In this episode of Protect It All, host Aaron Crow sits down with Nicholas Friedman to explore how organizations can move beyond compliance and build real, measurable cybersecurity programs across IT and OT environments.

With experience spanning banking, aerospace, and critical infrastructure, Nicholas shares how risk management principles translate across industries - and why understanding business context is critical to protecting operational systems.

This conversation dives into one of the biggest challenges in OT today: asset visibility and risk quantification. From outdated spreadsheets to modern automation, Aaron and Nicholas break down what it actually takes to understand exposure, justify investment, and communicate risk at the board level.

You’ll learn:

• Why asset inventory is the foundation of OT security
• How to move from compliance checklists to real risk reduction
• The importance of risk quantification for CISOs and executives
• How to communicate cybersecurity in business and financial terms
• The role of automation and knowledge transfer in scaling security programs
• Lessons from banking and aerospace applied to utilities and critical infrastructure

Whether you’re leading a cybersecurity program, managing OT environments, or presenting to the board, this episode delivers practical strategies to align security with business value and measurable outcomes.

Tune in to learn how to turn cybersecurity into a risk-driven, business-aligned strategy - only on Protect It All.

Key Moments: 

05:14 Understanding business risk basics

08:40 Building effective OT cybersecurity teams

13:26 Challenges with aging IT and OT systems

14:19 Organizing IT and OT assets

18:31 Understanding OT and IT risks

21:53 Evaluating security risks and priorities

25:31 Improving asset deployment and management

29:14 Evaluating and prioritizing risks

31:12 Shifting focus to success plans

35:59 Selling tech that delivers results

37:22 Hands-on approach to cybersecurity

42:39 Challenges with NERC audit processes

44:47 Balancing compliance and security

49:45 Challenges in power utility operations

51:55 AI, OT, and risk management

56:31 Importance of early compliance planning

About the guest : 

Nicholas Friedman is an enterprise risk and governance leader with 25+ years of experience across Fortune 500 companies and government sectors. He specializes in integrated risk management, compliance, and AI governance - helping organizations build scalable frameworks that align security, risk, and business resilience.

How to connect Nicholas Friedman : 

Linkedin :  https://www.linkedin.com/in/nicholasfriedman/

Website : https://www.templarshield.com/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

This episode is more than a reflection - it’s a story of persistence, curiosity, and community.

Aaron walks through the evolution of IT and OT cybersecurity, the lessons learned from decades in the field, and how conversations with experts across 100 episodes have shaped his perspective on what it truly means to “Protect It All.”

You’ll hear:

• How Aaron’s career in IT and OT began - and what kept him going
• The biggest lessons learned across 30+ years in cybersecurity
• What building a podcast taught him about community and leadership
• How the industry has evolved - and what still hasn’t changed
• Why relationships and shared knowledge matter more than ever
• What’s next for the future of cybersecurity and the podcast

Whether you’ve been listening since episode one or you’re just discovering the show, this episode offers inspiration, perspective, and a deeper look behind the mic.

Tune in to celebrate 100 episodes and the journey of protecting what matters most - only on Protect It All.

Key Moments: 

04:12 Early tech projects and hobbies

09:31 First tech job setting up classrooms

11:20 Getting certified in IT

16:49 Early career in power and cybersecurity

18:08 Building a versatile IT team

24:23 Starting the cybersecurity podcast journey

26:28 Feeling recognized in the podcast world

29:22 Getting started in cybersecurity

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of Protect It All, host Aaron Crow is joined by cybersecurity expert Don C. Weber for a candid, real-world discussion on what it actually takes to build and sustain effective security programs across IT and OT environments.

From CapEx vs OpEx decisions to the growing role of AI in both attack and defense, this conversation cuts through the noise and focuses on what drives real outcomes: understanding business workflows, aligning with leadership, and developing the soft skills needed to turn strategy into action.

You’ll learn:

• Why budgeting (CapEx vs OpEx) directly impacts security success
• The underrated power of soft skills in driving security programs
• How to connect cybersecurity efforts to business value and operations
• The role of pen testing and assessments in improving maturity
• Where AI adds value and where it introduces new risk
• How training and process understanding strengthen long-term resilience

Whether you’re building a new security program or scaling an existing one, this episode delivers practical, experience-driven insights to help you make smarter decisions and drive real impact.

Tune in to learn how to align strategy, people, and investment for stronger OT cybersecurity only on Protect It All.

Key Moments: 

05:49 Technical skills and security requirements

09:10 Understanding data workflows

12:29 Building a vulnerability management program

13:26 Understanding organizational decision history

17:44 Budgeting challenges with CAPEX and OPEX

21:36 Steps in a security assessment

24:17 Starting a cybersecurity program

28:02 Prioritizing remote access security

31:21 Discussing AI's impact on cybersecurity

32:55 Using AI in cybersecurity

38:07 AI simplifying complex knowledge

40:35 AI tools making data queries easier

45:02 Detecting and responding faster

46:05 Networking and shared experiences

About the guest: 

Don C. Weber is a visionary cybersecurity leader who helps defenders safely prove security where it matters most in industrial operations. He is a SANS Principal Instructor, Founder of Cutaway Security, co-author of SANS ICS613: ICS/OT Penetration Testing & Assessments, and he also teaches SANS ICS410: ICS/SCADA Security Essentials to SANS student around the world. He brings years of field work into creating step-by-step labs and planning methods teams can use right away.

How to connect Don: 

LinkedIn: https://www.linkedin.com/in/cutaway/ 

Cutaway Security: https://www.linkedin.com/company/cutaway-security-llc 

CutSec Github: https://github.com/cutaway-security 

CutSec GasPot HMI Lab: https://github.com/cutaway-security/gaspot-hmi-lab 

SANS ICS ICS613 ICS/OT Penetration Testing and Assessments: https://www.sans.org/cyber-security-courses/ics-ot-penetration-testing-assessments

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of Protect It All, host Aaron Crow breaks down key lessons from the Striker attack and what it reveals about today’s evolving threat landscape across IT and OT environments. From energy and healthcare to manufacturing systems, attackers are increasingly using sophisticated techniques like “living off the land” - blending into normal operations instead of deploying obvious malware.

Aaron takes this beyond theory, focusing on what organizations must do before an attack happens.

A major theme? Tabletop exercises. Not as a compliance activity - but as a critical tool for building real incident response readiness, improving team coordination, and exposing gaps that tools alone can’t catch.

You’ll learn:

• What the Striker attack teaches about modern cyber warfare
• How living-off-the-land tactics bypass traditional defenses
• Why tabletop exercises are essential for real-world readiness
• The role of threat hunting and collaboration across teams
• How attackers exploit weaknesses in both IT and OT environments
• Why small, consistent actions can dramatically improve resilience

Whether you’re defending critical infrastructure, leading a cyber team, or just starting your security journey, this episode delivers practical insights you can apply immediately.

Tune in to learn how to prepare before the next attack - not react after it - only on Protect It All.

Key Moments: 

04:59 "Modern Warfare: Cyber and Beyond"

08:47 "Security Risks of Remote Wipe"

10:31 "Living Off the Land Tactics"

13:11 "Balancing Power and Security"

19:12 "Vulnerabilities Demand Swift Action"

20:21 Prioritize Risk, Justify Investment

25:04 Practice Preparedness Before Crisis

26:48 Weak Links Threaten Cybersecurity

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this urgent episode of Protect It All, host Aaron Crow breaks down the rising wave of cyber threats targeting critical infrastructure, from energy and water utilities to manufacturing and transportation systems.

Drawing on recent global events and real-world incidents, Aaron explores how nation-state actors, hacktivists, and advanced adversaries are increasingly targeting operational technology environments. These attacks often rely on “living off the land” techniques - leveraging existing tools and access inside networks rather than deploying obvious malware.

But this episode isn’t about panic. It’s about practical defense.

Aaron outlines the immediate steps OT security teams can take to strengthen resilience - even with limited resources and tight budgets.

In this episode, you’ll learn:

• Why global instability increases cyber risk for critical infrastructure
• How attackers exploit existing tools using living-off-the-land tactics
• The importance of vigilance, monitoring, and patching in OT environments
• Why access control and identity management are critical defenses
• How organizations can improve security posture without massive investments
• The role of collaboration and awareness in defending essential systems
  
  

Whether you operate power systems, water facilities, industrial plants, or transportation infrastructure, this episode provides real-world guidance to help you stay ahead of evolving threats.

Tune in to learn how OT teams can strengthen defenses and protect the systems society depends on - only on Protect It All.

Key Moments:

03:41 "Rising Cyber Threats Amid Tensions"

08:24 Nation-State Cyber Threats Unveiled

11:23 "Advanced Cybersecurity and Monitoring"

14:24 Prioritizing and Addressing Security Risks

17:24 Practical Steps for Cybersecurity Improvements

19:34 "Focus on Resources and Action"

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of Protect It All, host Aaron Crow breaks down the December 2025 cyberattack on Poland’s energy infrastructure, where coordinated attackers disrupted wind farms, solar installations, and heat and power plants - impacting nearly half a million people.

This real-world incident highlights the growing risks facing distributed energy resources (DER) and modern power grids. As energy systems become more connected and decentralized, the attack surface expands - often faster than security programs can adapt.

Aaron walks through what actually went wrong: default passwords, unpatched devices, and weak network segmentation that allowed attackers to brick OT equipment and blind operators to what was happening in their own systems.

You’ll learn:

• How attackers targeted renewable energy infrastructure at scale
• Why edge devices and distributed assets create new vulnerabilities
• The importance of eliminating default credentials and poor configurations
• Why network segmentation and secure remote access are essential
• What grid operators and OT teams must prioritize immediately
• How lessons from Poland apply to power grids worldwide
  
  

For engineers, operators, and cybersecurity leaders responsible for critical infrastructure, this episode delivers practical insights on defending modern energy systems before attackers strike again.

Tune in to understand what Poland’s grid attack reveals about the future of OT security - only on Protect It All.

Key Moments: 

04:57 "Corrupted Firmware Disables System Control"

10:01 DER Risks and Scaling Threats

10:55 Risks of Expanding Energy Grids

16:30 OT Security Vulnerabilities and Risks

18:34 Prioritize OT Security Systems

23:06 Change Default Passwords Immediately

24:49 "Critical ICS Security Measures"

30:15 "OT Cyber-Physical Response Plan"

32:56 "Critical Security Steps for Resilience"

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this solo episode of Protect It All, host Aaron Crow breaks down how cybersecurity professionals can safely integrate AI into their IT and OT workflows. As tools like ChatGPT, Copilot, and enterprise AI platforms become part of daily operations, the question isn’t whether to use AI - it’s how to use it responsibly.

