Episodes

  • High-speed train hacks and homicidal lawnmowers

    High-speed train hacks and homicidal lawnmowers
    May 24 2026
    Podcast: Smashing Security (LS 55 · TOP 0.5% what is this?)Episode: High-speed train hacks and homicidal lawnmowersPub date: 2026-05-20Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationA 23-year-old radio enthusiast spent £300 on a piece of kit from the internet, and used it to bring four packed high-speed trains to a screeching halt. His defence in court? Possibly the most creative excuse we've heard all year.Meanwhile, owners of $4,000 robot lawnmowers are discovering that their gadget can be hijacked over the internet, redirected at journalists who foolishly lie down in front of it, and used to harvest Wi-Fi passwords, email addresses, and GPS coordinates. Change the default password? Sure - until the next firmware update silently resets it back.Plus - don't miss our featured interview with XBOW's Brendan Dolan-Gavitt about how AI is transforming penetration testing.All this and more in episode 468 of the "Smashing Security" podcast with cybersecurity expert and keynote speaker Graham Cluley, and special guest Geoff White.EPISODE LINKS:Open source tool maker Grafana Labs says hackers stole its code, refuses to pay ransom - TechCrunch.Man accused of stealing Beyoncé’s unreleased music takes guilty plea - ABC News.Shai-Hulud code drop: Open season for supply chain attacks- ReversingLabs.Student hacked Taiwan high-speed rail to trigger emergency brakes - BleepingComputer.Polish teen derails tram after hacking train network - The Register.The Cheap Radio Hack That Disrupted Poland's Railway System - WIRED.The man with an army of Yarbo robot lawn mowers - The Verge.Ever been run over by a robot? I have - for science! - TikTok.RD280UA 28” WQXGA BenQ Programming Monitor with Backlight and Flexible Arm - BenQ.Kai Shun DM-0708 combination sharpening stone, grain 300/1000 - Knives and Tools.AI-Assisted ICS Attack on a Water Utility - Dragos.Adversaries Leverage AI for Vulnerability Exploitation, Augmented Operations, and Initial Access - Google Cloud Blog.Smashing Security merchandise (t-shirts, mugs, stickers and stuff)SPONSORS:Vanta - Expand the scope of your security program with market-leading compliance automation… while saving time and money. Smashing Security listeners get $1000 off!XBOW - The autonomous offensive security platform that helps security teams scale. Start a pentest today.OPSWAT - Read Benny Czarny's book, "Cybersecurity Upside Down", to rethink how you protect your organization from file-based threats, including those powered by AI.SUPPORT THE SHOW:Tell your friends and colleagues about “Smashing Security”, and leave us a review on Apple Podcasts or Podchaser.Become a supporter! Join Smashing Security PLUS via Patreon or Apple Podcasts for ad-free episodes on our early-release feed!FOLLOW THE SHOW:Follow us on Bluesky or Mastodon, or on the Smashing Security subreddit, and visit our website for more episodes.THANKS:Theme tune: "Vinyl Memories" by Mikael Manvelyan.Assorted sound effects: AudioBlocks.Privacy & Opt-Out: https://redcircle.com/privacyThe podcast and artwork embedded on this page are from Graham Cluley, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
    Show More Show Less
    56 mins
  • Protecting Critical Infrastructure: NERC CIP-015-01 and Internal Network Security Monitoring (INSM)

    Protecting Critical Infrastructure: NERC CIP-015-01 and Internal Network Security Monitoring (INSM)
    May 23 2026
    Podcast: Emerson Automation Experts (LS 24 · TOP 10% what is this?)
    Episode: Protecting Critical Infrastructure: NERC CIP-015-01 and Internal Network Security Monitoring (INSM)
    Pub date: 2026-05-20

    Get Podcast Transcript →
    powered by Listen411 - fast audio-to-text and summarization



    We unpack what the NERC CIP-015-01 standard requires, the compliance timelines utilities must plan for, and the practical challenges of deploying monitoring inside operational technology environments.

