You can’t manage risk you can’t measure - or even see.

In this episode of Protect It All, host Aaron Crow sits down with Nicholas Friedman to explore how organizations can move beyond compliance and build real, measurable cybersecurity programs across IT and OT environments.

With experience spanning banking, aerospace, and critical infrastructure, Nicholas shares how risk management principles translate across industries - and why understanding business context is critical to protecting operational systems.

This conversation dives into one of the biggest challenges in OT today: asset visibility and risk quantification. From outdated spreadsheets to modern automation, Aaron and Nicholas break down what it actually takes to understand exposure, justify investment, and communicate risk at the board level.

You’ll learn:

• Why asset inventory is the foundation of OT security
• How to move from compliance checklists to real risk reduction
• The importance of risk quantification for CISOs and executives
• How to communicate cybersecurity in business and financial terms
• The role of automation and knowledge transfer in scaling security programs
• Lessons from banking and aerospace applied to utilities and critical infrastructure

Whether you’re leading a cybersecurity program, managing OT environments, or presenting to the board, this episode delivers practical strategies to align security with business value and measurable outcomes.

Tune in to learn how to turn cybersecurity into a risk-driven, business-aligned strategy - only on Protect It All.

Key Moments:

05:14 Understanding business risk basics

08:40 Building effective OT cybersecurity teams

13:26 Challenges with aging IT and OT systems

14:19 Organizing IT and OT assets

18:31 Understanding OT and IT risks

21:53 Evaluating security risks and priorities

25:31 Improving asset deployment and management

29:14 Evaluating and prioritizing risks

31:12 Shifting focus to success plans

35:59 Selling tech that delivers results

37:22 Hands-on approach to cybersecurity

42:39 Challenges with NERC audit processes

44:47 Balancing compliance and security

49:45 Challenges in power utility operations

51:55 AI, OT, and risk management

56:31 Importance of early compliance planning

About the guest :

Nicholas Friedman is an enterprise risk and governance leader with 25+ years of experience across Fortune 500 companies and government sectors. He specializes in integrated risk management, compliance, and AI governance - helping organizations build scalable frameworks that align security, risk, and business resilience.

How to connect Nicholas Friedman :

Linkedin : https://www.linkedin.com/in/nicholasfriedman/

Website : https://www.templarshield.com/

Connect With Aaron Crow:

• Website: www.corvosec.com
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co
• Website: https://protectitall.co/
• X: https://twitter.com/protectitall

In this special milestone episode of Protect It All, host Aaron Crow steps away from the usual format to share his personal journey - from early days working with PLCs at a kitchen table to building a platform that connects and educates cybersecurity professionals around the world.

This episode is more than a reflection - it’s a story of persistence, curiosity, and community.

Aaron walks through the evolution of IT and OT cybersecurity, the lessons learned from decades in the field, and how conversations with experts across 100 episodes have shaped his perspective on what it truly means to “Protect It All.”

You’ll hear:

• How Aaron’s career in IT and OT began - and what kept him going
• The biggest lessons learned across 30+ years in cybersecurity
• What building a podcast taught him about community and leadership
• How the industry has evolved - and what still hasn’t changed
• Why relationships and shared knowledge matter more than ever
• What’s next for the future of cybersecurity and the podcast

Whether you’ve been listening since episode one or you’re just discovering the show, this episode offers inspiration, perspective, and a deeper look behind the mic.

Tune in to celebrate 100 episodes and the journey of protecting what matters most - only on Protect It All.

Key Moments:

04:12 Early tech projects and hobbies

09:31 First tech job setting up classrooms

11:20 Getting certified in IT

16:49 Early career in power and cybersecurity

18:08 Building a versatile IT team

24:23 Starting the cybersecurity podcast journey

26:28 Feeling recognized in the podcast world

29:22 Getting started in cybersecurity

Connect With Aaron Crow:

• Website: www.corvosec.com
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co
• Website: https://protectitall.co/
• X: https://twitter.com/protectitall
• YouTube: https://www.youtube.com/@PrOTectITAll
• FaceBook: https://facebook.com/protectitallpodcast

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Strong OT cybersecurity programs aren’t built on tools alone, they're built on strategy, communication, and smart investment.

In this episode of Protect It All, host Aaron Crow is joined by cybersecurity expert Don C. Weber for a candid, real-world discussion on what it actually takes to build and sustain effective security programs across IT and OT environments.

From CapEx vs OpEx decisions to the growing role of AI in both attack and defense, this conversation cuts through the noise and focuses on what drives real outcomes: understanding business workflows, aligning with leadership, and developing the soft skills needed to turn strategy into action.

You’ll learn:

• Why budgeting (CapEx vs OpEx) directly impacts security success
• The underrated power of soft skills in driving security programs
• How to connect cybersecurity efforts to business value and operations
• The role of pen testing and assessments in improving maturity
• Where AI adds value and where it introduces new risk
• How training and process understanding strengthen long-term resilience

Whether you’re building a new security program or scaling an existing one, this episode delivers practical, experience-driven insights to help you make smarter decisions and drive real impact.

Tune in to learn how to align strategy, people, and investment for stronger OT cybersecurity only on Protect It All.

Key Moments:

05:49 Technical skills and security requirements

09:10 Understanding data workflows

12:29 Building a vulnerability management program

13:26 Understanding organizational decision history

17:44 Budgeting challenges with CAPEX and OPEX

21:36 Steps in a security assessment

24:17 Starting a cybersecurity program

28:02 Prioritizing remote access security

31:21 Discussing AI's impact on cybersecurity

32:55 Using AI in cybersecurity

38:07 AI simplifying complex knowledge

40:35 AI tools making data queries easier

45:02 Detecting and responding faster

46:05 Networking and shared experiences

About the guest:

Don C. Weber is a visionary cybersecurity leader who helps defenders safely prove security where it matters most in industrial operations. He is a SANS Principal Instructor, Founder of Cutaway Security, co-author of SANS ICS613: ICS/OT Penetration Testing & Assessments, and he also teaches SANS ICS410: ICS/SCADA Security Essentials to SANS student around the world. He brings years of field work into creating step-by-step labs and planning methods teams can use right away.

How to connect Don:

LinkedIn: https://www.linkedin.com/in/cutaway/

Cutaway Security: https://www.linkedin.com/company/cutaway-security-llc

CutSec Github: https://github.com/cutaway-security

CutSec GasPot HMI Lab: https://github.com/cutaway-security/gaspot-hmi-lab

SANS ICS ICS613 ICS/OT Penetration Testing and Assessments: https://www.sans.org/cyber-security-courses/ics-ot-penetration-testing-assessments

Connect With Aaron Crow:

• Website: www.corvosec.com
• LinkedIn: https://www.linkedin.com/in/aaronccrow

L...