Aaron moves beyond buzzwords to focus on practical, everyday applications: automating reports, summarizing threat intelligence, drafting policies, enhancing documentation, and streamlining repetitive tasks. At the same time, he tackles the real concerns leaders face - data privacy, compliance, policy alignment, and shadow AI risks.

You’ll learn:

• Where AI delivers immediate value in cybersecurity workflows
• How to automate without exposing proprietary or regulated data
• The difference between enterprise AI tools and public platforms
• How to align AI usage with corporate security policies
• Practical ways CISOs and analysts can boost productivity safely
• Why governance and awareness matter as much as innovation
  
  

Whether you’re leading a security program or working hands-on in IT or OT environments, this episode delivers actionable strategies to use AI smarter—not riskier.

Tune in to learn how to automate with confidence and stay ahead of the curve—only on Protect It All.

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of Protect It All, host Aaron Crow dives into one of the biggest misconceptions in operational technology: the belief that compliance equals protection. Using NERC CIP 15 as a real-world case study, Aaron explores why meeting regulatory requirements is only the starting point - not the finish line.

A major focus of this conversation is OT network monitoring, especially the often-overlooked east-west traffic inside your environment. Many organizations monitor perimeter traffic while internal blind spots remain wide open.

You’ll learn:

• Why compliance frameworks don’t automatically create security
• The real challenges of implementing NERC CIP 15 at scale
• Why internal network visibility (east-west monitoring) matters
• How to establish meaningful baselines in legacy OT environments
• The difference between audit success and operational resilience
• Why architecture, tooling, and skilled personnel must work together
  
  

Whether you’re working in utilities, manufacturing, or critical infrastructure, this episode provides practical guidance on how to move beyond checklists and build security programs that truly reduce risk.

Tune in to learn how to transform compliance requirements into real operational protection - only on Protect It All.

Key Moments: 

00:00 OT Security Blind Spots

05:15 "OT Security and Monitoring Challenges"

10:41 Aging Switches and Monitoring Challenges

13:16 OT Protocols and Infrastructure Challenges

15:42 "IT vs OT: Complexity Challenges"

18:03 "Balancing Compliance and Security"

21:57 Securing Critical Infrastructure Spaces

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of Protect It All, host Aaron Crow sits down with OT security expert Dean Parsons to unpack what actually improves cybersecurity maturity in manufacturing, water, and wastewater environments. From remote access blind spots to outdated network architecture, they explore the practical gaps many organizations face - and how to fix them without massive budgets.

A central theme? Tabletop exercises. Not as a compliance checkbox - but as a powerful tool to build collaboration between IT and OT teams, clarify roles, and stress-test real incident response plans before a crisis hits.

You’ll learn:

• Why tabletop exercises accelerate OT maturity
• The importance of trust between engineers and IT teams
• How focusing on the SANS 5 Critical Controls drives meaningful progress
• Why visibility and architecture matter more than shiny tools
• How to improve OT security without overwhelming teams or budgets
• The human and process factors that determine response success
  
  

Whether you’re leading OT security, managing critical infrastructure, or trying to bridge IT and engineering teams, this episode delivers practical, experience-backed strategies you can implement immediately.

Tune in to learn how to strengthen OT security through people, process, and purposeful action - only on Protect It All.

Key Moments: 

03:57 "Improved IT-OT Collaboration Tabletops"

08:57 "ICS Security Priorities"

12:16 "Accelerating ICS Cybersecurity Programs"

15:07 Trusted Expertise Builds Credibility

17:28 "Engineering Role in Incident Response"

20:53 "Cybersecurity: Tabletops Gain Traction"

26:34 "Control Systems, Protocol Abuse Insights"

27:51 Secure Architecture Enables Network Visibility

33:07 "Targeted Network Monitoring Essentials"

35:23 Prioritize Critical Assets Strategically

37:50 "Bridging IT and OT Expertise"

41:56 Critical Infrastructure Security Risks

44:30 ICS Leadership and Threat Strategy

48:14 "Power Plant Walkthrough Insights"

52:02 Critical Cyber Asset Management

57:29 "SANS Courses: Essential and Valuable"

About the guest : 

Dean Parsons is a SANS Principal Instructor and the CEO and Principal Consultant of ICS Defense Force. Over the past two decades, Dean has built and led industrial cyber defense programs, conducted incident response and digital forensics in live plants and partnered with operators and engineers to maintain both safety and uptime across major industrial sectors.

He helps organizations align investment and policy decisions with operational priorities, developing risk metrics and tabletop exercises that unify operations, engineering, and cybersecurity so organizations in any industrial sector can prioritize and measure what matters.

How to connect Dean : https://www.linkedin.com/in/dean-parsons-cybersecurity

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In Episode 92 of Protect It All, host Aaron Crow sits down with Corey LeBleu, founder of Relix Security and seasoned penetration tester, for a candid look at what actually causes organizations to get compromised and why fundamentals still matter more than the latest security trends.

Drawing from years of red-team and penetration-testing experience, Corey shares real stories from the field: forgotten printers, unmanaged IoT devices, legacy systems no one owns anymore, and misconfigurations hiding in plain sight. Together, Aaron and Corey unpack why asset visibility, patching, and change management continue to be the weakest links - even as AI and automation enter the security conversation.

You’ll learn:

• Why old printers, IoT devices, and “temporary” systems are prime attack paths
• What most organizations misunderstand about pen testing and red teaming
• How poor asset inventory and change management undermine security programs
• The real risks behind shadow IT and unmanaged tools
• Where AI helps in pen testing and where experience still wins
• Why mastering the basics beats chasing new security gadgets every time
  
  

Whether you’re a security professional, IT leader, or someone looking to break into cybersecurity, this episode delivers practical, no-nonsense lessons from the front lines - focused on what actually reduces risk.

Tune in to hear why cybersecurity success still starts with the fundamentals - only on Protect It All.

Key Moments: 

03:57 Critical Infrastructure: Finding Vulnerabilities

06:44 "Cyber Risks from Hidden Devices"

11:25 Cybersecurity: Focus on Basics

16:09 Complex Systems Demand Continuous Testing

18:17 Understanding Complex System Security

22:54 "Testing: External vs. Internal"

24:12 Enterprise Challenges with AI Integration

27:40 AI Lowers Barriers for Hacking

About the guest : 

Corey LeBleu has built a career around application security testing, becoming deeply involved in integrating vulnerability assessments throughout the software testing lifecycle. Noticing shifts in industry practices, Corey observed major international financial institutions moving to routinely pentest every application- even legacy IBM systems - leading the way in robust cybersecurity practices. In contrast, Corey also highlights the challenges faced by manufacturing, where operational technology often suffers from outdated, vulnerable systems. Corey’s experience showcases the evolving landscape of application security, emphasizing the need for continuous testing and vigilance across diverse industries.

How to connect Corey :
https://www.linkedin.com/in/coreylebleu/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of Protect It All, host Aaron Crow is joined by Steve Rutherford, VP of Sales at Hyperport and former military officer, for a candid conversation on how secure remote access in operational technology (OT) has evolved - and where it’s heading next.

They unpack how COVID accelerated remote connectivity across critical infrastructure, why many traditional IT security tools fall short in OT environments, and what protection really looks like when safety, reliability, and uptime are non-negotiable. Drawing from military discipline and frontline OT experience, Steve shares a grounded perspective on managing risk in environments where failure has physical-world consequences.

You’ll learn:

• How COVID permanently changed OT remote access expectations
• Why IT-first security approaches don’t translate well to OT
• The role of layered access controls and policy-driven permissions
• How dynamic access and trust scoring are reshaping OT security
• Where IT/OT convergence helps - and where it creates new risk
• What leaders must prioritize to balance access, safety, and resilience
  
  

If you’re responsible for enabling remote access while protecting critical operations, this episode delivers real-world insight, practical guidance, and a forward-looking view of OT cybersecurity.

Tune in to understand what secure OT access really requires in today’s threat landscape- only on Protect It All.

Key Moments: 

00:00 Securing Critical Infrastructure Access

03:59 "OT Mindset: Defense and Offense"

07:26 "Remote Access Challenges in Operations"

11:45 "Challenges in OT-IT Integration"

16:07 Authority Must Match Responsibility

18:23 Simplifying OT Authentication Challenges

21:53 "Dynamic Trust Scoring with AI"

24:05 "Access Control and Segmentation"

28:57 "Secure Access Without Overreach"

33:12 "Left of Boom Awareness"

35:56 OT Security and Local Control

39:35 "Driving Early Adoption Awareness"

41:54 "Proactive Support for Critical Infrastructure"

45:52 "Remote Work Enhances Team Efficiency"

47:17 "Exciting Tech for Cybersecurity"

About the guest :
Steve Rutherford is a former U.S. Army officer and aviator who transitioned his mission-driven mindset from military service to protecting critical infrastructure through operational technology (OT) security. After exploring multiple industries, Steve found a natural alignment between military operations and OT environments - where safety, reliability, and uptime are non-negotiable. Today, he works in secure user access for OT, helping organizations protect the systems that power modern life.

How to connect steve : 

Website : https://hyperport.io/

Linkedin: https://www.linkedin.com/in/steverutherford1/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of Protect It All, host Aaron Crow breaks down the real challenges of securing connectivity across IT and OT environments. As vendors, technicians, and support teams increasingly rely on remote access, many organizations struggle with poor visibility, legacy systems, and unclear network boundaries - creating unnecessary risk.

Aaron walks through newly released secure connectivity guidance from CISA and the UK National Cyber Security Centre, translating an eight-point framework into practical, real-world steps that security and operations teams can actually implement.

You’ll learn:

• Why remote access is one of the biggest OT risk multipliers
• How poor visibility creates blind spots attackers love
• Why asset inventory and documentation are foundational - not optional
• How segmentation and least-privilege design shrink the attack surface
• What compliance frameworks get right - and what they don’t
• Best practices for vendor access, MFA, session recording, and monitoring
• How to design secure connectivity without breaking operations
  
  

Whether you’re responsible for OT security, managing vendors, or bridging IT and OT teams, this episode delivers actionable guidance to help you regain control of connectivity and protect critical infrastructure.

