Cybersecurity isn’t just about technology - it’s about people.
In this episode of Protect It All, host Aaron Crow sits down with Sean Tufts for a conversation that goes far beyond tools and tactics. From the locker room to control rooms, Sean shares how his journey from professional football to OT cybersecurity shaped his approach to trust, teamwork, and leadership.
Together, they unpack one of the biggest challenges in OT environments: building trust between IT and OT teams. Because without trust, even the best tools fail.
You’ll learn:
Whether you’re leading cybersecurity, working in OT environments, or building cross-functional teams, this episode delivers practical insights on the human side of security—where real progress happens.
Tune in to learn why the strongest cybersecurity programs are built on people, not just platforms only on Protect It All.
Key Moments:
05:11 Importance of communication in tech
06:58 Learning from early career mistakes
11:40 Implementing network scanning in OT environments
15:50 Debating project priorities in cybersecurity
18:24 Improving system reliability and ROI
20:28 Convincing plants to self-fund projects
26:21 Creating layered RACI charts
26:57 Discussing people, process, and technology
31:15 Easy validations and big risks
34:35 Operators' productivity challenges
37:21 Network security in hospitals
42:25 Creating a safe network environment
43:10 Addressing network configuration issues
46:55 Different types of AI users
About the guest :
Sean Tufts is Field CTO at Claroty and a cybersecurity leader with deep expertise in industrial environments. With leadership roles at GE and Optiv, he has helped asset-intensive industries navigate the intersection of OT, IT, and cyber risk. Before cybersecurity, Sean was a standout linebacker and team captain at the University of Colorado and went on to play in the NFL with the Carolina Panthers bringing the same discipline, teamwork, and leadership mindset to securing critical infrastructure today.
How to connect Sean :
LinkedIn: https://www.linkedin.com/in/sean-tufts-36b4909/
Website: https://claroty.com/
Connect With Aaron Crow:
Learn more about PrOTect IT All:
To be a guest or suggest a guest/episode, please email us at [email protected]
Please leave us a review on Apple/Spotify Podcasts:
Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124
Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4
Aaron Crow: Thank you for joining me on another episode of the PrOTect IT All podcast. Today I've got my friend Sean here. It's funny I say friend. We're in such a small community, I know of Sean, we've met once. But it's such a small community and we fight for the same thing, so everybody in the OT environment really, the ones that are doing the right fight, I really call friends. That wasn't a negative thing towards you, Sean. It's really awesome to be in the room with some amazing people like you and others, whether on the podcast or in person. Sean, thank you for being here. Please introduce yourself, tell us who you are, your background, all that fun stuff.
Sean Tufts: First, thanks for hosting this. I saw when you launched it online and I was like, alright, going to go support. So, Sean Tufts, Field CTO at Claroty. My background is a weird one. Started my career as an NFL linebacker, which you can see from my accoutrements in the back. Definitely not the normal path to IT security. Somebody asked me the other day why I quit football, assuming it was my choice. I said, "There are 32 teams. They all said you're done. And I was like, that's fair."
So I didn't want to work in tech. I didn't want to work in oil and gas. I didn't want to work in sales. And then I did all three of those things in the first three years after football, which was awesome. I live in Colorado, little farm north of Boulder. Started my career in wind farm development as a land man, running out to Wyoming and Texas assembling land positions. That was the first time I heard the word SCADA. Turned that into a job at GE in the midstream section, turned that into a job in cyber. From that moment, things just started clicking. Felt natural, which was cool.
Aaron Crow: That's awesome, definitely a different path from one extreme to the other. It just goes to show, the knowledge and experiences we bring into this give us a different perspective. We approach problems differently, we're able to approach people differently. Even if it's just to open the door.
I worked for a power utility in Texas, and we bought a power company from NextEra. One of the main guys at the site did not like us. He managed cybersecurity and NERC CIP, and he just thought we were going to come in and break his stuff. Didn't like me personally. I'm sitting in his office, I've tried everything. I've brought donuts, food, coffee. And one day I look up and see on his wall a picture of him in a gi. I said, "You roll jiu-jitsu?" "Yeah," kind of with an attitude. I said, "I've been rolling for a couple of years. Looks like you're a blue belt. I'm a white belt."
As soon as I said that, he literally opened his kimono. We talked for an hour about jiu-jitsu. From that point on, he was like, "Maybe this guy isn't so bad." It's funny how those little interpersonal things were able to open a door that let me get him to listen and consider what I was pushing on the architecture side. It built trust that let him actually see me as a human instead of just an asshole.
