Selecting and managing ICS/OT cybersecurity vendors and integrators isn’t just a procurement step - it’s a strategic decision that shapes resilience, compliance, and long-term security outcomes. The best approach depends on organization size, resources, and security objectives.

In this episode, Don and Tom are joined by Saltanat Mashirova, OT Cybersecurity Lead at CPX and OTCEP member with the Cyber Security Agency of Singapore. Salt brings deep global expertise across cybersecurity risk assessments (csHAZOP), ISA/IEC 62443 compliance, OT/ICS product development, governance, training, and the integration of both brownfield and greenfield assets.

They’ll also dive into how these challenges play out in industries like oil & gas, mining, energy, manufacturing, and more - where vendor and integrator choices can directly impact both safety and business outcomes.

Salt shares her perspective as an industry-recognized leader, speaker, and award-winner (Top 40 Under 40 in Cybersecurity, SC Media “Women to Watch,” and more), with experience guiding global projects and engaging with everyone from engineers to CEOs.

📢 This is a rare opportunity to hear practical insights on navigating the evolving vendor and integrator landscape in ICS/OT cybersecurity.

👉 Tune in to hear Salt’s perspective and learn how organizations can align security objectives with the right vendor and integrator partnerships.

Connect with Salt on LinkedIn: https://www.linkedin.com/in/saltanat-mashirova-b88bba193

Publications:
Co-Author of Framework in Disaster Recovery “An Approach to Disaster Recover in OT,” links (whitepaper is coming up soon):
https://www.youtube.com/watch?v=zjwUwGa3rLw&t=135s
https://www.controlglobal.com/show-coverage/honeywell-users-group/article/55232981/preparedness-smooths-cyber-recovery
https://www.youtube.com/watch?v=ATx7cYaX6BY

Cyber-Physical Risk Assessment:
https://www.hydrocarbonengineering.com/magazine/hydrocarbon-engineering/april-2024/
https://www.youtube.com/watch?v=dsOwAX5cc_c

👉 Subscribe to Simply ICS Cyber for more expert-driven conversations on ICS/OT security, critical infrastructure protection, and emerging cyber threats.

Connect with your hosts on LinkedIn:
- Don https://linkedin.com/in/cutaway
- Tom https://linkedin.com/in/thomasvannorman

Learn about ICS Village: https://www.linkedin.com/company/icsvillage
=========================
Simply Cyber empowers people who want a rewarding cybersecurity career
=========================
Presented by Simply Cyber Media Group
=========================
All the ways to connect with Simply Cyber
https://SimplyCyber.io/Socials

In this episode, Scott Cargill, Partner of BW Design Group, joins Craig and Dino. Together they dissect the critical vulnerability gap in data center operational technology infrastructure.

While most data centers implement robust IT security protocols, their building management systems controlling cooling, power distribution, and environmental controls remain significantly under-protected.

Cargill provides technical analysis of how the rapid expansion of data center capacity for AI workloads has outpaced OT security implementation, creating exploitable attack vectors where minutes of system compromise could cascade into millions in equipment damage and service disruption.

Through evidence-based examination and industry insights, this episode offers CISOs and OT security professionals a practical framework for addressing the IT-OT security convergence challenge in mission-critical facilities.

They offer actionable strategies for vulnerability assessment, segmentation, and defense-in-depth implementation.

- 00:00:00 - Meet Scott Cargill of BW Design Group

- 00:02:30 - Data centers expanding for AI

- 00:04:40 - Critical BMS vulnerabilities being ignored

- 00:07:40 - Alarming OT security reality

- 00:09:40 - Why OT security remains deprioritized

- 00:12:10 - IT-OT security convergence challenges persist

- 00:16:35 - Manufacturing parallels to data centers

- 00:20:10 - Security solutions evolution underway

- 00:21:45 - Managed services necessity for OT

- 00:24:42 - Thought leadership driving industry standards

• Want to Sponsor an episode or be a Guest? Reach out here.
• Industrial Cybersecurity Insider on LinkedIn
• Cybersecurity & Digital Safety on LinkedIn
• BW Design Group Cybersecurity
• Scott Cargill on LinkedIn
• Dino Busalachi on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

OT cybersecurity isn’t about installing more firewalls - it’s about adapting your entire mindset.

In this episode of Protect It All, host Aaron Crow breaks down why IT security tools often fall short in industrial environments and what it really takes to protect operational systems. Drawing from 25+ years of hands-on experience, Aaron explores the differences between IT and OT priorities, why “silver bullet” solutions don’t exist, and how to build defense-in-depth strategies that actually work on the plant floor.

You’ll discover:

• Why IT tools struggle in OT environments - and where they can help.
  
  
• How to balance availability, safety, and security in critical systems.
  
