Bridging IT/OT & Securing ICS: Kevin Kumpf, Chief OT / ICS Security Strategist, Cyolo
Dino welcomes Kevin Kumpf, Chief OT/ICS Security Strategist at Cyolo to this episode. They discuss the growing challenges and evolving strategies around cybersecurity in industrial environments. Kevin shares a seasoned perspective on bridging the gap between IT and OT, busting myths about Zero Trust certifications, and the dangers of underutilized security tools - or "shelfware." From real-world examples involving breweries, milk production, and energy plants, the conversation uncovers how lack of visibility, broken remote access practices, and aging systems create critical vulnerabilities. Most importantly, Kevin offers actionable advice for CISOs, CTOs, and plant managers on building resilient cybersecurity frameworks without disrupting operations. Don't miss this episode full of practical advice from industry experts.Chapters:00:00:00 - Kicking Off: Why OT Cybersecurity Can't Wait00:01:18 - Meet Kevin Kumpf: From Bank Vaults to Industrial Battlegrounds00:02:56 - Hard Truths About Securing Operational Technology00:06:42 - Shelfware Syndrome: Why Tools Fail Without Strategy00:12:09 - Plant Managers, Vendors, and the Battle for Cyber Resilience00:23:56 - Remote Access Exposed: The Hidden Risks Inside Your Plant00:30:58 - Closing Thoughts: Building Stronger, Smarter Industrial DefensesLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
--------
31:51
Cyber Threats, China, and the Global Wake-Up Call
Dino and Craig address the recent acknowledgment by China of their role in U.S. infrastructure hacks. They explore the urgent cybersecurity challenges facing industrial environments. With rising geopolitical tensions, tariffs, the push to bring more manufacturing back to the U.S. and increasing attacks on critical infrastructure, the stakes have never been higher. From end-of-life PLCs still running core operations, to the disconnect between IT and OT leadership, this conversation identifies the systemic gaps leaving industrial operations exposed. They outline the pressing need for visibility, actionable incident response plans, and a cultural shift toward collaboration across the stack, from plant floor to the boardroom. Whether you’re a CISO or an operations lead, this episode offers real-world insights, battle-tested perspectives, and one clear takeaway: in cybersecurity, doing nothing is no longer an option.Chapters:00:00:00 - Kicking Off: Why IT-OT Unity Isn’t Optional Anymore00:01:17 - Cyber Threats, China, and the Global Wake-Up Call00:02:16 - CISA’s New Role: From Background Player to OT Ally00:05:32 - Still Separate, Still Vulnerable: Why IT & OT Must Sync Up00:09:48 - Blind Spots Kill: Why Visibility Is the Real MVP00:10:43 - Remote Access Realities and the Myth of the Air Gap00:20:29 - Crisis Mode: Are You Ready for the Worst?00:23:50 - Dino & Craig’s Parting Shot: Do Something - NowLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
--------
27:04
Zero Trust in OT: A Look Back at Lessons Across IT and OT
In this special rewind episode, Dino Busalachi and Jim Cook address the messy but critical reality of implementing Zero Trust in operational technology (OT) environments. Drawing from years of hands-on experience, they break down why traditional IT frameworks often fail on the plant floor, especially when facing flat OT networks, legacy assets, and limited change windows. They introduce a "bucket approach" to segmenting and securing OT networks from the ground up. With real-world insights into asset inventory, process integrity, remote access challenges, and cross-functional collaboration, this episode is invaluable.Whether you're a CISO, CTO, an OT engineer, or IT expert; this episode offers solid advice on navigating the convergence of IT and OT in complex industrial systems and environments.Chapters:00:00:00 – Why Zero Trust Doesn’t Fit the Plant Floor (Yet)00:00:45 - Zero Trust : IT versus OT with Dino Busalachi and Jim Cook00:15:59 - Zero Trust in OT: Adapting IT's Playbook for Enhanced SecurityLinks And Resources:Industrial Cybersecurity InsiderLinkedIn Cybersecurity Group PageDino Busalachi on LinkedInJim Cook on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
--------
31:29
Cybersecurity by Design: Building OT Security Into Your Manufacturing Plant Floor
In this episode, Dino and Craig address the practicalities of building cyber resilience directly into manufacturing environments - rather than after the fact. Using real-world analogies and field-tested insights, they break down why treating OT security like physical safety is crucial. They challenge the outdated mindset of retrofitting cybersecurity protection after deployment of industrial plant floor equipment.This episode covers all the key elements of protecting your plant floor. From the importance of designing cybersecurity upfront, to implementing the SANS 5 Critical Controls, specific to cybersecurity in operational technology (OT) environments. Whether you're planning a greenfield build or managing legacy systems, this episode equips mid-to-senior leaders with actionable strategies to align IT and OT teams, boost visibility across XIoT assets, and future-proof operational environments in high-risk industries.Chapters:00:00:00 - Kicking Off: Why Cybersecurity Can’t Be an Afterthought in Manufacturing00:01:52 - Dino’s Five Must-Have OT Security Controls You Should Already Be Using00:03:45 - When IT and OT Collide: Real Talk on Silos, Strategy, and Responsibility00:06:08 - You Can’t Protect What You Can’t See: The Visibility Wake-Up Call00:11:24 - Build It In, Don’t Bolt It On: Making Cybersecurity Part of the Machine00:19:26 - Lost Docs and Retiring Experts: Managing Risk Across the Lifecycle00:20:41 - Dino and Craig’s Final Word: Start Now, Start Smart—Security Is the New SafetyLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity Insider NewsletterDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
--------
23:36
The CISO & Talent Crisis: Turnover Meets OT Cybersecurity Gaps
In this episode, Dino and Craig dive deep into the disturbing talent exodus in cybersecurity. The discussion is sparked by Gartner’s prediction that 25% of cybersecurity professionals will leave the field in the next year. They explore the growing gap between IT and OT teams, the lack of CISO influence in executive leadership, and the friction between cybersecurity goals and operational uptime. With real-world anecdotes and hard-hitting insights, they unpack everything from rogue assets and malware in OT environments to the challenges of implementing EDR tools in live production lines. Whether you're a CISO, CIO, or plant manager, this episode offers a candid look at the complex dynamics of securing industrial environments — and how collaboration is the only path forward.Chapters:00:00:00 – Kicking Off with a Brutal Reality Check on Cybersecurity00:01:06 – Gartner Says 25% of Cyber Pros Are Leaving — Here’s Why That Matters00:03:15 – IT vs OT: The Culture Clash Still Killing Cyber Progress00:09:35 – Why the Wrong Service Partner Could Be Your Biggest Risk00:14:05 – Malware, Rogue Assets, and the Ugly Truth About Your Plant Floor00:18:22 – Real Strategies for Fixing the IT/OT Disconnect (Without Killing Uptime)00:24:06 – Stop Talking. Start Acting. What Cyber Leaders Need to Do TodayLinks And Resources:Industrial Cybersecurity Insider on LinkedInCybersecurity Insider NewsletterDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!
Industrial Cybersecurity Insider offers a thorough look into the field of industrial cybersecurity for manufacturing and critical infrastructure. The podcast delves into key topics, including industry trends, policy changes, and groundbreaking innovations. Each episode will feature insights from key influencers, policy makers, and industry leaders. Subscribe and tune in weekly to stay in the know on everything important in the industrial cybersecurity world!
Polska