Ep 98: The Striker Attack: What It Reveals About OT Cybersecurity and Why Tabletop Exercises Matter | PrOTect IT All
HomeEpisodes › Episode 98
Episode 98
Episode 98 Solo

The Striker Attack: What It Reveals About OT Cybersecurity and Why Tabletop Exercises Matter

Mar 23, 2026 00:32:08
OT SecurityCritical InfrastructureIncident ResponseRisk ManagementRansomware

Watch This Episode

Cyberattacks don’t just test your systems - they test your preparedness.

In this episode of Protect It All, host Aaron Crow breaks down key lessons from the Striker attack and what it reveals about today’s evolving threat landscape across IT and OT environments. From energy and healthcare to manufacturing systems, attackers are increasingly using sophisticated techniques like “living off the land” - blending into normal operations instead of deploying obvious malware.

Aaron takes this beyond theory, focusing on what organizations must do before an attack happens.

A major theme? Tabletop exercises. Not as a compliance activity - but as a critical tool for building real incident response readiness, improving team coordination, and exposing gaps that tools alone can’t catch.

You’ll learn:

Whether you’re defending critical infrastructure, leading a cyber team, or just starting your security journey, this episode delivers practical insights you can apply immediately.

Tune in to learn how to prepare before the next attack - not react after it - only on Protect It All.

Key Moments: 

04:59 "Modern Warfare: Cyber and Beyond"

08:47 "Security Risks of Remote Wipe"

10:31 "Living Off the Land Tactics"

13:11 "Balancing Power and Security"

19:12 "Vulnerabilities Demand Swift Action"

20:21 Prioritize Risk, Justify Investment

25:04 Practice Preparedness Before Crisis

26:48 Weak Links Threaten Cybersecurity

Connect With Aaron Crow:

Learn more about PrOTect IT All:

To be a guest or suggest a guest/episode, please email us at [email protected]

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Chapters

04:59Modern Warfare: Cyber and Beyond
08:47Security Risks of Remote Wipe
10:31Living Off the Land Tactics
13:11Balancing Power and Security
19:12Vulnerabilities Demand Swift Action
20:21Prioritize Risk, Justify Investment
25:04Practice Preparedness Before Crisis
26:48Weak Links Threaten Cybersecurity
Read the full transcript

Aaron Crow (0:0.782): Hey everyone. Thank you for joining me on the Protect It All podcast. I am here, unfortunately having a similar conversation to some of the episodes I've done recently, which is a little different than normal where I'm usually having guests sitting across talking about fun stuff and different types of topics, but this one is right.

Aaron Crow (0:29.506): you know, and all that's going on.

Aaron Crow (0:34.326): Let's just dive in. Right. So when is the last time we've, we've done a, you know, a threat hunt specifically looking for pre-positioned, adversarial access in your, in your OT or ICS network? Probably not a lot of places are doing that. Right. We're not usually when I've done threat hunts or I've done red teams, I've done those things. I've usually done them from the corporate side. I've usually done them in a protected environment.

Aaron Crow (1:2.638): I'm not usually doing them in the actual assets and the environments that because there's such a risk and most organizations are, are, you know, averse to that risk in these spaces for good reason, right? I remember doing, pen testing and, and, and all of that in these spaces and power plants. And we did this with a large consultancy. It's when I was an asset owner and we went plant to plant to plant and I would not allow

Aaron Crow (1:32.692): any of them to actually touch keyboard. So I was taking my machine, I was doing hands on keyboard, getting them data out, but we were still very cautious and we were communicating with the plant and we were doing it in down times. But even that, I remember we were at a site and we were in the break room and we'd done a pre-job brief that morning and we were drinking coffee, like had not done anything yet and the plant tripped. The first thing everybody did is what you guys do.

Aaron Crow (2:3.958): Nothing. We're literally sitting here. Our computers are in our, in our bags. We're having coffee and donuts that we brought in for, the entire team. And they, you know, panicked because we were there. We'd done the pre-job brief. We knew what we were doing. They knew what we were doing that day. And they, had to prove, or they had to prove that it wasn't us before we were able to do anything. So in these environments, it's so difficult to do this stuff. Right. And now we're, dealing with an actual incident.