  
• Practical ways to manage legacy hardware, vendor dependencies, and remote access.
  
  
• The key to uniting IT and OT teams for stronger resilience.
  
  

If you’re navigating the evolving world of industrial cybersecurity, this episode will change how you think about tools, processes, and protection.

Tune in to learn how to bridge the IT–OT divide and build a smarter, safer security culture.

Key Moments:

03:31 "Adapting IT Products for OT Use"

08:53 IT and OT Crossover Tools

11:05 Balancing OT Risk in Cybersecurity

13:37 Cybersecurity and Remote Secure Access

18:25 Designing Resilient, Independent Systems

21:40 Unified Cybersecurity Through Training & Collaboration

24:24 "IT and OT Integration Challenges"

Connect With Aaron Crow:

• Website: www.corvosec.com
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co
• Website: https://protectitall.co/
• X: https://twitter.com/protectitall
• YouTube: https://www.youtube.com/@PrOTectITAll
• FaceBook: https://facebook.com/protectitallpodcast

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

חדשנות בסייבר היא צורך קיומי, קצב השינוי בראיית התוקפים ומשטחי תקיפה חדשים שנוצרים חדשות לבקרים לא מאפשרים לצוותי ההגנה לנוח על זרי הדפנה

מרבית צוותי הסייבר בחברות עסוקים במימושים של הגנות ולעיתים קרובות נותנים היום מענה לאתמול ופחות למחר. הצורך בצוות שיבצע חשיבה ובדיקות לאיומי המחר ומציאת פתרונות טכנולוגים הפך לכורח המציאות

נחשון פינקו מארח את אופיר אורן ראש יחידת החדשנות בסייבר והיי איי בחברת באייר העולמית בשיחה על חדשנות בסייבר, הקמת מעבדת הסייבר לסביבות תפעוליות לצורך ביצוע מחקרים ובדיקות ומה מחכה לנו מעבר לפינה בתחום ההיי איי, מחשוב קוונטי ושלל נושאים נוספים

Cyber innovation is an existential necessity; the pace of change in attackers' vision and the new attack surfaces that are constantly being created do not allow defense teams to rest on their laurels. Most cyber teams in companies are busy implementing defenses and often provide a solution for yesterday, but not for tomorrow. The need for a team that thinks and tests tomorrow's threats and finds technological solutions has become a necessity

Nachshon Pincu hosts Ophir Oren, Head of the Cyber and AI Innovation squad at Bayer Global, in a conversation about cyber innovation, the establishment of the Cyber Lab for OT for conducting research and testing, and what awaits us around the corner in the AI field, quantum computing, among other topics

Industrial environments are complex. Aging systems, distributed plants, and a crowded vendor landscape make “buy another tool” a tempting but often costly reflex.

In this episode, Dino Busalachi talks with Danielle “DJ” Jablanski, about moving from paper programs to measurable progress in OT security. They address why competence and capacity must come before capabilities, how to right-size your technology stack through tool rationalization, and why interdependence mapping is foundational for real resilience.

• 00:00:00 – Why OT maturity often stalls
• 00:06:00 – Where to focus first: assets, segmentation, and access
• 00:08:20 – Governance gaps: frameworks on paper vs. controls in practice
• 00:10:10 – Interdependence mapping beyond "crown jewels"
• 00:12:30 – Operators as first responders and safe-state realities
• 00:16:15 – Vendor and OEM ecosystems: who owns the response plan?
• 00:20:10 – Threat intel's limits: effects‑based security over means‑based noise
• 00:22:00 – Incident readiness in plants: plans, practice, and ownership
• 00:26:00 – Supply chain fragility and concentration risk in manufacturing
• 00:29:30 – Tool rationalization: measuring ROI, coverage, and usability

Links And Resources:

• Want to Sponsor an episode or be a Guest? Reach out here.
• DJ's Blog on Interdependence Mapping: https://claroty.com/blog
• Danielle Jablanski on LinkedIn
• Industrial Cybersecurity Insider on LinkedIn
• Cybersecurity & Digital Safety on LinkedIn
• BW Design Group Cybersecurity
• Dino Busalachi on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

Retired four-star U.S. Navy Admiral Michael S. Rogers joins the Nexus Podcast for a wide-ranging discussion on deterrence in cyberspace and an examination of adversarial tactics and strategies.

Adm. Rogers explains that deterrence relies on having the will to employ tactics that will reshape the choices adversaries are making in the targeting of U.S. critical infrastructure.

Adm. Rogers also touches on Congress' failure to re-authorize the Cybersecurity Information Sharing Act (CISA 15) and what it means for defenders as the reauthorization deadline passes, and the resource challenges affecting adequate protection of critical infrastructure.

Listen and subscribe to the Nexus Podcast.