Remote access transformed overnight - and OT environments are still feeling the impact.
In this episode of Protect It All, host Aaron Crow is joined by Steve Rutherford, VP of Sales at Hyperport and former military officer, for a candid conversation on how secure remote access in operational technology (OT) has evolved - and where it’s heading next.
They unpack how COVID accelerated remote connectivity across critical infrastructure, why many traditional IT security tools fall short in OT environments, and what protection really looks like when safety, reliability, and uptime are non-negotiable. Drawing from military discipline and frontline OT experience, Steve shares a grounded perspective on managing risk in environments where failure has physical-world consequences.
You’ll learn:
If you’re responsible for enabling remote access while protecting critical operations, this episode delivers real-world insight, practical guidance, and a forward-looking view of OT cybersecurity.
Tune in to understand what secure OT access really requires in today’s threat landscape- only on Protect It All.
Key Moments:
00:00 Securing Critical Infrastructure Access
03:59 "OT Mindset: Defense and Offense"
07:26 "Remote Access Challenges in Operations"
11:45 "Challenges in OT-IT Integration"
16:07 Authority Must Match Responsibility
18:23 Simplifying OT Authentication Challenges
21:53 "Dynamic Trust Scoring with AI"
24:05 "Access Control and Segmentation"
28:57 "Secure Access Without Overreach"
33:12 "Left of Boom Awareness"
35:56 OT Security and Local Control
39:35 "Driving Early Adoption Awareness"
41:54 "Proactive Support for Critical Infrastructure"
45:52 "Remote Work Enhances Team Efficiency"
47:17 "Exciting Tech for Cybersecurity"
About the guest :
Steve Rutherford is a former U.S. Army officer and aviator who transitioned his mission-driven mindset from military service to protecting critical infrastructure through operational technology (OT) security. After exploring multiple industries, Steve found a natural alignment between military operations and OT environments - where safety, reliability, and uptime are non-negotiable. Today, he works in secure user access for OT, helping organizations protect the systems that power modern life.
How to connect steve :
Website : https://hyperport.io/
Linkedin: https://www.linkedin.com/in/steverutherford1/
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
Please leave us a review on Apple/Spotify Podcasts:
Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124
Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4
Aaron Crow (0:2.260): Hey everyone. Thank you for joining me for another episode of the protected all podcast, new year sickness cancellations, all the things. So we're a little late on this one this week. So Steve, thank you for taking time. Steve and I have known each other for quite a while. Everybody in this OT space. And if you've been around OT, anything like that, it's a fairly small group. So we've seen each other wearing different hats in different places, whether I was at the UI or I was an industrial defender, I was at these different places, but these conferences and these people are small.
Steve Rutherford (0:24.882): Sure. Mm-hmm.
Aaron Crow (0:32.168): So we all interact and we know each other. So Steve, thank you for joining me. Thank you for taking the time. Why don't you introduce yourself, tell everybody who you are, a little bit about your history, your background, et cetera, and how you got into this OT thing, and then kind of what you're doing now.
Steve Rutherford (0:45.782): Yeah, well, it's great to be here. Thanks so much for having me, Aaron. You know, we've been talking about doing this for a little while. I'm glad that we are able to make the connection. And, you know, we've had some interesting things happening on the product side. So I hope that we've got some interesting things for your audience to talk about. you know, my name is Steve Rutherford. I'm the VP of Sales for Hyperport. We're a secure user access platform for OT. My background context is I was a military officer, an Army aviator.
Steve Rutherford (1:15.296): serve my time and, you know, protecting the, you know, the nation's critical infrastructure as a whole in that capacity. I'm proud of what I did in that role. As I transition out of the military, you know, really looking to see where would be a good fit for me, right? And it's always an interesting time when you're transitioning because it's a whole new, completely different world. So I
Steve Rutherford (1:38.894): You know, went and talked to lot of folks, you know, did a lot of different interviews and a lot of different industries and, you know, found, you know, operational technology specifically on the OEM side initially, right? On the OEM manufacturing side was really closely aligned with, you know, a commercial version of a military mission, right? OT, Operational Technology, you know, running the infrastructure that powers our day-to-day lives here.
Steve Rutherford (2:7.330): and where the safety and reliability and maintenance of all of that is of the utmost importance to the nation was a great mission. And then the folks that worked in OT were very similar to myself in terms of our background and experience and personality, very pragmatic folks, really focused on delivering great value and tight constraints sometimes. So I loved it. I thought this would be a great opportunity.
Steve Rutherford (2:35.296): moved into OT cyber. I've been in the space here where, again, we've introduced over four, five, six years ago now, and currently with HyperPort. And I'm excited to be out in the market, seeing it evolve, seeing the different things change.
Aaron Crow (2:55.924): That's awesome. Yeah, you know, I talked to so many and you're right. A lot of the folks that sit on my podcast or that we just talked to in general, there's a lot of veterans. And I think a lot of that comes from that similar kind of theme and protection, right? My podcast, Protect It All, right? The whole theme around it is...
Steve Rutherford (3:5.614): Mm-hmm.
Steve Rutherford (3:14.136): Mm-hmm.
Aaron Crow (3:19.796): You know, I've got OT and IT kind of highlighted in there. It started out a really focused in an OT. I've opened it up to more in IT and OT, just cyber security thing. But the whole point is protection, right? And that doesn't always mean defense. A good offense is also protection, as we know from both military as well as in cyber. But, you know, that mindset really, really helps us in this OT space because OT is just different than IT and just
Steve Rutherford (3:29.081): Thank you.
Steve Rutherford (3:35.657): Mm-hmm.
Aaron Crow (3:45.758): that mindset and how we approach things and the problems that we solve and how we solve them and the responses that we have. It can be the same technology, but we respond to it a little differently. So I do see a lot of veterans, not that there aren't veterans in the IT space. I absolutely see them over there as well. But I definitely see that mindset here and being a big benefit. So how did that transition go? And then kind of how did you get into
Steve Rutherford (3:48.393): Mm-hmm Mm-hmm
Aaron Crow (4:11.314): you know, going from the OEM side and into, you know, a product and, cause I've been in all, I've been a cyber, I've been an, you know, an asset owner, and I've been a vendor, I've been a consultant, I've been all those things and they're different roles solving the same problem from different directions.
Steve Rutherford (4:17.566): Yeah. Sure.
Steve Rutherford (4:27.594): Different angles. Yeah. Yeah. Yeah. So the, the cyber considerations of OT have been known for quite some time. The emphasis on solving those cyber problems continues to grow, I think in adoption every year. And so I kind of recognized that that was a growing opportunity to really be able to go out and try new things and see new technologies and new applications of technology to problems.
