True stories
from the people defending
critical infrastructure.
Real conversations about OT security, ICS protection, SCADA, IT/OT convergence, AI, compliance, and the human side of keeping critical systems running. Hosted by Aaron Crow, founder of Corvo Security. 105+ episodes and counting.
- Episodes
- 105+
- Cadence
- Weekly
- Format
- Long-form
+ solo - Network
- Independent
THE FULL SPECTRUM OF CYBERSECURITY
OT, IT, AI, compliance, leadership, incident response, and the messy human dynamics where most security programs actually live or die.
Protecting power plants, water utilities, manufacturing, and transportation. Grounded in NIST 800-82 and the Purdue Model.
Bridging the gap between IT and OT teams, technologies, and the mindsets that often divide them.
AI, cloud, quantum, and automation in industrial environments. Practical impact, not breathless hype.
NERC CIP, SANS Five ICS Critical Controls, risk-based approaches that go beyond checkbox audits.
Building trust between teams, developing talent, and navigating the organizational dynamics that determine whether security actually happens.
Real breach stories, tabletop exercises, and lessons from the people who took the call at 2 AM.
Hosted by Aaron Crow.
Aaron is the founder of Corvo Security and a long-time operator in OT, ICS, and enterprise cybersecurity. He started PrOTect IT All because most of the cybersecurity world either ignores the operational technology side or treats it like a foreign country.
The show is a long-form conversation with the practitioners actually doing the work: incident responders, control system engineers, CISOs, regulators, vendors, and the occasional skeptic. No vendor pitches. No scripted talking points.
ON AIR NOW
The most recent six episodes, pulled live from the show feed. Each link opens the episode page on protectitallpod.com.
AI Agents & Cybersecurity: Identity, Compliance, and the New Risks Facing IT and OT
AI agents are changing cybersecurity faster than most organizations can adapt. In this episode of Protect It All, host Aaron Crow welcomes back cybersecurity veteran Ken Foster for a deep dive into how AI is reshaping risk, identity, and resilience across IT and OT environments. With more than 30 years of experience spanning the Navy, manufacturing, fintech, government programs, and startups, Ken brings a grounded, real-world perspective on what organizations are getting right and dangerously wrong about AI adoption. Together, Aaron and Ken explore the growing challenges around AI agents, identity governance, shadow AI, compliance, and attribution in highly regulated industries. As AI tools become embedded into workflows and decision-making, organizations must rethink how they manage access, monitor activity, and maintain resilience against rapidly evolving threats. You’ll learn: Why AI agents introduce new identity and governance risks The dangers of shadow AI inside enterprise environments How AI impacts compliance, attribution, and accountability Why foundational practices like patching, segmentation, and documentation still matter The role of continuous monitoring in AI-driven environments How organizations can balance innovation with resilience and control Whether you’re leading cybersecurity strategy, managing critical infrastructure, or navigating AI adoption inside regulated environments, this episode delivers practical insights for securing the next generation of digital operations. Tune in to learn how AI is transforming cybersecurity - and what leaders must do to stay ahead - only on Protect It All. Key Moments: 07:47 AI guardrails discussion 12:02 Patching and network segmentation 20:44 AI changing job roles 24:24 FISMA and FedRAMP concerns 29:18 Emergency response planning 35:36 Choosing the right tech team 37:14 Discussing accountability and risk 46:31 Developer access problems 51:50 AI Dependence Risks 57:36 AI in pen testing 58:55 AI in risk prevention About the guest : Ken Foster is a veteran cybersecurity leader with 25+ years of experience in enterprise security, risk governance, and global infrastructure strategy. Currently Head of Global Architecture at Adient, Ken has previously led cybersecurity and compliance programs at Fleetcor and Fiserv, specializing in IAM, cloud security, regulatory compliance, and risk-based cybersecurity strategy. He is known for helping organizations balance innovation, resilience, and operational execution in highly regulated environments. How to connect Ken: http://linkedin.com/in/kennethfoster/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: [email protected] Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: http...
