Nexus: A Claroty Podcast

Dan Ricci on Four Years of the ICS Advisory Project

Sun, 08 Mar 2026 00:00:00 -0500

Industrial cybersecurity expert Dan Ricci, the founder and maintainer of the ICS Advisory Project, joins the Nexus Podcast to discuss the evolution of the industry's premier ICS and OT security advisory repository as it turns 4 years old.

Dan talks about the impact of the project on OT security teams, the dashboards he's created to better parse the volume of data on the site, and unique use cases that asset owners and operators have for this critical information.

Subscribe and listen to the Nexus Podcast here.

Dan Gunter on Creating Malicious OT Test Data to Train Security Tools

Sun, 01 Mar 2026 00:00:00 -0500

Insane Cyber CEO and founder Dan Gunter joins the Nexus Podcast in an episode recorded live at the S4 Conference in Miami. Dan explains a process for generating malicous OT data in order to test the efficacy of an organization's intrusion detection and other security products. Generating such data has its barriers, but it's crucial, he said, in order to train products and security analysts how to spot malicious and anomalous traffic. Dan talks about using emulators and achieving success on a relatively small budget.

Subscribe and listen to the Nexus Podcast here.

Mike Holcomb on the Intersection of Hacktivists, State Actors

Wed, 25 Feb 2026 13:00:00 -0500

Mike Holcomb joins the Nexus Podcast to discuss a Converged Actor Framework he developed and presented at the S4 Conference. The framework delineates groups such as hacktivists and state threat actors based on the impact and frequency of their activity. State actors are leveraging hacktivist groups with greater frequency, and this convergence must be considered as defenders tasked with protecting OT and cyber-physical systems strategize around security.

Subscribe and listen to the Nexus Podcast here.

Subscribe to Mike Holcomb's YouTube channel here.

CISA's Matthew Rogers on Secure OT Protocol Communication

Sun, 15 Feb 2026 00:00:00 -0500

Matthew Rogers, ICS Cybersecurity Lead at the Cybersecurity Infrastructure and Security Agency (CISA) joins the Nexus Podcast to discuss new guidance published by the agency to help manufacturers and asset owners move toward more secure OT communication protocols.

Legacy protocols that contain little to no basic security capabilities are still prevalent in OT environments today. Rogers explains the risk and why manufacturers should begin their journey away from proprietary protocols and toward open standards. According to CISA's guidance, operators want authentication and integrity capabilities to protect process data, but need to understand the value and business impact of doing so.

Download CISA's guidance here.

Subscribe and listen to the Nexus Podcast here.

Jay Catherine on Securing Logistics, OT in Retail

Thu, 18 Dec 2025 18:00:00 -0500

Jay Catherine, security architect for a major retailer, joins the Nexus Podcast to discuss the intricacies of securing logistics and operational technology within the retail sector.

Catherine covers various aspects of logistics cybersecurity, including risks introduced by connecting OT and IoT to the network, and the challenges of managing third-party vendor and supply chain relationships.

He also discusses his unconventional career path, from hockey broadcaster to his current cybersecurity role.

Listen and subscribe to the Nexus Podcast.

Feedspot has named Nexus a top IoT security podcast for 2025

Greg Garcia on the Sector Mapping and Risk Toolkit for Healthcare

Sun, 23 Nov 2025 00:00:00 -0500

Greg Garcia, Executive Director of the Health Sector Coordinating Council Cybersecurity Working Group, joins the Nexus Podcast to discuss the recent publication of the working group’s Sector Mapping and Risk Toolkit.

The SMART toolkit is a methodology that helps healthcare providers visualize key services that support workflows in the industry and is also used to measure risk appropriately for each of those services.

Listen and subscribe to the Nexus Podcast.

Get the SMART Toolkit here.

Christopher Frenz on Evidence-Based Security

Sun, 16 Nov 2025 00:00:00 -0500

O'Reilly coauthor of Evidence-Based Security and longtime healthcare CISO Christopher Frenz joins the Nexus podcast to describe his organization's approach to cybersecurity that is rooted in transforming security from an artform to a science.

Frenz discusses how this process through how he tests the efficacy of controls in his environment, and how the insights gained from this testing have allowed him to move toward better metrics and a better working relationship with leadership and the board.

Listen and subscribe to the Nexus Podcast.

Adm. Michael Rogers on Deterrence in Cyberspace

Wed, 01 Oct 2025 13:00:00 -0400

Retired four-star U.S. Navy Admiral Michael S. Rogers joins the Nexus Podcast for a wide-ranging discussion on deterrence in cyberspace and an examination of adversarial tactics and strategies.

Adm. Rogers explains that deterrence relies on having the will to employ tactics that will reshape the choices adversaries are making in the targeting of U.S. critical infrastructure.

Adm. Rogers also touches on Congress' failure to re-authorize the Cybersecurity Information Sharing Act (CISA 15) and what it means for defenders as the reauthorization deadline passes, and the resource challenges affecting adequate protection of critical infrastructure.

Listen and subscribe to the Nexus Podcast.

Bob Maley on Resource Challenges in Cybersecurity

Sun, 14 Sep 2025 00:00:00 -0400

Bob Maley, Chief Security Officer at Black Kite and former CISO for the Commonwealth of Pennsylvania, joins the Nexus Podcast to discuss how critical infrastructure operators and state and local governments are meeting cybersecurity resourcing challenges. Whether it's budgets, workforce shortages, or technical debt, security leaders are facing volatile times in protecting critical sectors.

Listen and subscribe to the Nexus Podcast.

Pankaj Goyal on Cyber Insurance Coverage for OT Environments

Mon, 01 Sep 2025 00:00:00 -0400

Pankaj Goyal, Chief Operating Officer at Safe Security, joins the Nexus Podcast to discuss the challenges cyber insurance carriers and brokers have in determing and providing coverage for asset heavy operational technology (OT) and cyber-physical systems (CPS) environments.

Underwriters have prolific amounts of historical data and experience in calculating risk and exposure around IT, but cannot say the same for OT.

Goyal discusses how fragmentation in the OT ecosystem, along with an ever-expanding attack surface, is contributing to the challenges around properly insuring these environments.

Listen and subscribe to the Nexus Podcast

Rui Ataide on Navigating Ransomware Negotiations

Mon, 25 Aug 2025 00:00:00 -0400

Rui Ataide, Managing Security Consultant at GuidePoint Security, joins the Nexus Podcast to discuss his experiences negotiating with ransomware gangs on behalf of victimized organizations.

Ataide covers the nuances, processes, and methodology of negotiating with groups. He also explains how extortion and data theft has changed the risk management calculus for victims, and how cybersecurity insurance figures into negotiations.

Listen and subscribe to the Nexus Podcast

Salvatore Gariuolo on Safe EV Charging

Sun, 17 Aug 2025 00:00:00 -0400

Salvatore Gariuolo, a senior threat researcher at Trend Micro, joins the Nexus Podcast to discuss safe EV charging and in particular, the ISO 15118 standard meant to create a trusted environment for electric vehicle charging.

Gariuolo contends that while ISO 15118 offers substantial improvements that reduce pressure on the grid, and also introduces a handful of cybersecurity enhancements, it is not sufficient to fully secure the EV charging ecosystem.

Listen and subscribe to the Nexus Podcast

Noam Moshe on Hacking Video Surveillance

Thu, 07 Aug 2025 15:00:00 -0400

Noam Moshe, Research Director for Claroty Team82, joins the Nexus Podcast live at the Black Hat Briefings in Las Vegas to discuss research that was presented here on the security of a popular video surveillance platform manufactured by Axis Communications.

Moshe describes how Team82 examined the proprietary protocol supporting Axis servers and clients (camera) and uncovered four vulnerabilities that could be chained to eventually gain pre-authentication remote-code execution.

Moshe explains Team82's research process, the risks to users, and the successful disclosure process with Axis Communication that resulted in prompt patches available for the servers and camera platforms.

Read Team82's research blog here

Listen and subscribe to the Nexus Podcast

Dan Berte on Solar Grid and IoT Vulnerabilities

Mon, 28 Jul 2025 00:00:00 -0400

Dan Berte, director of IoT security at Bitdefender, joins the Nexus Podcast to join his team's ongoing research into the security of solar grid inverters and three serious vulnerabilities uncovered in the popular Deye Solarman management platform.

Dan discusses his team's research, the disclosure process, and the implications on green energy initiatives overall. With the growing popularity of these platforms, Berte cautions that attackers are going to continue to analyze their security for weaknesses and attempt to exploit them.

Listen to the Nexus Podcast on your favorite podcast platform.

Vivek Ponnada on the Ongoing Maturity of OT Security

Mon, 21 Jul 2025 00:00:00 -0400

OT cybersecurity veteran Vivek Ponnada, SVP Growth & Strategy at Frenos, joins the Nexus Podcast to lend his expertise on the areas where he is seeing the most maturity and rapid evolution in the practice. Vivek explains the growing demand for contextual information to supplement the data organizations have around their known assets and vulnerabilities, for example. He also explains current risk prioritization and mitigation strategies, and how advanced technologies fit into the OT security landscape.

Listen to the Nexus Podcast on your favorite podcast platform.

Austin Allen on the Cybersecurity Realities Facing Healthcare

Sun, 13 Jul 2025 00:00:00 -0400

Austin Allen, Sr. Director of Global Solutions Architecture at Airlock Security, joins the Nexus Podcast to discuss cybersecurity realities happening inside healthcare delivery organizations.