Tune in to learn how to secure access without sacrificing operations - only on Protect It All.

Key Moments: 

01:11 "Secure Connectivity in OT"

05:10 "Reducing Attack Surface Through Access Limits"

10:02 "Control System Upgrade Failure Impact"

12:00 Beyond Passwords: Strengthening Security

17:16 "Strengthening Cybersecurity Basics"

18:26 "Balancing Compliance and Security"

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of Protect It All, host Aaron Crow breaks down what cybersecurity really looks like for small and medium-sized businesses with limited resources. With nearly half of all cyberattacks aimed at SMBs and many companies never recovering, this episode focuses on what actually matters when budgets, time, and teams are tight.

Aaron cuts through fear-based messaging and tool overload to share simple, affordable steps that can dramatically reduce risk without requiring a full security team or enterprise spend.

You’ll learn:

• Why small businesses are prime cyber targets
• The most common mistakes that lead to catastrophic loss
• How basic policies and employee awareness stop most attacks
• Why multi-factor authentication, backups, and segmentation are non-negotiable
• How to prioritize cybersecurity when resources are limited
• Why resilience not perfection is the real goal
  
  

Whether you’re a founder, business owner, or IT lead at a growing company, this episode gives you practical guidance you can act on immediately before a cyber incident forces your hand.

Tune in to learn how to protect your business, your data, and your future only on Protect It All.

Key Moments: 

03:37 Cybersecurity Risks for Small Businesses

08:06 System Security and Backup Essentials

12:21 Cybersecurity: Prepare, Monitor, Survive

14:21 Efficient Device Monitoring Simplified

19:31 "Three-Two-One Backup Strategy"

20:20 "Planning Left of Bang"

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this kickoff episode for 2026 of Protect It All, host Aaron Crow shares practical, real-world guidance on how cybersecurity leaders can avoid last-minute scrambles and instead build momentum that lasts all year. Drawing from years of experience across IT and OT environments, Aaron explains why people, trust, and planning matter more than any single tool or technology.

This episode dives into how successful teams think ahead, budgeting wisely, engaging stakeholders early, and creating space for learning, networking, and collaboration beyond spreadsheets and ROI metrics.

You’ll learn:

• Why starting early is the most underrated cybersecurity advantage
• How trust and relationships accelerate security programs
• Why investing in people over tools delivers better outcomes
• How to avoid procrastination and year-end panic
• The role of networking, conferences, and peer learning in long-term success
• How diversity, challenge, and momentum strengthen security teams
• What leaders should prioritize to make 2026 a year of progress - not firefighting
  
  

Whether you’re planning budgets, building teams, or refining IT/OT security strategy, this episode delivers actionable guidance to help you move from intention to execution.

Tune in and learn how to build a cybersecurity program that works all year long - only on Protect It All.

Key Moments: 

03:51 "Planning for Unforeseen Challenges"

09:02 "AI Automation: Challenges and Expectations"

10:21 "Budgeting: The Importance of Buffers"

16:16 "Diversity in Problem-Solving Approaches"

17:53 "Understanding Perspectives and Future Goals"

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this end-of-year wrap-up episode of Protect It All, host Aaron Crow takes a hard look at the growing hype around AI in cybersecurity and explains why fundamentals still matter more than any shiny new tool, especially in OT environments.

Drawing from real-world experience and industry observations, Aaron challenges the belief that AI can compensate for missing basics like asset inventory, network segmentation, and clear ownership. He reframes AI as a powerful assistant not a savior and warns against the risks of rushing into automation without understanding what you’re protecting in the first place.

You’ll learn:

• Why basic cybersecurity hygiene still determines success or failure
• How AI fits best when foundations are already in place
• The dangers of shadow AI in OT and industrial environments
• Why asset visibility and segmentation remain non-negotiable
• How leaders should think about AI as a support tool - not a shortcut

What OT and IT teams should prioritize heading into 2026
Whether you’re closing out the year or planning ahead, this episode delivers a grounded, experience-driven perspective on building resilient cybersecurity programs—without chasing hype.

Tune in to hear why mastering the basics is still the smartest cyber strategy - only on Protect It All.

Key Moments: 

03:32 "Technology Complexity vs. Practicality"

09:33 "AI as an Entry-Level Intern"

12:29 "AI: A Powerful Team Tool"

16:24 "AI Alone Won't Fix Cyber"

19:34 "Mastering Basics Before AI Integration"

21:46 "Shadow AI and Resilience"

25:26 "Addressing Gaps and Ownership"

30:27 "Foundations Matter for Success"

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of Protect It All, host Aaron Crow sits down with veteran IT and cybersecurity leader Neil D. Morris, who brings over 30 years of experience across aerospace, defense, and energy sectors. Together, they cut through the hype to explore what really matters when modernizing technology and managing cyber risk in complex, real-world environments.

Neil shares candid insights on why legacy systems still power critical operations, why replacing them isn’t as simple as it sounds, and how organizations can unlock real value from AI without increasing risk. The conversation dives into tech debt, regulation, ROI, and the often-overlooked role of process in successful transformation.

You’ll learn:

• Why legacy systems aren’t going away anytime soon
• The hidden risks of chasing AI without strong foundations
• How to balance security, usability, and business value
• Why process and governance matter more than tools
• How IT leaders can communicate cyber and AI value in business terms
• Where AI creates opportunity - and where it creates new attack paths
  
  

Whether you’re leading digital transformation, managing cyber risk, or advising the business on AI adoption, this episode delivers real talk and practical wisdom from the front lines of IT and OT leadership.

Tune in to learn how to modernize responsibly, manage risk intelligently, and separate AI reality from hype only on Protect It All.

Key Moments: 

00:00 "Legacy Tech in Modern Firms"

06:22 "Technology, Change, and Customer Focus"

09:51 "Challenges in Articulating Cybersecurity Value"

12:27 "Tech Solutions Must Drive Value"

15:43 Sell Ideas Beyond the Code

19:03 "Ransomware Risks in Acquisitions"

24:02 Government, Services, and Compliance Debate

25:35 Balancing AI, Cybersecurity, and Regulation

30:33 BlackBerry's Downfall: Ignored Innovation

32:06 "Evolution and Misuse of AI"

34:45 "Opportunity to Lead Change"

37:52 "AI Without Guidance Backfires"

41:07 "AI: Smart but Context-Lacking"

46:45 "AI Empowering Business Transformation"

50:30 "Effortless Tech-Fueled Imitation"

About the guest : 

Neil D. Morris is a senior enterprise technology leader with 25+ years of experience in digital transformation, cybersecurity, and AI at scale. He currently serves as Head of IT at Redaptive and previously held CIO roles at Ball Aerospace and Maxar Technologies. Neil is known for guiding organizations through complex modernization efforts while balancing security, risk, and business value.

How to connect Neil: https://www.linkedin.com/in/neildmorris/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of Protect It All, host Aaron Crow sits down with Sue McTaggart, a cybersecurity leader with a software development background and more than 15 years of experience driving security transformation. Together, they explore how cybersecurity success today depends less on shiny new tools and more on culture, governance, and fundamentals done right.

Sue shares her journey from developer to cybersecurity leader, offering real-world insights into embedding security thinking into everyday work - not bolting it on after something breaks. The conversation tackles the realities of AI adoption, the risks of over-automation, and why human oversight and curiosity remain essential in an increasingly automated world.

You’ll learn:

• Why technology alone can’t fix cybersecurity problems
• How to embed a security-first mindset across teams and leadership
• What AI changes - and what it doesn’t - in cybersecurity governance
• The role of Zero Trust and foundational cyber hygiene
• Why people, process, and accountability prevent more breaches than tools
• How generational shifts and curiosity shape the future of cyber careers

Whether you’re a security leader, technologist, or business decision-maker navigating AI adoption, this episode delivers grounded, practical wisdom for building resilience that lasts.

Tune in to learn why strong cybersecurity still starts with people, not platform,s only on Protect It All.

Key Moments:

01:12 Cybersecurity Evolution and Insights

03:51 "Cybersecurity Requires Culture Shift"

07:09 "Tech Failures and Curfew Challenges"

10:30 "Prioritizing Security in AI Development"

15:05 Cybersecurity's Role in Everything

19:37 "Everything is Sales"

23:54 Adapting Communication for Audiences

26:26 "Think Ahead, Stay Curious."

28:30 Tinkering and Curiosity Unleashed

31:32 "Gen Z: Redefining Work and Life."

36:17 Governing AI: Benefits and Risks

37:59 AI Needs Human Oversight

42:35 "AI's Role in Cybersecurity."

47:25 "Hackers Exploit Basic Vulnerabilities."

About the guest:

Sue McTaggart is a passionate educator and cybersecurity professional with a strong background in software development. Her curiosity and desire to raise awareness led her to transition from developing applications primarily in languages like Java in the early 2000s to the field of cybersecurity. Sue is dedicated to empowering others through education and strives to share her knowledge to help others better understand cybersecurity risks and solutions. She is honored and humbled by opportunities to speak about her work and continues to inspire those around her with her commitment to ongoing learning and public awareness.

How to connect Sue: https://www.linkedin.com/in/sue-mctaggart-24604158/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of Protect It All, host Aaron Crow sits down with cybersecurity veteran Sharad Rai to explore how IT and OT security teams can reduce complexity, fight alert fatigue, and build stronger defenses through foundational practices and intelligent automation.

Sharad brings decades of real-world experience - from early firewall management to leading large-scale security programs at major financial institutions. Together, Aaron and Sharad break down what actually works in cybersecurity today: simplifying policies, understanding user behavior, strengthening basics like patching, and leveraging AI for contextual decision-making.

You’ll learn:

• Why human behavior is the root of both risk and resilience
• How AI can reduce complexity, noise, and alert fatigue
• What “good vs bad” looks like through an AI-driven, context-aware lens
• How policy overload cripples organizations - and how to fix it
• Why OT and IT security still depend on foundational hygiene
• The rise of browser-based security and Chrome as an endpoint
• What’s coming next: AI-driven phishing, contextual controls, and automated response

Whether you're a security leader, practitioner, or just navigating modern cyber challenges, this episode will reshape how you think about defending systems and the people using them.

Tune in to discover how AI, clarity, and human-centered design are shaping cybersecurity’s next chapter only on Protect It All.

