PrOTect It All

With a focus on the OT Cyber Security recruitment space James is the Talent Solutions Director at NDK Cyber. NDK Cyber work with high-growth businesses in the USA, UK & EMEA to provide completely tailored cybersecurity talent attraction solutions. Specialising in long-term talent acquisition and strategy, we have mastered a blend of data insights, the latest technology and our own personal network mastered over 20+ years to build 100s of cybersecurity teams across the globe.

Summary

Hosted by: Aaron Crow

Guest: James Morris, Director, Talent Solutions at NDK Cyber

In this conversation, Aaron Crow and James Morris discuss the transition happening in the field of OT security, with a growing need for dedicated OT security engineers and teams. They explore the challenges of budgeting for OT security and the importance of building trust and collaboration between IT and OT departments. They also emphasize the value of cross-disciplinary skills and the need for apprenticeships and on-the-job training to address the skills gap in OT security. The conversation highlights the importance of translating cybersecurity into business risk and the role of education and community in promoting OT security. The conversation covers various topics related to job descriptions, hiring challenges, helping people enter the OT space, companies being more open to training and transferable skills, excitement for the future of OT security, concerns about AI and ML in cybersecurity, and the importance of OT security in uncertain times.

Takeaways

• There is a growing need for dedicated OT security engineers and teams.
• Building trust and collaboration between IT and OT departments is crucial for effective OT security.
• Cross-disciplinary skills and apprenticeships can help address the skills gap in OT security.
• Translating cybersecurity into business risk is essential for gaining budget and buy-in for OT security initiatives. Job descriptions should be written in a way that encourages more people to apply, focusing on transferable skills and being more inclusive.
• Companies should be open to training and developing employees who have the desire and raw skills needed for the job.
• The OT security space is growing rapidly, and there are opportunities for individuals to enter the field and for companies to hire the right talent.
• There is excitement about the future of OT security, but concerns exist about the potential risks associated with AI and ML in cybersecurity.
• In uncertain times, it is crucial for companies to prioritize OT security and not cut back on investments in this area.

—

Connect with James:

• Website: https://www.ndkcyber.com/
• LinkedIn: https://www.linkedin.com/in/lets-talk-cyber-talent/

Connect with Aaron Crow:

• Website: www.corvosec.com
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected]
• Website: www.protectitall.co
• X: https://twitter.com/protectitall
• YouTube: https://www.youtube.com/@PrOTectITAll
• FaceBook: https://facebook.com/protectitallpodcast

To be a guest, or suggest a guest/episode please email us at [email protected]

—

Show notes by NMP.

Audio production by NMP. We hear you loud and clear.

Kyle Peters is a recovering building automation and HVAC technician and programmer who was drawn to the dark side of cybersecurity and never looked back. Today he is the senior consultant for OT Cybersecurity, focusing on building automation systems at Intelligent Buildings. If you’d like to geek out on such things, reach out to Kyle via LinkedIn or email [email protected].

In this conversation, Kyle discusses the world of building management systems and the importance of cybersecurity in this field. He highlights the diversity of building systems and the interconnectedness of various components. The conversation emphasizes the need for a risk-based approach to security and the importance of policies and standards. Kyle also emphasizes the value of understanding the system and planning ahead to mitigate risks. The conversation concludes with a discussion on securing remote access and implementing segmentation. The conversation explores the lack of cybersecurity preparedness in organizations, the need to translate cybersecurity risks to business risks, the likelihood of attacks and targeting, the challenge of selling likely risks, exciting technological advances in cybersecurity, concerns about AI and rapid technological changes, and closing thoughts and a call to action.

Takeaways

Building management systems encompass a wide range of components, including HVAC systems, fire alarms, and lighting.

A risk-based approach to security is crucial in building management, considering the diverse systems and potential vulnerabilities.

Policies and standards play a significant role in ensuring the security and reliability of building management systems.

Simple solutions, such as proper cable management and backup plans, can greatly enhance the security and availability of building systems.

Understanding the system and planning ahead are essential for effective risk mitigation in building management.

Securing remote access and implementing segmentation are key measures to protect building management systems from cyber threats. Many organizations are not adequately prepared for cybersecurity threats, either due to limited budgets or lack of expertise.

It is important to translate cybersecurity risks into business risks to help organizations understand the potential impact on their operations.

Cyber attacks can come from various sources, including nation-state actors, but also from simple human errors or system failures.

Selling the importance of cybersecurity can be challenging, as the most likely risks may not be as sensational as nation-state attacks.

Exciting technological advances in cybersecurity are on the horizon, but they also bring concerns about the potential risks and implications of AI and rapid technological changes.

—

Connect with Kyle:

• LinkedIn: https://www.linkedin.com/in/kyle-peters-2a7173116/

Connect with Aaron Crow:

• Website: www.corvosec.com
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected]
• Website: www.protectitall.co
• X: https://twitter.com/protectitall
• YouTube: https://www.youtube.com/@PrOTectITAll
• FaceBook: https://facebook.com/protectitallpodcast

To be a guest, or suggest a guest/episode please email us at [email protected]

—

Show notes by NMP.

