See All Nexus 2025 Sessions

Topics:

Compensating controls are often the only cybersecurity options available to offset risk in operational technology environments still supporting legacy technology or end-of-life industrial control systems or field devices.

Operational Technology

Cyber Resilience

Vulnerability Management

Risk Management

Nexus Reflections and Predictions: Don C. Weber

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

CISA Warns: AI Integration Exposes OT to ‘Unsolved’ Semantic Threats

George V. Hulme

Industrial cybersecurity expert Danielle Jablanski reflects on market shifts around operational technology (OT) and industrial control systems (ICS) cybersecurity and predicts a newfound emphasis and approach to security metrics in 2026.

Operational Technology

Operational Resilience

Cyber Resilience

Risk Management

Nexus Reflections and Predictions: Danielle Jablanski

Danielle Jablanski

See all in Cyber Resilience See all in Articles

A New Jersey appeals court agreed with an earlier court’s decision that cybersecurity insurance providers could not deny ransomware coverage under a so-called “war exclusion” for a cybersecurity incident Merck & Co. claimed caused $1.4 billion in losses.

Cybersecurity Insurance

Merck Ransomware Insurance Ruling Helps Clear Fog of Cyberwar

George V. Hulme

Avoid these seven pitfalls when seeking cybersecurity liability insurance; ensure you understand policy terms and conditions, conduct due diligence, and involve the proper stakeholders, among other things.

Cybersecurity Insurance

Cybersecurity Liability Insurance Pitfalls to Avoid

George V. Hulme

Navigating cybersecurity insurance in a recession requires diligence about systemic cybersecurity risks that can cause premiums to rise or insurers to consider an organization uninsurable.

Cybersecurity Insurance

Risk Management

Navigating Cyber Insurance in a Recession

George V. Hulme

See all in Cybersecurity Insurance See all in Articles

The forthcoming National Cyber Strategy must aims to scale cyber disruptions of malicious threat actor activity, reduce friction points, and incentivize public-private collaboration that are essential to securing critical infrastructure and protecting American innovation.

Cyber Resilience

Risk Management

Scaling Disruption: What the Next Cyber Strategy Must Get Right

A diversified operational technology (OT) cybersecurity monitoring platform plays a key role in strengthening the protection of cyber-physical systems by providing clear visibility, real-time threat detection, and proactive risk mitigation. By integrating multiple monitoring tools and technologies, organizations can build a layered security approach that minimizes vulnerabilities, improves response times, and keeps critical systems resilient against cyber threats.

Operational Resilience

Operational Technology

Diversified Monitoring Essential to a Strong OT Cybersecurity Foundation

John Ballentine

Cyber Resilience

Risk Management

Blunting the Risks of Private-Sector Ownership of CI

ADM. Michael S. Rogers, USN (Ret.)

See all in Federal See all in Articles

Cyberattacks against the food and beverage industry are opportunistic and leverage the growth in digitization to exploit previously unmanaged vulnerabilities to disrupt operations.

Food & Beverage

On the Menu: Cybersecurity Risks in the Food and Beverage Industry

George V. Hulme

See all in Food & Beverage See all in Articles

Congress' failure to reauthorize the Cybersecurity Information Sharing Act of 2015 (CISA 2015) signals a fundamental shift in threat intelligence sharing and overall risk management strategies.

Vulnerability Management

Risk Management

Cyber Resilience

Internet of Things

CISO Survival Guide: 4 Steps to Prepare for CISA 2015 Expiration

George V. Hulme

China-nexus threat actors are targeting edge devices that do not support EDR. Adm. Michael Rogers writes that cyber-physical systems could be next since many of the connected OT, IoT, and IoMT devices and sensors also lack EDR protection.

Operational Resilience

Internet of Things

Cyber Resilience

Risk Management

Adversaries' Adaptability is Bad News for Cyber-Physical Systems

ADM. Michael S. Rogers, USN (Ret.)

Providence CISO Mike Ratliff shares the results and initial impact of an AI up-skilling program implemented at the Washington-based hospital system for its cybersecurity team. The benefits are already being see in terms of operational efficiency and cross-functional collaboration.

