mnemonic security podcast

In this episode, Robby speaks with Jens Christian Vedersø, Head of Cyber Risk Management at Vestas, one of the world’s largest wind turbine manufacturers.

Jens is a former Navy and intelligence officer and recovering regulator. Before managing cyber risk in the renewable energy sector, Jens helped develop energy sector legislation and cyber preparedness at the Danish Energy Agency, and served as a subject matter expert for SCADA, OT, ICS and IoT at the Danish Center for Cyber Security.

In the discussion Jens shares his unique perspective on how security acts as both an enabler and a potential barrier in the transition towards renewable energy transition, and how the industry needs to move from a reactive, compliance-driven approach towards a more proactive, risk-based model. Jens also shares insights into the threat landscape, potential motivations of state actors, and how Vestas is working to quantify cyber risk and empower customers to better understand and control their own cyber risks.

From the 14th to the 16th of November, the annual Industrial Security Conference will take place in Copenhagen, Denmark.

Are you interested in Operational Technology and Industrial Control System security, and
wonder what's going on in that part of our industry? Or just curious about the conference, and some of the speakers that will be there? Robby’s caught up with a few of them to get a sneak peak into what you can expect from their presentations and demonstrations during the conference.

In this special edition episode, he chats with the following security professionals about what they’ll be speaking about at this year’s conference and why it’s important:

• Søren Egede Knudsen, CEO and OT expert at Egede, “S***, we have factories in Russia”
• Tibor Földesi, Security Analyst at Norlys, “Lessons learned in CTI land”
• Ron Brash, VP of Technical Research & Integrations, aDolus Technology, “Doctor StrangeFormat: How I learned to be an archeologist for SBOMs”
• Andrea Son, Headhunter, CSA CPH, "The biggest threat is a lack of competence - how is the situation in Denmark, and what can we do?"
• Martin Scheu, Security Engineer, SWITCH-CERT, “Incident Response Training in Electrical Substations”
• Dr. Maureen McWhite, Owner, 4Gen Consulting Services LLC, “Supply chain cybersecurity with an emphasis on the transportation sector”

Find out more about the conference and the program here: https://insightevents.dk/isc-cph/program/

Defending EVE Online

How does combatting botting, hacking, and fraud in a virtual game relate to fighting real cybercrime?
To share his take on this, Maksym Gryshchenko joins us to share how he works as a Security analyst at CCP Games, a leading game developer based in Iceland, and the developers behind the sci-fi role-playing game EVE Online.

EVE Online is known for having an immensely complex market economy system for the game's internal industry and trade between players, and Maks explains to Robby how he and his team works to maintain the integrity of this economy and the game itself. And in the case of EVE, this means more than catching cheaters.

In this episode we chat with Angel Alonso, a CISO for hire and team lead for the Governance, Risk and Compliance department in mnemonic.
He shares his experience and opinions around the topic of "cloud security," and provides insight into what organizations should be doing to avoid the front pages due to a misconfiguration.
Technical level: 1/5
Host: Robby Peralta
Producer: Paul Jæger

Joe Slowik, ATT&CK CTI Lead at MITRE, joins the latest episode of the mnemonic security podcast to share his insights on the complexities of securing critical infrastructure. With a background in cyber threat intelligence, incident response, and detection engineering, Joe discusses with Robby the challenge of defining and prioritising what's truly "critical" in a landscape where every sector claims importance.

They explore the difficulty in distributing security investments across industries and the growing need for organisations of all sizes to adopt a mindset of self-defence. Joe also addresses the potential consequences of large-scale cyberattacks, such as those by Volt Typhoon, emphasising the need for coordinated incident response and leadership during crisis scenarios. He concludes with a strong call for resilience and highlights the vital role CEOs play in ensuring organisational preparedness.