In this special rewind episode, Dino Busalachi and Jim Cook address the messy but critical reality of implementing Zero Trust in operational technology (OT) environments.

Drawing from years of hands-on experience, they break down why traditional IT frameworks often fail on the plant floor, especially when facing flat OT networks, legacy assets, and limited change windows.

They introduce a "bucket approach" to segmenting and securing OT networks from the ground up. With real-world insights into asset inventory, process integrity, remote access challenges, and cross-functional collaboration, this episode is invaluable.

Whether you're a CISO, CTO, an OT engineer, or IT expert; this episode offers solid advice on navigating the convergence of IT and OT in complex industrial systems and environments.

Chapters:

• 00:00:00 – Why Zero Trust Doesn’t Fit the Plant Floor (Yet)
• 00:00:45 - Zero Trust : IT versus OT with Dino Busalachi and Jim Cook
• 00:15:59 - Zero Trust in OT: Adapting IT's Playbook for Enhanced Security

Links And Resources:

• Industrial Cybersecurity Insider
• LinkedIn Cybersecurity Group Page
• Dino Busalachi on LinkedIn
• Jim Cook on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Episode 53 gets into the intricate world of IT and OT cybersecurity with host Aaron Crow and guest Joshua Kuntz, the Chief Information Security Officer for a state agency in Texas. With a comprehensive background spanning two decades and involvement with seven state agencies, Joshua shares his journey from the Marine Corps to leading security programs in the public sector. 

The episode covers a range of topics, including the transition from military to government cybersecurity roles, the intricacies of budget allocation, and the significance of mastering both technical and business soft skills in cybersecurity leadership. 

Joshua provides insights into navigating legislative changes, adapting to rapid technological advances, and the essential task of balancing cybersecurity risks with operational priorities. 

Listeners are treated to an engaging conversation that offers practical strategies and real-world experiences aimed at protecting critical assets in today’s dynamic cyber landscape.

Key Moments: 

05:46 Ownership Alters Risk Perception

09:39 Technical Leaders Developed Through Soft Skills

11:52 "Value of MBA Over Technical Expertise"

14:29 Navigating Ambiguity in Future Planning

19:46 "Questioning Budget Cuts Amid Surplus"

21:05 Efficient Resource Sharing in Texas

25:31 Remote Work Cybersecurity Challenges

27:36 VPN Secure Access for Remote Work

33:21 Prioritizing Critical Executive Decisions

34:45 Understanding Cyber Risk Impact

38:16 CISO Role: Beyond "Yes Men"

41:05 "Exploring IT and OT Cybersecurity"

About the guest : 

Joshua Kuntz is a dedicated professional who successfully transitioned from a military career as an electronics technician to a role with the Texas Department of Public Safety. Embracing the paramilitary structure of the department, Joshua leveraged his military experience to adapt to the law enforcement environment, focusing on protecting citizens. 

While he found comfort in the familiar rank structure and chain of command, Joshua faced challenges in adjusting to personnel management outside the military realm. Despite the loss of certain disciplinary tools common in the military, Joshua continues to evolve as a leader, emphasizing adaptability and commitment to public service.

How to connect Joshua  - https://www.linkedin.com/in/joshua-kuntz-cissp-35a825176/

Connect With Aaron Crow:

Learn more about PrOTect IT All:

To be a guest or suggest a guest/episode, please email us at [email protected]

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of the Critical Assets Podcast, Patrick Miller interviews Darren Highfill, former CISO of Norfolk Southern, for a candid look behind the curtain of life as a security executive. Darren shares hard-won lessons from building and leading a cybersecurity program in a critical infrastructure environment, including how to gain executive buy-in, scale a team, and align security with business priorities. He reflects on the challenges of translating cyber risk into business risk, managing real-world incidents, and the evolving expectations of the CISO role. Whether you're in the chair now or working toward it, this conversation is packed with practical insights for anyone navigating cybersecurity leadership.

