Ep. 029 - Cybersecurity Shouldn’t Suck: Fixing the Real Problems with Tom Sego

00:00:20 Kristin Demoranville

Welcome back.

00:00:21 Kristin Demoranville

To another episode of the award-winning bites and Bit.

00:00:25 Kristin Demoranville

I'm your host, Kristin Demoranville. And today we're talking about something we all can secretly agree on.

00:00:32 Kristin Demoranville

Cyber security shouldn't suck. Joining me today is Tom Sego, a cyber security leader with a wildly diverse background.

00:00:41 Kristin Demoranville

He's done everything from chemical engineering to working at Apple to professional.

00:00:46 Kristin Demoranville

Player to wine importing and now he's tackling the challenge of making security work for critical infrastructure. In this episode, we will be covering why security is harder than it needs to be and what's making it so frustrating.

00:01:00 Kristin Demoranville

How trust and usability are just as important as firewalls and risk reports, and why the best security is the kind that people actually want to use.

00:01:09 Kristin Demoranville

Oh, and if you love food stories, stick around because Thomas incredible ones from hunting down pastries in France to unexpected wine discoveries.

00:01:17 Kristin Demoranville

Let's get into it.

00:01:20 Kristin Demoranville

Well, as always, we're going to start with the traditional questions of the favorite food and favorite food memory. Go ahead, Tom.

00:01:28 Kristin Demoranville

Then we'll do the introductions after, OK.

00:01:30 Tom Sego

Well, my favorite food.

00:01:31 Tom Sego

It depends on the.

00:01:32 Tom Sego

Sometimes I think this last week my favorite food was a Dungeness crab sandwich on a brioche bun from Gotts which.

00:01:41 Tom Sego

Sexual. I mean, it was so amazing. Yeah.

00:01:43 Kristin Demoranville

OK.

00:01:44 Tom Sego

Hot. And then I think I think the other one that's very salient maybe two months ago, I got this recipe from one of my colleagues at blast waves and we have a food channel and so we share pictures of food and we share.

00:02:00 Tom Sego

Recipes with each other and it's the most it's the number one channel on our work site.

00:02:04 Tom Sego

Believe it or not, what is?

00:02:05 Kristin Demoranville

It like to Slack channel.

00:02:07 Tom Sego

It's a slack channel.

00:02:08 Tom Sego

And so we, one of my colleagues shared this recipe for a mushroom Wellington.

00:02:14 Tom Sego

With.

00:02:15 Tom Sego

Goat cheese. And it was just incredible.

00:02:16 Kristin Demoranville

OK.

00:02:18 Tom Sego

It was incredible and I made it for my wife and a friend of ours again.

00:02:23 Tom Sego

Time and it was amazing.

00:02:24 Tom Sego

Was just so rich.

00:02:26 Kristin Demoranville

So you have two current.

00:02:27 Kristin Demoranville

Fixations, which is.

00:02:29 Kristin Demoranville

That's great and favorite food memory, OK.

00:02:32 Tom Sego

So this this is.

00:02:33 Tom Sego

Be these are gonna be two stories.

00:02:35 Tom Sego

So the first story was me when I was 13 years old, traveling for the first time out of the country to France and.

00:02:42 Tom Sego

Dad took me and my two of my brothers and we essentially bought bicycles in.

00:02:48 Tom Sego

We flew to Luxembourg, bought bicycles, and we had backpacks, and so we biked around France for six weeks and very early on, maybe a weekend, I discovered French pastry, and specifically the Napoleon and I.

00:03:04 Tom Sego

In this incredible pastry in the cake.

00:03:06 Kristin Demoranville

Peace.

00:03:06 Tom Sego

And thinking how do I get my hands on some of those?

00:03:08 Tom Sego

And it's because we were camping that night at all these campsites, people they drank beer and wine and stuff, and they had all these bottles. And so I was collecting bottles, returning bottles for 25 centine, which I think it was like 4 francs to a dollar back.

00:03:22 Tom Sego

This isn't for the euro and and so I was collecting bottles, turning them in and.

00:03:27 Tom Sego

Are.

