Sign up to save your podcasts
Or
Share Bryson Bort: Security Is Defined By The Threat - Contextualizing Cyber Risks To Prioritize Security Efforts
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Bryson Bort: Security Is Defined By The Threat - Contextualizing Cyber Risks To Prioritize Security Efforts
About Bryson Bort: Bryson Bort is a skilled cybersecurity professional with an impressive background as an entrepreneur and former U.S. Army Officer. He founded SCYTHE, a platform for next-generation attack emulation, and GRIMM, a cybersecurity consulting firm. Additionally, he co-founded the ICS Village, a non-profit organization dedicated to raising awareness about industrial control system security. Bryson has received numerous awards and recognitions, including being named one of the Top 50 in Cyber by Business Insider and a Tech Titan in Washington DC. He also served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom during his military career. Bryson earned his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point and completed various professional education courses in tactical communications and information assurance. With his extensive experience in the cybersecurity industry, Bryson is a respected thought leader and advisor in the field.
In this episode, Aaron and Bryson Bort discuss:
- The challenges and cultural divide in addressing cybersecurity issues in OT, why IT security solutions don’t work for OT, and why OT security is lagging behind IT security
- Bridging the gap between OT and IT through education, but also listening and building trust.
- Vulnerability management and patching versus risk mitigation
- Ransomware in cars, geopolitical concerns, and positive developments in government efforts and regulation to support risk management in education and critical infrastructure's OT side.
Key Takeaways:
- OT cybersecurity requires a different approach than IT cybersecurity due to the complex technical environment and the potential safety risks involved, and tools alone cannot bridge the cultural and skillset divide between OT and IT professionals.
- When it comes to vulnerability management, IT emphasizes patching and is often compliance driven. In OT it’s important to recognize that systems in an operational environment often cannot be patched without disruption operations, so OT vulnerability management emphasizes risk mitigation, and putting safeguards around the vulnerability.
- Security is defined by the threat. Security is measured and validated against how well that threat is mitigated. So it’s important to understand the behavioral characteristics of threats in order to take the actions that improve your security posture. Contextualizing what the security threat means to you is important for prioritization.
- Relatively speaking, the cybersecurity industry is still young, and the U.S. Government's cybersecurity programs are even younger. We will continue to see more development and improvements with regard to unified cybersecurity programs in the near future.
"I think a lot of people forget how young this industry is and also how young the government's attempts are at this industry." — Bryson Bort
Connect with Bryson Bort:
Website: https://scythe.io/ and https://grimmcyber.com/
Show: https://podcasts.apple.com/us/podcast/hack-the-plant/id1528852909
LinkedIn: https://www.linkedin.com/in/brysonbort/
Twitter: https://twitter.com/brysonbort
Hack the Capitol 2023: https://www.icsvillage.com/hack-the-capitol-2023
Connect with Aaron:
LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about Industrial Defender:
Website: https://www.industrialdefender.com/podcast
LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/
Twitter: https://twitter.com/iDefend_ICS
YouTube: https://www.youtube.com/@industrialdefender7120
Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.
View all episodes
By Aaron Crow
5
1313 ratings
About Bryson Bort: Bryson Bort is a skilled cybersecurity professional with an impressive background as an entrepreneur and former U.S. Army Officer. He founded SCYTHE, a platform for next-generation attack emulation, and GRIMM, a cybersecurity consulting firm. Additionally, he co-founded the ICS Village, a non-profit organization dedicated to raising awareness about industrial control system security. Bryson has received numerous awards and recognitions, including being named one of the Top 50 in Cyber by Business Insider and a Tech Titan in Washington DC. He also served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom during his military career. Bryson earned his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point and completed various professional education courses in tactical communications and information assurance. With his extensive experience in the cybersecurity industry, Bryson is a respected thought leader and advisor in the field.
In this episode, Aaron and Bryson Bort discuss:
- The challenges and cultural divide in addressing cybersecurity issues in OT, why IT security solutions don’t work for OT, and why OT security is lagging behind IT security
- Bridging the gap between OT and IT through education, but also listening and building trust.
- Vulnerability management and patching versus risk mitigation
- Ransomware in cars, geopolitical concerns, and positive developments in government efforts and regulation to support risk management in education and critical infrastructure's OT side.
Key Takeaways:
- OT cybersecurity requires a different approach than IT cybersecurity due to the complex technical environment and the potential safety risks involved, and tools alone cannot bridge the cultural and skillset divide between OT and IT professionals.
- When it comes to vulnerability management, IT emphasizes patching and is often compliance driven. In OT it’s important to recognize that systems in an operational environment often cannot be patched without disruption operations, so OT vulnerability management emphasizes risk mitigation, and putting safeguards around the vulnerability.
- Security is defined by the threat. Security is measured and validated against how well that threat is mitigated. So it’s important to understand the behavioral characteristics of threats in order to take the actions that improve your security posture. Contextualizing what the security threat means to you is important for prioritization.
- Relatively speaking, the cybersecurity industry is still young, and the U.S. Government's cybersecurity programs are even younger. We will continue to see more development and improvements with regard to unified cybersecurity programs in the near future.
"I think a lot of people forget how young this industry is and also how young the government's attempts are at this industry." — Bryson Bort
Connect with Bryson Bort:
Website: https://scythe.io/ and https://grimmcyber.com/
Show: https://podcasts.apple.com/us/podcast/hack-the-plant/id1528852909
LinkedIn: https://www.linkedin.com/in/brysonbort/
Twitter: https://twitter.com/brysonbort
Hack the Capitol 2023: https://www.icsvillage.com/hack-the-capitol-2023
Connect with Aaron:
LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about Industrial Defender:
Website: https://www.industrialdefender.com/podcast
LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/
Twitter: https://twitter.com/iDefend_ICS
YouTube: https://www.youtube.com/@industrialdefender7120
Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.