Apply to Attend Nexus Conference 2026

Topics:

AJ Eserjose, Regional Director for Operational Technology Information Sharing and Analysis Center (OT-ISAC), writes about how the information shared among members of a hub such as OT-ISAC creates a predictive resilience. Attack, threat, and risk signals are aggregated from contributions made by different members into comprehensive intelligence that improves overall cyber and operational resilience.

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

How Collective Intelligence Enhances Predictive Resilience

Project Glasswing and the Claude Mythos Preview have caused an upheaval related to vulnerability discovery and exploit development. On Nexus, former NSA Director Adm. Michael S. Rogers introduces some nuance to the discussion. The nuance that isn’t being articulated enough, he says, is that Project Glasswing is largely a defensive effort that does more to level the playing field between threat actors and defenders than we may realize.

Cyber Resilience

Operational Resilience

Vulnerability Management

Exploring Some Nuance on Project Glasswing

ADM. Michael S. Rogers, USN (Ret.)

OT has a cybersecurity skills gap. Leading organizations, however, are responding by building cross-functional IT/OT security teams, investing in OT-specific training, creating hybrid cybersecurity roles, and leveraging managed OT security services to bridge immediate gaps. They are also prioritizing asset visibility, documentation, and standardized processes to reduce reliance on tribal knowledge.

Operational Technology

Operational Resilience

Cyber Resilience

OT Cybersecurity Faces a Skills Gap

See all in Cyber Resilience See all in Articles

A New Jersey appeals court agreed with an earlier court’s decision that cybersecurity insurance providers could not deny ransomware coverage under a so-called “war exclusion” for a cybersecurity incident Merck & Co. claimed caused $1.4 billion in losses.

Cybersecurity Insurance

Merck Ransomware Insurance Ruling Helps Clear Fog of Cyberwar

George V. Hulme

Avoid these seven pitfalls when seeking cybersecurity liability insurance; ensure you understand policy terms and conditions, conduct due diligence, and involve the proper stakeholders, among other things.

Cybersecurity Insurance

Cybersecurity Liability Insurance Pitfalls to Avoid

George V. Hulme

Navigating cybersecurity insurance in a recession requires diligence about systemic cybersecurity risks that can cause premiums to rise or insurers to consider an organization uninsurable.

Cybersecurity Insurance

Risk Management

Navigating Cyber Insurance in a Recession

George V. Hulme

See all in Cybersecurity Insurance See all in Articles

Project Glasswing and the Claude Mythos Preview have caused an upheaval related to vulnerability discovery and exploit development. On Nexus, former NSA Director Adm. Michael S. Rogers introduces some nuance to the discussion. The nuance that isn’t being articulated enough, he says, is that Project Glasswing is largely a defensive effort that does more to level the playing field between threat actors and defenders than we may realize.

Cyber Resilience

Operational Resilience

Vulnerability Management

Exploring Some Nuance on Project Glasswing

ADM. Michael S. Rogers, USN (Ret.)

Cyber Resilience

Risk Management

Vulnerability Management

CISA Alert on EOL Edge Devices Should Also Spark Enhanced CPS Defenses

ADM. Michael S. Rogers, USN (Ret.)

Risk Management

Operational Resilience

Cyber Resilience

Imminent National Cyber Strategy May Lean on Offense at the Expense of Defense

See all in Federal See all in Articles

Cyberattacks against the food and beverage industry are opportunistic and leverage the growth in digitization to exploit previously unmanaged vulnerabilities to disrupt operations.

Food & Beverage

On the Menu: Cybersecurity Risks in the Food and Beverage Industry

George V. Hulme

See all in Food & Beverage See all in Articles

ASL Roma 1 CISO Stefano Scaramuzzino and Deloitte’s Fabio Battelli explain the next evolution of cybersecurity and risk governance at Italy’s largest public health authority: canonical risk. The hospital's HOPE framework is the decision layer for this concept, a governed, explainable, and auditable synthesis of technical signals, operational context, and explicit priority logic that inform remediation and mitigation actions.

Cyber Resilience

Operational Resilience

Risk Management

At ASL Roma 1, Canonical Risk Informs Governance, Remediation Actions

Stefano Scaramuzzino

Risk Management

Operational Resilience

Cyber Resilience

Imminent National Cyber Strategy May Lean on Offense at the Expense of Defense

Cyber-physical systems cybersecurity is a maturing practice, which means protection of these critical systems must become more programmatic. Stefano Scaramuzzino CISO of ASL Roma-1 and Fabio Battelli of Deloittte explain the first steps on this journey using ASL Roma-1's HOPE program as the model.