    The podcast and artwork embedded on this page are from Emerson Team, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
    Show More Show Less
    25 mins
  • Liron Ner VP Engineering & Oren Valdman ResiliOTech product manager @DVplan on Cyber Risk Assessment

    Liron Ner VP Engineering & Oren Valdman ResiliOTech product manager @DVplan on Cyber Risk Assessment
    May 22 2026
    Podcast: ICS Cyber Talks Podcast
    Episode: Liron Ner VP Engineering & Oren Valdman ResiliOTech product manager @DVplan on Cyber Risk Assessment
    Pub date: 2026-05-19

    Get Podcast Transcript →
    powered by Listen411 - fast audio-to-text and summarization



    השגרה המקובלת בעולמות אבטחת המידע מבוססת על מחזוריות מתמדת: ביצוע סקר סיכוני סייבר, גיבוש תוכנית פעולה, תיקון פערים ומבדקי חדירות – תהליך החוזר חלילה מדי 12 עד 18 חודשים.

    למרות ההתקדמות הטכנולוגית בתחום הגנת הסייבר, סקר סיכוני הסייבר נותר אחד התהליכים הבודדים שכמעט ולא השתנו. הוא עדיין נשען במידה רבה על הידע האישי של הסוקר, מומחיותו והמתודולוגיה הנבחרת על ידו. בעתיד הקרוב מגמה זו עשויה להשתנות, עם כניסתם לשימוש של מודלי שפה גדולים במוצר כמו רזיליוטק לעיבוד תשובות משאלונים והצלבתן מול מתקפות סייבר בפועל, סקרי סיכונים אחרים ותקני התעשייה המקובלים.

    נחשון פינקו מארח את לירון נר, סמנכ"ל הנדסה וטכנולוגיה, ואת אורן ולדמן, מנהל מוצר רזילויוטק בחברת די.וי פלאן בדיון על אופטימיזציה של סקרי סיכוני סייבר במטרה להשיג תוצאות טובות יותר, תוכניות עבודה יישומיות ותיקון פערים אפקטיבי.



    The podcast and artwork embedded on this page are from Nachshon Pincu, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
    Show More Show Less
    45 mins
  • OT Security Isn't an IT Problem: What it Takes to Get it Right

    OT Security Isn't an IT Problem: What it Takes to Get it Right
    May 21 2026
    Podcast: Industrial Cybersecurity InsiderEpisode: OT Security Isn't an IT Problem: What it Takes to Get it RightPub date: 2026-05-19Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationCraig sits down with Wil Klusovsky, a 26-year cybersecurity veteran and CRO at viLogics, to break down why asset visibility and exposure management are the foundation of any solid OT security strategy.From the myth of the air-gapped shop floor to the real-world math behind quantifying cyber risk in dollars and cents, Will and Craig explore how manufacturers can move beyond fear-based selling, bridge the gap between IT and operations, and build programmatic cybersecurity that protects both production uptime and the bottom line.They discuss how to frame cyber risk as business risk, why compensating controls and context matter more than raw vulnerability numbers, and why the CISO's real job is "chief inside selling officer."Chapters:(00:00:00) - Welcoming Will to the Podcast!(00:02:12) - Why Asset Visibility Is the Starting Point for OT Security(00:03:48) - The Air Gap Myth and Legacy Systems on the Shop Floor(00:04:52) - Translating Cyber Risk Into Dollars and Cents(00:07:05) - Quantifying Downtime: Mean Time to Recovery and True Cost of Ownership(00:09:55) - Risk Appetite: Spend to Mitigate or Accept the Exposure?(00:11:32) - Who Really Owns the Risk? Executives, Not CISOs(00:13:00) - Uptime, OEE, and Why Cybersecurity Risk Is Business Risk(00:15:45) - Remote Access Risks and Competing Priorities on the Shop Floor(00:18:04) - The "Chief Inside Selling Officer" — Getting Buy-In Before Budget(00:19:48) - The Get Out of Jail Free Card: Aligning Incentives Across Teams(00:22:30) - Context Over CVE Counts: 600 Critical Vulns, Zero Exploitable(00:25:42) - Prioritizing Remediation by Business Impact, Not Severity Score(00:26:30) - Wrap-Up and Part 2 Preview: Business Impact AnalysisLinks And Resources:Wil Klusovsky on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
    Show More Show Less
    27 mins
  • AI in OT Cybersecurity: Real-World Risks, Smarter Defenses & the Future of Critical Infrastructure