Key Moments: 

06:21 "Cybersecurity Basics: Know the Layers"

09:49 "Defining Good to Block Bad"

13:03 Alarm Fatigue and Information Overload

14:01 Alarm Tuning and Data Utilization

19:02 RFID Tags and Process Frustration

23:03 Simplifying Cybersecurity for Success

25:18 "AI Optimizing Policy Adjustments"

27:33 "Tech Frustrations Then and Now"

31:46 Cloud Computing Transformed Everyday Work

36:05 Focus on Foundational Basics

About the guest : 

Sharad Rai is a cybersecurity leader and architect with over 20 years of experience securing some of the world’s most complex financial institutions. As Vice President of Security and Architecture at State Street, he leads regulatory-driven initiatives and delivers enterprise-wide cybersecurity programs across cloud, infrastructure, and endpoint platforms. Sharad has held key security roles at Morgan Stanley, BNP Paribas, Jefferies, and Foundation Medicine, with deep expertise in EDR, PAM, SASE, ZTNA, and cloud-native security. He is known for simplifying complexity, reducing risk, and bridging product, engineering, and executive teams.

How to connect Sharad: https://www.linkedin.com/in/sharad-rai-cissp-a951a28

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of Protect It All, host Aaron Crow sits down with Daniel Swann, Cyber Incident Commander at Rockwell Automation, to pull back the curtain on what really happens during IT and OT incidents. With decades of experience across the U.S. Air Force, enterprise environments, and industrial operations, Daniel shares lessons learned the hard way - from managing chaos in real time to building a culture where teams can learn without blame.

You’ll learn:

• Why documentation and scribe roles can make or break an incident response
• How blameless postmortems actually strengthen team performance
• What military-style discipline can teach us about OT and IT incident handling
• How to run effective tabletop exercises that expose real gaps
• The human factors - communication, clarity, ownership - that reduce downtime and panic
• Practical strategies to evolve your incident response plan before the next breach
  
  

Whether you’re developing your first IR playbook or leading seasoned response teams, this episode delivers actionable, real-world insights that help you prepare, respond, and recover with confidence.

Tune in for battle-tested wisdom from military operations to industrial control rooms - only on Protect It All.

Key Moments: 

00:00 "Protect IT/OT Cybersecurity Podcast"

03:30 Cybersecurity: Versatility Is Key

07:52 "Balancing Bureaucracy and Flexibility"

10:20 "Practice Makes Plans Effective"

14:17 "Learning While Doing"

18:44 "Document Key Info in Incidents"

19:46 "Versatile Team Role Importance"

22:45 "Tracking Lessons with Visibility"

28:34 Proactive Reporting Encouraged

29:33 Safe Reporting Prevents Phishing Incidents

32:52 "Bridging IT and OT Safely"

37:15 Team Collaboration Enhances Outcomes

41:00 Military Preparedness and Logistics Planning

42:59 Preparing for Unlikely Scenarios

47:20 AI Threats to OT Systems

48:32 "AI's Impact on Learning and Jobs"

About the guest: 

Daniel Swann is a seasoned Cyber Incident Commander at Rockwell Automation, bringing 17+ years of IT leadership and nearly a decade of cybersecurity experience. A U.S. Air Force veteran, he has led global cyber operations, responded to major vulnerabilities like Log4J, and driven large-scale improvements in incident response and vulnerability management. Daniel is highly certified, mission-driven, and recognized for building strong, resilient security teams.

Links : 

Video of Daniel Swann with Kate Vajda, Director of Vulnerability Research and Malware Threat Research, Dragos : https://www.youtube.com/watch?v=4zotgrPk8vI

Connect with Daniel on LinkedIn : https://www.linkedin.com/in/j-daniel-swann/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of Protect It All, host Aaron Crow sits down with Mark Sasson, Managing Partner at Pinpoint Search Group, to break down what the future of cybersecurity careers really looks like. From the rise of AI and automation to the growing importance of human skills, they uncover the new realities facing candidates, hiring managers, and leaders across IT and OT security.

You’ll learn:

• Why soft skills, communication, and adaptability are now just as critical as technical expertise
• How AI is reshaping job searches, resumes, and candidate evaluation
• The shift between employer-driven and candidate-driven markets
• What separates standout candidates in today’s competitive landscape
• How startups think about hiring -  and what they won’t compromise on
• Practical steps to future-proof your cybersecurity career starting now
  
  

Whether you’re entering cybersecurity, leveling up your role, or hiring your next team member, this episode delivers real-world, actionable insights to help you stay relevant  - and competitive in an evolving industry.

Tune in to learn how to stay ahead in the cybersecurity job market of today and tomorrow  only on Protect It All.

Key Moments: 

04:14 Recruitment Growth and Funding Trends

06:42 Tangible Value in AI Age

12:18 "Stepping Outside the Comfort Zone"

15:16 "Growth Through Embracing Discomfort"

19:23 "Embracing Growth and New Challenges"

21:01 Balancing Growth and Bold Moves

25:14 "Breaking Into Tech: Sacrifice & Strategy"

27:40 Experience Beats Book Knowledge

32:13 Human Insight Beats AI in Hiring

34:45 AI Recruitment: Potential, Limits, Distinctions

39:37 "Reluctant Growth through Opportunity"

42:47 "AI Tools: Benefits and Downsides"

44:29 "Human-Centered Hiring Over AI"

50:12 "Human Connection Over Technology"

53:23 "Planning Your Next Step"

About the guest: 

Mark Sasson is the Managing Partner of Pinpoint Search Group, a recruitment firm specializing in helping innovators in emerging markets attract the talent needed to drive maturation, scale, and successful outcomes. In 2014, Mark launched Pinpoint’s Cybersecurity practice, where he and his team have successfully completed hundreds of executive and senior-level individual contributor searches for leading Cybersecurity vendors. Building on that success, Mark is now guiding Pinpoint’s expansion into the rapidly evolving Space sector.

Connect Mark: 

Website: https://pinpointsearchgroup.com/

LinkedIn: linkedin.com/in/markjsasson/
Learn more about Cybersecurity Vendor M&A + Funding Roundups here : https://pinpointsearchgroup.com/cybersecurity-industry-reports/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of Protect It All, host Aaron Crow teams up with Lior Frenkel, CEO and co-founder of Waterfall Security, to explore how industries are rethinking OT cybersecurity in the age of ransomware and AI-powered attacks. Together, they break down why traditional firewalls can’t fully protect industrial control systems and how unidirectional gateways (data diodes) are redefining safety for everything from nuclear plants to casinos.

You’ll learn:

• What data diodes really are and how they physically block inbound attacks.
• Why “air gaps” are no longer enough for modern connected environments.
• How remote-access tools like HERA are enabling secure operations.
• Real-world stories of industries upgrading defenses without losing efficiency.
  
  

Whether you manage critical infrastructure, handle OT security, or just want to understand how cyber-physical systems stay safe, this episode will give you a new appreciation for data flow, digital risk, and resilience.

Tune in to discover the future of secure connectivity - only on Protect It All.

Key Moments: 

07:46 Balancing Security and Operational Data

16:25 "One-Way Data Flow Explained"

22:19 "Air Gap for Data Transfer"

27:44 Increasing Awareness of Security Threats

32:05 Challenges of Power Plant Management

35:29 Global Risks Require Local Understanding

44:44 "OT Security and Zero Trust"

48:24 "Remote Access vs On-Site Work"

55:48 "HERA: TPM-Powered Remote Access"

58:43 Encrypted Remote Access Streaming

01:05:32 Secure Remote Control for Infrastructure

01:13:00 "Solving Critical Incident Response Gaps"

About the Guest :
Lior Frenkel is a globally recognized OT cybersecurity leader and the CEO/co-founder of Waterfall Security Solutions, the company behind the industry-standard Unidirectional Security Gateways protecting critical infrastructure worldwide. With 25+ years of cybersecurity expertise, multiple patents, and leadership roles across Israel’s top technology, industrial, and export organizations, Lior is a key voice shaping the future of industrial cyber defense and national cyber strategy.

How to connect Lior:

Website: https://waterfall-security.com/
LinkdIn: https://www.linkedin.com/in/lior-frenkel-91534/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this eye-opening episode of Protect It All, host Aaron Crow sits down with Hadi Heidari, a cybersecurity veteran turned tech entrepreneur, to explore the groundbreaking (and sometimes risky) ways artificial intelligence is reshaping both digital defense and creative innovation.

From AI-driven SOC operations and threat detection to music creation, data privacy, and identity protection, Aaron and Hadi dive deep into how the same technologies fueling creativity are also rewriting the rules of cybersecurity.

You’ll discover:

• How AI is transforming both cyber defense and music production.
• The hidden risks of data training, privacy, and model misuse.
• How startups like Tune Pack are empowering artists through ethical AI.
• Why balancing innovation with integrity matters more than ever.

Whether you’re protecting critical infrastructure or composing your next track, this episode will challenge how you think about creativity, ethics, and security in the AI era.

Tune in for an inspiring conversation that bridges tech and artistry, only on Protect It All.

Key Moments:

06:34 AI: Opportunities and Regulation Challenges

09:57 AI Risks: Data Privacy Challenges

11:03 AI Education for Security Awareness

15:50 "AI Risks in Cybersecurity Actions"

18:54 "AI Trust and IAM Policies"

21:13 AI Decision-Making Ethical Dilemma

27:19 AI Oversight and Quality Control

30:34 AI Ethics in Data Training

31:30 AI Ethics: Consent and Data Use

35:43 Detecting AI-Generated Fakes

37:59 AI, Security, and Challenges

42:33 AI Revolutionizing Security Analysis

47:14 "Learning Daily in Tech Space"

50:58 "Embracing Change in Music Industry"

About the guest : 

Hadi Heidari is the founder of TunePact, an AI label service designed to support independent musicians. With over 20 years of experience in cybersecurity, Hadi’s journey into the music industry is an unusual one. While he continues to work as a governance and compliance advisor in cybersecurity, his move to Los Angeles inspired him to bridge his technical background with his passion for music. His unique blend of expertise in technology and creativity now helps empower indie artists in today’s digital landscape.

How to connect Hadi : 

https://www.linkedin.com/in/hadihheidari/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of Protect It All, host Aaron Crow pulls back the curtain on one of cybersecurity’s most underestimated frontiers - Open Source Intelligence. He reveals how attackers leverage publicly available data from LinkedIn profiles to leak passwords, mapping out targets, infiltrating systems, and exploiting the human attack surface.