Cyber Resilience

Operational Resilience

Risk Management

Moving from Visibility to Governance of CPS

Stefano Scaramuzzino

See all in Healthcare See all in Articles

AJ Eserjose, Regional Director for Operational Technology Information Sharing and Analysis Center (OT-ISAC), writes about how the information shared among members of a hub such as OT-ISAC creates a predictive resilience. Attack, threat, and risk signals are aggregated from contributions made by different members into comprehensive intelligence that improves overall cyber and operational resilience.

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

How Collective Intelligence Enhances Predictive Resilience

OT has a cybersecurity skills gap. Leading organizations, however, are responding by building cross-functional IT/OT security teams, investing in OT-specific training, creating hybrid cybersecurity roles, and leveraging managed OT security services to bridge immediate gaps. They are also prioritizing asset visibility, documentation, and standardized processes to reduce reliance on tribal knowledge.

Operational Technology

Operational Resilience

Cyber Resilience

OT Cybersecurity Faces a Skills Gap

Data centers have been targeted for kinetic attacks during the ongoing Iran war, and given their strategic prioritization during the conflict, they could be targeted for cyberattacks as well. Nexus contributor James LaBonty explains the risk and potential vulnerabilities, including building management systems and other cyber-physical systems.

Cyber Resilience

Operational Technology

Risk Management

Vulnerability Management

Operational Resilience

Protecting Physical, Digital Security of Data Centers During Conflict

See all in Industrial See all in Articles

Congress' failure to reauthorize the Cybersecurity Information Sharing Act of 2015 (CISA 2015) signals a fundamental shift in threat intelligence sharing and overall risk management strategies.

Vulnerability Management

Risk Management

Cyber Resilience

Internet of Things

CISO Survival Guide: 4 Steps to Prepare for CISA 2015 Expiration

George V. Hulme

China-nexus threat actors are targeting edge devices that do not support EDR. Adm. Michael Rogers writes that cyber-physical systems could be next since many of the connected OT, IoT, and IoMT devices and sensors also lack EDR protection.

Operational Resilience

Internet of Things

Cyber Resilience

Risk Management

Adversaries' Adaptability is Bad News for Cyber-Physical Systems

ADM. Michael S. Rogers, USN (Ret.)

Amazon's intent to replace humans with robots represents a wave of cyber-physical systems (CPS) security that will need to be implemented not only in the logistics and warehousing industries but also for work-in-process (WIP) inventory in manufacturing and other critical industries.

Cyber Resilience

Internet of Things

Operational Resilience

Operational Technology

Vulnerability Management

Risk Management

Automation Inroads Bring Urgency to CPS Protection

See all in Internet of Things See all in Articles

More than 250 influential cybersecurity leaders from industrial companies, healthcare delivery organizations, and the highest levels of government convened for Claroty’s fourth annual thought leadership conference to share best practices on cyber-physical systems cybersecurity, protection, and resilience strategies.

Cyber Resilience

Operational Resilience

Risk Management

Nexus Conference

CPS Security Leaders Establish Priorities for Resilience at Nexus 2025

See all in Nexus Conference See all in Articles

AJ Eserjose, Regional Director for Operational Technology Information Sharing and Analysis Center (OT-ISAC), writes about how the information shared among members of a hub such as OT-ISAC creates a predictive resilience. Attack, threat, and risk signals are aggregated from contributions made by different members into comprehensive intelligence that improves overall cyber and operational resilience.

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

How Collective Intelligence Enhances Predictive Resilience

Project Glasswing and the Claude Mythos Preview have caused an upheaval related to vulnerability discovery and exploit development. On Nexus, former NSA Director Adm. Michael S. Rogers introduces some nuance to the discussion. The nuance that isn’t being articulated enough, he says, is that Project Glasswing is largely a defensive effort that does more to level the playing field between threat actors and defenders than we may realize.

Cyber Resilience

Operational Resilience

Vulnerability Management

Exploring Some Nuance on Project Glasswing

ADM. Michael S. Rogers, USN (Ret.)

OT has a cybersecurity skills gap. Leading organizations, however, are responding by building cross-functional IT/OT security teams, investing in OT-specific training, creating hybrid cybersecurity roles, and leveraging managed OT security services to bridge immediate gaps. They are also prioritizing asset visibility, documentation, and standardized processes to reduce reliance on tribal knowledge.

Operational Technology

Operational Resilience

Cyber Resilience

OT Cybersecurity Faces a Skills Gap

See all in Operational Resilience See all in Articles

AJ Eserjose, Regional Director for Operational Technology Information Sharing and Analysis Center (OT-ISAC), writes about how the information shared among members of a hub such as OT-ISAC creates a predictive resilience. Attack, threat, and risk signals are aggregated from contributions made by different members into comprehensive intelligence that improves overall cyber and operational resilience.

