In this episode, Dino and LuRae address why system integrators, OEMs, and ecosystem partners are often a manufacturer’s most underused cybersecurity resource.

Dino explains why many IT leaders lack real visibility into the plant floor, what it takes to operationalize OT security beyond “checking the box,” and why asset inventory is the first practical step toward protecting control systems.

The conversation also covers the realities of remote access after COVID, the need for governance measures such as change control and auditing, and why manufacturers should build real partner relationships rather than purely transactional vendor engagements.

Chapters:

• (00:00:00) OT security requires time inside the plant, not an “ivory tower” view
• (00:01:00) Introducing Dino and the topic: partners as a cybersecurity asset
• (00:02:00) Why OT assets get excluded from cybersecurity strategy
• (00:03:00) The real opportunity: system integrators and OEMs already in the plant
• (00:05:00) Getting started: identify who’s working in each facility
• (00:08:00) Step one: accurate OT asset inventory and visibility
• (00:10:00) Remote access: detect, audit, and control what partners are doing
• (00:12:00) “Compliance” vs. operational reality on the plant floor
• (00:16:00) Resourcing reality: why most teams cannot self-perform OT security
• (00:20:00) Final advice: budget, ROI of downtime, and act before the incident

Links And Resources:

• Want to Sponsor an episode or be a Guest? Reach out here.
• Industrial Cybersecurity Insider on LinkedIn
• Cybersecurity & Digital Safety on LinkedIn
• BW Design Group Cybersecurity
• Dino Busalachi on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

The biggest challenge in OT cybersecurity isn’t just technology - it’s people.

In this episode of Protect It All, host Aaron Crow sits down with Mike Holcomb to explore one of the most urgent issues facing the industry today: the growing skills gap in OT and ICS cybersecurity.

Mike shares his journey from IT into operational technology security and breaks down why more professionals are needed to defend the systems that power energy, manufacturing, and critical infrastructure worldwide.

This conversation goes beyond awareness - it’s about practical pathways into the field and how the community is stepping up to make OT cybersecurity more accessible.

You’ll learn:

Whether you’re looking to break into cybersecurity, pivot your career, or build stronger teams, this episode delivers actionable guidance and inspiration from someone actively shaping the future of OT security.

Tune in to learn how to build a career while helping protect the infrastructure the world depends on - only on Protect It All.

Key Moments: 

03:07 Getting started in cybersecurity

06:33 Early passion for cybersecurity

11:54 Hurricane Katrina aftermath discussion

15:50 Awareness and education on OT security

17:49 First experiences with GRID class

25:07 Early challenges in OT cybersecurity

29:17 Importance of effective communication

35:11 Global expansion of cybersecurity events

39:52 Building a foundation in OT cybersecurity

43:36 Excitement for new CompTIA exam

46:48 Expressing appreciation for community involvement

About the guest: 

Mike Holcomb is an independent consultant focused on OT/ICS cybersecurity and an educational content creator. Prior to supporting clients full-time through UtilSec, he was the Fellow of Cybersecurity and the OT/ICS Cybersecurity Global Lead for one of the world’s largest engineering and construction companies, providing him with the opportunity to work in securing some of the world’s largest OT/ICS environments, from power plants and commuter rail to manufacturing facilities and refineries. As part of his community efforts, Michael founded the BSidesICS/OT with multiple events planned globally in 2026. He has his master’s degree in OT/ICS cybersecurity from the SANS Technology Institute. Additionally, he maintains cyber security and OT/ICS certifications such as the CISSP, GRID, GICSP, GCIP, GPEN, GCIH, ISA 62443, and more. He was awarded the SANS Difference Maker Award for Practitioner of the Year: ICS/OT Defender for 2025 and BEER-ISAC's Community Builder Award for 2026. He posts regularly on LinkedIn and YouTube to help others learn more about securing OT/ICS and critical infrastructure. 

How to connect Mike: 

Main Site: mikeholcomb.com

LinkedIn: linkedin.com/in/mikeholcomb

YouTube: youtube.com/@utilsec

Instagram: instagram/_mikeholcomb/

Newsletter: utilsec.kit.com/95e31307f7

BSidesICS/OT: bsidesics.org

Connect With Aaron Crow:

Learn more about PrOTect IT All:

To be a guest or suggest a guest/episode, please email us at [email protected]

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Tiffany Wilson, the founder of Wilson Inclusive Solutions (WINS), a disability accessibility consulting firm, joins the Nexus Podcast to discuss the proliferation of consumer technology into healthcare infrastructure. This technology—smart speakers that help manage medications or cameras that monitor vulnerable individuals—often handles patient data and safety, and operates in a regulatory void. 

