Artificial intelligence is moving faster than the policies, security controls, and acquisition processes designed to govern it—especially in national security environments where preventing failure is mission-critical.

In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by Nicolas Chaillan, the host of In the Nic of Time and Former DAF CSO, to examine a central question: how do you build trust in systems that operate, adapt, and make decisions at machine speed?

Drawing on his experience deploying DevSecOps across the Department of Defense and building large-scale AI platforms, Chaillan offers a direct perspective on what’s working, what isn’t, and where organizations are falling behind.

Together, they explore:

• Why multi-model AI strategies are critical to avoid lock-in and improve outcomes
• How AI is accelerating software development, testing, and security workflows
• Where policy and governance are lagging behind technical reality
• The risks of restricting access to critical AI capabilities
• What zero trust looks like in systems driven by automation and AI

From defense systems to software pipelines, this episode examines what it takes to move fast without losing control—and what leaders need to understand as AI becomes embedded across the mission stack.

In this episode of Energy Talks, host **Simon Rommer **speaks with his colleague Jaron Stammler, OT Cybersecurity Consultant at OMICRON, about how OT cybersecurity risk assessments are conducted in the power industry. Drawing from current experiences in substations and battery energy storage systems (BESS), they walk through how assessments are initiated, structured, and executed in practice.

The discussion also highlights the gap between theory and reality, especially when assessments are performed late in project lifecycles due to regulatory or project constraints. Jaron explains the fundamentals of the IEC 62443-3-2 risk assessment process, including system scoping, risk identification, and zone and conduit modeling, while also addressing common challenges such as missing documentation and limited stakeholder availability.

Simon and Jaron also emphasize how cybersecurity is an ongoing process and that effective assessments provide actionable insights, prioritized risks, and practical mitigation strategies tailored to each project.

Get more information about security risk assessments at OMICRON .

We would really like to know what you think about Energy Talks and which topics you would like to hear more about. To do this, simply send us an email to podcast@omicronenergy.com and be sure to give us a star review on Spotify or Apple Podcast. Thanks for your feedback!

Please join us to listen to the next episode of Energy Talks 🎙️

A real-world case study shows how a single phishing email led to credential and MFA compromise, creating an urgent question for any industrial organization: Did the attacker reach the OT environment?

Dino and Jim walk through how OT visibility, secure remote access controls, and continuous monitoring enabled rapid validation of what happened. They were able to prove the breach did not impact control systems and avoid an expensive, safety-driven shutdown of a continuous manufacturing process.

The episode connects technical controls to executive outcomes, including resilience, duty of care, and the financial reality that “not knowing” can be as costly as an actual compromise.

Chapters:

• (00:00:00) Why continuous manufacturing makes “abundance of caution” shutdowns so costly
• (00:01:00) What “OT continuous monitoring” means and why it matters in real incidents
• (00:03:00) Safety and connected environments: why “it can go boom” changes the stakes
• (00:05:00) Baselines: defining “normal” so abnormal behavior is actionable
• (00:07:00) Incident story: phishing email leads to credential and MFA compromise
• (00:09:00) What the team validated: tracing access and confirming OT was not impacted
• (00:10:00) Lessons from Colonial Pipeline: inability to validate can force shutdowns
• (00:11:00) OT reality check: Windows assets, HMIs, historians, and engineering workstations
• (00:13:00) Secure OT remote access: why VPN-only access is not sufficient
• (00:16:00) The payoff: avoided downtime, avoided product loss, and avoided disruption
• (00:19:00) Executive view: duty of care, liability, compliance, and protecting enterprise value
• (00:23:00) The “air gap” myth and why defense-in-depth is the only practical path

Links And Resources:

• Want to Sponsor an episode or be a Guest? Reach out here.
• Industrial Cybersecurity Insider on LinkedIn
• Cybersecurity & Digital Safety on LinkedIn
• BW Design Group Cybersecurity
• Dino Busalachi on LinkedIn
• Craig Duckworth on LinkedIn

Thanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!

In this edition of DTV, ARC vice president of research Larry O'Brien talks to NetFoundry founder and CEO Galeal Zino about the challenges facing end users when it comes to OT cybersecurity in the age of AI and digitalization. NetFoundry was created to address fundamental weaknesses in traditional networking and cybersecurity. We discuss how traditional networking is not designed for today’s digital transformation requirements. Complexity created by layered security tools increases risk and reduces reliability. NetFoundry replaces IP‑centric networking with cryptographically verifiable identities and policy‑based authorization, aligning networking more closely with zero‑trust principles.

NetFoundry also maintains and actively invests in OpenZiti, its open‑source secure networking platform. The goal is to create a “Linux of secure networking,” supported by a growing global community.

Would you like to be a guest on our growing podcast?

Do you have an intriguing or thought provoking topic you'd like to discuss on our podcast? Please contact Our Producer Tom Cabot at: Tcabot@Arcweb.com

View all the episodes here: https://thedigitaltransformationpodcast.buzzsprout.com

Klaus Mochalski und Sarah Fluchs (admeritia) beleuchten den Cyber Resilience Act. Erfahren Sie, warum der CRA eine historische Schieflage beendet, weshalb Hersteller künftig in der Pflicht sind und wie Betreiber das neue Gesetz als mächtigen Hebel für ihre NIS-2-Compliance nutzen können.

Mehr zum Thema OT Security Made simple findet Ihr auf rhebo.com oder schreibt uns mit Euren Ideen, Fragen oder Gastvorschlägen an podcast@rhebo.com.

Let’s face it, the Purdue model's DMZ is gone. Trevor Dearing, Director of Critical Infrastructure Solutions at Illumio, explains how zero trust, micro-segmentation, and explicit policy are now the only reliable defense for critical infrastructure OT.