True stories
from the people defending
critical infrastructure.
Real conversations about OT security, ICS protection, SCADA, IT/OT convergence, AI, compliance, and the human side of keeping critical systems running. Hosted by Aaron Crow, founder of Corvo Security. 111+ episodes and counting.
- Episodes
- 111+
- Cadence
- Weekly
- Format
- Long-form
+ solo - Network
- Independent
THE FULL SPECTRUM OF CYBERSECURITY
OT, IT, AI, compliance, leadership, incident response, and the messy human dynamics where most security programs actually live or die.
Protecting power plants, water utilities, manufacturing, and transportation. Grounded in NIST 800-82 and the Purdue Model.
Bridging the gap between IT and OT teams, technologies, and the mindsets that often divide them.
AI, cloud, quantum, and automation in industrial environments. Practical impact, not breathless hype.
NERC CIP, SANS Five ICS Critical Controls, risk-based approaches that go beyond checkbox audits.
Building trust between teams, developing talent, and navigating the organizational dynamics that determine whether security actually happens.
Real breach stories, tabletop exercises, and lessons from the people who took the call at 2 AM.
Hosted by Aaron Crow.
Aaron is the founder of Corvo Security and a long-time operator in OT, ICS, and enterprise cybersecurity. He started PrOTect IT All because most of the cybersecurity world either ignores the operational technology side or treats it like a foreign country.
The show is a long-form conversation with the practitioners actually doing the work: incident responders, control system engineers, CISOs, regulators, vendors, and the occasional skeptic. No vendor pitches. No scripted talking points.
ON AIR NOW
The most recent six episodes, pulled live from the show feed. Each link opens the episode page on protectitallpod.com.
Quantum Readiness: The Cybersecurity Threat Most Organizations Aren’t Prepared For
Quantum computing isn't a future problem - it's a cybersecurity challenge organizations need to start preparing for today. In this episode of Protect It All, host Aaron Crow welcomes Jim Sortino for a timely discussion on quantum readiness, cryptographic risk, and the future of cybersecurity. As organizations continue accumulating technical debt and relying on aging cryptographic systems, the arrival of quantum computing threatens to disrupt the very foundations of digital trust. Jim explains why leaders need to think beyond today's threats and begin preparing for a future where current encryption standards may no longer provide adequate protection. Together, Aaron and Jim explore the practical realities of quantum risk, how organizations can identify vulnerable systems, and why crypto agility is becoming one of the most important cybersecurity priorities of the next decade. You'll learn: What quantum computing means for modern cybersecurity Why cryptographic technical debt creates long-term business risk How to assess your organization's quantum readiness The importance of crypto agility and encryption modernization Practical steps security leaders can take today Why IT and OT environments must prepare for the same emerging threats Whether you're a cybersecurity professional, technology leader, board member, or simply curious about the future of digital security, this episode provides actionable insights to help you prepare before quantum disruption arrives. Tune in to learn why the organizations that start preparing today will be the ones best positioned to protect tomorrow. Key Moments: 06:02 Challenges with product maintenance and AI integration 08:42 Importance of Software in Everything 12:30 Addressing cybersecurity risks 16:00 Authentication and trust challenges 18:13 Preparing for technological changes 20:56 Planning and Implementing Projects 25:38 Budget planning for cybersecurity risks 28:54 Challenges for Small Financial Institutions 31:27 Importance of regulations in business 33:37 Legacy security systems and protocols 36:38 Quantum readiness and future risks About the guest : Jim Sortino is the Chief Revenue Officer and a Board Member at Isera Corporation, where he helps organizations address emerging cybersecurity challenges through innovative identity and cryptographic security solutions. With decades of experience working with global enterprises, Jim specializes in helping leaders navigate complex technology risks, from technical debt and encryption modernization to quantum readiness. He is a passionate advocate for proactive cybersecurity strategies that prepare organizations for the next generation of digital threats. How to connect Jim Sortino : https://www.linkedin.com/in/jamessortino/ Learn more about PrOTect IT All: Email: [email protected] Website: https://protectitallpod.com/ep109 X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at in...