00:03:28 Tom Sego

I'll still remember.

00:03:29 Tom Sego

Enough bottles to turn into French francs to turn into Napoleons, and the Napoleon was just.

00:03:37 Tom Sego

And I still remember that shot that should store that I bought the first Napoleon and the entire trip.

00:03:43 Tom Sego

All I did.

00:03:44 Kristin Demoranville

Entrepreneur spirit early on. That's amazing.

00:03:44 Tom Sego

Amazing source of fuel. Yes, exactly.

00:03:47 Kristin Demoranville

Oh, that's funny. That's awesome.

00:03:48 Tom Sego

Yeah, I think about the fact it was entrepreneurial.

00:03:51 Tom Sego

I just thought I.

00:03:52 Tom Sego

Pastry. I'm gonna get it.

00:03:54 Tom Sego

So I was very food oriented, food motivated. The second one was also a trip, believe it or not, my girlfriend at the time and I were in Turkey in 2003 and we had, I think this is this is yeah, this is after I proposed to her.

00:04:00 Kristin Demoranville

Mm.

00:04:11 Tom Sego

By the way, on this trip and so we.

00:04:14 Tom Sego

Side of a town called.

00:04:16 Tom Sego

And there was a small village about 3 miles away. That was kind of done for day trips, and so you'd have these buses take people from Ephesus and they go to syringe.

00:04:25 Tom Sego

The name of the place and my my girlfriend fiance now had booked a place for us to stay in this small village.

00:04:33 Tom Sego

So we, you know, take one of the buses in, it's about 4.

00:04:37 Tom Sego

And we arrive and it's just teen with.

00:04:39 Tom Sego

There's all kinds of markets going on and everything and at about 5:00, we're settling into our hotel, which overlooks this village and all of a sudden we see everybody leave.

00:04:47 Tom Sego

All this is this was for day trips, so all the buses left and we're essentially.

00:04:52 Tom Sego

Left with the locals awesome. And if I have my first experience of rocky at the time and then we're looking for a place to eat dinner and everything is closed and that there was a very highly rated place called Aunt Permanence that we found on the map. But.

00:04:52 Kristin Demoranville

Xbox.

00:05:08 Tom Sego

Looked like it was.

00:05:09 Tom Sego

We knocked on the door. It turned out to be.

00:05:11 Tom Sego

Living room and she.

00:05:13 Tom Sego

We're open, but we're open.

00:05:14 Tom Sego

And so she almost like, you know.

00:05:17 Tom Sego

The best Marigold Hotel or something? She runs to the back deck, slips on all these Serie lights, and then sits us down at this table, hands US 2 menus. We're by ourselves.

00:05:29 Tom Sego

Just turned it on and.

00:05:31 Tom Sego

I end up ordering a dish called Monte which is like a it's a lamb dumpling with.

00:05:37 Tom Sego

Yogurt and chili.

00:05:39 Tom Sego

And that was just an incredible experience.

00:05:42 Kristin Demoranville

What's?

00:05:42 Tom Sego

It was amazing.

00:05:43 Kristin Demoranville

Oh, it's so good, that's.

00:05:45 Kristin Demoranville

That's probably one of the best memories stories I've heard.

00:05:48 Kristin Demoranville

No offense to all the guests of comfort.

00:05:49 Tom Sego

I've got more where?

00:05:50 Kristin Demoranville

For you come after.

00:05:50 Kristin Demoranville

That came from.

00:05:51 Kristin Demoranville

I'm sure you do.

00:05:52 Kristin Demoranville

Sure you do.

00:05:54 Kristin Demoranville

I'm going to let you introduce yourself and then I will explain to listeners how we met because it does involve food.

00:05:59 Tom Sego

I am.

00:06:00 Tom Sego

The Co founder and CEO of Blast Wave, which is a cybersecurity company that protects critical infrastructure.

00:06:06 Tom Sego

The types of industrial control systems that make real things and protect us, you know, create drinking water. They process sewage, they create power, energy, etc.

00:06:18 Tom Sego

Our mission is to protect those kinds of systems.

00:06:21 Tom Sego

They're under assault today, but my background is I was a chemical engineer.