Steve Rutherford (4:57.538): And that excites me, right? I really enjoy variation and diversity and learning new things. So I said, Hey, that that cyber thing with an OT is really exciting. So let me go check that out. And from a product perspective, you know, the kind of companies that I have deliberately sought to work for are those companies that have a product that can meaningfully add value.
Steve Rutherford (5:20.962): to the OT operator, right? To the OT organization to help them do their job, you know, more effectively, more cost efficiently, more securely. And so I've kind of gravitated to those companies that I think fit that bill. And so, you know, remote access has been where I've, you know, kind of landed here the last four or five years now specifically, you know, that kind of sub component of OT cyber. And it's exciting to see, right? When you look at the
Steve Rutherford (5:50.606): the adoption of technology, seven years ago, it was very much around intrusion detection, right? And it still remains to some degree intrusion detection, right? There's a technology adoption curve for everything and different companies go through that curve at different points. think very early majority, right? It's been over the last three or four years. so remote access has kind of followed that same path in terms of adoption.
Aaron Crow (5:57.664): Mm-hmm.
Steve Rutherford (6:19.810): Everybody that needed access happened during COVID, right? If you needed remote access, you put in a mechanism to provide remote access. was that mechanism, was that tool the best tool looking back, right, with experience? Maybe, maybe not, but everybody that needed access got access. And so it's exciting to see those companies that have had the time and the space to
Aaron Crow (6:25.874): Mm-hmm.
Steve Rutherford (6:48.181): experience and understand the different challenges around access and the different capabilities on the product side to start to say, hey, we've got a solution, let's maybe look for something a little bit better, a little bit more modern. Technology is moving at a great pace, so it's exciting to be part of that.
Aaron Crow (7:5.887): Yeah, know, being an asset owner, I started this, you know, a long time ago. And, you know, I had a team of people, you know, we were headquartered in Dallas and we had power plants all over the state. And if I wanted to do anything at those plants, I was picking up the phone and calling somebody locally or one of my guys was getting in their vehicle and they were driving to site. There was only so much that we were allowed to do remotely.
Steve Rutherford (7:17.816): Hehehe.
Steve Rutherford (7:26.673): Mm-hmm.
Aaron Crow (7:31.497): and only had access, and I was a very advanced architecture. Like I had secure remote access capabilities in these spaces before most other people probably did. But for the most part, most of my sites were very much a, you will not be in my system unless you're standing in front of the system, right? That was a very hard and fast rule. And to your point, it kind of adopted, again, some fast learners like me,
Steve Rutherford (7:34.623): Mm-hmm.
Steve Rutherford (7:42.229): Mm-hmm.
Steve Rutherford (7:49.000): Yeah. Mm-hmm. Yeah, absolutely.
Aaron Crow (8:0.296): was really able to drive it and push that type of thing. But even then, even though the technology and the capability was there, there was still a hesitation to allow very many people access. And COVID changed that, right? COVID said, you can't come to site. I still need this site to work. We have to be able to do remote access. And it flipped the script to the point of just make it work. It doesn't have to be good or best. It just needs to happen. And then we're now backtracking into, okay, we have this remote access.
Steve Rutherford (8:9.176): Totally.
Steve Rutherford (8:15.373): Mm-hmm.
Steve Rutherford (8:18.166): Mm-hmm. Yeah.
Steve Rutherford (8:24.813): Mm-hmm.
Aaron Crow (8:29.153): Are we doing it the right way? Are we secure? Is this the best way to do it? They didn't know that answer. They just made it work and now we're finding more and more products like yours that it's not like remote access is a new non-concept, right? This is a technology that's been around a long time, but the specific needs and capabilities in OT are vastly different than what they are in IT, which is why products like Hyperport are important because the problems we're trying to solve are the same and different at the same time.
Steve Rutherford (8:30.334): Mm-hmm.
Steve Rutherford (8:35.661): Yeah.
Steve Rutherford (8:56.783): Yeah, it was, was, was a forcing function that drove what I think holistically is a conservative organization, right? If we look at OT as a whole, right? Generally conservative by
Steve Rutherford (9:9.750): you know, total necessity, right? You can't be disruptive when you've got things that explode, right, and kill people. That really forced everyone to get comfortable to a certain extent with access. Now the threat landscape, I think, took advantage of that. And we've learned some hard lessons about, you know, why there was that understandable hesitancy there. That now, again,
Aaron Crow (9:14.954): Mm-hmm.
Steve Rutherford (9:33.570): the technology has shifted and we've learned from our adversaries, we've learned from the organizations that need this access. What does right look like for you specific to the context of your operational environment? Because again, like we've talked about probably ad nauseum, the IT technologies, wonderfully well suited for the IT environment, not.
Steve Rutherford (9:58.578): as well suited for the OT environment when safety and reliability are the number one and number two considerations. And so, again, it's been exciting to position a product that specifically reflects those unique challenges.
Aaron Crow (10:15.135): What are some of the things, so obviously we've talked around big picture of remote access, why it's important, why, kind of what some of those driving factors that have fast tracked it in the OT space, which I think was going to happen eventually, but obviously COVID kind of hit the accelerator on that. What are some of the things that you've seen in the industry, the differences around OT, secure mode access in these spaces, dealing with old systems, dealing with lack of,
Steve Rutherford (10:21.006): Mm.
Steve Rutherford (10:38.140): Mm-hmm. Yeah.
Aaron Crow (10:44.702): complexity and not complexity, but you know, maybe maturity in these spaces, right.
Steve Rutherford (10:47.598): Well, I think complexity is accurate, right? So these organizations have grown through acquisitions and divestitures, right? With different maturities from an architectural perspective, from a technology perspective. So, you you can look at the market and 80 % of it, if we're critical infrastructure, right? DHS defined critical infrastructure.
Aaron Crow (11:0.800): Mm-hmm.
Steve Rutherford (11:13.006): 80 % of those environments, right? You could cookie cutter say, yeah, if I understand water and wastewater, I understand power generation. understand manufacturing. It's the 20 % that are uniquely and excitingly different in each of those verticals because there is a diversity of the equipment, right? The operating systems, right? New and old, the OEMs, the different kinds of equipment. Again, we know the classic.