From NFL to OT Cybersecurity Why Trust and Teamwork Matter More Than Tools | Aaron Crow
Cybersecurity isn’t just about technology - it’s about people. In this episode of Protect It All, host Aaron Crow sits down with Sean Tufts for a conversation that goes far beyond tools and tactics. From the locker room to control rooms, Sean shares how his journey from professional football to OT cybersecurity shaped his approach to trust, teamwork, and leadership. Together, they unpack one of the biggest challenges in OT environments: building trust between IT and OT teams. Because without trust, even the best tools fail. You’ll learn: Why trust is the foundation of OT cybersecurity success How to bridge the gap between IT teams and engineers The role of communication and empathy in security programs Real-world lessons from segmentation failures and hidden network risks Why diversity and teamwork drive stronger security outcomes How leadership mindset shapes resilience in high-stakes environments Whether you’re leading cybersecurity, working in OT environments, or building cross-functional teams, this episode delivers practical insights on the human side of security—where real progress happens. Tune in to learn why the strongest cybersecurity programs are built on people, not just platforms only on Protect It All. Key Moments: 05:11 Importance of communication in tech 06:58 Learning from early career mistakes 11:40 Implementing network scanning in OT environments 15:50 Debating project priorities in cybersecurity 18:24 Improving system reliability and ROI 20:28 Convincing plants to self-fund projects 26:21 Creating layered RACI charts 26:57 Discussing people, process, and technology 31:15 Easy validations and big risks 34:35 Operators' productivity challenges 37:21 Network security in hospitals 42:25 Creating a safe network environment 43:10 Addressing network configuration issues 46:55 Different types of AI users About the guest : Sean Tufts is Field CTO at Claroty and a cybersecurity leader with deep expertise in industrial environments. With leadership roles at GE and Optiv, he has helped asset-intensive industries navigate the intersection of OT, IT, and cyber risk. Before cybersecurity, Sean was a standout linebacker and team captain at the University of Colorado and went on to play in the NFL with the Carolina Panthers bringing the same discipline, teamwork, and leadership mindset to securing critical infrastructure today. How to connect Sean : LinkedIn: https://www.linkedin.com/in/sean-tufts-36b4909/ Website: https://claroty.com/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: [email protected] Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or s...
Cyber Risk in Construction: Securing AEC Projects in a Digital, AI-Driven World
Construction sites are no longer just physical - they’re digital, connected, and increasingly vulnerable. In this episode of Protect It All, host Aaron Crow sits down with Lee Carsten to explore the rising cyber risks across the architecture, engineering, and construction (AEC) industry. As digital transformation accelerates - with AI, digital twins, and connected building systems becoming standard - construction projects are expanding their attack surface in ways many organizations don’t fully understand. Aaron and Lee unpack the unique challenges facing AEC environments, from fragmented systems and evolving workflows to the growing need for integrating cybersecurity into business decisions - not just IT functions. You’ll learn: Why construction and infrastructure projects are becoming prime cyber targets How digital transformation and AI are reshaping risk in AEC environments The role of building management systems (BMS) and OT in modern projects Why foundational controls and human awareness still matter most How to align cybersecurity with real-world construction workflows Practical strategies to build resilience into projects from day one Whether you’re in construction, engineering, IT, or OT security, this episode delivers real-world insights to help you protect the infrastructure we rely on every day. Tune in to learn how to secure modern construction in a connected world - only on Protect It All. Key Moments: 05:39 Importance of interpersonal skills 08:08 Construction security and recent projects 11:46 Challenges in AEC industry adoption 19:30 Importance of disaster recovery 20:31 Discussing costs of business interruptions 24:06 RFP process and bid management 27:25 Complexity of building projects 32:02 FBI investigation triggers and readiness 36:55 Managing complex building assets 39:37 Choosing durable equipment and future tech 42:01 Understanding OT data for security About the guest : Lee Carsten’s journey in technology began in the era of punch cards - painstakingly sorted and fed into compilers, where a single fumble could mean hours' worth of work undone. Lee studied COBOL in college, envisioning a future as a programmer. That path nearly led to Walmart, where Lee’s mother worked on the company’s pioneering buyer decision support system under Randy Mott. While the family connection and an offer from Kevin Turner to join a new team were tempting, Lee ultimately decided against moving to Bentonville and working for $18,000 annually. This early exposure to large-scale business technology, combined with pivotal career choices, shaped Lee Carsten’s perspective on IT and the evolving world of software development. How to connect Lee: https://www.linkedin.com/in/leecarsten/ Website: https://whitecaprisk.com/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: [email protected] Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.you...
