Renewable Energy, and Engineering. He is a strong finance professional with a BS focused in Electrical Engineering from Union College.

  As well as being an engineer, Rob is also a father, husband, avid cyclist, master ski-racer, handy-around-the-house person, and an enthusiast in many different areas! In this episode of the (CS)²AI Podcast, he offers advice for people looking to enter the cybersecurity space and talks about his shift from control systems to cybersecurity, good leadership, inter-disciplinary team management, and why his job resonates so well with him.

  Rob is passionate about discussing controls, how cyber plays into it, and the emerging role in the industry. You won’t want to miss this episode if you want to know more about cybersecurity from the perspective of a chief engineer. Stay tuned for more!

  Show highlights:

  • Growing up, Rob was always working on things and fixing farm equipment.
  • As an engineer, Rob opted to go the electrical route. Throughout his career, he has developed and worked on control systems for heavy-duty gas, steam, and wind turbines for power generation. 
  • How did cybersecurity intersect with Rob’s career?
  • Rob describes the work he did with networks in the years before anyone was speaking about security. 
  • A lesson he learned from cybersecurity helped him where he is in his career today.
  • Why is risk in a power plant not binary?
  • Knowing how to describe risk in a way that layers into the equation has helped Rob in his current role more than his networking background.
  • Rob explains how a mature leader in his field enters discussions and makes judgment calls.
  • How does cybersecurity intersect with the monitoring and diagnostics of heavy industrial equipment? 
  • The importance of inter-disciplinary team building and team management.
  • Rob talks about the career challenges people with technical minds sometimes face. 
  • Rob’s approach to giving and getting mentorship. 
  • Rob describes the best way to pass a chief engineer review.
  • Which area should you focus on learning that would make you invaluable as an employee in the next few years?
  
  

  Links:

  (CS)²AI

  Rob Garry on LinkedIn

  GE Power

  ]]>5c9e63db-cbb8-4641-b42a-adfb83d3504fTue, 16 Aug 2022 03:00:00 -050040:29falsefull464645: Changing Careers to the Cybersecurity Field with Ted GreeneDerek Harp is happy to have Ted Greene, the Chief Operating Officer at Network Perception, join him today! 

  Ted is a Visionary Leader with a strong customer focus. He has a proven record of creating high revenue growth businesses that create shareholder value through new product introduction, identifying new market opportunities, leveraging opportunities with existing customers, solution-oriented sales, acquisition, and strong relationship development.

  Ted is an entrepreneur. He is also a husband, father of three, thinker, strategist, and workaholic. 

  In this episode of the (CS)²AI Podcast, he talks about his background, career journey, and various entrepreneurial ventures. 

  This episode will interest you if you are a leader in another industry and thinking of entering the field of cybersecurity. Stay tuned for more!

  Show highlights:

  • When he was twelve years old, Ted got a job as a paper boy. He has been working ever since then. (3:37)
  • Ted explains why he went into banking and talks about the different banks where he has worked. (5:38)
  • He explains why he quit his job to start his first business with a friend who was an early technologist. (7:32)
  • They became one of the first internet technology companies in the Midwest in 1994. (9:28)
  • Why will people entering the ICS space have decades of job security in that space? (13:58)
  • At this point, people in our country expect the critical infrastructure to be there and work. So it’s often hard to get their attention around that. (17:21)
  • Ted talks about his experience of co-founding several different companies. (21:09)
  • How Ted’s early experiences led to him starting Network Perception. (25:40)
  • Ted shares the key to being a successful entrepreneur. (27:40)
  • Ted always focuses on staying relevant and strategies for growth in his businesses. (31:41)
  • Ted offers advice for people considering bringing their experience from senior levels in other sectors to the cybersecurity sector. (40:44)
  • There are many exciting opportunities for growth in the cybersecurity space. (46:55)
  
  

  Links:

  (CS)²AI

  Ted Greene on LinkedIn

  Network Perception

  ]]>Derek Harp is happy to have Ted Greene, the Chief Operating Officer at Network Perception, join him today! 

  Ted is a Visionary Leader with a strong customer focus. He has a proven record of creating high revenue growth businesses that create shareholder value through new product introduction, identifying new market opportunities, leveraging opportunities with existing customers, solution-oriented sales, acquisition, and strong relationship development.

  Ted is an entrepreneur. He is also a husband, father of three, thinker, strategist, and workaholic. 

  In this episode of the (CS)²AI Podcast, he talks about his background, career journey, and various entrepreneurial ventures. 

  This episode will interest you if you are a leader in another industry and thinking of entering the field of cybersecurity. Stay tuned for more!

  Show highlights:

  • When he was twelve years old, Ted got a job as a paper boy. He has been working ever since then. (3:37)
  • Ted explains why he went into banking and talks about the different banks where he has worked. (5:38)
  • He explains why he quit his job to start his first business with a friend who was an early technologist. (7:32)
  • They became one of the first internet technology companies in the Midwest in 1994. (9:28)
  • Why will people entering the ICS space have decades of job security in that space? (13:58)
  • At this point, people in our country expect the critical infrastructure to be there and work. So it’s often hard to get their attention around that. (17:21)
  • Ted talks about his experience of co-founding several different companies. (21:09)
  • How Ted’s early experiences led to him starting Network Perception. (25:40)
  • Ted shares the key to being a successful entrepreneur. (27:40)
  • Ted always focuses on staying relevant and strategies for growth in his businesses. (31:41)
  • Ted offers advice for people considering bringing their experience from senior levels in other sectors to the cybersecurity sector. (40:44)
  • There are many exciting opportunities for growth in the cybersecurity space. (46:55)
  
  

  Links:

  (CS)²AI

  Ted Greene on LinkedIn

  Network Perception

  ]]>9dbcaafc-1d96-4496-8f41-ffdbddfca580Tue, 05 Jul 2022 03:00:00 -050054:37falsefull454544: Communications Expertise Can Improve Cyber Security with Brian FosterDerek Harp is happy to have Brian Foster, the GMS Security Lead at Southern California Edison, joining him on the show today! 

  Brian Foster is a highly-skilled former Controls Engineer turned OT Cyber Security expert turned Security Leader. He has multiple degrees in engineering and years of experience in managing and leading within the OT Cyber Security field. 

  Brian is a well-rounded individual! He is a known speaker and contributor in the cybersecurity industry. He is an engineer, controls systems cybersecurity expert, pilot, brewmaster, outdoorsman, hunter, mentor, dog lover, and husband. 

  In this episode of the (CS)²AI Podcast, he talks about his backstory, discusses his career journey, and shares many nuggets of advice from his years of experience in the industry. He also highlights the importance of clear communication.

  You won’t want to miss this episode if you want to learn more about cybersecurity or you’re looking for ways to get a foot in the door of the industry! Stay tuned for more!

  Show highlights:

  • Brian’s journey was not a clean one. It was more a series of good mistakes. (2:14)
  • Brian has had computers and technology around him for as long as he can remember, and he loved playing games when he was growing up! (4:49)
  • He did not intend to go into controls engineering. (8:45)
  • Having an understanding of networking is fundamental for a successful career. (10:42)
  • Brian learned a lot about technology from the mistakes he made. (11:53)
  • Cybersecurity was always in the background, but it became a part of Brian’s life when he got bored with controls. (13:17)
  • One of his first professional forays into cybersecurity happened when he was an expert witness in a court case. (15:04)
  • There is often friction and distrust between OT people and those in IT cybersecurity. Brian shares his thoughts. (18:43)
  • Many people struggle to use spoken language to communicate their ideas to one another articulately. That leads to many challenges. (28:37)
  • Southern California Edison has much more of an eye on security than many other utilities Brian has worked with, either directly or indirectly. (32:23)
  • Brian views cybersecurity systems as no different from safety systems. (37:02)
  • The industry needs more people who know what they are doing. Brian struggles to find them, so he mentors people trying to get a foot in the door and learn about cybersecurity. (39:21)
  • Brian offers tactical advice for people entering the cybersecurity space. (43:34)
  • Brian sees a lot of promise for the future with containerization technology in the OT space. (48:20)
  
  

  
  

  Links:

  (CS)²AI

  Brian Foster on LinkedIn

  
  

  Southern California Edison (SCE)

  ]]>Derek Harp is happy to have Brian Foster, the GMS Security Lead at Southern California Edison, joining him on the show today! 

  Brian Foster is a highly-skilled former Controls Engineer turned OT Cyber Security expert turned Security Leader. He has multiple degrees in engineering and years of experience in managing and leading within the OT Cyber Security field. 

  Brian is a well-rounded individual! He is a known speaker and contributor in the cybersecurity industry. He is an engineer, controls systems cybersecurity expert, pilot, brewmaster, outdoorsman, hunter, mentor, dog lover, and husband. 

  In this episode of the (CS)²AI Podcast, he talks about his backstory, discusses his career journey, and shares many nuggets of advice from his years of experience in the industry. He also highlights the importance of clear communication.

  You won’t want to miss this episode if you want to learn more about cybersecurity or you’re looking for ways to get a foot in the door of the industry! Stay tuned for more!

  Show highlights:

  • Brian’s journey was not a clean one. It was more a series of good mistakes. (2:14)
  • Brian has had computers and technology around him for as long as he can remember, and he loved playing games when he was growing up! (4:49)
  • He did not intend to go into controls engineering. (8:45)
  • Having an understanding of networking is fundamental for a successful career. (10:42)
  • Brian learned a lot about technology from the mistakes he made. (11:53)
  • Cybersecurity was always in the background, but it became a part of Brian’s life when he got bored with controls. (13:17)
  • One of his first professional forays into cybersecurity happened when he was an expert witness in a court case. (15:04)
  • There is often friction and distrust between OT people and those in IT cybersecurity. Brian shares his thoughts. (18:43)
  • Many people struggle to use spoken language to communicate their ideas to one another articulately. That leads to many challenges. (28:37)
  • Southern California Edison has much more of an eye on security than many other utilities Brian has worked with, either directly or indirectly. (32:23)
  • Brian views cybersecurity systems as no different from safety systems. (37:02)
  • The industry needs more people who know what they are doing. Brian struggles to find them, so he mentors people trying to get a foot in the door and learn about cybersecurity. (39:21)
  • Brian offers tactical advice for people entering the cybersecurity space. (43:34)
  • Brian sees a lot of promise for the future with containerization technology in the OT space. (48:20)
  
  

  
  

  Links:

  (CS)²AI

  Brian Foster on LinkedIn

  
  

  Southern California Edison (SCE)

  ]]>f85f067a-1c28-4ff7-ad7b-4d296bef8161Tue, 28 Jun 2022 03:00:00 -050052:05falsefull444443: The Military Pathway to a Cybersecurity Career with Sean McGurkToday, Derek Harp is excited to be talking with Sean McGurk, the Executive Director of Global Cyber Security Operations at Las Vegas Sands Corp. 

  Sean McGurk is a man of many talents! He has walked a long and interesting road with many different stops in the world of cybersecurity! He has served in various roles in the federal government, military, and private sector, focusing on information assurance and cybersecurity. He has more than 40 years of experience in advanced systems operation, cyber threat intelligence, and information systems security.

  Sean was born and raised in the greater Philadelphia area. He is a military veteran, sailor, scuba diver, speaker, brewmaster, cyclist, and author. 

  In this episode of the (CS)²AI Podcast, he shares his modern-day superhero backstory and talks about his career path. He talks about what he learned about cybersecurity in the Navy, his transition from a career in the Navy to the civilian sector, mentorship, team management, and risk-taking.

  You will definitely gain a lot from today’s fascinating conversation with Sean McGurk! Especially if you are new to the cybersecurity field or considering transitioning from the military to a career in cybersecurity. Stay tuned for more!

  Show highlights:

  • Sean’s first computer was a Zilog Z80A. He wanted to learn how to program it so that he could copy games and swap them with his friends. (3:20)
  • In the Navy, Sean was a Fire Control Technician: Ballistic Missile. The technologies associated with operating within that environment jumpstarted his interest in the field of cyber-physical. (6:39)
  • Throughout the inception of power control and nuclear engineering, the focus was primarily on safety. So it was one of the safest industries ever developed. (8:37)
  • The complexities associated with the systems for preparing a missile for launch on a submerged submarine made an impression on Sean about the importance of cybersecurity. (10:33)
  • Sean culminated his Navy career in one of the most senior enlisted positions- working directly for the Master Chief Petty Officer of the Navy. (11:26)
  • Sean talks about his opportunity in the Navy to use technology in a reverse engineering process in the Soviet Union. (12:19)
  • The things Sean considered and did when he transitioned from a career in the Navy to the civilian sector. (14:29)
  • Sean got exposed to control systems cybersecurity after joining the Department of Homeland Security as the Director of Controls Systems Security Program in December of 2007. (16:31)
  • Get out of your comfort zone and learn new ways to translate things and express them without using technical language if you get promoted to leadership management. (18:58)
  • Sean shares some lessons he learned about mentorship. (21:40)
  • What can mentees do to find a mentor in the world of cybersecurity? (23:49)
  • Some advice for managing teams effectively. (26:19)
  • The importance of taking risks. (28:37)
  • Sean talks about the security systems in modern-day casinos. (32:58)
  • About what should new engineers learn more? (38:01)
  
  

  
  

  Links:

  (CS)²AI

  Sean McGurk on Linkedin

  Las Vegas Sands Corp.

  ]]>Today, Derek Harp is excited to be talking with Sean McGurk, the Executive Director of Global Cyber Security Operations at Las Vegas Sands Corp. 

  Sean McGurk is a man of many talents! He has walked a long and interesting road with many different stops in the world of cybersecurity! He has served in various roles in the federal government, military, and private sector, focusing on information assurance and cybersecurity. He has more than 40 years of experience in advanced systems operation, cyber threat intelligence, and information systems security.

  Sean was born and raised in the greater Philadelphia area. He is a military veteran, sailor, scuba diver, speaker, brewmaster, cyclist, and author. 

  In this episode of the (CS)²AI Podcast, he shares his modern-day superhero backstory and talks about his career path. He talks about what he learned about cybersecurity in the Navy, his transition from a career in the Navy to the civilian sector, mentorship, team management, and risk-taking.

  You will definitely gain a lot from today’s fascinating conversation with Sean McGurk! Especially if you are new to the cybersecurity field or considering transitioning from the military to a career in cybersecurity. Stay tuned for more!

  Show highlights:

  • Sean’s first computer was a Zilog Z80A. He wanted to learn how to program it so that he could copy games and swap them with his friends. (3:20)
  • In the Navy, Sean was a Fire Control Technician: Ballistic Missile. The technologies associated with operating within that environment jumpstarted his interest in the field of cyber-physical. (6:39)
  • Throughout the inception of power control and nuclear engineering, the focus was primarily on safety. So it was one of the safest industries ever developed. (8:37)
  • The complexities associated with the systems for preparing a missile for launch on a submerged submarine made an impression on Sean about the importance of cybersecurity. (10:33)
  • Sean culminated his Navy career in one of the most senior enlisted positions- working directly for the Master Chief Petty Officer of the Navy. (11:26)
  • Sean talks about his opportunity in the Navy to use technology in a reverse engineering process in the Soviet Union. (12:19)
  • The things Sean considered and did when he transitioned from a career in the Navy to the civilian sector. (14:29)
  • Sean got exposed to control systems cybersecurity after joining the Department of Homeland Security as the Director of Controls Systems Security Program in December of 2007. (16:31)
  • Get out of your comfort zone and learn new ways to translate things and express them without using technical language if you get promoted to leadership management. (18:58)
  • Sean shares some lessons he learned about mentorship. (21:40)
  • What can mentees do to find a mentor in the world of cybersecurity? (23:49)
  • Some advice for managing teams effectively. (26:19)
  • The importance of taking risks. (28:37)
  • Sean talks about the security systems in modern-day casinos. (32:58)
  • About what should new engineers learn more? (38:01)
  
  

  
  

  Links:

  (CS)²AI

  Sean McGurk on Linkedin

  Las Vegas Sands Corp.

  ]]>8c8bd27f-ff3e-45f0-8b48-ad4608911980Tue, 21 Jun 2022 03:00:00 -050041:04falsefull42: How Skills Outside of the CyberSecurity Space Lay the Groundwork for a Great CyberSecurity Career with Art ConklinDerek Harp is happy to have Art Conklin, another legendary ICS control systems cybersecurity figure joining him on the show today! 

  Art is an experienced Information Systems Security professional. He has a background in software development, systems science, and information security.

   He is qualified with CISSP, GICSP, GRID, GCIP, GCFA, GCIA, GCDA, CSSLP, CRISC, and Security+.

  His specialties include information systems security management, network, and systems security, intrusion detection and intrusion detection monitoring, penetration testing, Incident Response, security policy and procedures, risk/threat assessments, Security training/awareness, user interface design and evaluation, FISMA, Secure code design/software engineering, cyber-physical systems security, and security metrics.

  Art is a hacker at heart. Art was born in St. Louis, Missouri, in 1960. He has been a professor at the University of Houston for many years! He is also a well-known speaker, military veteran, technologist, author, sailor, rocket scientist, father, husband, and grandfather. In this episode of the (CS)²AI Podcast, he talks about his formative years, a life-changing Navy experience, taking advantage of learning situations outside of college, the application of knowledge, the benefits of getting an MBA, and the benefits of on the job training,

  If you want to get into the cybersecurity space, you will not want to miss this episode - even if you have qualifications in a different area. 

  Show highlights:

  • There is a different level of thinking that gets taught and applied today. (5:49)
  • After doing courses at different universities and then starting med school, Art realized it was not where he wanted to go because it was science, not tech, and it was very theory-driven. (8:10)
  • Art wanted a career where he could do stuff, so he was advised to get an MBA from Harvard or join the military to learn how to lead men, manage a budget, and learn the difference between those things. Harvard was out of reach, so he joined the Navy. (9:07)
  • Art talks about the unique military experience that changed his perspective and made him who he is today. (11:05)
  • The cyber-world can benefit from people with no college degree who have problem-solving abilities, communication skills, and the ability to lead. (15:08)
  • Learning is about more than just knowledge because knowledge needs to be applied. (18:38)
  • Art wanted to leave the Navy to join IBM, but the Admiral did not want him to leave and offered him the opportunity to go to Navy Post Graduate School with no payback. So Art spent three years studying space system engineering, got a Ph.D. equivalent, and flew on a spacecraft. (20:40)
  • In some respects, transitioning out of the military is not easy, from a job perspective. (24:01)
  • Art explains why he did another degree after getting his doctorate. (27:44)
  • Art talks about the qualities of his various mentors and the importance of having connections with people with aspects that will broaden you and make you smarter. (29:14)
  • What he has done and is currently doing at the University of Houston. (32:32)
  • If you want to work in cybersecurity and you have a breadth of knowledge and experience, you are likely to succeed in the space. (39:16)
  • If you want to learn more about OT, many resources are available. Use and apply them. You can also email Art for local resources at waconklin@uh.edu. 
  • Most people are willing to share their knowledge and become mentors, so reach out to those you look up to. (44:42)
  • How to invest in yourself. (46:20)
  
  

  Links:

  (CS)²AI

  Derek Harp is happy to have Art Conklin, another legendary ICS control systems cybersecurity figure joining him on the show today! 

  Art is an experienced Information Systems Security professional. He has a background in software development, systems science, and information security.

   He is qualified with CISSP, GICSP, GRID, GCIP, GCFA, GCIA, GCDA, CSSLP, CRISC, and Security+.

  His specialties include information systems security management, network, and systems security, intrusion detection and intrusion detection monitoring, penetration testing, Incident Response, security policy and procedures, risk/threat assessments, Security training/awareness, user interface design and evaluation, FISMA, Secure code design/software engineering, cyber-physical systems security, and security metrics.

  Art is a hacker at heart. Art was born in St. Louis, Missouri, in 1960. He has been a professor at the University of Houston for many years! He is also a well-known speaker, military veteran, technologist, author, sailor, rocket scientist, father, husband, and grandfather. In this episode of the (CS)²AI Podcast, he talks about his formative years, a life-changing Navy experience, taking advantage of learning situations outside of college, the application of knowledge, the benefits of getting an MBA, and the benefits of on the job training,

  If you want to get into the cybersecurity space, you will not want to miss this episode - even if you have qualifications in a different area. 

  Show highlights:

  • There is a different level of thinking that gets taught and applied today. (5:49)
  • After doing courses at different universities and then starting med school, Art realized it was not where he wanted to go because it was science, not tech, and it was very theory-driven. (8:10)
  • Art wanted a career where he could do stuff, so he was advised to get an MBA from Harvard or join the military to learn how to lead men, manage a budget, and learn the difference between those things. Harvard was out of reach, so he joined the Navy. (9:07)
  • Art talks about the unique military experience that changed his perspective and made him who he is today. (11:05)
  • The cyber-world can benefit from people with no college degree who have problem-solving abilities, communication skills, and the ability to lead. (15:08)
  • Learning is about more than just knowledge because knowledge needs to be applied. (18:38)
  • Art wanted to leave the Navy to join IBM, but the Admiral did not want him to leave and offered him the opportunity to go to Navy Post Graduate School with no payback. So Art spent three years studying space system engineering, got a Ph.D. equivalent, and flew on a spacecraft. (20:40)
  • In some respects, transitioning out of the military is not easy, from a job perspective. (24:01)
  • Art explains why he did another degree after getting his doctorate. (27:44)
  • Art talks about the qualities of his various mentors and the importance of having connections with people with aspects that will broaden you and make you smarter. (29:14)
  • What he has done and is currently doing at the University of Houston. (32:32)
  • If you want to work in cybersecurity and you have a breadth of knowledge and experience, you are likely to succeed in the space. (39:16)
  • If you want to learn more about OT, many resources are available. Use and apply them. You can also email Art for local resources at waconklin@uh.edu. 
  • Most people are willing to share their knowledge and become mentors, so reach out to those you look up to. (44:42)
  • How to invest in yourself. (46:20)
  
  

  Links:

  (CS)²AI

  Art Conklin on LinkedIn

  The University of Houston (Search for cybersecurity)

  ]]>b1a68cbf-5a22-4690-aa55-7dd142db4439Tue, 14 Jun 2022 03:00:00 -050048:56falsefull424241: Writing a Book to Leverage Your Expertise and Improve Your Career with Pascal AckermanDerek Harp is happy to welcome Pascal Ackerman as his guest for today’s podcast!

  Pascal is a security professional, focused on industrial control systems and he's currently the Sr Security Consultant for Operational Technology - Threat & Attack Simulation at GuidePoint Security. He has a Master’s of Science degree in Electrical Engineering (MSEE/CE). He has had 18 years of experience in industrial Ethernet design and support, information and network security, risk assessments, pen-testing, forensics, and threat hunting, WAN/LAN/Internet and Wireless Technologies, Windows Environments, Unix, Linux, IIS, and Apache.

  He specialized in the architecture, engineering, and securing of plant-wide Ethernet networks using Purdue-model design strategies, IDS/IPS sensors, network monitoring, Security Information, and Event Management (SIEM) solutions, next-gen firewalls, MS domain services, WSUS servers, MS SQL server clusters, etc.

  Pascal was born and raised in the Netherlands. Right after leaving high school, he was put behind a POC by a company that sent him out across the world installing prototype machinery for filling machines. He is an engineer, programmer, gamer, hacker, traveler, tinkerer, pen-tester, and father. 

  In this episode of the (CS)²AI Podcast, he shares his superhero backstory and discusses his certifications, his education, and his career path. He also offers advice for those who would like to get into the field of cybersecurity and people thinking about writing a book.

  If you are considering a career in cybersecurity or if you are an engineer and want to specialize in cyber security, you will gain a lot from this podcast! Stay tuned for more!

  Show highlights:

  • After leaving college, Pascal stayed with the company where he did his internship. The company got him to set up a software simulation to test their POC programs and later put him on their commissioning team. (6:51)
  • Pascal talks about what he did while working as a controls engineer. (8:08)
  • How Pascal got invited to move to the US to continue with his work. (9:50)
  • Pascal explains how many doors opened for him after presenting his first report in 2005. (12:27)
  • Pascal talks about how security measures first intersected with his work in 2008-2009. (14:07)
  • Pascal pinpoints the moment when he decided to change his career path. (16:00)
  • Pascal offers advice for traditional engineers who want to improve what they do and join the cyber security workforce. (17:35)
  • A Network Plus certification will help controls engineers understand the fundamentals of networking. (18:19) 
  • Pascal explains why he got hired as a commercial engineer in Network and Security at Rockwell. (21:16)
  • Pascal talks about his book, Industrial Cybersecurity. (23:39)
  • The book Hacking Exposed by Clint Bodungen inspired Pascal to write his first book. (27:50)
  • How Threat GEN became a company based around a game Pascal developed. (29:10)
  • Pascal offers advice on where people in IT who want to know more about safety, reliability, resiliency, and POCs can start. (32:36)
  • The most successful companies have a combined IT and OT team with knowledgeable people on both sides. (36:43)
  • Why do you need to figure out what you like the most and focus on that technology? (37:58)
  • Architecture will be the next big step for monitoring everything. (45:06)
  • Pascal discusses the process of writing his books and offers advice for those who would like to write a book. (45:49)
  
  

  Links:

  (CS)²AI

  Pascal Ackerman on LinkedIn

  Derek Harp is happy to welcome Pascal Ackerman as his guest for today’s podcast!

  Pascal is a security professional, focused on industrial control systems and he's currently the Sr Security Consultant for Operational Technology - Threat & Attack Simulation at GuidePoint Security. He has a Master’s of Science degree in Electrical Engineering (MSEE/CE). He has had 18 years of experience in industrial Ethernet design and support, information and network security, risk assessments, pen-testing, forensics, and threat hunting, WAN/LAN/Internet and Wireless Technologies, Windows Environments, Unix, Linux, IIS, and Apache.

  He specialized in the architecture, engineering, and securing of plant-wide Ethernet networks using Purdue-model design strategies, IDS/IPS sensors, network monitoring, Security Information, and Event Management (SIEM) solutions, next-gen firewalls, MS domain services, WSUS servers, MS SQL server clusters, etc.

  Pascal was born and raised in the Netherlands. Right after leaving high school, he was put behind a POC by a company that sent him out across the world installing prototype machinery for filling machines. He is an engineer, programmer, gamer, hacker, traveler, tinkerer, pen-tester, and father. 

  In this episode of the (CS)²AI Podcast, he shares his superhero backstory and discusses his certifications, his education, and his career path. He also offers advice for those who would like to get into the field of cybersecurity and people thinking about writing a book.

