I’m always tempted to start out each episode by talking about a problem, and then setting up our guest as the solution to that problem. It’s formulaic and a bit redundant, but it’s also effective. So I’ll apologize in advance because I’m about to do that very thing again. The difference is that Howard Grimes, the CEO of the Cybersecurity Manufactur…

In this episode of The New CISO, host Steve Moore speaks with Keith Price, Chief Security Officer at National Highways, about the evolving responsibilities of modern security leaders and the critical role of convergence between cyber, physical, and people security. Keith shares real-world stories from his work protecting England’s strategic road ne…

In this episode of Cybersecurity Sense, host Mark Burnette sits down with Andy Kerr and Kyle Hinterberg for a sharp, insightful look at the real-world impacts of artificial intelligence on cybersecurity. From the alarming rise in deepfake attacks to the evolving landscape of PCI compliance, the trio dives into the current hot topics keeping cyberse…

Insider threats are creating new attack vectors, but old-school solutions could rise to the challenge. Regardless of the situation or dynamic, everyone likes to think that they’re special. However, with experience we learn that appreciating both the shared similarities, as well as some of those unique traits, are how we can best solve problems. A g…

In this episode of The New CISO, host Steve Moore speaks with Ben, Director of Group Security and Architecture at Bilfinger, about the role of self-awareness, confidence, and communication in effective cybersecurity leadership. Ben shares his unconventional path to becoming a CISO, how he applies the “done is better than perfect” philosophy, and wh…

In many instances the biggest challenge facing OT cybersecurity practitioners is knowing where to focus resources, especially their time. In other words, what are the priorities for the enterprise, facility and people? I recently sat down with Securin's Lead Threat Intelligence Analyst - Aviral Verma. And while I anticipated a conversation focused …

In this episode of The New CISO, host Steve Moore talks with Nithin Reddy, Global VP of Cybersecurity at Dayforce, about how his dual roles in cybersecurity leadership and education shape his approach to building stronger, smarter teams. Nithin reveals how teaching cybersecurity not only amplifies his impact but also sharpens his communication and …

One of the great things about covering industrial cybersecurity is the number of reports, studies and white papers being produced right now to help provide intelligence on threats, research on new tools, and data on leading trends. The tough part is sorting through all this data and, at some point, prioritizing it in order to get the most and best …

Endpoint security tools worked, but the hackers worked harder for their payday. While everyone likes to know how someone else might have screwed up and what the fallout looks like, the more import elements of episodes like this one come from the in-depth conversations about new tactics and strategies that are being used by the bad guys, and simulta…

In this episode of The New CISO, host Steve Moore speaks with Rich Durost, Chief Information Security Officer at Froedtert ThedaCare Health, about his journey from West Point cadet to cybersecurity leader—and what slicing cake has to do with building effective security programs. Drawing from 23 years in the military and over 15 years in cybersecuri…

We talk a lot about the growing complexity of hacking groups and how their tools and tactics continue to evolve. One such evolution is the ongoing specialization that runs rampant throughout the black hat community – especially when it comes to ransomware. The rise of initial access brokers, affiliate programs, spoofing domain creators, dark web co…

In this episode of The New CISO, host Steve Moore sits down with Michael Mendelsohn, CISO at Majesco, to discuss his journey in cybersecurity—from his early days as a software developer to leading security for a major insurance software company. Michael shares insights into the evolving role of a CISO, the intersection of security and technology, a…

Cybersecurity is evolving, and so is our podcast! 🎙️ New hosts Andy Kerr and Kyle Hinterberg discuss their backgrounds and the a new, broader focus for the podcast—expanding beyond PCI compliance to cover real-world cybersecurity trends. In this episode, you'll learn about the evolution of security challenges and the growing impact of AI in cyberse…

Breaking down silos while securing the cloud and leveraging secure-by-design advancements. The challenges facing the industrial OT landscape that emanate from external sources are … varied, complex and constantly evolving. Smarter hacking groups, AI-driven phishing schemes and deceptive malware viruses head the list of concerns. And while these fac…

One of the goals of the show is to help you better understand all the threats facing your OT assets, your data and your people. In order to do that, we work to identify those individuals with a feel and in-depth understanding of these threats and the evolving network of threat actors. And I can’t think of anyone better to break down the hacker land…

In this episode of The New CISO, host Steve Moore sits down with Yannick Herrebaut, Cyber Resilience Manager at the Port of Antwerp-Bruges, to explore his unconventional journey from intern to security leader. Yannick shares how his early passion for technology, sparked by gaming and building his own PCs, laid the foundation for his career in cyber…

