All Episodes
Displaying 41 - 60 of 89 in total
Episode 40 — Measure OT Security With Purpose: Metrics, Measures, and What They Really Signal
This episode teaches how to measure OT security in a way that supports decisions, because poor metrics create false confidence, misdirect resources, and frustrate oper...
Episode 41 — Build Training and Awareness for OT Teams: Competence Without Chaos
This episode explains how to build OT security training that improves competence without turning daily operations into a compliance exercise that people avoid. You’ll ...
Episode 42 — Determine Asset Criticality: What Fails First, What Hurts Most, and Why
This episode teaches how to determine OT asset criticality using operational reality rather than guesswork, because risk decisions depend on knowing what truly matters...
Episode 43 — Produce OT Documentation That Works: Policies, Processes, Standards, and SOPs
This episode explains how to create OT security documentation that people can actually use under pressure, because unreadable policies and vague procedures fail exactl...
Episode 44 — Explain OT Risk Assessment Frameworks: NIST and ISA/IEC Approaches in Practice
This episode teaches how OT risk assessment frameworks are applied in practice, so you can recognize what a scenario is asking for when it references structured risk w...
Episode 45 — Model Likelihood and Consequence: Risk Variables That Drive Real Decisions
This episode explains how to model likelihood and consequence in OT without pretending you have perfect data, because good risk decisions come from disciplined reason...
Episode 46 — Scope OT Risk Assessments: Assets, Networks, and Boundaries You Can Defend
This episode teaches how to scope OT risk assessments so the results are defensible, actionable, and aligned to how the plant actually works, which is a common weak sp...
Episode 47 — Identify OT Threat Surface: Vectors, Exposure, and Threat Actors in Context
This episode explains how to identify the OT threat surface by combining technical exposure with operational context, because OT risk is shaped as much by access pathw...
Episode 48 — Apply Scenario-Based Risk Methods: Realistic Failure Paths and Meaningful Mitigations
This episode teaches scenario-based risk methods that focus on believable failure paths, because OT risk work is strongest when it mirrors how systems actually fail a...
Episode 49 — Assess Supply Chain Risk in OT: Hardware, Software, and Vendor Dependencies
This episode explains how to assess supply chain risk in OT with a focus on dependencies that can affect safety and uptime long before an organization realizes the ris...
Episode 50 — Evaluate Third-Party Risk: Integrators, Remote Support, and Shared Responsibility
This episode teaches how to evaluate third-party risk in OT, because integrators and remote support providers often have the access and authority that determines wheth...
Episode 51 — Use Failure Mode and Criticality Thinking: Safety, Reliability, and Cascading Effects
This episode teaches failure mode and criticality thinking in OT as a practical way to predict how small faults become large incidents, which is essential for SecOT+ q...
Episode 52 — Choose Qualitative Versus Quantitative Risk: When Each Method Actually Helps
This episode explains how to choose qualitative versus quantitative risk methods in OT without turning risk work into either hand-waving or false precision, a balance ...
Episode 53 — Conduct Architecture Reviews for OT Risk: Data Flows, Trust Boundaries, and Weak Links
This episode teaches how to conduct architecture reviews for OT risk by focusing on data flows, trust boundaries, and weak links that create real-world compromise path...
Episode 54 — Understand OT Pen Tests and Adversarial Emulation: Safety Constraints and Value
This episode explains how penetration testing and adversarial emulation work in OT environments where safety, uptime, and vendor constraints change what “testing” can ...
Episode 55 — Control and Treat OT Risk: Controls Catalogs, Documentation, and Acceptance Criteria
This episode teaches how to control and treat OT risk using controls catalogs, disciplined documentation, and clear acceptance criteria, which is core to making risk d...
Episode 56 — Track Inherited Risk and Maturity Indicators: What You Own Versus What You Inherit
This episode explains inherited risk in OT as the portion of risk you carry because of upstream dependencies and shared services, which is a frequent blind spot when t...
Episode 57 — Operate a Controls Calendar: Scheduling, Evidence, and Sustainable Compliance
This episode teaches how to operate a controls calendar so OT controls are tested, evidenced, and maintained on a predictable rhythm that supports both compliance and ...
Episode 58 — Monitor and Disposition Risk: Residuals, Audits, Reporting, Escalations, and Decisions
This episode explains how to monitor and disposition risk after controls are implemented, because residual risk is never zero and the exam often tests whether you can ...
Episode 59 — Threat Intelligence Foundations: Intelligence Types and What Each One Delivers
This episode teaches threat intelligence foundations by explaining what different intelligence types deliver, how they are produced, and how to use them in OT without ...