00:06:26 Tom Sego

I grew up in the Midwest and I started my.

00:06:29 Tom Sego

Career at Caterpillar and I did sound suppression engineering there and I moved on to spend 8 years at Eli Lilly where I got exposed to this three letter agency called the FDA.

00:06:40 Tom Sego

And I got exposed to all of the regulations related to the FDA through pharmaceutical manufacturing lens and just came to love manufacturing.

00:06:51 Tom Sego

Trip to Archer Daniels Midland to see how these rail cars full of corn from nearby farms were converted to syrup and other kinds of products, and that was a.

00:07:01 Tom Sego

Changing.

00:07:02 Tom Sego

Just that one day tour of Archer Daniels Midland in Decatur, IL, was just incredible to see.

00:07:08 Tom Sego

The hard work that farmers.

00:07:13 Tom Sego

To feed us and then looking at the supply chain and how that gets processed and turned into goods that eventually end up on grocery.

00:07:20 Tom Sego

Well, that's just an almost a magical process.

00:07:23 Kristin Demoranville

To me it is.

00:07:23 Tom Sego

And so I I spent eight years at Eli Lilly and then I went to Business School and decided I wanted to try to have a bigger impact.

00:07:31 Tom Sego

And and then I went to Alta Vista. I did.

00:07:34 Tom Sego

So I went to to Emerson.

00:07:36 Tom Sego

And I did process control. It was like Emerson had a division called Fisher Rosemount, which did process controls for food and beverage and pharmaceutical and other kinds of plants.

00:07:47 Tom Sego

I did corporate strategy and business development there and then I went to ultimate product management, then I spent.

00:07:52 Tom Sego

Here's an apple and I ended up writing worldwide sales support there, and that was a very transformational experience.

00:07:58 Tom Sego

It's really colored the way I view cyber security today. I feel it's too.

00:08:01 Tom Sego

Complex and the best thing that we can do is to make it simple. If we can make it simple and secure, that's what people need.

00:08:05 Kristin Demoranville

Great.

00:08:09 Tom Sego

Don't.

00:08:09 Tom Sego

Secure and a.

00:08:10 Tom Sego

They need simple and secure, so I'm not going to digress there, but and then I started my entrepreneurial career. Once I realized that the pace at which I wanted to operate the things I wanted to get done, I felt constrained.

00:08:22 Tom Sego

Apple and Apple is a great company. I love apple.

00:08:25 Tom Sego

Great people, great products, but I knew I needed to do my own thing and vent.

00:08:31 Tom Sego

Partnered with somebody who knew what they were doing.

00:08:33 Tom Sego

Kind of the adult supervision who had been an entrepreneur for 15 years, learned the ropes somewhat through that process, and that was a mobile telephony company which is still around today.

00:08:42 Tom Sego

Get an acquisition, which was fun.

00:08:44 Tom Sego

Then I started my own solar storage company to store solar energy because I felt like that was a big.

00:08:50 Tom Sego

Missing link to allowing us to generate more energy domestically and also to help reduce greenhouse gases. And then the price of natural gas cratered.

00:09:01 Tom Sego

Made that business very difficult.

00:09:03 Tom Sego

Then I started a wine importing business, which was fun, educational but extremely challenging. The wine industry is very competitive.

00:09:12 Tom Sego

The margins are.

00:09:13 Tom Sego

And then I was reading Wired magazine and reading about Kim Zetter article around the electric grid hack of Ukraine. And this was in 20.

00:09:23 Tom Sego

16/20/15 and it was like a lightning bolt hit my head.

00:09:27 Tom Sego

It was kind of coalescing.

00:09:29 Tom Sego

That all that manufacturing experience I'd had where I saw what industrial control systems looked like, I saw how vulnerable they were.

00:09:37 Tom Sego

And I realized that I need to dedicate the rest of my life to solving this problem.

00:09:42 Tom Sego

Because it's just that important.

00:09:44 Tom Sego

I did leave out the part where I played professional poker for three.

00:09:47 Tom Sego

But which was this fun?

