(CS)²AI Podcast Show: Control System Cyber Security

Today, we are thrilled to welcome Roya Gordon as our guest. 

Roya is an executive industry consultant specializing in operational technology, cybersecurity, and Hexagon. She is a military veteran, an accomplished technologist, and a prolific speaker in our industry. Her creativity knows no bounds, encompassing her passion for the arts and her love of opera and symphonies. She is also an avid traveler and a super fun person to have around.

Roya brings a unique and engaging perspective to our discussion today. She shares her journey from a pre-law magnet program to becoming a skilled speaker in the Navy, highlighting the value of communication skills for conveying technical information to audiences and sharing the challenges and opportunities veterans face when breaking into the cybersecurity industry.

Stay tuned as Roya shares her invaluable insights and experiences, offering guidance for veterans aspiring to enter the cybersecurity field. You will not want to miss the wisdom and stories Roya shares with us today.

Show highlights:

• Roya shares her background as an army brat.
• Roya discusses her six-year experience in the Navy.
• How Roya gradually realized she was involved in technology through her Navy intelligence work
• Roya talks about her studies in international relations and national security after leaving the Navy and how she pivoted to studying cyber-warfare
• Roya landed a job as a security researcher at Idaho National Laboratory (INL) despite lacking an IT background.
• Roya talks about the foundational training she received in OT cybersecurity at INL. 
• How advanced tools often get underutilized due to a lack of trained personnel   
• Roya highlights the value of certifications. 
• How non-technical roles like journalism and event planning can offer entryways into the cybersecurity space.

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Hexagon

Roya Gordon on LinkedIn

We are thrilled to have Max Aulakh, the Founder and CEO of Ignyte Assurance Platform, joining us today. 

Max is a military veteran and motorcycle enthusiast who enjoys doing voluntary work. He is a prolific contributor to the cybersecurity community, always willing to be of service to others. When Max was three, his father applied for American citizenship at the US Embassy in India. It was an extremely long process, and after losing all hope, he and his family finally migrated to Oklahoma a decade later. 

Join us to learn how Max transitioned from the military to founding the successful Ignyte Assurance Platform. He also shares his views on regulations, discusses how AI has impacted the security field, and offers prudent and practical advice for anyone interested in pursuing a cybersecurity career. 

Stay tuned for today’s candid and fascinating interview with Max Aulakh, the Founder and CEO of Ignyte.

Show highlights:

• How Max’s military experience led to his career in security
• Max’s Air Force mentor encouraged voluntary service.
• How working with the Department of Treasury, scrubbing hard drives, led to Max’s interest in security.
• Max explains how his military experience instilled a service mindset beneficial for security roles.
• While in service, he attended the American Military University due to its flexible programs for deployed personnel.
• The challenges he faced transitioning from a services company to a product-based company
• Max shares how he launched Ignyte in 2019/2020
• How Max assists companies with the Cybersecurity Maturity Model, particularly in thedefense sector.
• Why standardization and testing are essential in operational technology
• Max shares his views on the potential of AI

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Ignyte Assurance Platform

Max Aulakh on LinkedIn

We are delighted to have Mike Holcomb joining us on the show today.

Mike is both a fellow and a cybersecurity director, and he currently serves as the ICS OT Cybersecurity Global Lead at Fluor, a massive multinational engineering and construction firm with over 40,000 employees. He has participated in many major building projects, and we are excited to learn from his extensive experience today. 

Stay tuned as Mike shares his insights and expertise.

Show Highlights:

• Mike discusses the two years he spent in China building bowling alleys
• Mike talks about his time teaching and consulting at a training company in San Diego
• How Mike had the opportunity to double his salary and work with the Navy SEALs during 9/11
• Mike discusses his experience working in IT security
• Mike explains that Fluor has built some of the largest control system environments in the world 
• Mike discusses challenges in the energy sector
• How regulations impact cybersecurity in various industries
• Why cybersecurity regulations are essential within critical infrastructure
• Mike discusses the challenge of aligning IT and OT cybersecurity teams 

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Bridewell

Michael Holcomb on LinkedIn

Fluor

We are delighted to have Chase Richardson, the VP of Consulting at Bridewell, back on the show today. 

Bridewell boasts a rich history in industrials, offering comprehensive cybersecurity services across the entire cybersecurity spectrum, including operating technology. 