Steve Rutherford (11:41.646): operating system that's been running for 10 years unpatched by necessity because it has to run a critical process that you're afraid to take offline. So, the ability to accommodate a non-standard, right? A non-homogeneous environment is something I think that one of the reasons why I don't think IT tools have gained the adoption on the OT side that they could have, because you really have to be able to accommodate quite a bit of diversity in what looks like a
Steve Rutherford (12:10.358): a homogenous environment if you look from the OT side. So, you you combine that with the fact that you can't introduce clients and agents, right, and disruptive or potentially disruptive components of a solution into that OT environment. You know, that cuts out another 80 % of what are, you know, the classic IT technologies that just don't work, right? But I think it's interesting, you're talking about large trends, and I'd be interested to hear your thoughts on this.
Aaron Crow (12:11.145): Mm-hmm.
Aaron Crow (12:33.173): Yeah.
Steve Rutherford (12:39.918): You five years ago, it was very much a message of convergence, right? We heard this message of IT, OT, convergence, right? Let's make it work. You got to figure out how to make it work. We're spending all this money. We've got all these great tools on IT, OT. Let's bring you into the future. Bring these networks together. I have seen in the last couple of years, I think a start
Aaron Crow (12:47.029): Mm-hmm.
Steve Rutherford (13:7.694): to move back away from that perspective to a diverged network. Like, hey, we tried to do that convergence with varying mixed degrees of success. And now we've decided that we would rather diverge because the considerations of each environment are sufficiently great that we can justify the investment for a technology that's appropriate for each of those environments. I would be curious to see your experience in that kind of big picture.
Aaron Crow (13:39.263): Yeah, I've seen both sides of that. I've seen it implemented as well as could be done. I think there is naturally some convergence in some things, let's say switching in firewalls, right? There's no reason why the firewall team can't manage the firewalls at an OT site. But the divergence is they should be dedicated OT firewalls.
Steve Rutherford (13:50.689): Mm-hmm.
Steve Rutherford (13:54.414): Mm-hmm.
Steve Rutherford (14:4.686): Mm-hmm.
Aaron Crow (14:5.396): They should be handled with dedicated O.T. policies. They should have different SLAs. They should have different expectations around making changes. Like you're not pushing those things. You're not making changes on Friday night at midnight because that's your IT outage window. An O.T. site doesn't have an outage window. A power plant runs 24-7 because you want your lights and electricity and heat to work all the time. So you can't just go off of those same. So that's the difficulty.
Steve Rutherford (14:10.220): Mm-hmm.
Steve Rutherford (14:19.282): Mm-hmm.
Steve Rutherford (14:27.510): Mm-hmm. Mm-hmm. Mm-hmm.
Aaron Crow (14:33.213): And unfortunately, like with many things is sometimes the pendulum swings too far one way or the other. You know, it doesn't have to be all or nothing. It can be somewhere in the middle where it says, hey, this team has a lot of experience and they have, have a dedicated team of firewall engineers that that's all they do. Like they're really good at designing firewalls, looking at configurations, setting policies, understanding trends, understanding all of that type of stuff. I shouldn't have a local site.
Steve Rutherford (14:51.107): Mm-hmm. Mm-hmm. Mm-hmm.
Aaron Crow (15:2.784): OT guy that doesn't have all that experience and time to be looking at those things, how about I just make him the approver? But I've got an entire team of firewall people that can manage it. Like my team, back in the day, I had a team of six people, I mentioned this before, right? And my guys had to be firewall people and switch people and they had to maintain VMware and they had to maintain Active Directory and patching and backups and they had to be an inch deep and a mile wide.
Steve Rutherford (15:20.025): Mm-hmm Mm-hmm Yeah, yeah
Aaron Crow (15:31.167): Like they didn't have time to be an expert in any of those things. On the IT side, there's a dedicated firewall team, a dedicated VMware team, a dedicated networking team, like all these different things. So my piece to this convergence was I want these teams to help, to be able to be tier three support, to be able to be driving some of these things, but the ownership still lives in the plants and in the OT space because it has to. And I think that blend can be successful
Steve Rutherford (15:56.193): Sure. Yeah.
Aaron Crow (16:0.852): But if you just try to push IT products and teams down in the OT space, that's where bad things happen.
Steve Rutherford (16:6.609): Yeah, yeah. The, authority has to match the responsibility in, you know, when you have a solution that bridges potentially, right? If we want to talk technique from an architecture perspective, you know, we have a technology that sits at the, you know, the enterprise DMZ right. And three.five that has connectivity or least potential connectivity and visibility from the IT and cyber side that also provides.
Steve Rutherford (16:31.329): controls into the OT environment, you really have to be mindful of that exact consideration that you can still maintain monitoring and visibility and governance and oversight at the IT cyber higher level, but you have to enable the operational side to make those decentralized autonomous decisions around, again, when we're talking access, hey, who should be in my environment? When should they be in my environment?
Steve Rutherford (16:59.544): Can I validate that they are who they say they are and that what they need to connect to is safe and effective? That's really, really important when you start to blend, right? Even at a technical or higher level, you have to be able to make those kind of policy enforcement, policy enablement decisions from a technology perspective.
Aaron Crow (17:23.816): Yeah. And when you, when you really get into the meat and potatoes of many of the O T spaces, we hit on it a minute ago. There's, high levels of complexity in these environments, but there's not always high levels of maturity. So what I mean by that is I may have active directory. I may have firewalls. I may have VMware. I may have all of these things living in an O T space, but they're not going to be to the same maturity and, and, and
Steve Rutherford (17:37.644): Mm-hmm.
Steve Rutherford (17:48.012): Mm-hmm.
Aaron Crow (17:52.990): configuration and interoperability that you would see the same types of system in an IT space, right? They're going to be very basic level policies. Group policies are going to be very basic. know, you know, all of those things are going to be at a very entry level, out of the box, scratch the surface type capability, which is where a lot of the problems begin, especially when you start bringing these, you know, if you were going to try to converge,
Steve Rutherford (17:57.458): Mm-hmm.
Steve Rutherford (18:7.765): Mm hmm.
Aaron Crow (18:19.260): really complex GPOs from an IT space into these OT spaces, which is why products like HyperPort that offer capabilities like authentication, all those types of things, because in these OT spaces, I don't need the necessary complexity and maturity that I do in an IT space. I don't have a bunch of people installing things. It shouldn't be going to the internet. I shouldn't be browsing TikTok. I shouldn't be doing all these things. when I, when I scrape off all of those requirements and say, I just need a really old system,
Steve Rutherford (18:21.499): Mm-hmm. Mm-hmm. Mm-hmm. Mm-hmm. Sure.
