Nexus: A Claroty Podcast

Jay Catherine, security architect for a major retailer, joins the Nexus Podcast to discuss the intricacies of securing logistics and operational technology within the retail sector. 

Catherine covers various aspects of logistics cybersecurity, including risks introduced by connecting OT and IoT to the network, and the challenges of managing third-party vendor and supply chain relationships. 

He also discusses his unconventional caree...

Greg Garcia, Executive Director of the Health Sector Coordinating Council Cybersecurity Working Group, joins the Nexus Podcast to discuss the recent publication of the working group’s Sector Mapping and Risk Toolkit. 

The SMART toolkit is a methodology that helps healthcare providers visualize key services that support workflows in the industry and is also used to measure risk appropriately for each of those services.

Listen and subs...

O'Reilly coauthor of Evidence-Based Security and longtime healthcare CISO Christopher Frenz joins the Nexus podcast to describe his organization's approach to cybersecurity that is rooted in transforming security from an artform to a science. 

Frenz discusses how this process through how he tests the efficacy of controls in his environment, and how the insights gained from this testing have allowed him to move toward bette...

Retired four-star U.S. Navy Admiral Michael S. Rogers joins the Nexus Podcast for a wide-ranging discussion on deterrence in cyberspace and an examination of adversarial tactics and strategies. 

Adm. Rogers explains that deterrence relies on having the will to employ tactics that will reshape the choices adversaries are making in the targeting of U.S. critical infrastructure. 

Adm. Rogers also touches on Congress' failure to re-...

Bob Maley, Chief Security Officer at Black Kite and former CISO for the Commonwealth of Pennsylvania, joins the Nexus Podcast to discuss how critical infrastructure operators and state and local governments are meeting cybersecurity resourcing challenges. Whether it's budgets, workforce shortages, or technical debt, security leaders are facing volatile times in protecting critical sectors. 

Listen and subscribe to the Nexus Pod...

Pankaj Goyal, Chief Operating Officer at Safe Security, joins the Nexus Podcast to discuss the challenges cyber insurance carriers and brokers have in determing and providing coverage for asset heavy operational technology (OT) and cyber-physical systems (CPS) environments. 

Underwriters have prolific amounts of historical data and experience in calculating risk and exposure around IT, but cannot say the same for OT. 

Goyal discusses...

Rui Ataide, Managing Security Consultant at GuidePoint Security, joins the Nexus Podcast to discuss his experiences negotiating with ransomware gangs on behalf of victimized organizations. 

Ataide covers the nuances, processes, and methodology of negotiating with groups. He also explains how extortion and data theft has changed the risk management calculus for victims, and how cybersecurity insurance figures into negotiations. 

Liste...

Salvatore Gariuolo, a senior threat researcher at Trend Micro, joins the Nexus Podcast to discuss safe EV charging and in particular, the ISO 15118 standard meant to create a trusted environment for electric vehicle charging. 

Gariuolo contends that while ISO 15118 offers substantial improvements that reduce pressure on the grid, and also introduces a handful of cybersecurity enhancements, it is not sufficient to fully secure the EV...

Noam Moshe, Research Director for Claroty Team82, joins the Nexus Podcast live at the Black Hat Briefings in Las Vegas to discuss research that was presented here on the security of a popular video surveillance platform manufactured by Axis Communications. 

Moshe describes how Team82 examined the proprietary protocol supporting Axis servers and clients (camera) and uncovered four vulnerabilities that could be chained to eventually g...

Dan Berte, director of IoT security at Bitdefender, joins the Nexus Podcast to join his team's ongoing research into the security of solar grid inverters and three serious vulnerabilities uncovered in the popular Deye Solarman management platform.

Dan discusses his team's research, the disclosure process, and the implications on green energy initiatives overall. With the growing popularity of these platforms, Berte caution...

OT cybersecurity veteran Vivek Ponnada, SVP Growth & Strategy at Frenos, joins the Nexus Podcast to lend his expertise on the areas where he is seeing the most maturity and rapid evolution in the practice. Vivek explains the growing demand for contextual information to supplement the data organizations have around their known assets and vulnerabilities, for example. He also explains current risk prioritization and mitigation st...

Austin Allen, Sr. Director of Global Solutions Architecture at Airlock Security, joins the Nexus Podcast to discuss cybersecurity realities happening inside healthcare delivery organizations. 

Allen covers challenges and solutions around legacy software managing connected medical devices, and other cybersecurity risks potentially negatively impacting patient care. 

Allen also discusses the role of federal and industry regulations and...

Gentry Lane, founder of Nemesis Global, joins the Nexus Podcast to discuss the strategies guiding adversaries in their targeting of U.S. critical infrastructure. Primary of which is the desire of countries such as China, Russia, Iran, and North Korea to displace the U.S. as the global hegemon, she said. 

To disrupt the U.S.' standing as such, these adversaries have chose cyberspace as a front where they're on relatively eq...

Pedro Umbelino, Principal Research Scientist at Bitsight Technologies, joins the Nexus Podcast to discuss his team's research into Automatic Tank Gauge (ATG) systems and how they uncovered 11 vulnerabilities in ATGs manufactured by five different vendors. 

ATG systems are an industrial control system that monitors fuel levels inside storage tanks, including those at gasoline stations, military bases, hospitals, airports, and el...

Steven Sim, Chair of the OT-ISAC Advisory Committee, joins the Nexus Podcast to catch us up on the ISAC's activities, and some of the upcoming community-driven initiatives sponsored by the group. Steven shares the processes by which member organizations share incident, threat, and vulnerability information. He also discusses how member organizations contribute and participate in discussions and events that level up the maturit...

Cybersecurity and technology expert Sarah Fluchs joins the 100th episode of the Nexus Podcast to discuss the EU's Cyber Resilience Act and what it means for manufacturers of "products with digital elements" as they aim toward a 2027 compliance deadline. 

Sarah provides her insight on the regulation's essential requirements, its focus on secure-by-design and overall cyber resilience of products, and the milestones...

Andrew Ohrt, the resilience practice area lead at West Yost, joins the Nexus Podcast to discuss cyber-informed engineering (CIE) and how it informs engineers and asset operators to understand their role in creating and maintaining a cyber resilient organization. According to Ohrt, CIE is one of the best examples of delivering cybersecurity concepts to non-security teams, speaking to them in their language, and avoiding the often-in...

Megan Stifel, Chief Strategy Officer for the Institute for Security and Technology, joins the Nexus Podcast to discuss the four years of progress and challenges experienced by the Ransomware Task Force. 

The RTF was created days before the Colonial Pipeline ransomware incident and in a landmark report, laid out 48 recommendations to the industry that included a framework for critical infrastructure organizations that could help dete...

Security researcher Joe Slowik joins the Nexus Podcast to discuss the broad interpretation of what critical infrastructure entities are truly "critical," and how that creates an ethical wedge between protecting the well-resourced and those that are resource-strapped. 

Slowik acknowledges that while calling everything "critical" ensures that nothing is critical, serious discussions must be had about getting the mo...