Sean Tufts: Yeah, in locker rooms we used to call it women and Wu-Tang. We had to have something that would cause a spark. Could be a little wrestling, could be connecting over music. The fastest way to start a fight in a football locker room is to turn off Wu-Tang and turn on Willie Nelson. That'll get a mosh pit going.
I spend a lot of time evaluating, "Hey, who's on this project? Do we have the right personas?" You've got to have people that are going to do their role, people that are good at their role, and people that want to do their role. All three of those things are really important. You can't all be quarterbacks. You can't all be linemen. You have to have diversity of experience, diversity of what you bring to the table. Eleven Tom Bradys would get destroyed.
Aaron Crow: It doesn't matter how smart you are. If you can't work with people, it doesn't matter. Coming from a technical background, I always wanted to be the smartest on Microsoft or Active Directory or Cisco, whatever. But it doesn't matter how smart I am if I can't convince the owner, the manager, the supervisor to let me do the thing, upgrade it, fund it. That's a constant battle in OT. So many times we push it the wrong way. We push fear: "China's attacking us, you're going to get taken over." Sometimes that works, but most of the time the guy looks at you like, "I've been running this plant for 40 years and I've never had that happen. Try again."
Sean Tufts: "I'm going to outlast you. I'm going to be in my seat while you're going to be knocking on my door."
You said you wanted to be the smartest person in the room. I always took a different approach. I always wanted to be the dumb person. As long as I'm seeking out people that are smarter than me and sitting next to them and shutting up and listening, things have always gone my way. We had a phenomenal team at GE on the cyber side. I was part of the Wurldtech thing. My mentors then are my mentors now. It's so much fun to watch these careers. GE screwed up, and now you watch these careers explode out, all the people at Fortinet and Claroty and everywhere doing awesome stuff.
Aaron Crow: Yeah, my younger career, I wanted to be the smartest. Then I realized that only gets you so far. Softer skills and being mentored by people smarter than me, and not just from a technical perspective, mentored from people who understand business acumen. It took me a while to realize that. Ego, naïveté, all the things that come with being 18. I've got a 17-year-old now, and I know exactly from the flip side what that looks like.
So how are you guys approaching that? OT products are big. It's not going away. I've been an asset owner since 2010, before there were any OT products. Now there are OT products all over the place. Yet I still walk in as a consultant to places that have no OT monitoring, no asset inventory, no classification. Limited budget. They may have a firewall. They may have segmentation, where they classify segmentation as a VLAN with one firewall rule using one interface. I've seen it all. Where are you seeing the value?
Sean Tufts: The thing I'm excited about: three years ago it was a one or two site pilot. "Hey, why don't we try this? We don't have a big budget." We're starting to see those flip into 200-site rollouts. A couple of things have happened. The industry, software providers, us, Claroty, our competitors, we've all matured. The stuff we're doing today in the cloud, if you'd told me three years ago we were doing 200 sites from a cloud-delivered SaaS app, I'd have said no way. We're doing it on scale. Oil's turned. Power's not yet, oil's starting to creep up. So that's the piece: a lot of those trial projects are flipping, and we're starting to get more traction.
The other thing: we're starting to figure out how to walk across the aisle and talk to OT people better. Before, I've done this, hundreds have done this, you walk over and say, "Hey, we're going to change things." No, you're not. But walking over and saying, "Hey, we bought this cool cyber tool. Here's what we're responsible for. Here's what we're going to claim. Here's what you're responsible for, and it's very little." Getting them comfortable, watching that light bulb turn on: "I don't have to do a spreadsheet anymore. This is great." But it comes with brokerage of trust. You're committing your ass on the line just as much as they're committing theirs. If you get that partnership, you're good.
Aaron Crow: You do business at the speed of trust. The faster you build trust, the faster you can push the line and do more. It doesn't come by default. It's earned, especially in OT, because some guy five projects ago promised the world and didn't deliver, it caused havoc, his bonus got impacted. They remember. They've seen people like you and me come and go 100 times. How are we different? We have to come in, and they're assuming we're full of it before we even say a word.
Sean Tufts: You know what's going really well that I thought wouldn't? Active scanning. We do everything in the world to not call it active scanning, but if you do it right, it goes. If you can get it on a protocol basis and only integrate that machine on the protocol it wants, it goes fine.