When we talk about the threat landscape for the industrial sector, the eye-catching, headline-grabbing hacking groups with nefarious names typically lead the list of concerns. And while understanding their well-publicized exploits are important, what is often overlooked are all the little things these groups were able to do before dropping malware,…

While we’re still in the infancy of 2025, the New Year has proven to have no issues in welcoming in a number of pre-existing challenges – whether we’re talking about cybersecurity or … other social topics. So, in continuing this trend, we tapped into a unique collection of voices to discuss a topic that has, and will continue to be, vital to indust…

In this insightful episode of The New CISO, host Steve Moore reconnects with Azzam Zahir to explore his career evolution, from cybersecurity leadership to his recent role as a vertical CIO at General Motors. Azzam shares candid reflections on his conscious decision to leave his 12-year tenure, embracing change, and navigating personal growth in lea…

The continued evolution of the CyberAv3ngers hacking group and its IIoT-focused malware. We talk a lot about change on Security Breach. Some of it’s good and obviously some of it makes us want to tear our hair out. Well, this episode, surprisingly, should go easy on the scalp, even though it will focus on the IOCONTROL malware strand recently detec…

Winston Churchill famously stated that, “Those who fail to learn from history are doomed to repeat it.” His concerns about applying lessons learned to post WWII foreign policy initiatives rings just as true in the current cybersecurity climate. So, in an effort to ensure we repeat as few of 2024’s mistakes in 2025, we’re going to take a look at som…

In this insightful episode of The New CISO, host Steve Moore sits down with Sanju Misra, Chief Information Security Officer (CISO) at Alnylam Pharmaceuticals, to explore the pivotal moments that have shaped her impressive career in cybersecurity leadership. Sanju shares her strategies for navigating career transitions, the importance of aligning wi…

As we begin to close out 2024 and look ahead to 2025, I couldn’t resist the urge to revisit some of my favorite guests from the last couple of months. While I’m grateful for everyone we’ve had on the show, and all the support we continue to receive from the industrial cybersecurity community, I felt these comments were worth another listen, with sp…

According to Fortinet’s 2024 State of Operational Technology and Cybersecurity Report, 43 percent of those surveyed reported a loss of business critical data or intellectual property so far in 2024– a number this is up nearly 10 percent from last year. And we all know what happens with this hijacked data. Per the World Economic Forum’s May 2024 whi…

In this episode of The New CISO, host Steve Moore is joined by Sanju Misra, CISO and IT Risk Leader at Alnylam Pharmaceuticals. Sanju shares her journey from a college side hustle on a typewriter to becoming a security leader in the pharmaceutical industry. Along the way, she reflects on the importance of taking risks, embracing roles outside of yo…

Next to artificial intelligence, one of the biggest buzz terms in industrial cybersecurity right now might be SBOM, or software bill of materials. The term generates equal parts concern and eye roll as those entrusted with enterprise defense look to ensure that there are no embedded vulnerabilities amongst the data platforms they are both sourcing …

We assembled some "nerds from the basement" to cover a key strategy in combatting evolving threats. Today’s episode is going to take on a little different flavor, as we’re going to show you one particular tool that can impact a number of your security planning, training and discovery strategies. While table top exercises are nothing new, we’re goin…

For this episode, instead of tapping into one source for feedback and updates on industrial cybersecurity, we’re going to look at some of the key insights previous guests have offered on the evolving threat landscape – from increased risks emanating from technological integrations and an uptick in automation, to the more traditional adversaries res…

In this episode of The New CISO, host Steve Moore welcomes Ryan Shaw, Director of Information Security at Bond Brand Loyalty. Ryan shares his unique journey from working in kitchens and warehousing to becoming a leader in cybersecurity. He reflects on the importance of career change, battling imposter syndrome, and the challenges candidates face in…

While there are plenty of unknowns when it comes to protecting the OT attack surface, there are some things that are undeniably true. We know that the frequency of attacks will continue to increase. We know that it’s not if your ICS will be probed, but when. And we also know that asset and connection visibility is an ongoing challenge due to the im…

Maybe you’re sick of hearing about phishing schemes and the way hackers are using this strategy to infiltrate your networks, access intellectual data, shut down production, or hold your assets for ransom. If that’s the case, then you’ve made a lot of hackers very happy. And based on Proofpoint’s 2024 State of Phish report, protecting against phishi…

So, my daughters like to give me a hard time about growing old. Said another way, I’m a legacy asset - just like most of the devices many of you observe, manage and secure every day. Your machines are still in place because they work. While the technology around these assets has evolved, their core functionality and value to the production process …