Drawing from real-world incidents and years of experience across IT and OT security, Aaron explains:

• How Open Source Intelligence fuels social engineering and insider threat campaigns.
• Why protecting systems isn’t enough - you must protect people.
• How to use Open Source Intelligence proactively for threat modeling and risk mitigation.
• Steps to monitor your digital footprint and reduce exposure before it’s too late.
  
  

Whether you’re a cybersecurity professional, executive, or simply digital-curious, this episode will change how you think about “public information.”

Tune in to learn how Open Source Intelligence can both expose and empower your cybersecurity strategy - only on Protect It All.

Key Moments: 

06:17 Securing Domain Admin Accounts

09:09 Proactive Employee Security Monitoring

12:19 "Protecting Human Attack Surfaces"

16:48 "Enhancing Cybersecurity with Open Source Intelligence”

18:49 Exposed Data Response Process

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

You’ll discover:

• Why outdated Windows systems remain critical yet dangerously exposed.
  
  
• The myths of “true air gaps” and why they don’t protect you anymore.
  
  
• Practical isolation tactics, segmentation, strict access control, and monitoring.
  
  
• How to manage asset visibility, vendor dependencies, and downtime risks.
  
  

Whether you’re a cybersecurity leader, plant manager, or operations engineer, this episode is your roadmap to making smarter, safer decisions about legacy systems before they cause costly disruptions.

Tune in to learn how to balance operations, cost, and security and protect your OT world from old-system vulnerabilities.

Key Moments: 

01:22 "End-of-Life Systems in OT"

04:15 Upgrading Systems in Regulated Industries

07:35 Reducing Risk with Network Segmentation

12:02 "Firewall Rules and System Security"

15:52 Understanding Risks in End-of-Life Systems

18:54 Securing Legacy Systems Effectively

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

You’ll learn:

• The real incidents prove why OT cybersecurity can’t afford to lag.
  
  
• Why visibility and segmentation are non-negotiable for industrial systems.
  
  
• How to build an incident-response plan that works when the stakes are highest.
  
  
• Practical steps to strengthen resilience and recovery across critical operations.
  
  

This episode isn’t about fear - it’s about preparation. If your work touches energy, transportation, manufacturing, or utilities, this one’s your wake-up call to act before disaster hits.

Listen now and learn how to protect what truly keeps our world moving - only on Protect It All.

Key Moments:

05:06 "Real Risks of Critical Disruptions"

06:16 Redefining OT System Boundaries

11:42 Troubleshooting Unknown System Issues

14:09 "Secure Remote Access Best Practices"

18:28 "Planning for Worst-Case Scenarios"

19:36 Critical Infrastructure Under Cyber Threat

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

In this episode of Protect It All, host Aaron Crow breaks down why IT security tools often fall short in industrial environments and what it really takes to protect operational systems. Drawing from 25+ years of hands-on experience, Aaron explores the differences between IT and OT priorities, why “silver bullet” solutions don’t exist, and how to build defense-in-depth strategies that actually work on the plant floor.

You’ll discover:

• Why IT tools struggle in OT environments - and where they can help.
  
  
• How to balance availability, safety, and security in critical systems.
  
  
• Practical ways to manage legacy hardware, vendor dependencies, and remote access.
  
  
• The key to uniting IT and OT teams for stronger resilience.
  
  

If you’re navigating the evolving world of industrial cybersecurity, this episode will change how you think about tools, processes, and protection.

Tune in to learn how to bridge the IT–OT divide and build a smarter, safer security culture.

Key Moments:

03:31 "Adapting IT Products for OT Use"

08:53 IT and OT Crossover Tools

11:05 Balancing OT Risk in Cybersecurity

13:37 Cybersecurity and Remote Secure Access

18:25 Designing Resilient, Independent Systems

21:40 Unified Cybersecurity Through Training & Collaboration

24:24 "IT and OT Integration Challenges"

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

John shares powerful stories from his work with educational institutions and law enforcement, highlighting how digital threats are evolving far faster than most parents can keep up with. Aaron reflects on personal challenges as a parent navigating device safety and digital boundaries, and the two discuss practical strategies for protecting kids in today’s hyper-connected world.

This episode doesn’t just explore the risks - it offers hope and tangible action, including details about cybersecurity education initiatives like the MASK Next Gen Shield game, designed to give kids and parents the knowledge they need to stay safe online. Whether you’re a concerned parent, a teacher, or someone working in the cybersecurity field, this discussion is packed with real-world advice and resources you can use right now.

Tune in for a timely conversation on the front lines of digital safety—and learn why, when it comes to protecting our kids, awareness and action are more important than ever.

Key Moments: 

05:00 Digital Image Blacklist Management

08:08 Parental Cybersecurity and Tech Awareness

10:06 Fake Arrest Warrant Scam Alert

13:27 AI Development Concerns and Future

21:13 Online Predator Alert & Teen Safety

25:33 Limits of Facebook Moderation

27:29 Managing Digital Challenges for Parents

30:46 Teen Sextortion Crisis Emerges

33:44 "Saving Kids Amidst Social Media"

42:23 Broken Graphics Card Issue Resolved

45:33 Internet Safety Tips for Parents

49:43 Pause Before Reacting

51:17 Future Concerns and Optimism

56:46 "Essential Curriculum for Schools"

About the guest : 

John Schimanski Jr. brings more than three decades of experience in physical and cybersecurity, spanning private and public sectors. Beginning his career in 1994, he worked as a physical security specialist protecting super-regional shopping centers in high-crime areas, focusing on stolen vehicles and safety operations. During this time, he earned two master’s degrees—one in Criminal Justice and Security Administration and another in Managing Information Systems—along with a bachelor’s in Business Administration.

He transitioned into cybersecurity in 2007, when ransomware was still a $5,000 payment on a green dot credit card. While working in a small data center, he developed customized web services and interfaces for organizations such as the Las Vegas Motor Speedway and Electric Daisy Carnival (EDC).

After building deep experience in the private sector, John moved into public service with the Texas Comptroller of Public Accounts and later served as Deputy CISO for the Texas Department of Criminal Justice. These roles gave him extensive insight into securing critical state systems and navigating the complex challenges of public-sector cybersecurity.

Today, John serves at Trivigil, a cybersecurity firm focused on strengthening the cyber posture of K-12 schools and universities. His career reflects a unique blend of front-line physical security, technical expertise, and leadership across sectors—making him a trusted advisor and advocate for strong, resilient security practices.

Links to connect John : 

LinkedIn : https://www.linkedin.com/in/johnschimanski/

Link to October Event - Mask Nectgen - https://s14tu.share-na2.hsforms.com/2K3tpMqlmQ8SR_cGWXsitSw

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

From imposter syndrome to servant leadership, the conversation unpacks how effective communication, continuous training, and the willingness to learn from failure fuel professional growth. Chris also reflects on how military training instills risk mitigation and teamwork, and how those skills can translate - and sometimes clash - with civilian cybersecurity cultures. They talk certifications, hands-on learning, the importance of meaningful tabletop exercises, and the evolving landscape as AI powers both attackers and defenders.

Whether you’re a veteran, a fresh analyst, or just passionate about cybersecurity, this honest and energetic exchange will leave you motivated to keep learning, keep growing, and keep protecting it all. So grab your energy drink and tune in for a conversation that proves everyone in cyber, no matter their path, has wisdom worth sharing.

Key Moments: 

05:30 Military Adventures Surpass Civilian Opportunities

07:28 Military vs. Civilian Leadership Dynamics

10:42 Clarifying Civilian vs Military Missions

12:22 Leadership: Addressing Miscommunication & Misalignment

15:45 Toxic Leadership and Military Transition

20:01 Reliance on Tools vs. Core Skills

22:29 "Forgotten Skills Fade Over Time"

25:13 Boosting Confidence in New Roles

29:42 Interactive Training and Environmental Protection

32:37 Purple Teaming Strategy Insights

36:15 Persistence in Skill Development

39:04 Soft Skills Matter for Career Growth

42:44 "Technical & Business Acumen Fusion"

44:41 Military: Career Value and Benefits

48:09 "Cyber Education for K-12"

Resources Mentioned : 

https://www.ransomware.live/

• comprehensive resource that tracks and monitors ransomware groups and their activities.

https://ransomwhe.re/

• tracks ransomware payments by collecting and analyzing cryptocurrency addresses associated with ransomware attacks. 

https://www.ransom-db.com/

• real-time ransomware tracking platform that collects, indexes, and centralizes information on ransomware groups and their victims. 

About the Guest : 

Christopher Ross is a veteran and cybersecurity leader with over 15 years of experience in Security Operations, Incident Response, and threat hunting across defense and fintech. A Chief Warrant Officer in the Army National Guard’s Cyber Brigade, he has led blue and purple team operations, translating military discipline and teamwork into enterprise cyber defense strategies.

In his civilian career, Christopher has built and led SOC teams, integrated MSSPs, and driven automation to strengthen detection and response capabilities at organizations including MACOM, CFGI, Draper, and Abiomed. He holds a Master of Science in Information Security Engineering from the SANS Technology Institute and more than a dozen GIAC certifications. An Order of Thor recipient from the Military Cyber Professional Association. 

Christopher is passionate about developing playbooks, advancing training pipelines, and mentoring the next generation of defenders. Sharing lessons from his veteran-to-cyber journey, practical insights on certification paths and ROI, and real-world stories from blue-team operations and purple-team collaboration.

Visit  https://public.milcyber.org/ The Military Cyber Professionals Association is the only U.S. military professional association with cyber at its core. It connects, supports, and elevates those who serve in or support the military cyber domain, while investing in future generations through education and mentorship.

Connect Christopher : https://www.linkedin.com/in/christopheraross-ma/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Kathryn and Aaron break down complex concepts like quantum cryptography and the growing risks of deepfakes, data poisoning, and behavioral warfare - all with real-world examples that hit close to home. They dig into why cryptographic resilience is now more urgent than ever, how AI can both strengthen and threaten our defenses, and why your grandma shouldn’t be left in charge of her own data security.

From lessons learned in power plants and national defense to the nuances of protecting everything from nuclear codes to family recipes, this episode dives deep into how we can balance innovation with critical risk management. 

Kathryn shares practical advice on securing the basics, educating your network, and making smart decisions about what truly needs to be connected to AI. Whether you’re an IT, OT, or cybersecurity professional—or just trying to keep ahead of the next cyber threat - this episode will arm you with insights, strategies, and a little bit of much-needed perspective. Tune in for a mix of expert knowledge, humor, and actionable takeaways to help you protect it all.