Aaron Crow (2:33.730): with Striker. According to Microsoft threat intelligence, an Iranian state sponsored group called Lemon Sandstorm has maintained persistent access inside critical national infrastructure networks, including energy and water ICS and SCADA systems for more than two years. They've been sitting there waiting and with operation Epic Fury, which is, you know, the U.S.' attack against Iran.

Aaron Crow (3:1.063): The US-Israeli military campaign against Iran. It's the intelligence community is assessing that activation of that dormant access is likely.

Aaron Crow (3:14.218): take a moment there, right? Is they're saying that, that that activation, that this thing is sitting there somewhere in these places, in these energy systems, in these water systems, in these ICS and SCADA systems, and that now that there's an attack going on, that there's dormant access that they've just been waiting and it's going to do, right? So most people are talking about this tracker attack now, right? We absolutely need to talk about it. Landmark event,

Aaron Crow (3:44.110): But I want to make sure we talk about the right context, right? Because what happened with Stryker is not an isolated incident. It's the first confirmed, you know, destructive, I guess, cyber operation of an active military conflict. There have been, and that's debatable, right? You know, obviously we don't always know the things that we don't know. But this one being public and being confirmed.

Aaron Crow (4:14.458): is really what I'm talking about there, For everybody out there that's like me, that's protecting critical infrastructure, that's pretty scary. The fact that we've got energy, water, manufacturing, healthcare, these types of things can be happening in these spaces and be a part of war, right?

Aaron Crow (4:43.726): you know, thinking back to my parents and my grandparents and war and, you know, as atrocious as war always is, no matter what it looks like, you know, World War II, World War I, they're on another continent, especially as an American, it's on another continent. Obviously we got hit in Pearl Harbor, but again, in the homeland, we're not exactly being hit by bombs. Like I can't imagine living in Israel or in Iran or any of these places where

Aaron Crow (5:13.428): as just a citizen, not part of the military, just as being at home with my family, those things coming in. The risk that we saw all the way back to, you know, with the Stuxnet, right, is that was a weapon that was fired at, ironically enough, the Iranians for their centrifuges, right? But that thing is that weapon can be fired back, right? It's not like a bomb that blows up and, you know,

Aaron Crow (5:42.883): They can be fired back. We even see the drones nowadays. I've seen the recent thing with the drones that, actually Iran built, us re redesigned and are using the same technology back against them again. Right. All this to say, there's, there's a lot of war warfare looks different, especially when we bring in the cyber component, to that warfare. Right. So, let's get started.

Aaron Crow (6:9.568): started with the facts of the attack itself. Stryker Corporation, a roughly $25 billion medical technology company, it says with 56,000 employees across 60 plus countries. They disclosed a global disruption to its Microsoft environment on March 11th. A pro-Iranian hacktivist group called Handala

Aaron Crow (6:37.006): which is also tracked as Void Manticore and assessed to have ties to Iran's military of intelligence and security. They claimed responsibility. Their claim numbers is that they have more than 200,000 devices wiped across 79 countries and approximately 50 terabytes of data exfiltrated before the wipe commands went out. Alright, Strachow confirmed there was no evidence of ransomware. It was just purely destructive, right? They didn't want money.

Aaron Crow (7:6.857): they were threatening they were saying he do this or else it was just i want to do damage

Aaron Crow (7:14.082): technical piece that we need to understand is that they didn't write a custom wiper. They compromised the Microsoft intra ID tenant, right? So we all have these Microsoft 365 tenants and we're connected with Azure and identity access management and they actually gained administrative access into Microsoft Intune, right? This goes back to all the way back in the day when we used to have Active Directory and we're logging in as domain admins on endpoints and

Aaron Crow (7:42.049): and we're, you know, we got to protect the hash and pass the hash. There's all of these problems. I'm not saying it's the same thing, but it's a very similar type problem, right? Is they got access. And once you have domain access or admin administrative access at those levels, you're hosed, right? So they're, they're MDM system, mobile device management system. And from there, they were, they used the end tool, like living off the land. We've heard that term. They've used the built in.