Summary: In this episode of The New CISO, host Steve Moore speaks with Nicola Sotira, Head of CERT at Poste Italiane, about his journey from technical expert to business leader, all while following his dreams. Nicola shares the importance of mentorship, the value of building strong teams, and how he applied a Viking mentality to overcome challenges…

While the justifications for additional cybersecurity spending is easy to explain, getting buy-in at the C-level can be difficult. However, some recent research might help you win over those controlling the purse strings. SonicWall’s Mid-Year Cyber Threat Report found that their firewalls were under attack 125 percent of the time during a 40-hour w…

Episode 365 kicks off with discussion around Donald Trump’s recent courting of the crypto world. From there talk moves to Mozilla’s recent decision to enable Privacy Preserving Attribution (PPA) by default – and that’s got some in the EU worried. To wrap up the team discuss two stories related to A.I – first around Microsoft suggesting that omnipre…

One of the most common topics we explore here on Security Breach is the ongoing challenge of asset visibility in the OT landscape. It's frustrating because it would seem that the solution starts with basic inventory management approaches, i.e. the first step in developing frameworks and plans for everything from tool selection to attack response. O…

Episode Summary: In this episode of The New CISO, host Steve Moore is joined by Nicola Sotira, head of CERT at Poste Italiane. Nicola shares his journey from working on cryptographic devices in the pre-internet era to leading security teams today. His early work with assembly language, hardware security, and cryptanalysis offered unique challenges,…

According to Veeam’s 2024 Ransomware Trends Report, cyber victims stated that they were unable to restore 43 percent of whatever data was affected by ransomware attacks. This reaffirms what a number of Security Breach guests have stated about trusting hackers after paying their extortion demands. Another finding shows that 63 percent of ransomware …

Episode 364 kicks off with a chat around the recent furore around Telegram’s problem with unsavoury content. Following that, the conversation moves to a story that might concern people who rely on TOR (The Onion Router), as it’s been disclosed that German police managed to de-anonymise data coming out of an exit node, in order to track and arrest o…

The ongoing theme in industrial cybersecurity centers on two competing dynamics – the desire to expand our implementation of automation and Industry 4.0 technologies with the goal of using more and faster connections, along with the decision-making data each generates to improve the efficiency and quality of production. However, these goals now nee…

Episode 363 kicks off with a discussion around moderation on the popular messaging service, Telegram. From there the team move to discuss how one person managed to siphon off over $10 million from the likes of Spotify and Apple using bots to stream music. To wrap up the team discuss two stories, the first looking at how the Democrats in America are…

We’re back to discuss an all-too-familiar topic – ransomware. Ironically enough, it seems the topics we describe in this manner become so familiar because we can’t figure out viable, long-term solutions. I think part of the challenge for industrial organizations dealing with ransomware is that we have to divide our energy and resources between prev…

A smarter, well-funded hacker community means embracing basic, yet daunting cyber challenges. In manufacturing, regardless of your role, avoiding downtime is an obvious priority, and one of the motivating factors driving investments in cybersecurity. In working to mitigate potential DDoS attacks or malware drops, manufacturers are tapping into more…

In this episode of The New CISO, host Steve Moore sits down with Larry Pfeifer, CEO and President of Metrics That Matter, for a deep dive into the evolving role of the CISO and the increasing importance of cybersecurity insurance. Larry offers valuable insights drawn from his unconventional career in cybersecurity, sharing advice for CISOs and entr…

Episode 362 of the Kaspersky podcast kicks off with discussion around Brazil’s controversial decision to ban Elon Musk’s X platform. From there the team discuss a story from the BBC around the theft of a voice actors voice, which was used on an A.I platform. To wrap up the team discuss how scammers are looking to use sextortion tactics in order for…

Episode 361 of the Transatlantic Cable podcast kicks off with news around the right to switch off in Australia. From there the team talk about privacy – specifically if you should have to pay to have online privacy. To wrap up, the team discuss how and why a popular game has attracted so much online attention. If you liked what you heard, please co…

Sophos recently reported that 65 percent of manufacturing and production organizations were hit by ransomware last year, which, unlike other sectors, is an increase. Overall, these attacks have increased by 41 percent for manufacturing since 2020. Additionally, the cybersecurity firm found that 44 percent of computers used in manufacturing have bee…

I recently watched an interesting documentary called Turning Point: The Bomb and the Cold War on Netflix. Great watch – I’d highly recommend it. Essentially it positioned nearly every prominent geo-political event since World War II as fallout from the U.S. dropping the nuclear bomb on Japan to end World War II. Similarly, we can look at a number o…