@BEERISAC: OT/ICS Security Podcast Playlist

Podcast: Critical Assets Podcast
Episode: Policy Pulse: Regulatory Roundtable - Cyber Strategy, Large Loads, AI & CISA in Flux
Pub date: 2026-05-11

Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization

Patrick Miller reconvenes with Joy Ditto (Joy Ditto Consulting) and Earl Shockley (INPOWERD) for a tour of the past two months in critical infrastructure policy. The episode opens on the administration's new National Cybersecurity Strategy and its six pillars, with focus on the openly offensive "shape adversary behavior" posture and the asymmetric risk it creates for asset owners likely to absorb retaliation.
The panel then digs into the pressures reshaping the bulk electric system: data center designation, cloud-hosted control centers running NERC standards while the underlying compute is unregulated, and the physics of computational loads that behave nothing like traditional load. Earl walks through the recent NERC Level 3 alert on large load connections, an unusually serious signal that industry processes are behind.
The discussion also covers April infrastructure executive orders that release funding but ignore cybersecurity, hyperscalers displacing utilities as the top buyers of bulk electrical equipment, the multi-agency zero trust in OT guidance, and CISA's leadership uncertainty after Sean Plankey withdrew his nomination. On the AI front, the group unpacks what Anthropic's Mythos and the Glasswing response mean for vulnerability discovery at scale, and why no OT vendors are on the Glasswing list.
Closing thoughts include Joy's note on satellite cybersecurity and a rare bipartisan Senate trip to China, Earl's emphasis that computational load is now an enterprise governance issue rather than a technical one, and Patrick's plea to stop making the adversary's job easy.
Topics covered
The new National Cybersecurity Strategy and its six pillars
Offensive cyber posture and the asymmetric risk to asset owners
Data center designation as critical infrastructure
Cloud control centers and the NERC 100-series standards
Computational load, grid stability, and loss of system inertia
NERC Level 3 alert on large load connections
April infrastructure executive orders and the missing cyber language
Supply chain shifts and hyperscalers as the top equipment buyers
Zero trust principles for OT environments
CISA Fortify guidance and CISA's current leadership status
Anthropic's Mythos, the Glasswing response, and the OT vendor gap
Satellite cybersecurity and bipartisan engagement on China policy
Basic hygiene: get exposed devices off the internet

The podcast and artwork embedded on this page are from Patrick Miller, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)
Episode: AI Agents & Cybersecurity: Identity, Compliance, and the New Risks Facing IT and OT
Pub date: 2026-05-11

Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization

AI agents are changing cybersecurity faster than most organizations can adapt.

In this episode of Protect It All, host Aaron Crow welcomes back cybersecurity veteran Ken Foster for a deep dive into how AI is reshaping risk, identity, and resilience across IT and OT environments.

With more than 30 years of experience spanning the Navy, manufacturing, fintech, government programs, and startups, Ken brings a grounded, real-world perspective on what organizations are getting right and dangerously wrong about AI adoption.

Together, Aaron and Ken explore the growing challenges around AI agents, identity governance, shadow AI, compliance, and attribution in highly regulated industries. As AI tools become embedded into workflows and decision-making, organizations must rethink how they manage access, monitor activity, and maintain resilience against rapidly evolving threats.

You’ll learn:

Why AI agents introduce new identity and governance risks

The dangers of shadow AI inside enterprise environments

How AI impacts compliance, attribution, and accountability

Why foundational practices like patching, segmentation, and documentation still matter

The role of continuous monitoring in AI-driven environments

How organizations can balance innovation with resilience and control

Whether you’re leading cybersecurity strategy, managing critical infrastructure, or navigating AI adoption inside regulated environments, this episode delivers practical insights for securing the next generation of digital operations.

Tune in to learn how AI is transforming cybersecurity - and what leaders must do to stay ahead - only on Protect It All.