Show links:

• Darren Highfill LinkedIn Profile - https://www.linkedin.com/in/darrenhighfill/
• NIST Cyber Security Framework (CSF) - https://www.nist.gov/cyberframework
• Ankrd website - https://www.ankrd.com/

Eileen Walther, General Manager von Northwave Cyber Security, und Klaus Mochalski gehen der Frage auf den Grund, wie sich die Rolle des CISO in der OT-Security verändert hat und was KMUs daraus lernen können.

Bryson Bort welcomes Sarah Powazek, Program Director of Public Interest Cybersecurity at the UC Berkeley Center for Long-Term Cybersecurity, to discuss the organization’s work providing cybersecurity resources for the public, and CyberCAN, a project to connect cities and nonprofits providing critical services.  

How can cities play a larger role in protecting their communities? What are the biggest cybersecurity challenges facing nonprofits? What innovative solutions are being developed to address the cybersecurity resource gap? 

“It's never going to be enough to have one federal agency help every single organization in a country. We're just too large,” Sarah said. “I think the solution is to create more infrastructure at the state, local, and regional level.”

Join us for this and more on this episode of Hack the Plan[e]t. 

Hack the Plan[e]t is brought to you by ICS Village and the Institute for Security and Technology.

The Cybersecurity Manufacturing Innovation Institute (CyManII) wants to solve the biggest challenges facing cybersecurity in the U.S manufacturing industry. Gabriela Ciocarlie, Chief Technology Officer of CyManII, speaks with Lead Contributing Editor Amy Bryson about cybersecurity considerations for manufacturers of all sizes. 

In this episode, Dino and Craig address the practicalities of building cyber resilience directly into manufacturing environments - rather than after the fact.

Using real-world analogies and field-tested insights, they break down why treating OT security like physical safety is crucial.

They challenge the outdated mindset of retrofitting cybersecurity protection after deployment of industrial plant floor equipment.

This episode covers all the key elements of protecting your plant floor. From the importance of designing cybersecurity upfront, to implementing the SANS 5 Critical Controls, specific to cybersecurity in operational technology (OT) environments.

Whether you're planning a greenfield build or managing legacy systems, this episode equips mid-to-senior leaders with actionable strategies to align IT and OT teams, boost visibility across XIoT assets, and future-proof operational environments in high-risk industries.

Chapters:

• 00:00:00 - Kicking Off: Why Cybersecurity Can’t Be an Afterthought in Manufacturing
• 00:01:52 - Dino’s Five Must-Have OT Security Controls You Should Already Be Using
• 00:03:45 - When IT and OT Collide: Real Talk on Silos, Strategy, and Responsibility
• 00:06:08 - You Can’t Protect What You Can’t See: The Visibility Wake-Up Call
• 00:11:24 - Build It In, Don’t Bolt It On: Making Cybersecurity Part of the Machine
• 00:19:26 - Lost Docs and Retiring Experts: Managing Risk Across the Lifecycle
• 00:20:41 - Dino and Craig’s Final Word: Start Now, Start Smart—Security Is the New Safety

Links And Resources:

• Industrial Cybersecurity Insider on LinkedIn
• Cybersecurity Insider Newsletter
• Dino Busalachi on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

We connect with Ken Crawford, senior director of automation at Weidmuller, to explore the differences between open control systems and proprietary control systems, the security and reliability of open control technologies, and the process of adopting open systems for manufacturers who are using either proprietary control system technologies or those that are part of a vendor/partner ecosystem.

This week's Pipeliners Podcast episode is a rebroadcast of Episode 237 featuring host Russel Treat walking through how each individual pipeliner should think about pipeline cyber security as it relates to supporting their operation. The episode centers on three key areas of threats, understanding, and mitigation.

Russel goes into deep detail about cybersecurity threats, the importance of understanding what the nature of the environment is, and how to have healthy cyber hygiene. In this episode, you will learn the language of cybersecurity professionals, as well as how to reduce your chances of being cyber attacked by controlling your personal risk and personal mitigations by identifying phishing, using VPNs, and having proper password management.