Sveriges mest populära poddar
PrOTect It All
NäringslivTeknologi

Inside OT Penetration Testing: Red Teaming, Risks, and Real-World Lessons for Critical Infrastructure with Justin Searle

54 min16 juni 2025

In this episode, host Aaron Crow sits down with OT security expert Justin Searle, Director of ICS Security at InGuardians, for a deep dive into the ever-evolving world of OT and IT cybersecurity. 

With over 25 years of experience, ranging from hands-on engineering and water treatment facilities to red-team penetration testing on critical infrastructures such as airports and power plants, Justin brings a wealth of insight and real-world anecdotes.

This episode unpacks what it really takes to assess and secure operational technology environments. Whether you’re a C-suite executive, a seasoned cyber pro, or brand new to OT security, you’ll hear why network expertise, cross-team trust, and careful, collaborative engagement with engineers are so crucial when testing high-stakes environments. Aaron and Justin also discuss how the industry has matured, the importance of dedicated OT cybersecurity teams, and why practical, people-first approaches make all the difference, especially when lives, reliability, and national infrastructure are on the line.

Get ready for actionable advice, hard-earned lessons from the field, and a candid look at both the progress and the ongoing challenges in protecting our most critical systems.

 

Key Moments: 

05:55 Breaking Into Cybersecurity Without Classes

09:26 Production Environment Security Testing

13:28 Credential Evaluation and Light Probing

14:33 Firewall Misconfiguration Comedy

19:14 Dedicated OT Cybersecurity Professionals

20:50 "Prioritize Reliability Over Latest Features"

24:18 "IT-OT Convergence Challenges"

29:04 Patching Program and OT Security

32:08 Complexity of OT Environments

35:45 Dress-Code Trust in Industry

38:23 Legacy System Security Challenges

42:15 OT Cybersecurity for IT Professionals

43:40 "Building Rapport with Food"

47:59 Future OT Cyber Risks and Readiness

51:30 Skill Building for Tech Professionals

 

About the Guest : 

Justin Searle is the Director of ICS Security at InGuardians, specializing in ICS security architecture design and penetration testing.  He led the Smart Grid Security Architecture group in the creation of NIST Interagency Report 7628 and played critical roles in the Advanced Security Acceleration Project for the Smart Grid (ASAP-SG), National Electric Sector Cybersecurity Organization Resources (NESCOR), and Smart Grid Interoperability Panel (SGIP).  

 

Justin has taught hacking techniques, forensics, networking, and intrusion detection courses for multiple universities, corporations, and security conferences.  His current courses at SANS and Black Hat are among the world's most attended ICS cybersecurity courses.  Justin is currently a Senior Instructor for the SANS Institute and a faculty member at IANS. In addition to electric power industry conferences, he frequently presents at top international security conferences such as Black Hat, DEFCON, OWASP, HITBSecConf, Brucon, Shmoocon, Toorcon, Nullcon, Hardware.io, and AusCERT.  

 

Justin leads prominent open-source projects, including The Control Thing Platform, Samurai Web Testing Framework (SamuraiWTF), and Samurai Security Testing Framework for Utilities (SamuraiSTFU).  He has an MBA in International Technology and is a CISSP and SANS GIAC certified Incident Handler (GCIH), Intrusion Analyst (GCIA), Web Application Penetration Tester (GWAPT), and GIAC Industrial Control Security Professional (GICSP)

 

How to connect Justin: 

https://www.controlthings.io

https://www.linkedin.com/in/meeas/

Email: [email protected]



Connect With Aaron Crow:

 

Learn more about PrOTect IT All:

 

To be a guest or suggest a guest/episode, please email us at [email protected]

 

Please leave us a review on Apple/Spotify Podcasts:

Apple   - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124

Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4

Fler avsnitt av PrOTect It All

Visa alla avsnitt av PrOTect It All
Cybersecurity vs Resilience: What Business Leaders Need to Know About Managing Risk
44 min
Continuous Trust in Cybersecurity : Why Identity Is the New Security Perimeter
44 min
Breaking Into Cybersecurity: Soft Skills, Networking & Standing Out in a Crowded Market
1 tim 2 min
AI, Cybersecurity & Career Growth: Why Curiosity Matters More Than Credentials
53 min
AI in OT Cybersecurity: Real-World Risks, Smarter Defenses & the Future of Critical Infrastructure
49 min
AI Agents & Cybersecurity: Identity, Compliance, and the New Risks Facing IT and OT
1 tim 7 min
From NFL to OT Cybersecurity Why Trust and Teamwork Matter More Than Tools | Aaron Crow
49 min
Cyber Risk in Construction: Securing AEC Projects in a Digital, AI-Driven World
50 min
Breaking Into OT Cybersecurity: Closing the Skills Gap and Protecting Critical Infrastructure
49 min
OT Risk Management That Works: Asset Visibility, Risk Quantification & CISO-Level Strategy
1 tim 1 min

PrOTect It All med Aaron Crow finns tillgänglig på flera plattformar. Informationen på denna sida kommer från offentliga podd-flöden.