Aaron Crow (18:48.852): to be able to authenticate with something outside of itself and to be able to, you know, make sure the person that's logging in should be able to log in and have some level of credentials, some level of, you know, ability to lock them down to either just this device or hey, even on this device, what they can do on this device. That's the thing that we have not been able to do in an OT space across the board because not all devices can join Active Directory, not all devices
Steve Rutherford (18:52.484): Mm hmm. Mm hmm. Mm hmm.
Aaron Crow (19:18.164): You know, I can't install, you know, agents and widgets on these things. can't, a lot of times, modify the configurations on them. So I'm really hamstrung on how I can really lock down these environments because they just don't have, not to mention that I don't have a support staff that can run and modify and test and do all these things in these spaces. So a lot of times it's just like, well, we just won't do anything. Like I'll just have local logins because that's all I know will work. That's all I'm comfortable with.
Steve Rutherford (19:20.960): Mm-hmm. Mm-hmm. Yeah, absolutely.
Steve Rutherford (19:41.681): Mm-hmm. Right. Mm-hmm. Yeah. You're good.
Aaron Crow (19:51.336): No, I was gonna say, how have you guys dug into that and what do you see in that?
Steve Rutherford (19:54.150): Yeah. So I think if I look at OT specific remote access, right, and there's some great companies in this space outside of HyperPort that are trying to solve that problem. There are certain capabilities that have received enough adoption, specifically from a compliance perspective, right? That's been a forcing function around specific capabilities that are now table stakes, right? To be a
Steve Rutherford (20:21.516): vendor in this space, like you have to be able to do multi-factor, right? have to enforce multi-factor authentication. You have to be able to monitor a user session. You have to be able to, you know, time-based approve access into an environment. And a lot of those come from, you know, things like SIP, right? 3.9 around electron to promote vendor access into your environment. That's table stakes, right? All of the technologies, and would say hyperport up until recently,
Steve Rutherford (20:52.216): focused on static permissions to enable user access, right? And static permissions being once I have trusted you as a user, Aaron, right? I've provisioned an account, I've given you role-based access to a certain subsection of the systems in my environment. I've enforced multi-factor authentication on you. I trust you, right? Now, when you rely on those static permissions,
Steve Rutherford (21:20.782): they become a liability because the nature of the user, as they interact with the systems, as they interact with things outside of the system, this is where our adversaries are trying to stay a step ahead of us. Those users may be influencing their session with malware, ransomware, that they may know or not know after their accounts have been provisioned, et cetera.
Steve Rutherford (21:49.100): When you rely on static permissions, it becomes reactive, right? The organization has to react to changing conditions. And you highlighted some of the difficulties when you have a reactive procedure. It's because the OT folks are wearing multiple hats, right? You don't have the dedicated resources that you would have on the IT team to have four, five, six different functions that will allow you to be as
Steve Rutherford (22:17.880): proactively reactive as possible, if that makes sense. So what we've done with HyperPort recently is really tried to shift the model from static permissions to dynamic active permissions. And so what that means is we've generated what we call a trust engine that utilizes AAINML to
Steve Rutherford (22:47.598): take trust signals, right? We've got a couple dozen trust signals that we pull into an algorithm that essentially identifies how trustworthy a user's session is over time, right? So not just only at login, but also as they interact with the system. You know, what's their device posture? What are the characteristics of their browser, their IP address?
Steve Rutherford (23:17.908): their hardware, their time of login, what are their historical times of login, what are the systems that they typically interact with, what are the typical data transfer patterns of that user, and take all of those factors into consideration to generate a trust score, which is a reflection of a user at a point in time.
Steve Rutherford (23:45.506): But again, that changes based on that user's behavior as they interact with the system. So we combined that trust engine with a policy-based access control engine that allows us to enable organizations to make decisions for different kinds of users based on the level of trust. And so I can give some examples of that if that's interesting, but I'll pause there for the moment.
Steve Rutherford (24:43.552): So if you're talking Aaron, I can't hear you and I can't see you at the moment.
Steve Rutherford (24:56.472): There we go, you're back with me. I can. Where'd you lose me?
Steve Rutherford (25:5.547): Yeah.
Steve Rutherford (25:12.430): And I'll pause, yeah. Because I figured we would.
Steve Rutherford (25:26.605): I just decided to talk the whole time while you were away and I figured we could just edit out this little portion here.
Steve Rutherford (25:36.767): I know. So I paused and said, I'll pause there for any questions or if you want to give me examples. So I was talking about the AI trust engine, the trust score combined with the policy-based access control, how those might interact with each other in an organization.
Steve Rutherford (26:17.036): Mm-hmm.
Steve Rutherford (26:31.711): Sure. Mm-hmm. Mm-hmm.
Steve Rutherford (26:56.016): Yeah.
Steve Rutherford (27:9.038): Mm-hmm.
Steve Rutherford (27:13.666): You sure?
Steve Rutherford (27:20.268): Mm-hmm.
Steve Rutherford (27:25.502): Mm-hmm.
Steve Rutherford (27:31.724): Yeah.
Steve Rutherford (27:49.944): Mm-hmm Yeah, sure sure yeah, yeah
Steve Rutherford (28:2.574): Sure.
Steve Rutherford (28:6.729): Absolutely, yeah.
Steve Rutherford (28:21.874): Mm-hmm.
Steve Rutherford (28:25.292): Mm-hmm.
Steve Rutherford (28:34.446): Mm-hmm.
Steve Rutherford (28:44.065): Mm-hmm.
Steve Rutherford (28:52.046): Sure. Sure.
Steve Rutherford (28:58.658): Mm-hmm.
Steve Rutherford (29:8.628): Mm-hmm. Yeah. Yeah. Great. What now?
Steve Rutherford (29:19.778): Mm-hmm.
Steve Rutherford (29:25.336): Mm-hmm.
Steve Rutherford (29:31.192): Mm-hmm.
Steve Rutherford (29:39.928): Mm-hmm.
Steve Rutherford (29:48.568): Mm-hmm.
Steve Rutherford (29:54.164): Mm-hmm. Yeah, sure. Mm-hmm. Mm-hmm.
Steve Rutherford (30:19.209): Mm-hmm. Mm-hmm.
Steve Rutherford (30:25.687): Yeah.
Steve Rutherford (30:28.706): It's.
Steve Rutherford (30:31.722): It's a good example that we have taken and applied to user access, right? It's essentially what are the risks and vulnerabilities associated with individual users, right? And so if you look at those capabilities that you described, the ability to record, the ability to segment access, the ability to put somebody in a weight room and
Steve Rutherford (30:56.842): allow them into your environment only when you validated, right? Again, I think that's all table stakes. People expect that now by nature of the way that we've been doing this. And what's changed, to use your analogy earlier, is when I invite a plumber to my house, I can give that plumber access with a specific key to a specific room. But if I'm not at the house, right, how do I know that that plumber that I scheduled to come in and do that work is the plumber?
