Greg Garcia, Executive Director of the Health Sector Coordinating Council Cybersecurity Working Group, joins the Nexus Podcast to discuss the recent publication of the working group’s Sector Mapping and Risk Toolkit.

The SMART toolkit is a methodology that helps healthcare providers visualize key services that support workflows in the industry and is also used to measure risk appropriately for each of those services.

Listen and subscribe to the Nexus Podcast.

Get the SMART Toolkit here.

As OT environments face rising geopolitical tensions, ransomware threats, and aging infrastructure, vulnerability management has never been more complex. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Stuxnet expert Ralph Langner, Founder and CEO of Langner, Inc.

Ralph shares from his decades of firsthand experience defending industrial control systems and explains why traditional CVE-focused vulnerability management falls short in OT. He breaks down the three major categories of OT vulnerabilities—design flaws, feature abuse, and configuration errors—and reveals why competent attackers often ignore CVEs entirely. Joe highlights how memory-based vulnerabilities continue to threaten critical systems and why eliminating entire vulnerability classes can create an asymmetric advantage for defenders.

Together, Ralph and Joe explore:

• Why most OT equipment remains insecure by design and why replacement will take decades
• How features, not bugs, often become the real attack vector
• The growing role of ransomware and IT-side weaknesses in OT compromises
• Practical steps OT defenders can take today to incrementally improve resilience
• The value of class-level protections, better architectures, and secure development processes

Whether you secure energy infrastructure, manufacturing systems, or mixed IT/OT networks, this episode delivers experience-driven guidance for strengthening cyber-physical resilience.

In this episode of ICS Arabia, we sit down with Mike Holcomb, Mike breaks down what Remote Mode really means for PLC security and explains why monitoring PLC mode changes is one of the most overlooked—but critical—aspects of protecting industrial systems.

עֲקַבְיָא בֶּן מַהֲלַלְאֵל אוֹמֵר, הִסְתַּכֵּל בִּשְׁלֹשָׁה דְּבָרִים וְאֵין אַתָּה בָּא לִידֵי עֲבֵרָה. דַּע מֵאַיִן בָּאתָ וּלְאָן אַתָּה הוֹלֵךְ וְלִפְנֵי מִי אַתָּה עָתִיד לִתֵּן דִּין וְחֶשְׁבּוֹן.“

(משנה, מסכת אבות – פרק ג, משנה א)

ללא הידיעה אין אפשרות לנהל סיכונים, עצם הידיעה נותנת את האפשרות לקבל החלטות מושכלות החל מהעובד הזוטר ועד ההנהלה והדירקטוריון

נחשון פינקו מארח את אסף טורנר מיסד ומנכ"ל מאיה סייבר סקיורטי לשעבר ראש יחידת הסייבר המגזרי במשרד האנרגיה והתשתיות הלאומיות בשיחה על החובה של כול ארגון לבצע סקר סיכונים וסיכוני סייבר בפרט, הצורך בגיבוש שפת סייבר אחידה בין החברה, ספקים ויצרנים והרגולטור והאקו סיסטם האנרגטי

מה חשיבות סקר סיכוני הסייבר לארגון

קביעת רמות הגנת סייבר לפי חשיבות אזורים ורמות סיכון

חשיבות ביצוע סקר נכסים עם או בלי סקר סיכוני סייבר

הבחור החדש בשכונה ההיי.איי

תיקון 13 וחוק הגנת הפרטיות

ועוד

"Akavya ben Mahalalel says, "Look at three things, and you will not come to sin. Know from where you came and where you are going, and before whom you are destined to give account." (Mishnah, Ethics of the Fathers – Chapter 3, Mishnah 1)

Without knowledge, it is impossible to manage risks; the very act of knowing enables informed decision-making from the lowest employee to management and the board of directors

Nachshon Pincu hosts J. Asaf Turner, Founder & CEO of Maya Cyber Security and former head of the Cyber Sector Unit at the Ministry of Energy and National Infrastructure, in a discussion about the obligation of every organization to conduct a risk assessment, particularly regarding cyber risks. They emphasize the need to establish a unified cybersecurity language among the company, suppliers, manufacturers, regulators, and the energy ecosystem

The importance of a cybersecurity risk assessment for an organization lies in establishing cybersecurity protection levels based on the significance of areas and associated risk levels

The importance of conducting an asset assessment with or without a cybersecurity risk assessment

The newcomer in the AI sector

Amendment 13 and the Privacy Protection Law

And more

In this episode of Simply ICS Cyber, Don and Tom welcome Sam Blaney, retired Chief Warrant Officer (CW3) from the Georgia National Guard and current cybersecurity professor at the University of North Georgia.