  If you are considering a career in cybersecurity or if you are an engineer and want to specialize in cyber security, you will gain a lot from this podcast! Stay tuned for more!

  Show highlights:

  • After leaving college, Pascal stayed with the company where he did his internship. The company got him to set up a software simulation to test their POC programs and later put him on their commissioning team. (6:51)
  • Pascal talks about what he did while working as a controls engineer. (8:08)
  • How Pascal got invited to move to the US to continue with his work. (9:50)
  • Pascal explains how many doors opened for him after presenting his first report in 2005. (12:27)
  • Pascal talks about how security measures first intersected with his work in 2008-2009. (14:07)
  • Pascal pinpoints the moment when he decided to change his career path. (16:00)
  • Pascal offers advice for traditional engineers who want to improve what they do and join the cyber security workforce. (17:35)
  • A Network Plus certification will help controls engineers understand the fundamentals of networking. (18:19) 
  • Pascal explains why he got hired as a commercial engineer in Network and Security at Rockwell. (21:16)
  • Pascal talks about his book, Industrial Cybersecurity. (23:39)
  • The book Hacking Exposed by Clint Bodungen inspired Pascal to write his first book. (27:50)
  • How Threat GEN became a company based around a game Pascal developed. (29:10)
  • Pascal offers advice on where people in IT who want to know more about safety, reliability, resiliency, and POCs can start. (32:36)
  • The most successful companies have a combined IT and OT team with knowledgeable people on both sides. (36:43)
  • Why do you need to figure out what you like the most and focus on that technology? (37:58)
  • Architecture will be the next big step for monitoring everything. (45:06)
  • Pascal discusses the process of writing his books and offers advice for those who would like to write a book. (45:49)
  
  

  Links:

  (CS)²AI

  Pascal Ackerman on LinkedIn

  Industrial Cybersecurity by Pascal Ackerman

  Books mentioned:

  Hacking Exposed by Clint Bodungen

  ]]>69117fa6-9f36-4c9f-80f6-55313312572eTue, 07 Jun 2022 03:00:00 -050049:35falsefull414140: ICS Village and Why You Should Attend DEF CON with Bryson Bort and Tom VanNormanToday, we've got a special episode to highlight a really neat initiative that’s been in the works for awhile. My guests are Bryson Bort and Tom VanNorman.

  Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow with the Atlantic Council’s Cyber Statecraft Initiative, the National Security Institute, and an Advisor to the Army Cyber Institute. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. He was recognized as one of the Top 50 in Cyber in 2020 by Business Insider.

  Tom leads the CyPhy Product group at GRIMM, where his primary focus is securing Industrial Control Systems and the networking of such systems. Tom brings an unparalleled level of operational knowledge and experience, as he has been working in the Operational Technology (OT) field for almost three decades. He also has considerable knowledge in constructing Cyber Physical testing environments for OT systems.

  Tom co-founded the ICS Village, a non-profit organization focused on Control System security and awareness. He is also retired from the Air National Guard, where he worked in Cyber Warfare Operations.

  ICS Village is holding Def Con 29, a 100% virtual event that takes place Aug 6th-8th. There are sessions and workshops covering all aspects of ICS. 

  Show Highlights:

  • How ICS Village was started
  • The original 2 events - RSA and DefCon
  • GRIMM and their involvement in ICS Village
  • Why no one was thinking about Industrial control systems before ICS Village
  • The artwork that started it all
  • All of the events that ICS Village has throughout the year
  • How the pandemic changed DefCon and the other ICS Village events
  • The birth of Hack the Plant Podcast
  • Capture the Flag and what we can learn from it
  • Highlights of Def Con Table Talks and other sessions
  
  

  Links:

  CS2AI.org

  ICS Village

  DefCon Event happening Aug 6-8

  ]]>Today, we've got a special episode to highlight a really neat initiative that’s been in the works for awhile. My guests are Bryson Bort and Tom VanNorman.

  Bryson is the Founder of SCYTHE, a start-up building a next generation attack emulation platform, and GRIMM, a cybersecurity consultancy, and Co-Founder of the ICS Village, a non-profit advancing awareness of industrial control system security. He is a Senior Fellow with the Atlantic Council’s Cyber Statecraft Initiative, the National Security Institute, and an Advisor to the Army Cyber Institute. As a U.S. Army Officer, he served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom before leaving the Army as a Captain. He was recognized as one of the Top 50 in Cyber in 2020 by Business Insider.

  Tom leads the CyPhy Product group at GRIMM, where his primary focus is securing Industrial Control Systems and the networking of such systems. Tom brings an unparalleled level of operational knowledge and experience, as he has been working in the Operational Technology (OT) field for almost three decades. He also has considerable knowledge in constructing Cyber Physical testing environments for OT systems.

  Tom co-founded the ICS Village, a non-profit organization focused on Control System security and awareness. He is also retired from the Air National Guard, where he worked in Cyber Warfare Operations.

  ICS Village is holding Def Con 29, a 100% virtual event that takes place Aug 6th-8th. There are sessions and workshops covering all aspects of ICS. 

  Show Highlights:

  • How ICS Village was started
  • The original 2 events - RSA and DefCon
  • GRIMM and their involvement in ICS Village
  • Why no one was thinking about Industrial control systems before ICS Village
  • The artwork that started it all
  • All of the events that ICS Village has throughout the year
  • How the pandemic changed DefCon and the other ICS Village events
  • The birth of Hack the Plant Podcast
  • Capture the Flag and what we can learn from it
  • Highlights of Def Con Table Talks and other sessions
  
  

  Links:

  CS2AI.org

  ICS Village

  DefCon Event happening Aug 6-8

  ]]>454837bc-4299-402a-874d-3b3b0f3869e4Tue, 31 May 2022 03:00:00 -050024:11falsefull404039: From Mechanical Engineering to Database Mastery for Cyber Security with Wanda LenkewichDerek Harp is happy to have Wanda Lenkewich, the Founder and CEO of Chinook Systems joining him on the podcast today!

  Wanda Lenkewich harnesses her subject matter expertise in engineering and construction, lifecycle commissioning, and facility management to advance the security and resiliency of critical infrastructure. She is the CEO of Chinook Systems Inc., leading an interdisciplinary team dedicated to commissioning, building systems and controls upgrades and replacements, and cybersecurity for facility-related control systems. Lenkewich has a passion for digital transformation and continues to innovate and advance technology that will protect and extend the life of buildings. That includes the full integration of cybersecurity into Chinook’s commissioning technology; Chinook's CyberCxTM program. Lenkewich is an industry advocate and founding fellow of the Control System Cyber Security Association International - (CS)²AI.

  Wanda is an excellent example of a great set of career path choices! She is a well-rounded individual who brings a fresh perspective and experience to what she does today! She is an entrepreneur, a speaker, and a mechanical-minded engineer with a well-developed creative side! She is a painter, musician, horse enthusiast, and cook. 

  In this episode of the (CS)²AI Podcast, Wanda tells her story, talks about her career journey, and shares some great nuggets of information about opportunities within the cyber security space.

  You will not want to miss this episode if you are thinking about embarking on a career in cyber security or considering starting a company of your own! Stay tuned for more!

  Show highlights:

  • Technology first came into Wanda’s life at a trade show she attended while working at her first job. It fascinated her, and she fell in love with it immediately! (4:21)
  • Wanda talks about the first job she did after graduating as a Mechanical Engineer at the Northern Alberta Institute of Technology. (6:15)
  • Wanda talks about her satisfying experience when she first got into digital controls. (9:17)
  • Wanda started building commissioning in 1991. It was all about the validation of control systems, and it was where she fell in love with databases. (12:16)
  • Wanda discusses the catalyst that prompted her to leave the government and start her first company. (13:55)
  • Wanda experienced a lot of frustration with the industry because it was slow to adopt new practices. She believes that things are changing, however. (17:45)
  • Wanda talks about what happened in the period between the first and the second companies she founded. (18:36)
  • The impact that Y2K had on her career path. (23:09)
  • Wanda talks about being invited to the Pentagon to help launch their renovation project. She has had a constant and consistent relationship with the Pentagon via Chinook ever since. (29:14)
  • Wanda talks about the challenges she faced while moving her business operation from Canada to the US. (32:09)
  • When cyber security first intersected with Chinook. (35:33)
  • The challenges with new construction and with existing buildings. (39:01)
  • Wanda shares some advice based on her years of experience for people entering the field of cyber security. (45:14)
  • It takes a lot of skill sets to build a strong cyber team in the OT world. (53:29)
  
  

  Links:

  (CS)²AI

  Wanda Lenkewich on LinkedIn

  Chinook Systems

  ]]>Derek Harp is happy to have Wanda Lenkewich, the Founder and CEO of Chinook Systems joining him on the podcast today!

  Wanda Lenkewich harnesses her subject matter expertise in engineering and construction, lifecycle commissioning, and facility management to advance the security and resiliency of critical infrastructure. She is the CEO of Chinook Systems Inc., leading an interdisciplinary team dedicated to commissioning, building systems and controls upgrades and replacements, and cybersecurity for facility-related control systems. Lenkewich has a passion for digital transformation and continues to innovate and advance technology that will protect and extend the life of buildings. That includes the full integration of cybersecurity into Chinook’s commissioning technology; Chinook's CyberCxTM program. Lenkewich is an industry advocate and founding fellow of the Control System Cyber Security Association International - (CS)²AI.

  Wanda is an excellent example of a great set of career path choices! She is a well-rounded individual who brings a fresh perspective and experience to what she does today! She is an entrepreneur, a speaker, and a mechanical-minded engineer with a well-developed creative side! She is a painter, musician, horse enthusiast, and cook. 

  In this episode of the (CS)²AI Podcast, Wanda tells her story, talks about her career journey, and shares some great nuggets of information about opportunities within the cyber security space.

  You will not want to miss this episode if you are thinking about embarking on a career in cyber security or considering starting a company of your own! Stay tuned for more!

  Show highlights:

  • Technology first came into Wanda’s life at a trade show she attended while working at her first job. It fascinated her, and she fell in love with it immediately! (4:21)
  • Wanda talks about the first job she did after graduating as a Mechanical Engineer at the Northern Alberta Institute of Technology. (6:15)
  • Wanda talks about her satisfying experience when she first got into digital controls. (9:17)
  • Wanda started building commissioning in 1991. It was all about the validation of control systems, and it was where she fell in love with databases. (12:16)
  • Wanda discusses the catalyst that prompted her to leave the government and start her first company. (13:55)
  • Wanda experienced a lot of frustration with the industry because it was slow to adopt new practices. She believes that things are changing, however. (17:45)
  • Wanda talks about what happened in the period between the first and the second companies she founded. (18:36)
  • The impact that Y2K had on her career path. (23:09)
  • Wanda talks about being invited to the Pentagon to help launch their renovation project. She has had a constant and consistent relationship with the Pentagon via Chinook ever since. (29:14)
  • Wanda talks about the challenges she faced while moving her business operation from Canada to the US. (32:09)
  • When cyber security first intersected with Chinook. (35:33)
  • The challenges with new construction and with existing buildings. (39:01)
  • Wanda shares some advice based on her years of experience for people entering the field of cyber security. (45:14)
  • It takes a lot of skill sets to build a strong cyber team in the OT world. (53:29)
  
  

  Links:

  (CS)²AI

  Wanda Lenkewich on LinkedIn

  Chinook Systems

  ]]>dde045df-db31-40a0-8f97-ef3ca2049093Tue, 24 May 2022 03:00:00 -050001:01:14falsefull393938: Cyber Security for Manufacturing with Colin Dunn and Isiah JonesDerek Harp would like to invite you, the listener, to next week’s (CS)²AI Online Symposium on Secure Control Systems for Smart Manufacturing. Manufacturing is a critical sector that forms a large portion of the American economy. It has over twelve-million workers and currently has 2.3 trillion dollars of output in the US alone! 

  The symposium will be in two parts: Part 1 will take place on Wednesday, May the 25th, 2022, at 1 pm EST. Some great prizes will be given to the participants in the question process, including some valuable industry books! Part 2 will happen in August 2022. More topics on manufacturing will be covered in the second part by some additional speakers.

  As a society, we take much of what gets produced within the manufacturing sector for granted, yet cyber threat actors take advantage of every vertical within that sector. Today, Colin Dunn, one of the (CS)²AI sponsors and the CEO of Fend Incorporated, and Isiah Jones, a (CS)²AI Founding Fellow and a well-known cyber security researcher and practitioner, join Derek to share their thoughts on the importance of cyber security for manufacturing. Stay tuned for more!

  Show highlights:

  • Isiah saw the kind of problems that happen under normal circumstances with manufacturing baby food years ago when he was with Jacobs Engineering. 
  • Messing with manufacturing and the supply chain is sure to disrupt any society. 
  • Supply chains have many vulnerable parts and do not need any additional stress like cyber-attacks right now.
  • There are ways to keep cyber attackers out. The symposium is a way to explore some of those options. 
  • All sectors, especially manufacturing, need to start spending more money on employing trained safety staff.
  • One of the assets the manufacturing sector has is the safety culture.
  • Thinking about cyber security as key to safety will help it get taken more seriously within the manufacturing sector.
  • More attention needs to be paid to problems like ransom threats, the manipulation of logic, and intellectual property theft within the manufacturing sector.
  • Much more action needs to be taken around security issues in the manufacturing sector. 
  
  

  Links:

  (CS)²AI

  (CS)²AI Online Symposium Secure Control Systems for Smart Manufacturing

  Colin Dunn on LinkedIn

  Fend Incorporated

  Isiah Jones on LinkedIn

  ]]>Derek Harp would like to invite you, the listener, to next week’s (CS)²AI Online Symposium on Secure Control Systems for Smart Manufacturing. Manufacturing is a critical sector that forms a large portion of the American economy. It has over twelve-million workers and currently has 2.3 trillion dollars of output in the US alone! 

  The symposium will be in two parts: Part 1 will take place on Wednesday, May the 25th, 2022, at 1 pm EST. Some great prizes will be given to the participants in the question process, including some valuable industry books! Part 2 will happen in August 2022. More topics on manufacturing will be covered in the second part by some additional speakers.

  As a society, we take much of what gets produced within the manufacturing sector for granted, yet cyber threat actors take advantage of every vertical within that sector. Today, Colin Dunn, one of the (CS)²AI sponsors and the CEO of Fend Incorporated, and Isiah Jones, a (CS)²AI Founding Fellow and a well-known cyber security researcher and practitioner, join Derek to share their thoughts on the importance of cyber security for manufacturing. Stay tuned for more!

  Show highlights:

  • Isiah saw the kind of problems that happen under normal circumstances with manufacturing baby food years ago when he was with Jacobs Engineering. 
  • Messing with manufacturing and the supply chain is sure to disrupt any society. 
  • Supply chains have many vulnerable parts and do not need any additional stress like cyber-attacks right now.
  • There are ways to keep cyber attackers out. The symposium is a way to explore some of those options. 
  • All sectors, especially manufacturing, need to start spending more money on employing trained safety staff.
  • One of the assets the manufacturing sector has is the safety culture.
  • Thinking about cyber security as key to safety will help it get taken more seriously within the manufacturing sector.
  • More attention needs to be paid to problems like ransom threats, the manipulation of logic, and intellectual property theft within the manufacturing sector.
  • Much more action needs to be taken around security issues in the manufacturing sector. 
  
  

  Links:

  (CS)²AI

  (CS)²AI Online Symposium Secure Control Systems for Smart Manufacturing

  Colin Dunn on LinkedIn

  Fend Incorporated

  Isiah Jones on LinkedIn

  ]]>dc2f4e93-b91b-4df7-9ef6-c53aeb492342Sun, 22 May 2022 03:00:00 -050011:00falsefull383837: Engineers Should Consider a Cyber Security Career with Vivek PonnadaDerek Harp is excited to have Vivek Ponnada, the Regional Sales Director for Nozomi Networks, joining him for another episode in the series on security leaders! Vivek was also a long-time contributor at GE.

  Vivek Ponnada has over 23 years of experience in Industrial Control Systems. He currently serves customers in Western Canada for Nozomi Networks with market-leading OT and IoT Security & Visibility solutions. 

  He started his career in ICS as an Instrumentation Technician and then became a Controls Engineer and commissioned Gas Turbine Controls systems in Europe, Middle-East, Africa, and South-East Asia. During his career, Vivek has held multiple roles including Sales, Marketing & Business Development, and Services covering Control systems & Cybersecurity solutions for Critical Infrastructure (Power, Oil & Gas, Water, and Mining) industries at GE and ICI Electrical Engineering in North America. He is a co-lead for the Top 20 Secure PLC Coding Practices Project and his recent talks and contributions include ICS Village (DefCon 29), Industrial Security Conference in Copenhagen & several BSides. 

  Vivek has a bachelor's degree in Electrical Engineering from I.E. India, an MBA from The University of Texas at Austin, and GICSP certification from GIAC. He is an active member of the Infosec community in Vancouver, BC as a Board Member for Mainland Advanced Research Society, Volunteers for ISACA, and is a member of the ISA.

  Vivek is a thoughtful and fun individual! He is an engineer, analyst, and finance guy! He is also a motorcycle enthusiast, an intermediate skier, and a husband! 

  In this episode of the (CS)²AI Podcast, Vivek shares his backstory, discusses his education, and talks about his career trajectory. He also offers gold nuggets of advice for engineers with an interest in cyber security.

  This is one show you will not want to miss- particularly if you are an engineer considering moving into the field of cyber security. Stay tuned for more!

  Show highlights:

  • Vivek grew up in South India. He became an engineer and developed skills in control systems long before he became a cybersecurity guy. (1:50)
  • The first job Vivek remembers doing was helping someone with gardening when he was seven or eight years old. (2:98)
  • When Vivek graduated from high school, he was in a technical program. So he was already in an electronics and communication phase. (4:10)
  • Vivek studied his engineering undergrad part-time because he was also working full-time. It all worked out well because the work he was doing and his studies were all connected. (4:43)
  • He enjoyed learning how to connect his work-life with his education organically. (6:25)
  • Vivek discusses his twenty-year history with GE. (7:10)
  • Security is a discipline that is a constant learning process. (12:26)
  • Some helpful advice for engineers who have an interest in cyber security, but don’t know where to start or how to break into the field. (14:52)
  • Vivek talks about the career challenges he faced at GE and how he navigated them. (19:00)
  • Two things that most engineers tend to struggle with. (21:01)
  • Vivek jumped around in his career path, so he never had a mentor. He had some excellent coaches and managers, however. (23:17)
  • People in the cybersecurity community are always open to advising and helping one another. (25:14)
  • How sales came into Vivek’s career journey. (27:09)
  • Vivek talks about the Top 20 Secure PLC Coding Practices Project to which he is contributing. (30:40)
  • It is always good to have a plan for the next few years. (32:57)
  • Vivek shares his recommendations for career choices in the field of cyber security. (39:13)
  
  

  Links:

  (CS)²AI

  Derek Harp is excited to have Vivek Ponnada, the Regional Sales Director for Nozomi Networks, joining him for another episode in the series on security leaders! Vivek was also a long-time contributor at GE.

  Vivek Ponnada has over 23 years of experience in Industrial Control Systems. He currently serves customers in Western Canada for Nozomi Networks with market-leading OT and IoT Security & Visibility solutions. 

  He started his career in ICS as an Instrumentation Technician and then became a Controls Engineer and commissioned Gas Turbine Controls systems in Europe, Middle-East, Africa, and South-East Asia. During his career, Vivek has held multiple roles including Sales, Marketing & Business Development, and Services covering Control systems & Cybersecurity solutions for Critical Infrastructure (Power, Oil & Gas, Water, and Mining) industries at GE and ICI Electrical Engineering in North America. He is a co-lead for the Top 20 Secure PLC Coding Practices Project and his recent talks and contributions include ICS Village (DefCon 29), Industrial Security Conference in Copenhagen & several BSides. 

  Vivek has a bachelor's degree in Electrical Engineering from I.E. India, an MBA from The University of Texas at Austin, and GICSP certification from GIAC. He is an active member of the Infosec community in Vancouver, BC as a Board Member for Mainland Advanced Research Society, Volunteers for ISACA, and is a member of the ISA.

  Vivek is a thoughtful and fun individual! He is an engineer, analyst, and finance guy! He is also a motorcycle enthusiast, an intermediate skier, and a husband! 

  In this episode of the (CS)²AI Podcast, Vivek shares his backstory, discusses his education, and talks about his career trajectory. He also offers gold nuggets of advice for engineers with an interest in cyber security.

  This is one show you will not want to miss- particularly if you are an engineer considering moving into the field of cyber security. Stay tuned for more!

  Show highlights:

  • Vivek grew up in South India. He became an engineer and developed skills in control systems long before he became a cybersecurity guy. (1:50)
  • The first job Vivek remembers doing was helping someone with gardening when he was seven or eight years old. (2:98)
  • When Vivek graduated from high school, he was in a technical program. So he was already in an electronics and communication phase. (4:10)
  • Vivek studied his engineering undergrad part-time because he was also working full-time. It all worked out well because the work he was doing and his studies were all connected. (4:43)
  • He enjoyed learning how to connect his work-life with his education organically. (6:25)
  • Vivek discusses his twenty-year history with GE. (7:10)
  • Security is a discipline that is a constant learning process. (12:26)
  • Some helpful advice for engineers who have an interest in cyber security, but don’t know where to start or how to break into the field. (14:52)
  • Vivek talks about the career challenges he faced at GE and how he navigated them. (19:00)
  • Two things that most engineers tend to struggle with. (21:01)
  • Vivek jumped around in his career path, so he never had a mentor. He had some excellent coaches and managers, however. (23:17)
  • People in the cybersecurity community are always open to advising and helping one another. (25:14)
  • How sales came into Vivek’s career journey. (27:09)
  • Vivek talks about the Top 20 Secure PLC Coding Practices Project to which he is contributing. (30:40)
  • It is always good to have a plan for the next few years. (32:57)
  • Vivek shares his recommendations for career choices in the field of cyber security. (39:13)
  
  

  Links:

  (CS)²AI

  Vivek Ponnada on LinkedIn

  Nozomi Networks

  Top 20 Secure PLC Coding Practices Project

  ]]>5a4596c7-968d-4254-8744-c1bbb4c1a21bTue, 17 May 2022 03:00:00 -050039:22falsefull373736: The S4 Conference: Why You Should Attend Every YearThe S4 Conference is one of the pinnacle events of the year for anyone interested in hearing deep subject matter experts speak. It is definitely worth attending if you are not formally part of the (CS)²AI community.

  Today, Derek Harp shares a short podcast he created after attending the 22nd S4 Conference, held from the 19th to the 21st of April this year.

  Dale Peterson is the Founder, Creator, and MC of the S4 Conference. He was on a recent (CS)²AI Podcast episode, talking about how S4 came about. Patrick Miller was also a recent guest on the (CS)²AI Podcast. He “accidentally” founded the informal yet powerful and informative after-hours BEER ISAC part of the S4 event.

  The recent S4 Conference was a great opportunity for everyone to get back together, in person after Covid! This year, 800 people attended the event. The speaker line-up was just as amazing as it has always been in the past! Many women were present, and there was also a well-attended Women in ICS social pre-event that took place on the Monday before the main event.

  In this episode, we share some comments on the recent S4 event made by Andrew Ginter, VP Industrial Security from Waterfall Security Solutions and Isiah Jones, Principal Security Engineer-ICS Security Integration from Resilience. Stay tuned for more!

  Show highlights:

  • Andrew’s biggest takeaway from the event was finding out that the industry wants cyber security regulations. 
  • The shipping industry is price sensitive. They should spend some money and effort on cyber security but won’t spend a penny unless their competition does the same.
  • Andrew explains why he was surprised to learn that the industry wants cyber security regulations.
  • Isiah enjoyed the diversity at the event! He was happy to see so many female technical engineers and black people attending the event.  
  • Isiah enjoyed seeing many new people interested in the more technical topics.
  • Isiah explains why he was happy to see Jen Easterly show up at the event to address the community directly.
  • Isiah enjoyed listening to new topics on PLCs, containers, and the latest attackers living off the land.
  • Seeing and interacting with everyone at the latest S4 event, and seeing new people get their coins, was good for Isiah’s mental health!
  
  ]]>The S4 Conference is one of the pinnacle events of the year for anyone interested in hearing deep subject matter experts speak. It is definitely worth attending if you are not formally part of the (CS)²AI community.

  Today, Derek Harp shares a short podcast he created after attending the 22nd S4 Conference, held from the 19th to the 21st of April this year.

  Dale Peterson is the Founder, Creator, and MC of the S4 Conference. He was on a recent (CS)²AI Podcast episode, talking about how S4 came about. Patrick Miller was also a recent guest on the (CS)²AI Podcast. He “accidentally” founded the informal yet powerful and informative after-hours BEER ISAC part of the S4 event.

  The recent S4 Conference was a great opportunity for everyone to get back together, in person after Covid! This year, 800 people attended the event. The speaker line-up was just as amazing as it has always been in the past! Many women were present, and there was also a well-attended Women in ICS social pre-event that took place on the Monday before the main event.

  In this episode, we share some comments on the recent S4 event made by Andrew Ginter, VP Industrial Security from Waterfall Security Solutions and Isiah Jones, Principal Security Engineer-ICS Security Integration from Resilience. Stay tuned for more!

  Show highlights:

  • Andrew’s biggest takeaway from the event was finding out that the industry wants cyber security regulations. 
  • The shipping industry is price sensitive. They should spend some money and effort on cyber security but won’t spend a penny unless their competition does the same.
  • Andrew explains why he was surprised to learn that the industry wants cyber security regulations.
  • Isiah enjoyed the diversity at the event! He was happy to see so many female technical engineers and black people attending the event.  
  • Isiah enjoyed seeing many new people interested in the more technical topics.
  • Isiah explains why he was happy to see Jen Easterly show up at the event to address the community directly.
  • Isiah enjoyed listening to new topics on PLCs, containers, and the latest attackers living off the land.
  • Seeing and interacting with everyone at the latest S4 event, and seeing new people get their coins, was good for Isiah’s mental health!
  