Allen covers challenges and solutions around legacy software managing connected medical devices, and other cybersecurity risks potentially negatively impacting patient care.

Allen also discusses the role of federal and industry regulations and the role of compliance in guiding hospital cybersecurity programs.

Listen to the Nexus Podcast on your favorite podcast platform.

Gentry Lane on the Use of 'Salami Cuts' in Cyber Conflict

Sun, 06 Jul 2025 00:00:00 -0400

Gentry Lane, founder of Nemesis Global, joins the Nexus Podcast to discuss the strategies guiding adversaries in their targeting of U.S. critical infrastructure. Primary of which is the desire of countries such as China, Russia, Iran, and North Korea to displace the U.S. as the global hegemon, she said.

To disrupt the U.S.' standing as such, these adversaries have chose cyberspace as a front where they're on relatively equal footing. They're doing so incrementally, Lane said, known as salami tactics. Salami tactics is a strategy of gradually cutting into an opposition's dominance by instilling distrust in institutions, utilities, or the government's ability to protect us. Gentry describes theses tactics, their effectiveness, and what critical infrastructure defenders should be doing to protect their systems and networks.

Listen to the Nexus Podcast on your favorite podcast platform.

Pedro Umbelino on Exploiting ATG Devices in Fuel Storage

Sun, 29 Jun 2025 00:00:00 -0400

Pedro Umbelino, Principal Research Scientist at Bitsight Technologies, joins the Nexus Podcast to discuss his team's research into Automatic Tank Gauge (ATG) systems and how they uncovered 11 vulnerabilities in ATGs manufactured by five different vendors.

ATG systems are an industrial control system that monitors fuel levels inside storage tanks, including those at gasoline stations, military bases, hospitals, airports, and elsewhere. ATGs track fuel levels, and are meant to detect leaks, help with inventory management, and are key in regulatory compliance efforts.

The vulnerabilities uncovered by Pedro and his team expose these systems to catastrophic risks, from environmental hazards to significant economic losses, including physical damage.

Worse yet is that these systems are old and challenging to update.

Read Bitsight's research here.

Listen to the Nexus Podcast on your favorite podcast platform.

Steven Sim on OT-ISAC and the State of Information Sharing

Mon, 23 Jun 2025 00:00:00 -0400

Steven Sim, Chair of the OT-ISAC Advisory Committee, joins the Nexus Podcast to catch us up on the ISAC's activities, and some of the upcoming community-driven initiatives sponsored by the group. Steven shares the processes by which member organizations share incident, threat, and vulnerability information. He also discusses how member organizations contribute and participate in discussions and events that level up the maturity of cybersecurity practices within OT asset-heavy enterprises.

Listen to the Nexus Podcast on your favorite podcast platform.

Sarah Fluchs on the Cyber Resilience Act

Tue, 17 Jun 2025 15:00:00 -0400

Cybersecurity and technology expert Sarah Fluchs joins the 100th episode of the Nexus Podcast to discuss the EU's Cyber Resilience Act and what it means for manufacturers of "products with digital elements" as they aim toward a 2027 compliance deadline.

Sarah provides her insight on the regulation's essential requirements, its focus on secure-by-design and overall cyber resilience of products, and the milestones manufacturers need to hit as their compliance efforts get under way.

Sarah also discusses her thought leadership and work in bringing cybersecurity to engineers, asset operators, and other non-security teams. It's important, she says, to eliminate cybersecurity's innate complexity and bring these concepts to engineers and others on their terms.

Listen to the Nexus Podcast on your favorite podcast platform.

Andrew Ohrt on Cyber-Informed Engineering

Tue, 03 Jun 2025 00:00:00 -0400

Andrew Ohrt, the resilience practice area lead at West Yost, joins the Nexus Podcast to discuss cyber-informed engineering (CIE) and how it informs engineers and asset operators to understand their role in creating and maintaining a cyber resilient organization. According to Ohrt, CIE is one of the best examples of delivering cybersecurity concepts to non-security teams, speaking to them in their language, and avoiding the often-intimidating jargon that can dominate cybersecurity discussions.

Listen to the Nexus Podcast on your favorite podcast platform.

Megan Stifel on the Impact of the Ransomware Task Force

Wed, 28 May 2025 00:00:00 -0400

Megan Stifel, Chief Strategy Officer for the Institute for Security and Technology, joins the Nexus Podcast to discuss the four years of progress and challenges experienced by the Ransomware Task Force.

The RTF was created days before the Colonial Pipeline ransomware incident and in a landmark report, laid out 48 recommendations to the industry that included a framework for critical infrastructure organizations that could help deter and disrupt the operations of ransomware gangs.

Stifel covers the growth of the task force and which the of the 48 recommendations have been tackled and which remain.

Listen and subscribe to the Nexus Podcast on your favorite platform.

Joe Slowik on Identifying Truly 'Critical' Infrastructure

Sun, 18 May 2025 00:00:00 -0400

Security researcher Joe Slowik joins the Nexus Podcast to discuss the broad interpretation of what critical infrastructure entities are truly "critical," and how that creates an ethical wedge between protecting the well-resourced and those that are resource-strapped.

Slowik acknowledges that while calling everything "critical" ensures that nothing is critical, serious discussions must be had about getting the most return in terms of defensive resources while recognizing the ethical dilemmas that some entities cannot be left behind because they're not as important to overall national and economic security.

Listen and subscribe to the Nexus Podcast on your favorite platform.

Danielle Jablanski on Critical Infrastructure Protection

Sun, 11 May 2025 00:00:00 -0400

Danielle Jablanski, Industrial Control Systems Strategist & Subject Matter Expert at CISA, joins the Nexus podcast to discuss her perspectives on critical infrastructure protection and government's role as a cybersecurity partner on implementation guidance and enablement.

Danielle touches on a number of areas of CI security and protection, ranging from the challenges arising from the high percentage of private sector ownership of critical infrastructure, to the assistance available from CISA and other agencies to lesser-resourced entities in the 16 CI sectors.

Listen and subscribe to the Nexus Podcast on your favorite platform.

Cassie Crossley on Hardware Security, HBOMs

Wed, 07 May 2025 00:00:00 -0400

Schneider Electric Vice President of Supply Chain Security Cassie Crossley joins the Nexus Podcast to discuss the nuances of hardware security and the growing need for hardware bills of materials (HBOMs) within critical infrastructure.

Cassie covers the use cases and features that matter most within an HBOM, some of the threats and weaknesses they can illuminate for users, and how they can change the current status quo for CI sectors that have concerns about the provenance of hardware components and the threats they pose.

Cassie is an experienced cybersecurity technology executive in information technology and product development and author of “Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware.”

Listen and subscribe to the Nexus Podcast here.

Christiaan Beek on Ransomware's Evolution and Economics

Wed, 30 Apr 2025 11:00:00 -0400

Rapid7 Senior Director of Threat Analytics Christiaan Beek joins the Nexus Podcast to discuss the technical evolution and economic models that maintain ransomware's viability among threat actors. Ransomware became a for-profit threat more than a decade ago and has progressed into the No. 1 threat facing many critical infrastructure organizations.

In this episode, Beek covers extortion characteristics, the stealthiness of some attacks, and how the future may include hardware-based ransomware that maintains indefinite persistence.

Follow and subscribe to the Nexus Podcast.

Florence Hudson on the IEEE/UL 2933 Clinical IOT Cybersecurity Standard

Sun, 30 Mar 2025 00:00:00 -0400

Florence Hudson, working group chair of the IEEE/UL 2933 standard and framework for Clinical IOT Data and Device Interoperability with TIPPSS, joins the Nexus Podcast. Published last September, the standard establishes a framework for secure data exchanges between clinical IoT and medical devices and systems. The frameworks is based on TIPPSS principles (trust, identity, privacy, protection, safety, and security) clinical IoT such as in-hospital devices, wearable devices, investigational devices.

Follow and subscribe to the Nexus Podcast.

Mike Holcomb on Starting and Succeeding in OT Cybersecurity

Wed, 19 Mar 2025 00:00:00 -0400

Mike Holcomb, global lead for ICS and OT cybersecurity at Fluor, joins the Nexus Podcast to discuss his advocacy and efforts to educate engineers and IT cybersecurity professionals in the nuances of protecting operational technology and industrial control systems. Mike produces and hosts a learning series available for free on YouTube called "Getting Started in ICS/OT Cyber Security" where he explains the fundamentals of this unique cybersecurity discipline On the podcast, he discusses his experience with those in IT now responsible for OT, how to best assess and mitigate risk within OT, and some of the practical threats that matter most to practitioners.

Follow the Nexus Podcast here.

Ron Fabela on Low-Skilled OT and ICS Threat Actors

Mon, 24 Feb 2025 00:00:00 -0500

Ron Fabela of ABS Consulting joins the Nexus Podcast to dispel some of the myths surrounding threat actors targeting operational technology and industrial control systems. Groups such as the Russian Cyber Army, UserSec, and the CyberAv3ngers have different ideological motivations, and have decidedly carried out low-impact attacks on OT. Fabela covers some of their tactics, whether they're better marketers than hackers, and reminds users that their exploits still merit investigation and remediation.

Listen to every episode of the Nexus Podcast here.

Munish Walther-Puri on Creating a Scale for Cybersecurity Incidents

Mon, 17 Feb 2025 00:00:00 -0500

Munish Walther-Puri of the Center for Global Affairs at New York University joins the Claroty Nexus podcast to discuss a homegrown severity scale for critical infrastructure cybersecurity incidents. The Infrastructure Cyber Incident Scale, or INCI Scale, brings a Richter-Scale-like criticality index to incidents based on the intensity, magnitude, and duration of an event. Walther-Puri unveiled the scale at the S4 Conference in Tampa.