Operational Resilience

Internet of Things

Risk Management

Providence Cybersecurity AI Up-Skilling Program: Building Smarter Defenses for a Digital Future

See all in Healthcare See all in Articles

Congress' failure to reauthorize the Cybersecurity Information Sharing Act of 2015 (CISA 2015) signals a fundamental shift in threat intelligence sharing and overall risk management strategies.

Vulnerability Management

Risk Management

Cyber Resilience

Internet of Things

CISO Survival Guide: 4 Steps to Prepare for CISA 2015 Expiration

George V. Hulme

China-nexus threat actors are targeting edge devices that do not support EDR. Adm. Michael Rogers writes that cyber-physical systems could be next since many of the connected OT, IoT, and IoMT devices and sensors also lack EDR protection.

Operational Resilience

Internet of Things

Cyber Resilience

Risk Management

Adversaries' Adaptability is Bad News for Cyber-Physical Systems

ADM. Michael S. Rogers, USN (Ret.)

Amazon's intent to replace humans with robots represents a wave of cyber-physical systems (CPS) security that will need to be implemented not only in the logistics and warehousing industries but also for work-in-process (WIP) inventory in manufacturing and other critical industries.

Cyber Resilience

Internet of Things

Operational Resilience

Operational Technology

Vulnerability Management

Risk Management

Automation Inroads Bring Urgency to CPS Protection

See all in Industrial See all in Articles

Congress' failure to reauthorize the Cybersecurity Information Sharing Act of 2015 (CISA 2015) signals a fundamental shift in threat intelligence sharing and overall risk management strategies.

Vulnerability Management

Risk Management

Cyber Resilience

Internet of Things

CISO Survival Guide: 4 Steps to Prepare for CISA 2015 Expiration

George V. Hulme

China-nexus threat actors are targeting edge devices that do not support EDR. Adm. Michael Rogers writes that cyber-physical systems could be next since many of the connected OT, IoT, and IoMT devices and sensors also lack EDR protection.

Operational Resilience

Internet of Things

Cyber Resilience

Risk Management

Adversaries' Adaptability is Bad News for Cyber-Physical Systems

ADM. Michael S. Rogers, USN (Ret.)

Amazon's intent to replace humans with robots represents a wave of cyber-physical systems (CPS) security that will need to be implemented not only in the logistics and warehousing industries but also for work-in-process (WIP) inventory in manufacturing and other critical industries.

Cyber Resilience

Internet of Things

Operational Resilience

Operational Technology

Vulnerability Management

Risk Management

Automation Inroads Bring Urgency to CPS Protection

See all in Internet of Things See all in Articles

More than 250 influential cybersecurity leaders from industrial companies, healthcare delivery organizations, and the highest levels of government convened for Claroty’s fourth annual thought leadership conference to share best practices on cyber-physical systems cybersecurity, protection, and resilience strategies.

Cyber Resilience

Operational Resilience

Risk Management

Nexus Conference

CPS Security Leaders Establish Priorities for Resilience at Nexus 2025

See all in Nexus Conference See all in Articles

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

CISA Warns: AI Integration Exposes OT to ‘Unsolved’ Semantic Threats

George V. Hulme

Industrial cybersecurity expert Danielle Jablanski reflects on market shifts around operational technology (OT) and industrial control systems (ICS) cybersecurity and predicts a newfound emphasis and approach to security metrics in 2026.

Operational Technology

Operational Resilience

Cyber Resilience

Risk Management

Nexus Reflections and Predictions: Danielle Jablanski

Danielle Jablanski

China-nexus threat actors are targeting edge devices that do not support EDR. Adm. Michael Rogers writes that cyber-physical systems could be next since many of the connected OT, IoT, and IoMT devices and sensors also lack EDR protection.

Operational Resilience

Internet of Things

Cyber Resilience

Risk Management

Adversaries' Adaptability is Bad News for Cyber-Physical Systems

ADM. Michael S. Rogers, USN (Ret.)

See all in Operational Resilience See all in Articles

Compensating controls are often the only cybersecurity options available to offset risk in operational technology environments still supporting legacy technology or end-of-life industrial control systems or field devices.

