Open source accelerates development in embedded systems, but hidden license obligations can quickly create legal and operational risk. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder and CEO Joseph M. Saunders and Salim Blume, Director of Security Applications, for a look at how copyleft risk emerges and why compliance in embedded products is more challenging than many teams expect.

Salim breaks down how restrictive licenses, such as GPL and AGPL, can force the disclosure of proprietary code, interrupt product shipments, or create exposure long after devices are deployed in the field. Joe shares why accurate SBOMs, automated license checks, and enforcing policy at build time are critical to preventing surprises in downstream products. The discussion also touches on the ongoing Vizio case, where the TV manufacturer faces litigation that could compel public release of source code under the GPL, highlighting how open source obligations can surface years after products hit the market.

Together, Paul, Joe, and Salim explore:

• How copyleft obligations can require source-code disclosure
• Why embedded environments complicate license compliance
• Real-world cases where unnoticed GPL dependencies caused major issues, such as Vizio’s GPL lawsuit and Cisco’s WRT54G router family
• The growing implications of AGPL for SaaS and connected services
• How build-time SBOMs and automated controls reduce long-term risk

Whether you're building connected devices, managing software supply chain compliance, or protecting proprietary IP, this episode offers practical guidance to reduce copyleft risk before it becomes a costly problem.

In this episode, I’m joined by Engineer Ali Laribi, the founder of Fortress Plus, to dive deep into what it takes to build and lead in the OT security space — especially when you’re going against the crowd.

Do you really know what’s on your network? A lot of OT devices are white labeled, meaning they have a brand name but under the hood they’re made by someone else. Sean Tufts, Field CTO for Claroty, explains how his team is using AI to sift through all the available data and build a cyber physical library that starts to add specificity to remediation operations, and improve cyber physical security overall

🚨 Featuring: Steve Mustard — engineer, author, ex-ISA President & CEO of National Automation Inc.In this thought-provoking ICS Arabia Podcast episode, Steve dives deep into the critical—but often misunderstood—domain of OT cyber risk management. Drawing on decades of experience, he challenges the traditional focus on tech vulnerabilities and advocates for consequence-driven risk assessments that prioritize safety, operations, and business continuity.🔍 Key Takeaways:Why traditional IT risk models fall short in OT environmentsThe value of ISA/IEC 62443 as a flexible, risk-based frameworkHow multidisciplinary teams (engineering, safety, finance, cyber) create better risk decisionsThe role of incident response, backups, and mechanical fail-safesUS vs UK approaches to cybersecurity regulations

Dino sits down with industrial automation and industrial cybersecurity expert Kevin Kumpf, fresh off the floor of Rockwell Automation Fair 2025.

They discuss why OT managed services are finally becoming viable for manufacturing, the critical 80/20 split between people and technology challenges, and how the industry's "silver tsunami" of retiring talent is forcing a reckoning.

Kevin shares insights on building unified platforms that can manage everything from 30-year-old paper tape systems to AI-powered smart factories, why IT's "patch now" mentality fails in OT environments, and how the DG 360 platform is delivering true cyber-physical convergence today - not tomorrow.

They discuss the reality that most OT cybersecurity tools only discover 30% of plant assets, the importance of human-in-the-loop decision making, and why the OT ecosystem - not IT - must drive the managed services revolution.

This is a must-listen for anyone struggling with the complexity of protecting and managing modern manufacturing facilities.

Chapters:

• (00:00:00) - Introduction and Rockwell Automation Fair Recap
• (00:01:43) - The OT Managed Services Evolution and Rebranding
• (00:04:15) - The Three-Legged Stool: IT, OT, and OEMs
• (00:07:32) - Point Solutions vs. Unified Platforms in Manufacturing
• (00:10:45) - The DG 360 Vision: 360-Degree Plant Visibility
• (00:14:28) - The Silver Tsunami and Training Challenges
• (00:18:22) - Alert Fatigue and Actionable Intelligence
• (00:22:45) - Software Defined Automation and Legacy Systems
• (00:26:18) - Why OT Must Drive the Cybersecurity Conversation
• (00:30:35) - Real-Time Demo and Implementation Readiness

Links And Resources:

• Kevin Kumpf on LinkedIn
• Want to Sponsor an episode or be a Guest? Reach out here.
• Industrial Cybersecurity Insider on LinkedIn
• Cybersecurity & Digital Safety on LinkedIn
• BW Design Group Cybersecurity
• Dino Busalachi on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

The future of cybersecurity won’t be won by tools alone - it will be won by people, process, and smarter use of AI.

In this episode of Protect It All, host Aaron Crow sits down with cybersecurity veteran Sharad Rai to explore how IT and OT security teams can reduce complexity, fight alert fatigue, and build stronger defenses through foundational practices and intelligent automation.

Sharad brings decades of real-world experience - from early firewall management to leading large-scale security programs at major financial institutions. Together, Aaron and Sharad break down what actually works in cybersecurity today: simplifying policies, understanding user behavior, strengthening basics like patching, and leveraging AI for contextual decision-making.

You’ll learn:

Whether you're a security leader, practitioner, or just navigating modern cyber challenges, this episode will reshape how you think about defending systems and the people using them.