Brian Foster on the Risks of a Hyperconnected Grid

Tue, 11 Feb 2025 13:00:00 -0500

Brian Foster, Senior Advisor for Grid Security at Southern California Edison, joins the Nexus Podcast to discuss a presentation he gave at the S4 Conference called .

Foster covers the impending risk and host of exposures expected as smart meters and other similar devices are centrally managed online. This scenario gives attackers the ability to attack devices at scale and potentially cause catastrophic damage.

Listen to every episode of the Nexus Podcast here.

CISA's Matthew Rogers on Secure by Demand for OT

Sun, 19 Jan 2025 00:00:00 -0500

Matthew Rogers, ICS Cybersecurity Strategy & R&D Lead at the Cybersecurity & Infrastructure Security Agency (CISA) joins the Nexus Podcast to discuss the agency's latest publication: “Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products.”

This guide features 12 cybersecurity recommendations that OT owners and operators should be looking for during procurement cycles with automation and control system vendors.

Read Claroty's blog on the guide.
Listen to every episode of the Nexus Podcast here.

Noam Moshe on the IOCONTROL Malware

Thu, 19 Dec 2024 12:00:00 -0500

Claroty Team82 researcher Noam Moshe joins the Nexus Podcast to discuss the IOCONTROL malware used by an Iranian APT actor known as the CyberAv3ngers to target civilian critical infrastructure in the U.S. and Israel. The malware acts as a Linux-based backdoor and has a modular configuration that can be adapted for IoT, OT, and SCADA devices.
Read Team82's research blog: "Inside a New OT/IoT Cyberweapon: IONCONTROL"
Listen and subscribe to the Nexus Podcast here.

Team82 on Attacking the Insecure IoT Cloud

Fri, 13 Dec 2024 00:00:00 -0500

Claroty Team82's Noam Moshe and Tomer Goldschmidt join the Nexus Podcast to discuss the research team's latest publication on 10 vulnerabilities discovered in Ruijie Networks' Reyee OS cloud platform. A chain of these vulnerabilities could allow an attacker to remotely execute code on any device connected to the Ruijie cloud. Team82 also developed an attack they call Open Sesame which allows an attacker in proximity of a Ruijie device to use leaked device information and access the internal network.

You can find the research here on Team82's website.
Listen and subscribe to the Nexus Podcast here.

Volexity's Steven Adair on the Nearest Neighbor Attack

Mon, 09 Dec 2024 00:00:00 -0500

Volexity founder Steven Adair joins the Claroty Nexus Podcast to discuss the Nearest Neighbor Attack, a unique attack carried out by Russia's APT 28 against a high-value target in an attempt to gain intelligence on Ukraine prior to the start of the war in February 2022.

APT 28 was able to compromise the Wi-Fi network of its target without being in physical proximity of it. They did so by remotely compromising neighboring organizations, accessing their Wi-Fi networks—creating a daisy-chain of breaches and compromises—until they were able to reach their target.

Volexity's blog contains additional technical details.

Listen to every episode of the Nexus Podcast here.

Joe Saunders on Advanced Cyberattacks Against Critical Infrastructure

Thu, 07 Nov 2024 00:00:00 -0500

Runsafe Security CEO and Cofounder Joe Saunders joins the Nexus Podcast to discuss the strategic shift from certain APTs toward destructive cyberattacks targeting U.S. critical infrastructure. Groups such as Volt Typhoon and Sandworm have aggressively focused their efforts on hacking OT, IoT, and healthcare organizations, opening new fronts that asset owners and operators, as well as manufacturers of embedded systems must now contend with.

Grant Geyer on the Business Impact of Disruptions from Cyberattacks

Mon, 28 Oct 2024 17:00:00 -0400

Claroty Chief Strategy Officer Grant Geyer joins the Nexus Podcast to discuss the results of a survey of 1,100 cybersecurity leaders and practitioners on the business impact of disruptions from cyberattacks on cyber-physical systems.

The financial losses are steep from these attacks impacting connected systems that are so central to our way of life, as are the recovery costs and operational impacts such as downtime, which is often intolerable in critical industries such as manufacturing and healthcare.

Geyer brings his unique insights to the discussions, including attackers' motivations in targeting CPS, why ransomware continues to impact healthcare delivery organizations, and the risks of unsecured third-party and supply chain connections to the enterprise.

Get the full survey results here.

Alethe Denis on Social Engineering, Red-Teaming

Mon, 26 Aug 2024 00:00:00 -0400

Bishop Fox senior security consultant Alethe Denis joins the Claroty Nexus podcast to discuss social engineering in cybersecurity and how it has become part of red-team engagements, especially inside critical infrastructure organizations. She explains the value of open source intelligence and data stolen in breaches to scammers and extortionists in creating pretexts for their schemes. She also explains how to best defend against these tactics that aid threat actors in weaponizing personal information against victims and organizations.
For more, visit nexusconnect.io/podcasts.

Alon Dankner on Extracting Crypto Keys from PLCs

Mon, 19 Aug 2024 09:00:00 -0400

Alon Dankner of the Technion Institute for Technology in TelAviv Israel joins the Claroty Nexus Podcast to discuss a presentation he gave at the recent Black Hat cybersecurity conference in Las Vegas. Dankner and colleague Nadav Adir's presentation looked at the attack surface of programmable logic controllers (PLCs), in particular Siemens’ S7 protocol. Dankner and Adir developed six attacks against the encryption implementation in the protocol that expose private crypto keys and allow an attacker full control over the industrial control system.
For more, visit nexusconnect.io/podcasts

Noam Moshe on Extracting Forensic Data from Unitronics PLCs

Wed, 07 Aug 2024 21:00:00 -0400

Claroty Team82 researcher Noam Moshe joins the Nexus Podcast to talk about Team82’s research into Unitronics Vision series integrated HMI/PLC devices. The OT devices were exploited last year in attacks against water treatment facilities in the U.S. and Israel. Team82 researched the security of these devices and developed a pair of tools that allowed them to extract forensic information from the PLCs. Both tools were released to open source on Team82’s Github page.
Moshe also presented this research today at the Black Hat Briefings in Las Vegas.

Read Team82’s research blog here.
Download the forensics tools here.
For more, visit nexusconnect.io/podcasts

Alexander Antukh on Cyber Risk Quantification

Thu, 01 Aug 2024 00:00:00 -0400

Alexander Antukh, CISO of AboitizPower in the Philippines, the country's largest power and renewable energy provider, joins the Nexus Podcast to discuss cyber risk quantification (CRQ). CRQ is a popular framework used to assess the financial impact of a cybersecurity threat on an organization. Antukh is an advocate of CRQ, and discusses his approach to using it to predict risk in his organization, what level of organizational maturity is required for this approach to succeed, and how it's being applied in operational technology (OT) environments.

For more, visit nexusconnect.io/podcasts

Vincente Diaz on Using AI for Malware Analysis

Sun, 21 Jul 2024 18:00:00 -0400

Vincente Diaz, Threat Intelligence Strategist on Google’s VirusTotal team and formerly the EU director of Kaspersky Lab’s Global Research & Analysis Team, joins the Nexus Podcast to discuss how artificial intelligence and machine learning is an integral part of what VirusTotal is doing around malware analysis. Vincente describes the advantages these advanced technologies bring to malware analysis, in particular how it cuts down analysis time, and improves exploit detection.
For more, visit nexusconnect.io/podcasts

Ahmik Hindman on Patching OT and ICS

Mon, 08 Jul 2024 00:00:00 -0400

Ahmik Hindman, Senior Network and Security Solution Consultant at Rockwell Automation, joins the Claroty Nexus podcast to discuss the challenges and success stories he's experienced in patching operational technology equipment and industrial control systems. Hindman has been at Rockwell Automation for 28 years and has expansive experience with customers solving these complex cybersecurity issues. Hindman shares some of the frameworks, tools, and approaches he's worked with, and how convergence and other recent trends have changed how organizations handle vulnerabilities.
For more, visit nexusconnect.io/podcasts

Dr. Bilyana Lilly on Information Warfare

Mon, 01 Jul 2024 00:00:00 -0400

Dr. Bilyana Lilly, an expert on geopolitics and Russia’s codification of information warfare as a strategy, says that the war in Ukraine has only temporarily delayed Russia’s activity against the West in cyberspace. On this episode of the Nexus podcast, she reinforces the idea that despite the fact that Russia is operating under severe resource constraints, CISOs should be preparing for the inevitable.

