Exploring the OT Landscape: Insights from Building Management with Kyle Peters
02/12/24 • 58 min
Kyle Peters is a recovering building automation and HVAC technician and programmer who was drawn to the dark side of cybersecurity and never looked back. Today he is the senior consultant for OT Cybersecurity, focusing on building automation systems at Intelligent Buildings. If you’d like to geek out on such things, reach out to Kyle via LinkedIn or email [email protected].
In this conversation, Kyle discusses the world of building management systems and the importance of cybersecurity in this field. He highlights the diversity of building systems and the interconnectedness of various components. The conversation emphasizes the need for a risk-based approach to security and the importance of policies and standards. Kyle also emphasizes the value of understanding the system and planning ahead to mitigate risks. The conversation concludes with a discussion on securing remote access and implementing segmentation. The conversation explores the lack of cybersecurity preparedness in organizations, the need to translate cybersecurity risks to business risks, the likelihood of attacks and targeting, the challenge of selling likely risks, exciting technological advances in cybersecurity, concerns about AI and rapid technological changes, and closing thoughts and a call to action.
Takeaways
Building management systems encompass a wide range of components, including HVAC systems, fire alarms, and lighting.
A risk-based approach to security is crucial in building management, considering the diverse systems and potential vulnerabilities.
Policies and standards play a significant role in ensuring the security and reliability of building management systems.
Simple solutions, such as proper cable management and backup plans, can greatly enhance the security and availability of building systems.
Understanding the system and planning ahead are essential for effective risk mitigation in building management.
Securing remote access and implementing segmentation are key measures to protect building management systems from cyber threats. Many organizations are not adequately prepared for cybersecurity threats, either due to limited budgets or lack of expertise.
It is important to translate cybersecurity risks into business risks to help organizations understand the potential impact on their operations.
Cyber attacks can come from various sources, including nation-state actors, but also from simple human errors or system failures.
Selling the importance of cybersecurity can be challenging, as the most likely risks may not be as sensational as nation-state attacks.
Exciting technological advances in cybersecurity are on the horizon, but they also bring concerns about the potential risks and implications of AI and rapid technological changes.
—
Connect with Kyle:
Connect with Aaron Crow:
- Website: www.corvosec.com
- LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about PrOTect IT All:
- Email: [email protected]
- Website: www.protectitall.co
- X: https://twitter.com/protectitall
- YouTube: https://www.youtube.com/@PrOTectITAll
- FaceBook: https://facebook.com/protectitallpodcast
To be a guest, or suggest a guest/episode please email us at [email protected]
—
Show notes by NMP.
Audio production by NMP. We hear you loud and clear.
Kyle Peters is a recovering building automation and HVAC technician and programmer who was drawn to the dark side of cybersecurity and never looked back. Today he is the senior consultant for OT Cybersecurity, focusing on building automation systems at Intelligent Buildings. If you’d like to geek out on such things, reach out to Kyle via LinkedIn or email [email protected].
In this conversation, Kyle discusses the world of building management systems and the importance of cybersecurity in this field. He highlights the diversity of building systems and the interconnectedness of various components. The conversation emphasizes the need for a risk-based approach to security and the importance of policies and standards. Kyle also emphasizes the value of understanding the system and planning ahead to mitigate risks. The conversation concludes with a discussion on securing remote access and implementing segmentation. The conversation explores the lack of cybersecurity preparedness in organizations, the need to translate cybersecurity risks to business risks, the likelihood of attacks and targeting, the challenge of selling likely risks, exciting technological advances in cybersecurity, concerns about AI and rapid technological changes, and closing thoughts and a call to action.
Takeaways
Building management systems encompass a wide range of components, including HVAC systems, fire alarms, and lighting.
A risk-based approach to security is crucial in building management, considering the diverse systems and potential vulnerabilities.
Policies and standards play a significant role in ensuring the security and reliability of building management systems.
