Dino sits down with Adeel Shaikh Muhammad, a Dubai-based cybersecurity expert and researcher with 16+ years in IT and OT security. They dive into why IT and OT teams still can't communicate effectively.

The conversation reveals why most CISOs struggle to secure manufacturing environments. Adeel shares real-world insights from securing industrial systems across the Middle East, Africa, and Asia.

They tackle the implementation gap in OT SOCs and why legacy systems remain vulnerable. The discussion covers third-party access risks, OEM warranty restrictions, and system integrator challenges.

AI might finally solve IT-OT convergence by acting as a translator between these worlds. But first, organizations need to master the fundamentals: asset inventory, vulnerability management, and network segmentation.

Most companies still haven't nailed these basics in their industrial environments. This conversation cuts through the hype to focus on what actually works.

Chapters:

1. (00:00:00) - 16 Years in Cybersecurity: Why CISOs Don't Know What a PLC Is
2. (00:01:48) - Career Journey: From IT to OT Cybersecurity Focus
3. (00:02:48) - Books on AI Transforming Security Operations Centers
4. (00:04:44) - The Implementation Gap: Challenges Building OT SOCs
5. (00:06:40) - The IT-OT Cultural Divide and Missing Communication
6. (00:08:40) - Why the OT Ecosystem Must Proactively Bring Cybersecurity Tools
7. (00:10:00) - Can IT-OT Convergence Actually Happen?
8. (00:11:00) - AI as the Bridge: The Black Box Solution for IT-OT Communication
9. (00:12:42) - Legacy Systems Reality: Windows 7 Running $5M Equipment
10. (00:14:00) - OT Cybersecurity Conferences: S4, Intersec, and Rockwell Automation Fair
11. (00:16:00) - Market Consolidation: Who's Been Acquired in OT Security
12. (00:17:48) - Back to Basics: Asset Inventory, Vulnerabilities, and Network Segmentation
13. (00:18:40) - Third-Party Access Control and OEM Warranty Restrictions
14. (00:20:40) - Why We Can't Ignore Asset Inventory and Segmentation in OT Anymore

Links And Resources:

1. Adeel Shaikh Muhammad on LinkedIn
2. Want to Sponsor an episode or be a Guest? Reach out here.
3. Industrial Cybersecurity Insider on LinkedIn
4. Cybersecurity & Digital Safety on LinkedIn
5. BW Design Group Cybersecurity
6. Dino Busalachi on LinkedIn
7. Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Many devices on modern networks aren’t what their labels claim. This episode, Rob King, Director of Applied Security Research at runZero, explores white-labeled surveillance and IoT hardware, why some vendors are banned by governments, and how hidden risks can spread across enterprises. Discovery, device fingerprinting, and protocol analysis reveal what’s really connected—and why knowing your true inventory is now essential for security, compliance, and trust.

Remote access transformed overnight - and OT environments are still feeling the impact.

In this episode of Protect It All, host Aaron Crow is joined by Steve Rutherford, VP of Sales at Hyperport and former military officer, for a candid conversation on how secure remote access in operational technology (OT) has evolved - and where it’s heading next.

They unpack how COVID accelerated remote connectivity across critical infrastructure, why many traditional IT security tools fall short in OT environments, and what protection really looks like when safety, reliability, and uptime are non-negotiable. Drawing from military discipline and frontline OT experience, Steve shares a grounded perspective on managing risk in environments where failure has physical-world consequences.

You’ll learn:

If you’re responsible for enabling remote access while protecting critical operations, this episode delivers real-world insight, practical guidance, and a forward-looking view of OT cybersecurity.

Tune in to understand what secure OT access really requires in today’s threat landscape- only on Protect It All.

Key Moments: 

00:00 Securing Critical Infrastructure Access

03:59 "OT Mindset: Defense and Offense"

07:26 "Remote Access Challenges in Operations"

11:45 "Challenges in OT-IT Integration"

16:07 Authority Must Match Responsibility

18:23 Simplifying OT Authentication Challenges

21:53 "Dynamic Trust Scoring with AI"

24:05 "Access Control and Segmentation"

28:57 "Secure Access Without Overreach"

33:12 "Left of Boom Awareness"

35:56 OT Security and Local Control

39:35 "Driving Early Adoption Awareness"

41:54 "Proactive Support for Critical Infrastructure"

45:52 "Remote Work Enhances Team Efficiency"

47:17 "Exciting Tech for Cybersecurity"

About the guest :
Steve Rutherford is a former U.S. Army officer and aviator who transitioned his mission-driven mindset from military service to protecting critical infrastructure through operational technology (OT) security. After exploring multiple industries, Steve found a natural alignment between military operations and OT environments - where safety, reliability, and uptime are non-negotiable. Today, he works in secure user access for OT, helping organizations protect the systems that power modern life.