“I think it’s important to identify the conditions and the constraints that currently the Russian government is currently experiencing. Because once these constraints are lifted then I think we’ll see an increase in cyber activity, which gives us some time to prepare,” Lilly said. “That’s what I think we should be doing right now. I think we shouldn’t be letting our guard down because I think those attacks are coming.”
For more, visit nexusconnect.io/podcasts

Vinnie Liu on Offensive Security Testing During Incidents

Mon, 10 Jun 2024 00:00:00 -0400

Bishop Fox CEO and Cofounder Vinnie Liu joins the Nexus Podcast to discuss his team's role during security incidents in conducting offensive security testing alongside incident response activities. In healthcare environments where ransomware is the leading threat, red-teams and other offensive security specialists are called in, Liu said, to ensure that secondary attack vectors cannot be leveraged by attackers to maintain persistence inside an organization.
For more, visit nexusconnect.io/podcasts

Diana Kelley on Protecting the AI Lifecycle

Mon, 03 Jun 2024 00:00:00 -0400

Protect AI Chief Information Security Officer Diana Kelley joins the Claroty Nexus podcast to discuss the intricacies of securing machine learning and artificial intelligence use inside the enterprise. She also explains the concept of MLSecOps and how it compares and contrasts to DevOps used in application development.
For more, visit nexusconnect.io/podcasts

Jennifer Minella on OT Cybersecurity Convergence

Tue, 28 May 2024 00:00:00 -0400

Jennifer Minella, founder and principal advisor of Viszen Security, joins the Claroty Nexus podcast to discuss her experiences advising organizations on operational technology implementations, risk management, and succeeding at IT/OT convergence. This episode was recorded during RSA Conference where Jennifer and Bryson Bort gave a talk on convergence from the perspectives of a defender of industrial networks, and from the viewpoint of an offensive security specialist.
For more, visit nexusconnect.io/podcasts

Charles Blauner on the Changing Role of the CISO

Mon, 20 May 2024 00:00:00 -0400

Charles Blauner, Team8 operating partner and CISO in residence, joins the Claroty Nexus podcast to discuss the rapid changes in responsibilities and liability risks facing today's chief information security officers. Blauner, former CISO at JP Morgan and Deutsche Bank, describes how, for example, the new SEC rules around disclosures and incidents, along with legal action against high-profile CISOs of public companies, have some security leaders re-thinking how they operate and negotiate within their roles. He also discusses whether enterprises should brace for an exodus of those in the CISO chair today.
For more, visit nexusconnect.io/podcasts

Mikko Hypponen on a Decade of Corporate Ransomware Attacks

Mon, 13 May 2024 00:00:00 -0400

Cybersecurity pioneer Mikko Hypponen joins the Claroty Nexus live at the RSA Conference to discuss a decade of ransomware attacks against corporate networks. Hypponen is Chief Research Officer at WithSecure, the former F-Secure for Business. He has observed and analyzed malware from its infancy when it was a merely a means of disruption and attention-seeking to today's enormously profitable ransomware services and gangs .
For more, visit nexusconnect.io/podcasts

Adm. Michael Rogers on Geopolitics and Cybersecurity

Thu, 09 May 2024 00:00:00 -0400

Former NSA Director Adm. Michael S. Rogers (Ret. USN) joins the Claroty Nexus Podcast live from RSA Conference in San Francisco to discuss the current geopolitical climate, its impact on chief information security officers, and how they can and should response. Rogers discusses how the doctrines of adversaries are changing and that U.S. critical infrastructure is increasingly in the crosshairs. He also brings his experience and delivers practical advice for CISOs who are not only dealing with external adversaries but also potential legal liability in the event of breaches.
For more, visit nexusconnect.io/podcasts

Abel Archundia on Complexity in Critical Infrastructure

Mon, 29 Apr 2024 00:00:00 -0400

Abel Archundia, chief technology officer and global head of advisory for Istari, joins the Claroty Nexus podcast to discuss the nature of complexity, technical debt, and regulation, and how it influences risk decisions in critical infrastructure environments. He explains the challenges complexity brings to manufacturing, pharmaceuticals, and other CI sectors, and how owners and operators may feel outmatched by technical debt.
For more, visit nexusconnect.io/podcasts

Adam Gluck on Industrial DevOps

Tue, 23 Apr 2024 18:00:00 -0400

Adam Gluck, founder and CEO of Copia Automation, joins the Claroty Nexus podcast to discuss the need for DevOps within industrial automation. DevOps practices are popping up more frequently in these environments, but there are still hurdles and challenges for developers and engineers to overcome. Adam covers those, and explains how DevOps can improve disaster recovery, lessen the introduction of vulnerabilities in new code, and mitigate risk by being proactive about reviewing code changes as they happen rather than later in the development lifecycle.
For more, visit nexusconnect.io/podcasts

Greg Garcia on the Change Healthcare Cyberattack

Tue, 02 Apr 2024 00:00:00 -0400

Greg Garcia, the executive director of the Healthcare and Public Health Sector Coordinating Council’s Cybersecurity Working Group, joins the Claroty Nexus podcast to discuss the Change Healthcare ransomware attack and what can be done from a policy perspective to minimize the impact of such attacks in the future.

Garcia has had a long career on the policy side of cybersecurity, and was the first presidentially appointed Assistant Secretary for Cybersecurity at the Department of Homeland Security. In this episode, he discusses where organizations are in terms of recovery from the impacts of the attack, longterm impacts on the healthcare sector, and how the HSCC's recently published five-year strategic plan for organizations in the crosshairs.

For more, visit nexusconnect.io/podcasts

Ryan Pickren on New Web-Based PLC Malware Research

Wed, 06 Mar 2024 15:00:00 -0500

Ryan Pickren, a Ph.D. student in the School of Electrical and Computer Engineering at the Georgia Institute of Technology, joins the Claroty Nexus podcast to discuss a recently published research paper that explains a new web-based malware attack against programmable logic controllers. Pickren, the lead author, along with colleagues Tohid Shekari, Saman Zonouz, and Raheem Beyah, explains how embedded webservers inside modern PLCs can be attacked to give remote attackers full control over the device.
Check out their paper: “Compromising Industrial Processes Using Web-Based Programmable Logic Controller Malware”

For more, visit nexusconnect.io/podcasts

Mike Rogers on Understanding a CISO's Personal Exposure in Cyber Incidents

Wed, 14 Feb 2024 00:00:00 -0500

Hormel Foods Chief Information Security Officer and Director of Information Security and Compliance Mike Rogers joins the Claroty Nexus podcast to discuss why it's so important for CISO's to understand their personal liability during cybersecurity incidents. New regulations, including the SEC's cybersecurity rules, are driving this need for security leadership to evaluate to manage their personal exposure. Rogers provides his perspective on the SEC rules, how incident response is changing, and the ambiguity around exactly what constitutes a "material" incident.
For more, visit nexusconnect.io/podcasts

Team82 Answers More of your OT Cybersecurity Questions

Thu, 25 Jan 2024 00:00:00 -0500

Noam Moshe of Claroty Team82 is back to answer more listener questions about OT vulnerability research, threats and risks to OT networks and IoT devices, and the best mitigation and remediation strategies for defenders.
This is a follow-up podcast to an episode we recorded in December answering listener questions. You can listen to that episode here.

For more, visit nexusconnect.io/podcasts

Juan Piacquadio on Securing Pharma 4.0

Wed, 10 Jan 2024 00:00:00 -0500

Phlow Corp., CIO Juan Piacquadio joins the Claroty Nexus podcast to discuss the application of Industry 4.0 to pharmaceuticals, also known as Pharma 4.0. The industry is quickly adopting advanced technologies such as artificial intelligence, digital twins, and augmented reality to enhance the development of medicine and improve patient care. Along with that expansion of capabilities comes a wider attack surface, and Piacquadio spends a good deal of time explaining not only the threat landscape he envisions, but also how giant pharmaceuticals, the supply chain, and security providers must respond.
For more, visit nexusconnect.io/podcasts

David Elfering on CISOs and Cyber Liability Insurance

Thu, 04 Jan 2024 05:00:00 -0500

David Elfering, CISO at Carrix and former security and risk executive at Marsh, is back for another episode of the Claroty Nexus podcast to discuss cyber liability insurance. Elfering has extensive experience working not only as an enterprise cybersecurity executive, but also with one of the world's leading insurance carriers. Listen as he brings insight on that perspective, how carrier cybersecurity requirements align with risk reduction, red flags that can imperil coverage or claims, and how cyber insurance providers are looking at geopolitical conflict.
For more, visit nexusconnect.io/podcasts

Team82 Answers Your Vulnerability Research Questions

Wed, 06 Dec 2023 14:00:00 -0500

Team82 researchers Sharon Brizinov and Noam Moshe join the Claroty podcast for a special episode where they answer questions submitted by users. This Ask-Me-Anything style of podcast covers the team's OT and IoT vulnerability research process, resources for experienced and beginner vulnerability researchers, and insights from their point of view on the threat landscape for cyber-physical systems.

Mandiant on Sandworm APT Attacks in Ukraine

Fri, 10 Nov 2023 13:00:00 -0500

Nathan Brubaker, Mandiant and Google Cloud Head of Emerging Threats and Analytics, joins the Claroty Nexus podcast for a timely discussion on his team’s report published this week on the Sandworm APT’s activity in Ukraine.

Sandworm leveraged a new TTP—Living off the Land techniques—to target a Ukrainian energy company in October 2022 to cause a power outage. That outage also coincided with missile attacks by Russia against critical infrastructure in Ukraine.

Read Mandiant's Sandworm paper here.

Don Weber on Security Culture in Control Environments, STAR Methodology

Thu, 26 Oct 2023 17:00:00 -0400

Don Weber of Cutaway Security joins the Nexus podcast to discuss a trend in control environments where asset operators and engineers keep trained cybersecurity professionals at arm's length, citing safety concerns. As more control systems are connected and managed online, it's critical for certified security professionals to be included in overall safety and reliability activities. Otherwise new risk and vulnerabilities are likely to be introduced.
Weber also discusses a new methodology for assessing implementation vulnerabilities within industrial automation and control systems. Read more about IACS STAR:
IACS STAR Calculator
IACS STAR GitHub

MITRE on Caldera for OT

Thu, 05 Oct 2023 15:00:00 -0400

Misha Belisle and Blaine Jeffries of MITRE join the Claroty Nexus podcast to discuss Caldera for OT, a new set of operational technology plugins for the open source core Caldera adversary emulation platform. Caldera for OT supports the Modbus, BACnet, and dnp protocols, and Belisle and Jeffries hope to add future support for additional protocols. Red and purple teams may use Caldera for OT for adversary emulation in order to understand the exposure of these protocols to attacks.
Caldera for OT is available here.