Aaron Crow (8:12.888): products and capabilities that we have like we give these laptops out we want hey we need to make sure that we can remote wipe them if somebody loses a laptop in an airport or it leaves it in a rental car or or somebody steals it out of the back of your car or breaks in your hat whatever those things are we need to able to remote wipe and factor reset

Aaron Crow (8:31.010): They logged in and use those exact capabilities that were designed as part of the disaster recovery, as part of incident response planning in our plans here. The problem is, is if the bad actors get into those spaces and have those capabilities, we're giving them access to those things. It's why in IT or in OT, do, I for sure, and many, many that I hear are so adamant about segmentation. And it's not just network segmentation.

Aaron Crow (9:0.704): It's segmentation, it's separation of duties. It's all the way back to the reason why your accountant, like you have separation of duties between your accounting department and your payroll and all this kind of stuff. Cause you don't want one person to be able to write themselves a check and also cook the books so that you don't understand what just happened. Right? There's, there's those separations of duties, right? In a very similar way, this is, this is an issue. The attack used legitimate functionality in their system.

Aaron Crow (9:29.656): there was no malicious payload it wasn't custom it wasn't malware wasn't ransomware was nothing that you security tools were going to detect because they it was built and it was it was purpose as designed by microsoft and by the organization

Aaron Crow (9:45.839): There's no endpoint AV or EDR to detect. It came from the management plane itself, right? And that's the important piece there is it wasn't, you know, a malicious code or malware or anything else in that space. So again, we've been talking about it. I've mentioned a few times already, but in OT we call it living off the land where they use legitimate tools, adverse or, you know, bad actors use legitimate tools and protocols.

Aaron Crow (10:15.939): your HMIs, your engineering workstations, DMP3, Modbus, OPC, like we know these things are insecure and they use those things to move, they can use those things to move through the control system environments without trigger detection. You're not going to notice if somebody sends a DMP3 or a Modbus command. Even though I don't want them to and they shouldn't be doing those things, it's not something that my security tools are going to detect.

Aaron Crow (10:42.339): crash override abused ICS protocols, Triton targeted safety instrument systems, pipe dream took a toolkit for abusing whatever's already on the OT network. What this bad actor, what this group did with Striker is the exact same playbook applied to the enterprise IT side, right? It's to the corporate side of this conversation because it's that integrated Microsoft platform. The tool is different.

Aaron Crow (11:11.535): The principle is identical though. It's that living off the land, like what tools are here and what can I do with it? And scale the destruction, right? So if I can push patches, if I can reboot, if I can force wipe, cool, let's do that.

Aaron Crow (11:30.617): Some hospitals, EMS providers temporarily disconnected from Striker Cloud Services as a precaution, including LifeNet, the platform used for the, know, transmitting EKGs from ambulances to hospitals. And that downstream consequence of an IT attack on a device company, patient safety and clinical operations were affected. That's a different thing. There was no infection. It was just all as built.

Aaron Crow (12:1.571): So.

Aaron Crow (12:4.205): The we've all seen the headlines. It's been out for, you know what? Today's the 16th, so it came out the 11th, so it's been out for almost a week now.

Aaron Crow (12:15.599): this deserves attention and how do you have, you know, that defensive thinking about as an attacker, as a bad actor, what can I do with this access? I remember sitting in a, at a, a tabletop exercise at a plant and the CISO was in the room with us and we were going through all these different scenarios and it was a corporate led one, right? So it had IT stuff and management stuff and OT stuff, all the things. And

Aaron Crow (12:45.227): And the CISO said, well, if we're talking about bringing down power plants, who, who is the person that is the most dangerous? And I said, and I raised my hand and I said, me and my team. And he said, well, why do you say that? I said, well, cause we know the passwords to every site. I know I have an account on every site. have admin rights on every account. I have the local accounts to everything. Cause the question he had was like, if, I, a, you know, a bad person, a bad actor,

Aaron Crow (13:15.341): came in and took me hostage or had my family and held a gun to their head and said, go in and do this or else you couldn't stop me. Like I have that access. Nobody would even know it until it was too late.