How to connect steve : 

Website : https://hyperport.io/

Linkedin: https://www.linkedin.com/in/steverutherford1/

Connect With Aaron Crow:

Learn more about PrOTect IT All:

To be a guest or suggest a guest/episode, please email us at [email protected]

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Welcome to the Policy Pulse Panel, a new monthly series within the Critical Assets Podcast. Hosted by Patrick Miller (Ampyx Cyber), Earl Shockley (CEO, Inpowerd), and Joy Ditto (CEO, Joy Ditto Consulting), this recurring panel dives into the most significant policy shifts and regulatory developments impacting critical infrastructure, operational technology (OT), and industrial cybersecurity. Each month, we unpack emerging legislation, agency actions, and standards updates - connecting the dots between policy and the practical realities faced by asset owners, utilities, vendors, and government partners. If you're trying to stay ahead of your auditors and your legislators, this is your monthly must-listen.

https://ampyxcyber.com/podcast/policy-pulse-regulatory-roundtable-nerc-cip-cybersecurity-strategy-ai-electric-sector

In this episode , I’m joined by Alessio Rosas, an OT cybersecurity expert from Italy, to dive deep into the world of medical devices and the potential risks they face when exposed to the internet.

We’re excited to host Dieter Sarrazyn , Industrial Security Advisor and Founder of Secudea — a specialist in SCADA/ICS/OT cybersecurity, IEC 62443, and FAT/SAT security validation.In this episode, we dive into:

🔹 Dieter’s background and his journey in OT security

🔹 FAT & SAT and why they matter for secure system delivery 🔹 How IEC 62443 fits across the project lifecycle

🔹 Cybersecurity validation steps during FAT & SAT

🔹 Common challenges and practical lessons from the field

🔹 Best practices for vendors, integrators, and asset owners

(Presented by Material Security: We protect your company’s most valuable materials -- the emails, files, and accounts that live in your Google Workspace and Microsoft 365 cloud offices.)

Three Buddy Problem - Episode 83: Poland's CERT documents a rare, explicit wiper attack on civilians in a NATO country, including detailed attribution of a Russian government op targeting the electric grid in the heart of winter. We examine why this crosses a long-avoided threshold, why attribution suddenly matters again, and what it says about pre-positioned access, vendor insecurity, and the shrinking gap between cyber operations and acts of war.

Plus, another Fortinet fiasco, a new batch of Ivanti zero-days under attack, an emergency patch from Microsoft and the return of the mysterious KasperSekrets account.

Cast: Juan Andres Guerrero-Saade, Ryan Naraine and Costin Raiu.

Links:

• Transcript (unedited, AI-generated)
• Material Security (Use Cases)
• ESET DynoWiper update: Technical analysis and attribution
• Poland CERT on Russian wiper attacks
• Poland blames two Ukrainians allegedly working for Russia for railway blast
• Britain’s New Spy Chief Has a New Mission
• Two New Ivanti 0days Exploited
• Microsoft ships emergency Office patch to thwart attacks
• Analysis of Single Sign-On Abuse on FortiOS
• Fortinet PSIRT: Administrative FortiCloud SSO authentication bypass
• Diverse Threat Actors Exploiting Critical WinRAR Vulnerability CVE-2025-8088
• WhatsApp Strict Account Settings
• China Executes 11 People Linked to Cyberscam Centers in Myanmar
• Singapore to start caning for scammers
• Germany on hacking attacks: "We will strike back, including abroad"
• Acting CISA chief uploaded sensitive files into a public version of ChatGPT
• TLP BLACK
• LABScon 2026
• KasperSekrets

Andrew McPhee, Industrial IoT Security Solution Manager at Cisco, joins the SecurityWeek podcast and dives into why traditional monitoring and SPAN-based approaches fail to deliver true visibility in industrial environments, and how network-native security embeds inspection, segmentation, and protection directly into the network. We discuss real-world implementation challenges, economic tradeoffs, and how to move from visibility to action without disrupting operations.  (Want to continue the discussion? Contact Cisco.)

Follow SecurityWeek on LinkedIn

נושא ההתאוששות מכשל מערכות ו/או אירוע סייבר דורש הכנה אפקטיבית שמתחילה בגיבוש תוכנית המשכיות עסקית (ביי.סיי.פיי) ותוכנית להתאוששות מאסון (דיי. אר. פיי) המגדירות תפקידים ושלבי פעולה ברורים בזמן אמת. נדבך מרכזי בהכנה הוא יישום מערך גיבויים אוטומטי ומבוזר (כולל גיבויים "קרים" המנותקים מהרשת הראשית) ובדיקת תקינותם באופן תקופתי. בנוסף, על הארגון לקיים תרגולים המדמים תרחישי קיצון בקנה מידה משמעותי

ממפגשים עם ארגונים רבים נראה שיש חוסר הבנה על ההבדל בין דיי.אר וגיבוי, תרומה משמעותית לבלבול הזה מגיע מכיוון יצרני תוכנות הגיבוי והמעבר להתאוששות וגיבוי בענן. הפרק הזה הוא חובה לכול מנכ"ל, מנהל מערכות מידע ומנהל אבטחת מידע ונועד לעשות סדר במונחים והפעולות השונות

נחשון פינקו מארח את רמי נחום המנכ"ל והבעלים של חברת טריפל סי מוותיקי התחום בישראל, בשיחה על התאוששות, גיבוי וכול מה שביניהם.

מה ההבדל בין אתר התאוששות לבין מערכת גיבויים

מתי מספיק גיבוי באמצעי איחסון אלקטרונים ומתי מומלץ להוסיף גם קלטות כגיבוי קר (מבחינתי תמיד!) למה נדרש לבצע תרגולים בקנה מידה גדול ולא רק ע"ג שרת או שניים ומספר קטן של משתמשים

למה נדרש לבדוק גיבויים באופן שוטף ועוד