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

How Collective Intelligence Enhances Predictive Resilience

OT has a cybersecurity skills gap. Leading organizations, however, are responding by building cross-functional IT/OT security teams, investing in OT-specific training, creating hybrid cybersecurity roles, and leveraging managed OT security services to bridge immediate gaps. They are also prioritizing asset visibility, documentation, and standardized processes to reduce reliance on tribal knowledge.

Operational Technology

Operational Resilience

Cyber Resilience

OT Cybersecurity Faces a Skills Gap

Cyber Resilience

Risk Management

Operational Technology

Operational Resilience

Administration Takes Aggressive Cyber Posture with New Strategy, Cybercrime Executive Order

Cristin Flynn Goodwin

See all in Operational Technology See all in Articles

The HHS Office for Civil Rights proposes substantial rule changes to the long-standing Health Insurance Portability and Accountability Act (HIPAA) Security Rule. While details on the proposed rule changes remain unclear, HHS plans to issue a Notice of Proposed Rulemaking (NPRM) by the end of the year. These changes are believed to be the most substantial changes since the HIPAA Security rule went into effect in 2003

Significant Changes to HIPAA Security Rule on the Way

George V. Hulme

Mike Ratliff, AVP Security Engineering and Operations at Providence, writes about five steps healthcare delivery organizations should take to mitigate the risk of ransomware and extortion-based attacks.

Cyber Resilience

5 Things Hospitals Can Do to Mitigate Threats of Ransomware

Resilience, Recovery Strategies to Combat Ransomware and Extortion

ADM. Michael S. Rogers, USN (Ret.)

See all in Ransomware See all in Articles

AJ Eserjose, Regional Director for Operational Technology Information Sharing and Analysis Center (OT-ISAC), writes about how the information shared among members of a hub such as OT-ISAC creates a predictive resilience. Attack, threat, and risk signals are aggregated from contributions made by different members into comprehensive intelligence that improves overall cyber and operational resilience.

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

How Collective Intelligence Enhances Predictive Resilience

ASL Roma 1 CISO Stefano Scaramuzzino and Deloitte’s Fabio Battelli explain the next evolution of cybersecurity and risk governance at Italy’s largest public health authority: canonical risk. The hospital's HOPE framework is the decision layer for this concept, a governed, explainable, and auditable synthesis of technical signals, operational context, and explicit priority logic that inform remediation and mitigation actions.

Cyber Resilience

Operational Resilience

Risk Management

At ASL Roma 1, Canonical Risk Informs Governance, Remediation Actions

Stefano Scaramuzzino

Cyber Resilience

Risk Management

Operational Technology

Operational Resilience

Administration Takes Aggressive Cyber Posture with New Strategy, Cybercrime Executive Order

Cristin Flynn Goodwin

See all in Risk Management See all in Articles

Current OT cybersecurity budgeting approaches reflect a misalignment of prioritizing surface-level defenses over architectural shortcomings. Instead, CISOs should demand vendors deliver products that are secure by design, and address systemic failures over a reactive approach to the security of cyber-physical systems.

Operational Technology

Risk Management

The Economics of OT Cybersecurity: Are We Investing in the Wrong Priorities?

Enterprises often are blind to the use of open source software in commercial and homegrown software development. Vulnerabilities and other weaknesses in OSS deployments are significant exposures that must be managed and mitigated.

Vulnerability Management

Risk Management

Visibility, Governance Key to Managing Open Source Risk

George V. Hulme

Technical debt in OT leads to increased operations costs as teams fight to maintain outdated systems, and security teams struggle to keep those same systems secure, often through compensating controls.

Operational Technology

Getting Strategic Against Technical Debt in OT

George V. Hulme

See all in Technical Debt See all in Articles

Project Glasswing and the Claude Mythos Preview have caused an upheaval related to vulnerability discovery and exploit development. On Nexus, former NSA Director Adm. Michael S. Rogers introduces some nuance to the discussion. The nuance that isn’t being articulated enough, he says, is that Project Glasswing is largely a defensive effort that does more to level the playing field between threat actors and defenders than we may realize.

Cyber Resilience

Operational Resilience

Vulnerability Management

Exploring Some Nuance on Project Glasswing

ADM. Michael S. Rogers, USN (Ret.)

Data centers have been targeted for kinetic attacks during the ongoing Iran war, and given their strategic prioritization during the conflict, they could be targeted for cyberattacks as well. Nexus contributor James LaBonty explains the risk and potential vulnerabilities, including building management systems and other cyber-physical systems.