Tune in to discover how AI, clarity, and human-centered design are shaping cybersecurity’s next chapter only on Protect It All.

Key Moments: 

06:21 "Cybersecurity Basics: Know the Layers"

09:49 "Defining Good to Block Bad"

13:03 Alarm Fatigue and Information Overload

14:01 Alarm Tuning and Data Utilization

19:02 RFID Tags and Process Frustration

23:03 Simplifying Cybersecurity for Success

25:18 "AI Optimizing Policy Adjustments"

27:33 "Tech Frustrations Then and Now"

31:46 Cloud Computing Transformed Everyday Work

36:05 Focus on Foundational Basics

About the guest : 

Sharad Rai is a cybersecurity leader and architect with over 20 years of experience securing some of the world’s most complex financial institutions. As Vice President of Security and Architecture at State Street, he leads regulatory-driven initiatives and delivers enterprise-wide cybersecurity programs across cloud, infrastructure, and endpoint platforms. Sharad has held key security roles at Morgan Stanley, BNP Paribas, Jefferies, and Foundation Medicine, with deep expertise in EDR, PAM, SASE, ZTNA, and cloud-native security. He is known for simplifying complexity, reducing risk, and bridging product, engineering, and executive teams.

How to connect Sharad: https://www.linkedin.com/in/sharad-rai-cissp-a951a28

Connect With Aaron Crow:

Learn more about PrOTect IT All:

To be a guest or suggest a guest/episode, please email us at [email protected]

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Janka Kreißl von der Agentur Dunkelblau spricht über Krisenprävention und Krisenbewältigung bei Cybervorfällen. Sie erläutert aus Erfahrung, was gute Abläufe brauchen und wer von Anfang involviert sein sollte. 

Mehr zum Thema OT Security Made simple findet Ihr auf rhebo.com oder schreibt uns mit Euren Ideen & Fragen an [email protected].

In this episode of Exploited: The Cyber Truth, host Paul Ducklin sits down with RunSafe Founder and CEO Joseph M. Saunders to explore why the future of cyber defense depends on disrupting attacker economics rather than racing to keep up with every new threat.

Joe breaks down how organizations can gain an asymmetric advantage by reducing exploitability across entire classes of vulnerabilities, especially persistent memory safety flaws that continue to expose critical systems. He shares why adding lightweight, automated protections at build time is one of the fastest ways to shift the cost curve onto attackers without forcing massive code rewrites or slowing development teams down.

Together, Paul and Joe discuss:

• Why attackers’ resource advantage requires a new defensive mindset
• The power of “patchless” protection in embedded and OT environments
• Why memory safety flaws persist and how to neutralize them at scale
• The risks of AI-generated code and how to prevent silent vulnerabilities
• How Secure by Design practices improve resilience for critical infrastructure

If you're responsible for securing embedded systems, OT assets, or long-lived devices where patch cycles are slow and risk is high, this episode offers a new mindset that gives defenders the upper hand.

Former U.S. Secret Service Special Agent Richard LaTulip joins Craig Duckworth to reveal the hidden world of cyber criminal networks and infrastructure attacks.

Drawing from his undercover work infiltrating dark web forums and catching some of the world's most sophisticated threat actors, Richard breaks down why traditional security approaches fail, how ransomware attacks actually cost organizations millions if not billions beyond the ransom payment itself, and why the timeline between compromise and detection has shrunk from months to minutes.

He shares jaw-dropping statistics on vulnerability management failures, explains how adversaries are using AI to become exponentially more dangerous, and provides actionable insights for building resilient security programs that protect what matters most to your business.

Whether you're defending critical infrastructure or managing security for a manufacturing organization, this conversation offers a rare insider perspective on the evolving threat landscape and what it takes to stay ahead of increasingly sophisticated cyber criminals.

Chapters:

• (00:00:00) - Meet the Ex-Secret Service Agent Who Infiltrated Underground Cyber Criminal Networks
• (00:03:00) - Inside Operation Carder Kaos: Going Undercover in the Dark Web
• (00:06:00) - The Real Price Tag: Why Ransomware Costs Go Far Beyond the Ransom
• (00:11:00) - When Production Lines Go Dark: The Hidden Costs of Manufacturing Downtime
• (00:14:00) - Reality Check: How Prepared Is Your Organization for a Cyber Attack?
• (00:17:00) - The AI Arms Race: How Adversaries Are Weaponizing Artificial Intelligence
• (00:21:00) - 2027 Threat Landscape: What Keeps a Field CISO Up at Night
• (00:24:00) - Follow the Bitcoin: How Cyber Criminals Launder Billions Through Cryptocurrency
• (00:31:00) - Why Speed Matters: The Critical Window for Law Enforcement Notification
• (00:33:00) - The Security Leader's Playbook: Threat Intelligence + Business Context

Links And Resources:

• Richard LaTulip on LinkedIn
• Richard's Book: Operation Carder Kaos
• Recorded Future
• Want to Sponsor an episode or be a Guest? Reach out here.
• Industrial Cybersecurity Insider on LinkedIn
• Cybersecurity & Digital Safety on LinkedIn
• BW Design Group Cybersecurity
• Dino Busalachi on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!