Jim LaBonty on the OT Security Stack

Sun, 10 Sep 2023 00:00:00 -0400

Retired Pfizer Chief Information Security Officer Jim Labonty joins the podcast to discuss the operational technology (OT) security stack, and how it differs from IT. This episode provides especially important for the growing number of security leaders who are newly responsible for OT cybersecurity and the safety of cyber-physical systems.

Labonty also shares his experience during his time at Pfizer in securing the development of Pfizer's Covid-19 vaccine, and how not only security of the manufacturing process took top priority, but also supply chain security.

Stephen Reynolds on Protecting the CISO During Incident Investigations

Mon, 28 Aug 2023 00:00:00 -0400

Stephen Reynolds, a partner at the law firm of McDermott, Will, and Emery, joins the Nexus Podcast to discuss some of the concerns and questions CISOs and other security executives may have about their personal liability and exposure during breach investigations. The short of it: Don’t panic, but don’t be unprepared either. In this case, preparation equates to having personal legal counsel available, and document everything during an incident.
Reynolds and Eli Lilly associate VP and assistant general counsel Nick Merker presented on this topic at Black Hat under the context of the case and conviction of former Uber CISO Joe Sullivan. Sullivan was convicted of obstruction of justice and misprision of a felony for his role in covering up a breach at Uber.
Reynolds cautions that CISOs always remember that corporate counsel represent the company, and any attorney-client privilege is to the company and not the individual. He also reminds leaders to document the facts and information available at the time key decisions were made during an incident.

Team82 on NAS Research, OPC UA Exploit Framework

Sun, 20 Aug 2023 00:00:00 -0400

Team82’s extensive research into network attached storage devices and the ubiquitous OPC UA industrial protocol came to a head recently in Las Vegas with a pair of presentations at Black Hat USA and DEF CON disclosing vulnerabilities in Synology and Western Digital NAS cloud connections and the unveiling of a unique OPC UA exploit framework.

In this episode of the Nexus podcast, researcher Noam Moshe explains how both research initiatives came to be, the implications of each for users, and how the respective ecosystems have been made safer.

Read our Synology research
Read our Western Digital research
Read about our OPC UA exploit framework
Download the framework

Bishop Fox on OSDP Weaknesses Putting Secure Facilities at Risk

Sun, 13 Aug 2023 00:00:00 -0400

In this episode of the Nexus podcast, Bishop Fox researchers Dan Petro and David Vargas explain their research into the Open Supervised Device Protocol (OSDP), meant to bring encryption to badge readers and controllers providing physical access controls at secure facilities.
Petro and Vargas explain a number of protocol weaknesses and vulnerabilities that defeat OSDP's promise of encryption and security. Through the attacks they describe, they're able carry out—among others—replay or downgrade attacks, which are enabled by severe key exchange vulnerabilities or weakened crypto keys as described in the protocol.
Petro and Vargas unveiled this research during a presentation at Black Hat USA in Las Vegas.

Jennifer Lyn Walker on Cybersecurity Risks in the Water Sector

Thu, 03 Aug 2023 00:00:00 -0400

Jennifer Lyn Walker, Director of Infrastructure Cyber Defense for the WaterISAC, joins the Nexus podcast to discuss the state of cybersecurity within the water and wastewater critical infrastructure sector. Walker explains where the cybersecurity technology, funding, and skills gaps currently exist among smaller—and larger—water providers. She also covers recent improvements from water utilities, and what, in an ideal world, the cybersecurity industry and government could do to help.

Kathleen Moriarty on CIS' IoT Security Guidance

Sun, 16 Jul 2023 00:00:00 -0400

Kathleen Moriarty, Chief Technology Officer of the Center for Internet Security (CIS) joins the Nexus podcast to discuss CIS' recently published IoT Embedded Security Guidance. The document walks vendors, developers, DevOps professionals through the most commonly used IoT protocols and analyzes them from a security perspective. The aim is to help vendors and developers with this selection process and assist with building security in at the protocol level.
Download the guidance here.

Walter Risi on the CISO's Journey from IT to OT

Sun, 09 Jul 2023 00:00:00 -0400

Walter Risi, Global OT Lead and the Technology and Cyber Security Consulting leader at KPMG in Argentina, joins the Nexus podcast to discuss the CISO's journey from IT to OT.
Risi explains what's driving this convergence of security disciplines, and the challenges security leaders are facing across industries. You'll also learn why resilience should be the goal of enterprise security programs, the tools and experience necessary to successfully converge IT and OT security operations, and the importance of bringing cybersecurity awareness and experience to OT engineers and operators.

Noam Moshe on Teltonika 4G IIoT Router Cybersecurity Research

Tue, 30 May 2023 00:00:00 -0400

Claroty Team82's Noam Moshe joins the Nexus podcast to discuss a recent research collaboration with OTORIO looking at Teltonika's 4G industrial routers and cloud management platforms. Eight vulnerabilities were uncovered and patched by the vendor in a recent update. Moshe discusses the vulnerabilities, attack vectors involved, and the state of secure development for IIoT routers.
Read Team82's report: "Triple Threat: Breaking Teltonika Routers Three Ways"

Charles Carmakal on Cybersecurity Threats to Healthcare

Wed, 24 May 2023 00:00:00 -0400

Mandiant Chief Technology Officer Charles Carmakal joins the Claroty Nexus podcast to discuss real-world threats to healthcare organizations. Mandiant has a unique vantage point as an incident response team involved in many high-profile cyberattacks. Based on that insight, Carmakal is able to comment on the conventional and opportunistic attacks healthcare delivery organizations and providers are dealing with. Some of those include multifaceted extortion as well as intellectual property theft. He also discusses whether attacks targeting medical devices are a reality.

Lorrie Cranor on IoT Security and Privacy Labels

Thu, 27 Apr 2023 00:00:00 -0400

Lorrie Cranor, Director and Bosch Distinguished Professor in Security and Privacy Technologies at Carnegie Mellon University's CyLab, joins the Nexus podcast to discuss an IoT security and privacy label initiative under way at CyLab. The labels are meant not only to help consumers make informed buying decisions, but also to nudge vendors and manufacturers closer toward delivering secure smart devices to market.

Skip Sorrels on the 405(d) HICP, Healthcare Cybersecurity

Tue, 18 Apr 2023 00:00:00 -0400

Skip Sorrels, director of cybersecurity at Ascension Technologies, which oversees the technology needs for Ascension Healthcare, one of the country’s biggest non-profit healthcare providers, joins the Nexus podcast to discuss the 405(d) Task Group's Health Industry Cybersecurity Practices (HICP).

The HICP identifies top cybersecurity threats to the healthcare industry, and 10 blocking-and-tackling mitigation practices and sub-practices aimed at not only larger, more resourced organizations, but also smaller healthcare providers.

Dave Elfering on Cyber Liability Insurance

Mon, 10 Apr 2023 01:00:00 -0400

Dave Elfering, senior vice president at Marsh, a global insurance broker and risk management company, joins the Nexus podcast to discuss the current state of cyber insurance. A longtime figure in information security, Elfering explains the current volatility around coverage, premiums, and exclusions. He goes deep into what can sometimes be contentious discussions about qualifications and controls that must be implemented in order to be eligible for coverage, in addition to policy exclusions.

Vera Mens on Akuvox E11 Vulnerabilities

Wed, 22 Mar 2023 00:00:00 -0400

Team82 researcher Vera Mens joins the Nexus podcast to discuss her research that uncovered 13 vulnerabilities in the popular Akuvox E11 smart intercoms. These devices are used to control access to offices, residential, and commercial establishments. The vulnerabilities range in severity, and pose serious privacy implications for users. Vera will discuss her research and a challenging disclosure withe vendor that began 15 months ago.
Read Team82's technical report on this research here.
Read Team82's blog here.

Adm. Mike Rogers on the National Cybersecurity Strategy

Thu, 09 Mar 2023 00:00:00 -0500

Adm. Mike Rogers, USN (Ret.) joins the Nexus podcast to discuss the recently released National Cybersecurity Strategy, the first such strategy from the Biden administration. The strategy codifies many of the cyber-physical systems security initiatives the White House has produced since 2021 in the aftermath of the Colonial Pipeline ransomware attack. Adm. Rogers shares his past contributions to previous strategies, and provides insight into the document's five pillars and how they will impact critical infrastructure security in the near term.

Katherine Gronberg on the Federal Government and OT/IoT Cybersecurity

Thu, 09 Feb 2023 00:00:00 -0500

Katherine Gronberg, head of government services at cybersecurity venture capital firm NightDragon, joins the Nexus Podcast to discuss what's driving the federal government's renewed interest and investment in OT and IoT cybersecurity. Katherine brings insight from her unique perspective on these issues, especially as it pertains to upcoming requirements facing asset owners and operators, how vendors must respond to mandates put out by the White House, and what might be in the impending national cybersecurity strategy from the White House Office of the National Cyber Director.

Noam Moshe on a Generic WAF Bypass Technique

Mon, 19 Dec 2022 13:00:00 -0500

Claroty Team82 researcher Noam Moshe joins the podcast to discuss his recent research and development of a generic bypass of leading vendors' web application firewalls.
This research was presented at Black Hat Europe and on the Team82 blog. The technique involves prepending JSON syntax to a SQL injection payload. Prior to this research, WAFs were blind to JSON syntax and would not flag these payloads as malicious.
All of the leading vendors have since added JSON support to their SQL injection processes.