00:09:48 Kristin Demoranville

At this point I was expecting to say something like yes and I followed Jack Cousteau shadow and I was discovering creatures in the ocean because, like you basically said, every.

00:09:57 Kristin Demoranville

That would bleed up to.

00:09:58 Kristin Demoranville

That yes, the Otcs.

00:10:01 Kristin Demoranville

Because it is a noble cause and it is important and critical to use the same term, we always do in terms of fulfillment in general than just being in cyber.

00:10:11 Kristin Demoranville

Again, I I love our our cyber people around us, but it's a different vibe when it's not just about data, it's about safeguarding lives, right it.

00:10:20 Kristin Demoranville

Thank you.

00:10:20 Kristin Demoranville

You do? Yeah.

00:10:21 Tom Sego

Yeah. And I feel that there may be other industries like this, but it's one of the few industries where I feel like we are all on one team as defenders.

00:10:32 Tom Sego

A community of people who I even created what's called the OT Zero Trust Alliance to help facilitate more sharing more thought leadership collectively that.

00:10:42 Tom Sego

Benefit our customers as opposed to helps us individually as vendors because that Community aspect is something that I just feel deeply.

00:10:50 Tom Sego

My core.

00:10:51 Kristin Demoranville

Yeah, I definitely agree with the Community aspect.

00:10:53 Kristin Demoranville

I think it's the best community in cyber security and I am biased and I don't care. I'll say it.

00:10:59 Kristin Demoranville

So and I do think there's plenty of complimentary type industries that fit this. So like food safety, food, defense, very much. I come from a long line of firefighters.

00:11:07 Kristin Demoranville

Yeah.

00:11:10 Kristin Demoranville

Any type of civil service, generally speaking, that's under this, especially in the life saving aspect, whether it's a paramedic or it's a firefighter, it's police officer, anything that.

00:11:18 Kristin Demoranville

I think they understand that it's not just about certain things, it's about life.

00:11:23 Kristin Demoranville

Yeah, definitely resonate with all that you just said, Tom.

00:11:26 Kristin Demoranville

And then we met at a conference this past year of 2024 and we actually met while we were holding our lung lights. Ironically, and you started talking to me about wine, and we completely darted out about wine for, I don't know, 30 minutes or something.

00:11:40 Kristin Demoranville

And I adored it.

00:11:41 Kristin Demoranville

I I love talking about wine because it's such a really interesting field to go into first of.

00:11:47 Kristin Demoranville

And also it's so telling what a glass of wine or a bottle of wine has is and the soil, the climate, the people.

00:11:52 Tom Sego

Yeah.

00:11:52 Kristin Demoranville

And that's why I like it's not just to drink, to drink or enhance your food.

00:11:56 Kristin Demoranville

About the story.

00:11:57 Kristin Demoranville

The bottle for me and I.

00:11:58 Tom Sego

Yeah, it's a story of the.

00:12:00 Tom Sego

It's the story of the in some cases it's it's it's. I mean, it's many cases multigenerational, it's.

00:12:06 Kristin Demoranville

Yeah.

00:12:06 Tom Sego

It's about the land. It's about the the sweat.

00:12:07 Kristin Demoranville

Or that's like, yes, we're not in the model, but yes.

00:12:12 Kristin Demoranville

Hopefully.

00:12:14 Kristin Demoranville

No, no. But I also love it too, because some of these these particular grapevines have been around for decades, that they are very resilient little plants, but also very temperamental and don't like certain things.

00:12:24 Kristin Demoranville

I I love that you can have wine in one region and it's entirely different in another and it's the same variety of grape.

00:12:29 Kristin Demoranville

And we.

00:12:30 Kristin Demoranville

Discussed about how we're not into necessarily the brand names of wine.

00:12:35 Kristin Demoranville

When people.

00:12:35 Kristin Demoranville

Us what our favorite wine is? I answer was my favorite grape.

00:12:38 Kristin Demoranville

Don't answer with my favorite wine.

00:12:39 Kristin Demoranville

Maybe bridal if I'm feeling a little salty that day, but also we discussed how champagne versus Grover Champagne.

00:12:46 Kristin Demoranville

I like.