Operational Technology

Cyber Resilience

Vulnerability Management

Risk Management

Nexus Reflections and Predictions: Don C. Weber

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

CISA Warns: AI Integration Exposes OT to ‘Unsolved’ Semantic Threats

George V. Hulme

Industrial cybersecurity expert Danielle Jablanski reflects on market shifts around operational technology (OT) and industrial control systems (ICS) cybersecurity and predicts a newfound emphasis and approach to security metrics in 2026.

Operational Technology

Operational Resilience

Cyber Resilience

Risk Management

Nexus Reflections and Predictions: Danielle Jablanski

Danielle Jablanski

See all in Operational Technology See all in Articles

The HHS Office for Civil Rights proposes substantial rule changes to the long-standing Health Insurance Portability and Accountability Act (HIPAA) Security Rule. While details on the proposed rule changes remain unclear, HHS plans to issue a Notice of Proposed Rulemaking (NPRM) by the end of the year. These changes are believed to be the most substantial changes since the HIPAA Security rule went into effect in 2003

Significant Changes to HIPAA Security Rule on the Way

George V. Hulme

Mike Ratliff, AVP Security Engineering and Operations at Providence, writes about five steps healthcare delivery organizations should take to mitigate the risk of ransomware and extortion-based attacks.

Cyber Resilience

5 Things Hospitals Can Do to Mitigate Threats of Ransomware

Resilience, Recovery Strategies to Combat Ransomware and Extortion

ADM. Michael S. Rogers, USN (Ret.)

See all in Ransomware See all in Articles

Compensating controls are often the only cybersecurity options available to offset risk in operational technology environments still supporting legacy technology or end-of-life industrial control systems or field devices.

Operational Technology

Cyber Resilience

Vulnerability Management

Risk Management

Nexus Reflections and Predictions: Don C. Weber

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

CISA Warns: AI Integration Exposes OT to ‘Unsolved’ Semantic Threats

George V. Hulme

Industrial cybersecurity expert Danielle Jablanski reflects on market shifts around operational technology (OT) and industrial control systems (ICS) cybersecurity and predicts a newfound emphasis and approach to security metrics in 2026.

Operational Technology

Operational Resilience

Cyber Resilience

Risk Management

Nexus Reflections and Predictions: Danielle Jablanski

Danielle Jablanski

See all in Risk Management See all in Articles

Current OT cybersecurity budgeting approaches reflect a misalignment of prioritizing surface-level defenses over architectural shortcomings. Instead, CISOs should demand vendors deliver products that are secure by design, and address systemic failures over a reactive approach to the security of cyber-physical systems.

Operational Technology

Risk Management

The Economics of OT Cybersecurity: Are We Investing in the Wrong Priorities?

Enterprises often are blind to the use of open source software in commercial and homegrown software development. Vulnerabilities and other weaknesses in OSS deployments are significant exposures that must be managed and mitigated.

Vulnerability Management

Risk Management

Visibility, Governance Key to Managing Open Source Risk

George V. Hulme

Technical debt in OT leads to increased operations costs as teams fight to maintain outdated systems, and security teams struggle to keep those same systems secure, often through compensating controls.

Operational Technology

Getting Strategic Against Technical Debt in OT

George V. Hulme

See all in Technical Debt See all in Articles

Compensating controls are often the only cybersecurity options available to offset risk in operational technology environments still supporting legacy technology or end-of-life industrial control systems or field devices.

Operational Technology

Cyber Resilience

Vulnerability Management

Risk Management

Nexus Reflections and Predictions: Don C. Weber

Operational Technology

Cyber Resilience

Vulnerability Management

Nexus Reflections and Predictions: Pedro Umbelino

Congress' failure to reauthorize the Cybersecurity Information Sharing Act of 2015 (CISA 2015) signals a fundamental shift in threat intelligence sharing and overall risk management strategies.

Vulnerability Management

Risk Management

Cyber Resilience

Internet of Things

CISO Survival Guide: 4 Steps to Prepare for CISA 2015 Expiration

George V. Hulme

See all in Vulnerability Management See all in Articles

The convergence of IT and OT systems, primarily driven by the deployment of IIoT (industrial Internet of Things), cloud computing, and the need for remote monitoring, has fundamentally altered the OT architecture that the Purdue Model was initially designed to help manage.

Risk Management

Operational Resilience

Operational Technology

Is It Time to Rethink the Purdue Model?