Cybersecurity vs Resilience: What Business Leaders Need to Know About Managing Risk
Cybersecurity isn't the goal. Business resilience is. In this episode of Protect It All, host Aaron Crow sits down with Lee Ward to explore why organizations need to move beyond compliance checklists and start focusing on what really matters: the ability to withstand, recover from, and adapt to disruption. Drawing on more than two decades of experience spanning the UK civil service, logistics, supply chain operations, and governance, risk, and compliance (GRC), Lee shares practical insights on helping boards and executives understand cyber risk in business terms. Together, Aaron and Lee discuss the realities of risk acceptance, operational technology challenges, patching constraints, and why resilience not perfection should be the ultimate objective of any cybersecurity program. You'll learn: Why resilience is a better business objective than security alone How to communicate cyber risk to boards and executive leadership The difference between compliance and meaningful risk reduction Practical approaches to OT security, patching, and operational constraints Why risk acceptance is a critical leadership responsibility How logistics and supply chain organizations approach resilience planning Whether you're a security leader, executive, risk manager, or OT practitioner, this episode provides practical guidance for building organizations that can continue operating when disruptions inevitably occur. Tune in to learn why resilience not just security is becoming the defining metric of successful organizations. Key Moments: 03:59 Understanding Cyber Risks for Leaders 07:16 Discussing non-cyber risks to services 11:12 Understanding business impact of cyber risk 15:45 Evaluating Cybersecurity Risks 19:37 Understanding installation complexities 21:15 Global risks affecting business resilience 24:27 Discussing regulation impacts on business 29:30 People's drive to make good choices 31:27 Industrial control systems demo at DEFCON 34:43 Limitations of technical security 38:06 The future of AI and education About the guest : Lee Ward is a Governance, Risk Management, and Compliance (GRC) leader with more than 20 years of experience spanning the UK civil service, logistics, supply chain operations, and cybersecurity. Specializing in business resilience, risk governance, and operational technology security, Lee helps organizations translate complex cyber risks into meaningful business decisions. He is passionate about moving beyond compliance-driven security programs and helping leaders build resilient organizations that can adapt, recover, and thrive in an increasingly uncertain world. How to connect Lee: https://www.linkedin.com/in/lee-ward-882a54244/ Learn more about PrOTect IT All: Email: [email protected] Website: https://protectitallpod.com/ep110 X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at [email protected] Please leave us a review on Apple/Spotify Podcasts: Apple -
Continuous Trust in Cybersecurity : Why Identity Is the New Security Perimeter
What if trust wasn't something you granted once - but something you continuously verified? In this episode of Protect It All, host Aaron Crow sits down with Frank Goodman to explore one of the most important challenges in modern cybersecurity: establishing trust in an increasingly connected world. As organizations expand across cloud, OT, AI, APIs, and distributed workloads, traditional approaches based on static credentials, API keys, and long-lived tokens are struggling to keep up with modern threats. Frank shares his vision for continuous trust, where cryptographic source identity and automated policy enforcement work together to verify every interaction in real time. Together, Aaron and Frank discuss how organizations can move beyond traditional security models and build architectures capable of responding to threats at machine speed. You'll learn: Why static keys and tokens remain a major cybersecurity weakness How continuous trust differs from traditional Zero Trust approaches The growing importance of source identity across IT, OT, cloud, and AI environments How automated policy enforcement improves visibility and response times Why supply chain and API-based attacks continue to challenge organizations What the future of cybersecurity looks like when trust becomes dynamic and continuous Whether you're responsible for enterprise