Key Moments: 

07:47 AI guardrails discussion

12:02 Patching and network segmentation

20:44 AI changing job roles

24:24 FISMA and FedRAMP concerns

29:18 Emergency response planning

35:36 Choosing the right tech team

37:14 Discussing accountability and risk

46:31 Developer access problems

51:50 AI Dependence Risks

57:36 AI in pen testing

58:55 AI in risk prevention

About the guest :

Ken Foster is a veteran cybersecurity leader with 25+ years of experience in enterprise security, risk governance, and global infrastructure strategy. Currently Head of Global Architecture at Adient, Ken has previously led cybersecurity and compliance programs at Fleetcor and Fiserv, specializing in IAM, cloud security, regulatory compliance, and risk-based cybersecurity strategy. He is known for helping organizations balance innovation, resilience, and operational execution in highly regulated environments.

How to connect Ken: http://linkedin.com/in/kennethfoster/

Connect With Aaron Crow:

Website: www.corvosec.com 

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

Email: [email protected] 

Website: https://protectitall.co/ 

X: https://twitter.com/protectitall 

YouTube: https://www.youtube.com/@PrOTectITAll 

FaceBook:  https://facebook.com/protectitallpodcast

 

To be a guest or suggest a guest/episode, please email us at [email protected]

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Casos de Ciberseguridad Industrial
Episode: 2/4 Análisis de la Resiliencia Colectiva en el Sector Ferroviario
Pub date: 2026-05-11

Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization

En este episodio se analiza los riesgos sistémicos derivados de la disparidad en la madurez de ciberseguridad entre operadores, fabricantes y proveedores. Se examina el impacto de las brechas regulatorias en la cadena de suministro y se evalúan las prácticas europeas de cooperación, intercambio de inteligencia y armonización normativa como pilares para alcanzar una resiliencia […]

The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Nexus: A Claroty Podcast (LS 32 · TOP 5% what is this?)
Episode: Deral Heiland on Weaponizing Cellular-Based IoT
Pub date: 2026-05-10

Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization

Rapid7 Principal Security Research (IoT) lead Deral Heiland joins the Nexus Podcast to discuss work his team did on how attackers might weaponize cellular-based IoT. 
Rapid7 conducted three phases of this research, with the most recent digging into how attackers with access to these systems can abuse them to gain unauthorized access, potentially exfiltrate critical data, or pivot into backend network infrastructure. 
Subscribe and listen to the Nexus Podcast here. 
Read the Rapid7 research report.

The podcast and artwork embedded on this page are from Claroty, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.

Podcast: Industrial Cybersecurity Insider
Episode: Federal Agencies Can Enter Private Networks to Hunt Malware. Is Your Plant Prepared?
Pub date: 2026-05-06

Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization

Dino and Jim break down a major shift in the cyber threat landscape: federal agencies obtaining legal authority to enter private networks to hunt down state-sponsored malware, and what that signals for industrial organizations.
They discuss why critical infrastructure and supply chains are prime targets, how “soft targets” in OT and building automation get exploited, and why many companies still lack visibility into what’s happening on the plant floor.
The conversation zooms in on real-world exposure points, especially unmanaged vendor remote access and end-of-life equipment, and closes with practical themes for leadership.
Stop assuming “IT has it covered”
Define measurable OT security outcomes
Start taking steps that make disruption harder and detection faster.

Chapters:
(00:00:00) Why identity, trust, and vendor access are breaking down in modern plants
(00:01:00) The episode’s trigger: government-led operations to remove malware from private networks
(00:03:00) “Machete scanning” and why IT-style tactics can disrupt OT operations
(00:05:00) The real target set: critical infrastructure, supply chains, and smaller utilities with limited resources
(00:08:00) Collateral damage and how cyber “weapons” trickle down to criminal ransomware
(00:13:00) Why OT is still a soft target: visibility gaps, unpatched systems, and weak segmentation
(00:14:00) Remote access everywhere: OEM/SI pathways, unknown identities, and lack of governance
(00:20:00) The logging gap: what IT sees vs. what OT can’t see (and why that matters for incident response)
(00:24:00) Building automation and facilities systems as weak links attackers love
(00:26:00) Executive accountability: what boards should be measuring after breaches (and why progress stalls)

Links And Resources:
Want to Sponsor an episode or be a Guest? Reach out here.
Industrial Cybersecurity Insider on LinkedIn
Cybersecurity & Digital Safety on LinkedIn
BW Design Group Cybersecurity
Dino Busalachi on LinkedIn
Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.