Key Moments: 

04:02 "Securing Assets in Post-Quantum Era"

07:44 AI and Cybersecurity Concerns

12:26 "Full-Time Job: Crafting LLM Prompts"

15:28 AI Vulnerabilities Exploited at DEFCON

19:30 AI Data Poisoning Concerns

20:21 AI Vulnerability in Critical Infrastructure

23:45 Deepfake Threats and Cybersecurity Concerns

28:34 Question Everything: Trust, Verify, Repeat

33:20 "Digital Systems' Security Vulnerabilities"

35:12 Digital Awareness for Children

39:10 "Understanding Data Privacy Risks"

43:31 "Leveling Up: VCs Embrace Futurism"

45:16 AI-Powered Personalized Medicine

About the guest : 

Kathryn Wang is a seasoned executive with over 20 years of leadership in the technology and security sectors, specializing in the fusion of cutting-edge innovations and cybersecurity strategies. 

She currently serves as the Public Sector Principal at SandboxAQ, where she bridges advancements in post-quantum cryptography (PQC) and data protection with the mission-critical needs of government agencies. Her work focuses on equipping these organizations with a zero-trust approach to securing sensitive systems against the rapidly evolving landscape of cyber threats.

During her 16-year tenure at Google and its incubator Area120, Kathryn drove global efforts to develop and implement Secure by Design principles in emerging technologies, including Large Language Models (LLMs) and Generative AI.

How to connect Kathryn : 

https://www.linkedin.com/in/kathryn-wang/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Together, Aaron and Patrick discuss the blurred lines between IT and OT, the importance of understanding business priorities in security, and why collaboration rather than heavy-handed mandates makes all the difference in securing critical infrastructure. 

Whether you’re a seasoned professional or just getting started in cyber, you’ll come away with practical insights on risk management, building trust with operations teams, and the vital role of mentorship in developing the next generation of OT security experts. 

Stay tuned for a grounded, actionable conversation that reminds us all: when it comes to securing the intersection of IT and OT, it’s about more than just technology -it’s about people, process, and the bigger business picture.

Key Moments: 

05:53 IT and OT System Confusion

07:43 Implementing Fortigate and Managing Risks

11:21 Outdated Systems and Patch Challenges

15:43 Comprehensive Onsite Assessment Toolkit

17:56 AI or Traditional? Balancing Approaches

21:16 "Securing OT: Remote Access and Training"

25:47 Cybersecurity Skill Growth Forecast

26:38 "Mentorship in Cybersecurity Careers"

30:22 Understanding Your Network Setup

35:39 Balancing Security and Accessibility

36:09 Leveraging Operational Team Buy-In

39:27 IT Budget Prioritization for OT Needs

42:44 Challenges in OT Security Adoption

46:56 Tech Growth & Infrastructure Expansion

About the Guest : 

Patrick Gillespie has spent over 15 years immersed in the world of cybersecurity, with the last three and a half years serving as the OT Practice Director at GuidePoint, a leading value-added reseller specializing in cybersecurity products. 

At GuidePoint, Patrick leads a dedicated team of OT engineers focused on securing both operational technology (OT) environments and the rapidly growing array of IoT devices. Recognizing that clients often CISOs may not directly own OT assets or remediation processes, Patrick excels at bridging the gap between IT security leaders and their operational counterparts, such as plant managers and controls engineers. 

Through his work, Patrick guides organizations to understand and address the unique challenges of OT security, helping them build collaboration across teams to strengthen their overall cyber defenses.

How to connect Patrick : 

GuidePoint Security University: https://www.guidepointsecurity.com/gpsu/

MilMentor: https://www.milmentor.com/

Linkedin:  https://www.linkedin.com/in/cpgillespie/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

You’ll hear insightful stories from the early days of OT cybersecurity - before most of today’s tools even existed - and how foundational principles like alignment, engagement, and standardization have driven years of progress. 

Scott and Aaron reflect on the importance of building cross-disciplinary teams, developing strong communication strategies, and embracing the reality that real security is about continuous improvement, collaboration, and sometimes learning from mistakes.

From tales of rolling out firewalls at power plants and negotiating with skeptical vendors, to lessons in leadership, trust-building, and the ever-evolving challenges of protecting critical infrastructure, this episode is packed with practical wisdom, industry anecdotes, and a look at what’s coming over the cybersecurity horizon. Whether you’re just entering the field or a seasoned pro, grab your headphones - you won’t want to miss this candid, insightful conversation.

Key Moments: 

04:37 Bridging IT and Cybersecurity

08:40 Revolutionizing Program Development Together

10:08 Building Consensus Through Communication

12:33 "Business Insights and NERC SIP Evolution"

17:18 Utility's Major Implementation Challenge

20:08 Corporate Cybersecurity Challenges Uncovered

21:58 "Automated Inventory and Cybersecurity Insight"

27:21 Optimizing Cybersecurity and Metrics

30:56 Essential Infrastructure Basics Lacking

34:17 "Identifying and Resolving Hidden Issues"

37:21 Encouraging Change in Industrial Practices

42:11 "Finding the Right Team Mindset"

46:11 "Importance of Pre-Job Briefs"

About the guest: 

Scott Rosenberger is currently the manager of Operational Technology for Luminant.  He developed the Luminant program to address the reliability, security and ongoing maintenance of Operational Technology for Luminant’s Fossil Generation Fleet.  He has a Bachelor of Engineering from Stevens Institute of Technology and is a registered professional Engineer in Texas.  In his 23+ years with Luminant he has worked in nuclear and fossil plants, many corporate roles and for 3 years as Director of IT Security and Compliance.  Scott also spent 3 years as a member of the NERC CIP drafting team.

Links to connect Scott: 

https://www.linkedin.com/in/scottrosenberger/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Aaron also highlights the unmatched energy and camaraderie in the DEFCON villages—especially the ICS Village—and offers a sneak peek at exciting upcoming events, such as ResetCon and Lone Star Cyber Shootout. 

Whether you’re a conference veteran or just OT-curious, this episode is packed with personal stories, industry trends, and tips for making the most out of these must-attend cybersecurity gatherings. Tune in and get ready to protect it all!

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Drawing from his years of experience attending these events, Aaron unpacks the good, the bad, and the ugly of the conference circuit: from the value of in-person networking and the buzz of vendor events, to the challenges of ROI, overwhelming hype, and the evolving role of sponsors.

Plus, he shares hard-won tips for making the most of Vegas - including how to find your tribe, engage meaningfully with vendors, and stay cool (literally and figuratively) amidst the chaos. 

Whether you’re a first-timer or a seasoned attendee, this episode is packed with honest insights and actionable advice to help you navigate the ever-evolving world of cybersecurity conferences.

Key Moments: 

03:05 Networking’s Importance in Vegas

08:29 Evaluating Black Hat Conference ROI

12:17 "CISOs' Discreet Presence at Vendor Events"

13:22 Buzzword Overload at Conferences

18:40 Relationship-Driven Sales Strategy

21:02 Balancing Conference Costs and Value

25:44 "Prioritize Genuine Leads Only"

27:05 Enhancing Cybersecurity Events

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

From the increasing visibility of OT threats and the surge in regulatory requirements, to the convergence of IT and OT teams, they dig into what’s driving organizations to prioritize real-time visibility, risk management, and collaboration. Kam reflects on his diverse background in the military, at Cisco, Dragos, and now Armis, while Aaron draws on decades of experience leading teams across power plants and utilities in Texas. They both underscore the importance of people, process, and technology - reminding us that even the best tools are only as valuable as the teams that wield them.

The discussion explores the challenges smaller utilities face, balancing regulation with limited resources, and the need for cyber-informed engineering from the very start. Plus, they look ahead at the role of AI in cybersecurity, the daisy-chain effects of infrastructure attacks, and the importance of community and continuous learning in keeping ahead of the curve.

Whether you’re a cybersecurity veteran, just breaking into OT, or simply want to understand why your electricity bill matters, this episode is packed with anecdotes, practical advice, and a few laughs. So pull up a chair and get ready to protect it all!

Key Moments: 

03:18 Cybersecurity Developments and Regulatory Changes

06:33 Demand for Consulting and Assessments

09:51 Future of Regulation and Community

13:06 Regulating Small Utilities Challenges

16:41 Cybersecurity in Critical Infrastructure

19:43 Simplifying Complex Issues for All

26:12 Embracing AI in Cybersecurity

27:39 "Embrace Challenges, Educate Yourself"

30:14 Cybersecurity Threats to Infrastructure

34:29 Evaluating Automated Alerting Systems

39:38 Controlled Network Configuration Risks

42:10 Underfunded Team: Multi-Skill Necessity

45:31 "Collective Progress and Contribution"

48:13 "Geopolitical Threats to Infrastructure"

About the guest : 

Kam Chumley-Soltani serves as the Director of OT Solutions Engineering for the U.S. Public Sector at Armis, where he specializes in industrial cybersecurity. His expertise lies in designing secure and resilient network architectures for critical infrastructure environments.

Previously, Kam led Cisco’s OT Solutions Engineering team for the entire U.S. Public Sector, delivering end-to-end solutions across IoT/OT security, network architecture, diverse RF wireless deployments, embedded systems, and edge computing.

He has guided numerous global enterprises, federal agencies, and SLED organizations in architecting solutions that incorporate robust networking, cybersecurity controls, advanced threat detection, and proactive vulnerability management.

A Navy veteran, Kam served as a flight systems engineer and mission operations planner. He holds a B.S. in Cyber Operations from the United States Naval Academy, an M.S. in Cybersecurity from Brown University, and an M.B.A. from Northwestern University's Kellogg School of Management. He is currently pursuing his Doctor of Engineering (D.Eng.) in AI/ML from George Washington University. 

How to connect Kam: 

Linkedin: https://www.linkedin.com/in/kam-chumley-soltani/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

But it’s not all doom and gloom: Aaron dives into how AI is also becoming a game-changer for defense, from Google’s use of AI agents to spot vulnerabilities ahead of attackers, to the promise (and dangers) of deepfake technology. He discusses new policy moves, like the FCC’s proposal to ban Chinese tech in undersea internet cables and the US Coast Guard’s push for cyber resilience in maritime infrastructure.