Recently, Bridewell came up with an insightful report on cybersecurity within the US critical infrastructure. In this episode, Chase dives into the current state of cybersecurity regulations in critical infrastructure and shares the details and origin of the upcoming Bridewell report, which falls squarely within the interest of CSAI. 

Tune in to learn more about this exciting project.

Show highlights:

• How the attacks experienced by CISOs and cyber managers have decreased despite an increase in risk sentiment 
• The challenges small and mid-sized airports face when implementing regulations due to their limited cybersecurity budgets
• How cybersecurity regulations in the US differ from those in the UK
• What is the link between IT and OT security?
• Why it is essential to implement a hybrid of IT and OT security measures to protect critical infrastructure
• Why organizations need to comply with relevant cybersecurity standards and regulations
• Chase shares key findings and insights from Bridewell's upcoming cybersecurity report for critical infrastructure.

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Bridewell

Chase Richardson on LinkedIn

We are delighted to have Chase Richardson, Head of US Operations for Bridewell, and Martin Riley, Director of Managed Services for Bridewell, joining us today!

We are changing things slightly for this episode, with Martin and Chase diving into how to integrate OT systems into your sim rather than presenting our regular biographical format. Their focus today is predominantly on the increasingly relevant topic of managing data across diverse platforms, particularly in OT applications. 

Join us as we explore this integration and unravel the challenges it presents.

Show highlights:

• The evolution of cybersecurity technology
• How the industry struggles with integrating IoT and OT data into security sims
• Why integrating separate systems into one platform is crucial for security teams
• How security and operational technology leadership teams converge
• Why hybrid teams are essential for managing cybersecurity risks
• The importance of asset visibility and understanding the architecture for effectively implementing security solutions
• How AI and machine learning can help to reduce noise in security operations
• Why threat intelligence is essential for business risk and control validation
• The importance of threat intelligence in the cybersecurity industry

Links and resources:

(CS)²AI 

Chase Richardson on LinkedIn

Martin Riley on LinkedIn

Bridewell

Derek Harp on LinkedIn

We are thrilled to welcome Juan Carlos Buenano as our distinguished guest for today’s episode of the CS2AI podcast! 

Carlos is the Chief Technology Officer for OT at Armis. He is a born technologist and an engineer by training. Beyond his professional endeavors, he embraces a life filled with adventure, enjoying many outdoor activities, including scuba diving, mountain biking, and exploring the scenic expanses of unspoiled nature. 

Carlos was born in Venezuela and grew up in a small town outside Caracas. After graduating as an electronic engineer in Venezuela, he traveled to Australia to learn English, fell in love with the country, the lifestyle, and the nature, and has lived there for the last 23 years.

Carlos brings a unique perspective to today’s show, shaped by his professional and personal experiences. Join us for an engaging discussion as he shares his wealth of experiences and insights and explains how he serves his community.

Show Highlights:

• Carlos shares his journey to becoming an engineer in the energy industry
• How his interest in control systems began
• Carlos recounts his early cybersecurity experiences in industrial systems during the early 2000s
• The importance of keeping operating systems up to date to prevent vulnerabilities and ensure reliability
• Why it is essential to understand how technology works in both physical security and cybersecurity
• Carlos discusses the challenges of integrating cybersecurity into process control systems
• Carlos offers advice for engineers who want to get into cybersecurity
• The importance of mentorship and learning from others in their industry
• Carlos discusses the weekly open mic Ask Me Anything sessions he does at work

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Carlos Buenano on LinkedIn

Armis

We are delighted to have Ken Munro joining us from the UK today! 

Ken is a Partner and Co-founder of Pen Test Partners. He is a seasoned technologist, the founder of multiple ventures, a pilot, a skier, and a dynamic and adventurous contributor to our community. 

Ken brings a wealth of experience and expertise that promises to enrich our understanding of the evolving landscape in cybersecurity. In today's discussion, we dive into his remarkable career journey and explore his perspective on OT and ICS-related cybersecurity.

Join us for this informative session with Ken as he shares his valuable perspectives.

