In this session, Rob King (runZero) is joined by Patrick Gillespie and Mary Gannon from GuidePoint Security to explore the complex world of Operational Technology (OT) security in an increasingly converged environment. The discussion focuses on the unique challenges of securing industrial systems — such as those found in manufacturing and mining — where legacy hardware like Windows 98 and even Windows 3.1 is still in active use. The speakers emphasize that while convergence offers business benefits like real-time data and remote work capabilities, it also introduces significant safety risks that must be managed through a shared responsibility model between IT and OT teams.
A key takeaway is the critical importance of asset discovery and inventory. Many OT organizations lack a clear understanding of what is on their networks, a problem often rooted in cultural divides where the teams responsible for security do not own the physical assets. The experts highlight that in OT, priorities are flipped: whereas IT focuses on data confidentiality, OT prioritizes safety and availability. This means traditional IT practices like immediate patching are often impossible, as shutting down a system could have life-or-death consequences for the people on the plant floor.
Watch more sessions from runZero Day
| Session Title | Guests | |
|---|---|---|
| Watch Session | A CVE quagmire: Quality versus quantity | Jerry Gamblin, RogoLabs |
| Watch Session | Predicting exploitation: A practitioner's guide | Jay Jacobs, Empirical Security |
| Watch Session | Signal vs slop: Journalists on the evolution of research-driven reporting | Bill Brenner, CYBER.SEC.Community Dennis Fisher, Decipher Steve Ragan, 1Password |
| Watch Session | On the frontlines of investigative journalism in cybersecurity: An insider's perspective | Joseph Menn, Author & Investigative Journalist |
| Watch Session | From risk to resilience: Navigating OT security in a converged world | Mary Gannon, GuidePoint Security Patrick Gillespie, GuidePoint Security |
| Watch Session | Force multiplied: Community-powered vuln detection | Rishi Sharma, ProjectDiscovery |
| Watch Session | Mute the sirens: Prioritizing vulnerability noise | Mark Lambert, ArmorCode |
| Watch Session | The network edge: EOL and exploitation | Kimber Duke, VulnCheck Patrick Garrity, VulnCheck |
| Watch Session | Bug bounties in the age of AI | Casey Ellis, Bugcrowd |
| Watch Session | Perimeters and pathways: Protecting the complete attack surface | HD Moore, runZero Jared Atkinson, SpecterOps Zakir Durumeric, Censys |
| Watch Session | The infinite eye: How AI threat intelligence gives defenders an asymmetric edge | HD Moore, runZero Jonathan Cran, Mallory |
Meet Our Speakers
Rob King
Director of Applied Research, runZero
Patrick Gillespie
OT Practice Lead - Guidepoint Security
Get the latest news and expert insights delivered in your inbox.
