Phillip is joined by Reuven "Rubi" Aronashvili, the CEO and founder of CYE. Phillip discusses the advanced capabilities of people in cybersecurity, particularly those who have served in the Israeli Defense Forces (IDF) and Unit 8200. They have a unique understanding of how to defend networks, as the stakes are much higher in the military as it can involve protecting citizens and potentially life-threatening consequences. Rubi explains that Israel is often seen as advanced in cybersecurity primarily because of the survival-oriented approach taken in the Army, such as the Technology Units and the Center of Encryption Cybersecurity in the IDF. Every attack and cybersecurity-related operation can have serious consequences, thus necessitating the need for a focused and comprehensive approach.

The conversation discusses the immediate consequences of an attack on critical infrastructure, such as power and water treatment plants. It is pointed out that such attacks can cause damage to civilian lives while also highlighting the cyber attack against a water treatment plant in Florida last year, which was referred to as a killware attack. The conversation also mentions that Israel experienced an attack attempt on its power environment by Iranian attackers last year. In summary, the conversation focuses on the importance of protecting critical infrastructure from attack attempts to prevent such damage.

The conversation is about the importance of having adequate security measures in industrial control systems and OT environments. The speaker has a background in the Israeli military, where he was part of the founding team of Section 21 and served for seven years. He states that the knowledge and problem definition he has gained from the military is invaluable, and he believes one year in the army equals five years of experience in the commercial world. The speaker also speaks of nation-state capabilities and how they can be divided into three areas: people, training, and skills. Social engineering is mentioned as an example of chutzpah, which is the ability to take things to the next level.

Cybersecurity is complex, and there are several essential components to consider. These include processes and procedures, efficient activation, and covering tracks. But the most critical component is having the right tool set. Nation-level players have access to powerful tools such as Eternal Blue, but even smaller players can cause significant damage by exploiting vulnerabilities or misconfigurations. Organizations need to make improvements to protect themselves against these threats.

Rubi's LinkedIn: https://www.linkedin.com/in/reuven-aronashvili/

CYE Twitter: https://twitter.com/CyesecLtd

CYE Website: https://cyesec.com/

If you enjoyed this podcast, check out Phillip's other podcast, The Hacker Factory: https://thehackerfactory.simplecast.com/

Connect with Phillip on social media, YouTube and visit his website: https://twitter.com/PhillipWylie

https://www.linkedin.com/in/phillipwylie/

https://www.instagram.com/phillipwylie/

https://www.youtube.com/@phillipwylie

https://www.thehackermaker.com/