Sharon Brizinov on Hacking IoT

Mon, 12 Dec 2022 11:00:00 -0500

Claroty Team82 Director of Research Sharon Brizinov joins the podcast to discuss the recent Pwn2Own Toronto event. Brizinov was successful in three categories at the event, finding and exploiting zero day vulnerabilities in two network-attached storage devices and a popular router.

In this episode, Brizinov explains his preparation for the contest, and compares and contrasts hacking industrial control systems and internet of things connected devices.

Joe Slowik on TRITON Malware, XENOTIME Hacking Group

Fri, 28 Oct 2022 18:00:00 -0400

Joe Slowik, threat intelligence and detections lead at Gigamon, joins the podcast to discuss the XENOTIME hacking group, the entity believed to be responsible for the 2017 Triton attack.
Triton was deployed within a petrochemical facility in Saudi Arabia and triggered a fault in the Schneider Electric Triconex Safety Instrumented Systems that initiated a shutdown of the plant. The Triton intrusion and malware deployment could have been much worse, resulting in harmful physical consequences and loss of life.
Slowik's recent Virus Bulletin paper and presentation describes the complex ecosystem behind XENOTIME, its connections to Russian intelligence, and the tooling it built enabling the Triton attack and deployment.
One question does linger: Who wrote Triton?

Inside Team82's EvilPLC Attack

Thu, 20 Oct 2022 00:00:00 -0400

Team82's Noam Moshe, one of the researchers involved in developing the EvilPLC attack, discusses the technique of using a weaponized programmable logic controller to compromise an engineer's workstation and gain access to other PLCs on the OT network.

Read more about the EvilPLC technique
Download Team82's paper on EvilPLC

Sarah Fluchs Revisits the Top 20 Secure PLC Coding Practices List

Fri, 30 Sep 2022 11:00:00 -0400

Sarah Fluchs, CTO at Admeritia, joins the Aperture podcast to discuss the Top 20 Secure PLC Coding Practices List. Written for engineers by engineers, the list provides recommendations that can be used to securely design and code programmable logic controllers (PLCs).
The first iteration of the list was published in 2021, and since then, its core group of maintainers has grown to 75 and more than 1,000 engineers and experts registered as contributors.
The list has been prominent referenced in training materials and other resources, including the NATO guide for protecting automation and control systems, and MITRE is considering integrating the list into its CWE database.
In this episode, Sarah discusses secure PLC programming, how the list was developed, and how it should be used by engineers and security practitioners.

Vergle Gipson on Cyber-Informed Engineering

Wed, 28 Sep 2022 00:00:00 -0400

Vergle Gipson, senior advisor, at Idaho National Lab's Cybercore Integration Center, joins the podcast to discuss cyber-informed engineering and the maturing discipline of operational technology (OT) cybersecurity.
Gipson recently testified before a House Committee on Homeland Security about the need to secure industrial control systems against cyberattacks. One of the recommendations he suggested to the committee was the need for cyber-informed engineering, which has parallels to secure software development for IT. Gipson discusses CIE and the need for cyber-physical system security and critical function assurance.

Noam Moshe on the Evil PLC Attack

Fri, 19 Aug 2022 00:00:00 -0400

Claroty Team82 researcher Noam Moshe joins the podcast to discuss the Evil PLC Attack research published recently. Evil PLC is a technique whereby a weaponized PLC is used to compromise an engineering workstation in order to move deeper onto the OT network, the enterprise network, or other PLCs.

Read Team82's blog here.
Download our technical paper here (free PDF).

Dan Gunter on Threat Hunting in Industrial Control Systems

Mon, 18 Jul 2022 00:00:00 -0400

Insane Forensics CEO and founder Dan Gunter joins the Aperture podcast to discuss threat hunting approaches inside industrial control systems (ICS) and operational technology (OT) networks. Gunter describes how Shodan can be used to understand exposures within an industrial network and threats posed by trust relationships to the OT network. Gunter explains what asset operators and owners need in place to begin threat hunting, what they should be looking for, and how to use tools such as Shodan to their greatest effect.

Dan Ricci on the ICS Advisory Project

Wed, 06 Jul 2022 00:00:00 -0400

Dan Ricci joins the podcast to discuss the ICS Advisory Project. Ricci founded the project in 2018, which provides vulnerability management teams with a searchable, intuitive dashboard that visualizes industrial control system security and vulnerability advisories and threat data.
In this episode, Ricci explains how the ICS Advisory Project got off the ground, some of the features it currently offers, how it can be used by security analysts and OT operators, and where he imagines the project will be in a year as new features are added and refined.

Vera Mens on Hacking Flow Computers

Thu, 30 Jun 2022 05:00:00 -0400

Claroty Team82 researcher Vera Mens joins the podcast to discuss her BSides Tel Aviv presentation today called, "Total Flaw: Hacking Flow Computers for Fun and Free Gas."
Flow computers calculate flow rates for gas, oil, and more, and could be a key target for an experienced attacker who is looking to disrupt or damage a process in the oil and gas industry.
Mens uncovered two vulnerabilities that gave her access to a vendor's flow computer and allowed her to write code to the device; the vulnerabilities have been patched, and she shared some details in her talk today.

Don C. Weber on ICS Cybersecurity Training, Education

Wed, 15 Jun 2022 18:00:00 -0400

Don C. Weber, founder of Cutaway Security, joins the podcast to discuss his extensive career in information security, his journey to industrial control system cybersecurity, and his desire to educate, train and mentor others in the community.
Weber’s business focuses on security services for industrial environments through program reviews, security assessments, penetration testing, and training. He is also a SANS instructor and a fixture at Black Hat/DEF CON and other major events. He also runs the excellent Friday InfoSec Chats, you can find those on Youtube.

Idaho National Lab on the INL Control Environment Laboratory Resource (CELR)

Thu, 02 Jun 2022 00:00:00 -0400

Tim Huddleston of Idaho National Laboratory joins the Aperture podcast to discuss the INL Control Environment Laboratory Resource (CELR). CELR is a simulated critical infrastructure environment where users may test their incident response capabilities against real-life attack scenarios. Users may also use the environment to conduct malware and vulnerability analysis of ICS and SCADA devices, and also test product capabilities against simulated cyber-physical attacks. Learn more about CELR here.

Thomas Schmidt and Martin Scheu on the Common Security Advisory Framework

Thu, 26 May 2022 00:00:00 -0400

Thomas Schmidt of the German Federal Office for Information Security and Martin Scheu, an OT Security Engineer at SWITCH-CERT, join the podcast to discuss the Common Security Advisory Framework (CSAF).
CSAF automates the largely manual task of gathering security advisories and vulnerability remediation information, and then creates standardized, machine-readable advisories that users such as vendors and industry organizations can thus distribute to end users.

Daniel Kapellmann Zafra on Incontroller/Pipedream ICS Attack Tools

Wed, 04 May 2022 00:00:00 -0400

Mandiant senior technical analysis manager Daniel Kapellmann Zafra joins the Claroty Aperture podcast to discuss the Incontroller/Pipedream attack tool. Incontroller is alleged to be a state-sponsored tool specifically designed to target industrial control systems. Incontroller was discovered before it was employed on a victim's network, yet nonetheless it remains one of the most sophisticated, dangerous ICS attack platforms ever developed.

Kapellman Zafra discusses Incontroller's three components—Tagrun, Codecall, and OmShell—that give it extreme flexibility in targeting different ICS equipment and communication protocols. You'll also learn about how resilient potential victims may be, as well as some of the mitigations and defensive strategies that organizations should consider.

Sharon Brizinov on Hacking and Securing PLCs

Wed, 20 Apr 2022 00:00:00 -0400

In this episode of the Aperture podcast, Claroty Team82 vulnerability research lead Sharon Brizinov covers a presentation he’s giving at the S4x22 conference in Miami that explains a unique attack against Siemens SIMATIC 1200 and 1500 PLCs that enabled native code execution on the device.
Also, Brizinov explains his participation in the Pwn2Own contest. S4 hosts the only ICS-focused version of Pwn2Own, and this year there are four categories of targets in scope: control servers, OPC UA servers, data gateways, and HMIs.
“The goal in most cases is to achieve remote code execution, not only to find a vulnerability but achieve exploitation,” Brizinov said. “Usually we are able to find at least one vulnerability, but the real challenge is to exploit those vulnerabilities. Usually the difficulty around this is to bypass the different security mitigations that both the software, hardware, or operating system present.”

Kylie McClanahan on Automating the Gathering of Vulnerability Information

Tue, 29 Mar 2022 00:00:00 -0400

Kylie McClanahan, a University of Arkansas doctoral student and senior developer at Bastazo, joins the Aperture podcast to discuss her research into automating the gathering of vulnerability remediation and mitigation information from vendors and third-party sources.
McClanahan explains how she and colleagues have used machine learning, natural language processing, and keyword techniques, among others, to parse mitigation advice from vendor advisories and alerts from third-party sources such as NVD.
These advisories often have incomplete mitigation information that's especially valuable in OT environments where asset owners must rely on mitigations when patches aren't either available or devices cannot be patched.
McClanahan has coauthored two papers explaining different approaches to solving this problem that can be downloaded here.