Audio production by NMP. We hear you loud and clear.

Hosted by: Aaron Crow

Guest: Clint Bodungen

Clint Bodungen is a globally recognized cybersecurity professional and thought leader with 25+ years of experience (focusing primarily on industrial cybersecurity, red teaming, and risk assessment). He is the author of two books, "Hacking Exposed: Industrial Control Systems" and “ChatGPT for Cybersecurity Cookbook. Clint is a United States Air Force veteran and has worked for notable cybersecurity firms like Symantec, Booz Allen Hamilton, and Kaspersky Lab, and is currently the co-founder and CEO of a cybersecurity training startup, ThreatGEN. Renowned for his creative approach to cybersecurity education and training, he has been at the forefront of integrating gamification and AI applications into cybersecurity training, creating his flagship product, “ThreatGEN® Red vs. Blue”, the world's first online multiplayer computer designed to teach real-world cybersecurity. His latest innovation is AutoTableTop, which uses the latest generative AI technology to automate, simplify, and revolution IR tabletop exercises. As AI technology continues to evolve, so too does his pursuit to help revolutionize the cybersecurity industry using generative AI and large language models (LLM).

Summary

In this conversation, Clint and Aaron discuss the value of tabletop exercises in cybersecurity and the development of auto tabletop, an AI-based tool for facilitating incident response tabletop exercises. They highlight the limitations of traditional tabletops and the benefits of using AI to enhance engagement and flexibility. They address concerns about AI in cybersecurity, such as data privacy and security, and emphasize the use of local language models to mitigate risks. They also discuss the future of AI in the industry and the workforce, emphasizing the importance of learning generative AI and prompt engineering for future job prospects. In this conversation, Clint discusses the automation of tasks using AI and the benefits of using AI as a tool to enhance human creativity. He also explores the future of AI and its potential for accelerating technological advancement. Clint acknowledges the concerns about the potential misuse of AI but emphasizes the importance of using it for good. He highlights the role of AI in reducing barriers to innovation and its significance in cybersecurity. Overall, the conversation highlights the transformative power of AI and its impact on various industries.

Takeaways

• Tabletop exercises are important for testing incident response plans and should be conducted regularly for maximum effectiveness.
• AI-based tabletop exercises, such as auto tabletop, offer increased engagement and flexibility compared to traditional tabletops.
• Concerns about data privacy and security can be addressed by using local language models and fine-tuning models for specific tasks.
• AI has the potential to enhance productivity and efficiency in the industry, but proper understanding and implementation are crucial.
• Learning generative AI and prompt engineering can increase job prospects in the future. AI can automate menial tasks, allowing humans to focus on more valuable work.
• AI has the potential to enhance human creativity and accelerate technological advancement.
• The responsible use of AI is crucial to prevent misuse and ensure positive outcomes.
• AI can reduce barriers to innovation and empower individuals to bring their ideas to life.

Connect with Clint Bodungen:

• Website: https://threatgen.com/
• LinkedIn: https://www.linkedin.com/in/clintb/

Connect with Aaron Crow:

• Website: www.corvosec.com
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected]
• Website: https://www.protectitall.co
• X: https://twitter.com/protectitall
• YouTube: https://www.youtube.com/@PrOTectITAll
• FaceBook: https://facebook.com/protectitallpodcast

To be a guest, or suggest a guest/episode please email us at [email protected]

—

Show notes by NMP.

Audio production by NMP. We hear you loud and clear.

In this conversation, Ted Gutierrez, the leader of Security Gate, discusses the challenges and strategies in implementing cybersecurity solutions in the critical infrastructure sector. He emphasizes the importance of common language and frameworks to bridge the gap between IT and OT. Ted also highlights the need for asset owners to start slow and focus on key controls, rather than aiming for maturity level 5 in all control frameworks. He discusses the challenges of scaling OT compared to IT and the need for consolidation in the market. Ted concludes by emphasizing the power of saying no and focusing on specific goals. In this conversation, Ted Gutierrez discusses his concerns and excitement for the future of cybersecurity. He expresses concern about the global state of conflict and its impact on cybersecurity. He also discusses the balance between order and freedom in the cyber industry. On the positive side, Gutierrez is excited about the increasing focus on the business side of cybersecurity and the growing understanding of cyber as a business problem. He emphasizes the importance of non-technical leaders understanding cybersecurity. Overall, Gutierrez is confident in the people working to protect the globe.

About Ted Gutierrez

Ted Gutierrez is the CEO and Co-Founder of SecurityGate, the provider of the leading SaaS Platform for OT cyber improvement. He is dedicated to protecting what matters across operational sectors and aligning industrial cyber teams on their cyber improvement journey. With an extensive background as a compliance and risk auditor for critical infrastructure, he understands the pain associated with effectively maturing organizational resilience in a decentralized ecosystem. A United States Military Academy graduate at West Point and a veteran of the US Army as a reconnaissance and surveillance expert.