  ]]>a410b3e9-b19c-4808-83e2-abb3d63696f2Tue, 10 May 2022 03:00:00 -050008:41falsefull363635: Building a Consulting Career in the Cyber Security Industry with Patrick C. MillerDerek Harp is happy to have Patrick Miller joining him today for another episode in the Security Leaders series! Patrick is a well-known legend in the ICS cyber security space. He is currently the Chief Executive Officer of Ampere Industrial Security. (www.amperesec.com)

  Patrick Miller has dedicated his career to the protection and defense of critical infrastructures. As President and CEO of Ampere Industrial Security, he is a trusted independent security and regulatory advisor for industrial control systems worldwide. In addition to his role at Ampere, Mr. Miller is also the founder, director, and president emeritus of EnergySec and US. Coordinator for the Industrial Cybersecurity Center. Patrick's diverse background spans the Energy, Telecommunications, Water, Wastewater, Manufacturing, and Financial Services verticals, including key positions with regulatory agencies, private consulting firms, utility asset owners, and commercial organizations. Patrick was instrumental in the establishment of the NERC CIP standards in the US as a drafting team member and the first CIP auditor in the nation. He currently serves on or contributes to multiple NERC CIP guidance and standards drafting teams. Patrick is also an instructor for the ICS456 NERC CIP course with the SANS Institute.

  Patrick loves tech and the outdoors! As well as being a technologist, he is also a chef, a keen kayaker, a father, and a builder of communities! In this episode of the (CS)²AI Podcast, he tells his modern-day superhero origin story, talks about the various milestones in his professional journey, and shares valuable nuggets of advice for people from different backgrounds who would like to get into the cyber security industry. 

  You won’t want to miss this episode if you would like to make a career in cyber security, become a better security professional, or start a cybersecurity business of your own. Stay tuned for more!

  Show highlights:

  • Entrepreneurship is in Patrick’s blood. (3:05)
  • Growing up in the early days of technology, Patrick was lucky enough to get the new tech as it came out. (4:15)
  • Patrick was using cutting-edge technology to do a senior capstone biology project just before he dropped out of school to do tech. (6:32)
  • Any kind of background can be helpful for you as a security professional. (9:00)
  • How phone systems have advanced and transformed over the last few decades. (10:30)
  • Patrick’s first “hacking job”. (11:29)
  • Patrick talks about when he decided to specialize in security and the point when industrial security first intersected with his journey. (13:23)
  • Patrick discusses his stint as a regulator for WECC (Western Electricity Coordinating Council.) (17:54)
  • Joining standards bodies in the early stage can help people break into the cyber security industry. (24:26)
  • What motivated Patrick to start a consulting firm? (26:14)
  • The Dawn of Energy Sec (Energy Sector Security Consortium). (32:24)
  • Patrick shares his vision for Ampere. (35:15)
  • Why good communication skills are essential. (38:40)
  • What is ISAC all about, and how did Patrick instigate it? (41:40) 
  
  ]]>Derek Harp is happy to have Patrick Miller joining him today for another episode in the Security Leaders series! Patrick is a well-known legend in the ICS cyber security space. He is currently the Chief Executive Officer of Ampere Industrial Security. (www.amperesec.com)

  Patrick Miller has dedicated his career to the protection and defense of critical infrastructures. As President and CEO of Ampere Industrial Security, he is a trusted independent security and regulatory advisor for industrial control systems worldwide. In addition to his role at Ampere, Mr. Miller is also the founder, director, and president emeritus of EnergySec and US. Coordinator for the Industrial Cybersecurity Center. Patrick's diverse background spans the Energy, Telecommunications, Water, Wastewater, Manufacturing, and Financial Services verticals, including key positions with regulatory agencies, private consulting firms, utility asset owners, and commercial organizations. Patrick was instrumental in the establishment of the NERC CIP standards in the US as a drafting team member and the first CIP auditor in the nation. He currently serves on or contributes to multiple NERC CIP guidance and standards drafting teams. Patrick is also an instructor for the ICS456 NERC CIP course with the SANS Institute.

  Patrick loves tech and the outdoors! As well as being a technologist, he is also a chef, a keen kayaker, a father, and a builder of communities! In this episode of the (CS)²AI Podcast, he tells his modern-day superhero origin story, talks about the various milestones in his professional journey, and shares valuable nuggets of advice for people from different backgrounds who would like to get into the cyber security industry. 

  You won’t want to miss this episode if you would like to make a career in cyber security, become a better security professional, or start a cybersecurity business of your own. Stay tuned for more!

  Show highlights:

  • Entrepreneurship is in Patrick’s blood. (3:05)
  • Growing up in the early days of technology, Patrick was lucky enough to get the new tech as it came out. (4:15)
  • Patrick was using cutting-edge technology to do a senior capstone biology project just before he dropped out of school to do tech. (6:32)
  • Any kind of background can be helpful for you as a security professional. (9:00)
  • How phone systems have advanced and transformed over the last few decades. (10:30)
  • Patrick’s first “hacking job”. (11:29)
  • Patrick talks about when he decided to specialize in security and the point when industrial security first intersected with his journey. (13:23)
  • Patrick discusses his stint as a regulator for WECC (Western Electricity Coordinating Council.) (17:54)
  • Joining standards bodies in the early stage can help people break into the cyber security industry. (24:26)
  • What motivated Patrick to start a consulting firm? (26:14)
  • The Dawn of Energy Sec (Energy Sector Security Consortium). (32:24)
  • Patrick shares his vision for Ampere. (35:15)
  • Why good communication skills are essential. (38:40)
  • What is ISAC all about, and how did Patrick instigate it? (41:40) 
  
  ]]>326b8e0c-3b23-4565-b694-bf3eb1b52137Tue, 19 Apr 2022 03:00:00 -050054:18falsefull353534: Foundations for Starting Your Own Cyber Security Business with Dale PetersonDerek Harp is thrilled to have Dale Peterson of Digital Bond joining him for another great episode in the series on security leaders! Dale is a legend and leader in the cyber security industry!

  For over 15 years, Dale Peterson has been on the leading/bleeding edge helping security-conscious asset owners effectively and efficiently manage risk to their critical assets. He has pioneered numerous ICS security tools and techniques, such as the first intrusion detection signatures for ICS that are now in every commercial product. In 2007 Dale created the S4 Events to showcase the best offensive and defensive work in ICS security and build a community. S4 is now the largest and most advanced ICS event in the world. Dale is constantly pushing and prodding the ICS community to move faster and get better.

  Dale is a catalyst in the ICS cyber security space. He is most famous for his S4 Events. (The latest S4 Event will be coming up between the 19th and 21st of April 2022.) He is also an author, former cryptologist, skier, hiker, outdoorsman, well-known speaker, husband, and father. 

  In this episode of the (CS)²AI Podcast, Dale shares his origin story and discusses his career trajectory. He explains what led him to start Digital Bond, he talks about how the S4 Events came about, and he also offers some valuable nuggets of advice for people looking to start a business.

  You won’t want to miss this episode if you are looking for ways to get into the cyber security industry or if you want to know which moves to make to become a leader within the industry or start a company of your own. Stay tuned for more!

  Show highlights:

  • The most interesting and influential work that Dale did early on. (3:10)
  • What it takes to produce S4 Events. (4:46)
  • Dale first worked on computers when he was in junior high school. (6:06)
  • After getting a degree in finance, Dale worked for the NSA as a cryptologist and then went on to work for a company selling military encryption equipment before starting his own company. (8:10) 
  • Starting a company is not for everyone. (12:48)
  • What led to Dale starting Digital Bond? (13:13)
  • Dale shares his biggest failure so that others need not make the same mistake. He also offers advice for anyone wanting to start a business. (16:13)
  • How the S4 events came about in 2007. (12:53)
  • The highlights and the worst moments Dale remembers from doing S4 events. (30:15)
  • You need never be afraid to try something new in your business or career. (32:05)
  • Dale talks about where he has helped the most as a mentor. (36:54)
  • If you are very good at something, you can quickly make yourself known and become the best in the world at it in new sectors. (38:06)
  • Where you can start reading and researching to augment your professional knowledge. (42:39)
  • You need to understand your mission when you start a conference or an event. (48:42)
  
  

  Links:

  (CS)²AI

  Dale Peterson’s website

  Dale Peterson on LinkedIn

  Books mentioned:

  The Brand You 50 by Tom Peters

  ]]>Derek Harp is thrilled to have Dale Peterson of Digital Bond joining him for another great episode in the series on security leaders! Dale is a legend and leader in the cyber security industry!

  For over 15 years, Dale Peterson has been on the leading/bleeding edge helping security-conscious asset owners effectively and efficiently manage risk to their critical assets. He has pioneered numerous ICS security tools and techniques, such as the first intrusion detection signatures for ICS that are now in every commercial product. In 2007 Dale created the S4 Events to showcase the best offensive and defensive work in ICS security and build a community. S4 is now the largest and most advanced ICS event in the world. Dale is constantly pushing and prodding the ICS community to move faster and get better.

  Dale is a catalyst in the ICS cyber security space. He is most famous for his S4 Events. (The latest S4 Event will be coming up between the 19th and 21st of April 2022.) He is also an author, former cryptologist, skier, hiker, outdoorsman, well-known speaker, husband, and father. 

  In this episode of the (CS)²AI Podcast, Dale shares his origin story and discusses his career trajectory. He explains what led him to start Digital Bond, he talks about how the S4 Events came about, and he also offers some valuable nuggets of advice for people looking to start a business.

  You won’t want to miss this episode if you are looking for ways to get into the cyber security industry or if you want to know which moves to make to become a leader within the industry or start a company of your own. Stay tuned for more!

  Show highlights:

  • The most interesting and influential work that Dale did early on. (3:10)
  • What it takes to produce S4 Events. (4:46)
  • Dale first worked on computers when he was in junior high school. (6:06)
  • After getting a degree in finance, Dale worked for the NSA as a cryptologist and then went on to work for a company selling military encryption equipment before starting his own company. (8:10) 
  • Starting a company is not for everyone. (12:48)
  • What led to Dale starting Digital Bond? (13:13)
  • Dale shares his biggest failure so that others need not make the same mistake. He also offers advice for anyone wanting to start a business. (16:13)
  • How the S4 events came about in 2007. (12:53)
  • The highlights and the worst moments Dale remembers from doing S4 events. (30:15)
  • You need never be afraid to try something new in your business or career. (32:05)
  • Dale talks about where he has helped the most as a mentor. (36:54)
  • If you are very good at something, you can quickly make yourself known and become the best in the world at it in new sectors. (38:06)
  • Where you can start reading and researching to augment your professional knowledge. (42:39)
  • You need to understand your mission when you start a conference or an event. (48:42)
  
  

  Links:

  (CS)²AI

  Dale Peterson’s website

  Dale Peterson on LinkedIn

  Books mentioned:

  The Brand You 50 by Tom Peters

  ]]>321ae7c2-7303-42f4-858a-2643b3f3ffaeTue, 12 Apr 2022 03:00:00 -050051:48falsefull343433: Certifications and Instructional Careers in Cybersecurity with Justin SearleDerek Harp is excited to welcome Justin Searle as his guest for another episode in the series on security leaders! 

  Justin is the Director of ICS Security at InGuardians, specializing in ICS security architecture design and penetration testing. He has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences. He is currently a Senior Instructor for the SANS Institute and a faculty member at IANS. In addition to electric power industry conferences, he frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, Nullcon, and AusCERT.

  Justin is well-balanced and versatile and a super fascinating person! He was born in Utah and has lived there for most of his life. He has a Bachelor’s Degree in Technology Education with minors in computer science and electrical engineering, and a Master’s Degree in International Business and Information Systems. He is an entrepreneur, researcher, security practitioner, open-source advocate, instructor, teacher, and author. He is an outdoor enthusiast and has some cool hobbies, like scuba diving and rock climbing. He is also a falconer, a helicopter pilot, and a globetrotter. 

  In this episode of the (CS)²AI Podcast, he shares his modern-day superhero backstory, and he talks to Derek about how his career journey led to him becoming immersed neck-deep in cyber security for control systems. He also talks about the value of certifications and becoming an instructor. You will gain a lot from this show if you would like to make a career in cyber security or become an instructor in the field. Stay tuned for more!

  Show highlights:

  • Justin started doing basic programming when he was in elementary school and almost earned an Associate’s Degree in Electronics Engineering in high school. (4:58)
  • Justin talks about the certifications he obtained to build credibility and advance his career. (9:40)
  • Justin shares his thoughts about certifications. (11:50)
  • Getting a certification will help students stand out trying to find an internship. (Justin recommends the CompTIA Security+ Certification because it is an inexpensive option.) (13:22)
  • Graduates should consider getting a CISSP Certification. (13:48)
  • Justin explains why he shifted to focus on networking technologies, IT technologies, and cyber security in 2000-2001. (18:10)
  • Getting into his niche area- penetration testing in industrial control systems. (19:50)
  • How can listeners break into becoming teachers or instructors? ( 22:38)
  • The pros and cons of joining communities and collaborative groups. (27:08)
  • Justin enjoys being an informal mentor to others and providing feedback when people ask questions. (31:04)
  • Justin offers advice for maximizing your benefit when you change jobs or your positions within a company. (33:22)
  • You will be valued in the field if you get into any area of cyber security. (40:10)
  
  

  Links:

  (CS)²AI

  Justin Searle on LinkedIn

  In Guardians

  CISSP Certification

  ]]>Derek Harp is excited to welcome Justin Searle as his guest for another episode in the series on security leaders! 

  Justin is the Director of ICS Security at InGuardians, specializing in ICS security architecture design and penetration testing. He has taught courses in hacking techniques, forensics, networking, and intrusion detection for multiple universities, corporations, and security conferences. He is currently a Senior Instructor for the SANS Institute and a faculty member at IANS. In addition to electric power industry conferences, he frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, Nullcon, and AusCERT.

  Justin is well-balanced and versatile and a super fascinating person! He was born in Utah and has lived there for most of his life. He has a Bachelor’s Degree in Technology Education with minors in computer science and electrical engineering, and a Master’s Degree in International Business and Information Systems. He is an entrepreneur, researcher, security practitioner, open-source advocate, instructor, teacher, and author. He is an outdoor enthusiast and has some cool hobbies, like scuba diving and rock climbing. He is also a falconer, a helicopter pilot, and a globetrotter. 

  In this episode of the (CS)²AI Podcast, he shares his modern-day superhero backstory, and he talks to Derek about how his career journey led to him becoming immersed neck-deep in cyber security for control systems. He also talks about the value of certifications and becoming an instructor. You will gain a lot from this show if you would like to make a career in cyber security or become an instructor in the field. Stay tuned for more!

  Show highlights:

  • Justin started doing basic programming when he was in elementary school and almost earned an Associate’s Degree in Electronics Engineering in high school. (4:58)
  • Justin talks about the certifications he obtained to build credibility and advance his career. (9:40)
  • Justin shares his thoughts about certifications. (11:50)
  • Getting a certification will help students stand out trying to find an internship. (Justin recommends the CompTIA Security+ Certification because it is an inexpensive option.) (13:22)
  • Graduates should consider getting a CISSP Certification. (13:48)
  • Justin explains why he shifted to focus on networking technologies, IT technologies, and cyber security in 2000-2001. (18:10)
  • Getting into his niche area- penetration testing in industrial control systems. (19:50)
  • How can listeners break into becoming teachers or instructors? ( 22:38)
  • The pros and cons of joining communities and collaborative groups. (27:08)
  • Justin enjoys being an informal mentor to others and providing feedback when people ask questions. (31:04)
  • Justin offers advice for maximizing your benefit when you change jobs or your positions within a company. (33:22)
  • You will be valued in the field if you get into any area of cyber security. (40:10)
  
  

  Links:

  (CS)²AI

  Justin Searle on LinkedIn

  In Guardians

  CISSP Certification

  ]]>51f4f9d7-0b0f-4044-be17-1de5e18921e5Tue, 05 Apr 2022 03:00:00 -050045:12falsefull333332: Creating a Cyber Security Career in Production Environments with Rick KaunToday, Derek Harp is excited to interview Rick Kaun for another episode in the security leaders series. Rick is the VP of Solutions at Verve Industrial Protection.  

  Rick is a well-versed OT cyber security thought leader, evangelist, advocate, and solution provider with more than 20 years in the identification, development, and provision of all sizes and shapes of security programs. Regardless of the industry, security maturity level, or standard (corporate, regulatory, or best practice) Rick has focused on helping clients to find solutions that are effective, affordable, and manageable. With a special experience in production environments, he has had the pleasure of working around the world with multiple organizations ranging from Power to Oil and Gas, Refining, Mining, Pulp and Paper, discrete manufacturing to corporate and regulatory projects.

  Rick is an honest and authentic person. He is a straight talker, known for getting right to the heart of the matter. He is a husband and father and a keen outdoorsman. He is also an ice hockey fan, traveler, boater, and dog lover. 

  In this episode of the (CS)²AI Podcast, he tells his story and shares his wisdom. He talks about his career, discusses the decisions he made that led him to where he is today and shares some gold nuggets of career advice.

  You won’t want to miss this episode if you are looking for career direction, considering a career in cyber security, or already in the security field and would like to move forward in your career. Stay tuned for more!

  Show highlights:

  • Rick shares his superhero origin story. (5:28)
  • In grade four, Rick became the computer lab administrator for his class. (8:34)
  • Rick did not start his career in cyber security with a technical degree. He explains how he went from studying sociology to learning about technology. (11:26)
  • Technology is such a complex field, and it has so many opportunities that you can have an entire career and a specialty within it. (12:04)
  • There are various technical studies courses that you can do at the Northern Alberta Institute of Technology (NAIT). (13:04)
  • Rick believes that security basics should underpin every course that anyone ever does. He would love to have a panel discussion on safety culture! (16:58)
  • Rick explains how he jumped into security for control systems at Honeywell twenty-one years ago. (18:53)
  • Rick joined Verve about five years ago, and since then, they have doubled twice. (24:23)
  • We need meaningful and sustainable risk reduction for the future. (25:19)
  • People you know now could become important in the future. That’s why you need to invest in as many quality relationships as possible within the cyber security industry. (25:51)
  • Some of the challenges Rick has faced while navigating his career journey. (28:28)
  • Rick discusses the importance of collaboration. (34:21)
  • With trainees, it is way better to be humble and honest about things you don’t know than to make something up. (41:49)
  • Rick feels that mentorship is the key component for anybody to get anywhere. (44:27)
  • You need to enjoy the work you do. (47:28)
  
  

  Links:

  (CS)²AI

  Rick Kaun on LinkedIn

  Verve Industrial Protection

  Northern Alberta Institute of Technology (NAIT)

  ]]>Today, Derek Harp is excited to interview Rick Kaun for another episode in the security leaders series. Rick is the VP of Solutions at Verve Industrial Protection.  

  Rick is a well-versed OT cyber security thought leader, evangelist, advocate, and solution provider with more than 20 years in the identification, development, and provision of all sizes and shapes of security programs. Regardless of the industry, security maturity level, or standard (corporate, regulatory, or best practice) Rick has focused on helping clients to find solutions that are effective, affordable, and manageable. With a special experience in production environments, he has had the pleasure of working around the world with multiple organizations ranging from Power to Oil and Gas, Refining, Mining, Pulp and Paper, discrete manufacturing to corporate and regulatory projects.

  Rick is an honest and authentic person. He is a straight talker, known for getting right to the heart of the matter. He is a husband and father and a keen outdoorsman. He is also an ice hockey fan, traveler, boater, and dog lover. 

  In this episode of the (CS)²AI Podcast, he tells his story and shares his wisdom. He talks about his career, discusses the decisions he made that led him to where he is today and shares some gold nuggets of career advice.

  You won’t want to miss this episode if you are looking for career direction, considering a career in cyber security, or already in the security field and would like to move forward in your career. Stay tuned for more!

  Show highlights:

  • Rick shares his superhero origin story. (5:28)
  • In grade four, Rick became the computer lab administrator for his class. (8:34)
  • Rick did not start his career in cyber security with a technical degree. He explains how he went from studying sociology to learning about technology. (11:26)
  • Technology is such a complex field, and it has so many opportunities that you can have an entire career and a specialty within it. (12:04)
  • There are various technical studies courses that you can do at the Northern Alberta Institute of Technology (NAIT). (13:04)
  • Rick believes that security basics should underpin every course that anyone ever does. He would love to have a panel discussion on safety culture! (16:58)
  • Rick explains how he jumped into security for control systems at Honeywell twenty-one years ago. (18:53)
  • Rick joined Verve about five years ago, and since then, they have doubled twice. (24:23)
  • We need meaningful and sustainable risk reduction for the future. (25:19)
  • People you know now could become important in the future. That’s why you need to invest in as many quality relationships as possible within the cyber security industry. (25:51)
  • Some of the challenges Rick has faced while navigating his career journey. (28:28)
  • Rick discusses the importance of collaboration. (34:21)
  • With trainees, it is way better to be humble and honest about things you don’t know than to make something up. (41:49)
  • Rick feels that mentorship is the key component for anybody to get anywhere. (44:27)
  • You need to enjoy the work you do. (47:28)
  
  

  Links:

  (CS)²AI

  Rick Kaun on LinkedIn

  Verve Industrial Protection

  Northern Alberta Institute of Technology (NAIT)

  ]]>d7c99f4d-621e-4418-819e-7de882906fafTue, 29 Mar 2022 03:00:00 -050048:56falsefull323231: Cyber Security Start Ups and Product Creation with Eric J. ByresToday, Derek Harp is excited to interview Eric J. Byres, the Founder of and Chief Technology Officer of aDolus Technology Inc., in another episode of the Security Leaders series. Eric is a pioneer in industrial cyber security. He is a technologist, entrepreneur, author, inventor, outdoor enthusiast, and sailor. 

  Eric grew up in North Vancouver and later graduated with a Bachelor of Applied Science Degree from The University of British Columbia, focusing on geological engineering and mining operations. He is widely recognized as one of the world’s top experts in the SCADA security field. As the inventor of the Tofino Security technology, Eric and his partner Joann guided the product through its evolution from an academic research project and startup to a successful acquisition by Belden Inc (NYSE: BDC). Tofino received numerous industry awards and was licensed by industry giants such as Honeywell, Schneider Electric, and Caterpillar. Today it is probably the most widely deployed ICS-specific firewall in the world.   

  In this episode of the (CS)²AI Podcast, Eric shares his background and discusses his career trajectory. He also offers many gold nuggets of advice for listeners who would like to do a startup, launch a product, be useful for the industry later on, or use what they already have to add value to the cyber security industry. 

  This episode is one you will not want to miss if you are looking to start your career in cyber security or considering starting a company in the cyber security space.

  Show highlights:

  • Eric started his first business, making and selling root beer when he was about eight years old. He gained some valuable entrepreneurial experience doing that! (2:35)
  • His dad bought him a Digi-Comp 1 mechanical digital computer with three bits of memory when he was about eight years old. (5:31)
  • Eric's first job after graduating was with a small but prestigious consulting firm that designed mines. They shipped him off to Australia, South Africa, and Columbia. (7:09)
  • After three or four years, Eric got out of mining and imbedded himself into the data communications and industrial computer markets. (8:01)
  • Eric explains what went on in his early days in control systems. (10:36)
  • Writing a peer-reviewed paper for the IEEE on cyber security for control systems while he was at DCIT was a turning point in Eric’s career. (16:30)
  • Eric discusses the birth of Tofino Security. (20:35)
  • Eric talks about the challenges he faced and offers advice for listeners who would like to follow a similar career path. (22:35)
  • Why does he feel that startups have an advantage? (25:48)
  • Eric describes the Tofino firewall and explains what is. (26:39)
  • Eric talks about his mentors and the advisory roles he has been in. (33:50)
  • Eric explains how aDolus came into existence and discusses the complicated software supply chain. (36:40)
  • What is an S-bom? How does it differ from a D-bom? (46:02)
  • Some advice for listeners who want to start laying the tracks to be on the cutting edge of something or be of value to the cyber security industry. (52:17) 
  
  

  Links:

  (CS)²AI

  Eric Byres on LinkedIn

  aDolus Technology Inc.

  Books mentioned:

  The Cuckoo’s Egg by Cliff Stoll

  ]]>Today, Derek Harp is excited to interview Eric J. Byres, the Founder of and Chief Technology Officer of aDolus Technology Inc., in another episode of the Security Leaders series. Eric is a pioneer in industrial cyber security. He is a technologist, entrepreneur, author, inventor, outdoor enthusiast, and sailor. 

  Eric grew up in North Vancouver and later graduated with a Bachelor of Applied Science Degree from The University of British Columbia, focusing on geological engineering and mining operations. He is widely recognized as one of the world’s top experts in the SCADA security field. As the inventor of the Tofino Security technology, Eric and his partner Joann guided the product through its evolution from an academic research project and startup to a successful acquisition by Belden Inc (NYSE: BDC). Tofino received numerous industry awards and was licensed by industry giants such as Honeywell, Schneider Electric, and Caterpillar. Today it is probably the most widely deployed ICS-specific firewall in the world.   

  In this episode of the (CS)²AI Podcast, Eric shares his background and discusses his career trajectory. He also offers many gold nuggets of advice for listeners who would like to do a startup, launch a product, be useful for the industry later on, or use what they already have to add value to the cyber security industry. 

  This episode is one you will not want to miss if you are looking to start your career in cyber security or considering starting a company in the cyber security space.

  Show highlights:

  • Eric started his first business, making and selling root beer when he was about eight years old. He gained some valuable entrepreneurial experience doing that! (2:35)
  • His dad bought him a Digi-Comp 1 mechanical digital computer with three bits of memory when he was about eight years old. (5:31)
  • Eric's first job after graduating was with a small but prestigious consulting firm that designed mines. They shipped him off to Australia, South Africa, and Columbia. (7:09)
  • After three or four years, Eric got out of mining and imbedded himself into the data communications and industrial computer markets. (8:01)
  • Eric explains what went on in his early days in control systems. (10:36)
  • Writing a peer-reviewed paper for the IEEE on cyber security for control systems while he was at DCIT was a turning point in Eric’s career. (16:30)
  • Eric discusses the birth of Tofino Security. (20:35)
  • Eric talks about the challenges he faced and offers advice for listeners who would like to follow a similar career path. (22:35)
  • Why does he feel that startups have an advantage? (25:48)
  • Eric describes the Tofino firewall and explains what is. (26:39)
  • Eric talks about his mentors and the advisory roles he has been in. (33:50)
  • Eric explains how aDolus came into existence and discusses the complicated software supply chain. (36:40)
  • What is an S-bom? How does it differ from a D-bom? (46:02)
  • Some advice for listeners who want to start laying the tracks to be on the cutting edge of something or be of value to the cyber security industry. (52:17) 
  
  

  Links:

  (CS)²AI

  Eric Byres on LinkedIn

  aDolus Technology Inc.

  Books mentioned:

  The Cuckoo’s Egg by Cliff Stoll

  ]]>500b2ed9-0ccf-4f78-88c6-aa4fa5140983Tue, 22 Mar 2022 03:00:00 -050055:03falsefull313130: Engineers Should Consider a Cybersecurity Career with Graham SpeakeToday, Derek Harp is excited to have Graham Speake, the Director of Industrial Security at Waterfall Security Solutions, joining him on the show! Graham started very early on as an engineer in control systems. He is an interesting and well-rounded individual with a long history in engineering. 

