Try Different Roles & Companies In Your First Two Decades

Try Different Roles & Companies In Your First Two Decades

It's hard to keep up with all the movement of OT security professionals between companies, Tim Yardley, Zachery Lambert, Isiah Jones, Pascal Ackerman, Ron Brash, ... There is no sign that demand for OT security pro's will diminish in the next to 1 to 3 years. If...

read more
Supply Chain Cybersecurity: Calamity or Shoulder Shrug II

Supply Chain Cybersecurity: Calamity or Shoulder Shrug II

In August, I wrote about the likely hyperbole in an article, Cybersecurity Risks Loom Large In Hospitals. The financial risk stated in the article that "loomed large" was tiny compared to other financial risks at a large hospital. The numbers in that article would get...

read more
(You Should Have) Zero Trust In PLCs

(You Should Have) Zero Trust In PLCs

Last week at the Singapore CSA OTCEP event a panel I was on received the question: what do we think about the use of zero trust in OT? I'm not sure why we all hesitated to answer. Being polite? Unsure of how to answer? Tired from jet lag or crazy time zones? I can't...

read more
Overwhelmed With Shoulds And Shalls

Overwhelmed With Shoulds And Shalls

Last week the US Government published the Preliminary Critical Infrastructure System Cybersecurity Performance Goals and Objectives that included nine categories of recommended practices. Last week the US Government also published a draft of SP1800-10 Protecting...

read more
More OT Professionals Needed

More OT Professionals Needed

(and maybe fewer OT Security Pro's than originally thought) Kelly Shortridge gave a great keynote on DevOps coming to the OT world at S4x20. I originally asked Kelly to give a talk on DevSecOps. She pushed back on the use of that term because security isn't separate...

read more
Sorry, Security Is A Cost

Sorry, Security Is A Cost

After a recent virtual keynote I was asked a perennial hopeful question: How we can make cybersecurity a source of revenue rather than a cost? The short answer for an OT asset owner is, you can't. The motivation is understandable. Businesses and their executives try...

read more
Cyber Insurance, One (Temporary) Step Backwards

Cyber Insurance, One (Temporary) Step Backwards

I still do a bit of ICS security consulting for asset owners in between S4, speaking at events, and the Unsolicited Response show. This consulting typically requires a $1M Professional Liability Insurance policy. It's renewal time, and below are two new exclusions...

read more
Is IT/OT Convergence’s Momentum Unstoppable?

Is IT/OT Convergence’s Momentum Unstoppable?

My interview last week with Nozomi Networks CEO Edgard Capdevielle dug deep into the OT visibility and detection market today and more importantly where it was heading in the next 1-3 years. Lots of candor and interesting comments from Edgard, and Edgard’s thoughts of...

read more
Calamity or Shoulder Shrug

Calamity or Shoulder Shrug

You Must Understand Your Organization's Risk Management Do you want support and funding for your ICS security initiatives? Then you need to understand what executives view as high, unacceptable consequences that believably could be caused by a cyber or cyber/physical...

read more

GET DALE'S ICS SECURITY NEWS & NOTES EMAIL EVERY FRIDAY

UPCOMING EVENTS

S4x22 ... 25-27 Jan 2022 in Miami South Beach

Save the date. Big comeback event after one year off!

2021/2020 Past Events

Accenture Operation: Next Closing Keynote ... March 24th

Dale will speak on Creating The Future of OT and ICS Security

ICS CYBERSEC 2021 Israel ... February 11th

Dale spoke on the topic of Less

Fortinet Secure OT 2020 Virtual 

Dale's keynote on Innovation Through Disruption.

Hack The Capitol Virtual

Led panel discussion on VC for ICS Security companies

OT-ISAC Virtual Keynote

ICSJWG Virtual Meeting

The Future of ICS Security Products (video)

S4x20 in Miami South Beach

See the videos from the event.