Aaron Crow (13:33.817): So how do you fix that? How do you monitor for that? How do you adjust for that? Like you need me and my team to be able to do what I need to do, but you also don't want me to have so much power that I can shut everything down before you and you can't do anything about it. Right? So it's that, it's that catch 22 that sometimes security makes things more difficult. and complexity is not necessarily what is needed at an OT space when I need to be able to respond quickly. Cause again, and then the difference from an IT world,

Aaron Crow (14:2.671): In an OT world, I need to be able to respond. That's the reason why you walk into a control room and there's no passwords on those systems. An operator gets up and walks and goes to the bathroom. They're not locking their screen behind them. And in an IT world, you would say, oh, that's dangerous. Like if somebody could walk in and steal your data or do something, right? Well, we handle those in different ways. We lock the room. Nobody's in the room that shouldn't be. And if something's going on in the system, if you think about Chernobyl or

Aaron Crow (14:31.804): a nuclear power plant of any kind or any type of mechanical thing that's moving. If there's a safety incident, if there's a danger to the system that's going to damage the equipment, even if I'm not even talking about human life, if I'm just going to damage equipment, can you take me down? I need to be able to react in seconds matter.

Aaron Crow (14:51.543): So I don't want to lock the workstation just because, you know, Bob went up to go to the restroom and then Bob's in the restroom and then the plants melting down and I have to wait till Bob comes back and logs in to be able to take action. Of course not. But that makes it difficult to protect and to air gap and to which as we know, air gap is usually a figment of imaginations. but these things are part of it.

Aaron Crow (15:21.512): These are the difficulties. it wasn't for this, OT would be no different than IT. It would be super simple to secure it.

Aaron Crow (15:35.011): This is very much in our wheelhouse as practitioners, as cybersecurity people protecting this and working on these things, right? you know, the, there's so many different groups that are involved in this, that we know of that doesn't mean that there aren't more that are

Aaron Crow (16:0.287): out there, right? Anytime that there's a conflict, and again, this is not to get political, this is not to talk about right, wrong and different. It's just a fact. When there is a conflict, there's going to be bad actors or not even bad actors, depending on your perspective, hackers, hacktivists, people that believe in one side or the other and are going to go after the other side, right? You know, different APT groups, you know, different

Aaron Crow (16:29.485): government sponsored ones, not government sponsored ones. It doesn't matter, right? There's going to be additional attention given. And we know that the OTSpaces are vulnerable. know that the, you know, they, we know where, where the difficulties are. Let's just put it that way without, without saying too much. These are not secrets. These are not surprises that these environments are.

Aaron Crow (16:57.129): are risky. know that the energy sector is a prime target. Like look at any major incident, like you look at, you know, hurricane coming through. One of the biggest problems that we have when those things happen is power loss. When power goes down, nothing else works. There was North Carolina a couple years ago where a substation went down. think somebody actually shot it with a rifle, but that substation went down. They shot a transformer. They couldn't get that transformer back up an entire section.

Aaron Crow (17:25.773): was down. I think it was an entire county. But this entire big geographical area was completely out of power for like a week. So if you want to get gas, you had to drive next county over. Grocery stores didn't work. Water didn't work. There was no pumping of water. know, refrigeration didn't work. Like nothing worked because everything in our world is tied to electricity. So you don't have to go after the water. You just hit the electricity and the water goes down too.

Aaron Crow (17:56.089): So it's that big domino. We know that as a prime target. We know that is the biggest concern. It's critical, right? There's potential for espionage. We just talked about a gunfire. Somebody could shoot a transformer. That's got cyber, but those are things that we have to be concerned about. Somebody could run a car. They could drive a truck into it. could walk into something and bring in malware. There's any number of things that can happen.