Aaron Crow: The irony is, I've screamed about this for years. I won't call out names, but there are people I literally had to block on LinkedIn because they just trolled me. In 2010, again, there were no OT products. Dragos didn't exist, you didn't exist, Nozomi didn't exist. So I bought IT products, ForeScout CounterACT, a NAC, and rolled it out into OT spaces at power plants. Nuclear, coal. I was scanning those networks. I was intelligent about it. I knew what to exclude, which networks to monitor. It's always driven me nuts when people say you can't do active in OT. You absolutely can. Not the way you do in IT. You can't just scan the world. But you can.
The frustrating part: companies want the data active can give them, but they only want to do passive. You roll out passive, then they're pissed they don't have firmware and serial numbers. Okay, but it didn't say that in the packet. How do you expect me to get that across a packet when it didn't tell it? That's not the product's fault. Claroty, Nozomi, Dragos, it doesn't matter. That's a limitation of the packet you're monitoring. They don't grasp it.
Sean Tufts: We have a problem. Not a big problem, but a problem. If we release our asset data too soon to the operational side, we'll lose that person. We do a lot of right-passive. You have to have enough time, vet the data. If we turn it over to asset owners too quick, they can step in and be like, "This is clearly garbage. You called the Rockwell 1-2-3 a Rockwell 4-5-6. You're idiots." We just need another week, then we'll come back. If you lose that person, that first commercial, one typo, you're out. We're starting to overcome that. Active is helping, because we can say, "Wherever the deployment is, let's get more data."
Aaron Crow: You have to. I've fought that battle with you, with all the vendors. We don't call it active, we call it interrogation. We're actually saying, "Hey, who are you? What do you do?" We're speaking the protocol the PLC is expecting. I'm not hitting it with nmap. I'm talking to it on Modbus or Profinet or whatever. It doesn't care, as long as you're not denial-of-servicing it at a thousand packets a second. It just tells you who the hell it is and what you want to know.
Sean Tufts: You can see it in an engineer's eyes when you show them, "You can click the things you want and unclick the things you don't." They're like, "You get it."
Aaron Crow: Segmentation is a big one I still see an issue with. Some people look at segmentation as a VLAN. Others don't segment at all, or their segmentation is a firewall on the edge between OT and IT, but everything inside is wide open flat. How is that being perceived by OT folks? In their minds, they're probably saying, "This is going to make it more complicated, harder to troubleshoot."
Sean Tufts: You can't have a segmentation conversation without talking about money. Those are big, expensive projects. I remember getting in a fight at Claroty with Marco Cervantes over what goes first, segmentation or an asset inventory tool. Both teams wanted to do their own. We're finding we're doing both at scale. Now that we have enough data in Claroty, Dragos, Cisco platforms, we can properly identify who's talking to what, and the segmentation project gets a lot faster. "We saw two years of traffic and A always talked to B and never to C. There's your segmentation break."
We had a client recently who set up two versions of xDome and was re-IPing an entire factory. Ripping it down, burning it, building it back up. They built two xDomes, the old one. When they burned it down, they'd move a device, move it over, repopulate, and ask us, "Do you see it?" We started building out network detection on the new environment, A/B testing the old. We could say, "Hey, wrong VLAN, this port's open, why isn't this thing named? Why are there stale credentials? Somebody left the admin-admin one." We were the verify in that segmentation project. Building out profiles and lift-and-shifting them to a NAC, that's been really valuable. We can push the whole policy over in alert-only mode first: "If you see a violation, tell us." If that goes well three months, put it into production.
The whole process there isn't magic software. It's earning trust with operators, speaking their language for two years.
Aaron Crow: You haven't broken their stuff. You understand their business. You're helping them. That's the other piece. You're not just asking give, give, give. I'm giving as well. I'm helping you troubleshoot. As cyber operators we look at this data and think, "How do I protect?" But there's also operational data. Lack of redundancy. A link that was broken. A failed power supply. That helps with troubleshooting, uptime, reliability. Helps with ROI and justification behind projects. As we said in the beginning, we don't always have to say "because China is coming." Those things are true, but that's not the only value. You just used your product to help them with a segmentation and validation cutover. That had nothing to do with cybersecurity.
Sean Tufts: Cybersecurity practitioners, we pin a badge to our chest like, "Yeah, we're cyber." We're IT with good fundamentals. Look, the deep packet inspection stuff, that's cool for real. But good hygiene. It should be the most boring part of IT. The word we've been putting up a flag and running around with is resiliency. These sites are not resilient, because their network background is just trash and we've let it be trash. Now, unfortunately, rather than normal processes of build, we have to come into the big scary cyber thing to improve those things. It's backward, but we're here. Let's keep going.
