Battery Energy Storage Systems are being deployed across the grid at scale. But here's what nobody's saying out loud: these systems—many sourced through China with opaque firmware and embedded control systems—are creating cyber-physical liabilities with national security implications. BESS will be targeted. The question isn't if, it's whether you can see, understand, and contain the impact.

In this episode, host Gary Mullen and Juan Villarreal expose the supply-chain blind spots that turn critical energy infrastructure into remote-access attack surfaces. We're not talking about patching vulnerabilities or updating antivirus—we're talking about hardware, firmware, and engineering realities that can't be secured with traditional IT controls. When prevention fails, and it will, visibility is survival.

From grid-level consequences to compromised battery management systems, Juan breaks down real-world attack scenarios that go beyond theory. A manipulated BESS doesn't just affect one facility—it can destabilize frequency, cascade failures, and turn your energy asset into a weapon against the grid itself. This is cyber-informed engineering at the infrastructure level.

You'll discover why mature organizations are prioritizing cross-domain visibility and engineering-first resilience over perimeter defenses. When your BESS is remotely connected, when firmware is a black box, and when control systems are embedded at the hardware level, containment becomes the real battleground. Can you limit blast radius when the compromise is physical?

This isn't a distant risk. Attackers are already targeting energy infrastructure, and BESS systems represent a perfect convergence of cyber access and physical impact. Ready to understand what's really at stake?

Be sure to subscribe wherever you get your podcasts so you don’t miss future episodes, where we’ll continue to unpack the biggest cybersecurity challenges facing modern organizations—and how to solve them.

Your building is no longer a passive environment. HVAC systems, elevators, access control, lighting, and fire suppression are fully IP-connected, remotely managed, and deeply entangled with corporate infrastructure. The question isn't "Are these systems vulnerable?" It's "Who's actually watching them, and who's responsible when something goes wrong?"

Here's the uncomfortable truth: vendor-managed systems and remote connections are creating blind spots that attackers are already exploiting. Partial IEC 62443 compliance isn't enough when your operational backbone is exposed through third-party access that nobody's monitoring. Most organizations don't even know where vendor connections begin and end.

This episode reveals how building automation systems have become a cyber-physical attack surface. When a threat actor compromises your HVAC vendor's remote access portal, they're not just adjusting temperatures. They're shutting down critical operations, accessing corporate networks, and moving laterally through systems that were never designed with security in mind.

We're joined by Terry McCorkle, CEO of PhishCloud, who leads Cyber Fusion Center strategies that unify IT, OT, and facility security like never before. And Fred Gordy, Senior VP at KMC Controls and advisor to Building Cyber Security.org, one of the most respected experts in securing building automation from the inside out. Together, they pull back the curtain on risks nobody talks about.

This isn't just about cybersecurity. It's about who owns the heartbeat of your buildings, and what happens when no one is watching. Ready to rethink control?

Be sure to subscribe wherever you get your podcasts so you don’t miss future episodes, where we’ll continue to unpack the biggest cybersecurity challenges facing modern organizations—and how to solve them.

Industrial cyberattacks are exploding, OT environments are getting hit harder than ever, and most organizations are still relying on outdated penetration tests that fail to reveal their true exposure. In Episode 4 of The Cyber Fusion Report, powered by PhishCloud, we uncover the hidden risks inside modern industrial systems and why OT Red Team Assessments are now essential for real-world resilience.

Host Gary Mullen sits down with two industry heavyweights: Terry McCorkle, CEO and Founder of PhishCloud, and Billy Rios, world-renowned security researcher and Co-Founder of QED Secure Solutions. Together, they break down why ransomware attacks on OT have surged eighty seven percent, how attackers bypass “air-gapped” assumptions, and the blind spots that allow adversaries to move from IT to OT long before defenders notice.

This episode dives into embedded systems, real attack paths, hidden entry points, and how experience in the field reveals risks compliance and pen tests never catch. If you want to understand what actually protects critical infrastructure, and why Red Teaming exposes the consequences that matter, this is the conversation you can’t afford to miss.

In OT, a missed alert is not data loss. It is downtime, damage, or danger.

Be sure to subscribe wherever you get your podcasts so you don’t miss future episodes, where we’ll continue to unpack the biggest cybersecurity challenges facing modern organizations—and how to solve them.

Welcome to The Cyber Fusion Report, Episode 3, powered by PhishCloud,  where we cut through the noise and talk about what really matters in Operational Technology cybersecurity.

Today, we’re pulling back the curtain on one of the biggest blind spots in modern defense: phishing readiness.

For years, organizations have relied on awareness training and simulated attacks to measure risk.  But the reality is stark: even after all that investment, 97% of employees still can’t identify a phishing email.

So what if we stopped testing people in isolation and started testing the entire system, your human layer, your defenses, your visibility, your response?

That’s exactly what PhishCloud’s Custom Phishing Assessment is designed to do: expose your real-world attack surface, simulate how adversaries operate, and show you how prepared your organization actually is, before the next breach does.

Today, we’ll unpack what that means, why traditional phishing tests fall short, and how leaders can finally see their organization the way attackers do.

Be sure to subscribe wherever you get your podcasts so you don’t miss future episodes, where we’ll continue to unpack the biggest cybersecurity challenges facing modern organizations—and how to solve them.

Welcome to the 2nd episode of the Cyber Fusion Report, the podcast where we break through the noise and uncover what really drives resilience in operational technology. Today, we’re diving into the front lines of OT threat hunting — where context matters more than data, and where human insight, not automation, turns alerts into action. 

We’ll explore how PhishCloud’s Cyber Fusion Center (CFC) is reshaping industrial defense — bringing together people, processes, and technology to outthink the adversary and stay ahead of operational disruption. 

Be sure to subscribe wherever you get your podcasts so you don’t miss future episodes, where we’ll continue to unpack the biggest cybersecurity challenges facing modern organizations—and how to solve them.

Welcome to the very first episode of the PhishCloud Cyber Fusion Report! Today we  explore how organizations can protect the click, defend the core, and transform cybersecurity operations in today’s evolving threat landscape.

We’re kicking off this series with a powerful discussion about why traditional security approaches are no longer enough, and how Cyber Fusion Strategies are changing the game.

Be sure to subscribe wherever you get your podcasts so you don’t miss future episodes, where we’ll continue to unpack the biggest cybersecurity challenges facing modern organizations—and how to solve them.