George V. Hulme

Operational Resilience

Operational Technology

Poor Visibility Still a Drag on Secure Third-Party Remote Access

George V. Hulme

The European Union Agency for Cybersecurity (ENISA)'s NIS360 report identifies gaps in the current state of NIS2 compliance readiness and provides recommendations to lawmakers and affected industry verticals on what they need to do to become NIS2 compliant.

Cyber Resilience

Operational Resilience

Operational Technology

ENISA Attempts to Move NIS2 Forward with NIS360 Findings

George V. Hulme

See all in Zero Trust See all in Articles

Jason Elrod, VP and CISO at Multicare Health System, discusses how artificial intelligence and machine learning can help security leaders have high confidence assertions around identity and privileges, and making authentication as frictionless as possible. The journey at his not-for-profit healthcare organization includes offloading certain manual processes to AI-led automation such as provisioning reviews and managing a trouble ticket queue.

Nexus Conference

Risk Management

Jason Elrod on Bringing AI to Identity Management

Jason Elrod, VP and CISO at Multicare Health System, discusses how artificial intelligence and machine learning can help security leaders have high confidence…

Jon Holzbauer, OT Systems Manager at Silgan Containers, explains his experience facilitating the journey to OT security for IT security professionals. Coming from an IT perspective with an OT background, he has navigated the differing incentives, terminology and communication challenges, and overall connectivity and convergence of different technologies that are core to the business. Bridging the gap relies on finding overlaps between IT and OT, encouraging learning from each others’ day-to-day responsibilities, and encouraging effective communication.

Operational Technology

Operational Resilience

Cyber Resilience

Nexus Conference

Jon Holzbauer on Converging IT and OT Security Teams

Jon Holzbauer, OT Systems Manager at Silgan Containers, explains his experience facilitating the journey to OT security for IT security professionals. Coming…

Risk Management

Cyber Resilience

Nexus Conference

Chris Inglis on the Effectiveness of US Cyber Deterrence Policy

Former U.S. National Cyber Director Chris Inglis explains how state-sponsored threat actor groups are ramping up aggression against U.S. critical…

See all in Videos

Jay Catherine, a security architect for a major retailer, joins the Nexus Podcast to discuss best practices for logistics cybersecurity within the retail space. This includes securing not only distribution, but also the operational technology involved in these manufacturing processes.

Internet of Things

Cyber Resilience

Operational Resilience

Operational Technology

Nexus Podcast: Jay Catherine on Securing Logistics, OT in Retail

On this episode of the Nexus Podcast, Greg Garcia, Executive Director of The Health Sector Coordinating Council Cybersecurity Working Group, discusses the Sector Mapping and Risk Toolkit (SMART). SMART contains a set of 17 templates that enable healthcare organizations to map and visualize workflows, identify areas of risk, and where mitigations are most desperately needed.

Risk Management

Operational Resilience

Cyber Resilience

Nexus Podcast: Greg Garcia on the Sector Mapping and Risk Toolkit for Healthcare

Vulnerability Management

Risk Management

Internet of Things

Cyber Resilience

Nexus Podcast: Christopher Frenz on Evidence-Based Security

See all in Podcasts

Archive

All entries

Jay Catherine, a security architect for a major retailer, joins the Nexus Podcast to discuss best practices for logistics cybersecurity within the retail space. This includes securing not only distribution, but also the operational technology involved in these manufacturing processes.

Internet of Things

Cyber Resilience

Operational Resilience

Operational Technology

Nexus Podcast: Jay Catherine on Securing Logistics, OT in Retail

Congress' failure to reauthorize the Cybersecurity Information Sharing Act of 2015 (CISA 2015) signals a fundamental shift in threat intelligence sharing and overall risk management strategies.

Vulnerability Management

Risk Management

Cyber Resilience

Internet of Things

CISO Survival Guide: 4 Steps to Prepare for CISA 2015 Expiration

George V. Hulme

China-nexus threat actors are targeting edge devices that do not support EDR. Adm. Michael Rogers writes that cyber-physical systems could be next since many of the connected OT, IoT, and IoMT devices and sensors also lack EDR protection.

Operational Resilience

Internet of Things

Cyber Resilience

Risk Management

Adversaries' Adaptability is Bad News for Cyber-Physical Systems

ADM. Michael S. Rogers, USN (Ret.)