Aaron Crow (18:28.495): This wasn't that, right? The striker was not that. It was pre-positioned access.

Aaron Crow (18:37.079): It was getting into Microsoft. was getting into a tenant. was using, you know, living off the land type capabilities, right?

Aaron Crow (18:46.531): activist groups and all of that is going to surge because of conflicts.

Aaron Crow (18:58.905): The electronics operations room and Iran coordinated hacktivist platform is reportedly coordinating about 60 groups of activists. They've conducted 149 confirmed denial of service attacks against 110 organizations across 16 countries since the conflict began. ICS and OT specific attacks from the hacktivist ecosystem surged 50 % in March. Now most hacktivist attacks

Aaron Crow (19:27.840): N.O.T. or nuisance level rather than, you know, bringing down a plant. But it's not always true.

Aaron Crow (19:36.855): Obviously all it takes is one of them to get through and be able to bring something down as we know the grid is very tightly woven and, and, and easily, not easy, but if I can bring down a domino, the right domino, if I can pull the right peg out at the right time or the wrong time, how big of an issue that can be.

Aaron Crow (20:4.373): So.

Aaron Crow (20:9.017): there's just a lot of, a lot of attention, focused on other countries, other organizations. And even though, you know, the power plant didn't do anything, the, the, the, you know, your organization didn't do anything. It's just a matter of that. We are in this space. Like we are in a place where there is a,

Aaron Crow (20:37.559): an action going on and that is going to cause more attention. Right. So again, the, what, okay, Aaron, like, yeah, we know this is going on a state in the news every day. It's on my social media feed. What the hell should I, or should I do about it? Right.

Aaron Crow (20:54.407): this is a great time to raise that flag, right? It's a great time to start searching the logs. It's a great time to, you know, raise the flag with your management, with your leadership and talk about, this is another justification for why, right? Because what it really comes down to in most organizations that I see is lack of time, money or resources.

Aaron Crow (21:22.317): Right? I don't have enough money to justify the bodies, the process, the technology that I need in these spaces. And a lot of times it's because, we've been running this plant for 40 years and nothing bad has ever happened. Why am I going to put money into this now? Let's kick the can down the road a little bit further, or I'll give you a little bit. Like what, if I had to prioritize out of this big list of things that you say are deficient, what is the one that you need most?

Aaron Crow (21:51.405): Right? So this is the things to think about as you're looking at your organization, look at this attack and this incident and bring boil that up and convert that into what does this mean for me and my organization? Are we at risk for this? What is the downstream impact of that? Right? If my organization is using Microsoft or whatever those things are, just go through that tabletop exercise, pretend that that happened to your organization. What could happen? Obviously this was a medical device company.

Aaron Crow (22:22.079): What could that, what could happen in your space? Are you transportation? Are you wastewater? Are you a manufacturing facility? Like what are you, what could it do in these scenarios? This is why I think we do as a, as a entity or an organization, usually we use tabletops incorrectly. We do once a year and we have these big ones and we bring people from all over the country. And I'm not saying there's anything wrong with that.

Aaron Crow (22:50.051): But we should be doing a tabletop every time we have something like this come up. We should be doing a tabletop monthly, weekly, as often as possible. This is just war gaming. It's thinking through the scenario of if I have these problems, how would I respond? And the more that you do them, the more issues you're going to find, the more solutions you're going to find. It's not just about finding the holes. It's also about finding solutions. And those solutions aren't always just

Aaron Crow (23:18.967): technology or a person. can be just, hey, if we change this setting to that, or we change this configuration this way, it reduces our risk because of X, Y, and Z. I can't patch this system, but if I put it behind this firewall in this separate network and I monitor it because I already have all these things in place and I monitor it because I can't reduce, I need RDP and I need SSH. So, but I also know that I only should be SSHing from this other machine over here and I could put

Aaron Crow (23:48.065): and all the other tools on it. Okay, well, that that secures me more than just having this thing be able to be directly already peed to. Like, those are examples. I'm just throwing an example out of you have to really go through and understand that. And the more that you're doing these exercises, I can't tell you how many times I've done this. And I walk through these plants. I'll walk through an environment and I'm like, well, you don't have remote access. No, we don't have run access. It's completely air gap or it's completely isolated or blah, blah, blah. We walk over like, okay, well, what is this?