Steve Rutherford (31:25.504): and not somebody else, right? And that when they get into the plumbing cabinet, that they don't start trying to go through the sidewall and dig into something and cause additional work to be done. We're trying to apply that same kind of understanding in a way that alleviates a human having to get in the way is not right, right? We want humans to be in the loop and we want to enable humans to be in the loop.
Steve Rutherford (31:54.478): but we don't want them to be forced to spend all this time and energy around managing, right? In addition to all the other tasks that they have to accomplish, managing those specific access components. Hey, is Steve here? Is he right? He's got the right credentials. All right, is access approved? So we've really tried to be very mindful to give operators visibility of
Steve Rutherford (32:23.930): what those policies are, right? So I was gonna give an example earlier around when you take a trust score and combine that with the policy, what does that mean for an operator? So that means that I can, I find an internal employee and I provision access for my employees to a certain system. I can say, hey, when your trust score, right? When all of these different characteristics combined to provide a trust score that is highly credible, right? High trust, I'll allow you to connect on demand. But Aaron, you're a vendor, right?
Steve Rutherford (32:52.344): to that same system, if I want to give you access to that, you need to be high. And even if you are high, I want to be able to automatically place you into a moderated approval workflow process, right? Easy. But if you're a low Aaron, right? If you transition to a low while you're connected to my system, right? You do something that causes us to go, whoa, things are not right with Aaron. I need to be able to automatically say, hey,
Steve Rutherford (33:20.876): Let's put Aaron in a quarantine, right? Let's disable the access for the moment, put in Aaron into the quarantine and validate, you know, that everything is still safe, right? Nothing, Aaron wasn't hacked, right? There's not a malicious actor that's now in my environment that's hijacked his session. You have to be able to do that in real time instead of reacting to something that happened after the fact, right? That vendor went in and changed something, who did it? I don't know, let's look at the video. I still have to react. I still have to go in and investigate, right? After something's happened and it-
Steve Rutherford (33:51.019): It's really around how do we prevent and prevents a tough sell sometimes, right? Just like it is trying to convince you to go to the doctor, you know, before you have a problem. Everybody wants to go to the doctor when they already have a problem, but we really want to give organizations the ability to prevent those kinds of problems from ever being, you know, impactful, right? To those systems that are driving their business.
Steve Rutherford (34:27.266): Mm hmm.
Steve Rutherford (34:31.774): Mm-hmm. Mm-hmm.
Steve Rutherford (35:2.178): Mm-hmm. Mm-hmm. Mm-hmm. Yeah. Sure. Yeah.
Steve Rutherford (35:35.144): Mm-hmm.
Steve Rutherford (35:40.158): Mm-hmm. Yeah. Sure, sure.
Steve Rutherford (35:51.980): Mm hmm.
Steve Rutherford (35:58.295): Mm-hmm.
Steve Rutherford (36:2.912): Mm-hmm. Yeah, yeah. Sure.
Steve Rutherford (36:15.244): Mm-hmm Yeah
Steve Rutherford (36:26.247): Mm hmm.
Steve Rutherford (36:32.731): Mm-hmm. Mm-hmm. Yeah.
Steve Rutherford (36:40.610): Mm-hmm. Mm-hmm. Mm-hmm.
Steve Rutherford (36:52.780): Yeah.
Steve Rutherford (36:56.984): Mm-hmm.
Steve Rutherford (36:59.838): Mm-hmm. Yeah, it's about being able to allow the organization to layer on the appropriate controls to give access in a way that that organization wants to deliver access without requiring a large cumbersome administrative and technical overhead to achieve that outcome. Right. And you mentioned one thing that I did want to address, You know, it's great.
Steve Rutherford (37:29.962): AI ML technology is wonderful. They're great capabilities. There's also lot of understandable concern. And so when we developed these capabilities, we were extremely mindful of the sensitivity of the environments and the data. And so what we were able to accomplish was essentially generating these trust signals, utilizing those algorithms completely on-prem, with no cloud dependencies, with no external connectivity.
Steve Rutherford (37:57.644): So that all of that data remains within that OT environment, right? There's no external connectivity, no influence or visibility, right? I think that's a very important and understandable concern. And I just wanted to make sure that that was really clear because we wanted to really be mindful of that in organizations where that's a consideration.
Steve Rutherford (38:26.274): Mm-hmm.
Steve Rutherford (38:35.266): Mm-hmm. Yeah, right? Yeah, yeah.
Steve Rutherford (38:57.548): Mm-hmm.
Steve Rutherford (39:1.772): Mm-hmm.
Steve Rutherford (39:8.162): Anyway.
Steve Rutherford (39:21.877): Mm-hmm.
Steve Rutherford (39:29.656): Mm hmm.
Steve Rutherford (39:36.907): Yeah.
Steve Rutherford (39:40.155): absolutely.
Steve Rutherford (39:44.408): Mm-hmm.
Steve Rutherford (39:47.406): Of course.
Steve Rutherford (39:52.814): Of course, yeah, absolutely. Again, it's always interesting to see, again, as technology changes and allows us to mature how to respond in those environments and taking into consideration an organization that needs to grow over time and achieve a level of comfort and a level of output and capability before they want to jump to the.
Steve Rutherford (40:16.754): the next level, right? So we're excited. think we bring something meaningful and differentiated there. I'm looking forward to seeing how the market responds to it. But I think it's interesting, right, to talk through what's out there and how we're approaching that.
Steve Rutherford (40:39.820): Mm-hmm.
Steve Rutherford (40:47.330): Mm-hmm.
Steve Rutherford (40:50.419): Yeah
Steve Rutherford (40:56.118): Mm-hmm.
Steve Rutherford (40:58.670): Mm-hmm.
Steve Rutherford (41:8.633): Yeah. I say that would be the third reason, right? That would be the third reason would be a forcing function from a compliance perspective. You know, it's interesting. Different verticals, I think, have a different technology adoption curve even within that vertical, right? So you have an OT.
Steve Rutherford (41:31.640): technology adoption curve. then, you know, within manufacturing, you have a technology adoption curve, even within manufacturing. You know, in my experience, the manufacturing tends to be the most receptive to kind of more forward leaning, innovative technologies. And again, even within manufacturing, there are still organizations that want the bleeding edge and there are organizations that are the late majority laggard that want to see it demonstrated.