Amazon's intent to replace humans with robots represents a wave of cyber-physical systems (CPS) security that will need to be implemented not only in the logistics and warehousing industries but also for work-in-process (WIP) inventory in manufacturing and other critical industries.

Cyber Resilience

Internet of Things

Operational Resilience

Operational Technology

Vulnerability Management

Risk Management

Automation Inroads Bring Urgency to CPS Protection

Vulnerability Management

Risk Management

Internet of Things

Cyber Resilience

Nexus Podcast: Christopher Frenz on Evidence-Based Security

Providence CISO Mike Ratliff shares the results and initial impact of an AI up-skilling program implemented at the Washington-based hospital system for its cybersecurity team. The benefits are already being see in terms of operational efficiency and cross-functional collaboration.

Operational Resilience

Internet of Things

Risk Management

Providence Cybersecurity AI Up-Skilling Program: Building Smarter Defenses for a Digital Future

Cyber Resilience

Internet of Things

Operational Technology

Operational Resilience

Risk Management

Nexus Conference

Charles Carmakal on China's Cyber Threat to Critical Infrastructure

Charles Carmakal, Chief Technology Officer at Mandiant (Part of Google Cloud), explains how China-nexus threat actors such as Volt Typhoon, Salt Typhoon, and…

The congressional delay in hammering out a federal budget has added another layer of pain to the ongoing crisis for the Cybersecurity and Infrastructure Security Agency (CISA). Not only are there funding concerns., but it's the expiration of critical information-sharing legislation and a regulatory compliance vacuum that has left enterprises unsure about their next steps.

Cyber Resilience

Operational Resilience

Risk Management

Internet of Things

Threat Intelligence Goes Dark, CISA Crisis Leaves Enterprise Security Blind

George V. Hulme

On the Nexus Podcast, former Commonwealth of Pennsylvania CISO and current Black Kite CSO Bob Maley discussed the resource challenges facing not only critical infrastructure asset owners and operators, but also how those challenges are impacting risk-management efforts in critical industries.

Risk Management

Cyber Resilience

Internet of Things

Nexus Podcast: Bob Maley on Critical Infrastructure Resource Challenges

Trend Micro Senior Threat Researcher Salvatore Gariuolo joined the Nexus Podcast, calling int question whether the ISO 15188 standard is sufficient enough to protect EV charging—the cybersecurity of charging stations in particular.

Internet of Things

Vulnerability Management

Risk Management

Nexus Podcast: Salvatore Gariuolo on ISO 15118, Safe EV Charging

Internet of Things

Vulnerability Management

Risk Management

Nexus Podcast: Noam Moshe on Hacking Video Surveillance

In this episode of the Nexus Podcast, BitDefender Director of IoT Security Dan Berte joins to discuss research his team conducted on the security of two solar power management platforms responsible for 20 percent of the planet’s solar power output.

Internet of Things

Vulnerability Management

Risk Management

Nexus Podcast: Dan Berte on Solar Grid and IoT Vulnerabilities

1

Latest on Nexus Podcast

See all episodes

The Nexus podcast features conversations with security leaders, researchers, and experts sharing their expertise on cyber-physical systems security.

See all episodes

Jay Catherine, a security architect for a major retailer, joins the Nexus Podcast to discuss best practices for logistics cybersecurity within the retail space. This includes securing not only distribution, but also the operational technology involved in these manufacturing processes.

Internet of Things

Cyber Resilience

Operational Resilience

Operational Technology

Nexus Podcast: Jay Catherine on Securing Logistics, OT in Retail

On this episode of the Nexus Podcast, Greg Garcia, Executive Director of The Health Sector Coordinating Council Cybersecurity Working Group, discusses the Sector Mapping and Risk Toolkit (SMART). SMART contains a set of 17 templates that enable healthcare organizations to map and visualize workflows, identify areas of risk, and where mitigations are most desperately needed.

Risk Management

Operational Resilience

Cyber Resilience

Nexus Podcast: Greg Garcia on the Sector Mapping and Risk Toolkit for Healthcare

Vulnerability Management

Risk Management

Internet of Things

Cyber Resilience

Nexus Podcast: Christopher Frenz on Evidence-Based Security