security, critical infrastructure, cloud operations, or emerging AI systems, this episode offers a practical look at the next evolution of cyber defense. Tune in to discover why identity, trust, and automation are becoming the foundation of modern cybersecurity - only on Protect It All. Key Moments: 03:56 Importance of cryptographic source identity 08:52 Securing software supply chains 11:31 Current gaps in network security solutions 16:51 Improving cybersecurity through source identity 17:50 Trust thresholds and security priorities 23:51 Monitoring and securing backend systems 24:51 Managing security with SaaS providers 30:35 Enterprise security and infrastructure challenges 32:23 Adapting to new technologies 36:08 Improving cybersecurity tool integration 40:38 Innovative tech solutions discussion About the guest : Frank Goodman is a cybersecurity entrepreneur with 25+ years of experience in enterprise infrastructure and security. After leadership roles at Gigamon, NetScout, and VSS Monitoring, he founded Onoratio to tackle what he sees as a fundamental cybersecurity challenge: building continuous trust and verifiable source identity into the infrastructure itself. How to connect Frank : https://www.linkedin.com/in/frankgoodman/ Learn more about PrOTect IT All: Email: [email protected] Website: https://protectitallpod.com/ep109 X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at [email protected] Please leave us a review on Apple/Spotify Podcasts: Apple -
Breaking Into Cybersecurity: Soft Skills, Networking & Standing Out in a Crowded Market
Technical skills might get your attention - but soft skills build cybersecurity careers. In this episode of Protect It All, host Aaron Crow sits down with technology leader and mentor Robert Whetstine for a candid conversation about what it really takes to succeed in today’s cybersecurity job market. As AI reshapes hiring, the market becomes more crowded, and professionals struggle to stand out, Aaron and Robert explore the overlooked factors that often determine long-term success: adaptability, networking, authenticity, and communication. This episode goes beyond résumés and certifications to focus on the human side of career growth. You’ll learn: Why soft skills matter as much as technical ability in cybersecurity How networking and community create real career opportunities The impact of AI and oversaturation on the cybersecurity job market How to stand out without relying only on certifications Why adaptability and continuous learning are critical for long-term success Lessons on leadership, resilience, and professional growth from decades in tech Whether you’re breaking into cybersecurity, navigating a career transition, or trying to stay relevant in a fast-changing industry, this episode delivers practical advice and honest insights for building a sustainable and rewarding career. Tune in to learn why relationships, mindset, and adaptability are becoming the true differentiators in cybersecurity - only on Protect It All. Key Moments: 07:31 Developing essential soft skills 11:44 Embracing leadership and failure 16:14 Evaluating candidates for fit 22:00 Building a career through networking 31:16 Taking risks and finding support 35:16 The importance of empathetic leadership 38:34 Networking for job opportunities 47:28 Discussing layoffs for AI investment 50:07 Concerns about infrastructure cost 53:40 Entering the tech industry About the guest : Rob Whetstine (#BowTieSecurityGuy) has been in the technology and Cyber Security space for the last two decades. Known for the Mentoring, Making and of course his nerdy bowties. Born with an obsession for problem-solving, Rob's journey into the world of technology began at a young age, where he spent countless hours tinkering with computers found in the trash. When he was laid off a year ago from Disney after almost 20 years of service. He made it his mission to help people anyway he could. Those who were struggling in this job market and people new to Cyber. He started sharing videos on LinkedIn about his journey and sharing leadership stories. He has now started a podcast and mentors people all over the world. How to connect Rob : LinkedIn https://www.linkedin.com/in/bowtiesecurityguy/ Youtube: https://www.youtube.com/@bowtiesecurityguy Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: [email protected] Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTec...
