Nexus: A Claroty Podcast podcast artwork

PODCAST · technology

Nexus: A Claroty Podcast

Nexus is a cybersecurity podcast hosted by Claroty Editorial Director Mike Mimoso. Nexus will feature discussions with cybersecurity leaders responsible for the security and protection of cyber-physical systems. Guests include cybersecurity researchers, executives, innovators, and influencers, discussing the topics affecting cybersecurity professionals in OT, IoT, and IoMT environments. 

  1. 132

    Dan Ricci on OT/CPS Visibility and Risk Reduction

    ICS Advisory Project founder Dan Ricci joins the Nexus Podcat to discuss how to turn operational technology (OT) and cyber-physical systems (CPS) visibility into actual risk reduction. Dan describes the need to distinguish between asset lists and actual asset inventories, what those differences are, and how to make the most of the information made available. Device data such as firmware versions, protocol identification, and more are vital to other aspects of the OT and CPS protection program, including exposure management and segmentation initiatives.Dan wrote more on this topic in this article: “From Inventory to Insight: Turning OT Visibility into Concrete Risk Reduction.” This interview was pulled from Episode 4 of Nexus Digest. Subscribe and listen to the Nexus Podcast here. 

  2. 131

    Krista Arndt on Cyber Resilience in Healthcare

    Krista Arndt, the Associate Chief Information Security Officer (CISO) at the St. Luke's University Health Network, a 15-hospital health system in Pennsylvania and New Jersey, joins the Nexus Podcast to discuss cybersecurity and resilience in a large hospital system. Krista and her team talk about the role of healthcare cybersecurity teams in ensuring patient safety, and some of the ongoing challenges in keeping medical devices and the healthcare network available and resilient to attack. Krista also discusses a microsegmentation project implemented through Elisity that helped remove blockers impeding innovation around robotic surgical systems. Subscribe and listen to the Nexus Podcast here. 

  3. 130

    Jon Holzbauer on IT/OT's Divergent Approaches to Asset Security

    Jon Holzbauer, OT Systems Manager at Silgan Containers, joins the Nexus Podcast to discuss where IT security teams and OT operations run into challenges in protecting these diverse complicated environments in manufacturing. A clash of approaches may lead to rash decisions around cybersecurity that could disrupt key processes or impact safety and reliability. This interview was pulled from Episode 3 of Nexus Digest, a monthly recap of content published on Nexus. Subscribe and listen to the Nexus Podcast here. 

  4. 129

    Ric Derbyshire on Living-Off-the-Plant OT Cyberattacks

    Ric Derbyshire, a Principal Security Researcher at Orange Cyberdefense and an Honorary Researcher at Imperial College London, joins the Nexus Podcast to discuss how attackers are able to gain lateral movement across operational technology (OT) assets through a tactic known as Living Off the Plant.Similar to Living-off-the-Land attacks, Living-Off-the-Plant TTPs leverage native functionality specific to OT, with a potential negative impact on physical assets and safety concerns. Subscribe and listen to the Nexus Podcast here. 

  5. 128

    Deral Heiland on Weaponizing Cellular-Based IoT

    Rapid7 Principal Security Research (IoT) lead Deral Heiland joins the Nexus Podcast to discuss work his team did on how attackers might weaponize cellular-based IoT. Rapid7 conducted three phases of this research, with the most recent digging into how attackers with access to these systems can abuse them to gain unauthorized access, potentially exfiltrate critical data, or pivot into backend network infrastructure. Subscribe and listen to the Nexus Podcast here. Read the Rapid7 research report.

  6. 127

    Rob King on OT Asset Exposures, Mitigations

    Rob King, Director of Applied Research at RunZero, joins the Nexus Podcast to discuss the security risks and exposures introduced by digital transformation to operational technology environments. As many OT and cyber-physical systems assets are connected online, there could be signification exposures introduced to these internet-facing devices and systems. Rob also discusses the effectiveness of popular mitigations such as segmentation and other controls.  Subscribe and listen to the Nexus Podcast here. 