    AI in OT Cybersecurity: Real-World Risks, Smarter Defenses & the Future of Critical Infrastructure
    May 20 2026
    Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)Episode: AI in OT Cybersecurity: Real-World Risks, Smarter Defenses & the Future of Critical InfrastructurePub date: 2026-05-18Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationAI is rapidly transforming cybersecurity but are critical infrastructure environments ready for what comes next? In this episode of Protect It All, host Aaron Crow sits down with longtime colleague and cybersecurity expert Clark Liu to explore how artificial intelligence is reshaping both IT and OT security operations. From incident response and compliance frameworks to workforce shifts and operational resilience, Aaron and Clark unpack the real-world opportunities and very real risks of integrating AI into industrial environments. Together, they tackle the evolving role of frameworks like NERC CIP and NIST, the challenges of balancing compliance with actual security outcomes, and how organizations can responsibly adopt AI without increasing exposure. You’ll learn: How AI is changing OT and IT cybersecurity operationsThe role of AI in incident response, documentation, and monitoringWhy compliance frameworks alone don’t guarantee resilienceThe risks of adopting AI without strong operational foundationsHow organizations can prepare for AI-powered threats and workforce changesPractical insights for balancing innovation, budgets, and security priorities Whether you’re leading OT security, managing critical infrastructure, or evaluating AI adoption in your organization, this episode delivers practical guidance for navigating cybersecurity’s next major shift. Tune in to learn how AI is transforming cyber defense and what organizations must do to stay resilient only on Protect It All. Key Moments; 05:33 Understanding cybersecurity compliance frameworks 07:11 Overlooked vulnerabilities in systems 09:59 Balancing multiple firewall vendors 15:17 Delegating tasks to AI 19:11 Importance of documenting commits 21:51 Hospital system shutdown crisis 25:11 AI uncovering software vulnerabilities 26:37 Engineers implementing AI in automation 31:26 AI tools and personal security 32:55 Password security practices 36:46 Using AI for basic tasks 39:38 Transition to off-the-shelf software 42:29 Going back to basics with appliances 47:02 Excitement About Future AI Capabilities Guest Profile : Clark Liu is a veteran OT cybersecurity expert and one of the original contributors to the NERC CIP standards. With nearly two decades in energy and critical infrastructure security - including leadership roles at EY and GALLO - Clark specializes in OT risk management, compliance strategy, and securing industrial operations from the plant floor to the cloud. How to connect Clark: LinkedIn : https://www.linkedin.com/in/clarkliu/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: info@protectitall.co Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at info@protectitall.co Please leave us a review on Apple/Spotify Podcasts: Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
    Show More Show Less
    49 mins
  • 3/4 Acciones de la Resiliencia Colectiva en el Sector Ferroviario

    3/4 Acciones de la Resiliencia Colectiva en el Sector Ferroviario
    May 19 2026
    Podcast: Casos de Ciberseguridad Industrial
    Episode: 3/4 Acciones de la Resiliencia Colectiva en el Sector Ferroviario
    Pub date: 2026-05-18

    Get Podcast Transcript →
    powered by Listen411 - fast audio-to-text and summarization



    En este episodio se aborda la gestión práctica de riesgos, superando el enfoque basado puramente en el cumplimiento documental. Se analizan los mecanismos contractuales e industriales más efectivos para garantizar la ciberseguridad a lo largo de todo el ciclo de vida del proyecto y se comparten casos reales donde la colaboración estrecha entre operadores, fabricantes […]

    The podcast and artwork embedded on this page are from Centro de Ciberseguridad Industrial, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
    Show More Show Less
    15 mins
  • The Next Cyber Crisis Won’t Be One Hospital—It Could Be the Entire Health System

    The Next Cyber Crisis Won’t Be One Hospital—It Could Be the Entire Health System
    May 17 2026
    Podcast: Exploited: The Cyber Truth
    Episode: The Next Cyber Crisis Won’t Be One Hospital—It Could Be the Entire Health System
    Pub date: 2026-05-14

    Get Podcast Transcript →
    powered by Listen411 - fast audio-to-text and summarization



    In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security CEO Joe Saunders and Greg Garcia, Executive Director for Cybersecurity of the Health Sector Coordinating Council (HSCC) Cybersecurity Working Group, to examine how ransomware, third-party dependencies, and interconnected healthcare infrastructure are shaping cyber risk across the healthcare sector.

