Navigating Cybersecurity Challenges: AI, Tabletop Exercises, and Operational Technology

In this episode, host Aaron Crow is joined by Clint Bodungen, Director of Cybersecurity Innovation at Morgan Franklin Cyber and founder of Threatgen, alongside Michael Welch, Managing Director at Morgan Franklin Cyber. Together, they delve into the ever-evolving world of cybersecurity in honor of Cybersecurity Awareness Month.

Aaron kicks things off by discussing the importance of iterative processes and tabletop exercises in enhancing decision-making and preparedness. The conversation then shifts to the exciting yet complex role of AI in cybersecurity, particularly in operational technology (OT) and critical infrastructure. The experts emphasize the potential of generative AI for data analysis while underscoring the need for human oversight to avoid biases and misinformation.

Clint introduces an “engineering informed cyber” approach to better integrate OT and IT in managing cybersecurity risks, while Aaron stresses the importance of collaboration between cybersecurity professionals and engineers. The episode also tackles balancing convenience and security, the intricacies of password management, and the critical role of communication and trust.

Listeners will gain valuable insights into AI’s role in enhancing security operations, the consequences of system failures, and the debate between compliance and true security. This episode offers expert opinions, real-world examples, and practical advice for navigating today’s cybersecurity challenges. Join us for a comprehensive discussion on protecting our digital world.

Key Moments: 

04:20 Generative AI aids efficient GRC and cybersecurity management.

08:40 AI lacks context for verifying asset information.

11:38 Generative AI creating and automating malware tools.

15:58 Building data centers using decommissioned power plants.

17:14 Regulation growing in infrastructure for compliance security.

22:09 Compliance is binary; partial compliance isn't sufficient.

24:33 Prioritize "engineering informed cyber" for OT resilience.

28:14 Collaboration between IT and OT is essential.

33:54 Frustration with excessive video game security measures.

34:49 Cybersecurity fails due to over-engineering complexity.

40:49 Make security easy with password managers, authenticators.

42:31 AI improves tabletop exercises for comprehensive insights.

45:31 Generative AI augments human capabilities and creativity.

48:08 Automated injects streamline engagement and business continuity.

53:46 Executives misunderstand risk, leading to false security.

54:29 Strong IT security, but vulnerable weak points.

About the Guests : 

Clint Bodungen: 

Clint Bodungen is a globally recognized cybersecurity professional and thought leader with 30 years of experience (focusing primarily on industrial cybersecurity, red teaming, and risk assessment). He is the author of two best-selling books, "Hacking Exposed: Industrial Control Systems" and “ChatGPT for Cybersecurity Cookbook. Clint is a United States Air Force veteran and has worked for notable cybersecurity firms like Symantec, Booz Allen Hamilton, and Kaspersky Lab, and is currently the founder of ThreatGEN and Director of Cybersecurity Innovation at Morgan Franklin Consulting. Renowned for his creative approach to cybersecurity education and training, he has been at the forefront of integrating gamification and AI applications into cybersecurity training; he created ThreatGEN® Red vs. Blue, the world's first online multiplayer computer designed to teach real-world cybersecurity. His latest innovation is AutoTableTop, which uses the latest generative AI technology to automate, simplify, and revolutionize IR tabletop exercises. As AI technology continues evolving, so does his pursuit of helping revolutionize the cybersecurity industry using gamification generative AI. Connect Clint at - https://www.linkedin.com/in/clintb/

Michael Welch : 

Michael Welch has over twenty-five years of expertise in Governance, Risk Management, Compliance and Cybersecurity.  In his role as Sector Lead, Michael  will focus on the importance of cybersecurity in Utilities and Industrial Manufacturing.  Michael understands that robust cybersecurity measures are not just a regulatory requirement but are pivotal in safeguarding the resilience of organizations, safety of its people, and overall economic stability.  Michael has worked for organizations such as NextEra and Duke Energy as well as engineering firm Burns & McDonnell.  In addition, he was the Global CISO for the food manufacturing firm OSI Industries.Some of the certifications he has obtained through his career are Certified Information System Security Professional (CISSP), Certified Information Security Manager (CISM), Certified Information Security Auditor (CISA), Global Industrial Cyber Security Professional (GICSP), Certified Data Privacy Solutions Engineer (CDPSE) and CMMC - Registered Practitioner Advanced (RPA).  Connect Michael Welch at : https://www.linkedin.com/in/michael-welch-93375a4/

Connect With Aaron Crow:

• Website: www.corvosec.com 
• LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about PrOTect IT All:

• Email: [email protected] 
• Website: https://protectitall.co/ 
• X: https://twitter.com/protectitall 
• YouTube: https://www.youtube.com/@PrOTectITAll 
• FaceBook:  https://facebook.com/protectitallpodcast 

To be a guest or suggest a guest/episode, please email us at [email protected]