  7. 126

    Samir Boussarhane on New MITRE Caldera for OT Attack Simulators

    Samir Boussarhane, senior cybersecurity engineer at MITRE, joins the Nexus Podcast to discuss some new simulator plug-ins added to Caldera for OT. Caldera for OT is an open-source adversary emulation platform that automates security assessments for operational technology (OT) systems. Samir provides context on a new simulator called the Aloha Water Treatment plant, which emulates a water utility and serves as a training platform for students, engineers, and IT security teams alike. Caldera for OT now also supports protocols such as BACnet, Modbus, and includes an HVAC simulator.Subscribe and listen to the Nexus Podcast here. Access the Aloha Water Treatment simulator.  Medium article on the Aloha Water Treatment simulator.

  8. 125

    Jim Labonty on Data Center, Manufacturing Cybersecurity

    Former Pfizer head of global automation engineering Jim LaBonty joins the Nexus Podcast to discuss an article he wrote for Nexus on the need to secure data centers during kinetic conflict. He also explains the interlock between data centers and manufacturing facilities, and why a cyberattack against a data center can be devastating to the uptime and reliability of factory floors. This interview was pulled from Episode 2 of Nexus Digest, a monthly recap of content published on Nexus. Subscribe and listen to the Nexus Podcast here. 

  9. 124

    Tiffany Wilson on the Security Crisis of Consumer Tech in Healthcare

    Tiffany Wilson, the founder of Wilson Inclusive Solutions (WINS), a disability accessibility consulting firm, joins the Nexus Podcast to discuss the proliferation of consumer technology into healthcare infrastructure. This technology—smart speakers that help manage medications or cameras that monitor vulnerable individuals—often handles patient data and safety, and operates in a regulatory void. Wilson advocates for frameworks that manufacturers and distributors can use to protect patient information and safety, given that most of this assistive technology functions as healthcare infrastructure without existing oversight and protection given healthcare technology. Subscribe and listen to the Nexus Podcast here. 

  10. 123

    Joe Slowik on Exposed, Internet-Facing OT

    Joe Slowik, Director of Cybersecurity Alerting Strategy at Dataminr, joins the Nexus Podcast to discuss the alarming trend of lesser-skilled hacktivist groups leveraging operational technlogy (OT) and cyber-physical systems (CPS) in attacks. Many of these exposed devices are easily scannable and accessible online, and attackers are hurdling low barriers to entry such as poor or missing authentication, or insecure, legacy protocols to access assets and either cause disruption or move further into the process or business networks. Often these attacks are carried out without exploits or malware. Subscribe and listen to the Nexus Podcast here. Download Team82's report: "Analyzing CPS Attack Trends"

  11. 122

    Phil Englert on Medical Device Cybersecurity

    Phil Englert, VP, Medical Device Security, Health-ISAC joins to discuss the cybersecurity risks introduced by legacy technology in healthcare and how it impacts patient care and safety. Phil also brings some context and insight into the U.S. Food and Drug Administration's (FDA) updated guidance on cybersecurity requirements for medical devices aimed at manufacturers and premarket product submissions. The guidance proposes stricter secure development processes, software component tracking, and more.Subscribe and listen to the Nexus Podcast here. 

  12. 121

    Raphael Arakelian on Operation Grim Beeper

    Raphael Arkelian, the OT/IOT cybersecurity manager at Accenture, joins the Nexus Podcast to discuss his research into Operation Grim Beeper, the name given to a two-day attack in 2024 in the Middle East where explosives were introduced into pagers and walkie-talkies favored by Hezbollah. The explosions injured more than 1500 and killed dozens. Raphael’s research looks at several aspects of this attack and shares lessons and security gaps that can be applied across the OT and supply chain ecosystems. Subscribe and listen to the Nexus Podcast here. 

  13. 120

    Adm. Michael Rogers on his time as NSA Director

    Former NSA Director and Commander of U.S. Cyber Command Adm. Michael S. Rogers (Ret. USN) joins the Nexus Podcast. Rogers spoke in advance of an RSA Conference panel discussion today with the other living NSA directors, Keith Alexander, Paul Nakasone, and Tim Haugh, a rare time when the four can be in the same room. Rogers describes the principles that guided his time as director of these intelligence agencies, how the role changes as administrations change, and some of the core strategies that led to success. Subscribe and listen to the Nexus Podcast here. 