    Drawing on experience spanning DHS, critical infrastructure protection, and healthcare cybersecurity coordination, Garcia explains how disruptions at a single vendor or service provider can cascade across hospitals, pharmacies, insurers, and patients nationwide.

    Together, they explore:

    • Why healthcare cyber risk is shifting from isolated breaches to systemic disruption
    • How ransomware and third-party compromises create cascading operational impacts
    • Lessons from the Change Healthcare ransomware attack
    • The growing challenge of securing connected healthcare systems and medical devices
    • Why patching alone cannot keep pace with modern cyber threats
    • The role of collaboration and resilience in protecting critical healthcare infrastructure

    From healthcare providers and medical device manufacturers to policymakers and critical infrastructure leaders, this episode explores what organizations must understand to prepare for the next generation of healthcare cyber threats.



    The podcast and artwork embedded on this page are from RunSafe Security, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
    Show More Show Less
    29 mins
  • OT Cybersecurity: Is the Purdue Model Still Useful?

    OT Cybersecurity: Is the Purdue Model Still Useful?
    May 16 2026
    Podcast: Industrial Cybersecurity InsiderEpisode: OT Cybersecurity: Is the Purdue Model Still Useful?Pub date: 2026-05-12Get Podcast Transcript →powered by Listen411 - fast audio-to-text and summarizationIs the Purdue Model outdated, or simply misunderstood? In this episode, Dino sits down with Ken Kully (Rockwell Automation) for a candid, practitioner-level conversation about what the Purdue Model still gets right.They discuss where it falls short in modern environments, and why “IT/OT convergence” remains more of a people-and-process challenge than a technology problem. They break down the reality on the plant floor: long-lived legacy systems, inconsistent architectures across sites, limited maintenance windows, and the operational consequences of downtime. The discussion also tackles the everyday friction points: MFA, shared operator accounts, unmanaged vendor laptops, and remote access “surprises”, and why you can’t improve OT security posture without a trustworthy asset inventory and segmentation that keeps systems “in their lane.”Chapters:(00:00:00) Intro + why this Purdue conversation matters now(00:01:00) Ken’s background: from process environments to OT cyber delivery readiness(00:04:00) The big question: has the Purdue Model outlived its usefulness?(00:07:00) Framework vs. strict blueprint: “Purdue enough” in real plants(00:09:00) IT/OT convergence: why it’s a people + process problem (not tech)(00:12:00) The “silver tsunami” and why security UX fails on the plant floor(00:15:30) MFA, shared logins, and why “security gets in the way” still shows up(00:18:00) Legacy reality: Windows 98/7 boxes, vendor lock-in, and downtime economics(00:21:00) Discovery first: diagrams, configs, and why documentation is always missing(00:23:30) Purdue as a map: brokering traffic, one-up/one-down, and the “3.5” DMZ(00:26:00) When devices try to “escape the box”: unexpected outbound comms + exposure risk(00:28:30) Vendor/OEM access: the unmanaged laptop problem in OT(00:32:00) Asset inventory as the unlock: you can’t defend what you don’t know exists(00:34:00) Why IT often won’t “crawl the plant,” and what that means operationally(00:36:30) Scale problem: 30 plants, 30 realities—standardize globally, execute locally(00:38:30) The SI/OEM “third leg”: why trusted integrators are key to sustainable OT security(00:40:30) Closing + crossover: continuing the discussion on Ken’s OT After Hours podcastLinks And Resources:Kenneth Kully on LinkedInWant to Sponsor an episode or be a Guest? Reach out here.Industrial Cybersecurity Insider on LinkedInCybersecurity & Digital Safety on LinkedInBW Design Group CybersecurityDino Busalachi on LinkedInCraig Duckworth on LinkedInThanks so much for joining us this week. Want to subscribe to Industrial Cybersecurity Insider? Have some feedback you’d like to share? Connect with us on Spotify, Apple Podcasts, and YouTube to leave us a review!The podcast and artwork embedded on this page are from Industrial Cybersecurity Insider, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
    Show More Show Less
    48 mins