Nexus: A Claroty Podcast

Gus Serino, President of I&C Secure, joins the Nexus Podcast to discuss the formation and evolution of an ongoing water utility cybersecurity collaborative that leans on a collective defense model to share resources and threat intelligence among six water & wastewater companies in the commonwealth. 
Serino helped put together this coalition, and he explains how a feasibility study came together resulting in a shared grant that member utilities can use to improve their security programs. Gus talks about the origins of this collaborative and how other utilities can follow this model to improve cybersecurity in this struggling, resource-strapped critical infrastructure sector.
Subscribe and listen to the Nexus Podcast here.

Industrial cybersecurity expert Dan Ricci, the founder and maintainer of the ICS Advisory Project, joins the Nexus Podcast to discuss the evolution of the industry's premier ICS and OT security advisory repository as it turns 4 years old. 
Dan talks about the impact of the project on OT security teams, the dashboards he's created to better parse the volume of data on the site, and unique use cases that asset owners and operators have for this critical information. 
Subscribe and listen to the Nexus Podcast here.

Insane Cyber CEO and founder Dan Gunter joins the Nexus Podcast in an episode recorded live at the S4 Conference in Miami. Dan explains a process for generating malicous OT data in order to test the efficacy of an organization's intrusion detection and other security products. Generating such data has its barriers, but it's crucial, he said, in order to train products and security analysts how to spot malicious and anomalous traffic. Dan talks about using emulators and achieving success on a relatively small budget. 
Subscribe and listen to the Nexus Podcast here.

Mike Holcomb joins the Nexus Podcast to discuss a Converged Actor Framework he developed and presented at the S4 Conference. The framework delineates  groups such as hacktivists and state threat actors based on the impact and frequency of their activity. State actors are leveraging hacktivist groups with greater frequency, and this convergence must be considered as defenders tasked with protecting OT and cyber-physical systems strategize around security. 
Subscribe and listen to the Nexus Podcast here. 
Subscribe to Mike Holcomb's YouTube channel here.

Matthew Rogers, ICS Cybersecurity Lead at the Cybersecurity Infrastructure and Security Agency (CISA) joins the Nexus Podcast to discuss new guidance published by the agency to help manufacturers and asset owners move toward more secure OT communication protocols. 
Legacy protocols that contain little to no basic security capabilities are still prevalent in OT environments today. Rogers explains the risk and why manufacturers should begin their journey away from proprietary protocols and toward open standards. According to CISA's guidance, operators want authentication and integrity capabilities to protect process data, but need to understand the value and business impact of doing so. 
Download CISA's guidance here. 
Subscribe and listen to the Nexus Podcast here.