In this episode of Exploited: The Cyber Truth, RunSafe Security Founder and CEO Joseph M. Saunders returns to confront a critical question: With nearly 70% of industrial firms hit by OT cyberattacks last year, can we actually fix OT security—or are we forever stuck in a cycle of reaction?

Joe takes a hard look at the current state of operational technology security, exposing why legacy systems running our power grids, water plants, and factories remain dangerously vulnerable. He also unpacks the NSA’s April 2025 guidance on Smart Controller Security and what it signals for the future of critical infrastructure protection.

We discuss the real risks behind outdated architectures, the shortcomings of so-called “security solutions,” and why Secure by Design must replace “patch and pray.” With a focus on practical defense strategies—not buzzwords—Joe shares what CISOs can do right now, even on limited budgets, to mitigate OT risk.

In this episode:

• Why OT environments are still so vulnerable
• The impact of new NSA guidance on Smart Controller Security
• What “Secure by Design” actually looks like in OT systems
• How to cut through “security theater” and address real risks
• What every mid-sized industrial org should prioritize today
• Whether a wake-up call OT event is looming—or already here

If you're responsible for securing critical infrastructure—or simply rely on it—this is a conversation you can’t afford to miss.