  Graham was born in Wales and moved to London when he started working. He has been living in America for the past twenty years. He is a senior Cyber Security professional with broad experience leading global Operational Technology (OT) and Information Technology (IT) cybersecurity programs for protecting mission-critical systems and infrastructure. He is an expert in developing and delivering security training courses and security awareness. He has subject-matter expertise in Industrial Control Systems (ICS) and SCADA cybersecurity, particularly in oil and gas majors, and for risk managing large capital value projects and architecting global solutions for Oil and Gas and Industrial Automation customers. He is a music lover, photographer, and world traveler who has recently become an RV traveler. He is also a husband, father, grandfather, and raspberry pie enthusiast!

  In this episode of the (CS)²AI Podcast, Graham talks about his background and career journey and discusses what led him to where he is today. He also offers valuable nuggets of advice for listeners who would like to make a career in or transition into cyber security.

  This is one episode you will not want to miss if you are looking to make a career in the cyber security space or are an engineer and would like to add cyber security to your career path. Stay tuned for more!

  Show highlights:

  • Graham's early experiences inspired him to do electrical/ electronic engineering at college and then move into working with electronics and electricity in an industrial setting. (3:13)
  • The benefits of having an engineering background. (8:05)
  • Graham shares his recommendations for engineers who would like to add cyber security to their professional path. (9:08)
  • The US government offers free security training through the Idaho National Laboratory (INL). (10:22)
  • Graham talks about the mentorship he received and offers advice for finding a mentor and doing a mentorship exchange. (12:07)
  • Security only intersected with his journey much later in his career. (17:16)
  • 9/11 was a pivot- point in his career. (20:08)
  • Graham talks about various types of industrial proprietary communication protocols. (26:04)
  • Graham talks about how he got into his interesting role at Yokogawa and how it differed from what he did at BP. (29:58)
  • Graham discusses what happened in the security space after being invited to be part of a training course and certification program in 2011. (36:58)
  • Learning the basic working vocabulary and terminology is a way to build bridges and get teams from different industries to work together. (42:22)
  • Graham explains why he could not say no to working for Waterfall. (54:00)
  • Relationships you form early in your career in the security space end up being very powerful later on. (57:40)
  
  

  Links:

  (CS)²AI

  Waterfall Security Solutions

  Graham Speake on LinkedIn

  INL Critical Infrastructure Protection Training

  ]]>Today, Derek Harp is excited to have Graham Speake, the Director of Industrial Security at Waterfall Security Solutions, joining him on the show! Graham started very early on as an engineer in control systems. He is an interesting and well-rounded individual with a long history in engineering. 

  Graham was born in Wales and moved to London when he started working. He has been living in America for the past twenty years. He is a senior Cyber Security professional with broad experience leading global Operational Technology (OT) and Information Technology (IT) cybersecurity programs for protecting mission-critical systems and infrastructure. He is an expert in developing and delivering security training courses and security awareness. He has subject-matter expertise in Industrial Control Systems (ICS) and SCADA cybersecurity, particularly in oil and gas majors, and for risk managing large capital value projects and architecting global solutions for Oil and Gas and Industrial Automation customers. He is a music lover, photographer, and world traveler who has recently become an RV traveler. He is also a husband, father, grandfather, and raspberry pie enthusiast!

  In this episode of the (CS)²AI Podcast, Graham talks about his background and career journey and discusses what led him to where he is today. He also offers valuable nuggets of advice for listeners who would like to make a career in or transition into cyber security.

  This is one episode you will not want to miss if you are looking to make a career in the cyber security space or are an engineer and would like to add cyber security to your career path. Stay tuned for more!

  Show highlights:

  • Graham's early experiences inspired him to do electrical/ electronic engineering at college and then move into working with electronics and electricity in an industrial setting. (3:13)
  • The benefits of having an engineering background. (8:05)
  • Graham shares his recommendations for engineers who would like to add cyber security to their professional path. (9:08)
  • The US government offers free security training through the Idaho National Laboratory (INL). (10:22)
  • Graham talks about the mentorship he received and offers advice for finding a mentor and doing a mentorship exchange. (12:07)
  • Security only intersected with his journey much later in his career. (17:16)
  • 9/11 was a pivot- point in his career. (20:08)
  • Graham talks about various types of industrial proprietary communication protocols. (26:04)
  • Graham talks about how he got into his interesting role at Yokogawa and how it differed from what he did at BP. (29:58)
  • Graham discusses what happened in the security space after being invited to be part of a training course and certification program in 2011. (36:58)
  • Learning the basic working vocabulary and terminology is a way to build bridges and get teams from different industries to work together. (42:22)
  • Graham explains why he could not say no to working for Waterfall. (54:00)
  • Relationships you form early in your career in the security space end up being very powerful later on. (57:40)
  
  

  Links:

  (CS)²AI

  Waterfall Security Solutions

  Graham Speake on LinkedIn

  INL Critical Infrastructure Protection Training

  ]]>a8cb4f5f-3dc2-4de0-bd77-a732b247f234Tue, 15 Mar 2022 03:00:00 -050001:03:29falsefull303029: How to Be a Good CISO Even in the Face of Challenges with Mark WeatherfordDerek Harp is happy to have Mark Weatherford, the CSO at AlertEnterprise, and the Chief Strategy Officer at the National Cybersecurity Center, joining him today for another episode in the series of security leader interviews!

  Mark grew up on a farm in an agricultural community in Northern California and left the farming life to embark on a career in the Navy and travel the world as a technologist, helping companies in cyberspace. Throughout his career, he always planned to get back into ranching. Apart from being a well-known security leader, Mark is a military veteran, technologist, beekeeper, hunter, pilot, and a soon-to-be rancher and gardener. He is also a husband and father.

  Mark has had various executive-level cybersecurity roles, including Global Information Security Strategist at Booking Holdings, Chief Cybersecurity Strategist at vArmour, a Principal at The Chertoff Group, Chief Security Officer at the North American Electric Reliability Corporation, and Chief Information Security Officer for the state of Colorado. He was appointed in 2008 by Governor Arnold Schwarzenegger to serve as California’s first Chief Information Security Officer. In 2011, he got appointed by the Obama Administration as the Deputy Under Secretary for Cybersecurity at the U.S. Department of Homeland Security. 

  Mark is a well-rounded individual who does a variety of interesting things. In this episode of the (CS)²AI Podcast, he shares his backstory and describes his career journey. He talks about the challenge CISOs face today, explains why relationships are vital, and discusses what it takes to be a good CISO today. He also offers some valuable nuggets of career advice for listeners.

  You will not want to miss this episode if you are in a first-time CISO role or considering making a career in cybersecurity. Stay tuned for more!

  Show highlights:

  • Growing up, Mark was always playing around with electricity, wiring up motors and lights, and often overloading circuits and blowing breakers. (3:20)
  • Mark became a cryptologic technician in the Navy and focused on signals intelligence. (4:50)
  • In 1994, Mark wrote his grad school thesis on information security. That changed his life and set the stage for his future. (7:59)
  • Mark created the Navy’s first operational red team. (10:14)
  • Mark explains why a CISO cannot be an expert today. (12:20)
  • Mark got hired as the first CISO for the state of Colorado. It was a great learning experience! (15:06)
  • Why is becoming a CISO is all about developing relationships? (19:47)
  • Mentoring others is one of the most satisfying things Mark has ever done. (25:28)
  • Mark had a lot of influence in his role at DHS. (32:01)
  • Some advice for people thinking of taking on CISO roles. (35:34)
  • What do you need to focus on and learn if you are aiming for a senior CISO position? (38:24)
  • What do people in advisory board roles do? (46:08)
  
  

  Links:

  (CS)²AI

  Mark Weatherford on LinkedIn

  AlertEnterprise

  National Cybersecurity Center

  ]]>Derek Harp is happy to have Mark Weatherford, the CSO at AlertEnterprise, and the Chief Strategy Officer at the National Cybersecurity Center, joining him today for another episode in the series of security leader interviews!

  Mark grew up on a farm in an agricultural community in Northern California and left the farming life to embark on a career in the Navy and travel the world as a technologist, helping companies in cyberspace. Throughout his career, he always planned to get back into ranching. Apart from being a well-known security leader, Mark is a military veteran, technologist, beekeeper, hunter, pilot, and a soon-to-be rancher and gardener. He is also a husband and father.

  Mark has had various executive-level cybersecurity roles, including Global Information Security Strategist at Booking Holdings, Chief Cybersecurity Strategist at vArmour, a Principal at The Chertoff Group, Chief Security Officer at the North American Electric Reliability Corporation, and Chief Information Security Officer for the state of Colorado. He was appointed in 2008 by Governor Arnold Schwarzenegger to serve as California’s first Chief Information Security Officer. In 2011, he got appointed by the Obama Administration as the Deputy Under Secretary for Cybersecurity at the U.S. Department of Homeland Security. 

  Mark is a well-rounded individual who does a variety of interesting things. In this episode of the (CS)²AI Podcast, he shares his backstory and describes his career journey. He talks about the challenge CISOs face today, explains why relationships are vital, and discusses what it takes to be a good CISO today. He also offers some valuable nuggets of career advice for listeners.

  You will not want to miss this episode if you are in a first-time CISO role or considering making a career in cybersecurity. Stay tuned for more!

  Show highlights:

  • Growing up, Mark was always playing around with electricity, wiring up motors and lights, and often overloading circuits and blowing breakers. (3:20)
  • Mark became a cryptologic technician in the Navy and focused on signals intelligence. (4:50)
  • In 1994, Mark wrote his grad school thesis on information security. That changed his life and set the stage for his future. (7:59)
  • Mark created the Navy’s first operational red team. (10:14)
  • Mark explains why a CISO cannot be an expert today. (12:20)
  • Mark got hired as the first CISO for the state of Colorado. It was a great learning experience! (15:06)
  • Why is becoming a CISO is all about developing relationships? (19:47)
  • Mentoring others is one of the most satisfying things Mark has ever done. (25:28)
  • Mark had a lot of influence in his role at DHS. (32:01)
  • Some advice for people thinking of taking on CISO roles. (35:34)
  • What do you need to focus on and learn if you are aiming for a senior CISO position? (38:24)
  • What do people in advisory board roles do? (46:08)
  
  

  Links:

  (CS)²AI

  Mark Weatherford on LinkedIn

  AlertEnterprise

  National Cybersecurity Center

  ]]>73657ac2-a995-4857-bb34-972791d72c58Tue, 08 Mar 2022 03:00:00 -050054:14falsefull292928: Threat Hunting and Other Headline Making Cyber Security Careers with Mark BristowToday, Derek Harp is excited to have Mark Bristow joining him for another episode in the interview series on security leaders! Mark is well-known in the cyber security industry. He is the Branch Chief for Cyber Defense Coordination and Operations for threat hunting at the Department of Homeland Security.

  Mark found his first bug in an ISV system when he was ten years old. As a teenager, he was passionate about technology and spent much of his time discovering what he could do with his computer and the nascent internet. He later earned a Computer Engineering degree from Penn State. 

  Mark has been at the forefront of headline-making incident response efforts like the attack on the Ukrainian power grid, intrusions into U.S. election infrastructure, and Russian attempts to gain access to the U.S. power grid. He often does talks on worldwide industrial control systems security issues. He enjoys sharing his knowledge about the protection of critical infrastructure and using his real-life experience to help students relate the information to scenarios in the field. He is also a pilot-in-training and a scuba diver! 

  Mark had access to control systems as a young child, and as a result, he developed a breaker mindset quite early on. In this episode, he tells his story, talks about his background and career, and shares his unique perspective on cyber security. He talks about working for the government and offers some nuggets of career advice for people thinking of making a career in cyber security or those currently doing development in systems design and would like to specialize in cyber security. 

  If you are thinking of making a career in cyber security, you will learn a lot from today’s interview with Mark Bristow! Stay tuned for more!

  Show highlights:

  • The role Mark’s father played in him becoming an early adopter of technology (3:11)
  • How he found a bug in an ISV system at the age of ten. (5:14)
  • Mark figured out how to bypass the safety controls and make the computer drop the space shuttle's engines before they were supposed to. (8:14)
  • How Mark transitioned from doing programming to doing cyber security professionally. (11:25)
  • Mark explains how programming mattered and helped him in his career journey. (13:23)
  • Some nuggets of advice for programmers who want to add something to their career path by specializing in cyber security. (16:02)
  • A nugget of advice for what you should do when you receive a job offer. (19:48)
  • The mentors and people who opened doors for Mark along his career path. (23:21)
  • What is it like working for the government? (24:37)
  • Mark explains why he pivoted to become a federal employee. (30:40)
  • Everyone in the cyber security industry is open to helping each other and offering advice. (35:51)
  • What you can do right now to become sought-after and successful in five to ten years. (37:29)
  • Mark explains his job title and talks about what he does. (45:29)
  
  

  Links:

  (CS)²AI

  Mark Bristow on LinkedIn

  CISA

  ]]>Today, Derek Harp is excited to have Mark Bristow joining him for another episode in the interview series on security leaders! Mark is well-known in the cyber security industry. He is the Branch Chief for Cyber Defense Coordination and Operations for threat hunting at the Department of Homeland Security.

  Mark found his first bug in an ISV system when he was ten years old. As a teenager, he was passionate about technology and spent much of his time discovering what he could do with his computer and the nascent internet. He later earned a Computer Engineering degree from Penn State. 

  Mark has been at the forefront of headline-making incident response efforts like the attack on the Ukrainian power grid, intrusions into U.S. election infrastructure, and Russian attempts to gain access to the U.S. power grid. He often does talks on worldwide industrial control systems security issues. He enjoys sharing his knowledge about the protection of critical infrastructure and using his real-life experience to help students relate the information to scenarios in the field. He is also a pilot-in-training and a scuba diver! 

  Mark had access to control systems as a young child, and as a result, he developed a breaker mindset quite early on. In this episode, he tells his story, talks about his background and career, and shares his unique perspective on cyber security. He talks about working for the government and offers some nuggets of career advice for people thinking of making a career in cyber security or those currently doing development in systems design and would like to specialize in cyber security. 

  If you are thinking of making a career in cyber security, you will learn a lot from today’s interview with Mark Bristow! Stay tuned for more!

  Show highlights:

  • The role Mark’s father played in him becoming an early adopter of technology (3:11)
  • How he found a bug in an ISV system at the age of ten. (5:14)
  • Mark figured out how to bypass the safety controls and make the computer drop the space shuttle's engines before they were supposed to. (8:14)
  • How Mark transitioned from doing programming to doing cyber security professionally. (11:25)
  • Mark explains how programming mattered and helped him in his career journey. (13:23)
  • Some nuggets of advice for programmers who want to add something to their career path by specializing in cyber security. (16:02)
  • A nugget of advice for what you should do when you receive a job offer. (19:48)
  • The mentors and people who opened doors for Mark along his career path. (23:21)
  • What is it like working for the government? (24:37)
  • Mark explains why he pivoted to become a federal employee. (30:40)
  • Everyone in the cyber security industry is open to helping each other and offering advice. (35:51)
  • What you can do right now to become sought-after and successful in five to ten years. (37:29)
  • Mark explains his job title and talks about what he does. (45:29)
  
  

  Links:

  (CS)²AI

  Mark Bristow on LinkedIn

  CISA

  ]]>8fbcd9b3-0313-4ef3-a937-81f80a87b8eaTue, 01 Mar 2022 03:00:00 -050051:12falsefull282827: The Fundamentals of Building a Cyber Security Business with Jeff HusseyToday, Jeff Hussey joins Derek Harp for another podcast in the Security Leader interview series. 

  Jeff is the Co-Founder, President, and CEO of Tempered. He is a serial entrepreneur who has accomplished a lot throughout his career. He founded and co-founded several companies, including the well-known F5 Networks. He is a professional board member of various businesses- both for-profit and not-for-profit. He has worked hard to make the internet more resilient, hardened, and secure, bring clean water to underprivileged countries, and enrich his community through the arts. He has also been funding and broadening technology innovation and cultivating better living standards for coffee growers in Latin America. Jeff is also a speaker, mountain climber, wine-maker, father, and lover of all things tech!

  Starting from a very young age, Jeff has always been passionate about technology and communications! In this episode of the (CS)²AI Podcast, he talks about his background, his love of tech, the various businesses he started, and founding Tempered. He shares nuggets of advice around getting down to the fundamentals of what you are studying, dealing with customers, and networking, and offers some valuable tips for moving forward in the cyber security industry.  

  You won’t want to miss this episode if you are starting a career in cyber security or if you are in a similar field and considering a career change! Stay tuned for more!

  Show highlights:

  • Jeff explains why he creates his own jobs. (3:53)
  • Jeff talks about his passion for tech and communications. (4:33)
  • How the first company Jeff started became the first internet service provider in Honolulu. (9:28)
  • The increasing internet traffic inspired Jeff to start his next business in 1996. (10:29)
  • Jeff discusses his initial foray into security and explains how the security paradigm changed after that. (12:25)
  • How his dad used to advise and help him early in his career. (16:30)
  • What he did to deepen his knowledge and become more effective in his career role. (18:01)
  • Jeff offers some excellent advice for dealing efficiently and effectively with customers. (22:05)
  • Jeff talks about his company, Tempered. (25:53)
  • Jeff explains what the host identity protocol does and how his company, Tempered, approaches it to create a hyper-secure network. (30:42)
  • Jeff shares his views on corporate culture. (34:16)
  • Jeff explains what excites him about the Airwall Solution that Tempered brought to market. (42:50)
  
  

  Links:

  (CS)²AI

  Jeff Hussey on LinkedIn

  Tempered

  Books mentioned in the show:

  Steven’s TCP/IP Illustrated Volumes 1 and 2

  ]]>Today, Jeff Hussey joins Derek Harp for another podcast in the Security Leader interview series. 

  Jeff is the Co-Founder, President, and CEO of Tempered. He is a serial entrepreneur who has accomplished a lot throughout his career. He founded and co-founded several companies, including the well-known F5 Networks. He is a professional board member of various businesses- both for-profit and not-for-profit. He has worked hard to make the internet more resilient, hardened, and secure, bring clean water to underprivileged countries, and enrich his community through the arts. He has also been funding and broadening technology innovation and cultivating better living standards for coffee growers in Latin America. Jeff is also a speaker, mountain climber, wine-maker, father, and lover of all things tech!

  Starting from a very young age, Jeff has always been passionate about technology and communications! In this episode of the (CS)²AI Podcast, he talks about his background, his love of tech, the various businesses he started, and founding Tempered. He shares nuggets of advice around getting down to the fundamentals of what you are studying, dealing with customers, and networking, and offers some valuable tips for moving forward in the cyber security industry.  

  You won’t want to miss this episode if you are starting a career in cyber security or if you are in a similar field and considering a career change! Stay tuned for more!

  Show highlights:

  • Jeff explains why he creates his own jobs. (3:53)
  • Jeff talks about his passion for tech and communications. (4:33)
  • How the first company Jeff started became the first internet service provider in Honolulu. (9:28)
  • The increasing internet traffic inspired Jeff to start his next business in 1996. (10:29)
  • Jeff discusses his initial foray into security and explains how the security paradigm changed after that. (12:25)
  • How his dad used to advise and help him early in his career. (16:30)
  • What he did to deepen his knowledge and become more effective in his career role. (18:01)
  • Jeff offers some excellent advice for dealing efficiently and effectively with customers. (22:05)
  • Jeff talks about his company, Tempered. (25:53)
  • Jeff explains what the host identity protocol does and how his company, Tempered, approaches it to create a hyper-secure network. (30:42)
  • Jeff shares his views on corporate culture. (34:16)
  • Jeff explains what excites him about the Airwall Solution that Tempered brought to market. (42:50)
  
  

  Links:

  (CS)²AI

  Jeff Hussey on LinkedIn

  Tempered

  Books mentioned in the show:

  Steven’s TCP/IP Illustrated Volumes 1 and 2

  ]]>a9b60a2c-83a8-45ea-af28-70ac7d4a9821Tue, 22 Feb 2022 03:00:00 -050038:33falsefull272726: Starting Your Own Cyber Security Business with Albert RooyakkersAlbert Rooyakkers, the CEO and Founder of Bedrock Automation, joins Derek Harp today for another episode in the Security Leaders series. Albert is a well-known technologist in the cyber security industry. He is also an inventor, a motorhead, and a keen outdoorsman. 

  Albert was born and raised in Canada. After finishing high school, he went to the Southern Alberta Institute of Technology to learn about instrumentation and process control. After completing his studies, he spent sixteen years working at Foxboro, where he went from Sales to Applications to Projects and eventually into management. Foxboro later became Invensys and sent Albert to the Middle East. He loved that because the Middle East is a fascinating place!

  Albert once described himself as a future enthusiast because the future excites him so much! In this episode of the (CS)²AI Podcast, he discusses his background, education, and career path. He talks about his early work experiences, dives into the founding of Bedrock Automation, and discusses the exciting transition to run Bedrock. He also shares some nuggets of advice for getting ahead in your career and talks about the exciting changes we can look forward to seeing in the future.

  If you have spent most of your career working for one or two companies and are thinking about starting a business of your own, you are sure to gain a lot from today’s inspiring conversation with Albert Rooyakkers. Listen in to hear more!

  Show highlights:

  • Albert worked on big projects while at Foxboro and often traveled internationally. (3:01)
  • Albert grew up with family businesses, so he knew starting a business would involve a lot of hard work. (4:10)
  • Why did he become a young workaholic while working in their family businesses in Canada? (5:29)
  • Albert talks about the best and most rewarding years of his life while starting Bedrock. (7:35)
  • What Albert believes is the most comprehensive learning experience imaginable. (8:55)
  • Jumping from Invensys to Maxim and then jumping from Maxim to Bedrock. (9:28)
  • Some advice for actualizing an idea or design that relates to the company you are in. (13:18)
  • Cyber violates the premise of automation. Albert explains how we can solve that right here in the USA. (18:29)
  • Building and maintaining relationships is vital. (25:14)
  • Great technology moves beyond technology and becomes art. When presented in the right way, that inspires people to use it. (28:31)
  • Some advice for overcoming challenges, growing, and evolving along your career journey. (32:57)
  • What excites Albert about the future? (38:51)
  
  

   

  ]]>Albert Rooyakkers, the CEO and Founder of Bedrock Automation, joins Derek Harp today for another episode in the Security Leaders series. Albert is a well-known technologist in the cyber security industry. He is also an inventor, a motorhead, and a keen outdoorsman. 

  Albert was born and raised in Canada. After finishing high school, he went to the Southern Alberta Institute of Technology to learn about instrumentation and process control. After completing his studies, he spent sixteen years working at Foxboro, where he went from Sales to Applications to Projects and eventually into management. Foxboro later became Invensys and sent Albert to the Middle East. He loved that because the Middle East is a fascinating place!

  Albert once described himself as a future enthusiast because the future excites him so much! In this episode of the (CS)²AI Podcast, he discusses his background, education, and career path. He talks about his early work experiences, dives into the founding of Bedrock Automation, and discusses the exciting transition to run Bedrock. He also shares some nuggets of advice for getting ahead in your career and talks about the exciting changes we can look forward to seeing in the future.

  If you have spent most of your career working for one or two companies and are thinking about starting a business of your own, you are sure to gain a lot from today’s inspiring conversation with Albert Rooyakkers. Listen in to hear more!

  Show highlights:

  • Albert worked on big projects while at Foxboro and often traveled internationally. (3:01)
  • Albert grew up with family businesses, so he knew starting a business would involve a lot of hard work. (4:10)
  • Why did he become a young workaholic while working in their family businesses in Canada? (5:29)
  • Albert talks about the best and most rewarding years of his life while starting Bedrock. (7:35)
  • What Albert believes is the most comprehensive learning experience imaginable. (8:55)
  • Jumping from Invensys to Maxim and then jumping from Maxim to Bedrock. (9:28)
  • Some advice for actualizing an idea or design that relates to the company you are in. (13:18)
  • Cyber violates the premise of automation. Albert explains how we can solve that right here in the USA. (18:29)
  • Building and maintaining relationships is vital. (25:14)
  • Great technology moves beyond technology and becomes art. When presented in the right way, that inspires people to use it. (28:31)
  • Some advice for overcoming challenges, growing, and evolving along your career journey. (32:57)
  • What excites Albert about the future? (38:51)
  
  

   

  ]]>efd608bc-0fa2-4c7a-929c-87a7d18e219cTue, 15 Feb 2022 03:00:00 -050047:02falsefull262625: Exploring Careers in the Cybersecurity Controls Niche with Fred GordyToday, Derek Harp interviews Fred Gordy in another episode in the Security Leaders series. Fred is the Director of Cyber Security at Intelligent Buildings.

  Fred hails from Atlanta, Georgia. He is an author, musician, woodworker, technologist, travel enthusiast, and grandfather. He is also well-known as an evangelist around cyber security for building control systems and building management.

  Fred has worked with electronics, computers, IT, and even robotics along his career path. He had his first computer experience back in the days of basic programming in the mid-1980s when he did electronic engineering technology at college. Although his direction as an electronic engineer in technology should have been to get in on a board level, he was always more fascinated with the computer part.

  In this episode of the (CS)²AI Podcast, Fred tells his story, discusses his career trajectory, and talks about the highlights of his career. He shares his insights and experience and offers some helpful nuggets of advice for listeners considering a career in the controls space. If you are at the entry-level of our industry and wondering where to go next, you will not want to miss this episode! Stay tuned for more!

  Show highlights:

  • Fred had the opportunity to experience control systems when doing an internship while in college. (5:01)
  • How Fred inadvertently got exposed to computer control systems early on in his career. (6:27)
  • Having had a computer background before moving into the world of control systems allowed him to speak both languages. It helped him a lot in his career. (8:15)
  • Fred sees a career role emerging that will require individuals to know the full range of IT and OT. They need to understand computers and control systems. (9:01)
  • Fred discusses the work that Intelligent Buildings does in the commercial real estate industry. (13:03)
  • How buildings intersected with his career path. (14:22)
  • For Fred, there is nothing quite as exhilarating as having the power, capability, and know-how to make a massive piece of equipment work in concert with hundreds of other devices. (15:55)
  • Everything Fred has done in his life has in some way built upon itself. It's why he encourages listeners to draw on all their experiences, no matter how small they might seem. (17:40)
  • Fred talks about overcoming challenges. (21:40)
  • When he started his career, he knew little about what he was doing. He attributes his success to the mentors who helped him, encouraged him, and ignited his inner fire. (28:00)
  • Fred discusses ways to get people in different areas of the building-control space to work better together. (36:18)
  • Fred believes that the path for people in the controls industry will become easier now, since the advent of the MSI (Master System Integrator). (44:38)
  
  

  
  

  ]]>Today, Derek Harp interviews Fred Gordy in another episode in the Security Leaders series. Fred is the Director of Cyber Security at Intelligent Buildings.