Throughout the episode, Aaron offers strategic advice for organizations of all sizes - from patch management and digital twins to incident response plans designed for today’s AI-driven threat landscape. Whether you’re in cyber, tech, critical infrastructure, or just want to stay a step ahead, this episode is packed with actionable insights and timely analysis to boost your cyber resilience. Plug in for a conversation that’s equal parts eye-opening and empowering!

Key Moments; 

01:20 High-Level Tactical Briefing

05:31 Digital Twin for System Security

09:39 Dual Role of Tools

12:00 Emergency Procedures Reminder

14:24 Challenges in OT System Integration

18:32 Deep Fake Detection and Response

20:12 "AI Persistence and Impact"

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

As Texas and other states stare down a projected 50% surge in peak energy load by 2030, Aaron shares firsthand insights from his decades in the power utility industry and raises urgent questions about how we’re building the next generation of critical infrastructure.

From the logistical nightmare of charging a million electric cars in urban apartment complexes to the cold reality that most new power plants are being commissioned without cybersecurity in mind, Aaron pulls back the curtain on missed opportunities and potential threats. 

Why isn’t OT security part of major DOE planning reports? Who’s responsible for managing cyber risks in this rapidly evolving landscape? And what’s at stake if we don’t build security into our systems from day one?

If you’re in IT, OT, operations, or simply care about keeping the lights on in our data-driven world, this is a conversation you don’t want to miss. Tune in as Aaron calls for a united front: making cybersecurity a non-negotiable priority in the grid transformation ahead.

Key Moments: 

01:12 "Urgent Power Capacity Boost by 2030"

05:21 Electric Car Charging Challenges

08:59 System Vulnerabilities and Design Flaws

10:01 Cybersecurity: Everyone's Responsibility

15:20 Complexity of Grid Black Start Process

18:53 Urgency in Tech and Power Security

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

From drafting reports and playbooks to automating repetitive tasks and managing vulnerability data, Aaron offers actionable advice for using both public AI tools like ChatGPT and more advanced private AI models. He also addresses common fears CISOs and business leaders have about unsanctioned AI use in the workplace and shares tips for staying safe and compliant while taking advantage of AI’s efficiencies. 

Whether you’re in a large enterprise or a lean team with limited resources, you’ll come away with a fresh perspective on how to use AI responsibly to work smarter and protect your organization. Plus, Aaron invites listeners to share their own creative AI use cases and lessons learned. Let’s jump in and explore how to protect it all as AI advances.

Key Moments : 

01:20 AI's Rising Role in Media

03:22 Guidelines for Using AI Safely

07:06 "AI Integration and Automation Strategies"

10:03 Automating Windows Management Tasks

14:29 Exploring AI for Personal Tasks

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

From drafting reports and playbooks to automating repetitive tasks and managing vulnerability data, Aaron offers actionable advice for using both public AI tools like ChatGPT and more advanced private AI models. He also addresses common fears CISOs and business leaders have about unsanctioned AI use in the workplace and shares tips for staying safe and compliant while taking advantage of AI’s efficiencies. 

Whether you’re in a large enterprise or a lean team with limited resources, you’ll come away with a fresh perspective on how to use AI responsibly to work smarter and protect your organization. Plus, Aaron invites listeners to share their own creative AI use cases and lessons learned. Let’s jump in and explore how to protect it all as AI advances.

Key Moments : 

01:20 AI's Rising Role in Media

03:22 Guidelines for Using AI Safely

07:06 "AI Integration and Automation Strategies"

10:03 Automating Windows Management Tasks

14:29 Exploring AI for Personal Tasks

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Brian, whose career spans roles from OT engineer to startup co-founder, opens up about his journey—highlighting his drive to push the boundaries of traditional OT security and the evolution of key industry technologies. The conversation explores everything from the persistent lack of innovation in OT, to AI’s growing role in tackling the daunting challenges of risk reduction, visibility, and scaling assessments across sprawling environments.

If you’ve ever wondered how new tech like AI is reshaping industrial cybersecurity, why “we’ve always done it this way” just doesn’t cut it anymore, or how organizations can realistically stay ahead without breaking the bank, this episode delivers honest insights, practical advice, and a look toward an exciting, if sometimes daunting, future.

So grab your headphones and settle in as Aaron and Brian share stories, hot takes, and strategies designed to protect it all—because in critical infrastructure, the stakes have never been higher.

Key Moments: 

06:45 OT Cyber Industry Evolution

11:57 Evolving Challenges in OT Security

19:34 Bridging the OT Security Skills Gap

21:54 Enhancing OT Security Understanding

30:46 AI Model Security Challenges

34:26 Rapid Scaling for Site Assessments

40:56 Simulating Cyber Threat Responses

47:19 Operational Priorities: Equipment vs. Cyber Tools

49:30 Focus on Meaningful Security Metrics

56:30 Rapid AI Adoption vs. Internet

01:02:12 Cybersecurity: Small Targets are Vulnerable

About the guest : 

Brian Proctor is a cybersecurity leader with over 20 years of experience protecting critical infrastructure across energy, industrial automation, and operational technology sectors. As the co-founder and CEO of Frenos, he empowers critical infrastructure operators to proactively secure their environments against evolving cyber threats.

Brian built his foundation in ICS/OT cybersecurity during his 13+ year tenure at two progressive California Investor Owned Utilities, San Diego Gas & Electric and Southern California Edison serving the 2nd and 8th largest cities in the United States. He managed a team of 15 security engineers and researchers across 150+ projects, established OT security roadmaps, and co-invented an R&D Magazine Top 100 award-winning GPS anti-spoofing mitigation technology that earned him a patent.

Brian has published IEEE papers on security monitoring, served as Critical Infrastructure Co-Chair for Securing Our eCity, and regularly speaks at conferences to educate and build the ICS/OT cybersecurity community. He holds technical certifications including GICSP, CISSP, and CRISC, along with a Business Administration degree from the University of San Diego.

Links: 

https://frenos.io/services - Learn more about Optica, the industry's first tech-enabled rapid OT visibility service 

https://frenos.io/autonomous-ot-security-assessment-platform - Learn more about how to automate OT security risk assessments

Connect Brian : https://www.linkedin.com/in/brianproctor67/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

With over 25 years of experience, ranging from hands-on engineering and water treatment facilities to red-team penetration testing on critical infrastructures such as airports and power plants, Justin brings a wealth of insight and real-world anecdotes.

This episode unpacks what it really takes to assess and secure operational technology environments. Whether you’re a C-suite executive, a seasoned cyber pro, or brand new to OT security, you’ll hear why network expertise, cross-team trust, and careful, collaborative engagement with engineers are so crucial when testing high-stakes environments. Aaron and Justin also discuss how the industry has matured, the importance of dedicated OT cybersecurity teams, and why practical, people-first approaches make all the difference, especially when lives, reliability, and national infrastructure are on the line.

Get ready for actionable advice, hard-earned lessons from the field, and a candid look at both the progress and the ongoing challenges in protecting our most critical systems.

Key Moments: 

05:55 Breaking Into Cybersecurity Without Classes

09:26 Production Environment Security Testing

13:28 Credential Evaluation and Light Probing

14:33 Firewall Misconfiguration Comedy

19:14 Dedicated OT Cybersecurity Professionals

20:50 "Prioritize Reliability Over Latest Features"

24:18 "IT-OT Convergence Challenges"

29:04 Patching Program and OT Security

32:08 Complexity of OT Environments

35:45 Dress-Code Trust in Industry

38:23 Legacy System Security Challenges

42:15 OT Cybersecurity for IT Professionals

43:40 "Building Rapport with Food"

47:59 Future OT Cyber Risks and Readiness

51:30 Skill Building for Tech Professionals

About the Guest : 

Justin Searle is the Director of ICS Security at InGuardians, specializing in ICS security architecture design and penetration testing.  He led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played critical roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP).  

Justin has taught hacking techniques, forensics, networking, and intrusion detection courses for multiple universities, corporations, and security conferences.  His current courses at SANS and Black Hat are among the world's most attended ICS cybersecurity courses.  Justin is currently a Senior Instructor for the SANS Institute and a faculty member at IANS. In addition to electric power industry conferences, he frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, HITBSecConf, Brucon, Shmoocon, Toorcon, Nullcon, Hardware.io, and AusCERT.  

Justin leads prominent open-source projects, including The Control Thing Platform, Samurai Web Testing Framework (SamuraiWTF), and Samurai Security Testing Framework for Utilities (SamuraiSTFU).  He has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), Web Application Penetration Tester (GWAPT), and GIAC Industrial Control Security Professional (GICSP)

How to connect Justin: 

https://www.controlthings.io

https://www.linkedin.com/in/meeas/

Email: justin@controlthings.io

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Pedro also brings attention to a ticking time bomb: the “Year 2038” problem, where millions (if not billions) of 32-bit systems might fail due to an epoch time rollover—an issue that could have consequences reminiscent of Y2K, but on a potentially broader scale, especially for OT and critical infrastructure.

Throughout the episode, Aaron and Pedro share practical strategies, lessons from the field, and the sobering reminder that many of these vulnerabilities are still lurking below the surface. The conversation highlights the importance of awareness, collaboration across industry and ISPs, and a proactive approach to understanding and hardening both new and legacy systems. Whether you're an OT engineer, a security researcher, or just curious about what it means to truly “protect it all,” this episode offers a fascinating look at the evolving landscape of digital and physical security risks.

Key Moments:

06:37 Letting Go of Old Memories

15:12 Refueling Spill Risks Concern Technicians

17:37 Understanding Risks Beyond Fear

23:24 Internet Exposure Risks for OT Devices

32:17 Global Cyber Incident Response Challenges

35:30 Legacy System Challenges

39:19 Unidentified Cyber Assets Risk

48:41 "Understanding the Epochalypse Project's Challenges"

49:31 Testing System Vulnerabilities at Scale

55:12 Tech Vulnerabilities Analogous to Y2K

01:03:08 Challenges in OT Modernization

About the Guest:

Pedro Umbelino currently holds the position of Principal Research Scientist at Bitsight Technologies and brings over a decade of experience in dedicated security research.

⁤His eclectic curiosity has led to the uncovering of vulnerabilities spanning a gamut of technologies, highlighting critical issues in multiple devices and software, ranging from your everyday smartphone to household smart vacuums, from the intricacies of HTTP servers to the nuances of NFC radio frequencies, from vehicle GPS trackers to protocol-level denial of service attacks. 