  14. 119

    Michael Pyle on Securing Internet-Facing OT and ICS Assets

    Michael Pyle, Director of Product Cybersecurity at Schneider Electric, joins the Nexus Podcast to discuss Internet Exposure Prevention, a new SE approach to preventing illicit connections to operational technology and industrial control systems that are insecurely connected to the internet. Attackers are adept at enumerating exposed devices and leveraging OT and ICS to access process and corporate networks. Pyle explains that Internet Exposure Prevention drops inbound traffic that the asset did not initiate. Checks are made on the IP address initiating the connection and whether it's a routable source IP, and an allow/deny decision is made. Pyle explains the risk to exposed devices, and the need to shut down illicit connections. Subscribe and listen to the Nexus Podcast here. 

  15. 118

    Gus Serino on a Massachusetts Water Cybersecurity Collaborative

    Gus Serino, President of I&C Secure, joins the Nexus Podcast to discuss the formation and evolution of an ongoing water utility cybersecurity collaborative that leans on a collective defense model to share resources and threat intelligence among six water & wastewater companies in the commonwealth. Serino helped put together this coalition, and he explains how a feasibility study came together resulting in a shared grant that member utilities can use to improve their security programs. Gus talks about the origins of this collaborative and how other utilities can follow this model to improve cybersecurity in this struggling, resource-strapped critical infrastructure sector.Subscribe and listen to the Nexus Podcast here. 

  16. 117

    Dan Ricci on Four Years of the ICS Advisory Project

    Industrial cybersecurity expert Dan Ricci, the founder and maintainer of the ICS Advisory Project, joins the Nexus Podcast to discuss the evolution of the industry's premier ICS and OT security advisory repository as it turns 4 years old. Dan talks about the impact of the project on OT security teams, the dashboards he's created to better parse the volume of data on the site, and unique use cases that asset owners and operators have for this critical information. Subscribe and listen to the Nexus Podcast here. 

  17. 116

    Dan Gunter on Creating Malicious OT Test Data to Train Security Tools

    Insane Cyber CEO and founder Dan Gunter joins the Nexus Podcast in an episode recorded live at the S4 Conference in Miami. Dan explains a process for generating malicous OT data in order to test the efficacy of an organization's intrusion detection and other security products. Generating such data has its barriers, but it's crucial, he said, in order to train products and security analysts how to spot malicious and anomalous traffic. Dan talks about using emulators and achieving success on a relatively small budget. Subscribe and listen to the Nexus Podcast here. 

  18. 115

    Mike Holcomb on the Intersection of Hacktivists, State Actors

    Mike Holcomb joins the Nexus Podcast to discuss a Converged Actor Framework he developed and presented at the S4 Conference. The framework delineates  groups such as hacktivists and state threat actors based on the impact and frequency of their activity. State actors are leveraging hacktivist groups with greater frequency, and this convergence must be considered as defenders tasked with protecting OT and cyber-physical systems strategize around security. Subscribe and listen to the Nexus Podcast here. Subscribe to Mike Holcomb's YouTube channel here.

  19. 114

    CISA's Matthew Rogers on Secure OT Protocol Communication

    Matthew Rogers, ICS Cybersecurity Lead at the Cybersecurity Infrastructure and Security Agency (CISA) joins the Nexus Podcast to discuss new guidance published by the agency to help manufacturers and asset owners move toward more secure OT communication protocols. Legacy protocols that contain little to no basic security capabilities are still prevalent in OT environments today. Rogers explains the risk and why manufacturers should begin their journey away from proprietary protocols and toward open standards. According to CISA's guidance, operators want authentication and integrity capabilities to protect process data, but need to understand the value and business impact of doing so. Download CISA's guidance here. Subscribe and listen to the Nexus Podcast here. 