Show Highlights:

• Ken discusses his cybersecurity industry journey
• How Ken’s past Air Force experience relates to his current work in cybersecurity
• The benefits of telling a story when communicating complex concepts
• Ken shares a story to highlight the importance of safety and security within the aviation industry
• Ken talks about the unique systems on board planes and their vulnerabilities
• How the isolated protocols used in older aircraft systems are more robust and stable than the modern systems
• How even simple display systems can cause airport outages
• Ken shares his concerns about cybersecurity risks within cloud management platforms for industrial control systems
• How including contractual language for liability in procurement contracts can protect organizations against cybersecurity risks
• Ken shares his thoughts on the future of the cybersecurity industry

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Ken Munro on LinkedIn

Pen TestPartners

We are excited to bring you another captivating industry leader interview today.  

In this episode, we interview Michelle Balderson, the Principal Security Architect at Issquared. Michelle is a seasoned professional. In addition to having extensive experience as an established contributor and leader within the industry, she is a technologist, devoted mother, wife, chef, and a true jack of all trades. Beyond her contributions to the industry, Michelle finds joy in the great outdoors, whether she is conquering hiking trails, setting up camp, or enjoying four-by-four adventures. 

In our discussion today, Michelle talks about her personal and professional journey, sharing insights she gained along the way and shedding light on the path that brought her to where she is in her current role as a security specialist.

Join us as we dive into the rich reservoir of wisdom and experience that Michelle brings to the table.

Show Highlights:

• How moving around a lot while growing up allowed Michelle to develop an excellent rapport with others
• Michelle describes her first experience with technology
• Michelle shares her experience of working at Fortinet and SonicWALL
• Work opportunities within the OT security space
• Why a more holistic approach to security is needed
• The importance of changing the culture within businesses to bridge the gap between different domains 
• How empathy and active listening can drive business success
• Michelle discusses her role at Issquared
• Michelle shares the advice she would give to her younger self

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Michelle Balderson on LinkedIn

ISSQUARED Inc.

Today, we are bringing you a fresh, new format called the Author Spotlight, where we focus on the authors within our community. 

We are delighted to launch the Author Spotlight by shining our light on Andrew Ginter, the VP of Industrial Security at Waterfall Security Solutions. Andrew has been a steadfast CS2AI supporter since its inception, dedicating considerable time to CS2AI initiatives, and Waterfall is one of our oldest sponsors. 

We are grateful to Andrew for generously sharing his insights and all the invaluable contributions he and his company, Waterfall, have made. Andrew's offerings include editing, reading, and committing much of his time to community projects. 

Join us today as we explore Andrew's wealth of wisdom and experience.

Show Highlights

• Andrew reflects on his writing process and discusses his new book, The Golden Black Book.
• Andrew talks about a new approach of combining cybersecurity and engineering to manage risk.
• How Andrew structured his book for a mixed audience of engineers and managers
• The importance of using mathematical modeling when making cybersecurity decisions rather than relying on intuition or guesswork
• Andrew highlights the lack of cybersecurity expertise within industrial settings.
• How complex risks have created the need for a multi-faceted approach to cybersecurity
• Andrew emphasizes the importance of security by design within product development.
• Why it’s essential to understand the broader definition of vulnerability 
• Andrew discusses the challenges of writing a book on industrial cybersecurity

 Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Andrew Ginter on LinkedIn

WaterfallSecurity

We are thrilled to have another exceptional guest on the show today!

Ron Fabela is the Field Chief Technology Officer at Xona. He is a multifaceted individual who has been a stalwart contributor to the industry for many years. His impressive resume includes being an Industrial Security champion, a military veteran, and a technologist. Beyond his professional achievements, Ron is also a founder, a father, a husband, an astronomy expert interested in anything space-related, and, believe it or not, a goat herder. 

Ron has had a wealth of experiences, making him an all-around fascinating guest. Get ready for a long-overdue and truly insightful discussion with Ron Fabela!

Show highlights:

• How Ron’s interest in technology began
• Ron discusses his career in the military and talks about his cybersecurity training
• Ron offers advice for young people 
• The benefits of working for large organizations, doing internships, and doing volunteer work
• How Ron progressed in his cybersecurity career
• Why no opportunity for exposure to systems and networks should ever get squandered
• How Ron’s military experience shaped his approach to work
• Ron shares insights on the challenges of consulting
• The importance of having hobbies and passions outside of work
• Ron talks about his role as a Field CTO
• How the control systems cybersecurity industry has evolved
• Why it is essential to persevere with projects, even when facing challenges or the progress is slow 

Links and resources:

(CS)²AI 

Derek Harp on LinkedIn

Ron Fabela on LinkedIn

Xona