Aaron Crow: I was having to convince them to let me do what I wanted to do, *and* they were paying for it, taking $200-300K out of the outage, which meant they weren't replacing boiler tubes or doing maintenance. They weren't happy. But after that first year we got funding and were able to provide them value. It became an easier conversation.
Sean Tufts: We had a conversation with a client this morning. Six months ago, he went over and said, "You've got a Windows XP thing, we have to go patch it." They kicked him out. He went back and said, "You've got a Windows XP machine. It's running this version of software. It's got these threat campaigns running against the device. We see those in the wild, not here. It's got these ports open, this MAC address running this process." Then he got allowed in. I asked, "Did you know what you did?" "Yeah, you communicated to them on their level. You came in and adequately communicated what's the problem, not just firing random data points with no anchor. Of course they have a Windows XP machine."
Aaron Crow: The technology is the easy part. The people and process side is everything. It doesn't matter if your product is the best. If the people on site don't use it or they cut it out after you leave, it doesn't matter. Nobody wants something done to them. They want to be part of the process.
Sean Tufts: The analogy I use: sports. Security teams get to pick what sport we play. Patch management, vulnerabilities, threat detection. Sites get to pick where and when we play. They pick the time of year. You're not going to do that on a chocolate supplier going into Halloween. Don't ask. If you show them that modicum of respect, you get fair shake. My old company did risk assessments. We had 1,800 controls. You can't take on more than one or two OT projects a year. I don't care how mature your company is. Those are big, hard projects. 1,800 changes is not going to happen. Stick on the things you can do. Be pragmatic on the political capital you use to lower risk.
Aaron Crow: What are you excited about on the technology side?
Sean Tufts: The operationalization of this stuff. I scared the hell out of a kid in Texas last year. Recent grad from University of North Texas. Had an automation engineering degree and a cybersecurity minor. I said, "You're the first of our kind. You didn't just accidentally make us. You didn't get a networking job and end up in OT." He didn't quite know what to do with me.
What I'm seeing now is more organizations really putting wood behind the arrow on governance. We have a big policy library we'll hand out. I know your company will customize it and make policies real. That is such a big first part. I'm almost ashamed that I get excited about policy books. When I ask, "What do you have? Let me see what's in your library," I want to see what you're doing. Our engineers are deterministic. They want to know there's a rule. In the absence of a rule, they're going to do whatever they want, because why not? Once we color in the lines, then we get to other exciting stuff.
RACIs. RACIs are my favorite. I love RACIs. My little Slack bio says, "R is for RACI." That's how I define myself inside of Claroty. Back to the point about committing what part of your ass is going to be on the line. The top 11, 12 clients I have, they have really well-established rules of the road written down in RACIs, and they commit to them. They post them on the walls. It's not a shocker when they have more people come into the program. We're doing a Champions Toolkit, which I'm excited about. We've actually pre-built RACIs. Top-level governance, then broken down by subcategory: threat management, exposure management, network strategies. Clients can rip them down and say, "We didn't think about this persona, or why would that person only be a consult?"
Aaron Crow: It's people, process, technology. The tech matters, but only if implemented well. You can go to one company with 50 sites, and every site is a little different. Almost autonomous business units. You go to two power plants for the same company, 10 miles apart, completely different. Built at the same time, different control systems, different processes, different purchasing. I'd argue, close your ear vendor people including Sean, the people and process are more important than the tech you choose. I'd rather you have shitty tech well-implemented than the best tech poorly implemented. Claroty is the Ferrari, but if you take the wheels off and pour diesel in it, it doesn't work.
Sean Tufts: The power-plant example is really ringing true for me now. We saw it with distribution centers during COVID. Everyone was building a new Amazon, Target, Walmart. We thought it would be cookie cutter, but there wasn't enough automation equipment in the world to do what Amazon wanted. Every one ended up being a science experiment. Two fulfillment centers built in the same month by the same people were totally different.
We're seeing it with data centers too. The drive for AI, time to power, all the AI-native data centers running GPUs. Can't build them fast enough. They're going out stripping everything out of Schneider Electric saying, "We'll take whatever you have. Does it produce power or coolant? We're good." A lot are starting to be Franken-builds. The data center ones are interesting because they're building so fast. Trust but verify: they're going to put something in and you really need to check it. The verify piece is really important. Same old thing, credentials, back doors left open. That's the fundamental. We talked about hygiene. If you build fast, you lose hygiene. I tell my kids that.