Steve Rutherford (42:0.418): I'd say that's the only industry or vertical that I would say as a whole is, I could say generically is more innovative in their approach or allows companies to be innovative in their environments. That's not to say there are not early adopters inside of those other verticals because there are, there may just not be as many.
Steve Rutherford (42:26.346): And that's really what we're, know, that's why we're, you know, going to market. That's why we're, you know, trying to get our word out so that those companies that do want to be proactive and have the flexibility to do so know about us. And those companies that need time to see the technology adopted and any kinks worked out, you know, and need to hear that reference, that referenceable, you know, that the guy that had an attack that you're talking about, right?
Steve Rutherford (42:54.670): Now we need to do something about it. They'll come in time, right? I like to say that the market and our adversaries, unfortunately, do more marketing than I ever could from a company perspective. When you do have a neighbor facility, a neighbor company that had an incident, you take that seriously. And I think it used to be that you could almost be the ostrich a little bit, right? You could almost kind of keep your head.
Steve Rutherford (43:24.674): down and say, it didn't happen to me. It's not going to happen to us. And I think, right. And I would say just judged by the willingness of people to engage, not as you know, our company, but just an OT cyber as a whole. I think that mentality has shifted to say, okay, like it's not a matter of if it's a matter of when, if we don't do something about it. Right. And so that's my perspective. I'm curious what yours is.
Steve Rutherford (44:2.936): Mm-hmm.
Steve Rutherford (44:9.090): Mm-hmm.
Steve Rutherford (44:15.924): Mm hmm. Mm hmm.
Steve Rutherford (44:25.141): Of course.
Steve Rutherford (44:32.386): Yeah?
Steve Rutherford (44:40.078): I gonna say, appreciate one of the really, I think, points in our nation currently is there's a recognition of this at the national level, right, from the policy level, that critical infrastructure is critical for a reason. And we have to take that seriously, right? Not just from a compliance perspective. Obviously that's still a driving factor, but from a...
Steve Rutherford (45:4.266): a funding perspective, organizations that want to do the right thing, that are trying to allocate resources towards solving a proactive problem. I'm excited to see that there's a recognition and opportunities for companies that want to not wait for something bad to happen to take advantage of those resources and those perspectives, because I think it gives investors confidence, company investors, stockholders, individuals that invest in companies like Hyperport, et cetera.
Steve Rutherford (45:33.738): All there's a level of confidence there that I think is giving us wind in our sails as an industry to handle these things proactively.
Steve Rutherford (45:51.628): Yeah!
Steve Rutherford (45:54.540): Too quick. Yeah.
Steve Rutherford (46:22.827): Yeah, well, I think what's exciting in this space is a little bit more higher level, right? But the proliferation and advancement of data centers, right? The re-nationalization of our critical infrastructure and on-shoring things that have historically been off-shored.
Steve Rutherford (46:41.576): I'm looking at charts, right? Data centers are obviously on a really high trajectory associated with it, but manufacturing and petrochem, there are investments being made across all of those verticals to bring back our core infrastructure to, you know, something that we can put our arms around as a nation. I'm really excited about that. I think that bodes well for us as a country, also for us as technology providers and practitioners. So that's the one thing I would say I'm.
Steve Rutherford (47:9.772): really, really excited and I hope we see that continue right over the next three to five or 10 years.
Steve Rutherford (47:27.662): Mm-hmm.
Steve Rutherford (47:37.582): Yeah.
Steve Rutherford (47:43.118): That's good.
Steve Rutherford (47:48.045): Mm-hmm.
Steve Rutherford (47:52.044): Yeah. Yeah.
Steve Rutherford (48:1.688): Yeah, absolutely.
Steve Rutherford (48:16.949): Mm-hmm
Steve Rutherford (48:21.559): Mm-hmm
Steve Rutherford (48:28.227): Yeah.
Steve Rutherford (48:38.715): Mm-hmm.
Steve Rutherford (48:45.436): Mm-hmm.
Steve Rutherford (49:1.496): Mm-hmm. Mm-hmm. Mm-hmm.
Steve Rutherford (49:32.025): Mm-hmm. Mm-hmm, sure.
Aaron Crow (49:48.846): How about now? Can you hear me? Okay. That was weird. I lost internet connection. Luckily you talked that whole time and I don't know where I lost. But you were about, I heard you, I came back in at the end where you said, I can give some examples of that. So yeah, let's just pick up. And I was like, I can hear you, but I don't think you can hear me. And yeah, it just completely lost internet connection. And then it came back up. It took like 60, 90 seconds. So I don't know what happened.
Steve Rutherford (49:49.739): Yeah. Yeah.
Steve Rutherford (49:55.020): Mm-hmm.
Steve Rutherford (50:1.753): Mm-hmm
Steve Rutherford (50:10.071): Of course, absolutely. Yeah.
Aaron Crow (50:18.882): as we're.
Steve Rutherford (50:21.418): Mm-hmm.
Aaron Crow (50:24.648): Absolutely, that's perfect. Thank you. I don't know what the hell's going on. I know if it's the ice or what here. yeah, crazy.
Steve Rutherford (50:35.802): Yeah.
Steve Rutherford (50:44.330): Mm-hmm.
Aaron Crow (50:47.534): Okay, awesome. Yeah, I'll pick up there. You know, the interesting thing with, to your point, and you talked, there's a lot of great nuggets in there, The bigger problem that we have and the way that we've done remote access or granting people access in the past, you said is like, hey, I checked your, you've got a key to the front door and I just assume that you've got in the front door so you can do anything you want inside the house. Like I'm not monitoring you.
Steve Rutherford (50:47.990): Yeah. Well, you have articulated the problem statement, right? The challenge that we here at HyperPort exists to try to solve. So I really enjoyed the conversation. It's always great to talk with you. I think we've kind of gone in a number of different areas. I hope this is valuable to your listeners. I certainly enjoyed it. I hope we can do it again sometime soon.
Aaron Crow (51:13.602): I'm not watching you, you can walk in, you can cook, you can open the refrigerator, you can go into my bedroom, you can go in my closet, all those types of things, right? In an OT space, that can obviously be a concern. We like segmentation. We like our, know, segmenting off my boiler away from my turbine and away from my third party controls. you know, if I'm letting in a vendor, if I'm laying in a plumber, I want him to go work on the plumbing. I don't want him in my electrical panel, right?
