Duane Laflotte: Simulating Real-World Attacks on OT with Red Teaming

About Duane Laflotte: Duane Laflotte is a renowned Chief Technology Officer (CTO) and technology expert, currently leading the charge at Pulsar Security. With a deep understanding of complex technical issues and a constant thirst for staying at the forefront of emerging technologies, Duane is known for his innovative and creative solutions to even the most complicated challenges. His expertise spans across a wide range of technical domains, including cryptography, exploit development, networking, programming, and enterprise data storage. He has worked with prestigious Fortune 500 companies, government agencies, and military organizations such as Disney, Bank of America, the FBI, SOCOM, DARPA, and the NHL, serving in various roles such as solutions architect, red team lead, and presales engineer. Duane's extensive credentials include expert-level certifications, showcasing his exceptional technical prowess. His passion for continuous learning and curiosity-driven approach has resulted in prolonged growth and innovative solutions in the field of technology.In this episode, Aaron and Duane Laflotte discuss:Identifying cybersecurity vulnerabilities in businesses and organizations through personalized red team attacksThe transformation of OT manufacturing from relying on vendor-specific hardware solutions to utilizing off-the-shelf softwareEnsuring security in remote work environmentsRecognizing the critical importance of cybersecurity for businessesKey Takeaways:Red teaming often involves using personal information gathered from the internet to craft sophisticated attacks, highlighting the need for organizations to be vigilant about protecting their digital and personal information. The move to off-the-shelf hardware and software in OT manufacturing has heightened vulnerabilities and supply chain risks, with customization prioritized over security, necessitating careful consideration and expertise for effective system management and security by organizations.The growing use of IoT devices, remote work, and the inherent complexity and security gaps in home networks create challenges for organizations to safeguard against cyber threats, emphasizing the need for enhanced cybersecurity measures in home and work settings. Business owners need to prioritize cybersecurity by making informed decisions, holding vendors and internal teams accountable, and seeking expert advice, as waiting until a security incident occurs is not a viable strategy.  "We cannot just keep throwing training and training and training at users, and they are going to get marginally better. But they are not going to get infinitely better." — Duane Laflotte Connect with Duane Laflotte:  Website: https://www.pulsarsecurity.com/Email: duane@pulsarsecurity.comShow: https://podcasts.apple.com/us/podcast/security-this-week/id1578265009LinkedIn: https://www.linkedin.com/in/duanelaflotte/Twitter: https://twitter.com/dlaflotteConnect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.