Sam shares insights from his career building and leading Cyber Protection Team 170, his transition into teaching, and his continued work helping state and local governments strengthen cybersecurity.

The conversation digs into Sam’s recent experience coaching students at the Department of Energy CyberForce Competition, where the University of North Georgia team defended a simulated offshore drilling platform with both IT and OT components.

Sam discusses what made the event realistic, how students approached identity and access management, OT network analysis, and what they learned about preparation, tooling, and industrial control system challenges.

The group also explores:

- Effective defense preparation for cyber competitions
- Building and tuning SIEM tools for constrained environments
- The value of exercises like CCDC and CyberShield
- How multidisciplinary tabletops improve communication across organizations
- The increasing role of AI in attack and defense, including the Anthropic AI-assisted malware research
- Concerns about AI-driven automation, skill multiplier effects, and the importance of understanding fundamentals

Resources:

Sam Blaney: https://www.linkedin.com/in/samblaney65/
University of North Georgia: https://ung.edu/DOE
CyberForce Program: https://cyberforce.energy.gov/
US CyberCom: https://www.cybercom.mil/
National Guard Cyber Defense Team: https://www.nationalguard.mil/Portals/31/Resources/Fact%20Sheets/Cyber%20Defense%20Team%202022.pdf
National Guard CyberShield: https://www.dvidshub.net/feature/CyberShield25
Anthropic Malware Write-up: https://www.anthropic.com/news/disrupting-AI-espionage

=========================
👉 Subscribe to Simply ICS Cyber for more expert-driven conversations on ICS/OT security, critical infrastructure protection, and emerging cyber threats.

Connect with your hosts on LinkedIn:
- Don https://linkedin.com/in/cutaway
- Tom https://linkedin.com/in/thomasvannorman

Learn about ICS Village: https://www.linkedin.com/company/icsvillage
=========================
Simply Cyber empowers people who want a rewarding cybersecurity career
=========================
Presented by Simply Cyber Media Group
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials

In this episode of ICS Arabia Podcast, I sit down with Dr. Haitham Rashwan, Field CTO at Dell, to discuss his journey from Electrical Engineering to Cybersecurity, his experience as a pen tester at IBM, SecureWorks, and Dell, and his insights on OT SOCs, AI in security, pen testing, and the cybersecurity market. We also debunk the air gap myth and explore how to build a strong cybersecurity program.

What happens when critical third-party services go down? What do your vendors actually owe you when that happens? Are new regulations going to make a difference? Let's find out with our guest Dan Bowdan, Global Business CISO with Marsh McLennan. Your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

"Cyber Incident Reporting for Critical Infrastructure Act” (CIRCIA) episodes:

https://cr-map.com/podcast/161

https://cr-map.com/podcast/162/

في هذه الحلقة المميزة من ICS Arabia نستضيف المهندس عبدالرحمن الصفّح، أحد أبرز المتخصصين في أمن الأنظمة الصناعية، ليشاركنا مسيرته المهنية الغنية وتجربته الطويلة في مجال OT Security.

يأخذنا ضيفنا في جولة عبر محطات مشواره، من البدايات الأولى وحتى توليه مهام متقدمة في حماية الأنظمة الصناعية، موضحًا كيف تطوّر المجال وما المهارات التي يحتاجها المهندس الراغب في خوض هذا التخصص.

كما يناقش المهندس عبدالرحمن أهم التحديات التي تواجه المؤسسات اليوم، مثل تعقيد بيئات ICS، نقص الكفاءات المتخصصة، متطلبات الامتثال المتزايدة، وضغط التحول الرقمي على الأنظمة التشغيلية. ويقدّم نصائح عملية من واقع خبرته للمهنيين والمهندسين الراغبين في التميز في هذا المجال.