Steve Rutherford (51:18.786): Yeah, so I'm on LinkedIn. Just look me up, Steve Rutherford. You can reach out to us and connect on our website, hypereport.io. Demos, connection requests, all those things. Handle on the website, learn more about us. I hope we can talk to you.
Aaron Crow (51:41.710): So that's where this trust and just the basic level, not even getting into the AI and the vulnerability side of things, just the basic level of I want to make sure that when I'm giving somebody access that they only have access to things I want them to have. And on those things, they can only do the things I want them to do. I've approved them to do these. So in OT, we do this a lot, lockout, tagout, lottos. Hey, you're going to go and work on this circuit.
Steve Rutherford (51:44.750): for
Steve Rutherford (51:54.644): Absolutely, pleasure's all mine. Aaron, we'll talk soon, all right? Bye.
Aaron Crow (52:9.998): We're going to lock that circuit out. Everybody knows you're working on that circuit. And if you're going to work on something else, you need to come back here, let us know, and we'll lock that thing out. Right? So we have that understanding and concept in these OTSpaces. We want to be able to do that in a digital way. Right? So we want to lock them down. But then you start talking about session recording. I can't tell you how many times, and I'm not going to name OEM vendors by name. Everybody knows who I'm talking about. Those OEM vendors remote in to make a change or they're doing their normal maintenance.
Aaron Crow (52:38.230): something happens and now something starts working that wasn't working or stops working that was working. And the vendor's like, well, I didn't make any changes. I didn't do anything. It wasn't us. I don't know why it's doing it, right? You're like, well, what did you do? We didn't do anything. Okay. Having the ability to record that and understand that, go back to log, see what was changed, see who did what, whose hand was in the cookie jar, all those types of things. And then lastly, the whole vulnerability side of this, because we know in OT,
Aaron Crow (53:6.764): We have these antiquated, antiquated may not be the right answer, but many times it is, really old systems that many times can't be patched, or even if they can be patched, we're not patching them. Because it's too big of a risk many times to patch them because it breaks something else. It's usually less of a risk. If I do the risk reward factor, it's usually less of a risk to just let it ride than it is to update it, especially now. Now maybe I'll do it in an outage window in the fall when the unit's offline, all that kind of stuff.
Aaron Crow (53:37.368): So having the ability to understand what those risks are, those vulnerabilities are, and to mitigate those things other ways, other than just patching is vastly valuable. It's valuable in IT, but it is hugely valuable in OT because of the fact that we aren't able to patch. And many times in my organizations, I don't know.
Aaron Crow (53:57.038): I just know, cause like if I just do a vulnerability assessment on an OT space, it's just all red. It's like your, you know, ninth grade English, you know, report that just everything is wrong. It's just red, red, red, red, red, red, red, red, red, red, red,
Aaron Crow (54:26.082): This is where I'm excited about AI to start plugging into these things to say, okay, we know all of these things. We know we can't patch this stuff. What is my risk in these spaces? The risk and the analogy I always give is I've got two PLCs. They're the exact same PLC, PLC whatever make model you wanna say. One's controlling the turbine and the other one's controlling the ice machine in the break room. They both have the same firmware. They both have the same risk and the same vulnerabilities.
Aaron Crow (54:55.214): But one is not a big risk to my environment, right? As an organization, if the ice machine goes down, operator's gonna be pissed off, but I can still run my plant. If the turbine goes down, whole different set of risks. So that's where the risk is different, even though the vulnerabilities, the CVE score is the same, the risk to my organization and understanding of that is vastly different. And that's where this complexity comes into this mathematics of what is a real risk.
Aaron Crow (58:39.965): Yep.
Aaron Crow (59:6.902): Yeah, dude, and that is so huge. And we talk about this in the OT space and our operators, our asset owners are hesitant because they've been burned by promises from IT. What excites me about this approach is that it's not intrusive.
Aaron Crow (59:30.926): I'm not having to install new things. I'm having to redesign networks. I'm not having to change their business process. They're able to give access. They're able to do the things they need to do. And it's more focused on, you know, I'm not stopping the main, the plant still runs. I just made Aaron sit in the sidelines until somebody watches what he's doing, right? It's not like my plant's still running. The PLCs are going, the turbine's running. You know, the things are doing what they're supposed to be doing.
Aaron Crow (60:1.228): But this outsider that was wanting in and was knocking at the door, you've made him pause over there. And I don't have to take an operator away from his normal job to sit there and watch the screen as this guy's clicking, as I'm surfing on Instagram or whatever, because I'm not really paying attention, because I'm bored and it's boring to watch somebody else work on a screen and I'm not even there. I'm just like, whatever this guy's doing, I've seen this a thousand times, so I'm just not paying attention.
Aaron Crow (60:28.526): How can I expect anyone to pay attention to that? It's impossible for a human to pay that much, unless there's like, like the sky's falling, you know, I've got 10 people, we're all watching the screen, cause that's the only thing that's gonna make us work, right? But nine times out 10, that's not the situation. The guy's coming in for maintenance. I let him in, maybe I've got the screen up. I'm half-ass paying attention to it. Maybe not even that much. And then it's not until, to your point, something bad happens. You know, boom.
Aaron Crow (60:56.546): the incident happens, now I'm right of boom, trying to respond to what happened, what caused that thing. Instead of, to your point, we all wanna get to a place where we're left of boom, and we're preventing that boom from happening, and we're able to try to say, hey, wait, wait, wait, wait, before you click that button, there's very simple things like, hey, going back to my Cisco days, you can log into the Switch, and you can do show commands.
Aaron Crow (61:23.170): but you can't enter configuration modes and start changing configurations. Like I'll allow you to look at what's there. I don't want you to make changes on the fly, right? You're not approved to make changes. So those commands are not even available to you, because I don't want you to make changes to my configuration. That takes another process and we have to get the change order. I want you to be on site to do that. Or I want to have somebody on site. I want to review your work. Like there's all these things and this is the business process that OT really understands and likes. And that's why I think that that.
Aaron Crow (61:50.850): That approach worked so well in this space.
Aaron Crow (63:12.334): Yeah, and I think many O.T. spaces are going to need that, whether it be from a regulatory requirement, like in a NERC SIP environment, in our power utility spaces, or even just a comfort level of, I really don't want unfettered access into my O.T. spaces. I'm OK with using the tools and the capability, but I don't want it going to Google. I don't want to have a connection from my O.T. network to the internet. That's jumping way too many bridges.