  Fred hails from Atlanta, Georgia. He is an author, musician, woodworker, technologist, travel enthusiast, and grandfather. He is also well-known as an evangelist around cyber security for building control systems and building management.

  Fred has worked with electronics, computers, IT, and even robotics along his career path. He had his first computer experience back in the days of basic programming in the mid-1980s when he did electronic engineering technology at college. Although his direction as an electronic engineer in technology should have been to get in on a board level, he was always more fascinated with the computer part.

  In this episode of the (CS)²AI Podcast, Fred tells his story, discusses his career trajectory, and talks about the highlights of his career. He shares his insights and experience and offers some helpful nuggets of advice for listeners considering a career in the controls space. If you are at the entry-level of our industry and wondering where to go next, you will not want to miss this episode! Stay tuned for more!

  Show highlights:

  • Fred had the opportunity to experience control systems when doing an internship while in college. (5:01)
  • How Fred inadvertently got exposed to computer control systems early on in his career. (6:27)
  • Having had a computer background before moving into the world of control systems allowed him to speak both languages. It helped him a lot in his career. (8:15)
  • Fred sees a career role emerging that will require individuals to know the full range of IT and OT. They need to understand computers and control systems. (9:01)
  • Fred discusses the work that Intelligent Buildings does in the commercial real estate industry. (13:03)
  • How buildings intersected with his career path. (14:22)
  • For Fred, there is nothing quite as exhilarating as having the power, capability, and know-how to make a massive piece of equipment work in concert with hundreds of other devices. (15:55)
  • Everything Fred has done in his life has in some way built upon itself. It's why he encourages listeners to draw on all their experiences, no matter how small they might seem. (17:40)
  • Fred talks about overcoming challenges. (21:40)
  • When he started his career, he knew little about what he was doing. He attributes his success to the mentors who helped him, encouraged him, and ignited his inner fire. (28:00)
  • Fred discusses ways to get people in different areas of the building-control space to work better together. (36:18)
  • Fred believes that the path for people in the controls industry will become easier now, since the advent of the MSI (Master System Integrator). (44:38)
  
  

  
  

  ]]>94b5fb6f-8ca9-4130-8d0e-ca2e3341d58bTue, 08 Feb 2022 03:00:00 -050048:09falsefull252524: Cybersecurity Careers in Real Estate and Other Niches with Bayron LopezBayron Lopez joins Derek Harp today for another podcast episode in the Security Leader series. Bayron is the Manager of Operational Technology at Kilroy Realty Corporation, a real estate investment trust company specializing in developing, acquiring, and managing real estate assets, primarily in Seattle, San Francisco, LA, and San Diego. Those four strategic areas encompass about fourteen million Class A commercial real estates. Bayron is responsible for the operational technology and security of those estates. 

  Bayron was born in El Salvador and grew up in South Central Los Angeles. While in high school, he had an excellent teacher and mentors who were designing aircraft and large buildings. They exposed him to multiple areas of engineering, including electrical, mechanical, civil, and aerospace. Bayron was very lucky to have that exposure because it was unusual for kids from the South Central Los Angeles neighborhood to get introduced to the world of engineering.

  Bayron likes to see an objective outlined and then get things done. He has a degree in engineering and is a keen technologist. He is also a soccer fan and dreamer who likes to look ahead at what is coming up just beyond the horizon. In this episode of the (CS)²AI Podcast, he talks about his background and discusses his educational journey. He explains why he chose to work for a real estate company after graduating and talks about his current position at Kilroy. He also shares some valuable nuggets for people starting in cyber security or those who would like to get involved in the space.

  Cyber security is going to become a cornerstone for buildings in the future. If you are thinking about getting into the field, you will gain a lot from this episode! Stay tuned for more!

  Show highlights:

  • When he was in high school, Bayron decided to become an engineer and find something in that space that worked for him. He talks about the study program he chose. (3:58)
  • Bayron explains why he went to work for a real estate company after he graduated. (6:41)
  • How the idea of having an Operational Technology Manager came in at Kilroy. (8:45)
  • Bayron talks about the challenges he has faced since becoming Kilroy’s Operational Technology Manager. (10:28)
  • A strategy for creating a valuable security solution. (13:04)
  • Bayron discusses the day-to-day operations in his current position at Kilroy. (15:50)
  • The luxury of new builds versus retrofitting onto existing buildings. (19:44)
  • Some advice from Bayron for his younger self. (21:23)
  • A way in and some words of wisdom for individuals wanting to get into the security of building control systems. ( 22:38)
  • There are currently many different opportunities for specializing in the cyber security industry as it pertains to building systems. (26:38)
  
  ]]>Bayron Lopez joins Derek Harp today for another podcast episode in the Security Leader series. Bayron is the Manager of Operational Technology at Kilroy Realty Corporation, a real estate investment trust company specializing in developing, acquiring, and managing real estate assets, primarily in Seattle, San Francisco, LA, and San Diego. Those four strategic areas encompass about fourteen million Class A commercial real estates. Bayron is responsible for the operational technology and security of those estates. 

  Bayron was born in El Salvador and grew up in South Central Los Angeles. While in high school, he had an excellent teacher and mentors who were designing aircraft and large buildings. They exposed him to multiple areas of engineering, including electrical, mechanical, civil, and aerospace. Bayron was very lucky to have that exposure because it was unusual for kids from the South Central Los Angeles neighborhood to get introduced to the world of engineering.

  Bayron likes to see an objective outlined and then get things done. He has a degree in engineering and is a keen technologist. He is also a soccer fan and dreamer who likes to look ahead at what is coming up just beyond the horizon. In this episode of the (CS)²AI Podcast, he talks about his background and discusses his educational journey. He explains why he chose to work for a real estate company after graduating and talks about his current position at Kilroy. He also shares some valuable nuggets for people starting in cyber security or those who would like to get involved in the space.

  Cyber security is going to become a cornerstone for buildings in the future. If you are thinking about getting into the field, you will gain a lot from this episode! Stay tuned for more!

  Show highlights:

  • When he was in high school, Bayron decided to become an engineer and find something in that space that worked for him. He talks about the study program he chose. (3:58)
  • Bayron explains why he went to work for a real estate company after he graduated. (6:41)
  • How the idea of having an Operational Technology Manager came in at Kilroy. (8:45)
  • Bayron talks about the challenges he has faced since becoming Kilroy’s Operational Technology Manager. (10:28)
  • A strategy for creating a valuable security solution. (13:04)
  • Bayron discusses the day-to-day operations in his current position at Kilroy. (15:50)
  • The luxury of new builds versus retrofitting onto existing buildings. (19:44)
  • Some advice from Bayron for his younger self. (21:23)
  • A way in and some words of wisdom for individuals wanting to get into the security of building control systems. ( 22:38)
  • There are currently many different opportunities for specializing in the cyber security industry as it pertains to building systems. (26:38)
  
  ]]>57be914e-65fd-4b9b-b6d9-bee718077324Tue, 01 Feb 2022 03:00:00 -050033:04falsefull242423: Transitioning from IT to OT to Cybersecurity with Bryan SingerDerek Harp is excited to have Bryan Singer join him today for an episode in the Security Leader interview series! 

  Bryan is a true pioneer in the cyber security space! He has an extensive background in several industries, including manufacturing, DoD, and healthcare. His proven professional skills include system architecture and design, software project management, application development, system administration, network administration, database design and administration, and multi-tier support. Currently, he is Principal Director of Security Innovation at Accenture.

  Bryan was born in Mountain Home, Idaho. His father was a pilot in the air force, so they lived in many different places across the country while he was growing up. He spent most of his childhood in Alabama, and he remembers being the coolest kid on the street because he had an Apple 2 Plus computer with two five-and-a-quarter-inch floppy drives. Watching WarGames inspired him to become a hacker, but he soon realized that hacking was not quite what it appeared to be on television!

  In this episode of the (CS)²AI Podcast, Bryan shares his superhero backstory, talks about his career journey, and discusses the valuable lessons he learned early on that he could apply later in his career. He also shares some helpful nuggets for people either considering a career in cyber security or crossing over from other areas in IT or OT. If you are interested in cyber security, stay tuned. You will not want to miss this informative episode!

  Show highlights:

  • Bryan talks about when he first got an itch for hacking. (1:23)
  • Immediately after high school, he joined the army. He worked in Intelligence and got exposed to computer and network security, now known as cyber security. (3:40)
  • Bryan started his career doing software development. (4:58)
  • Bryan describes his first experience of dealing with a compromise. (7:00)
  • Having a deep systems background has been helpful when diagnosing other problems later in his career. (8:43)
  • What Bryan tells people when they ask him how he got involved in cyber security. (9:34)
  • How he ended up being Chairman of the ISA-99 Security Committee. (12:34)
  • Bryan discusses mentorship and explains how he managed to connect with mentors in the world of industrial safety. (17:12)
  • How to get involved in the standards bodies early on in your career. (21:51)
  • The advice Bryan would give to his younger self. (29:34)
  • Some helpful advice for facing challenges. (33:14)
  • The impact of the pandemic on the cyber security industry. (34:01)
  • Bryan discusses the things he chose to do in his career, outside of what his job required. (35:52)
  • Bryan co-authored two books. (36:14)
  
  

  Links:

  (CS)²AI 

  Accenture

  Bryan L Singer on LinkedIn

  Resources:

  The books Bryan co-authored: 

  Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS

  Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions

  ]]>Derek Harp is excited to have Bryan Singer join him today for an episode in the Security Leader interview series! 

  Bryan is a true pioneer in the cyber security space! He has an extensive background in several industries, including manufacturing, DoD, and healthcare. His proven professional skills include system architecture and design, software project management, application development, system administration, network administration, database design and administration, and multi-tier support. Currently, he is Principal Director of Security Innovation at Accenture.

  Bryan was born in Mountain Home, Idaho. His father was a pilot in the air force, so they lived in many different places across the country while he was growing up. He spent most of his childhood in Alabama, and he remembers being the coolest kid on the street because he had an Apple 2 Plus computer with two five-and-a-quarter-inch floppy drives. Watching WarGames inspired him to become a hacker, but he soon realized that hacking was not quite what it appeared to be on television!

  In this episode of the (CS)²AI Podcast, Bryan shares his superhero backstory, talks about his career journey, and discusses the valuable lessons he learned early on that he could apply later in his career. He also shares some helpful nuggets for people either considering a career in cyber security or crossing over from other areas in IT or OT. If you are interested in cyber security, stay tuned. You will not want to miss this informative episode!

  Show highlights:

  • Bryan talks about when he first got an itch for hacking. (1:23)
  • Immediately after high school, he joined the army. He worked in Intelligence and got exposed to computer and network security, now known as cyber security. (3:40)
  • Bryan started his career doing software development. (4:58)
  • Bryan describes his first experience of dealing with a compromise. (7:00)
  • Having a deep systems background has been helpful when diagnosing other problems later in his career. (8:43)
  • What Bryan tells people when they ask him how he got involved in cyber security. (9:34)
  • How he ended up being Chairman of the ISA-99 Security Committee. (12:34)
  • Bryan discusses mentorship and explains how he managed to connect with mentors in the world of industrial safety. (17:12)
  • How to get involved in the standards bodies early on in your career. (21:51)
  • The advice Bryan would give to his younger self. (29:34)
  • Some helpful advice for facing challenges. (33:14)
  • The impact of the pandemic on the cyber security industry. (34:01)
  • Bryan discusses the things he chose to do in his career, outside of what his job required. (35:52)
  • Bryan co-authored two books. (36:14)
  
  

  Links:

  (CS)²AI 

  Accenture

  Bryan L Singer on LinkedIn

  Resources:

  The books Bryan co-authored: 

  Cybersecurity for Industrial Control Systems: SCADA, DCS, PLC, HMI, and SIS

  Hacking Exposed Industrial Control Systems: ICS and SCADA Security Secrets & Solutions

  ]]>da669dc2-a3fe-4ba1-81b0-baf4082c00e9Tue, 25 Jan 2022 03:00:00 -050043:57falsefull232322: Niching Down Within the CyberSecurity Industry with Daryl HaegleyToday, Daryl Haegley joins Derek Harp for another episode in the Security Leader interview series! Daryl was a military officer and then became a civilian in DOD (Department of Defense) operations. He is now the Director of Mission Assurance and Cyber Deterrence for the DOD. 

  Daryl has always been fascinated with technology. He links his fascination to the intrigue he felt when watching Star Trek episodes with his father and brothers as a child and seeing how much simpler technology can make people’s lives. 

  Even though Daryl became one of the early cyber security pioneers, technology did not lead him to where he finds himself today. 

  In this episode of the (CS)²AI Podcast, Daryl tells his story, talks about his journey, discusses his choices, and explains how his career path led him to where he is today. He discusses some of the practices he employed along his career path that could be valuable when selecting a specific line of work. He also talks about how individuals in the military can increase their value to the outside world and explains where people can get formal or informal security training. 

  You will not want to miss this episode if you are leaning toward a career in the cyber security field, so stay tuned for more!

  Show highlights:

  • The path leading Daryl to where he is today did not proceed through technology. (4:42)
  • After completing his RTC in the Navy, Daryl thought he was done with school, but he went on to get three master’s degrees. (6:36)
  • Daryl talks about crossing over from college RTC to become a cryptologist. (7:45)
  • An important lesson he learned from history is about defense. (9:01)
  • Today, Daryl still references some of the lessons he learned from his early experiences in his naval career. (11:44)
  • Some advice for how individuals who are still in military service can strengthen their resumes and increase their value to the outside world. (14:24)
  • Daryl discusses some areas where individuals can get either formal or informal security training. (15:53)
  • Daryl talks about control systems and explains how they first intersected with his career. (16:55)
  • Daryl shares some highlights of his career and discusses some of the things he would do differently today. (20:19)
  • How mentorship has played out on his career path. (24:01)
  • Daryl talks about the sharing of information between government entities and non-government entities. (28:32)
  • Daryl discusses his involvement in the cyber security certification model being rolled out. (29:43)
  • There are engineering classes at Georgetown University and George Mason University that include courses for individuals who want to study cyber security. (33:22)
  • The career areas within cyber security that Daryl believes will be in demand five years from now. (35:17)
  
  ]]>Today, Daryl Haegley joins Derek Harp for another episode in the Security Leader interview series! Daryl was a military officer and then became a civilian in DOD (Department of Defense) operations. He is now the Director of Mission Assurance and Cyber Deterrence for the DOD. 

  Daryl has always been fascinated with technology. He links his fascination to the intrigue he felt when watching Star Trek episodes with his father and brothers as a child and seeing how much simpler technology can make people’s lives. 

  Even though Daryl became one of the early cyber security pioneers, technology did not lead him to where he finds himself today. 

  In this episode of the (CS)²AI Podcast, Daryl tells his story, talks about his journey, discusses his choices, and explains how his career path led him to where he is today. He discusses some of the practices he employed along his career path that could be valuable when selecting a specific line of work. He also talks about how individuals in the military can increase their value to the outside world and explains where people can get formal or informal security training. 

  You will not want to miss this episode if you are leaning toward a career in the cyber security field, so stay tuned for more!

  Show highlights:

  • The path leading Daryl to where he is today did not proceed through technology. (4:42)
  • After completing his RTC in the Navy, Daryl thought he was done with school, but he went on to get three master’s degrees. (6:36)
  • Daryl talks about crossing over from college RTC to become a cryptologist. (7:45)
  • An important lesson he learned from history is about defense. (9:01)
  • Today, Daryl still references some of the lessons he learned from his early experiences in his naval career. (11:44)
  • Some advice for how individuals who are still in military service can strengthen their resumes and increase their value to the outside world. (14:24)
  • Daryl discusses some areas where individuals can get either formal or informal security training. (15:53)
  • Daryl talks about control systems and explains how they first intersected with his career. (16:55)
  • Daryl shares some highlights of his career and discusses some of the things he would do differently today. (20:19)
  • How mentorship has played out on his career path. (24:01)
  • Daryl talks about the sharing of information between government entities and non-government entities. (28:32)
  • Daryl discusses his involvement in the cyber security certification model being rolled out. (29:43)
  • There are engineering classes at Georgetown University and George Mason University that include courses for individuals who want to study cyber security. (33:22)
  • The career areas within cyber security that Daryl believes will be in demand five years from now. (35:17)
  
  ]]>2796fb1a-bc08-4e26-9aec-feed2e12aa5bTue, 18 Jan 2022 03:00:00 -050037:38falsefull222221: A Non-Linear But Rewarding Career Path In Cybersecurity with Chris BlaskToday, we have another podcast in the Security Leaders interview series. In this episode, Derek Harp talks to Chris Blask, the Global Director of Industrial and IoT Security at Unisys. Chris is a man of many talents! He is an entrepreneur, an inventor, an evangelist, and a visionary. He has been involved in many different projects for work, for fun, and sometimes a mix of both. 

  Chris was the inventor of one of the first firewall products. In addition, he built a multibillion-dollar firewall business at Cisco System, co-founded an early SIEM vendor, wrote the first book on SIEM, founded an information-sharing center for critical infrastructures, and advised both public and private organizations across the world in every sector. In his role at Unisys, Chris created the Operational Technology and IoT security practices, which he also leads. He also invented the Digital Bill of Materials (DBoM) structure and established the Unisys Marine Living Research Center. He currently chairs a range of non-profit cybersecurity organizations and contributes to a wide range of global security efforts.

  Chris is very well known, and his resume is outstanding! He has been involved in many different projects and initiatives. In this episode of the (CS)²AI Podcast, he shares some valuable nuggets from his vast experience! He tells his superhero origin story, talks about the non-linear way he got to where he is today, sheds light on his current role as a leader in the cybersecurity industry, and discusses his philosophy around problem-solving. 

  Chris frequently changed course throughout his career journey. If you are in the early part of your career and thinking of making some changes down the line, you really won’t want to miss this episode! Be sure to stay tuned for more!

  Show highlights:

  • Technology was a thread that ran all along Chris’s career path. (5:51)
  • While growing up, Chris always loved taking things apart to figure out how they worked. (8:16)
  • Moving on after every change he made in his life and education. (10:57)
  • The history and appreciation of art have had as much to do with Chris’s success as learning to program in Cobol. (12:46)
  • Chris explains how he started teaching people about different aspects of technology and how that led to his first job in OT with General Electric. (13:16)
  • Chris enabled himself to do mobile video conferencing to save his company millions of dollars. (15:28)
  • Chris explains how the security aspect of his career came into play. (21:00)
  • Creating and releasing the BorderWare Firewall Server. (25:46)
  • History has proved that there will always be a point in the future when every problem will get solved. (27:24)
  • Chris has been into cybersecurity for the last 28 years. He talks about all the companies with which he was involved. (31:56)
  • Chris talks about the genesis of firewalls. (34:05)
  • Learning to talk the right language, to move up in the world of technology. (39:17)
  • How mentorship has played out in Chris’s career. (43:20)
  • Chris shares a strategy for anyone currently in OT or cybersecurity. (51:34)
  • Chris talks about the changes he sees happening with OT and cybersecurity in the future. (58:37)
  
  

  Links:

  (CS)²AI  

  Unisys 

  ]]>Today, we have another podcast in the Security Leaders interview series. In this episode, Derek Harp talks to Chris Blask, the Global Director of Industrial and IoT Security at Unisys. Chris is a man of many talents! He is an entrepreneur, an inventor, an evangelist, and a visionary. He has been involved in many different projects for work, for fun, and sometimes a mix of both. 

  Chris was the inventor of one of the first firewall products. In addition, he built a multibillion-dollar firewall business at Cisco System, co-founded an early SIEM vendor, wrote the first book on SIEM, founded an information-sharing center for critical infrastructures, and advised both public and private organizations across the world in every sector. In his role at Unisys, Chris created the Operational Technology and IoT security practices, which he also leads. He also invented the Digital Bill of Materials (DBoM) structure and established the Unisys Marine Living Research Center. He currently chairs a range of non-profit cybersecurity organizations and contributes to a wide range of global security efforts.

  Chris is very well known, and his resume is outstanding! He has been involved in many different projects and initiatives. In this episode of the (CS)²AI Podcast, he shares some valuable nuggets from his vast experience! He tells his superhero origin story, talks about the non-linear way he got to where he is today, sheds light on his current role as a leader in the cybersecurity industry, and discusses his philosophy around problem-solving. 

  Chris frequently changed course throughout his career journey. If you are in the early part of your career and thinking of making some changes down the line, you really won’t want to miss this episode! Be sure to stay tuned for more!

  Show highlights:

  • Technology was a thread that ran all along Chris’s career path. (5:51)
  • While growing up, Chris always loved taking things apart to figure out how they worked. (8:16)
  • Moving on after every change he made in his life and education. (10:57)
  • The history and appreciation of art have had as much to do with Chris’s success as learning to program in Cobol. (12:46)
  • Chris explains how he started teaching people about different aspects of technology and how that led to his first job in OT with General Electric. (13:16)
  • Chris enabled himself to do mobile video conferencing to save his company millions of dollars. (15:28)
  • Chris explains how the security aspect of his career came into play. (21:00)
  • Creating and releasing the BorderWare Firewall Server. (25:46)
  • History has proved that there will always be a point in the future when every problem will get solved. (27:24)
  • Chris has been into cybersecurity for the last 28 years. He talks about all the companies with which he was involved. (31:56)
  • Chris talks about the genesis of firewalls. (34:05)
  • Learning to talk the right language, to move up in the world of technology. (39:17)
  • How mentorship has played out in Chris’s career. (43:20)
  • Chris shares a strategy for anyone currently in OT or cybersecurity. (51:34)
  • Chris talks about the changes he sees happening with OT and cybersecurity in the future. (58:37)
  
  

  Links:

  (CS)²AI  

  Unisys 

  ]]>0da72024-ee07-4bd9-a106-ab4426c5ab81Wed, 12 Jan 2022 03:00:00 -050054:30falsefull212120: Design and Produce Resilient, High-Quality Security Systems with Paul ForneyToday, Derek Harp is happy to welcome Paul Forney, the Chief Security Architect for Schneider Electric, as his guest for another episode in the (CS)2AI podcast series on security leaders. Paul is a true pioneer in the industry of securing industrial control systems.

  Paul traveled the world while growing up because his dad was a cryptographer working for Military Intelligence. His dad was serious about his job, and although he could not talk to Paul about what he did at work, he explained all the basics of encryption and taught him how to protect documents and information. 

  In his first year of college, Paul joined a band. The band got a record deal, so Paul left home and college and traveled the world as a rock and roll bass player. He always wanted to learn about technology, however. So after finally returning to college, he graduated as an electrical engineer in 1990 and went into industrial control systems. Paul still plays music in a small band for fun and to raise money for various children’s causes. 

  Security is a journey that is always changing! The threat-scape and the way we think about security are constantly evolving. In this episode of the (CS)²AI Podcast, Paul shares some valuable nuggets of information around the best approach to take and the right processes to design and produce resilient, high-quality security systems. He explains how to get involved with industry standards bodies, talks about how experts from across the world should take a leaf out of the book of the World Health Organization to collaborate to solve industry problems a whole lot faster, and offers his ideas for future careers. He also tells his story, talks about various elements in his professional journey, and discusses his way of bringing balance into his life.  

  If you are interested in making a career in the field of cybersecurity, this is a conversation you won’t want to miss! Stay tuned for more!

  Show highlights:

  • Paul plays bass in a group called The Jazz Execs. They are a consortium of musicians who raise money for children’s causes. (4:42)
  • In 1969, Paul started college as an electrical engineer. (8:06)
  • Paul went straight into industrial control systems after graduating from the University of South Florida, in Tampa, with a degree in Electrical Engineering. He eventually moved into designing security for internet portals and communications systems. (9:34)
  • Paul finds that many aspects of control systems are similar to orchestras. (10:16)
  • Some of the patents that Paul came up with are for technology to look for events happening on offshore oil platforms. That kind of work still excites him! (13:49)
  • He was always involved with communications in the early part of his career. (15:25)
  • It was 9/11 that brought Paul into the world of cybersecurity. (17:30)
  • As a security architect, Paul always has to look at the bigger picture to see how data moves around a system to design resilient ways to protect those systems. (22:05)
  • Paul talks about looking at the bigger picture to see how data moves around a system to design resilient ways to protect the system. (22:05)
  • You need to have processes, procedures, and technology to design and produce a quality security product. (24:59)
  • Paul has always sought to learn from those who think outside of the box in the control system world, like his late friend and mentor, Michael Assante. (29:14)
  • Young people can gain a lot of value from mentorship and getting involved with today’s standards bodies. (32:19)
  • New technologies, like blockchain, have great value and potential for future careers. (46:27)
  
  ]]>Today, Derek Harp is happy to welcome Paul Forney, the Chief Security Architect for Schneider Electric, as his guest for another episode in the (CS)2AI podcast series on security leaders. Paul is a true pioneer in the industry of securing industrial control systems.

  Paul traveled the world while growing up because his dad was a cryptographer working for Military Intelligence. His dad was serious about his job, and although he could not talk to Paul about what he did at work, he explained all the basics of encryption and taught him how to protect documents and information. 

  In his first year of college, Paul joined a band. The band got a record deal, so Paul left home and college and traveled the world as a rock and roll bass player. He always wanted to learn about technology, however. So after finally returning to college, he graduated as an electrical engineer in 1990 and went into industrial control systems. Paul still plays music in a small band for fun and to raise money for various children’s causes. 

  Security is a journey that is always changing! The threat-scape and the way we think about security are constantly evolving. In this episode of the (CS)²AI Podcast, Paul shares some valuable nuggets of information around the best approach to take and the right processes to design and produce resilient, high-quality security systems. He explains how to get involved with industry standards bodies, talks about how experts from across the world should take a leaf out of the book of the World Health Organization to collaborate to solve industry problems a whole lot faster, and offers his ideas for future careers. He also tells his story, talks about various elements in his professional journey, and discusses his way of bringing balance into his life.  

  If you are interested in making a career in the field of cybersecurity, this is a conversation you won’t want to miss! Stay tuned for more!