  20. 113

    Jay Catherine on Securing Logistics, OT in Retail

    Jay Catherine, security architect for a major retailer, joins the Nexus Podcast to discuss the intricacies of securing logistics and operational technology within the retail sector. Catherine covers various aspects of logistics cybersecurity, including risks introduced by connecting OT and IoT to the network, and the challenges of managing third-party vendor and supply chain relationships. He also discusses his unconventional career path, from hockey broadcaster to his current cybersecurity role. Listen and subscribe to the Nexus Podcast.Feedspot has named Nexus a top IoT security podcast for 2025

  21. 112

    Greg Garcia on the Sector Mapping and Risk Toolkit for Healthcare

    Greg Garcia, Executive Director of the Health Sector Coordinating Council Cybersecurity Working Group, joins the Nexus Podcast to discuss the recent publication of the working group’s Sector Mapping and Risk Toolkit. The SMART toolkit is a methodology that helps healthcare providers visualize key services that support workflows in the industry and is also used to measure risk appropriately for each of those services.Listen and subscribe to the Nexus Podcast. Get the SMART Toolkit here. 

  22. 111

    Christopher Frenz on Evidence-Based Security

    O'Reilly coauthor of Evidence-Based Security and longtime healthcare CISO Christopher Frenz joins the Nexus podcast to describe his organization's approach to cybersecurity that is rooted in transforming security from an artform to a science. Frenz discusses how this process through how he tests the efficacy of controls in his environment, and how the insights gained from this testing have allowed him to move toward better metrics and a better working relationship with leadership and the board. Listen and subscribe to the Nexus Podcast. 

  23. 110

    Adm. Michael Rogers on Deterrence in Cyberspace

    Retired four-star U.S. Navy Admiral Michael S. Rogers joins the Nexus Podcast for a wide-ranging discussion on deterrence in cyberspace and an examination of adversarial tactics and strategies. Adm. Rogers explains that deterrence relies on having the will to employ tactics that will reshape the choices adversaries are making in the targeting of U.S. critical infrastructure. Adm. Rogers also touches on Congress' failure to re-authorize the Cybersecurity Information Sharing Act (CISA 15) and what it means for defenders as the reauthorization deadline passes, and the resource challenges affecting adequate protection of critical infrastructure. Listen and subscribe to the Nexus Podcast.

  24. 109

    Bob Maley on Resource Challenges in Cybersecurity

    Bob Maley, Chief Security Officer at Black Kite and former CISO for the Commonwealth of Pennsylvania, joins the Nexus Podcast to discuss how critical infrastructure operators and state and local governments are meeting cybersecurity resourcing challenges. Whether it's budgets, workforce shortages, or technical debt, security leaders are facing volatile times in protecting critical sectors. Listen and subscribe to the Nexus Podcast.

  25. 108

    Pankaj Goyal on Cyber Insurance Coverage for OT Environments

    Pankaj Goyal, Chief Operating Officer at Safe Security, joins the Nexus Podcast to discuss the challenges cyber insurance carriers and brokers have in determing and providing coverage for asset heavy operational technology (OT) and cyber-physical systems (CPS) environments. Underwriters have prolific amounts of historical data and experience in calculating risk and exposure around IT, but cannot say the same for OT. Goyal discusses how fragmentation in the OT ecosystem, along with an ever-expanding attack surface, is contributing to the challenges around properly insuring these environments. Listen and subscribe to the Nexus Podcast

  26. 107

    Rui Ataide on Navigating Ransomware Negotiations

    Rui Ataide, Managing Security Consultant at GuidePoint Security, joins the Nexus Podcast to discuss his experiences negotiating with ransomware gangs on behalf of victimized organizations. Ataide covers the nuances, processes, and methodology of negotiating with groups. He also explains how extortion and data theft has changed the risk management calculus for victims, and how cybersecurity insurance figures into negotiations. Listen and subscribe to the Nexus Podcast

  27. 106

    Salvatore Gariuolo on Safe EV Charging

    Salvatore Gariuolo, a senior threat researcher at Trend Micro, joins the Nexus Podcast to discuss safe EV charging and in particular, the ISO 15118 standard meant to create a trusted environment for electric vehicle charging. Gariuolo contends that while ISO 15118 offers substantial improvements that reduce pressure on the grid, and also introduces a handful of cybersecurity enhancements, it is not sufficient to fully secure the EV charging ecosystem.Listen and subscribe to the Nexus Podcast