Cyber Resilience

Operational Technology

Risk Management

Vulnerability Management

Operational Resilience

Protecting Physical, Digital Security of Data Centers During Conflict

Cyber Resilience

Risk Management

Vulnerability Management

CISA Alert on EOL Edge Devices Should Also Spark Enhanced CPS Defenses

ADM. Michael S. Rogers, USN (Ret.)

See all in Vulnerability Management See all in Articles

The Department of Defense has issued comprehensive guidance requiring all organizational units to implement zero-trust security principles across operational technology (OT) systems, marking a fundamental shift in how the military secures critical infrastructure from power grids to manufacturing control systems.

Operational Technology

Cyber Resilience

Pentagon Mandates Zero Trust Security Framework for Operational Technology Environments

George V. Hulme

The convergence of IT and OT systems, primarily driven by the deployment of IIoT (industrial Internet of Things), cloud computing, and the need for remote monitoring, has fundamentally altered the OT architecture that the Purdue Model was initially designed to help manage.

Risk Management

Operational Resilience

Operational Technology

Is It Time to Rethink the Purdue Model?

George V. Hulme

Operational Resilience

Operational Technology

Poor Visibility Still a Drag on Secure Third-Party Remote Access

George V. Hulme

See all in Zero Trust See all in Articles

Former Pfizer global head of automation engineering Jim LaBonty is featured in Episode 2 of Nexus Digest. Jim discusses a recent article he wrote on the interlock between data centers and modern manufacturing facilities. He describes their dependencies and how cybersecurity fits in these relationships.

Vulnerability Management

Risk Management

Nexus Digest: Jim LaBonty on Data Center and Manufacturing Cybersecurity

Former Pfizer global head of automation engineering Jim LaBonty is featured in Episode 2 of Nexus Digest. Jim discusses a recent article he wrote on the…

Risk Management

Cyber Resilience

Operational Resilience

Nexus Digest: Megan Stifel on National Cyber Strategy’s Pivot to Offensive Security

Megan Stifel, Chief Strategy Officer for the Institute for Security and Technology, joins the first episode of the Nexus Digest to discuss an article she wrote…

Rui Mella Jr., Cybersecurity Manager at Ascenty, explains how Latin American data center operators have achieved continuous, granular visibility into their critical assets and potential vulnerabilities, resulting in effective risk mitigation. This improved oversight is essential for maintaining complete control and security of their infrastructure.

Nexus Conference

Cyber Resilience

Risk Management

Vulnerability Management

Rui Mella on Data Center Risk Mitigation through Visibility

Rui Mella Jr., Cybersecurity Manager at Ascenty, explains how Latin American data center operators have achieved continuous, granular visibility into their…

See all in Videos

Rapid7 Principal Security Research (IoT) lead Deral Heiland joins the Nexus Podcast to discuss work his team did on how attackers might weaponize cellular-based IoT. Rapid7 conducted three phases of this research, with the most recent digging into how attackers with access to these systems can abuse them to gain unauthorized access, potentially exfiltrate critical data, or pivot into backend network infrastructure.

Internet of Things

Vulnerability Management

Risk Management

Operational Resilience

Nexus Podcast: Deral Heiland on Weaponizing Cellular-Based IoT

Operational Technology

Vulnerability Management

Nexus Podcast: Rob King on OT Asset Exposures, Mitigations

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

Nexus Podcast: MITRE on Caldera for OT Adversary Emulation

See all in Podcasts

Archive

All entries

Project Glasswing and the Claude Mythos Preview have caused an upheaval related to vulnerability discovery and exploit development. On Nexus, former NSA Director Adm. Michael S. Rogers introduces some nuance to the discussion. The nuance that isn’t being articulated enough, he says, is that Project Glasswing is largely a defensive effort that does more to level the playing field between threat actors and defenders than we may realize.

Cyber Resilience

Operational Resilience

Vulnerability Management

Exploring Some Nuance on Project Glasswing

ADM. Michael S. Rogers, USN (Ret.)

Rapid7 Principal Security Research (IoT) lead Deral Heiland joins the Nexus Podcast to discuss work his team did on how attackers might weaponize cellular-based IoT. Rapid7 conducted three phases of this research, with the most recent digging into how attackers with access to these systems can abuse them to gain unauthorized access, potentially exfiltrate critical data, or pivot into backend network infrastructure.

