In this episode, we dive deep into a critical, long-term threat facing Operational Technology (OT) and railway infrastructure: the "harvest now, decrypt later" strategy. We explore why attackers are actively collecting telemetry histories, failure signatures, and maintenance models today, knowing their engineering value will remain highly strategic a decade from now.

The transition to post-quantum cryptography (PQC) is a looming reality, but as we discuss, it is fundamentally an identity and trust architecture problem rather than just a payload encryption issue. Join us as we unpack the real-world challenges of implementing new NIST-standardized algorithms. We explain why blindly dropping larger cryptographic signatures into legacy field architectures can severely stress constrained links and embedded gateways.

Finally, we reveal why the answer isn't "PQC everywhere, all at once". Listen in to learn why the future of OT security relies on crypto-agility, phased migration, and smart lifecycle design—ensuring that systems evolve without ever jeopardizing safety or availability

Short on time? Join hosts Marcus Webb and Riley Park for a rapid, high-level summary of our deep dive into the escalating threats facing Operational Technology (OT) and enterprise IT.

In this brief episode, we distill the most critical takeaways from the 2025 Verizon Data Breach Investigations Report, examining why stolen credentials and third-party vulnerabilities continue to be the dominant initial access vectors.

We provide a fast-paced overview of the most pressing blind spots in modern infrastructure: non-human and machine identities. With automated systems, devices, and gateways outnumbering human users, managing these digital identities is no longer optional, it's essential.

Finally, Marcus and Riley break down the core principles of implementing Zero Trust in OT environments without disrupting process determinism and safety.Perfect for busy CISOs, security engineers, and plant managers who need the essential operational resilience lessons on the go.

In this episode, we dive deep into the escalating threat landscape facing both enterprise IT and Operational Technology (OT) environments. Drawing from the eye-opening 2025 Verizon Data Breach Investigations Report, we unpack why stolen credentials and third-party vulnerabilities remain the top initial access vectors for ransomware and other devastating attacks.

We move beyond theory to analyze real-world cyber incidents, from disruptive ransomware attacks on healthcare providers like Synnovis in the UK, to coordinated sabotage and malware infections impacting major European railway networks. What happens when critical infrastructure is compromised, and how can organizations prevent a cyber incident from becoming a physical safety hazard?

Join us as we explore practical defense strategies and the concept of operational resilience. We discuss the necessity of adapting Zero Trust architectures—aligned with the NIST SP 800-207 framework—specifically for OT and Cyber-Physical Systems, where process determinism and safety are non-negotiable.

Listeners will also learn why Identity and Access Management (IAM) is the new frontline of cybersecurity. We highlight the often-overlooked challenge of securing machine and non-human identities, which vastly outnumber human users in industrial settings and represent a massive blind spot for many security programs. Finally, we explore cutting-edge solutions for legacy environments, such as crypto-agility through exchangeable smart cards and the secure deployment of the Future Railway Mobile Communication System (FRMCS).

Whether you're a CISO balancing IT/OT convergence, or a security engineer securing complex supply chains, this episode delivers the actionable engineering lessons you need to keep your operations running safely under pressure