Sean Tufts on OT SOC Playbooks, Culture Challenges

Thu, 24 Feb 2022 00:00:00 -0500

Sean Tufts, ICS and OT security practice director at Optiv, joins the Claroty Aperture podcast to discuss some of the security technology and cultural challenges facing industrial enterprises as they deal with digital transformation and convergence.
Tufts, a former NFL player and college football star, also shares his non-conventional career path to OT cybersecurity and how some of the skills translate from pro sports to his second career.

Patrick Miller on Securing Critical Infrastructure in a Time of Conflict

Thu, 17 Feb 2022 12:00:00 -0500

Veteran ICS cybersecurity expert Patrick Miller joins Claroty's Aperture podcast to discuss the proactive measures ICS cybersecurity managers and OT asset owners and operators should be taking right now in light of geopolitical tensions around the world.
Miller recently wrote a blog explaining what and how electric utilities and other CI organizations should be communicating and sharing in the event of conflict between Russia and Ukraine spilling over onto the internet. He elaborates on that piece in this discussion, as well as his experience in helping to get the NERC CIP standards off the ground, how the standard may be ready to "collapse under its own weight," 20 years later.
-
Join Claroty Team82's Slack channel and connect with our research team to discuss the latest in ICS and OT cybersecurity threat and vulnerability research.

OT-ISAC on Information-Sharing, Incident Recovery

Sun, 30 Jan 2022 00:00:00 -0500

Bill Nelson, director and officer of the OT-ISAC, joins the podcast to discuss the growing need for adequate sharing of threat intelligence and incident information among operational technology professionals, including asset owners and security practitioners.
Nelson explains some of the information-sharing challenges that continue to shadow ISACs, and why member organizations may be hesitant to share incident details. He also discusses a new operational resilience framework in development that will soon be released for public comment and feedback, and how that ties into the need for more discussions on incident response and recovery.
--
Claroty's research arm, Team82, invites you to join its new Slack channel where you can join other OT, ICS, and IoT cybersecurity experts to discuss the team's research, vulnerability disclosures, and best practices. Click here to join.

Tom VanNorman on OT Cybersecurity Skills Gap

Wed, 12 Jan 2022 00:00:00 -0500

ICS Village cofounder Tom VanNorman joins the Aperture podcast to discuss the recently announced Cybersecurity & Industrial Infrastructure Security Apprenticeship Program that aims to improve cybersecurity knowledge within operational technology. ICS Village is part of a consortium behind this apprenticeship program along with Siemens Energy, SANS Institute, and a number of academic institutions. The aim is to integrate academic classes, training, and real-world job rotations at leading industrial companies.
Tom also discusses the next iteration of ICS Village at the upcoming RSA Conference in June.

Claroty, JFrog on Fuzzing BusyBox

Sun, 28 Nov 2021 00:00:00 -0500

Claroty researcher Vera Mens and JFrog researcher Shachar Menashe join the podcast to discuss a recent research collaboration between the two companies that looked at the security of BusyBox.
Busybox is a popular embedded Linux utility suite, and is found everywhere in operational technology, including in devices such as PLCs, HMIs, and RTUs.
The researchers published a paper that describes 14 vulnerabilities uncovered in BusyBox—all of which were patched—and the custom fuzzing harnesses used to trigger the bugs. The harnesses were released to open source by Claroty and can be found on GitHub.

ZDI's Dustin Childs on Pwn2Own Miami

Mon, 15 Nov 2021 00:00:00 -0500

Dustin Childs of the Zero Day Initiative (ZDI) joins Claroty's Aperture podcast to discuss the upcoming Pwn2Own Miami hacking contest. This is the only hacking contest focused on finding zero-day vulnerabilities in industrial control systems (ICS) and operational technology (OT), and it will be held during the S4 conference in January.

Childs is a veteran of the security industry and Pwn2Own, which is 16 years old. Pwn2Own Miami will be the second such event with an ICS focus. Researchers will compete for a prize pool over more than $300,000; four technology categories are in scope at this year's event: control servers, OPC servers, data gateways, and HMIs.

Childs explains Pwn2Own Miami's hybrid approach that will allow competitors to enter either virtually or on-site, how Pwn2Own works, and what the disclosure process is like with affected vendors once a zero-day is demonstrated.

Exploring and Navigating OT for CISOs

Wed, 10 Nov 2021 00:00:00 -0500

Splunk OT security strategist Chris Duffey and Global Advisory CISO Doug Brush join Claroty's Aperture podcast to discuss how CISOs can and must navigate the world of industrial control system (ICS) and operational technology cybersecurity.

Digital transformation and convergence have forced IT and OT under the same umbrella for many industrial enterprises and critical infrastructure. For many CISOs, managing OT cybersecurity is a whole new world of risk management strategies, technologies, and vendors.

Duffey and Brush explain some of the success stories they've experienced with CISOs who have had to close knowledge, technology, and experience gaps in order to meet OT security challenges head-on. There are numerous considerations from both an operational and strategic point of view, and Duffey and Brush share their experiences.

Gary E. Miller on the GPSD Bug

Wed, 27 Oct 2021 00:00:00 -0400

Gary E. Miller, principal maintainer of GPSD, joins the Aperture Podcast to discuss a bug in this service that potentially could have caused some disruptions on devices that rely on global positioning systems for precise time-keeping.
GPSD is a service daemon that extracts time information from GPS appliances. GPSD can be found in anything from mobile phones, to submarine navigation systems, and satellites. There are also industrial applications that reply on GPS for timing, including flow meters in pipelines, for example.
A bug was discovered earlier this year in the GPSD code that could have rolled back time on GPS-reliant devices starting Oct. 24 to March 2002. Such an event could have affected data integrity with systems dependent on timestamps, for example. Some sensors transmit data regularly and are part of larger systems that take actions based on sensor readings.
Miller explains how GPSD works, the intricacies of the bug, and why there haven't been incidents related to the bug since Oct. 24.

Top 20 Secure PLC Coding Practices List

Tue, 28 Sep 2021 13:00:00 -0400

Martin Scheu and Dirk Rotermund of the Top 20 Secure PLC Coding Practices project join Claroty's Aperture podcast to discuss how engineers can integrate secure coding practices into PLC programming.
The group's list of secure coding practices was released earlier this year and is available as a free download. It’s a 44-page document that includes not only the list of secure coding practices, but also detailed guidance for each, and where they map to on certain frameworks such as MITRE ATT&CK.
In this discussion, you'll learn more about how this project came together, the current state of PLC security by design, where current cybersecurity gaps exist, and how engineers can best make use of the guidance provided in the list of secure coding practices.

Dennis Fisher on 'When Bug Bounties Went Boom'

Mon, 20 Sep 2021 00:00:00 -0400

Decipher Editor in Chief Dennis Fisher joins the podcast to discuss a series he recently published on the history and evolution of bug bounties. In the series, Dennis talks to the hackers and researchers who took an idea and turned it into one of information security's most well-known and lucrative industries.
In this episode, Fisher covers the early days of bug bounties, the No More Free Bugs movement, the legal landmines researchers faced doing vulnerability research—essentially for free—the gray markets for bugs and exploits, and how pioneers such as Katie Moussouris worked tirelessly to make bug bounty programs a reality not only at Microsoft, but also within the Pentagon.
Read the three-part series at Decipher:
"Lawyers, Bugs, and Money: When Bug Bounties Went Boom, Part 1"
"Uprising in the Valley: When Bug Bounties Went Boom, Part 2"
"Drive it Like You Stole It: When Bug Bounties Went Boom, Part 3"

Tom Pace on SBOMs for ICS and OT

Sun, 22 Aug 2021 00:00:00 -0400

Tom Pace, founder of security company NetRise joins Claroty's Aperture Podcast to discuss SBOMs, or software bill of materials, and how they can be leveraged to improve industrial control system and operational technology cybersecurity.

SBOMs are analogous to ingredient labels on food products, or parts lists for automobiles. Yet for ICS and OT equipment, they are a rarity. That lack of visibility into software and firmware components puts organizations at risk in the event of an incident, or can hamper risk management efforts.

Pace discusses the value proposition of SBOMs, how they can be created and consumed inside industrial enterprises, and takes down some misconceptions vendors and buyers may have around SBOMs giving attackers a network roadmap, or leaking intellectual property secrets.

Pace also covered this subject in a talk at the recent ICS Village at DEFCON.

Tony Baker on OT Cybersecurity Challenges, CIP Security

Tue, 10 Aug 2021 18:00:00 -0400

Rockwell Automation Chief Product Safety and Security Officer Tony Baker joins the Claroty Aperture podcast to discuss the rash of cybersecurity challenges facing critical infrastructure and industry owners and operators.
Baker is a Rockwell veteran and has specialized in cybersecurity for the last eight years. He shares his insight on some of the challenges and resource gaps defenders are facing today, as well as the short- and long-term impact of the high-profile industrial cybersecurity incidents that have dominated headlines in 2021.
Baker also discusses the evolution and adoption of CIP Security, a critical defense-in-depth technology that brings authentication, integrity, and confidentiality to messaging between industrial devices.

Inside the Water Sector Cybersecurity Survey

Fri, 02 Jul 2021 00:00:00 -0400

Michael Arceneaux, managing director of the Water Information Sharing and Analysis Center (WaterISAC), joins Claroty's Aperture podcast for a deep dive into the results of the recently released Water Sector Coordinating Council's cybersecurity survey.

In short, the water sector needs cybersecurity help from industry organizations and the federal government. Respondents, identified four critical areas of need ranging from training, to improved cybersecurity tools and threat information, to money allocated from the federal government via loans and grants.