Internet of Things

Vulnerability Management

Risk Management

Operational Resilience

Nexus Podcast: Deral Heiland on Weaponizing Cellular-Based IoT

Operational Technology

Vulnerability Management

Nexus Podcast: Rob King on OT Asset Exposures, Mitigations

Former Pfizer global head of automation engineering Jim LaBonty is featured in Episode 2 of Nexus Digest. Jim discusses a recent article he wrote on the interlock between data centers and modern manufacturing facilities. He describes their dependencies and how cybersecurity fits in these relationships.

Vulnerability Management

Risk Management

Nexus Digest: Jim LaBonty on Data Center and Manufacturing Cybersecurity

Former Pfizer global head of automation engineering Jim LaBonty is featured in Episode 2 of Nexus Digest. Jim discusses a recent article he wrote on the…

On this episode of the Nexus Podcast, Health-ISAC VP of Medical Device Cybersecurity Phil Englert discusses the cybersecurity risks introduced by legacy technology in healthcare and how it impacts patient care and safety. He also brought context and insight into the U.S. Food and Drug Administration's (FDA) updated guidance on cybersecurity requirements for medical devices aimed at manufacturers and premarket product submissions.

Cyber Resilience

Vulnerability Management

Risk Management

Nexus Podcast: Health-ISAC's Phil Englert on Medical Device Cybersecurity

On this episode of the Nexus Podcast, Michael Pyle, Director of Product Cybersecurity at Schneider Electric (SE), joins the Nexus Podcast to discuss Internet Exposure Prevention, a new SE approach to preventing illicit connections to internet facing OT and industrial control systems (ICS) that are insecurely connected to the internet.

Operational Technology

Operational Resilience

Risk Management

Cyber Resilience

Vulnerability Management

Nexus Podcast: Michael Pyle on Securing Internet-Facing OT, ICS Assets

Cyber Resilience

Vulnerability Management

Operational Technology

Operational Resilience

Nexus Podcast: Gus Serino on the Efforts of a Massachusetts Water Cybersecurity Collaborative

Data centers have been targeted for kinetic attacks during the ongoing Iran war, and given their strategic prioritization during the conflict, they could be targeted for cyberattacks as well. Nexus contributor James LaBonty explains the risk and potential vulnerabilities, including building management systems and other cyber-physical systems.

Cyber Resilience

Operational Technology

Risk Management

Vulnerability Management

Operational Resilience

Protecting Physical, Digital Security of Data Centers During Conflict

Rui Mella Jr., Cybersecurity Manager at Ascenty, explains how Latin American data center operators have achieved continuous, granular visibility into their critical assets and potential vulnerabilities, resulting in effective risk mitigation. This improved oversight is essential for maintaining complete control and security of their infrastructure.

Nexus Conference

Cyber Resilience

Risk Management

Vulnerability Management

Rui Mella on Data Center Risk Mitigation through Visibility

Rui Mella Jr., Cybersecurity Manager at Ascenty, explains how Latin American data center operators have achieved continuous, granular visibility into their…

Vulnerability Management

Operational Technology

Operational Resilience

Cyber Resilience

Nexus Podcast: Dan Ricci on Four Years of the ICS Advisory Project

Cyber Resilience

Risk Management

Vulnerability Management

CISA Alert on EOL Edge Devices Should Also Spark Enhanced CPS Defenses

ADM. Michael S. Rogers, USN (Ret.)

In this episode of the Nexus Podcast, CISA ICS Cybersecurity Lead Matthew Rogers discusses new guidance from the agency on the use of security operational technology (OT) protocols, titled “Barriers to Secure OT Communication: Why Johnny Can’t Authenticate.” The paper advocates for the use of secure versions of legacy OT protocols, or the adoption of open standards by OEMs, in order to bring authentication and integrity to OT protocol communication.

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

Vulnerability Management

Nexus Podcast: CISA’s Matthew Rogers on Secure OT Protocol Communication

1

Latest on Nexus Podcast

See all episodes

The Nexus podcast features conversations with security leaders, researchers, and experts sharing their expertise on cyber-physical systems security.

See all episodes

Rapid7 Principal Security Research (IoT) lead Deral Heiland joins the Nexus Podcast to discuss work his team did on how attackers might weaponize cellular-based IoT. Rapid7 conducted three phases of this research, with the most recent digging into how attackers with access to these systems can abuse them to gain unauthorized access, potentially exfiltrate critical data, or pivot into backend network infrastructure.

Internet of Things

Vulnerability Management

Risk Management

Operational Resilience

Nexus Podcast: Deral Heiland on Weaponizing Cellular-Based IoT

Operational Technology

Vulnerability Management

Nexus Podcast: Rob King on OT Asset Exposures, Mitigations

Cyber Resilience

Operational Resilience

Operational Technology

Risk Management

Nexus Podcast: MITRE on Caldera for OT Adversary Emulation