Breaking Into OT Cybersecurity: Closing the Skills Gap and Protecting Critical Infrastructure
The biggest challenge in OT cybersecurity isn’t just technology - it’s people. In this episode of Protect It All, host Aaron Crow sits down with Mike Holcomb to explore one of the most urgent issues facing the industry today: the growing skills gap in OT and ICS cybersecurity. Mike shares his journey from IT into operational technology security and breaks down why more professionals are needed to defend the systems that power energy, manufacturing, and critical infrastructure worldwide. This conversation goes beyond awareness - it’s about practical pathways into the field and how the community is stepping up to make OT cybersecurity more accessible. You’ll learn: Why OT cybersecurity is one of the most in-demand and underserved fields How to transition from IT to OT cybersecurity The biggest barriers newcomers face - and how to overcome them What foundational skills and controls matter most in ICS environments The role of community initiatives like BSides ICS in closing the gap Why training, mentorship, and collaboration are critical for the future Whether you’re looking to break into cybersecurity, pivot your career, or build stronger teams, this episode delivers actionable guidance and inspiration from someone actively shaping the future of OT security. Tune in to learn how to build a career while helping protect the infrastructure the world depends on - only on Protect It All. Key Moments: 03:07 Getting started in cybersecurity 06:33 Early passion for cybersecurity 11:54 Hurricane Katrina aftermath discussion 15:50 Awareness and education on OT security 17:49 First experiences with GRID class 25:07 Early challenges in OT cybersecurity 29:17 Importance of effective communication 35:11 Global expansion of cybersecurity events 39:52 Building a foundation in OT cybersecurity 43:36 Excitement for new CompTIA exam 46:48 Expressing appreciation for community involvement About the guest: Mike Holcomb is an independent consultant focused on OT/ICS cybersecurity and an educational content creator. Prior to supporting clients full-time through UtilSec, he was the Fellow of Cybersecurity and the OT/ICS Cybersecurity Global Lead for one of the world’s largest engineering and construction companies, providing him with the opportunity to work in securing some of the world’s largest OT/ICS environments, from power plants and commuter rail to manufacturing facilities and refineries. As part of his community efforts, Michael founded the BSidesICS/OT with multiple events planned globally in 2026. He has his master’s degree in OT/ICS cybersecurity from the SANS Technology Institute. Additionally, he maintains cyber security and OT/ICS certifications such as the CISSP, GRID, GICSP, GCIP, GPEN, GCIH, ISA 62443, and more. He was awarded the SANS Difference Maker Award for Practitioner of the Year: ICS/OT Defender for 2025 and BEER-ISAC's Community Builder Award for 2026. He posts regularly on LinkedIn and YouTube to help others learn more about securing OT/ICS and critical infrastructure. How to connect Mike: Main Site: mikeholcomb.com LinkedIn: linkedin.com/in/mikeholcomb YouTube: youtube.com/@utilsec Instagram: instagram/_mikeholcomb/ Newsletter: utilsec.kit.com/95e31307f7 BSidesICS/OT: bsidesics.org Connect With Aaron Crow: Webs...