Aaron Crow (24:17.379): Well, this is a system. What is that? Well, it's got a wireless card. Who's that wireless card? well, that's for the vendor. Okay. How do they get access to that? well, they just have direct access. Okay, buddy. That's called remote access. And then that is also plugged into your OT network, which means that vendor or a bad actor going through that vendor now has access directly into this system because you gave them access or they gave themselves access to this environment through a

Aaron Crow (24:46.863): cellular modem. Now they have access to this system and then they can pivot because that system is also plugged into the rest of your OT system because it's not segmented, it's not air gapped, it's not, it's all one big network many times or maybe it's not one network but are there other systems on that environment that they can get to or pivot to or all your, even if I am segmented, is it

Aaron Crow (25:9.059): block down enough that if I get into that space and I'm going to be able to tech or restrict them from being able to do other things when they're there. Like these are the problems that we have that it comes back to, man, we should be doing more tabletops, man. And to me, a tabletop is the exercise of going through and thinking through what is the worst that can happen.

Aaron Crow (25:31.299): Give a scenario. Every scenario you give helps you and your team and the OT side and the IT side and the leadership understand the risks and what are we going to do in these scenarios? It's the same reason we, I know I sound like a broken record, but it's the same reason why we do fire drills in businesses and buildings, because you don't want the first time somebody is evacuating a building with a fire.

Aaron Crow (26:0.803): to be the first time they think about what am I supposed to do where do I go how do I do this I'm on the thirty second floor where do I take this elevator dot like that elevator where do I go to where's the muster point

Aaron Crow (26:13.155): the reason we do fire drills occasionally. So we go through the exercise. So when it does happen, yeah, I remember I'm not supposed to take the elevator. So I'm supposed to take the stairwells. I'm supposed to go down X number of floors. And then there'll be a person that's there that's supposed to say, should I keep going or stop here? Like there's examples of why we do these things. And again, in many organizations we're doing them once a year, which is better than none, but we're still doing them once a year.

Aaron Crow (26:46.123): If nothing else, take this scenario, take the things that are going on in the news, take the things that we're seeing in the space and do your own, use whatever tools you can, write on a piece of paper, reach out to others that have done it and build your own scenario. It doesn't have to be super complex, but put the scenario in, have a conversation, have it, bring in lunch, bring in your operators, bring in your cybersecurity folks, bring in your networking guys, bring in your firewall guys. Hey guys, this is,

Aaron Crow (27:15.887): This is what's going on. This is the scenario I put together, I brought it in lunch. Let's talk about it. This is the bad thing that could happen. What could happen? How could they get to, how could they pivot? Let's look at our firewall rules. Let's look for this. Like that's how you start thinking ahead because that's what the bad actors are doing. They get in the light. Oh, what could I do at this place? And they're dedicated their time to doing those things. They're not just in meetings. They're not just, you know,

Aaron Crow (27:43.285): updating firewalls or, or, or adding new technology or capabilities. Cause the problem is, is as we know, a chain is only as strong as its weakest link. So yeah, you may be updating firewalls across your organization, maybe adding this or that or whatever. I don't know how to get the message across to those that aren't hearing in the back.

Aaron Crow (28:7.407): place that you installed and updated five years ago and haven't been back to, that's where they're going to get in.

Aaron Crow (28:14.637): the vendor that has access to that 3G modem we talked about or 5G or whatever cellular modem directly into their system. That's how they get in. The unsecure wireless network that the operator plugged in, because they need access at Saturday at three o'clock in the morning and nobody, the IT organization hasn't deployed out to them yet. So they got a D-link off from Walmart and they plugged it into their network. That's how they're going to get in.

Aaron Crow (28:42.327): And these people, you know, that operated, they did that, they're not doing it to be malicious to do it because I need to do their job.