  28. 105

    Noam Moshe on Hacking Video Surveillance

    Noam Moshe, Research Director for Claroty Team82, joins the Nexus Podcast live at the Black Hat Briefings in Las Vegas to discuss research that was presented here on the security of a popular video surveillance platform manufactured by Axis Communications. Moshe describes how Team82 examined the proprietary protocol supporting Axis servers and clients (camera) and uncovered four vulnerabilities that could be chained to eventually gain pre-authentication remote-code execution. Moshe explains Team82's research process, the risks to users, and the successful disclosure process with Axis Communication that resulted in prompt patches available for the servers and camera platforms. Read Team82's research blog hereListen and subscribe to the Nexus Podcast

  29. 104

    Dan Berte on Solar Grid and IoT Vulnerabilities

    Dan Berte, director of IoT security at Bitdefender, joins the Nexus Podcast to join his team's ongoing research into the security of solar grid inverters and three serious vulnerabilities uncovered in the popular Deye Solarman management platform.Dan discusses his team's research, the disclosure process, and the implications on green energy initiatives overall. With the growing popularity of these platforms, Berte cautions that attackers are going to continue to analyze their security for weaknesses and attempt to exploit them. Listen to the Nexus Podcast on your favorite podcast platform. 

  30. 103

    Vivek Ponnada on the Ongoing Maturity of OT Security

    OT cybersecurity veteran Vivek Ponnada, SVP Growth & Strategy at Frenos, joins the Nexus Podcast to lend his expertise on the areas where he is seeing the most maturity and rapid evolution in the practice. Vivek explains the growing demand for contextual information to supplement the data organizations have around their known assets and vulnerabilities, for example. He also explains current risk prioritization and mitigation strategies, and how advanced technologies fit into the OT security landscape. Listen to the Nexus Podcast on your favorite podcast platform. 

  31. 102

    Austin Allen on the Cybersecurity Realities Facing Healthcare

    Austin Allen, Sr. Director of Global Solutions Architecture at Airlock Security, joins the Nexus Podcast to discuss cybersecurity realities happening inside healthcare delivery organizations. Allen covers challenges and solutions around legacy software managing connected medical devices, and other cybersecurity risks potentially negatively impacting patient care. Allen also discusses the role of federal and industry regulations and the role of compliance in guiding hospital cybersecurity programs.Listen to the Nexus Podcast on your favorite podcast platform.

  32. 101

    Gentry Lane on the Use of 'Salami Cuts' in Cyber Conflict

    Gentry Lane, founder of Nemesis Global, joins the Nexus Podcast to discuss the strategies guiding adversaries in their targeting of U.S. critical infrastructure. Primary of which is the desire of countries such as China, Russia, Iran, and North Korea to displace the U.S. as the global hegemon, she said. To disrupt the U.S.' standing as such, these adversaries have chose cyberspace as a front where they're on relatively equal footing. They're doing so incrementally, Lane said, known as salami tactics. Salami tactics is a strategy of gradually cutting into an opposition's dominance by instilling distrust in institutions, utilities, or the government's ability to protect us. Gentry describes theses tactics, their effectiveness, and what critical infrastructure defenders should be doing to protect their systems and networks. Listen to the Nexus Podcast on your favorite podcast platform.

  33. 100

    Pedro Umbelino on Exploiting ATG Devices in Fuel Storage

    Pedro Umbelino, Principal Research Scientist at Bitsight Technologies, joins the Nexus Podcast to discuss his team's research into Automatic Tank Gauge (ATG) systems and how they uncovered 11 vulnerabilities in ATGs manufactured by five different vendors. ATG systems are an industrial control system that monitors fuel levels inside storage tanks, including those at gasoline stations, military bases, hospitals, airports, and elsewhere. ATGs track fuel levels, and are meant to detect leaks, help with inventory management, and are key in regulatory compliance efforts.The vulnerabilities uncovered by Pedro and his team expose these systems to catastrophic risks, from environmental hazards to significant economic losses, including physical damage.Worse yet is that these systems are old and challenging to update. Read Bitsight's research here.Listen to the Nexus Podcast on your favorite podcast platform. 