  Show highlights:

  • Paul plays bass in a group called The Jazz Execs. They are a consortium of musicians who raise money for children’s causes. (4:42)
  • In 1969, Paul started college as an electrical engineer. (8:06)
  • Paul went straight into industrial control systems after graduating from the University of South Florida, in Tampa, with a degree in Electrical Engineering. He eventually moved into designing security for internet portals and communications systems. (9:34)
  • Paul finds that many aspects of control systems are similar to orchestras. (10:16)
  • Some of the patents that Paul came up with are for technology to look for events happening on offshore oil platforms. That kind of work still excites him! (13:49)
  • He was always involved with communications in the early part of his career. (15:25)
  • It was 9/11 that brought Paul into the world of cybersecurity. (17:30)
  • As a security architect, Paul always has to look at the bigger picture to see how data moves around a system to design resilient ways to protect those systems. (22:05)
  • Paul talks about looking at the bigger picture to see how data moves around a system to design resilient ways to protect the system. (22:05)
  • You need to have processes, procedures, and technology to design and produce a quality security product. (24:59)
  • Paul has always sought to learn from those who think outside of the box in the control system world, like his late friend and mentor, Michael Assante. (29:14)
  • Young people can gain a lot of value from mentorship and getting involved with today’s standards bodies. (32:19)
  • New technologies, like blockchain, have great value and potential for future careers. (46:27)
  
  ]]>2119dd6e-c78d-4f5b-9bcf-9ce4618fb42bTue, 04 Jan 2022 03:00:00 -050056:32falsefull202019: Internships and Specialties In the Cybersecurity Industry with John CusimanoToday, Derek Harp is happy to welcome John Cusimano, Vice President of Industrial Security at Deloitte (The industrial cybersecurity division of aeSolutions’ was acquired by Deloitte in Aug. of 2021), as his guest for another episode in the Security Leader series.

  John leads their industrial cybersecurity practice team, comprised of about twenty dedicated subject matter experts who mostly came from automation, IT security, or a blend of the two in the earlier parts of their careers. 

  John hails from Upstate, New York. While in high school, he played guitar in a band and loved using guitar effects. He wanted to become an audio engineer, so he was motivated to go into the engineering field. After graduating from high school, he went to Clarkson University in Upstate New York and did a combined electrical and computer engineering degree. John picked Clarkson specifically because it was the first school in the entire country to give every new freshman a computer.

  In this episode of the (CS)²AI Podcast, John joins Derek to share his superhero origin story, talk about how he became a leader in the cybersecurity industry, and share the valuable lessons he learned along the way. He talks about the benefits of gaining practical experience from doing internships and specializing in your career. He also offers some gold nuggets of advice for people thinking of starting a career in the world of cybersecurity.

  If you are entering the workforce or in the mid-level part of your career and want to move up within your corporation or step out and start a business of your own, you will learn a lot from today’s episode, so be sure to stay tuned for more!

  Show highlights:

  • John talks about how he got to where he is at AE Solutions. (1:15)
  • John’s first encounter with technology happened before he was even in high school. (2:18)
  • John discusses how his practical experience from summer internships helped him land his first job. (6:09)
  • John shares an excellent way to bolster your career. (8:32)
  • How John found the niche of safety, and then later in his career, saw the connection between safety and cybersecurity, and started digging into cybersecurity. (11:23)
  • John talks about the people who mentored him and influenced his career path. (13:51)
  • John shares some nuggets to help engineers dive deeper into the world of cybersecurity. (17:39)
  • Overcoming the challenges in his career. (20:29)
  • There is value in being obsessive and eventually becoming an expert on a particular topic. (22:36)
  • John took a huge risk in starting an industrial cybersecurity practice before the technology got known to be a real thing. (24:33)
  • John talks about the areas within the cybersecurity industry that could start exploding with new opportunities over the next few years. (27:23)
  
  ]]>Today, Derek Harp is happy to welcome John Cusimano, Vice President of Industrial Security at Deloitte (The industrial cybersecurity division of aeSolutions’ was acquired by Deloitte in Aug. of 2021), as his guest for another episode in the Security Leader series.

  John leads their industrial cybersecurity practice team, comprised of about twenty dedicated subject matter experts who mostly came from automation, IT security, or a blend of the two in the earlier parts of their careers. 

  John hails from Upstate, New York. While in high school, he played guitar in a band and loved using guitar effects. He wanted to become an audio engineer, so he was motivated to go into the engineering field. After graduating from high school, he went to Clarkson University in Upstate New York and did a combined electrical and computer engineering degree. John picked Clarkson specifically because it was the first school in the entire country to give every new freshman a computer.

  In this episode of the (CS)²AI Podcast, John joins Derek to share his superhero origin story, talk about how he became a leader in the cybersecurity industry, and share the valuable lessons he learned along the way. He talks about the benefits of gaining practical experience from doing internships and specializing in your career. He also offers some gold nuggets of advice for people thinking of starting a career in the world of cybersecurity.

  If you are entering the workforce or in the mid-level part of your career and want to move up within your corporation or step out and start a business of your own, you will learn a lot from today’s episode, so be sure to stay tuned for more!

  Show highlights:

  • John talks about how he got to where he is at AE Solutions. (1:15)
  • John’s first encounter with technology happened before he was even in high school. (2:18)
  • John discusses how his practical experience from summer internships helped him land his first job. (6:09)
  • John shares an excellent way to bolster your career. (8:32)
  • How John found the niche of safety, and then later in his career, saw the connection between safety and cybersecurity, and started digging into cybersecurity. (11:23)
  • John talks about the people who mentored him and influenced his career path. (13:51)
  • John shares some nuggets to help engineers dive deeper into the world of cybersecurity. (17:39)
  • Overcoming the challenges in his career. (20:29)
  • There is value in being obsessive and eventually becoming an expert on a particular topic. (22:36)
  • John took a huge risk in starting an industrial cybersecurity practice before the technology got known to be a real thing. (24:33)
  • John talks about the areas within the cybersecurity industry that could start exploding with new opportunities over the next few years. (27:23)
  
  ]]>4099b5a0-c94e-4494-ac56-c9202d5ce738Tue, 28 Dec 2021 03:00:00 -050028:40falsefull191918: Changing Careers to Leverage Cybersecurity Opportunities with Jaco BenadieToday, Derek Harp is excited to have Jaco Benadie, the Executive Director of KPMG Malaysia, joining him on the show for another episode in the series on Security Leaders. 

  Jaco is a well-known leader and problem-solver in the world of cybersecurity. He has a great attitude and is always willing to do whatever he can to make things happen. He is a barbeque and sports fanatic who loves watching the Rugby World Cup!

  With over fifteen years of experience in the cybersecurity field, in both Information Technology and Operational Technology, Jaco leverages his IT and engineering skills and experiences to design, develop and implement controls to support the protection of critical computing systems from cyber threats.

  Jaco has become an expert in dealing with every level of customer management in OT, IT, and cyber security. He has often worked as a subject matter specialist for complex remediation activities. He has also acted as a mediator to resolve tensions between IT and OT.

  In this episode, Jaco tells his superhero story. He peels back the layers to let us in on the personal side of his life and career. He talks about his different work experiences after graduating from university and explains how hard he had to study to move into cybersecurity. He also talks about guidance and mentorship and explains what motivated him to leave KPMG to do rigorous safety training with Shell.

  Jaco encourages anyone considering a career change to go ahead and do it, regardless of how old you are! You will not want to miss this episode if you are thinking about breaking into the field of cybersecurity!

  Show highlights:

  • As a young boy, Jaco spent the best years of his life in Namibia with his grandfather, who was a farmer. (2:40)
  • Although he graduated with a B.Com degree in marketing, Jaco has never worked in that field. (4:52)
  • Jaco shares one of the most valuable career lessons he learned while working as a door-to-door salesman. (7:55)
  • While on a working holiday in the UK, Jaco was offered a permanent position as a Physical Security Manager. That was where he got introduced to the world of cybersecurity for the first time. (10:14)
  • Jaco did not have a technical background, so starting his journey into cybersecurity involved a steep learning curve. (14:09)
  • Jaco talks about how hard he had to study to break into the cybersecurity industry. (17:48)
  • The kind of guidance, mentorship, and exposure Jaco would have liked to have while breaking into the cybersecurity industry. (21:18)
  • What he does to encourage the junior associates in his team to engage with him and ask questions. (24:22)
  • Jaco explains why you don’t have to be a technical expert to have a key role in cybersecurity programs. (26:33)
  • How he got introduced to KPMG, took a side-step, and started working there as an assistant manager. (30:58)
  • Jaco talks about what he learned from the rigorous safety training he did with Shell before returning to KPMG. (36:05)
  
  ]]>Today, Derek Harp is excited to have Jaco Benadie, the Executive Director of KPMG Malaysia, joining him on the show for another episode in the series on Security Leaders. 

  Jaco is a well-known leader and problem-solver in the world of cybersecurity. He has a great attitude and is always willing to do whatever he can to make things happen. He is a barbeque and sports fanatic who loves watching the Rugby World Cup!

  With over fifteen years of experience in the cybersecurity field, in both Information Technology and Operational Technology, Jaco leverages his IT and engineering skills and experiences to design, develop and implement controls to support the protection of critical computing systems from cyber threats.

  Jaco has become an expert in dealing with every level of customer management in OT, IT, and cyber security. He has often worked as a subject matter specialist for complex remediation activities. He has also acted as a mediator to resolve tensions between IT and OT.

  In this episode, Jaco tells his superhero story. He peels back the layers to let us in on the personal side of his life and career. He talks about his different work experiences after graduating from university and explains how hard he had to study to move into cybersecurity. He also talks about guidance and mentorship and explains what motivated him to leave KPMG to do rigorous safety training with Shell.

  Jaco encourages anyone considering a career change to go ahead and do it, regardless of how old you are! You will not want to miss this episode if you are thinking about breaking into the field of cybersecurity!

  Show highlights:

  • As a young boy, Jaco spent the best years of his life in Namibia with his grandfather, who was a farmer. (2:40)
  • Although he graduated with a B.Com degree in marketing, Jaco has never worked in that field. (4:52)
  • Jaco shares one of the most valuable career lessons he learned while working as a door-to-door salesman. (7:55)
  • While on a working holiday in the UK, Jaco was offered a permanent position as a Physical Security Manager. That was where he got introduced to the world of cybersecurity for the first time. (10:14)
  • Jaco did not have a technical background, so starting his journey into cybersecurity involved a steep learning curve. (14:09)
  • Jaco talks about how hard he had to study to break into the cybersecurity industry. (17:48)
  • The kind of guidance, mentorship, and exposure Jaco would have liked to have while breaking into the cybersecurity industry. (21:18)
  • What he does to encourage the junior associates in his team to engage with him and ask questions. (24:22)
  • Jaco explains why you don’t have to be a technical expert to have a key role in cybersecurity programs. (26:33)
  • How he got introduced to KPMG, took a side-step, and started working there as an assistant manager. (30:58)
  • Jaco talks about what he learned from the rigorous safety training he did with Shell before returning to KPMG. (36:05)
  
  ]]>a9369e50-d6c6-4f6a-9f15-73e6453e950eTue, 21 Dec 2021 03:00:00 -050049:13falsefull181817: Practical Applications of the Theoretical Work of Academic Research with Robin BerthierToday, Derek Harp is happy to have Robin Berthier, the CEO, and Co-founder of Network Perception, joining him as his guest for this episode in the Security Leaders series! 

  Robin took a piece of technology out of a university research study and, together with some others, built a company around it. Network Perception is a startup committed to designing and developing highly-usable network audit solutions.

  Robin grew up in Brittany, in the North-West region of France. He attended the first French school dedicated to cybersecurity. In addition to being an entrepreneur, Robin is also a researcher, technologist, and problem-solver. In his free time, he enjoys rock climbing and movies. He has even tried his hand at producing and directing movies! 

  In this episode of the (CS)²AI Podcast, Robin shares his backstory and discusses his career journey. He talks about becoming a research scientist, designing specification-based intrusion detection systems for smart energy delivery systems, and transitioning from a researcher to an entrepreneur. He also talks about mentorship and offers some nuggets of advice for entrepreneurs.

  You won’t want to miss this episode if you are interested in finding out about the practical applications of the theoretical work done in academic research. Stay tuned for more!

  Show highlights:

  • Robin talks about where his passion for breaking and protecting systems began. (1:37)
  • The more Robin worked with computers, the more he became fascinated with the notion of feeling the universe. (2:33)
  • In the early 2000s, the French government created the resources to train the next-generation workforce in computers and cybersecurity. (3:30)
  • Robin discusses his first dedicated open-source project. (7:51)
  • In addition to cybersecurity, Robin was also interested in information visualization. (9:41)
  • How he moved from doing post-doctoral work to becoming a research scientist. (11:12)
  • How Robin got into designing specification-based intrusion detection systems for smart energy delivery systems. (15:07)
  • Recognizing an opportunity for university-based research to become a company. (17:46)
  • Transitioning from being a researcher to becoming an entrepreneur and the challenges that went along with that. (23:18)
  • What Robin would do differently if he had to start his entrepreneurial journey over. (28:58)
  • Some advice for entrepreneurs. (31:20)
  • Why you should never burn bridges or feel afraid of reaching out to others. (36:55)
  
  ]]>Today, Derek Harp is happy to have Robin Berthier, the CEO, and Co-founder of Network Perception, joining him as his guest for this episode in the Security Leaders series! 

  Robin took a piece of technology out of a university research study and, together with some others, built a company around it. Network Perception is a startup committed to designing and developing highly-usable network audit solutions.

  Robin grew up in Brittany, in the North-West region of France. He attended the first French school dedicated to cybersecurity. In addition to being an entrepreneur, Robin is also a researcher, technologist, and problem-solver. In his free time, he enjoys rock climbing and movies. He has even tried his hand at producing and directing movies! 

  In this episode of the (CS)²AI Podcast, Robin shares his backstory and discusses his career journey. He talks about becoming a research scientist, designing specification-based intrusion detection systems for smart energy delivery systems, and transitioning from a researcher to an entrepreneur. He also talks about mentorship and offers some nuggets of advice for entrepreneurs.

  You won’t want to miss this episode if you are interested in finding out about the practical applications of the theoretical work done in academic research. Stay tuned for more!

  Show highlights:

  • Robin talks about where his passion for breaking and protecting systems began. (1:37)
  • The more Robin worked with computers, the more he became fascinated with the notion of feeling the universe. (2:33)
  • In the early 2000s, the French government created the resources to train the next-generation workforce in computers and cybersecurity. (3:30)
  • Robin discusses his first dedicated open-source project. (7:51)
  • In addition to cybersecurity, Robin was also interested in information visualization. (9:41)
  • How he moved from doing post-doctoral work to becoming a research scientist. (11:12)
  • How Robin got into designing specification-based intrusion detection systems for smart energy delivery systems. (15:07)
  • Recognizing an opportunity for university-based research to become a company. (17:46)
  • Transitioning from being a researcher to becoming an entrepreneur and the challenges that went along with that. (23:18)
  • What Robin would do differently if he had to start his entrepreneurial journey over. (28:58)
  • Some advice for entrepreneurs. (31:20)
  • Why you should never burn bridges or feel afraid of reaching out to others. (36:55)
  
  ]]>26bd85ad-8223-4846-b9dc-12ee2f380bb9Tue, 14 Dec 2021 03:00:00 -050057:40falsefull171716: Transitioning from the Military to a Career in Cybersecurity with Ernest WohnigDerek Harp is happy to have Ernest Wohnig joining him as his guest for today’s show! 

  Ernest has performed a variety of different roles. Currently, he serves as the Senior Vice President of CISO Advisory in CIP and ICS services at System 1, a specialized cybersecurity consulting firm. In addition to that, he also serves on the Thomas Edison State University (TESU) Cybersecurity Program Advisory Board and chairs the global advisory board of the Control System Cyber Security Association International (CS2AI). Before that, he served as a Deputy CISO and Senior Global Cybersecurity Advisor for a Fortune 200 energy company, leading the coordination of cybersecurity activities across their global operations.

  Ernest is recognized internationally as a cybersecurity executive. He is a sought-after strategic adviser to the senior leadership of global firms, national government agencies, and corporate and non-profit directors. His main areas of interest and experience include integrating cyber risk as a key component of business risk and opportunity, the effects of cyber risk on critical infrastructure from both operations and national infrastructure governance perspectives, and the threat and promise of Artificial Intelligence as an enabler in the cybersphere.

  In the 1990s, Ernest served as an Air Force Intelligence officer and an Information Warfare advisor for the US Government. He also has significant experience, directing the development and delivery of cyber security consulting services for large and boutique global consulting firms. 

  In this episode of the (CS)²AI Podcast, Ernest shares his superhero origin story. He discusses his early interest in the impact of technology on national security, his introduction to information warfare and cybersecurity while in the military, and the skills he needed when he joined the DIA after leaving the Air Force. He also talks about mentorship and offers suggestions for finding the right niche early in your career and developing additional non-technical career skills. 

  Ernest is proof that you don’t have to have a degree in computer science or engineering to do cybersecurity. Tune in today to hear his fascinating story! You won’t want to miss this episode if you are entering the market after the military or thinking of transitioning into the cybersecurity space. 

  Show highlights:

  • As a talkative young lieutenant in the Air Force, Ernest often spoke to his colonel about the book, Third Wave by Alvin Toffler. That resulted in him becoming a liaison to the first Information Warfare Squadron. (2:39)
  • Technology fascinated Ernest, but he focused more on how people use technology and how technology impacts national security. (4:30)
  • You don’t need any specific formal education to get into the cybersecurity space. (5:16)
  • Ernest got introduced to cybersecurity after joining the military. (7:27)
  • We have forgotten some of the security problems that Ernest addressed in the late 1990s. They have resurfaced again, however, and caused some concern in the last four or five years. (11:20)
  • Ernest spent a year-and-a-half with the DIA after leaving the military. He talks about the skill sets that he needed there. (14:10)
  • Reaching the level in his career where he had to dial down the technical aspect and dial up the people aspect. (15:36)
  • We have come a long way with cybersecurity. It has grown a lot, and many subdivisions have formed since the time it was known as information security. (19:48)
  • Find the right niche early on in your career. (20:58) 
  • Ernest talks about mentorship and discusses ways of developing additional skills. (24:47)
  • Some practical advice for connecting with potential mentors in the industry sector you would like to join. (34:48)
  • What you could gain from taking career-broadening tours. (44:52)
  • Tips for...]]>Derek Harp is happy to have Ernest Wohnig joining him as his guest for today’s show! 

    Ernest has performed a variety of different roles. Currently, he serves as the Senior Vice President of CISO Advisory in CIP and ICS services at System 1, a specialized cybersecurity consulting firm. In addition to that, he also serves on the Thomas Edison State University (TESU) Cybersecurity Program Advisory Board and chairs the global advisory board of the Control System Cyber Security Association International (CS2AI). Before that, he served as a Deputy CISO and Senior Global Cybersecurity Advisor for a Fortune 200 energy company, leading the coordination of cybersecurity activities across their global operations.

    Ernest is recognized internationally as a cybersecurity executive. He is a sought-after strategic adviser to the senior leadership of global firms, national government agencies, and corporate and non-profit directors. His main areas of interest and experience include integrating cyber risk as a key component of business risk and opportunity, the effects of cyber risk on critical infrastructure from both operations and national infrastructure governance perspectives, and the threat and promise of Artificial Intelligence as an enabler in the cybersphere.

    In the 1990s, Ernest served as an Air Force Intelligence officer and an Information Warfare advisor for the US Government. He also has significant experience, directing the development and delivery of cyber security consulting services for large and boutique global consulting firms. 

    In this episode of the (CS)²AI Podcast, Ernest shares his superhero origin story. He discusses his early interest in the impact of technology on national security, his introduction to information warfare and cybersecurity while in the military, and the skills he needed when he joined the DIA after leaving the Air Force. He also talks about mentorship and offers suggestions for finding the right niche early in your career and developing additional non-technical career skills. 

    Ernest is proof that you don’t have to have a degree in computer science or engineering to do cybersecurity. Tune in today to hear his fascinating story! You won’t want to miss this episode if you are entering the market after the military or thinking of transitioning into the cybersecurity space. 

    Show highlights:

    • As a talkative young lieutenant in the Air Force, Ernest often spoke to his colonel about the book, Third Wave by Alvin Toffler. That resulted in him becoming a liaison to the first Information Warfare Squadron. (2:39)
    • Technology fascinated Ernest, but he focused more on how people use technology and how technology impacts national security. (4:30)
    • You don’t need any specific formal education to get into the cybersecurity space. (5:16)
    • Ernest got introduced to cybersecurity after joining the military. (7:27)
    • We have forgotten some of the security problems that Ernest addressed in the late 1990s. They have resurfaced again, however, and caused some concern in the last four or five years. (11:20)
    • Ernest spent a year-and-a-half with the DIA after leaving the military. He talks about the skill sets that he needed there. (14:10)
    • Reaching the level in his career where he had to dial down the technical aspect and dial up the people aspect. (15:36)
    • We have come a long way with cybersecurity. It has grown a lot, and many subdivisions have formed since the time it was known as information security. (19:48)
    • Find the right niche early on in your career. (20:58) 
    • Ernest talks about mentorship and discusses ways of developing additional skills. (24:47)
    • Some practical advice for connecting with potential mentors in the industry sector you would like to join. (34:48)
    • What you could gain from taking career-broadening tours. (44:52)
    • Tips for increasing your amount of influence. (47:36)
    • We will see some scary and exciting opportunities arise with cutting-edge AI technology in the future! (55:17)
    
    ]]>b5e786d9-6f60-45fc-b950-539ecf73ae9dTue, 07 Dec 2021 03:00:00 -050057:35falsefull161615: Running a Successful Cyber Security Company with Clint BodungenToday, Derek Harp is excited to have Clint Bodungen, the Founder and CEO of ThreatGEN, joining him for an episode of the Security Leader interview series. Clint is an inspiring and creative individual who has been working in the cybersecurity industry for more than 25 years. He is a founder, entrepreneur, gamer, game designer, teacher, researcher, professor, martial artist, and father. 

    Clint Bodungen is the lead author of Hacking Exposed: Industrial Control Systems and creator of the ThreatGEN® Red vs. Blue cybersecurity gamification platform. He is a United States Air Force veteran and an active part of the cybersecurity community. Since 2003, his focus has been exclusively on ICS/OT cybersecurity, and he has helped many of the world's largest energy companies. Clint has worked for Symantec, Kaspersky Lab, and Industrial Defender and has published many technical papers and training courses on ICS/OT cybersecurity vulnerability assessment, penetration testing, and risk management.

    While growing up, Clint was both technically inclined and artistic. He wanted to study commercial art and graphic design but started studying theatre and movie special effects instead. After a while, he switched to studying art, and soon after that, he quit his studies to join the Air Force. While in the military, he was allowed to learn about computers and computer security. 

    In today’s episode of the (CS)²AI Podcast, Clint tells his inspiring story and shares some great nuggets of advice for getting ahead in your career, finding opportunities, and running a successful company! He talks about his love of gaming and other interests while growing up. He discusses his studies, joining the Air Force, mentorship, the turning point in his career when he learned about industrial systems for the first time, and the process of writing his book, Hacking Exposed: Industrial Control Systems. 

    Stay tuned! You won't want to miss this nugget-filled and inspiring episode! 

    Show highlights:

    • Clint’s love of games and technology started when his family got an Atari in the early 1980s. (5:28)
    • His mom introduced him to one of her co-workers, a programmer. That got him interested in programming. (6:54)
    • Deciding to quit studying art and join the Air Force. (10:23)
    • What made Clint decide to join the military? (12:13)
    • Clint got the opportunity to start working on internet networks and learn about computers and computer security in 1995, while in the military. (15:26)
    • Clint and his colleague became interested in hacking in the mid-1990s. (16:27)
    • Clint talks about what prompted him to leave the military and discusses what he would have done differently today. (18:38)
    • Clint shares some nuggets of advice for anyone considering a career in computer security or technology. (22:45)
    • Much of what we learn comes from experience rather than books or classrooms. (25:40)
    • Clint talks about mentorship and how he got mentored by a hacker. (29:05)
    • The turning point in Clint’s career was when he got the opportunity to cross-train and write intrusion detection system codes with some of the developers at Symantec. (38:34)
    • When Clint learned about industrial systems for the first time. (42:00)
    • Writing papers and sharing his knowledge gave Clint a lot of exposure and the opportunity to give something back to his community. (47:53)
    • Clint talks about the process of writing his book, Hacking Exposed: Industrial Control Systems. (52:02)
    • Clint shares some of the nuggets he learned along the way in his career. (1:03:38)
    
    ]]>Today, Derek Harp is excited to have Clint Bodungen, the Founder and CEO of ThreatGEN, joining him for an episode of the Security Leader interview series. Clint is an inspiring and creative individual who has been working in the cybersecurity industry for more than 25 years. He is a founder, entrepreneur, gamer, game designer, teacher, researcher, professor, martial artist, and father. 

    Clint Bodungen is the lead author of Hacking Exposed: Industrial Control Systems and creator of the ThreatGEN® Red vs. Blue cybersecurity gamification platform. He is a United States Air Force veteran and an active part of the cybersecurity community. Since 2003, his focus has been exclusively on ICS/OT cybersecurity, and he has helped many of the world's largest energy companies. Clint has worked for Symantec, Kaspersky Lab, and Industrial Defender and has published many technical papers and training courses on ICS/OT cybersecurity vulnerability assessment, penetration testing, and risk management.

    While growing up, Clint was both technically inclined and artistic. He wanted to study commercial art and graphic design but started studying theatre and movie special effects instead. After a while, he switched to studying art, and soon after that, he quit his studies to join the Air Force. While in the military, he was allowed to learn about computers and computer security. 

    In today’s episode of the (CS)²AI Podcast, Clint tells his inspiring story and shares some great nuggets of advice for getting ahead in your career, finding opportunities, and running a successful company! He talks about his love of gaming and other interests while growing up. He discusses his studies, joining the Air Force, mentorship, the turning point in his career when he learned about industrial systems for the first time, and the process of writing his book, Hacking Exposed: Industrial Control Systems. 

    Stay tuned! You won't want to miss this nugget-filled and inspiring episode! 