Takeaways

• Common language and frameworks are crucial for bridging the gap between IT and OT in implementing cybersecurity solutions.
• Asset owners should start slow and focus on key controls rather than aiming for maturity level 5 in all control frameworks.
• The challenges of scaling OT compared to IT require a shift in perspective and planning.
• Consolidation in the market is needed to address the challenges and inflated expectations in the cybersecurity industry.
• The power of saying no and focusing on specific goals is essential for success in implementing cybersecurity solutions. Global conflict can have an impact on cybersecurity, but it is important to consider the balance between order and freedom in the industry.
• The focus on the business side of cybersecurity is increasing, and non-technical leaders are starting to understand its importance.
• Cybersecurity is now seen as a business problem and is being discussed in boardrooms.
• The cybersecurity community is filled with dedicated and passionate individuals who are working to protect the globe.

Hosted by: Aaron Crow

Guest: Ted Gutierrez

Connect with Ted Gutierrez:

• Website: https://securitygate.io
• LinkedIn: https://www.linkedin.com/in/tedgutierrez/

Connect with Aaron Crow:

• Website: www.corvosec.com
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected]
• Website: https://www.protectitall.co
• X: https://twitter.com/protectitall
• YouTube: https://www.youtube.com/@PrOTectITAll
• FaceBook: https://facebook.com/protectitallpodcast

To be a guest, or suggest a guest/episode please email us at [email protected]

—

Show notes by NMP.

Audio production by NMP. We hear you loud and clear.

Sevak Avakians, CEO of Intelligent Artifacts, discusses the limitations of neural networks and the need for a new approach to artificial intelligence. He introduces Gaius, a platform that replaces underlying neural networks with a transparent and explainable technology. Avakians highlights the challenges of regulating AI and emphasizes the importance of deterministic systems in critical industries. He also discusses the potential applications of AI in cybersecurity and the need for human involvement in AI decision-making. Looking ahead, Avakians is excited about the possibilities of AI but also acknowledges the concerns and risks associated with its implementation. The conversation explores the concerns and potential risks associated with autonomous aircraft and the use of AI and ML in safety-critical systems. Adversarial attacks are discussed as a potential threat, highlighting the need for robust safety regulations. The application of safety standards, such as the DO178C standard, to AI and ML technologies is proposed as a solution. On the positive side, AI is seen as a tool to enhance human capabilities and improve efficiency. The importance of training and wargaming exercises using AI is emphasized. The conversation concludes by discussing the balance between the risks and benefits of AI and providing information on how to learn more about AI.

About Sevak Avakians

As the founder and CEO of Intelligent Artifacts, Inc., Sevak Avakians has been leading
the development and commercialization of a groundbreaking information processing and
AI/ML/R framework, GAIuS, since 2008. GAIuS is a deterministic, fully explainable, and
use-case agnostic symbolic connectionist AI solution that can be applied to mission and
safety-critical domains, such as defense, aerospace, healthcare, and law enforcement.

With a background in physics, telecommunications, information theory, cybersecurity,
and artificial intelligence, Sevak has a unique and comprehensive understanding of the
challenges and opportunities in the field of cognitive computing. He is passionate about
creating AI solutions that can act, interact, and adapt as information, goals, and
requirements evolve while providing full transparency and accountability for their
decisions and actions. Sevak's vision is to empower developers, customers, and end-
users with the ability to create, deploy, and maintain machine intelligence with ease,
efficiency, and confidence.

In 2010, Sevak founded Intelligent Artifacts initially as an R&D and consulting service for
cognitive computing. Over the years, he built the GAIuS Cognitive Computing Platform
as a commercial product launched in 2016. GAIuS Cognitive Computing Platform, allows
developers to rapidly create, test, deploy, and maintain machine intelligence, learning,
classification, predictions, analytics, etc. into their products.

In 2020, the team at Intelligent Artifacts built a reasoning engine into GAIuS, creating the
very first modular, repeatable, use-case agnostic, complete, Artificial Intelligence /
Machine Learning / Reasoning (AI/ML/R) platform that adheres to ExCITE AI principles.

GAIuS handles all the complexity of machine intelligence in 4 API calls. GAIuS agents
can be made and deployed in less than 3 minutes. Developers copy-and-paste a GAIuS
agent’s API URL into their application. GAIuS agents have DNA and evolve within their
environment, eliminating many of the hurdles to achieving true machine intelligence.

More About The Episode

Hosted by: Aaron Crow

Guest: Sevak Avakians

Connect with Sevak Avakians:

• Website: https://intelligent-artifacts.com
• LinkedIn: https://www.linkedin.com/in/avakians/

Connect with Aaron Crow:

• Website: www.corvosec.com
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected]
• Website: https://www.protectitall.co
• X: https://twitter.com/protectitall
• YouTube: https://www.youtube.com/@PrOTectITAll
• FaceBook: https://facebook.com/protectitallpodcast

To be a guest, or suggest a guest/episode please email us at [email protected]

—

Show notes by NMP.

Audio production by NMP. We hear you loud and clear.