My only advice to CEOs this year.. Hire tinkerers. Make it high status. Find ones that will explore the edges and (ideally) naturally gifted at teaching people. Empower them to freely roam across the org and fix large problems that can be automated. All your execs will

Why Flat OT Networks Still Exist — And Why They’re So Dangerous open.substack.com/pub/otsec/p/wh… #OTCybersecurity #ICSsecurity #OperationalTechnology #NetworkSegmentation #LateralMovement #CriticalInfrastructure #CyberPhysical #CyberResilience #InfoSec

Why OT Asset Visibility Is the Foundation of Every Security Control open.substack.com/pub/otsec/p/wh… #OTCybersecurity #ICSsecurity #OperationalTechnology #AssetVisibility #NetworkVisibility #ThreatDetection #CyberResilience #CriticalInfrastructure #InfoSec

Why OT Security Must Be Architecture-Driven, Not Tool-Driven open.substack.com/pub/otsec/p/wh… #OTCybersecurity #ICSsecurity #OperationalTechnology #NetworkSegmentation #CyberResilience #CriticalInfrastructure #ThreatDetection #CISO #OTEngineer #SecurityLeaders #Cybersecurity #InfoSec

Why IT–OT Convergence Is Expanding the OT Attack Surface open.substack.com/pub/otsec/p/wh… #OTCybersecurity #ICSsecurity #OperationalTechnology #ITOTConvergence #OTArchitecture #NetworkSegmentation #CriticalInfrastructure #CISO #OTEngineer #SecurityLeaders #Cybersecurity #InfoSec

Most OT breaches are governance failures, not technical ones. A vendor VPN account never disabled. No one owned the review. Attackers walked in. Full case study: open.substack.com/pub/otsec/p/wh… #OTCybersecurity #ICSsecurity #OTGovernance #InfoSec

OT audits don’t fail. Reality changes after the audit. A temporary gateway. A laptop. A small switch. None existed during the audit. All existed during the breach. Why OT needs continuous validation: open.substack.com/pub/otsec/p/wh… #OTCybersecurity #ICSsecurity #CyberResilience #InfoSec

In OT, if operations don’t buy in, security doesn’t exist. Operators create workarounds under pressure. Attackers use them later. Real case study: open.substack.com/pub/otsec/p/wh… #OTCybersecurity #ICSsecurity #OTGovernance #InfoSec

OT metrics often measure effort, not exposure. Patch % and alert counts don’t tell you how easily an attacker can move laterally. #OTCybersecurity #ICSsecurity #SecurityMetrics #InfoSec Real case study: open.substack.com/pub/otsec/p/wh…

IT-style Zero Trust can break OT operations. The right Zero Trust for OT is about architecture, not authentication. Real case study: open.substack.com/pub/otsec/p/wh… #OTCybersecurity #ICSsecurity #ZeroTrust #InfoSec

OT security must move from “prevent entry” to “limit movement”. Assume breach. Detect early. Contain fast. Case study: open.substack.com/pub/otsec/p/wh… #OTCybersecurity #ICSsecurity #InfoSec

OT budgets often fund detection, not reduction of risk. Tools see the attack. Architecture stops it. Case study: open.substack.com/pub/otsec/p/wh… #OTCybersecurity #ICSsecurity #CyberRisk #InfoSec

Perimeters don’t matter if blast radius is unlimited. OT security must design for limiting damage after entry. open.substack.com/pub/otsec/p/wh… #OTCybersecurity #ICSsecurity #CyberResilience #InfoSec

OT breaches often start from CCTV and BMS — not PLCs. Because they are connected, trusted, and unmonitored. open.substack.com/pub/otsec/p/wh… #OTCybersecurity #ICSsecurity #CCTVsecurity #InfoSec

Your OT perimeter includes your vendors. And every integrator expands your attack surface. Case study: open.substack.com/pub/otsec/p/wh… #OTCybersecurity #ICSsecurity #VendorRisk #InfoSec

OT security fails when it assumes perfect behavior. Operators optimize for uptime. Attackers exploit the shortcuts. Human-centered OT security matters. otsec.substack.com/p/why-ot-secur… #OTCybersecurity #ICSsecurity #HumanFactors #InfoSec

In modern OT, cyber risk = safety risk. A cyber compromise can shrink safety margins without shutting systems down. Why OT security must be treated as a safety discipline: open.substack.com/pub/otsec/p/wh… #OTCybersecurity #ICSsecurity #CyberPhysical #InfoSec

In OT, legacy isn’t temporary. It’s permanent risk. If you can’t patch or replace, you must redesign around it. open.substack.com/pub/otsec/p/wh… #OTCybersecurity #ICSsecurity #LegacySystems #InfoSec

Irony is NOT lost on people Sanket. When PM is subjected to criticism round the clock, why should a mere clerk, that too with a questionable record through career, be not questioned for her appeasement of a terror state whose vowed strategy has been "Bleed India through 1000

x.com/i/article/2051…