Simple solutions, such as proper cable management and backup plans, can greatly enhance the security and availability of building systems.
Understanding the system and planning ahead are essential for effective risk mitigation in building management.
Securing remote access and implementing segmentation are key measures to protect building management systems from cyber threats. Many organizations are not adequately prepared for cybersecurity threats, either due to limited budgets or lack of expertise.
It is important to translate cybersecurity risks into business risks to help organizations understand the potential impact on their operations.
Cyber attacks can come from various sources, including nation-state actors, but also from simple human errors or system failures.
Selling the importance of cybersecurity can be challenging, as the most likely risks may not be as sensational as nation-state attacks.
Exciting technological advances in cybersecurity are on the horizon, but they also bring concerns about the potential risks and implications of AI and rapid technological changes.
—
Connect with Kyle:
Connect with Aaron Crow:
- Website: www.corvosec.com
- LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about PrOTect IT All:
- Email: [email protected]
- Website: www.protectitall.co
- X: https://twitter.com/protectitall
- YouTube: https://www.youtube.com/@PrOTectITAll
- FaceBook: https://facebook.com/protectitallpodcast
To be a guest, or suggest a guest/episode please email us at [email protected]
—
Show notes by NMP.
Audio production by NMP. We hear you loud and clear.
Previous Episode
Bridging the Gap: OT Cybersecurity in the Evolving Landscape of Industry and Recruitment
With a focus on the OT Cyber Security recruitment space James is the Talent Solutions Director at NDK Cyber. NDK Cyber work with high-growth businesses in the USA, UK & EMEA to provide completely tailored cybersecurity talent attraction solutions. Specialising in long-term talent acquisition and strategy, we have mastered a blend of data insights, the latest technology and our own personal network mastered over 20+ years to build 100s of cybersecurity teams across the globe.
Summary
Hosted by: Aaron Crow
Guest: James Morris, Director, Talent Solutions at NDK Cyber
In this conversation, Aaron Crow and James Morris discuss the transition happening in the field of OT security, with a growing need for dedicated OT security engineers and teams. They explore the challenges of budgeting for OT security and the importance of building trust and collaboration between IT and OT departments. They also emphasize the value of cross-disciplinary skills and the need for apprenticeships and on-the-job training to address the skills gap in OT security. The conversation highlights the importance of translating cybersecurity into business risk and the role of education and community in promoting OT security. The conversation covers various topics related to job descriptions, hiring challenges, helping people enter the OT space, companies being more open to training and transferable skills, excitement for the future of OT security, concerns about AI and ML in cybersecurity, and the importance of OT security in uncertain times.
Takeaways
- There is a growing need for dedicated OT security engineers and teams.
- Building trust and collaboration between IT and OT departments is crucial for effective OT security.
- Cross-disciplinary skills and apprenticeships can help address the skills gap in OT security.
- Translating cybersecurity into business risk is essential for gaining budget and buy-in for OT security initiatives. Job descriptions should be written in a way that encourages more people to apply, focusing on transferable skills and being more inclusive.
- Companies should be open to training and developing employees who have the desire and raw skills needed for the job.
- The OT security space is growing rapidly, and there are opportunities for individuals to enter the field and for companies to hire the right talent.
- There is excitement about the future of OT security, but concerns exist about the potential risks associated with AI and ML in cybersecurity.
- In uncertain times, it is crucial for companies to prioritize OT security and not cut back on investments in this area.
—
Connect with James:
- Website: https://www.ndkcyber.com/
- LinkedIn: https://www.linkedin.com/in/lets-talk-cyber-talent/
Connect with Aaron Crow:
- Website: www.corvosec.com
- LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about PrOTect IT All:
- Email: [email protected]
- Website: www.protectitall.co
- X: https://twitter.com/protectitall
- YouTube: https://www.youtube.com/@PrOTectITAll
- FaceBook: https://facebook.com/protectitallpodcast
To be a guest, or suggest a guest/episode please email us at [email protected]
—
Show notes by NMP.