Aaron Crow (28:49.741): And the system failed them many times. That's what happens. It makes it so complex, so expensive, so difficult to get anything through. like, forget it. I'll just do it myself because I need to work today. I don't need to work in six months when I go through all these boards and approvals and all the things. It's a, it's a $50 fricking modem. I can plug it in and we can be working this afternoon.

Aaron Crow (29:14.605): And they don't understand the vulnerabilities and the risks that they brought in, but they needed it to work and we didn't help them.

Aaron Crow (29:28.255): Use this as an opportunity to have additional conversations, talk to your teams, go to the sites, figure out, go through these scenarios, do a tabletop, bring in somebody like us that does them and has tools and can do it or do it yourself. Like find a way to take some positive action in this way. And it doesn't have to be expensive. Like I said, if you're doing this yourself, it's 15 minutes, chat, GPT, going through some scenarios and having a conversation, bringing in lunch.

Aaron Crow (29:57.039): Like how much is buying some pizza for a team of 20 or 50 or 100? A heck of a lot cheaper than a cyber incident. A heck of a lot cheaper bringing down a plant. A heck of a lot cheaper than loss of life in these spaces.

Aaron Crow (30:16.409): Do something, take action, make positive progress.

Aaron Crow (30:25.293): All right, that's it guys. I appreciate the time. Definitely like, subscribe, all the things, get the message out. This is too important not to. We have to be doing, taking actions in the right direction. I don't care how much budget you have, there's definitely things that you can do. And they don't have to be expensive and they don't have to be super time consuming. They can just be taking baby steps. I think back to what about Bob?

Aaron Crow (30:52.163): baby steps on the plane, baby steps on the train, baby steps to get to that place. Like just take baby steps if I'm moving in the right direction.

Aaron Crow (31:2.593): I started rocking what five years ago or something and I started with a 10 pound weight in a Jan sport backpack.

Aaron Crow (31:12.407): And now I carry, you know, anywhere up to 65 pounds and I have dedicated, I've got like five different rocks from go rock and all the things and all those patches behind me back there that I've gotten from events and, and all the things, right. thousand miles a year, many times on, on, on doing rocks on, these ones over here.

Aaron Crow (31:32.847): But it started with, decided I picked up a backpack, I threw a little bit of weight in and I started taking steps. And it was hard and I didn't go very fast and I didn't go very far. But that over time became, hey, I can grab a pack and run and I've done marathons and I've done crazy events and I've hiked to 10K with a friend of mine in Colorado, a 15-er, sorry, 14-er. Get the term right.

Aaron Crow (32:1.866): 14er in Colorado Right it starts with making a decision Finding the direction I want to go and taking baby steps in that path. It's the same in your personal life. It's the same in everything

Aaron Crow (32:16.835): So if you have questions, this is a great community, reach out to others that are there. All the Instagram and all the things are fine, but the one thing I love about LinkedIn is there's so many folks that are on there that are sharing and are willing to have the call, set up a conversation, say, this is what I've done in the past, this is what worked for me, this is how I would take actions if I had a dollar, if I had a million dollars.

Aaron Crow (32:45.455): Because there's steps you can take no matter what your budget level is. Even if it's zero, there's still things you can do.

Aaron Crow (32:53.391): All right, everyone, keep up the good fight. Come see us at ICS Village. We'll be at RSA. We'll be at Defcon in Vegas. We'll also be at Defcon in Singapore. So depending on where you are on this planet, there's definitely places to plug in and find people have conversations. If you're new to OT, you're trying to get into your ICS, your NIT, whatever those things are.

Aaron Crow (33:22.525): We need everyone to be fighting this fight.

Aaron Crow (33:26.553): Thanks a lot.

Transcript lightly edited for readability.

Want your brand in front of OT, IT, AI, and cloud security decision-makers?
PrOTect IT All listeners are the practitioners and leaders making security buying decisions across critical infrastructure.
See Sponsorship Packages →

Never Miss an Episode

Subscribe to PrOTect IT All and stay ahead of the threats targeting critical infrastructure.