In this episode, host Aaron Crow sits down with OT security expert Justin Searle, Director of ICS Security at InGuardians, for a deep dive into the ever-evolving world of OT and IT cybersecurity.

With over 25 years of experience, ranging from hands-on engineering and water treatment facilities to red-team penetration testing on critical infrastructures such as airports and power plants, Justin brings a wealth of insight and real-world anecdotes.

This episode unpacks what it really takes to assess and secure operational technology environments. Whether you’re a C-suite executive, a seasoned cyber pro, or brand new to OT security, you’ll hear why network expertise, cross-team trust, and careful, collaborative engagement with engineers are so crucial when testing high-stakes environments. Aaron and Justin also discuss how the industry has matured, the importance of dedicated OT cybersecurity teams, and why practical, people-first approaches make all the difference, especially when lives, reliability, and national infrastructure are on the line.

Get ready for actionable advice, hard-earned lessons from the field, and a candid look at both the progress and the ongoing challenges in protecting our most critical systems.

Key Moments:

05:55 Breaking Into Cybersecurity Without Classes

09:26 Production Environment Security Testing

13:28 Credential Evaluation and Light Probing

14:33 Firewall Misconfiguration Comedy

19:14 Dedicated OT Cybersecurity Professionals

20:50 "Prioritize Reliability Over Latest Features"

24:18 "IT-OT Convergence Challenges"

29:04 Patching Program and OT Security

32:08 Complexity of OT Environments

35:45 Dress-Code Trust in Industry

38:23 Legacy System Security Challenges

42:15 OT Cybersecurity for IT Professionals

43:40 "Building Rapport with Food"

47:59 Future OT Cyber Risks and Readiness

51:30 Skill Building for Tech Professionals

About the Guest :

Justin Searle is the Director of ICS Security at InGuardians, specializing in ICS security architecture design and penetration testing. He led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played critical roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP).

Justin has taught hacking techniques, forensics, networking, and intrusion detection courses for multiple universities, corporations, and security conferences. His current courses at SANS and Black Hat are among the world's most attended ICS cybersecurity courses. Justin is currently a Senior Instructor for the SANS Institute and a faculty member at IANS. In addition to electric power industry conferences, he frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, HITBSecConf, Brucon, Shmoocon, Toorcon, Nullcon, Hardware.io, and AusCERT.

In this episode of Protect It All, host Aaron Crow welcomes Pedro Umbelino, Principal Research Scientist at BitSight, for an insightful and lively conversation recorded shortly after they met at RSA. Pedro shares stories of his early days in computing, from scavenging parts as a kid to teaching himself programming on a ZX Spectrum. The discussion quickly dives into critical cybersecurity issues across the interconnected worlds of IT and OT, focusing on dramatic vulnerabilities in Automatic Tank Gauges (ATGs) at gas stations—exposing ways attackers could cause significant physical damage and even spark major operational disruptions, all through insecure legacy protocols.

Pedro also brings attention to a ticking time bomb: the “Year 2038” problem, where millions (if not billions) of 32-bit systems might fail due to an epoch time rollover—an issue that could have consequences reminiscent of Y2K, but on a potentially broader scale, especially for OT and critical infrastructure.

Throughout the episode, Aaron and Pedro share practical strategies, lessons from the field, and the sobering reminder that many of these vulnerabilities are still lurking below the surface. The conversation highlights the importance of awareness, collaboration across industry and ISPs, and a proactive approach to understanding and hardening both new and legacy systems. Whether you're an OT engineer, a security researcher, or just curious about what it means to truly “protect it all,” this episode offers a fascinating look at the evolving landscape of digital and physical security risks.

Key Moments:

06:37 Letting Go of Old Memories

15:12 Refueling Spill Risks Concern Technicians

17:37 Understanding Risks Beyond Fear

23:24 Internet Exposure Risks for OT Devices

32:17 Global Cyber Incident Response Challenges

35:30 Legacy System Challenges

39:19 Unidentified Cyber Assets Risk

48:41 "Understanding the Epochalypse Project's Challenges"

49:31 Testing System Vulnerabilities at Scale

55:12 Tech Vulnerabilities Analogous to Y2K

01:03:08 Challenges in OT Modernization

About the Guest:

Pedro Umbelino currently holds the position of Principal Research Scientist at Bitsight Technologies and brings over a decade of experience in dedicated security research.

⁤His eclectic curiosity has led to the uncovering of vulnerabilities spanning a gamut of technologies, highlighting critical issues in multiple devices and software, ranging from your everyday smartphone to household smart vacuums, from the intricacies of HTTP servers to the nuances of NFC radio frequencies, from vehicle GPS trackers to protocol-level denial of service attacks.

Pedro is committed to advancing cybersecurity knowledge and has shared his findings at prominent conferences, including Bsides Lisbon, DEF CON, Hack.lu and RSA.

How to connect Pedro :
LinkedIn: https://www.linkedin.com/in/pedroumbelino/

In this episode, host Aaron Crow sits down with Dean Parsons, one of the most recognized names in the OT and industrial control systems (ICS) security world, for a candid and insightful conversation.

Join Aaron and Dean as they explore what it truly takes to bridge the worlds of IT and OT. Drawing from decades of industry experience, their discussion covers everything from building trust across teams, to the superpower of understanding both operational technology and cybersecurity. Expect real-world stories, practical advice on breaking into OT cybersecurity, and memorable lessons from the plant floor to the boardroom.

They also break down what makes OT security fundamentally different from traditional IT approaches, why risk-based strategies are essential, and how building relationships, sometimes over donuts and coffee—can be just as important as deploying firewalls and patching systems. Whether you’re new to ICS and OT security, or a seasoned defender looking for fresh perspective, this episode brings actionable tips, honest assessments, and inspiration to help you better protect what matters most.

So grab your hard hat (and maybe a box of donuts!), and get ready for a masterclass on collaboration, building skills, and why trust is the real currency in the fight to secure our critical infrastructure.

Key Moments:

05:32 Listening Over Speaking in Legacy Spaces

07:01 IT Security Teamwork and Trust

11:21 Cost-Efficient ICS Security Solutions

15:42 Converging Skill Sets in IT Security

17:36 OT vs IT: Different Risks

22:28 Prioritizing Post-Assessment Actions

23:20 Prioritize SANS ICS Critical Controls

29:31 Engineering Perspective on Critical Assets

30:47 Detecting Misuse of Control Systems

35:52 Collaborative Incident Response Dynamics

39:03 Remote Hydroelectric Plant Journey

40:45 Building Trust with Baked Goods

44:55 "Safety Crucial in Facility Disruptions"

48:50 ICS Security: Closing Safety Gaps

53:37 Enhancing ICS Security Controls

57:18 "ICS Summit and LinkedIn Activities"

About the guest :

Dean is the CEO and Principal Consultant of ICS Defense Force and brings over 20 years of technical and management experience to the classroom. He has worked in both Information Technology and Industrial Control System (ICS) Cyber Defense in critical infrastructure sectors such as telecommunications, electric generation, transmission, distribution, and oil & gas refineries, storage, and distribution, and water management. Dean is an ambassador for defending industrial systems and an advocate for the safety, reliability, and cyber protection of critical infrastructure. His mission as an instructor is to empower each of his students, and he earnestly preaches that “Defense is Do-able!”

Over the course of his career, Dean’s accomplishments include establishing entire ICS security programs for critical infrastructure se...