While there were encouraging signs around the amount of risk assessment happening within the sector, that's offset by data that shows a lack of visibility into connected IT and OT assets. Water utilities are exposed to threats from threat actors, and respondents want to minimize the exposure of control systems, identify and remediate vulnerabilities, and secure remote access to OT systems.

Adm. Mike Rogers on Ransomware and OT

Fri, 25 Jun 2021 00:00:00 -0400

Retired Adm. Mike Rogers, former NSA Director and U.S. Cyber Command Commander, joins Claroty's Aperture Podcast to lend his insight and expertise into the rash of ransomware attacks starting to impact operational technology (OT) environments and critical infrastructure.

Rogers covers the risk assessments that industrial enterprises are undertaking to handle the ransomware threat, and how to best response in the event of an incident. The discussion also ranges into:

Cyber resilience in OT environments
The debate on whether to pay extortion demands or ransoms
The role of cyber-insurance is playing in defensive strategies,
How the government should be working with private sector critical infrastructure operators.

Rogers is also the chairman of Claroty's board of advisors.

Mandiant on Low-Sophistication OT Attacks

Tue, 08 Jun 2021 00:00:00 -0400

Mandiant Threat Intelligence Senior Manager Nathan Brubaker joins the Aperture Podcast to discuss the growing trend of low-sophistication attacks targeting operational technology and industrial control systems.

Nathan coauthored a recent Mandiant report on the subject, identifying a number of trends worth monitoring as industrial enterprises continue to connect OT to the internet and converge IT and OT systems internally.

Attackers are exploiting connectivity to sometimes interact with industrial processes, but more often to capitalize financially on their access through ransomware, or to gather information about exposed assets that can be shared or sold.

Nathan also discusses some of the commodity tools attackers are using to compromise control systems and industrial assets, and what organizations can do to lock down OT systems and reduce risk to industrial processes.

E-ISAC on Biden 100-Day Plan for Power Grid Cybersecurity

Tue, 18 May 2021 00:00:00 -0400

Manny Cancel, CEO of the Electricity-ISAC, joins the Aperture podcast for a wide-ranging discussion on cybersecurity issues affecting electricity utilities and critical infrastructure. Cancel shares his thoughts on the Biden Administration's recent announcement of a 100-day plan to improve electricity and power grid cybersecurity. Specifically, the plan calls for the identification and deployment of technologies and systems that improve situational awareness and response capabilities for electricity providers. Cancel also discusses threats facing electric utilities, threat actors targeting the sector, and what technology and human-resource gaps exist. Finally, Cancel describes how the E-ISAC works with its members on information-sharing, and activities among its 1,100 members.

Katie Moussouris on Dan Kaminsky, Pay Equity, Vulnerability Disclosure Progress

Thu, 29 Apr 2021 00:00:00 -0400

Luta Security founder, security entrepreneur, and vulnerability disclosure pioneer Katie Moussouris joins the Aperture Podcast to talk about influential researcher Dan Kaminsky, who died April 23 at 42 years old. Katie discusses the breadth of Dan's work as a researcher, and his friendship, empathy, and outreach within the security community.
Katie also talks about her work advocating for pay, gender and employment equity, and how her mother persevered as a single mother earning significantly less than male counterparts.
Katie also explains her return to her hacker roots uncovering two serious vulnerabilities in the audio-based social networking app, Clubhouse, and the state of vulnerability disclosure programs and bug bounties.

Kaspersky, Claroty on OPC Security Research

Tue, 30 Mar 2021 15:00:00 -0400

On this episode of Claroty's Aperture Podcast, researchers from Claroty and Kaspersky join to discuss security research into the OPC protocol. OPC is a protocol stack that is used for interoperability between disparate vendor communication protocols in the ICS domain.

Kaspersky's Evgeny Goncharov and Claroty's Sharon Brizinov and Uri Katz bring their respective experience researching OPC and discuss why it's a critical protocol for OT networks. In 2018, Kaspersky Lab published some of the earliest research into OPC security and disclosed 17 new vulnerabilities in the stack. This year, Claroty followed with its own research and nine vulnerabilities found in three vendor implementations of OPC.

The researchers discuss the current state of OPC security, how it can improve, and what vendors should be doing to ensure they're securely implementing OPC.

Josh Grunzweig on Exchange Zero Days

Wed, 17 Mar 2021 18:00:00 -0400

Josh Grunzweig of Volexity joins the Aperture Podcast to discuss the Microsoft Exchange zero-day vulnerabilities and exploits that have been dominating headlines. Tens of thousands of organizations have already been compromised by attack groups using this bug to dump corporate email, and carry out further attacks such as ransomware or deploying cryptocurrency mining software.
Josh's team at Volexity was the first to report in-the-wild exploits of the Exchange zero days, and in this episode, he describes the initial discovery of these attacks, and the short- and long-term implications for enterprises worldwide.

Mauro Conti on Assessing the Use of Insecure ICS Protocols

Wed, 10 Mar 2021 01:00:00 -0500

Prof. Mauro Conti of the University of Padua, Italy joins the Aperture Podcast to discuss a paper he coauthored last year called Assessing the Use of Insecure ICS Protocols via IXP Network Traffic Analysis.

The paper, co-written with Giovanni Barbieri, Nils Ole Tippenhauer, and Federico Turrin of the University of Padua and the Helmholtz Center for Information Security, examines the gaps and exposures presented by connecting industrial control systems to external networks.

Many of these networks and devices are communicating over insecure protocols that are insecure by design, lacking encryption or authentication, or are misconfigured.

Internet-scanning services such as Shodan are also blind to much industrial traffic, the paper concludes, giving operators an incomplete picture of their exposure. Attackers, meanwhile, can leverage this to intercept and manipulate industrial traffic.

Water ISAC on Oldsmar Hack, Sector Cybersecurity

Mon, 22 Feb 2021 18:00:00 -0500

Jennifer Lyn Walker and Michael Arceneaux of the Water ISAC join the podcast to discuss the recent cybersecurity incident at the Oldsmar, Fla., water-treatment facility, the state of cybersecurity inside the water & wastewater critical infrastructure sector, and whether organizations are reticent about sharing information about attacks with others in the sector.
Walker is a cyber threat analyst with the Water ISAC, while Arceneaux is managing director of the organization. Water ISAC has more than 400 member utilities serving much of the United States.

Justin Searle on Pen-Testing ICS

Wed, 20 Jan 2021 19:00:00 -0500

Justin Searle, director of ICS security at InGuardians and a SANS Institute ICS security senior instructor, joins the Aperture podcast to discuss penetration testing ICS environments. Justin is a leader in the ICS security community, a 21-year veteran immersed in conducting and teach security assessments worldwide. In this episode, Justin discusses the challenges in pen-testing production industrial environments, the state of pen-testing tooling for ICS, how digital transformation and IT/OT convergence are changing the way cybersecurity is managed inside enterprises, and also industrial cybersecurity threats facing companies.

Tom Tervoort on Zerologon

Thu, 17 Dec 2020 18:00:00 -0500

Tom Tervoort, a senior security specialist with Netherlands-based Secura, joins the Aperture Podcast to discuss the Zerologon vulnerability in Windows Netlogon. This critical crypto bug in the Netlogon authentication mechanism was discovered by Tom and the Secura team, and patched in August by Microsoft.
Since then, exploit code has surfaced and the vulnerability has been used by two separate APT groups. Tom discusses how he "accidentally" discovered Zerologon, the risks posed by successful exploits, how and why APTs might use it, and the resources required to use it in attacks against Active Directory, domain controllers, and other Windows authentication mechanisms.

Richard Thomas, Joe Gardiner on CVE Discovery Time for ICS

Tue, 24 Nov 2020 00:00:00 -0500

Richard Thomas of the University of Birmingham and Joseph Gardiner of the Bristol Cyber Security Group, University of Bristol, discuss their recently published paper: "Catch Me If You Can: An In-Depth Study of CVE Discovery Time and Inconsistencies for Managing Risks in Critical Infrastructures." The paper examines how long ICS and OT vulnerabilities are in the wild before being discovered, and also shortcomings in ICS-related CVEs, which are often the first touch organizations have with vulnerabilities on their networks. Learn how long vulnerabilities are present before they're uncovered, and exactly what the gap is between CVE information and the details about affected products. The researchers also share recommendations for suggested improvements.

Dustin Childs on Vulnerability Disclosure, Pwn2Own, ZDI

Wed, 18 Nov 2020 00:00:00 -0500

Dustin Childs, Communications Manager for the Zero Day Initiative (ZDI) joins the Aperture podcast to talk about vulnerability disclosure and its evolution since the early 2000s. Dustin also covers the legacy of ZDI as a vulnerability clearinghouse as it turns 15 this year, some milestones for bug-hunters, and the role of Pwn2Own in maturing disclosures for vendors and researchers alike. The conversation also includes the growing interest in uncovering vulnerabilities in industrial control systems and the very different patching dynamic for operational technology.

Introducing Aperture, A Claroty Podcast

Mon, 16 Nov 2020 10:00:00 -0500

Welcome to Claroty's brand new podcast, Aperture! hosted by Editorial Director Mike Mimoso.
Aperture will feature regular discussions with IT and OT security experts as we focus on protecting the critical infrastructure that impacts so much of our day-to-day lives.
Please share the word about the podcast. It will be available on all the major platforms, and on the Claroty blog.
Subscribe now so you don't miss any of our discussions.
We'll be back soon with compelling discussions with the best minds in IT and OT security.
Thanks for listening.