Aaron Crow: How do you keep up with the speed and verify with all these changes, types of equipment, and hands in the cookie jar?
Sean Tufts: That part's actually kind of the easiest. The data at scale, even if you're building fast and crazy, the back doors and fundamentals are pretty easy to check, especially around third-party risk, north-south egress points. The big-rock use cases that are going to bite you in the butt, you can get those out pretty quick and at scale.
The one I always think about is my least favorite alert: "new device detected." In food production, a chicken poultry plant's going to have a new device every day from Rockwell. Every day. Data center? Probably not. Using that alert right and fine-tuning what you care about, that's where I want to see six-month maturity. Let's get the things you want populating in your SIEM and not pull the rest over if you're not going to look at it. Or worse, it's going to bore a tier-one SOC engineer. Don't bring that over.
Aaron Crow: Lessons from the trenches. We'd be in a power plant replacing a keyboard because one key is broken, always the mute key, because the alarms are going off all night. The operator just reaches over and hits mute, hits mute, hits mute. They hit it so hard out of frustration, it breaks. Because they're tired of it alarming at 3 AM and nobody's fixed the thing or turned the valve. It's ironic, but it's true. If the alarms go off too much, you get alarm fatigue. It means nothing. There's no way a human or a system can process that and make a decision.
Sean Tufts: The HMI screen is literally fuzzed out and worn out from where they touch it. That's really funny. I'm going to look at that next: how worn out is that button? Good proxy for alarm fatigue.
Aaron Crow: And then you get the other side. Operator rounds, human performance side. We want people walking around checking the process. A good operator can tell by look, feel, touch, smell, they know what good looks like. They'll find something before the sensor tells you.
But when you don't do it right, over-engineers or management start building a bunch of checks. Busy work. They don't want operators sitting around playing dominoes. So they give them additional tasks. I walked in and found operators playing dominoes at lunch. I'm checking the operator-round system, the Motorola handhelds with RFID tags throughout the plant. The rounds weren't accurate and we didn't know why. I sat and watched an operator as he's playing dominoes, eating his lunch, lean back, scan an RFID tag, do something on his Motorola, set it down. A couple minutes later, same thing. He had copied all the RFID tags for his entire round. He did the entire round without leaving the lunchroom. When I talked to him, "Why are you doing this?" "I've been doing this round for three years. Nobody's ever looked. No matter what data we put in, nobody cares. We've had things break, nobody's ever done anything about it." It was the leadership's fault. I had to go explain to them why it was happening.
Sean Tufts: I really hate the "will they just expect me to do this?" That hurts my soul. At least they're quite indomitable though.
You want to know exactly how many gaming systems I can see right now? Let's play hot or cold. Roughly in Claroty, we see about 50 million assets. How many gaming systems?
Aaron Crow: 500,000?
Sean Tufts: Way lower. Much closer at 10,000. Industrial is about 1% of that. We still see switches and Xboxes and industrial stuff, but on the hospital side we see a ton. Not surprising because of children's hospitals. Then another look: how many are on the appropriate guest network or segmented off? Most sit on the main flat network. Hospitals are notorious for that.
What's the most common gaming system industrial side?
Aaron Crow: PlayStation?
Sean Tufts: Nope. Industrial is Xbox. No, sorry, Nintendo. It's a lot of Switches in industrial. Two thirds are Switches. Sony and Microsoft are tied.
Aaron Crow: How much of that is streaming? I just listened to *Darknet Diaries* about the streaming box everybody has.
Sean Tufts: I haven't looked yet at the bad-box thing, I'm going to. The platform that has been interesting to watch rise is the Steam platform. Watching that grow in market share inside critical infrastructure has been pretty fun.
Aaron Crow: They can install that on a Windows machine. They don't even need a box.
Sean Tufts: Smartwatches.
Aaron Crow: They're connecting smartwatches to the network? Apple Watches, right? Thousands.
Sean Tufts: North of 30,000. A very large component have not had a security update since 2023. Roughly 40% are Apple Watch 3 and older, so they don't have any more patches left.
Aaron Crow: 40%. No patches. Still connected to the corporate network or the OT network. Terrifying. I went to the Pentagon and had to put my Garmin in a box.
Sean Tufts: Garmin was surprisingly fewer. I wear Garmin. I think most of those go through your phone, which phones are another disaster. Let's do one more. Pick the car most often installed. Tesla, Hyundai, or Ford.
Aaron Crow: Tesla or Ford F-150, the most common. I'll go Ford. Industrial, F-150 country.
