Slade Griffin: Securing the Industrial World - Challenges and Strategies for Cybersecurity Assessments

About Slade Griffin: Slade Griffin is a highly experienced cybersecurity expert with a career spanning more than two decades. He currently serves as the Director of Security Assessments at Contextual Security Solutions, overseeing the company's cybersecurity assessment and penetration testing practice. His expertise in vulnerability assessments, penetration testing, risk assessment, security program development, forensic analysis, and incident response is matched only by his passion for the field. Besides, he is an enthusiastic cybersecurity professional who regularly shares his expertise on emerging threats and attack vectors through various forums, including conferences, training courses, and universities. Before joining Contextual Security Solutions, Slade has worked in multiple positions within the information security field and served in the United States Navy for six years.In this episode, Aaron and Slade Griffin discuss:Exploring the challenges and differences on the IT and OT sides of business operationsEmphasizing the need for a practical and strategic approach in conducting cybersecurity assessments for OT environmentsBuilding trust and communication between technology experts and non-experts, particularly with non-technical decision-makers in government and industryHighlighting the significance of defense in depth and compartmentalization in cybersecurity, as evidenced by recent security breaches, such as the LastPass hackKey Takeaways:To succeed in industrial environments, it's helpful for consultants and blue teamers to collaborate with engineering experts, develop precise methodologies, and understand the unique challenges of working with industrial control systems, where any minor mistake can have catastrophic consequences.Besides patching and updating systems, other measures like adding security layers, monitoring logins, whitelisting rules, and hiring cybersecurity personnel are also important to maintain cybersecurity as solely relying on tools isn't enough.In unregulated environments, segmented networking is seldom done and can be compromised by weak links, such as individuals having weak passwords, making it important to understand the purpose and have the necessary security measures in place.When creating software, it's crucial to prioritize safety and security while minimizing user burden to avoid any problems and ensure smooth functioning with constant monitoring and security measures. "There are bad folks out there who want to do bad things, but there are more good folks who want to learn and do good things and defend things the right way." — Slade Griffin Connect with Slade Griffin:  Website: https://contextualsecurity.com/LinkedIn: https://www.linkedin.com/in/sladegriffin/Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.