Wilson advocates for frameworks that manufacturers and distributors can use to protect patient information and safety, given that most of this assistive technology functions as healthcare infrastructure without existing oversight and protection given healthcare technology. 

Subscribe and listen to the Nexus Podcast here. 

Embedded systems power everything from critical infrastructure to defense systems, yet vulnerabilities in those systems often go unseen and unaddressed. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and special guests Mario Zuniga and Matt Janson of MITRE to discuss the “invisible attack surface” lurking within embedded and cyber-physical systems.

Drawing on their frontline experience in cyber operations and resiliency engineering, Mario and Matt explain why embedded systems demand a fundamentally different approach to cybersecurity. From limited patching capabilities and long system lifecycles to unique hardware and firmware attack vectors, traditional IT security models fall short in these environments.

Together, they discuss:

• Why embedded systems are often overlooked in cybersecurity strategies
• How attackers exploit firmware, hardware interfaces, and air-gapped environments
• The challenges of securing systems that must remain operational for decades
• The role of MITRE’s embedded threat matrix (ESTEEM) in mapping adversary behavior
• Why resilience—not just prevention—is key to defending critical infrastructure

From industrial control systems to national defense, this episode reveals what it takes to secure the technologies that quietly underpin modern society and why the time to act is now.

Airports illustrate the potential impact of OT attacks that disrupt functionality. Dan Gunter, CEO of Insane Cyber, talks about how industrial environments differ from traditional IT, particularly in their reliance on availability and safety, where disruptions can have significant real-world and financial consequences.

Most cybersecurity teams treat patching like a universal fix. In manufacturing, that assumption can take down a production line, trigger a safety event, or void the warranty on a $2 million piece of equipment.

In this episode, Dino Busalachi and Craig Duckworth break down why patching in operational technology environments is a fundamentally different problem than patching enterprise IT — and why closing that gap requires more than just pushing an update.

The bottom line: A firewall is not a patching strategy. Neither is hoping your systems are isolated. Organizations that get this right use risk-based prioritization, lab testing, virtual patching, and real collaboration between IT and OT teams.

If you are responsible for a plant floor — or for the people who are — this conversation is for you.

🎙️ Industrial Cybersecurity Insider is where C-suite leaders, plant managers, engineers, and security teams come to close the gap between IT and OT.

🔔 Subscribe so you never miss an episode.

Chapters:

• (00:00:00) Why assessing OT cybersecurity posture and asset visibility is hard
• (00:01:00) IT patches constantly, OT rarely does, and why that gap matters
• (00:03:00) Downtime costs: a broken patch in OT can stop the entire plant
• (00:05:00) OEM “don’t touch it” policies and warranty pressure
• (00:08:00) M&A due diligence: buying plants without knowing the cyber condition
• (00:09:00) CrowdStrike outage example and why agent-based tools are risky in OT
• (00:10:00) Virtual patching: protecting PLCs and legacy assets you cannot patch
• (00:14:00) Vendor guidance, upgrade rewrites, and “acceptable risk” decisions
• (00:17:00) Hidden exposure: guest Wi‑Fi, tablets, remote access, and “air gaps”
• (00:20:00) Best practices: inventory, continuous monitoring, vulnerability metrics, and cross-team alignment

Links And Resources:

• Want to Sponsor an episode or be a Guest? Reach out here.
• Industrial Cybersecurity Insider on LinkedIn
• Cybersecurity & Digital Safety on LinkedIn
• BW Design Group Cybersecurity
• Dino Busalachi on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Klaus Mochalski & Erwin Kruschitz (anapur AG) diskutieren den Wert von NIS2. Erfahren Sie, warum Angriffserkennung nicht der erste Schritt ist, wie Sie Compliance-Blindleistung vermeiden und weshalb OT-Security zwingend bei der Geschäftsführung beginnen muss. 

Mehr zum Thema OT Security Made simple findet Ihr auf rhebo.com oder schreibt uns mit Euren Ideen, Fragen oder Gastvorschlägen an [email protected].  

🎙️ Just had an interesting chat with Nebras ALQURASHI on our YouTube podcast: "Digital Twins in ICS/OT". Nebras, an OT cybersecurity book author, course author and creator of Neuro Twin, shared his expertise on leveraging digital twins for industrial security. Dive into the discussion now !