  34. 99

    Steven Sim on OT-ISAC and the State of Information Sharing

    Steven Sim, Chair of the OT-ISAC Advisory Committee, joins the Nexus Podcast to catch us up on the ISAC's activities, and some of the upcoming community-driven initiatives sponsored by the group. Steven shares the processes by which member organizations share incident, threat, and vulnerability information. He also discusses how member organizations contribute and participate in discussions and events that level up the maturity of cybersecurity practices within OT asset-heavy enterprises. Listen to the Nexus Podcast on your favorite podcast platform.

  35. 98

    Sarah Fluchs on the Cyber Resilience Act

    Cybersecurity and technology expert Sarah Fluchs joins the 100th episode of the Nexus Podcast to discuss the EU's Cyber Resilience Act and what it means for manufacturers of "products with digital elements" as they aim toward a 2027 compliance deadline. Sarah provides her insight on the regulation's essential requirements, its focus on secure-by-design and overall cyber resilience of products, and the milestones manufacturers need to hit as their compliance efforts get under way. Sarah also discusses her thought leadership and work in bringing cybersecurity to engineers, asset operators, and other non-security teams. It's important, she says, to eliminate cybersecurity's innate complexity and bring these concepts to engineers and others on their terms. Listen to the Nexus Podcast on your favorite podcast platform.

  36. 97

    Andrew Ohrt on Cyber-Informed Engineering

    Andrew Ohrt, the resilience practice area lead at West Yost, joins the Nexus Podcast to discuss cyber-informed engineering (CIE) and how it informs engineers and asset operators to understand their role in creating and maintaining a cyber resilient organization. According to Ohrt, CIE is one of the best examples of delivering cybersecurity concepts to non-security teams, speaking to them in their language, and avoiding the often-intimidating jargon that can dominate cybersecurity discussions.Listen to the Nexus Podcast on your favorite podcast platform.

  37. 96

    Megan Stifel on the Impact of the Ransomware Task Force

    Megan Stifel, Chief Strategy Officer for the Institute for Security and Technology, joins the Nexus Podcast to discuss the four years of progress and challenges experienced by the Ransomware Task Force. The RTF was created days before the Colonial Pipeline ransomware incident and in a landmark report, laid out 48 recommendations to the industry that included a framework for critical infrastructure organizations that could help deter and disrupt the operations of ransomware gangs. Stifel covers the growth of the task force and which the of the 48 recommendations have been tackled and which remain. Listen and subscribe to the Nexus Podcast on your favorite platform.

  38. 95

    Joe Slowik on Identifying Truly 'Critical' Infrastructure

    Security researcher Joe Slowik joins the Nexus Podcast to discuss the broad interpretation of what critical infrastructure entities are truly "critical," and how that creates an ethical wedge between protecting the well-resourced and those that are resource-strapped. Slowik acknowledges that while calling everything "critical" ensures that nothing is critical, serious discussions must be had about getting the most return in terms of defensive resources while recognizing the ethical dilemmas that some entities cannot be left behind because they're not as important to overall national and economic security. Listen and subscribe to the Nexus Podcast on your favorite platform.

  39. 94

    Danielle Jablanski on Critical Infrastructure Protection

    Danielle Jablanski, Industrial Control Systems Strategist & Subject Matter Expert at CISA, joins the Nexus podcast to discuss her perspectives on critical infrastructure protection and government's role as a cybersecurity partner on implementation guidance and enablement. Danielle touches on a number of areas of CI security and protection, ranging from the challenges arising from the high percentage of private sector ownership of critical infrastructure, to the assistance available from CISA and other agencies to lesser-resourced entities in the 16 CI sectors. Listen and subscribe to the Nexus Podcast on your favorite platform.

