To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Search a title or topic

Over 20 million podcasts, powered by 

Player FM logo
Artwork

MBA Business Podcasting Education Aaron Crow
Content provided by Aaron Crows and Aaron Crow. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Aaron Crows and Aaron Crow or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

Similar to The PrOTect OT Cybersecurity Podcast

Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

The PrOTect OT Cybersecurity Podcast « »
John Cusimano: Leveraging ISA/IEC 62443 to Quantify OT Risk

45:04
 
Play
Playing
Share
 

MP3Episode home
Manage episode 496742438 series 3431187
Content provided by Aaron Crows and Aaron Crow. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Aaron Crows and Aaron Crow or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

About John Cusimano: John Cusimano is a seasoned business and thought leader, boasting over 30 years of expertise in process control, functional safety, and operational technology (OT) and industrial control systems (ICS) cybersecurity. With a track record of conducting numerous OT cybersecurity vulnerability assessments, he has played a pivotal role in establishing cybersecurity programs for numerous companies. As a prominent member of the ISA 99 cybersecurity standards committee, he chaired the subcommittee responsible for crafting the ISA/IEC 62443-3-2:2020 standard and developed multiple training courses on OT cybersecurity, showcasing his extensive knowledge and influence in the field.

In this episode, Aaron and John Cusimano discuss:

  • The challenges of quantifying risk in OT environments
  • Prioritizing cybersecurity risks and cybersecurity measures in industrial control systems
  • Identifying critical operational risks and mitigation strategies in industrial environments
  • Navigating risks and embracing opportunities in the face of technological advancements

Key Takeaways:

  • Understanding the complex interplay between physical and cyber risks is crucial; utilizing structured frameworks like the ISA 62443 Standard not only provides a starting point for overwhelmed organizations but also emphasizes the importance of tailoring security measures to the specific, high-impact vulnerabilities unique to each facility.
  • Prioritizing industrial cybersecurity involves breaking down complex systems, evaluating specific vulnerabilities, and engaging in focused discussions between experts and business stakeholders to identify critical risks, ensuring an effective security strategy.
  • In cybersecurity assessments, identifying and prioritizing risks is crucial; often, seemingly small oversights, like unsecured backups, flawed file transfer mechanisms, or unchecked permissions in asset management systems, can lead to significant vulnerabilities, emphasizing the need for comprehensive evaluation and proactive measures in securing critical infrastructure.
  • In the rapidly evolving world of control systems and cybersecurity, the key is to understand and manage risk rather than striving for absolute security, while also embracing technological advancements with caution and vigilance.

"The other approach that a lot of people take is just piling on every security control out there. And that's also not tenable either long term. Sometimes it's actually counterproductive to security because every tool you put in has access." — John Cusimano

Connect with John Cusimano:

Email: [email protected]

Website: www.armexa.com

LinkedIn: https://www.linkedin.com/in/john-cusimano-icssec/ & https://www.linkedin.com/company/armexa

John will be speaking at the 18th Annual API Cybersecurity Conference for the Oil and Natural Gas Industry next week: https://events.api.org/18th-annual-api-cybersecurity-conference-for-the-oil-and-natural-gas-industry

Connect with Aaron:

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:

Website: https://www.industrialdefender.com/podcast

LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/

Twitter: https://twitter.com/iDefend_ICS

YouTube: https://www.youtube.com/@industrialdefender7120

Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

  continue reading

47 episodes

#MBA #Business #Podcasting Education #Aaron Crow
Artwork

John Cusimano: Leveraging ISA/IEC 62443 to Quantify OT Risk

The PrOTect OT Cybersecurity Podcast

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 496742438 series 3431187
Content provided by Aaron Crows and Aaron Crow. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Aaron Crows and Aaron Crow or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://podcastplayer.com/legal.

About John Cusimano: John Cusimano is a seasoned business and thought leader, boasting over 30 years of expertise in process control, functional safety, and operational technology (OT) and industrial control systems (ICS) cybersecurity. With a track record of conducting numerous OT cybersecurity vulnerability assessments, he has played a pivotal role in establishing cybersecurity programs for numerous companies. As a prominent member of the ISA 99 cybersecurity standards committee, he chaired the subcommittee responsible for crafting the ISA/IEC 62443-3-2:2020 standard and developed multiple training courses on OT cybersecurity, showcasing his extensive knowledge and influence in the field.

In this episode, Aaron and John Cusimano discuss:

  • The challenges of quantifying risk in OT environments
  • Prioritizing cybersecurity risks and cybersecurity measures in industrial control systems
  • Identifying critical operational risks and mitigation strategies in industrial environments
  • Navigating risks and embracing opportunities in the face of technological advancements

Key Takeaways:

  • Understanding the complex interplay between physical and cyber risks is crucial; utilizing structured frameworks like the ISA 62443 Standard not only provides a starting point for overwhelmed organizations but also emphasizes the importance of tailoring security measures to the specific, high-impact vulnerabilities unique to each facility.
  • Prioritizing industrial cybersecurity involves breaking down complex systems, evaluating specific vulnerabilities, and engaging in focused discussions between experts and business stakeholders to identify critical risks, ensuring an effective security strategy.
  • In cybersecurity assessments, identifying and prioritizing risks is crucial; often, seemingly small oversights, like unsecured backups, flawed file transfer mechanisms, or unchecked permissions in asset management systems, can lead to significant vulnerabilities, emphasizing the need for comprehensive evaluation and proactive measures in securing critical infrastructure.
  • In the rapidly evolving world of control systems and cybersecurity, the key is to understand and manage risk rather than striving for absolute security, while also embracing technological advancements with caution and vigilance.

"The other approach that a lot of people take is just piling on every security control out there. And that's also not tenable either long term. Sometimes it's actually counterproductive to security because every tool you put in has access." — John Cusimano

Connect with John Cusimano:

Email: [email protected]

Website: www.armexa.com

LinkedIn: https://www.linkedin.com/in/john-cusimano-icssec/ & https://www.linkedin.com/company/armexa

John will be speaking at the 18th Annual API Cybersecurity Conference for the Oil and Natural Gas Industry next week: https://events.api.org/18th-annual-api-cybersecurity-conference-for-the-oil-and-natural-gas-industry

Connect with Aaron:

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:

Website: https://www.industrialdefender.com/podcast

LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/

Twitter: https://twitter.com/iDefend_ICS

YouTube: https://www.youtube.com/@industrialdefender7120

Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

  continue reading

47 episodes

#MBA #Business #Podcasting Education #Aaron Crow

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Similar to The PrOTect OT Cybersecurity Podcast

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play
icon
Help/FAQ | Advertise with Us
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2025 | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox
Listen to this show while you explore
Play