Sean Tufts: Those two are most popular on industrial WiFi networks. None on the guest network. They're neck and neck. Some of that is population bias: manufacturing sites are usually in F-150 country. We didn't see a lot of Chevy and Dodge, which I thought would be higher. I think they've got an OnStar thing on a different network.
Aaron Crow: I didn't even think about putting my truck on the wireless at work. I'd do it at home. Wow. I've seen phones plugged into SCADA systems via USB. Links access points plugged in. Amazon and Apple TVs on some back network. I've seen them plug a wireless card directly into a PLC or SCADA because they needed remote access, bypassing everything.
Sean Tufts: Phones are tough. A lot of spots have been digitally transformed. We see legitimate iPad and iPhone usage, people doing scans and checks, the old Zebra gun replaced by a phone. That one's a canary in the coal mine. If we can't solve patching on turbine controls, if we can't solve the bad cameras and stupid things in the network, the iPhone problem is going to be an individual company conversation. Turbine controls, no. Refinery, no. Retail spots, different.
Aaron Crow: In a healthy environment, you'd have a BYOD network. Segmented. I would never allow anything else to connect wirelessly or wired to my OT network or critical-infrastructure control network. That's where cyber sometimes comes too hard. "You're not allowed to connect your phone." They just find a way around it. Give them a safe place. That way you can monitor it.
Sean Tufts: Most of the problems with devices on the wrong network, most of that is because we made the corporate network or the IoT network too hard to find. They forget the password. There's a portal of some kind. But they know hard-coded how to get onto the OT corporate network. It's an IT configuration problem. We've made it hard to do it the right way. Clearpass and all those things are much better than they were three or four years ago, so there's hope.
Aaron Crow: What's one thing you're excited about coming up, and one thing that's concerning?
Sean Tufts: Excited: I used to talk about everything in five years. Five years out is starting to come through. The value of using the data under these systems is starting to come to fruition. Big data projects are starting to flow. People are being more efficient. That's really progressive. It also leads into the other scary part.
Did you see Anthropic's news yesterday, Project Mythos? Now we can find vulnerabilities using AI engines. We have about a 15-to-1 device-to-vulnerability ratio, meaning every device we see, depending on vertical, has about 15 CVEs tied to it. That's coming from old-school researchers hammering out stuff with some automated scripting. Now we're going to turn Anthropic on the world and go find a bunch more vulnerabilities. I don't think we're ready for a 200-to-1. That'll wreck us.
Aaron Crow: AI makes things easier. You can stand up a website and push it to GitHub and publish it in an hour with no coding skills. People are vibe coding. I've seen OT products out there, "We've got this OT scanning vulnerability thing and it's free." Okay, I'm not putting that in my OT space. I don't care how free, how good. I want my products vetted. What are the dependencies? The libraries? Log4j. Have we not learned?
Sean Tufts: But there's value if you can optimize them and find the one little needle in the haystack you couldn't do on your own, going down to register and coil level. They're going to do it.
Aaron Crow: We can't just say no to AI. Engineers and people are going to use these tools because they help. How do we do those things without flat no? It's like the preacher's daughter who's the craziest: you told her no the whole time and she found a way around. Give them a sandbox. You can do this here. That's okay. You can monitor it. But you don't want them doing that on the control system in production live, connecting to the cloud with no barricades.
Sean Tufts: There are two kinds of people who use AI. People who have a great creative prompt and use AI to make it better. That's what we need in critical infrastructure. We don't need the second type: "I'm just going to recreate my job with this and not put any effort in, let it do what it wants." The people who give creative prompts, really guarded by knowledge, are going to take advantage and do well. But that's going to be one out of three.
Aaron Crow: Agreed. Call to action. What do you want people to know? How can they find you, Claroty, all the things?
Sean Tufts: I'm really active on LinkedIn. It's depressingly on my screen all the time. We have the OT Champions Toolkit coming out. Free resources for people, free resources for consulting types to go make perfect for clients. And we just talked about the retirement of people. I published a white paper called *The Most Dangerous Person in the Plant*, about the silver tsunami and how the people who built these sites are retiring.
Aaron Crow: We'll put those in the show notes. Definitely check out Sean, check out Claroty. A lot of times in OT it's not always the sexy thing. It's sometimes the basics of just doing the right things right, implementing them well. That makes the biggest difference. I appreciate your time. Thanks for chatting and for keeping up the good fight.
Transcript lightly edited for readability.
Subscribe to PrOTect IT All and stay ahead of the threats targeting critical infrastructure.