Megan Stifel, Chief Strategy Officer for the Institute for Security and Technology, joins the Nexus Podcast to discuss the four years of progress and challenges experienced by the Ransomware Task Force. 

The RTF was created days before the Colonial Pipeline ransomware incident and in a landmark report, laid out 48 recommendations to the industry that included a framework for critical infrastructure organizations that could help deter and disrupt the operations of ransomware gangs. 

Stifel covers the growth of the task force and which the of the 48 recommendations have been tackled and which remain. 

Listen and subscribe to the Nexus Podcast on your favorite platform.

This is a story about a Chief Hacking Officer who draws on his expertise in physical and virtual security assessments—along with some intuitive AI-driven coding—to safeguard Operational Technology. Colin Murphy of Frenos and Mitnick Security talks about how some of his early assessment work with Kevin Mitnick is helping him with OT security today.

In this special rewind edition of Industrial Cybersecurity Insider, we revisit some of the most powerful insights shared on how to elevate OT cybersecurity across complex, distributed environments.

From budget allocation strategies to disaster recovery frameworks and the nuances of executive engagement, this episode distills frontline lessons into a compact, high-impact listen.

Whether you're navigating remote access risks, managing hybrid architectures, or striving to align plant managers with corporate cybersecurity goals, these reflections are a roadmap for driving resilience and maturity in your OT security strategy.

Chapters:

• 00:00:00 - Rewind Kickoff: From Blind Spots to Bold Predictions
• 00:00:46 - The A-Z of Industrial Cybersecurity for OT Environments with Industry Expert Bryson Bort
• 00:10:57 - Gartner, DOGE, and the Future of OT Cybersecurity Policy
• 00:21:38 - Uncovering Blind Spots in OT Cybersecurity

Links And Resources:

• Industrial Cybersecurity Insider on LinkedIn
• Cybersecurity & Digital Safety on LinkedIn
• BW Design Group Cybersecurity
• Dino Busalachi on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Cybersecurity in healthcare is facing heightened challenges as regulations shift, IoT devices proliferate, and ransomware attacks become increasingly devastating. Josh Spencer, Founder, and CIO at FortaTech Security and with over fifteen years in the field including time as CISO/CTO at UT Southwestern, explores why HIPAA changes are necessary, the high stakes of securing medical devices, and how both technology and culture play roles in protecting patient data and safety. The conversation breaks down risks, practical mitigation strategies, and the ongoing evolution of both threats and defensive tools -- including AI --  and covers the evolving HIPAA landscape and the move from “addressable” to required controls, ransomware’s impact on hospitals and patient safety, challenges and best practices in securing connected medical (IoT/OT) devices, the importance of real-world risk assessment and penetration testing in healthcare, and human factors, including security awareness training and leveraging AI both for defense and as a threat.

Let’s connect about IoT Security!

Follow Phillip Wylie at https://www.linkedin.com/in/phillipwylie
https://youtube.com/@phillipwylie

The IoT Security Podcast is powered by Phosphorus Cybersecurity. Join the conversation for the IoT Security Podcast — where xIoT meets Security. Learn more at https://phosphorus.io/podcast

In this episode, host Aaron Crow dives deep into the intersection of IT and OT cybersecurity with special guest Gavin Dilworth—a plant operator turned automation engineer and cybersecurity expert. Listen in as Gavin shares his candid and often humorous journey from factory floors to global consulting, including how a workplace near-miss sparked his “lightbulb moment” about the similarities between health and safety and cybersecurity.

Aaron and Gavin discuss everything from operators’ creative workarounds on the plant floor, to the importance of trust and rapport between IT and OT teams, and why having hands-on experience is key to building effective cybersecurity programs in critical infrastructure environments. 

You’ll also hear real-world stories of technology mishaps, the critical role of plant culture, and the practical challenges organizations face in securing legacy systems while keeping operations running.

If you want honest, relatable insights and actionable advice on bridging the IT-OT divide—and a few laughs along the way—this episode is for you.

Key Moments: 

10:12 Operator Rounds and RFID Challenges

12:56 Operators' Ingenuity and Knowledge

21:29 IT vs. OT: Firmware Update Challenges

26:49 Understanding and Accepting Risk

28:12 Standards, Frameworks, and Continuity

33:08 High Voltage Safety Precautions

40:41 Bridging OT and IT Skills

43:46 Cybersecurity Cross-Training Surge

52:38 CISO Knowledge Gap in OT Security

54:32 "Experience: Essential for Understanding"

01:03:34 DCS System Configuration Challenges

01:06:52 Neglecting Redundancy Risks Operations

01:11:00 Optimizing Underutilized IT Resources

01:20:04 "Understanding Systems Before Advice"

01:22:06 Old Cables Remain Untouched

About the guest : 

Gavin Dilworth’s career took an unconventional path. As a plant operator, he was tasked with keeping production running smoothly and monitoring sensor readings, both on the computer and around the factory. However, Gavin was never quite the model operator—rather than dutifully making rounds and comparing readings, he often found himself absorbed in books, dreaming of a future in IT. Though he laughs about being a “pretty terrible operator,” Gavin’s story reflects his early drive to pursue his true interests in technology, even when duty called elsewhere.

How to connect Gavin : 

Linkedin : https://www.linkedin.com/in/gavin-dilworth/

Website: https://assessmentplus.co.nz/

Connect With Aaron Crow:

Learn more about PrOTect IT All:

To be a guest or suggest a guest/episode, please email us at [email protected]

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

אחת המחלוקות הגדולות בין אנשי המקצוע בסייבר היא נושא ביטוח הסייבר. כן צריך, לא צריך, האם המוצר הביטוחי מצדיק את ההוצאה והאם הוא נותן פתרון אמיתי בזמן משבר.

הדס תמם בן אברהם סגנית הדיקן בקריה האקדמית אונו ונחשון פינקו יועץ ואוונגליסט סייבר מארחים את מיכל שלמה ראש מחלקת ביטוחי סייבר בסוכנות הביטוח האודן, בשיחה על ביטוחי סייבר ומה האמת למול השמועות.

האם ביטוח סייבר באמת יקר האם ברגע שיש אירוע סייבר, חברת הביטוח לוקחת את המושכות ומנהלת את המשבר גם אם בניגוד לדעת הלקוח האם ביטוח סייבר הוא במקום התקשרות מבעוד מועד עם חברת איי.אר

ועוד

One of the most significant disputes among cyber professionals concerns cyber insurance. Is it necessary? Does the insurance product justify the expense? Does it provide a real solution during a cyber crisis?

Hadas Tamam Ben Avraham, Vice Dean at the Ono Academic College, and Nachshon Pincu, cyber evangelist and consultant, host Michal Shlomo, Head of the Cyber Insurance Department at Howden Insurance Brokers Israel, in a conversation about cyber insurance and the truth in the face of rumours.

Is cyber insurance costly? Does the insurance company take the reins and manage the crisis as soon as a cyber event occurs, even if contrary to the customer's opinion?

Is cyber insurance a substitute for a contract in advance with an IR company?

And more

Zeek Muratovic, Director of Security Operations at Landis+Gyr talks about the first steps to build a SIEM SOC in OT environments. Being a pragmatist, he proposes a step-by-step approach that prevents OT operators from overkilling their budget AND workload.