AI, Cybersecurity & Career Growth: Why Curiosity Matters More Than Credentials
The future of cybersecurity belongs to people who can adapt - not just those with the longest list of certifications. In this episode of Protect It All, host Aaron Crow sits down with Peter Schawacker for a candid conversation about the evolving intersection of AI, cybersecurity, talent, and career growth. With nearly 30 years of experience in cybersecurity and technology leadership, Peter shares real-world insights on what organizations are getting wrong about hiring, why curiosity often matters more than credentials, and how AI is reshaping both technical work and the future of security teams. Together, Aaron and Peter unpack the changing role of CISOs, the dangers of checkbox-driven hiring, and why nontraditional talent may hold the key to solving the industry’s growing skills gap. You’ll learn: Why soft skills and curiosity are becoming critical cybersecurity assets How AI is transforming cybersecurity recruiting and technical roles The growing challenges around technical debt and workforce readiness Why traditional credentials don’t always predict success How CISOs and leaders should think differently about talent and culture Practical career advice for cybersecurity professionals navigating rapid change Whether you’re building a cyber team, hiring talent, or planning your next career move, this episode delivers honest insights into what it really takes to thrive in the AI-driven future of cybersecurity. Tune in to learn why adaptability, curiosity, and human ingenuity still matter most - only on Protect It All.. Key Moments: 04:08 The role of security in business 09:24 Managing Aramis online security 11:22 Hiring mindset for troubleshooting skills 13:55 Evaluating AI talent challenges 16:26 Discussing vulnerabilities in software 22:24 Early days of hacking and tech 25:55 Realizing the power of soft skills 28:15 Browsing eclectic book collections 32:13 Recent grads and AI opportunities 33:24 Getting into cybersecurity careers 37:22 Unexpected paths into security careers 40:41 Importance of critical thinking 44:35 Explaining tech's evolution over time About the Guest : Peter Schawacker is the Founder & CEO of Nearshore Cyber and a cybersecurity executive with more than 25 years of experience across multiple industries. A former CISO in four sectors, Peter specializes in cyber risk, AI governance, and workforce development. He is the creator of ARAMIS Insight, an AI-powered cybersecurity workforce competency platform aligned to the NIST NICE framework, and author of Governing AI at the Edge: An Operating Model for Citizen Development in the Enterprise. How to connect Peter: LinkedIn: https://www.linkedin.com/in/schawacker Nearshore Cyber: https://nearshorecyber.com.mx | ARAMIS Insight: https://project-aramis.com/insight Email: [email protected] Phone: +1 (760) 880-4258 Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: [email protected] Websit...
AI in OT Cybersecurity: Real-World Risks, Smarter Defenses & the Future of Critical Infrastructure
AI is rapidly transforming cybersecurity but are critical infrastructure environments ready for what comes next? In this episode of Protect It All, host Aaron Crow sits down with longtime colleague and cybersecurity expert Clark Liu to explore how artificial intelligence is reshaping both IT and OT security operations. From incident response and compliance frameworks to workforce shifts and operational resilience, Aaron and Clark unpack the real-world opportunities and very real risks of integrating AI into industrial environments. Together, they tackle the evolving role of frameworks like NERC CIP and NIST, the challenges of balancing compliance with actual security outcomes, and how organizations can responsibly adopt AI without increasing exposure. You’ll learn: How AI is changing OT and IT cybersecurity operations The role of AI in incident response, documentation, and monitoring Why compliance frameworks alone don’t guarantee resilience The risks of adopting AI without strong operational foundations How organizations can prepare for AI-powered threats and workforce changes Practical insights for balancing innovation, budgets, and security priorities Whether you’re leading OT security, managing critical infrastructure, or evaluating AI adoption in your organization, this episode delivers practical guidance for navigating cybersecurity’s next major shift. Tune in to learn how AI is transforming cyber defense and what organizations must do to stay resilient only on Protect It All. Key Moments; 05:33 Understanding cybersecurity compliance frameworks 07:11 Overlooked vulnerabilities in systems 09:59 Balancing multiple firewall vendors 15:17 Delegating tasks to AI 19:11 Importance of documenting commits 21:51 Hospital system shutdown crisis 25:11 AI uncovering software vulnerabilities 26:37 Engineers implementing AI in automation 31:26 AI tools and personal security 32:55 Password security practices 36:46 Using AI for basic tasks 39:38 Transition to off-the-shelf software 42:29 Going back to basics with appliances 47:02 Excitement About Future AI Capabilities Guest Profile : Clark Liu is a veteran OT cybersecurity expert and one of the original contributors to the NERC CIP standards. With nearly two decades in energy and critical infrastructure security - including leadership roles at EY and GALLO - Clark specializes in OT risk management, compliance strategy, and securing industrial operations from the plant floor to the cloud. How to connect Clark: LinkedIn : https://www.linkedin.com/in/clarkliu/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: [email protected] Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or sugg...
SUBSCRIBE EVERYWHERE
Or follow the RSS feed and listen wherever. Full directory at protectitallpod.com.
Have a guest in mind?
We're listening.
Pitches for guests, topics, or war stories worth telling.