    Show highlights:

    • Clint’s love of games and technology started when his family got an Atari in the early 1980s. (5:28)
    • His mom introduced him to one of her co-workers, a programmer. That got him interested in programming. (6:54)
    • Deciding to quit studying art and join the Air Force. (10:23)
    • What made Clint decide to join the military? (12:13)
    • Clint got the opportunity to start working on internet networks and learn about computers and computer security in 1995, while in the military. (15:26)
    • Clint and his colleague became interested in hacking in the mid-1990s. (16:27)
    • Clint talks about what prompted him to leave the military and discusses what he would have done differently today. (18:38)
    • Clint shares some nuggets of advice for anyone considering a career in computer security or technology. (22:45)
    • Much of what we learn comes from experience rather than books or classrooms. (25:40)
    • Clint talks about mentorship and how he got mentored by a hacker. (29:05)
    • The turning point in Clint’s career was when he got the opportunity to cross-train and write intrusion detection system codes with some of the developers at Symantec. (38:34)
    • When Clint learned about industrial systems for the first time. (42:00)
    • Writing papers and sharing his knowledge gave Clint a lot of exposure and the opportunity to give something back to his community. (47:53)
    • Clint talks about the process of writing his book, Hacking Exposed: Industrial Control Systems. (52:02)
    • Clint shares some of the nuggets he learned along the way in his career. (1:03:38)
    
    ]]>c657ae3d-d66c-4055-8489-46fbdcaba038Tue, 30 Nov 2021 03:00:00 -050001:09:23falsefull151514: Consequence-Driven, Cyber-Informed Engineering (CCE) with Sara Freeman and Andy BochmanToday, Derek Harp, the host of (CS)²AI Podcast, shares an episode of the Author Spotlight that features practitioners and contributors who do great work and write books about new modalities, new systems of organization, and new thought processes. 

    In this episode, Andy Bochman and Sarah Freeman, authors of Countering Cyber Sabotage- Introducing Consequence-Driven Cyber-Informed Engineering, join Derek to talk about their book. 

    Sarah has been an Industrial Control Systems Cyber Security Analyst at The Idaho National Laboratory (The Lab) for the past eight years. She did not get there through the traditional computer or cyber security background, however. Sarah studied Intelligence and Security Studies, focusing on terrorism in Graduate School, and came into cyber security through Language Services by assisting with certain investigations and operations on the language side. That eventually transitioned into industrial control systems when she joined The Lab. 

    Sarah has a unique understanding of different kinds of threat actors from some of the work she has done in the past. The Lab focuses on bringing in people with different backgrounds, like cyber security researchers, malware reverse engineers, and engineers. That is invaluable when talking about attacks specifically leveled against industrial control systems because some things translate well between traditional IT attacks while others are completely different. Bringing in different groups helps with much of their work. 

    One of the first companies Andy ever worked for was an applications security company that eventually got bought by IBM. He was also involved in some startups and some consulting. At IBM, Andy matched his cyber security day job with his night job, moonlighting as a blogger on the DOD Energy Blog and the Smart Grid Security Blog. While at IBM, he asked if he could cover energy from a cyber point of view, and they agreed. From that point, it became clear that he would eventually end up at the Idaho National Laboratory, where he has been for the last seven years. 

    Show highlights:

    • Sarah is valuable to the community because of her knowledge of the spoken and written languages used in certain parts of the world. (4:28) 
    • The genesis of their book and the philosophy behind it. (7:51)
    • From about 2003-2004, Idaho National Laboratory has focused on electric grid security. (16:16)
    • Whatever first hits the people on the street and then ripples up to the people on The Hill brings about a new level of awareness. (19:37)
    • Critical infrastructure is sure to be targeted, and once something has been targeted it will be compromised. (20:40)
    • Putting security into the design stage is a different approach that is now evolving out of The Lab. (24:23)
    • Many opportunities exist for adversaries to get in and turn things to their advantage after a new software product has been deployed and begins to interact with other networks. (29:49)
    • What initially prompted Andy to write the book before Sarah came on board. (30:35)
    • How Andy came up with the title of the book. (36:43)
    • When espionage turns into sabotage. (39:04)
    • How you can use the book. (40:25)
    • A partner program and another version of the book, known as “Bootcamp” or “Partner Training” are also available. (41:13)
    • People are tired of the status quo and would be willing to explore a new way. (44:43)
    
    ]]>Today, Derek Harp, the host of (CS)²AI Podcast, shares an episode of the Author Spotlight that features practitioners and contributors who do great work and write books about new modalities, new systems of organization, and new thought processes. 

    In this episode, Andy Bochman and Sarah Freeman, authors of Countering Cyber Sabotage- Introducing Consequence-Driven Cyber-Informed Engineering, join Derek to talk about their book. 

    Sarah has been an Industrial Control Systems Cyber Security Analyst at The Idaho National Laboratory (The Lab) for the past eight years. She did not get there through the traditional computer or cyber security background, however. Sarah studied Intelligence and Security Studies, focusing on terrorism in Graduate School, and came into cyber security through Language Services by assisting with certain investigations and operations on the language side. That eventually transitioned into industrial control systems when she joined The Lab. 

    Sarah has a unique understanding of different kinds of threat actors from some of the work she has done in the past. The Lab focuses on bringing in people with different backgrounds, like cyber security researchers, malware reverse engineers, and engineers. That is invaluable when talking about attacks specifically leveled against industrial control systems because some things translate well between traditional IT attacks while others are completely different. Bringing in different groups helps with much of their work. 

    One of the first companies Andy ever worked for was an applications security company that eventually got bought by IBM. He was also involved in some startups and some consulting. At IBM, Andy matched his cyber security day job with his night job, moonlighting as a blogger on the DOD Energy Blog and the Smart Grid Security Blog. While at IBM, he asked if he could cover energy from a cyber point of view, and they agreed. From that point, it became clear that he would eventually end up at the Idaho National Laboratory, where he has been for the last seven years. 

    Show highlights:

    • Sarah is valuable to the community because of her knowledge of the spoken and written languages used in certain parts of the world. (4:28) 
    • The genesis of their book and the philosophy behind it. (7:51)
    • From about 2003-2004, Idaho National Laboratory has focused on electric grid security. (16:16)
    • Whatever first hits the people on the street and then ripples up to the people on The Hill brings about a new level of awareness. (19:37)
    • Critical infrastructure is sure to be targeted, and once something has been targeted it will be compromised. (20:40)
    • Putting security into the design stage is a different approach that is now evolving out of The Lab. (24:23)
    • Many opportunities exist for adversaries to get in and turn things to their advantage after a new software product has been deployed and begins to interact with other networks. (29:49)
    • What initially prompted Andy to write the book before Sarah came on board. (30:35)
    • How Andy came up with the title of the book. (36:43)
    • When espionage turns into sabotage. (39:04)
    • How you can use the book. (40:25)
    • A partner program and another version of the book, known as “Bootcamp” or “Partner Training” are also available. (41:13)
    • People are tired of the status quo and would be willing to explore a new way. (44:43)
    
    ]]>16c8fd5d-2f32-4b1b-a85f-24405c58d9baTue, 23 Nov 2021 03:00:00 -050047:07falsefull141413: What You Need to Know Before You Consider a Cybersecurity Career with Brad Raiford(CS)²AI- Security Leaders – Brad Raiford

    Derek Harp is excited to have Brad Raiford joining him on the show today! Brad is a Director in the Cybersecurity Services Practice at KPMG. His primary focus is divided between operational technology, ICS, data, the expanding industrial world of the internet of things, the internet of everything, and how the impact of 5G will change the course of manufacturing and production systems.

    Brad was born in Galveston, Texas, and spent most of his childhood in Saudi Arabia because his dad worked for Ramco. He has a degree in Computer Information Systems from Texas A&M University and a Master’s in Computer Engineering from Johns Hopkins University. 

    Brad was introduced to technology very early on because his dad loved trying out the latest technology. They got linked to the internet at the beginning of the 1990s. From there, Brad’s interest in technology continued to grow. When he was ten or eleven years old, he and his brother started building computers, and they even designed their entire home network a couple of years later.

    In today’s episode of the (CS)²AI Podcast, Brad talks about how he developed an interest in technology as a young boy and how he got introduced to internet security. He also shares some nuggets about how you need to think and what you need to understand if you are interested in making a career in the technology or cyber security space.

    Be sure to stay tuned for more! You definitely won’t want to miss this episode!

    Show highlights:

    • How Brad first got introduced to technology. (2:50)
    • How he started learning about internet security and firewalls (6:38)
    • Why Brad has always viewed cyber as a lens through which to digest technology. (7:24)
    • A simple question that Brad always likes to ask new hires or people interested in the technology space. (10:07)
    • How the industrial part of cyber security intersected with his career path. (15:48)
    • What you would need to have in place to join an OT team at KPMG. (18:38)
    • Where industrial control systems came into Brad’s career. (22:59)
    • The three mentors Brad has had in his life. (26:35) 
    • The biggest challenges he has experienced in his career. (31:30)
    • Knowing how and when to say “no”. (34:09)
    • The greatest single skill anyone can have. (35:38)
    • Staying abreast of new things. (41:16)
    
    ]]>(CS)²AI- Security Leaders – Brad Raiford

    Derek Harp is excited to have Brad Raiford joining him on the show today! Brad is a Director in the Cybersecurity Services Practice at KPMG. His primary focus is divided between operational technology, ICS, data, the expanding industrial world of the internet of things, the internet of everything, and how the impact of 5G will change the course of manufacturing and production systems.

    Brad was born in Galveston, Texas, and spent most of his childhood in Saudi Arabia because his dad worked for Ramco. He has a degree in Computer Information Systems from Texas A&M University and a Master’s in Computer Engineering from Johns Hopkins University. 

    Brad was introduced to technology very early on because his dad loved trying out the latest technology. They got linked to the internet at the beginning of the 1990s. From there, Brad’s interest in technology continued to grow. When he was ten or eleven years old, he and his brother started building computers, and they even designed their entire home network a couple of years later.

    In today’s episode of the (CS)²AI Podcast, Brad talks about how he developed an interest in technology as a young boy and how he got introduced to internet security. He also shares some nuggets about how you need to think and what you need to understand if you are interested in making a career in the technology or cyber security space.

    Be sure to stay tuned for more! You definitely won’t want to miss this episode!

    Show highlights:

    • How Brad first got introduced to technology. (2:50)
    • How he started learning about internet security and firewalls (6:38)
    • Why Brad has always viewed cyber as a lens through which to digest technology. (7:24)
    • A simple question that Brad always likes to ask new hires or people interested in the technology space. (10:07)
    • How the industrial part of cyber security intersected with his career path. (15:48)
    • What you would need to have in place to join an OT team at KPMG. (18:38)
    • Where industrial control systems came into Brad’s career. (22:59)
    • The three mentors Brad has had in his life. (26:35) 
    • The biggest challenges he has experienced in his career. (31:30)
    • Knowing how and when to say “no”. (34:09)
    • The greatest single skill anyone can have. (35:38)
    • Staying abreast of new things. (41:16)
    
    ]]>34ba813d-33b3-4fa7-a219-9fca330c495dTue, 16 Nov 2021 03:00:00 -050040:58falsefull131312: Using Writing Skills to Unlock Careers in Cybersecurity with Andrew GinterToday, Andrew Ginter, a pioneer in the cyber security space, joins Derek Harp. Andrew is the VP of Industrial Security at Waterfall Solutions. He is an author, a podcast host, and a well-known cyber security expert with multiple credentials in the industry. 

    Andrew was raised on a farm outside of Calgary and has remained there ever since. Where ever he worked early on in his career, Andrew would always step up and volunteer to do anything important that needed to get done. So he often wound up doing the things no one else wanted to do. That mostly involved doing maintenance because everyone else in the computer field wanted to do development. Andrew found that going with whatever was important and executing it well got him promoted and afforded him better opportunities.

    In this episode of (CS)²AI Podcast, Andrew discusses his journey into cyber security. He shares his insights and offers advice for those who want to use their writing skills to open up new opportunities. This is an episode you won’t want to miss if you are interested in starting a career in the industrial security space!

    Show highlights:

    • Andrew shares his background. (2:00)
    • How Andrew got pulled into doing SCADA security. (5:06)
    • Where technology first intersected with Andrew’s life. (7:05)
    • How Andrew wound up doing maintenance on 100,000 lines of assembly code. (10:15)
    • The helpful role mentorship played in Andrew’s career. (12:24)
    • Andrew talks about the control system product he developed. (17:54)
    • How Andrew’s writing skills opened up opportunities for him. (19:55)
    • What got highlighted for Andrew as a result of him writing a controversial book. (28:02)
    • Some practical advice for where writing skills could get developed and applied to the cyber security industry. (34:36)
    • Andrew shares some great advice about researching while working on a Master’s Degree to get a Ph.D. (37:46)
    • What you need to know if you are starting in the industrial security space. (43:26)
    
    

    Resources:

    Practical Cryptography by Bruce Schneier

    ]]>Today, Andrew Ginter, a pioneer in the cyber security space, joins Derek Harp. Andrew is the VP of Industrial Security at Waterfall Solutions. He is an author, a podcast host, and a well-known cyber security expert with multiple credentials in the industry. 

    Andrew was raised on a farm outside of Calgary and has remained there ever since. Where ever he worked early on in his career, Andrew would always step up and volunteer to do anything important that needed to get done. So he often wound up doing the things no one else wanted to do. That mostly involved doing maintenance because everyone else in the computer field wanted to do development. Andrew found that going with whatever was important and executing it well got him promoted and afforded him better opportunities.

    In this episode of (CS)²AI Podcast, Andrew discusses his journey into cyber security. He shares his insights and offers advice for those who want to use their writing skills to open up new opportunities. This is an episode you won’t want to miss if you are interested in starting a career in the industrial security space!

    Show highlights:

    • Andrew shares his background. (2:00)
    • How Andrew got pulled into doing SCADA security. (5:06)
    • Where technology first intersected with Andrew’s life. (7:05)
    • How Andrew wound up doing maintenance on 100,000 lines of assembly code. (10:15)
    • The helpful role mentorship played in Andrew’s career. (12:24)
    • Andrew talks about the control system product he developed. (17:54)
    • How Andrew’s writing skills opened up opportunities for him. (19:55)
    • What got highlighted for Andrew as a result of him writing a controversial book. (28:02)
    • Some practical advice for where writing skills could get developed and applied to the cyber security industry. (34:36)
    • Andrew shares some great advice about researching while working on a Master’s Degree to get a Ph.D. (37:46)
    • What you need to know if you are starting in the industrial security space. (43:26)
    
    

    Resources:

    Practical Cryptography by Bruce Schneier

    ]]>7ffe43d4-2453-4212-bbb2-03bdf6e929fbTue, 09 Nov 2021 03:00:00 -050042:21falsefull121211: Career Advancement in Information Security Services with Bill MalikToday, Bill Malik, the Vice President for Infrastructure Strategies at Trend Micro, joins Derek Harp. Bill is a well-rounded individual who has been involved in the security industry for quite some time. He has tons of experience in many different areas and has a long list of career milestones. Bill is a well-known writer, analyst, and speaker. He is a former programmer who still enjoys dabbling for fun! He is also a father and grandfather, an explorer of ideas, a chef, a wine connoisseur- and was even once a DJ!

    In this episode of the (CS)²AI Podcast, Bill gives an inside view into his career journey. He discusses his interesting career and explains how he got involved in developing an information security service. He also shares some gold nuggets of advice for those individuals who would like to get to the next level in their organization by bettering their communication skills and offers excellent advice for those starting in their careers.  

    This is a great conversation full of nuggets that you won’t want to miss! Stay tuned for more!

    Show highlights:

    • Bill talks about his background. (10:15)
    • When technology first came into play in Bill’s life. (13:08)
    • Bill discusses MIT’s involvement in developing a secure system for time-sharing, which led to his first intersection with cookies and security. (14:12)
    • Bill talks about the event that led to his first information security moment as an app developer. (19:39)
    • One of the biggest bits of programming Bill has ever done. (21:03)
    • Leaving IBM to join Gartner. (24:42)
    • How Bill got into developing an information security service during his time at Gartner. (26:05)
    • Bill shares some nuggets for those who want to better their communication skills and get to the next level in any organization. (29:39)
    • How Bill transitioned to KPMG. (33:12)
    • Where Bill first encountered industrial control systems. (36:03)
    • Why we are fortunate to be living in this age, in human history. (38:45)
    • Bill talks about mentorship and shares some valuable advice for people starting in training positions. (39:35)
    • The advice Bill would give to his younger self. (45:56)
    • Bill shares his advice regarding potential future careers. (47:40)
    • Why Bill sees no significant productive application in the future of blockchain. (51:12)
    
    

    Links and resources:

    Recommended video: The Last Lecture by Randy Pausch

    ]]>Today, Bill Malik, the Vice President for Infrastructure Strategies at Trend Micro, joins Derek Harp. Bill is a well-rounded individual who has been involved in the security industry for quite some time. He has tons of experience in many different areas and has a long list of career milestones. Bill is a well-known writer, analyst, and speaker. He is a former programmer who still enjoys dabbling for fun! He is also a father and grandfather, an explorer of ideas, a chef, a wine connoisseur- and was even once a DJ!

    In this episode of the (CS)²AI Podcast, Bill gives an inside view into his career journey. He discusses his interesting career and explains how he got involved in developing an information security service. He also shares some gold nuggets of advice for those individuals who would like to get to the next level in their organization by bettering their communication skills and offers excellent advice for those starting in their careers.  

    This is a great conversation full of nuggets that you won’t want to miss! Stay tuned for more!

    Show highlights:

    • Bill talks about his background. (10:15)
    • When technology first came into play in Bill’s life. (13:08)
    • Bill discusses MIT’s involvement in developing a secure system for time-sharing, which led to his first intersection with cookies and security. (14:12)
    • Bill talks about the event that led to his first information security moment as an app developer. (19:39)
    • One of the biggest bits of programming Bill has ever done. (21:03)
    • Leaving IBM to join Gartner. (24:42)
    • How Bill got into developing an information security service during his time at Gartner. (26:05)
    • Bill shares some nuggets for those who want to better their communication skills and get to the next level in any organization. (29:39)
    • How Bill transitioned to KPMG. (33:12)
    • Where Bill first encountered industrial control systems. (36:03)
    • Why we are fortunate to be living in this age, in human history. (38:45)
    • Bill talks about mentorship and shares some valuable advice for people starting in training positions. (39:35)
    • The advice Bill would give to his younger self. (45:56)
    • Bill shares his advice regarding potential future careers. (47:40)
    • Why Bill sees no significant productive application in the future of blockchain. (51:12)
    
    

    Links and resources:

    Recommended video: The Last Lecture by Randy Pausch

    ]]>d97ccccd-bbc8-403d-baa4-b1616aebc68fTue, 02 Nov 2021 03:00:00 -050047:14falsefull111110: A Non-Traditional Path of Curiosity & Cybersecurity with Jim McGloneIn today’s episode of (CS)²AI Podcast, Derek Harp is joined by Jim McGlone. Jim is from Kenexis. He is an industry veteran working on control systems, safety, and security. Jim was born in Baltimore, Maryland. His dad worked for government contractors, so Jim was taken all over the world as a child. He remembers living in Germany, where his dad was responsible for all the control systems, and targeting mechanisms on cold war nuclear missiles pointed at Russia. His life was a little stressful and strange back then because his family took some weird vacations to places in Switzerland which Jim, only in his fifties, learned were safe houses. Later, when he was in grade school, their family moved back to a small town in Ohio where Jim grew up amongst some interesting people living on the edge of Amish country. 

    After graduating from high school, Jim went to the University of Akron intending to get a double E Degree. He did not do well, unfortunately, and dropped out after three years. He later graduated from the University of New York, with honors, with degrees in computer technology, nuclear technologies, and physics. Then, ten years later, he earned his MBA. 

    Jim is a multi-talented individual! What really sets him apart from others is his insatiable curiosity. He is constantly changing and evolving. In this episode, he talks about his career and how the unusual education choices he made early on later influenced his career path. He did not follow the expected order of things, preferring to do it in his own time. Later in his career, he went back and completed much of what had earlier been expected of him. You will not want to miss this episode if you’re curious, like Jim, and always striving to grow and develop. 

    Show highlights:

    • Jim’s children get upset with him because he is unable to tell his grandchildren what he does in his career because it is too complicated. (13:45)
    • Jim just did several safety courses and is preparing to get some certifications for process safety, like risk analysis. (14:46)
    • How education in the military differs from other education. (15:15)
    • Where industrial controls and systems intersected with Jim’s journey. (16:00)
    • Jim’s career journey just after he got out of the navy. (17:59)
    • The point at which Jim’s life became all about computers and software. (21:58)
    • Meeting Bryan Singer and traveling with him, doing sustainability and security summits. (25:31)
    • Jim went to work for Honeywell. (28:00)
    • When Jim got ahead of the curve with the software he created. (31:10)
    • Some circuits are so critical that we need to rethink what they get hooked up to. (35:05)
    • Jim is coming up with standard language around cyber security. (45:35)
    • Some of the challenges Jim has faced in his career: Good advice for anyone who’s looking to get into cybersecurity as a career (47:00)
    • How mentorship has played a part in Jim’s life. (57:24)
    
    

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>In today’s episode of (CS)²AI Podcast, Derek Harp is joined by Jim McGlone. Jim is from Kenexis. He is an industry veteran working on control systems, safety, and security. Jim was born in Baltimore, Maryland. His dad worked for government contractors, so Jim was taken all over the world as a child. He remembers living in Germany, where his dad was responsible for all the control systems, and targeting mechanisms on cold war nuclear missiles pointed at Russia. His life was a little stressful and strange back then because his family took some weird vacations to places in Switzerland which Jim, only in his fifties, learned were safe houses. Later, when he was in grade school, their family moved back to a small town in Ohio where Jim grew up amongst some interesting people living on the edge of Amish country. 

    After graduating from high school, Jim went to the University of Akron intending to get a double E Degree. He did not do well, unfortunately, and dropped out after three years. He later graduated from the University of New York, with honors, with degrees in computer technology, nuclear technologies, and physics. Then, ten years later, he earned his MBA. 

    Jim is a multi-talented individual! What really sets him apart from others is his insatiable curiosity. He is constantly changing and evolving. In this episode, he talks about his career and how the unusual education choices he made early on later influenced his career path. He did not follow the expected order of things, preferring to do it in his own time. Later in his career, he went back and completed much of what had earlier been expected of him. You will not want to miss this episode if you’re curious, like Jim, and always striving to grow and develop. 

    Show highlights:

    • Jim’s children get upset with him because he is unable to tell his grandchildren what he does in his career because it is too complicated. (13:45)
    • Jim just did several safety courses and is preparing to get some certifications for process safety, like risk analysis. (14:46)
    • How education in the military differs from other education. (15:15)
    • Where industrial controls and systems intersected with Jim’s journey. (16:00)
    • Jim’s career journey just after he got out of the navy. (17:59)
    • The point at which Jim’s life became all about computers and software. (21:58)
    • Meeting Bryan Singer and traveling with him, doing sustainability and security summits. (25:31)
    • Jim went to work for Honeywell. (28:00)
    • When Jim got ahead of the curve with the software he created. (31:10)
    • Some circuits are so critical that we need to rethink what they get hooked up to. (35:05)
    • Jim is coming up with standard language around cyber security. (45:35)
    • Some of the challenges Jim has faced in his career: Good advice for anyone who’s looking to get into cybersecurity as a career (47:00)
    • How mentorship has played a part in Jim’s life. (57:24)
    
    

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>a36b0f41-962f-4a19-9502-62ab39d54075Tue, 26 Oct 2021 03:00:00 -050056:42falsefull101009: Mentorship for Cyber Security Career Development with Rick PetersToday, Rick Peters joins Derek Harp. Rick has a long history in the world of cyber security. He is currently the CISO for Operational Technology, North America for Fortinet. 

    Rick was born and raised on the east coast and was always involved with the community there. That involvement afforded him some wonderful opportunities, both before and after he graduated from college with a Double E degree. 

    In high school, Rick never thought he would end up with a career in math and the sciences. He dabbled in architecture for a while but soon realized he was not cut out for it. Then, he looked into engineering and found he had an aptitude for it and was a natural fit for that world. He found his niche specifically in the digital aspect of engineering.

    In this episode of (CS)²AI Podcast, Rick tells his story. He talks about the awesome opportunities he had for growth while working as an engineer at the NSA and discusses the time he spent overseas with US Air Force Europe, working with industrial control systems and SCADA technology. He also explains why mentorship is vital and shares some sterling advice for getting ahead in your career and for those thinking about moving from working for the government to working in the private sector. Tune in to hear more!

    Show highlights:

    • How Rick found his niche. (3:01)
    • The fantastic opportunities Rick had for growth while working as an engineer at the NSA. (6:35)
    • The questions you need to ask yourself as a career professional. (6:50)
    • Spending five years with the US Air Force in Europe as NSA’s Liaison. (8:45)
    • Raising the bar for security in the US Air Force. (12:37)
    • Working with operational technology- or industrial control systems and SCADA technology. (14:35)
    • Thinking about security from the inside out. (20:00)
    • Rick talks about his career path. (24:35) 
    • Some advice for those considering moving from working for the government to working in the private sector. (26:52)
    • The career advice Rick would give to his younger self. (34:02)
    
    

    Resources:

    Fortinet Website

    CS2AI Website

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>Today, Rick Peters joins Derek Harp. Rick has a long history in the world of cyber security. He is currently the CISO for Operational Technology, North America for Fortinet. 

    Rick was born and raised on the east coast and was always involved with the community there. That involvement afforded him some wonderful opportunities, both before and after he graduated from college with a Double E degree. 

    In high school, Rick never thought he would end up with a career in math and the sciences. He dabbled in architecture for a while but soon realized he was not cut out for it. Then, he looked into engineering and found he had an aptitude for it and was a natural fit for that world. He found his niche specifically in the digital aspect of engineering.

    In this episode of (CS)²AI Podcast, Rick tells his story. He talks about the awesome opportunities he had for growth while working as an engineer at the NSA and discusses the time he spent overseas with US Air Force Europe, working with industrial control systems and SCADA technology. He also explains why mentorship is vital and shares some sterling advice for getting ahead in your career and for those thinking about moving from working for the government to working in the private sector. Tune in to hear more!