  40. 93

    Cassie Crossley on Hardware Security, HBOMs

    Schneider Electric Vice President of Supply Chain Security Cassie Crossley joins the Nexus Podcast to discuss the nuances of hardware security and the growing need for hardware bills of materials (HBOMs) within critical infrastructure.Cassie covers the use cases and features that matter most within an HBOM, some of the threats and weaknesses they can illuminate for users, and how they can change the current status quo for CI sectors that have concerns about the provenance of hardware components and the threats they pose. Cassie is an experienced cybersecurity technology executive in information technology and product development and author of “Software Supply Chain Security: Securing the End-to-End Supply Chain for Software, Firmware, and Hardware.”Listen and subscribe to the Nexus Podcast here. 

  41. 92

    Christiaan Beek on Ransomware's Evolution and Economics

    Rapid7 Senior Director of Threat Analytics Christiaan Beek joins the Nexus Podcast to discuss the technical evolution and economic models that maintain ransomware's viability among threat actors. Ransomware became a for-profit threat more than a decade ago and has progressed into the No. 1 threat facing many critical infrastructure organizations. In this episode, Beek covers extortion characteristics, the stealthiness of some attacks, and how the future may include hardware-based ransomware that maintains indefinite persistence. Follow and subscribe to the Nexus Podcast. 

  42. 91

    Florence Hudson on the IEEE/UL 2933 Clinical IOT Cybersecurity Standard

    Florence Hudson, working group chair of the IEEE/UL 2933 standard and framework for Clinical IOT Data and Device Interoperability with TIPPSS, joins the Nexus Podcast. Published last September, the standard establishes a framework for secure data exchanges between clinical IoT and medical devices and systems. The frameworks is based on TIPPSS principles (trust, identity, privacy, protection, safety, and security) clinical IoT such as in-hospital devices, wearable devices, investigational devices.Follow and subscribe to the Nexus Podcast.

  43. 90

    Mike Holcomb on Starting and Succeeding in OT Cybersecurity

    Mike Holcomb, global lead for ICS and OT cybersecurity at Fluor, joins the Nexus Podcast to discuss his advocacy and efforts to educate engineers and IT cybersecurity professionals in the nuances of protecting operational technology and industrial control systems. Mike produces and hosts a learning series available for free on YouTube called "Getting Started in ICS/OT Cyber Security" where he explains the fundamentals of this unique cybersecurity discipline On the podcast, he discusses his experience with those in IT now responsible for OT, how to best assess and mitigate risk within OT, and some of the practical threats that matter most to practitioners. Follow the Nexus Podcast here.

  44. 89

    Ron Fabela on Low-Skilled OT and ICS Threat Actors

    Ron Fabela of ABS Consulting joins the Nexus Podcast to dispel some of the myths surrounding threat actors targeting operational technology and industrial control systems. Groups such as the Russian Cyber Army, UserSec, and the CyberAv3ngers have different ideological motivations, and have decidedly carried out low-impact attacks on OT. Fabela covers some of their tactics, whether they're better marketers than hackers, and reminds users that their exploits still merit investigation and remediation. Listen to every episode of the Nexus Podcast here. 

  45. 88

    Munish Walther-Puri on Creating a Scale for Cybersecurity Incidents

    Munish Walther-Puri of the Center for Global Affairs at New York University joins the Claroty Nexus podcast to discuss a homegrown severity scale for critical infrastructure cybersecurity incidents. The Infrastructure Cyber Incident Scale, or INCI Scale, brings a Richter-Scale-like criticality index to incidents based on the intensity, magnitude, and duration of an event. Walther-Puri unveiled the scale at the S4 Conference in Tampa. 

  46. 87

    Brian Foster on the Risks of a Hyperconnected Grid

    Brian Foster, Senior Advisor for Grid Security at Southern California Edison, joins the Nexus Podcast to discuss a presentation he gave at the S4 Conference called . Foster covers the impending risk and host of exposures expected as smart meters and other similar devices are centrally managed online. This scenario gives attackers the ability to attack devices at scale and potentially cause catastrophic damage. Listen to every episode of the Nexus Podcast here. 