Audio production by NMP. We hear you loud and clear.
Next Episode
Harnessing AI in Cybersecurity: Revolutionizing OT Protection
Hosted by: Aaron Crow
Guest: Clint Bodungen
Clint Bodungen is a globally recognized cybersecurity professional and thought leader with 25+ years of experience (focusing primarily on industrial cybersecurity, red teaming, and risk assessment). He is the author of two books, "Hacking Exposed: Industrial Control Systems" and “ChatGPT for Cybersecurity Cookbook. Clint is a United States Air Force veteran and has worked for notable cybersecurity firms like Symantec, Booz Allen Hamilton, and Kaspersky Lab, and is currently the co-founder and CEO of a cybersecurity training startup, ThreatGEN. Renowned for his creative approach to cybersecurity education and training, he has been at the forefront of integrating gamification and AI applications into cybersecurity training, creating his flagship product, “ThreatGEN® Red vs. Blue”, the world's first online multiplayer computer designed to teach real-world cybersecurity. His latest innovation is AutoTableTop, which uses the latest generative AI technology to automate, simplify, and revolution IR tabletop exercises. As AI technology continues to evolve, so too does his pursuit to help revolutionize the cybersecurity industry using generative AI and large language models (LLM).
Summary
In this conversation, Clint and Aaron discuss the value of tabletop exercises in cybersecurity and the development of auto tabletop, an AI-based tool for facilitating incident response tabletop exercises. They highlight the limitations of traditional tabletops and the benefits of using AI to enhance engagement and flexibility. They address concerns about AI in cybersecurity, such as data privacy and security, and emphasize the use of local language models to mitigate risks. They also discuss the future of AI in the industry and the workforce, emphasizing the importance of learning generative AI and prompt engineering for future job prospects. In this conversation, Clint discusses the automation of tasks using AI and the benefits of using AI as a tool to enhance human creativity. He also explores the future of AI and its potential for accelerating technological advancement. Clint acknowledges the concerns about the potential misuse of AI but emphasizes the importance of using it for good. He highlights the role of AI in reducing barriers to innovation and its significance in cybersecurity. Overall, the conversation highlights the transformative power of AI and its impact on various industries.
Takeaways
- Tabletop exercises are important for testing incident response plans and should be conducted regularly for maximum effectiveness.
- AI-based tabletop exercises, such as auto tabletop, offer increased engagement and flexibility compared to traditional tabletops.
- Concerns about data privacy and security can be addressed by using local language models and fine-tuning models for specific tasks.
- AI has the potential to enhance productivity and efficiency in the industry, but proper understanding and implementation are crucial.
- Learning generative AI and prompt engineering can increase job prospects in the future. AI can automate menial tasks, allowing humans to focus on more valuable work.
- AI has the potential to enhance human creativity and accelerate technological advancement.
- The responsible use of AI is crucial to prevent misuse and ensure positive outcomes.
- AI can reduce barriers to innovation and empower individuals to bring their ideas to life.
Connect with Clint Bodungen:
- Website: https://threatgen.com/
- LinkedIn: https://www.linkedin.com/in/clintb/
Connect with Aaron Crow:
- Website: www.corvosec.com
- LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about PrOTect IT All:
- Email: [email protected]
- Website: https://www.protectitall.co
- X: https://twitter.com/protectitall
- YouTube: https://www.youtube.com/@PrOTectITAll
- FaceBook: https://facebook.com/protectitallpodcast
To be a guest, or suggest a guest/episode please email us at [email protected]
—
Show notes by NMP.
Audio production by NMP. We hear you loud and clear.
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/protect-it-all-304111/exploring-the-ot-landscape-insights-from-building-management-with-kyle-44774198"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to exploring the ot landscape: insights from building management with kyle peters on goodpods" style="width: 225px" /> </a>
Copy