    Show highlights:

    • How Rick found his niche. (3:01)
    • The fantastic opportunities Rick had for growth while working as an engineer at the NSA. (6:35)
    • The questions you need to ask yourself as a career professional. (6:50)
    • Spending five years with the US Air Force in Europe as NSA’s Liaison. (8:45)
    • Raising the bar for security in the US Air Force. (12:37)
    • Working with operational technology- or industrial control systems and SCADA technology. (14:35)
    • Thinking about security from the inside out. (20:00)
    • Rick talks about his career path. (24:35) 
    • Some advice for those considering moving from working for the government to working in the private sector. (26:52)
    • The career advice Rick would give to his younger self. (34:02)
    
    

    Resources:

    Fortinet Website

    CS2AI Website

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>e10a914c-d80b-42d7-b72a-1d74924fc210Tue, 19 Oct 2021 03:00:00 -050035:38falsefull9908: Creating a Business Around a Great Idea That Solves Problems with Lior FrenkelToday, Derek Harp is joined by Lior Frenkel, the CEO, and Founder of Waterfall Security Solutions. Lior is a man of many talents! He is an entrepreneur and a business executive. He is also a problem-solver, father, off-road adventurer, competitive shooter, and cooking enthusiast! He has created multiple companies, and he was involved in developing many different products, both commercially and for the military.

    Lior was born and raised in Israel. He had his first encounter with technology at eight years old when his parents bought a computer for his brother. He got hooked immediately, and since then, he has never left the keyboard! It has always excited Lior to see something tangible happen after writing a few lines of code, and he loves to see people using his technology to solve something meaningful! 

    In this episode of (CS)²AI Podcast, Lior shares his captivating story. He talks about how he taught himself to code at a very young age, the software he developed while in high school, his capacity for solving problems, and why he chose to make a career in the field of cyber security. Stay tuned today to hear about Lior’s journey, and find out how to create a successful business around a great idea or solution.

    Show highlights:

    • Lior shares his background and origin story. (20:48)
    • Learning through his real-life experience and from others with more knowledge. (25:55)
    • Finding ways to solve problems has always been most important for Lior. (29:02)
    • How Lior started his career while still in high school, selling the educational software he developed. (35:15)
    • Lior talks about his incredible experience in the Israeli Air Force and starting his first business as an adult. (37:29)
    • He knew nothing about business when he started focusing on building technologies for computer/information warfare. (42:19)
    • What Lior started to worry about when he never failed to get in through the perimeter security or firewalls of his targets. (46:13)
    • Lior explains why security became the focus of his life. (50:25)
    • How to start a successful business around a great idea for a new solution. (55:48)
    • Lior shares his vision for the future. (1:06:54)
    
    

    Resources:

    Waterfall Security Solutions

    CS2AI.org

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>Today, Derek Harp is joined by Lior Frenkel, the CEO, and Founder of Waterfall Security Solutions. Lior is a man of many talents! He is an entrepreneur and a business executive. He is also a problem-solver, father, off-road adventurer, competitive shooter, and cooking enthusiast! He has created multiple companies, and he was involved in developing many different products, both commercially and for the military.

    Lior was born and raised in Israel. He had his first encounter with technology at eight years old when his parents bought a computer for his brother. He got hooked immediately, and since then, he has never left the keyboard! It has always excited Lior to see something tangible happen after writing a few lines of code, and he loves to see people using his technology to solve something meaningful! 

    In this episode of (CS)²AI Podcast, Lior shares his captivating story. He talks about how he taught himself to code at a very young age, the software he developed while in high school, his capacity for solving problems, and why he chose to make a career in the field of cyber security. Stay tuned today to hear about Lior’s journey, and find out how to create a successful business around a great idea or solution.

    Show highlights:

    • Lior shares his background and origin story. (20:48)
    • Learning through his real-life experience and from others with more knowledge. (25:55)
    • Finding ways to solve problems has always been most important for Lior. (29:02)
    • How Lior started his career while still in high school, selling the educational software he developed. (35:15)
    • Lior talks about his incredible experience in the Israeli Air Force and starting his first business as an adult. (37:29)
    • He knew nothing about business when he started focusing on building technologies for computer/information warfare. (42:19)
    • What Lior started to worry about when he never failed to get in through the perimeter security or firewalls of his targets. (46:13)
    • Lior explains why security became the focus of his life. (50:25)
    • How to start a successful business around a great idea for a new solution. (55:48)
    • Lior shares his vision for the future. (1:06:54)
    
    

    Resources:

    Waterfall Security Solutions

    CS2AI.org

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>63a9b01a-f096-4638-b084-f8400833baa4Tue, 12 Oct 2021 03:00:00 -050039:07falsefull8807: Becoming an Effective Leader in Technology Control Systems with Jim CrowleyToday, Derek Harp is joined by Jim Crowley, the Chief Executer Officer of Industrial Defender. Jim is a well-known sales expert who has held many different sales positions. He started out in the world of technology in the late 1970s, loading data into an IBM system via a punch-card loader to run a statistics program. He got to know the industrial space from the bottom up at an early age, taking machines apart, putting in packing, and being on the plant floor. Jim is an extroverted family man who loves the outdoors and doing competitive saltwater fishing on the weekends.

    In today’s episode of the (CS)²AI Podcast, Jim shares his fascinating journey into the world of cyber security. He explains how well his past sales roles in IT fit together with the development of Industrial Defender and talks about the ingredients that contributed to Industrial Defender becoming a leader in the cybersecurity space. Jim also talks about collaboration and mentorship and offers advice about some intangible elements, other than technology, that can make a startup company successful. Stay tuned today to hear Jim’s engaging story, get some great advice, and learn what it takes to become an effective leader in the technology control systems space.

    Show highlights:

    • Jim shares his backstory. (2:12)
    • The early days, when industrial component systems intersected with Jim’s career. (6:25) 
    • What it takes to become a leader in the cyber security space. (9:22)
    • Jim shares some tips for overcoming challenges. (13:40)
    • The intangible elements that can help make a startup company successful. (14:21)
    • Jim offers some advice to facilitate collaboration. (16:38)
    • Jim talks about how things have changed at Industrial Defender since he returned after leaving and becoming an entrepreneur. (19:12)
    • The role that mentorship has played in Jim’s journey. (21:32)
    • Becoming more valuable in the cyber security space and knowing when it is time to move on. (24:57)
    • Some advice for skilled IT practitioners who want to branch into the technology control systems space. (35:07)
    • Jim talks about what it will take to be successful in the OT world in the future. (36:52)
    
    

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>Today, Derek Harp is joined by Jim Crowley, the Chief Executer Officer of Industrial Defender. Jim is a well-known sales expert who has held many different sales positions. He started out in the world of technology in the late 1970s, loading data into an IBM system via a punch-card loader to run a statistics program. He got to know the industrial space from the bottom up at an early age, taking machines apart, putting in packing, and being on the plant floor. Jim is an extroverted family man who loves the outdoors and doing competitive saltwater fishing on the weekends.

    In today’s episode of the (CS)²AI Podcast, Jim shares his fascinating journey into the world of cyber security. He explains how well his past sales roles in IT fit together with the development of Industrial Defender and talks about the ingredients that contributed to Industrial Defender becoming a leader in the cybersecurity space. Jim also talks about collaboration and mentorship and offers advice about some intangible elements, other than technology, that can make a startup company successful. Stay tuned today to hear Jim’s engaging story, get some great advice, and learn what it takes to become an effective leader in the technology control systems space.

    Show highlights:

    • Jim shares his backstory. (2:12)
    • The early days, when industrial component systems intersected with Jim’s career. (6:25) 
    • What it takes to become a leader in the cyber security space. (9:22)
    • Jim shares some tips for overcoming challenges. (13:40)
    • The intangible elements that can help make a startup company successful. (14:21)
    • Jim offers some advice to facilitate collaboration. (16:38)
    • Jim talks about how things have changed at Industrial Defender since he returned after leaving and becoming an entrepreneur. (19:12)
    • The role that mentorship has played in Jim’s journey. (21:32)
    • Becoming more valuable in the cyber security space and knowing when it is time to move on. (24:57)
    • Some advice for skilled IT practitioners who want to branch into the technology control systems space. (35:07)
    • Jim talks about what it will take to be successful in the OT world in the future. (36:52)
    
    

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>57acde36-bafd-4567-a04f-4258ef159815Tue, 05 Oct 2021 03:00:00 -050035:57falsefull7706: The Continuous Adaptability and Improvement of Cybersecurity with Professor Harry WingoIn today’s episode of (CS)²AI Podcast, Derek Harp is joined by Professor Harry Wingo, a full-time faculty member at the National Defense University in Washington, D.C., U.S., where he serves as Chair of the Cyber Studies Department within NDU’s College of Information and Cyberspace. He has more than 25 years of government and corporate leadership experience, including 15 years focused on information and communications technology law and policy. 

    Harry has served as President and CEO of the D.C. Chamber of Commerce, Senior Policy Counsel at Google, Counsel to the Senate Committee on Science, Commerce & Transportation, Special Counsel to the General Counsel of the Federal Communications Commission and an Associate with the law firm of Skadden, Arps, Slate, Meagher & Flom. Before his career in law and technology, he served for more than six years as a Navy SEAL officer. 

    Harry will share the incredible journey of how he got into cybersecurity and his insights and views regarding the talent shortage in the industry, the importance of diversity and inclusion for the future workforce, national cybersecurity defense in an ever-changing environment, and the overall challenges the industry continually faces. If you’re really interested in cybersecurity like Derek and Harry are, this is one episode you won’t wanna miss.

    Show Highlights:

    • Starting out as a Navy SEAL and transitioning into law and technology which led him towards specializing in cybersecurity (01:20)
    • Growing up as a nerd with an interest in some of the earliest computers that were there (05:10)
    • The boxing coach who facilitated his exposure to the SEALS as a possible career route (08:30)
    • How being in the SEALS enabled him to pursue his consistent interest in information and communications (11:00)
    • Working for the Federal Communications Commission as a special counsel to the general counsel, and being involved in the development of policy and legal frameworks around spyware and other cybersecurity issues (16:22)
    • Why and how the cognitive side of cybersecurity came crashing into the forefront (22:04)
    • Diving into how to protect networks, make sure they’re defended and how to conduct cyber warfare in consistency with international law (28:00)
    • The importance of finding champions/mentors who take an interest in us and never letting go (32:42)
    • Getting guidance on what your life purpose is through the Ikigai concept (35:05)
    • Automation and AI: Up-to-date advice for anyone who’s looking to get into cybersecurity as a career (42:47)
    
    

    Links and Resources:

    More about (CS)²AI

    Rebooting AI By Gary Marcus and Ernest Davis

    Artificial Intelligence: A Guide for Thinking Humans By Melanie Mitchell

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>In today’s episode of (CS)²AI Podcast, Derek Harp is joined by Professor Harry Wingo, a full-time faculty member at the National Defense University in Washington, D.C., U.S., where he serves as Chair of the Cyber Studies Department within NDU’s College of Information and Cyberspace. He has more than 25 years of government and corporate leadership experience, including 15 years focused on information and communications technology law and policy. 

    Harry has served as President and CEO of the D.C. Chamber of Commerce, Senior Policy Counsel at Google, Counsel to the Senate Committee on Science, Commerce & Transportation, Special Counsel to the General Counsel of the Federal Communications Commission and an Associate with the law firm of Skadden, Arps, Slate, Meagher & Flom. Before his career in law and technology, he served for more than six years as a Navy SEAL officer. 

    Harry will share the incredible journey of how he got into cybersecurity and his insights and views regarding the talent shortage in the industry, the importance of diversity and inclusion for the future workforce, national cybersecurity defense in an ever-changing environment, and the overall challenges the industry continually faces. If you’re really interested in cybersecurity like Derek and Harry are, this is one episode you won’t wanna miss.

    Show Highlights:

    • Starting out as a Navy SEAL and transitioning into law and technology which led him towards specializing in cybersecurity (01:20)
    • Growing up as a nerd with an interest in some of the earliest computers that were there (05:10)
    • The boxing coach who facilitated his exposure to the SEALS as a possible career route (08:30)
    • How being in the SEALS enabled him to pursue his consistent interest in information and communications (11:00)
    • Working for the Federal Communications Commission as a special counsel to the general counsel, and being involved in the development of policy and legal frameworks around spyware and other cybersecurity issues (16:22)
    • Why and how the cognitive side of cybersecurity came crashing into the forefront (22:04)
    • Diving into how to protect networks, make sure they’re defended and how to conduct cyber warfare in consistency with international law (28:00)
    • The importance of finding champions/mentors who take an interest in us and never letting go (32:42)
    • Getting guidance on what your life purpose is through the Ikigai concept (35:05)
    • Automation and AI: Up-to-date advice for anyone who’s looking to get into cybersecurity as a career (42:47)
    
    

    Links and Resources:

    More about (CS)²AI

    Rebooting AI By Gary Marcus and Ernest Davis

    Artificial Intelligence: A Guide for Thinking Humans By Melanie Mitchell

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>dbf2244d-069a-4343-a830-bb330ddd2a4aTue, 28 Sep 2021 03:00:00 -050047:43falsefull6605: Navigating the Modern Cybersecurity Landscape with Dr. Eric ColeIn today’s episode of (CS)²AI Podcast, Derek Harp is joined by Dr. Eric Cole, PhD, an industry-recognized security expert with over 20 years of hands-on experience in consulting, training, and public speaking. As the founder and CEO of Secure Anchor Consulting, Dr. Cole focuses on helping customers prevent security breaches, detect network intrusions, and respond to advanced threats. In addition, he is a sought-after expert witness and a 2014 inductee to the InfoSecurity Hall of Fame.

    Dr. Cole is the author of several books, including Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization; Hackers Beware: The Ultimate Guide to Network Security; and Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft; and Hiding in Plain Sight. With over 20 patent applications, he is on the cutting edge of cyber security research and development. Eric will share his incredible journey from interning for the CIA as a hacker to becoming a successful entrepreneur in the cybersecurity space, and share actionable tips about the practices that led him on the path to success and fulfilment while doing what he loves most. 

    From his cybersecurity wisdom, he will also help us understand how cybersecurity fits within this new landscape that we call life and how we can position ourselves and our businesses to take advantage of that. At the least, this episode will help you take an assessment of your inventory of skills and other resources so you can survive through the current challenging environment brought about by the Covid-19 pandemic, so stay tuned.

    Show Highlights

    • From being a professional hacker for the CIA to an entrepreneur in the cyber security space (01:58)
    • His constant love for technology, from a programming and functionality perspective, throughout his life (06:42)
    • Making the choice to work while going to school and how it equipped him with what he needed to succeed in life (11:42)
    • The importance of approaching people who can help you find opportunities and achieve goals (14:09)
    • How powerful old school methods of reaching out are, compared to the more modern methods like email (17:22)
    • Looking at challenges as opportunities to keep winning even in the most difficult of times (19:40)
    • The experience Eric has had with following his heart versus chasing money (22:14)
    • Helping people understand the actual issues that bring about cybersecurity breaches  (30:20)
    • Reading widely, exercising and eating well to keep his performance at the highest level (32:03)
    
    

    Links and Resources

    • More about (CS)²AI
    • Secure Anchor Consulting
    • Online Danger By Dr. Eric Cole
    
    

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>In today’s episode of (CS)²AI Podcast, Derek Harp is joined by Dr. Eric Cole, PhD, an industry-recognized security expert with over 20 years of hands-on experience in consulting, training, and public speaking. As the founder and CEO of Secure Anchor Consulting, Dr. Cole focuses on helping customers prevent security breaches, detect network intrusions, and respond to advanced threats. In addition, he is a sought-after expert witness and a 2014 inductee to the InfoSecurity Hall of Fame.

    Dr. Cole is the author of several books, including Advanced Persistent Threat: Understanding the Danger and How to Protect Your Organization; Hackers Beware: The Ultimate Guide to Network Security; and Insider Threat: Protecting the Enterprise from Sabotage, Spying, and Theft; and Hiding in Plain Sight. With over 20 patent applications, he is on the cutting edge of cyber security research and development. Eric will share his incredible journey from interning for the CIA as a hacker to becoming a successful entrepreneur in the cybersecurity space, and share actionable tips about the practices that led him on the path to success and fulfilment while doing what he loves most. 

    From his cybersecurity wisdom, he will also help us understand how cybersecurity fits within this new landscape that we call life and how we can position ourselves and our businesses to take advantage of that. At the least, this episode will help you take an assessment of your inventory of skills and other resources so you can survive through the current challenging environment brought about by the Covid-19 pandemic, so stay tuned.

    Show Highlights

    • From being a professional hacker for the CIA to an entrepreneur in the cyber security space (01:58)
    • His constant love for technology, from a programming and functionality perspective, throughout his life (06:42)
    • Making the choice to work while going to school and how it equipped him with what he needed to succeed in life (11:42)
    • The importance of approaching people who can help you find opportunities and achieve goals (14:09)
    • How powerful old school methods of reaching out are, compared to the more modern methods like email (17:22)
    • Looking at challenges as opportunities to keep winning even in the most difficult of times (19:40)
    • The experience Eric has had with following his heart versus chasing money (22:14)
    • Helping people understand the actual issues that bring about cybersecurity breaches  (30:20)
    • Reading widely, exercising and eating well to keep his performance at the highest level (32:03)
    
    

    Links and Resources

    • More about (CS)²AI
    • Secure Anchor Consulting
    • Online Danger By Dr. Eric Cole
    
    

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>d11a97ed-129a-4aa7-9d22-90e16ec8848bTue, 21 Sep 2021 03:00:00 -050034:32falsefull5504: The Pros & Cons of a Narrow Niche in Cybersecurity with Marty EdwardsThere’s a lot more to cyber security than what meets the eye. While many opt for more traditional paths within the industry, there are unique and niche opportunities available. Todays guest, Marty Edwards, is the Vice President of Operational Technology for Tenable, former director of ISC/CERT, an amateur radio operator, and a jack of all trades in many fields. 

    Today Marty discusses his journey of moving through his career, the pro’s and con’s he’s seen from having a narrowed niche, what he’s learned along the way, and so much more. Tune into this episode to hear more about Marty’s journey, along with an array of insight into his career. 

    Show Highlights: 

    • Marty shares what his childhood on a ranch in Canada was like 
    • How Marty’s education helped him get into his career now 
    • What Marty’s career looked like directly out of college 
    • How Marty got into the position he has now 
    • What is INL and what do they do 
    • Marty shares what his role as an “industry liaison” looked like 
    • How Marty became a Federal Civil Servant 
    • What led to going from being in charge of a sector to overseeing the whole program 
    • How having mentors impacted Marty’s career 
    • The pro’s and con’s of having a really specialized niche 
    • The benefits of having industrialized experience 
    • Why certifications may or may not help your resume 
    • The importance of being present in conversation 
    • What excites Marty in his career today 
    • Doing a critical analysis to resolve the problem 
    • The evolution and movement to cloud based technologies 
    
    

    Resources:

    Tenable

    CS2AI

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>There’s a lot more to cyber security than what meets the eye. While many opt for more traditional paths within the industry, there are unique and niche opportunities available. Todays guest, Marty Edwards, is the Vice President of Operational Technology for Tenable, former director of ISC/CERT, an amateur radio operator, and a jack of all trades in many fields. 

    Today Marty discusses his journey of moving through his career, the pro’s and con’s he’s seen from having a narrowed niche, what he’s learned along the way, and so much more. Tune into this episode to hear more about Marty’s journey, along with an array of insight into his career. 

    Show Highlights: 

    • Marty shares what his childhood on a ranch in Canada was like 
    • How Marty’s education helped him get into his career now 
    • What Marty’s career looked like directly out of college 
    • How Marty got into the position he has now 
    • What is INL and what do they do 
    • Marty shares what his role as an “industry liaison” looked like 
    • How Marty became a Federal Civil Servant 
    • What led to going from being in charge of a sector to overseeing the whole program 
    • How having mentors impacted Marty’s career 
    • The pro’s and con’s of having a really specialized niche 
    • The benefits of having industrialized experience 
    • Why certifications may or may not help your resume 
    • The importance of being present in conversation 
    • What excites Marty in his career today 
    • Doing a critical analysis to resolve the problem 
    • The evolution and movement to cloud based technologies 
    
    

    Resources:

    Tenable

    CS2AI

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>6361e3c8-3b6f-4745-b591-8992e9eec484Tue, 14 Sep 2021 03:00:00 -050045:38falsefull4403: Innovations and the Value of Teamwork in Cybersecurity with Katie PehrsonBeing a woman in the engineering space can be a challenge, but also gives you a unique perspective and opportunities. Today’s guest, Katie Pehrson is the technical director and an engineer for Bechtel, an engineering, construction, and project management company. Katie shares what led her to the career she has today, and what propelled her into her 19 year position with Bechtel. 

    Katie discusses what it’s like to be a women in the industry, innovative advancements that are being made, and the value of teamwork within the workplace. Tune into this episode for some remarkable insight into the engineering world. 

    Show Highlights: 

    • Katie shares how she got to where she is in her career 
    • The building blocks of what Katie studied 
    • How Katie started her career directly out of college 
    • What Katie’s responsibilities entailed in her first job 
    • What project intersected cyber security into Katie’s career path 
    • Katie shares how learning and training was initiated at Bechtel 
    • Why you should reach out to people and get knowledge from others 
    • How problems have shifted within engineering over the years 
    • What it’s like to be a woman in engineering 
    • Advice Katie would give her younger self 
    • Bringing people together in the industry 
    • How to help the engineering industry be more inviting for women 
    • The biggest challenges within the industry 
    • Exciting emerging technology 
    • Why skills are more important than your background
    • Advances in the industry that Katie is excited about 
    
    

    Resources:

    Bechtel.com

    Cs2ai.org

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>Being a woman in the engineering space can be a challenge, but also gives you a unique perspective and opportunities. Today’s guest, Katie Pehrson is the technical director and an engineer for Bechtel, an engineering, construction, and project management company. Katie shares what led her to the career she has today, and what propelled her into her 19 year position with Bechtel. 

    Katie discusses what it’s like to be a women in the industry, innovative advancements that are being made, and the value of teamwork within the workplace. Tune into this episode for some remarkable insight into the engineering world. 

    Show Highlights: 

    • Katie shares how she got to where she is in her career 
    • The building blocks of what Katie studied 
    • How Katie started her career directly out of college 
    • What Katie’s responsibilities entailed in her first job 
    • What project intersected cyber security into Katie’s career path 
    • Katie shares how learning and training was initiated at Bechtel 
    • Why you should reach out to people and get knowledge from others 
    • How problems have shifted within engineering over the years 
    • What it’s like to be a woman in engineering 
    • Advice Katie would give her younger self 
    • Bringing people together in the industry 
    • How to help the engineering industry be more inviting for women 
    • The biggest challenges within the industry 
    • Exciting emerging technology 
    • Why skills are more important than your background
    • Advances in the industry that Katie is excited about 
    
    

    Resources:

    Bechtel.com

    Cs2ai.org

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>d5fccac0-6748-4517-964e-8754619bb213Tue, 07 Sep 2021 03:00:00 -050030:40falsefull133102: Practical Takeaways from the Cyber Security Report with Walter Risi of KPMGWelcome to (CS)²AI Podcast! Todays episode is hosted by Derek Harp and joined by Walter Risi, Global Cyber IT Leader and Cyber Security Consultant at KPMG. This conversation is an assessment of the (CS)²AI/KPMG Cybersecurity Report, a mass IT report that covers broad and interesting topics within the cybersecurity space. 

    Derek and Walter cover important topics within the report, such as the lack of resources the large-scale companies are facing, the cyber immaturity that is harming companies, and the importance of increasing sophisticated technology. 

    Join Derek in this interview to learn more about the challenges companies are facing and how you can increase your own cyber security. 

    Show Highlights: 

    • How the report was produced and made 
    • Dispersion we see in risk assessments within the market place 
    • Is cloud security a priority 
    • The biggest problem in the workplace 
    • The importance of company maturity and what happens as companies mature 
    • Number two reasons people are using managed services 
    • Why reducing operational disruptions is important 
    • Ensuring people understanding both cyber security and IT 
    • Why more companies spent financial increase on tax management as opposed to more qualified work force 
    • Reasons you should upgrade your defenses before it’s too serious 
    • Why you should leverage the time you have now 
    
    

    Links and Resources:

    For more information about (CS)²AI visit: CS2AI.org

    For more information about KPMG visit: KPMG

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>Welcome to (CS)²AI Podcast! Todays episode is hosted by Derek Harp and joined by Walter Risi, Global Cyber IT Leader and Cyber Security Consultant at KPMG. This conversation is an assessment of the (CS)²AI/KPMG Cybersecurity Report, a mass IT report that covers broad and interesting topics within the cybersecurity space. 

    Derek and Walter cover important topics within the report, such as the lack of resources the large-scale companies are facing, the cyber immaturity that is harming companies, and the importance of increasing sophisticated technology. 

    Join Derek in this interview to learn more about the challenges companies are facing and how you can increase your own cyber security. 

    Show Highlights: 

    • How the report was produced and made 
    • Dispersion we see in risk assessments within the market place 
    • Is cloud security a priority 
    • The biggest problem in the workplace 
    • The importance of company maturity and what happens as companies mature 
    • Number two reasons people are using managed services 
    • Why reducing operational disruptions is important 
    • Ensuring people understanding both cyber security and IT 
    • Why more companies spent financial increase on tax management as opposed to more qualified work force 
    • Reasons you should upgrade your defenses before it’s too serious 
    • Why you should leverage the time you have now 
    
    

    Links and Resources:

    For more information about (CS)²AI visit: CS2AI.org

    For more information about KPMG visit: KPMG

    This podcast is brought to you by: Waterfall Security Solutions, Fortinet, Network Perceptions, Industrial Defender, Tripwire and Q-Net Security.

    ]]>b4bccc65-d1b9-4a9b-9ed0-e3fbbeecce5fMon, 03 May 2021 03:00:00 -050030:27falsefull122101: Introducing the (CS)²AI PodcastIn this episode, you'll meet your host, Derek Harp, as he shares the vision for the podcast. The podcast has been in the works for quite a while and we're excited to bring you some of the biggest names in the cyber security industry.

    We're very thankful for the sponsors of the podcast. We couldn't do it without them, and you can find them linked on the (CS)²AI website.

    There are so many exciting things planned for season 1, and we'd love to get your feedback on the show, as well as any suggestions you may have about the type of content you'd like to see.

    We can't wait for all that we have in store for you - it's an exciting time to be in our industry!

    ]]>In this episode, you'll meet your host, Derek Harp, as he shares the vision for the podcast. The podcast has been in the works for quite a while and we're excited to bring you some of the biggest names in the cyber security industry.

    We're very thankful for the sponsors of the podcast. We couldn't do it without them, and you can find them linked on the (CS)²AI website.

    There are so many exciting things planned for season 1, and we'd love to get your feedback on the show, as well as any suggestions you may have about the type of content you'd like to see.

    We can't wait for all that we have in store for you - it's an exciting time to be in our industry!

    ]]>5886ef21-239a-4095-b08d-cd4744654087Sun, 02 May 2021 03:00:00 -050004:03falsefull1111