  47. 86

    CISA's Matthew Rogers on Secure by Demand for OT

    Matthew Rogers, ICS Cybersecurity Strategy & R&D Lead at the Cybersecurity & Infrastructure Security Agency (CISA) joins the Nexus Podcast to discuss the agency's latest publication: “Secure by Demand: Priority Considerations for Operational Technology Owners and Operators when Selecting Digital Products.” This guide features 12 cybersecurity recommendations that OT owners and operators should be looking for during procurement cycles with automation and control system vendors. Read Claroty's blog on the guide.Listen to every episode of the Nexus Podcast here. 

  48. 85

    Noam Moshe on the IOCONTROL Malware

    Claroty Team82 researcher Noam Moshe joins the Nexus Podcast to discuss the IOCONTROL malware used by an Iranian APT actor known as the CyberAv3ngers to target civilian critical infrastructure in the U.S. and Israel. The malware acts as a Linux-based backdoor and has a modular configuration that can be adapted for IoT, OT, and SCADA devices. Read Team82's research blog: "Inside a New OT/IoT Cyberweapon: IONCONTROL"Listen and subscribe to the Nexus Podcast here.

  49. 84

    Team82 on Attacking the Insecure IoT Cloud

    Claroty Team82's Noam Moshe and Tomer Goldschmidt join the Nexus Podcast to discuss the research team's latest publication on 10 vulnerabilities discovered in Ruijie Networks' Reyee OS cloud platform. A chain of these vulnerabilities could allow an attacker to remotely execute code on any device connected to the Ruijie cloud. Team82 also developed an attack they call Open Sesame which allows an attacker in proximity of a Ruijie device to use leaked device information and access the internal network.You can find the research here on Team82's website. Listen and subscribe to the Nexus Podcast here.

  50. 83

    Volexity's Steven Adair on the Nearest Neighbor Attack

    Volexity founder Steven Adair joins the Claroty Nexus Podcast to discuss the Nearest Neighbor Attack, a unique attack carried out by Russia's APT 28 against a high-value target in an attempt to gain intelligence on Ukraine prior to the start of the war in February 2022. APT 28 was able to compromise the Wi-Fi network of its target without being in physical proximity of it. They did so by remotely compromising neighboring organizations, accessing their Wi-Fi networks—creating a daisy-chain of breaches and compromises—until they were able to reach their target. Volexity's blog contains additional technical details. Listen to every episode of the Nexus Podcast here. 

Type above to search every episode's transcript for a word or phrase. Matches are scoped to this podcast.

Searching…

We're indexing this podcast's transcripts for the first time — this can take a minute or two. We'll show results as soon as they're ready.

No matches for "" in this podcast's transcripts.

Showing of matches

No topics indexed yet for this podcast.

Loading reviews...

ABOUT THIS SHOW

Nexus is a cybersecurity podcast hosted by Claroty Editorial Director Mike Mimoso. Nexus will feature discussions with cybersecurity leaders responsible for the security and protection of cyber-physical systems. Guests include cybersecurity researchers, executives, innovators, and influencers, discussing the topics affecting cybersecurity professionals in OT, IoT, and IoMT environments.

HOSTED BY

Claroty

CATEGORIES

Frequently Asked Questions

How many episodes does Nexus: A Claroty Podcast have?

Nexus: A Claroty Podcast currently has 50 episodes available on PodParley. New episodes are automatically indexed when they're published to the podcast feed.

What is Nexus: A Claroty Podcast about?

Nexus is a cybersecurity podcast hosted by Claroty Editorial Director Mike Mimoso. Nexus will feature discussions with cybersecurity leaders responsible for the security and protection of cyber-physical systems. Guests include cybersecurity researchers, executives, innovators, and influencers,...

How often does Nexus: A Claroty Podcast release new episodes?

Nexus: A Claroty Podcast has 50 episodes. Check the episode list to see recent publication dates and frequency.

Where can I listen to Nexus: A Claroty Podcast?

You can listen to Nexus: A Claroty Podcast on PodParley by clicking any episode. We provide an embedded audio player for direct listening, and you can also subscribe via your preferred podcast app using the RSS feed.

Who hosts Nexus: A Claroty Podcast?

Nexus: A Claroty Podcast is created and hosted by Claroty.
URL copied to clipboard!