Pedro is committed to advancing cybersecurity knowledge and has shared his findings at prominent conferences, including Bsides Lisbon, DEF CON, Hack.lu and RSA.

How to connect Pedro :
LinkedIn: https://www.linkedin.com/in/pedroumbelino/
X: https://x.com/kripthor
Website: https://www.bitsight.com/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Join Aaron and Dean as they explore what it truly takes to bridge the worlds of IT and OT. Drawing from decades of industry experience, their discussion covers everything from building trust across teams, to the superpower of understanding both operational technology and cybersecurity. Expect real-world stories, practical advice on breaking into OT cybersecurity, and memorable lessons from the plant floor to the boardroom.

They also break down what makes OT security fundamentally different from traditional IT approaches, why risk-based strategies are essential, and how building relationships, sometimes over donuts and coffee—can be just as important as deploying firewalls and patching systems. Whether you’re new to ICS and OT security, or a seasoned defender looking for fresh perspective, this episode brings actionable tips, honest assessments, and inspiration to help you better protect what matters most.

So grab your hard hat (and maybe a box of donuts!), and get ready for a masterclass on collaboration, building skills, and why trust is the real currency in the fight to secure our critical infrastructure.

Key Moments: 

05:32 Listening Over Speaking in Legacy Spaces

07:01 IT Security Teamwork and Trust

11:21 Cost-Efficient ICS Security Solutions

15:42 Converging Skill Sets in IT Security

17:36 OT vs IT: Different Risks

22:28 Prioritizing Post-Assessment Actions

23:20 Prioritize SANS ICS Critical Controls

29:31 Engineering Perspective on Critical Assets

30:47 Detecting Misuse of Control Systems

35:52 Collaborative Incident Response Dynamics

39:03 Remote Hydroelectric Plant Journey

40:45 Building Trust with Baked Goods

44:55 "Safety Crucial in Facility Disruptions"

48:50 ICS Security: Closing Safety Gaps

53:37 Enhancing ICS Security Controls

57:18 "ICS Summit and LinkedIn Activities"

About the guest : 

Dean is the CEO and Principal Consultant of ICS Defense Force and brings over 20 years of technical and management experience to the classroom. He has worked in both Information Technology and Industrial Control System (ICS) Cyber Defense in critical infrastructure sectors such as telecommunications, electric generation, transmission, distribution, and oil & gas refineries, storage, and distribution, and water management. Dean is an ambassador for defending industrial systems and an advocate for the safety, reliability, and cyber protection of critical infrastructure. His mission as an instructor is to empower each of his students, and he earnestly preaches that “Defense is Do-able!” 

Over the course of his career, Dean’s accomplishments include establishing entire ICS security programs for critical infrastructure sectors, successfully conducting industrial-grade incident response and tabletops, ICS digital forensics, and ICS/OT Cybersecurity assessments across multiple sectors. As a SANS Principal Instructor, Dean teaches ICS515: ICS Visibility, Detection, and Response, is a co-author of the SANS Course ICS418: ICS Security Essentials for Managers and an author of SANS ICS Engineer Technical Awareness Training. Dean is a member of the SANS GIAC Advisory Board and holds many cybersecurity professional certifications including the GICSP, GRID, GSLC, and GCIA, as well as the CISSP®, and holds a BS in computer science. When not in the field, Dean spends tine chasing icebergs off the coast of Newfoundland on a jetski, or writing electric 80s inspired electronic music in this band Arcade Knights.

Resources Mentioned: 

5 ICS Cybersecurity Critical Controls: https://www.sans.org/white-papers/five-ics-cybersecurity-critical-controls/

SANS ICS Cybersecurity Summit: https://www.sans.org/cyber-security-training-events/ics-security-summit-2025/

How to connect Dean: 

https://www.linkedin.com/in/dean-parsons-cybersecurity/

https://www.sans.org/profiles/dean-parsons/

Dean’s Book:

https://www.amazon.com/ICS-Cybersecurity-Field-Manual-EXCLUSIVE/dp/B0CGG6GMHW/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Aaron and Gavin discuss everything from operators’ creative workarounds on the plant floor, to the importance of trust and rapport between IT and OT teams, and why having hands-on experience is key to building effective cybersecurity programs in critical infrastructure environments. 

You’ll also hear real-world stories of technology mishaps, the critical role of plant culture, and the practical challenges organizations face in securing legacy systems while keeping operations running.

If you want honest, relatable insights and actionable advice on bridging the IT-OT divide—and a few laughs along the way—this episode is for you.

Key Moments: 

10:12 Operator Rounds and RFID Challenges

12:56 Operators' Ingenuity and Knowledge

21:29 IT vs. OT: Firmware Update Challenges

26:49 Understanding and Accepting Risk

28:12 Standards, Frameworks, and Continuity

33:08 High Voltage Safety Precautions

40:41 Bridging OT and IT Skills

43:46 Cybersecurity Cross-Training Surge

52:38 CISO Knowledge Gap in OT Security

54:32 "Experience: Essential for Understanding"

01:03:34 DCS System Configuration Challenges

01:06:52 Neglecting Redundancy Risks Operations

01:11:00 Optimizing Underutilized IT Resources

01:20:04 "Understanding Systems Before Advice"

01:22:06 Old Cables Remain Untouched

About the guest : 

Gavin Dilworth’s career took an unconventional path. As a plant operator, he was tasked with keeping production running smoothly and monitoring sensor readings, both on the computer and around the factory. However, Gavin was never quite the model operator—rather than dutifully making rounds and comparing readings, he often found himself absorbed in books, dreaming of a future in IT. Though he laughs about being a “pretty terrible operator,” Gavin’s story reflects his early drive to pursue his true interests in technology, even when duty called elsewhere.

How to connect Gavin : 

Linkedin : https://www.linkedin.com/in/gavin-dilworth/

Website: https://assessmentplus.co.nz/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Tune in as they discuss the importance of making the most of what you already have, the realities of cyber as a “cost center,” and how availability increasingly trumps confidentiality in today’s threat landscape. Paul shares powerful insights from decades in cyber operations, the difference between theory and real value, and why storytelling and business skills are now just as vital as technical chops.

From protecting small businesses to demystifying the impact of AI and quantum computing on everyday cybersecurity, this episode is packed with practical advice, plenty of war stories, and even a few laughs. Whether you’re a seasoned security pro or just starting out, you won’t want to miss this lively and wide-ranging discussion on how to protect it all.

Key Moments: 

05:38 Tech Rationalization Over Product Dependence

10:42 "Cybersecurity: A Costly Necessity"

17:44 Privacy Is Obsolete

25:51 Cyber Crime Funds Dark Activities

26:39 "Preventing Cyber-Facilitated Crime"

37:50 "Exploiting AI: Ethics Versus Greed"

46:44 Understanding Business Elevates Cybersecurity

48:01 Broadening Skills Beyond Cybersecurity

54:19 CISOs Need More Than Tech Skills

58:56 "Tech Threatens Critical Thinking"

About the guest : 

Paul is the Co-Founder of TALAS Security and the Co-Host of the Cyber After Hours Podcast. With over twenty years of experience in IT and Cybersecurity, Paul is a senior cybersecurity leader who has built, maintained, and operated enterprise-grade Cybersecurity programs in highly complex environments. His expertise lies in taking a "controls first" approach to Cybersecurity. He specializes in designing programs that maximize the use of existing capabilities to balance both defense and compliance to accelerate organizational maturity. He creates sustainable solutions that enable organizations to effectively manage their cybersecurity risks and is committed to staying ahead of the curve in an ever-evolving cybersecurity landscape and helping organizations securely achieve their business objectives.

How to connect Paul: 

LinkedIn: https://www.linkedin.com/in/pm01/

Talas Security: https://www.talas.io/

Cyber after Hours Podcast: https://www.cahpodcast.com/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Aaron and Oren discuss the real-world value of hands-on experience versus formal education, the evolving relationship between IT and OT teams, and why personal branding and communication skills are key for career growth in the cybersecurity field. They unpack the challenges and misconceptions around patching in the OT environment, and Oren reveals practical advice from his recent presentation on how organizations can dramatically reduce their vulnerability management workload while maintaining operational safety.

Tune in for thoughtful reflections, war stories from the rig, and actionable tips for aspiring and seasoned cybersecurity professionals alike—plus a heartwarming nod to inspiring the next generation. Whether you’re just getting started in OT or looking to take your cyber game to the next level, this episode is packed with honest advice and community spirit.

Key Moments: 

05:58 College: Not the Ultimate Answer

08:26 Consulting Perspective Accelerates Career Growth

13:36 "Building Value with Personal Branding"

16:49 "Everyone's a Salesman Everywhere"

19:44 "Patching Essential for System Health"

21:14 Firmware Updates Resolve Most Issues

26:18 Robots Dominate Manufacturing Line

28:08 Prioritizing Critical Drilling Vulnerability Fixes

33:29 "Prioritizing Business-Critical Systems"

36:57 Cyber-Resilient Tech Design

39:20 "Virtualization Best Practices: Snapshot Safety"

41:18 OT Cybersecurity: Focus on Basics

44:37 Unexpected Changes Disrupt Startup Plans

47:44 "Building Trust in Business"

50:52 "IT-OT Collaboration Importance"

Oren Niskin – From the Navy to OT Cybersecurity: Bridging the Gap Between the Plant Floor and Secure Operations

Oren Niskin is an OT cybersecurity consultant with over two decades of hands-on industrial experience spanning the U.S. Navy, offshore drilling operations, and global OT network management. His career began not in a classroom, but aboard the USS Harry S. Truman, where he served as an electrician and shutdown reactor operator after enlisting in the Navy post-9/11.

Since then, he’s steadily climbed the OT ranks—from maintaining electrical systems at sea to managing IACS networks for a global fleet of drilling rigs, and now, advising critical infrastructure on how to secure their operational environments. Oren brings a rare combination of deep technical insight and real-world plant floor experience to the evolving challenges of OT cybersecurity.

He holds a Bachelor's degree in Nuclear Engineering Technology and a Master’s in Information Security Engineering from the SANS Institute. Oren is passionate about translating complex OT security needs into practical outcomes—turning big visions into tangible progress.

Connect with Oren on LinkedIn at https://www.linkedin.com/in/orenniskin/ or catch him in person at HouSecCon this September.

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: info@protectitall.co 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at info@protectitall.co

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4