OT Risk Management That Works: Asset Visibility, Risk Quantification & CISO-Level Strategy
You can’t manage risk you can’t measure - or even see. In this episode of Protect It All, host Aaron Crow sits down with Nicholas Friedman to explore how organizations can move beyond compliance and build real, measurable cybersecurity programs across IT and OT environments. With experience spanning banking, aerospace, and critical infrastructure, Nicholas shares how risk management principles translate across industries - and why understanding business context is critical to protecting operational systems. This conversation dives into one of the biggest challenges in OT today: asset visibility and risk quantification. From outdated spreadsheets to modern automation, Aaron and Nicholas break down what it actually takes to understand exposure, justify investment, and communicate risk at the board level. You’ll learn: Why asset inventory is the foundation of OT security How to move from compliance checklists to real risk reduction The importance of risk quantification for CISOs and executives How to communicate cybersecurity in business and financial terms The role of automation and knowledge transfer in scaling security programs Lessons from banking and aerospace applied to utilities and critical infrastructure Whether you’re leading a cybersecurity program, managing OT environments, or presenting to the board, this episode delivers practical strategies to align security with business value and measurable outcomes. Tune in to learn how to turn cybersecurity into a risk-driven, business-aligned strategy - only on Protect It All. Key Moments: 05:14 Understanding business risk basics 08:40 Building effective OT cybersecurity teams 13:26 Challenges with aging IT and OT systems 14:19 Organizing IT and OT assets 18:31 Understanding OT and IT risks 21:53 Evaluating security risks and priorities 25:31 Improving asset deployment and management 29:14 Evaluating and prioritizing risks 31:12 Shifting focus to success plans 35:59 Selling tech that delivers results 37:22 Hands-on approach to cybersecurity 42:39 Challenges with NERC audit processes 44:47 Balancing compliance and security 49:45 Challenges in power utility operations 51:55 AI, OT, and risk management 56:31 Importance of early compliance planning About the guest : Nicholas Friedman is an enterprise risk and governance leader with 25+ years of experience across Fortune 500 companies and government sectors. He specializes in integrated risk management, compliance, and AI governance - helping organizations build scalable frameworks that align security, risk, and business resilience. How to connect Nicholas Friedman : Linkedin : https://www.linkedin.com/in/nicholasfriedman/ Website : https://www.templarshield.com/ Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: [email protected] Website: https://protectitall.co/ X: https://twitter.com/protectitall
100 Episodes of Protect It All: Aaron Crow’s Journey Through IT, OT & Cybersecurity
In this special milestone episode of Protect It All, host Aaron Crow steps away from the usual format to share his personal journey - from early days working with PLCs at a kitchen table to building a platform that connects and educates cybersecurity professionals around the world. This episode is more than a reflection - it’s a story of persistence, curiosity, and community. Aaron walks through the evolution of IT and OT cybersecurity, the lessons learned from decades in the field, and how conversations with experts across 100 episodes have shaped his perspective on what it truly means to “Protect It All.” You’ll hear: How Aaron’s career in IT and OT began - and what kept him going The biggest lessons learned across 30+ years in cybersecurity What building a podcast taught him about community and leadership How the industry has evolved - and what still hasn’t changed Why relationships and shared knowledge matter more than ever What’s next for the future of cybersecurity and the podcast Whether you’ve been listening since episode one or you’re just discovering the show, this episode offers inspiration, perspective, and a deeper look behind the mic. Tune in to celebrate 100 episodes and the journey of protecting what matters most - only on Protect It All. Key Moments: 04:12 Early tech projects and hobbies 09:31 First tech job setting up classrooms 11:20 Getting certified in IT 16:49 Early career in power and cybersecurity 18:08 Building a versatile IT team 24:23 Starting the cybersecurity podcast journey 26:28 Feeling recognized in the podcast world 29:22 Getting started in cybersecurity Connect With Aaron Crow: Website: www.corvosec.com LinkedIn: https://www.linkedin.com/in/aaronccrow Learn more about PrOTect IT All: Email: [email protected] Website: https://protectitall.co/ X: https://twitter.com/protectitall YouTube: https://www.youtube.com/@PrOTectITAll FaceBook: https://facebook.com/protectitallpodcast To be a guest or suggest a guest/episode, please email us at [email protected] Please leave us a review on Apple/Spotify Podcasts: Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124 Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4
SUBSCRIBE EVERYWHERE
Or follow the RSS feed and listen wherever. Full directory at protectitallpod.com.
Have a guest in mind?
We're listening.
Pitches for guests, topics, or war stories worth telling.