Aaron Crow (63:42.104): But if I can do all those things locally and I have those capabilities, is it the same? No, of course you're have more compute power in the fucking internet than you are in on my local prim. It's not the same, but I don't need that level because it's not the same level of complexity either, right? I don't have to have all of the answers possible in the whole wide world. I have a very smaller subset of things I need to consider. So I don't need all of that compute power, right? can do, can have meaningful value add.
Aaron Crow (64:11.064): to this environment and it all be local and it all be on-prem and it all be controlled by me and my data is not getting out anywhere. I'm not letting out in third parties or Google or and I don't have API calls to the internet or backwards or anything like that, right? That's hugely powerful and that's what it's gonna take in these OT spaces. Not to mention you start looking at DOD and government places and all of those types of things. It's hugely valuable and obviously they're air gap systems. Nuclear is another great example of that.
Aaron Crow (64:40.066): nuclear power plant has an air gap, right? So that doesn't mean you couldn't do this. You just have to do it on prim.
Aaron Crow (65:27.492): How are you seeing, let me get to where I'm trying to get to. I see two main types, there's obviously multiples, but two main types of customers that look to advance their cyberspace, especially in OT. Ones that have had something bad happen, or ones that have a forward thinking leader that is trying, maybe they had something bad happen someplace else, and they're bringing those lessons learned in. How many are forward thinking?
Aaron Crow (65:53.510): organizations are looking for this type of thing in a mature way versus, we just got attacked and we need to do something or there's a regulatory requirement forcing me to do it. So we're moving it. Yeah.
Aaron Crow (66:26.062): Mm-hmm.
Aaron Crow (68:46.006): Yeah, mine is the same. It luckily shifted over the years to, know, I've been running this for 40 years. I've never had that problem happen, blah, blah, blah, blah, to it's happened enough. I think everybody realizes it's not a matter of if, it's a matter of when. If I don't make significant changes and investments into my O.T. spaces, bad things can happen. And unfortunately, bad things in O.T. spaces happening can mean lives lost. And that's obviously a...
Aaron Crow (69:14.114): the impact and the risk is higher because of those things and the direct correlation, whether it be power outages and people lose their lives because they don't have electricity at home or something explodes and employees are hurt, right? Any number of things, manufacturing, all sorts of problems happen.
Aaron Crow (70:35.608): Well, used to I would my wrap up question was in the next five to 10 years, but I've stopped that from being such a long lead time because things are happening so fast and AI is changing and technologies are growing so fast. So I've kind of adjusted that to say, just say it a little bit different and remove the time thing. But, you know, all the things that are coming up, we know things are changing.
Aaron Crow (70:58.354): It's an exciting space to be in, but what are some of the things that, you know, maybe one positive or one thing that's scary, what's one thing that you see that you're excited about coming up over the horizon in this space and maybe something that's a little concerning in the same space? And it doesn't have to be 10 years out, because I know that's a long lead time.
Aaron Crow (72:7.938): Yeah, yeah, that's awesome. I agree. It's one of those things that, know, yes, it's cheaper to do things elsewhere sometimes. But I think we saw it's another thing we saw during COVID is our supply chain was weak because we were pushing too many things off offshore, which is fine and good times. But when we need it, obviously, if know, if China is making things and they need the same things that we do.
Aaron Crow (72:30.518): It's not because they hate us thing, it's because, I'm gonna take care of my people before I send things to you. Anything I have leftover, I'll send to you, but I'm not sending things and not sending it to my own people first, right? So I would not expect them to do anything else like anyone for that matter. So, you know, I love the fact that we realized those things and it wasn't too painful and hopefully we pick up on those things going forward. So, no, I love it, man. know, remote access has always been.
Aaron Crow (72:57.854): a big piece to me, know, segmentation, know, understanding my environment. But when I do all of those things, I've seen it from the beginning because we don't have enough skilled people. You know, all of these O.T. spaces many times are in the middle of nowhere. So hiring the right people for these spaces. And I never have enough budget, so I don't have enough people. And they're also doing operational things and I'm expecting to do all these other things. So I need to have the ability to to have a strong workforce that can provide that level of access and help.
Aaron Crow (73:27.882): into these spaces, but how do I do that in a secure way and help them without making it more of a risk than it is a value? in the past, again, my team would just drive, but even that made it really difficult because it took me longer, because I'd have to drive out to the space and maybe it was a three-month project and it made it harder to do. When I have a way that I feel confident in, then I can do these things remotely and I'm not adding too much risk to the environment, then that opens the possibility of how I can support
Aaron Crow (73:57.858): how many people I need on my team, how many sites they can support, what types of projects we can do, and all that kind of stuff. It really opens the portfolio of ability for me to support things, for me to be able to have a regional team that's providing access so I don't have to have a high-level, skilled OT person. Because the problem that we've seen is we hire an OT person at a site, we train them up.
Aaron Crow (74:26.060): We can only pay them so much because the market in that area only pays X amount of dollars. But then that same person, if they move to a big metropolitan city, can sometimes double or even more their salary. So you're going to lose them once they have the experience, more than likely they're going to move away because you just can't compete with them on that space. having that ability to not lose them and say, let's move you to corporate.
Aaron Crow (74:50.978): You'll provide this access at a different level. We can pay you differently, but you're still providing that access and understanding that really helps us with staffing, resourcing, because we all know it's not just technology that's going to solve this problem. It's people, process and technology, right? So we need all of those things together, which is why I think y'all's product is, and products in this space are so exciting because they really help in all three of those. is a technology, of course. It also enables other technologies, but it also enables the people and the process side of things.
Aaron Crow (75:20.438): in enhancing my OT, lowering my risk, enhancing my cybersecurity, my posture, all that type of stuff. So it's an exciting space to be in. I think that's why you see a lot of conversations around it. And again, since COVID, obviously everybody's been kind of forced down that whole, that walkway of we're gonna have remote access, how are we gonna do it is a different question.
Aaron Crow (76:5.024): Absolutely. Steve, tell everybody how to get ahold of you, where they could find out more about hyper port, do a demo, all the things.
Aaron Crow (76:25.070): Awesome. Yeah, definitely reach out to hyper port. They're, they're a great partner in a, in a really cool technology. Um, and it's a really big need in the O T space. So definitely reach out to Steve, tell him Aaron sent you to tell him you heard him on the podcast, all the things. So awesome, Steve. Well, I will talk to you again soon, sir. Thank you for your time today. I appreciate the conversation and thank you for dealing with the technical difficulties that we had there. So I appreciate your brother.
Aaron Crow (76:50.094): Bye bye.
Transcript lightly edited for readability.
Subscribe to PrOTect IT All and stay ahead of the threats targeting critical infrastructure.