00:12:47 Kristin Demoranville

Champagne House is great, though. I would totally go for.

00:12:50 Kristin Demoranville

And always going to stop me from that bottle of Don, period.

00:12:53 Kristin Demoranville

But I do like grower.

00:12:55 Kristin Demoranville

I just like the idea that it came from them and yeah, it didn't just get put into a larger house that we all know. If anybody wants more information about wine, just, you know, hit us both up.

00:13:04 Kristin Demoranville

Start being completely nerdy about that some other time.

00:13:09 Kristin Demoranville

We found our episode on Agroterrorism featuring the Animal Agricultural Alliance insightful.

00:13:16 Kristin Demoranville

Here's another opportunity to explore more important conversations about our food system.

00:13:21 Kristin Demoranville

And if you haven't already listened to that episode yet, I would highly recommend it.

00:13:25 Kristin Demoranville

Speaking of important conversations, inspiration comes in countless forms.

00:13:29 Kristin Demoranville

It's a thought, a conversation, a connection, a chain reaction.

00:13:34 Kristin Demoranville

We never know exactly how inspiration will hit, but we do know this when ideas and perspectives are shared across the table. They don't just add, they multiply.

00:13:45 Kristin Demoranville

At the animal.

00:13:46 Kristin Demoranville

Egg Alliance 2025 stakeholder summit happening April.

00:13:51 Kristin Demoranville

30th through May 2nd in Arlington, VA.

00:13:54 Kristin Demoranville

Hundreds of food chain partners will come together, tackle one of the biggest topics in the industry, sustainability. This year's theme, food for thought.

00:14:04 Kristin Demoranville

Dishing on sustainability.

00:14:07 Kristin Demoranville

It's all about bringing together a diverse group of decision makers from farms and ranches to restaurants and retailers to discuss the future of how we raise and distribute animal protein with a dash of innovation and a heaping serving of collaboration.

00:14:24 Kristin Demoranville

Summit is where meaningful conversations happen, shaping the.

00:14:28 Kristin Demoranville

Far Foo system for generations to come.

00:14:30 Kristin Demoranville

Registered by April 25th to reserve your.

00:14:33 Kristin Demoranville

At the table.

00:14:34 Kristin Demoranville

For more details, visit animalagalliance.org or check out the link in the show notes.

00:14:43 Kristin Demoranville

But let's talk a little bit about blast wave because that I mean, if you look at your career in terms of your trajectory and how you got there, but what made you start actual blast wave other than this article that you read and it was just you know?

00:14:56 Kristin Demoranville

Profound moment for you?

00:14:57 Kristin Demoranville

I'm really interested because founding.

00:14:59 Kristin Demoranville

An industrial.

00:15:00 Kristin Demoranville

Controls security company speaking from experience, is kind of wild.

00:15:06 Kristin Demoranville

And.

00:15:06 Kristin Demoranville

I love to hear your journey.

00:15:07 Kristin Demoranville

That.

00:15:08 Tom Sego

Well, I think it also it's emblematic of aspect of my personality, which is I just have a tremendous amount of curiosity and I just go down rat holes and I when I go down these rat holes, I'll spend 3 months, six months, sometimes longer and research things to.

00:15:24 Tom Sego

Point where I'm trying to figure out why can't this.

00:15:27 Tom Sego

Solved or what? What?

00:15:29 Tom Sego

Problem here can I think in the case of cybersecurity, it was after I'd played poker professionally. And so this idea of an adversary was very interesting relative to most industries.

00:15:42 Tom Sego

Industries. You have vendors who are competing with one another on either.

00:15:46 Tom Sego

Price, quality or service or some form of fashion.

00:15:48 Tom Sego

They don't have an.

00:15:49 Tom Sego

They don't have a third party that's trying to beat all of them and punish their customers. And that presence of an adversary.

00:15:58 Tom Sego

Who swarmed these has very sophisticated tools.

00:16:03 Tom Sego

Who increasingly is using AI more effectively offensively than what the defenders can use AI for.

00:16:10 Tom Sego

So that aspect of the adversary, I think makes it somewhat unique to other industries, and it presents a level of challenge. And so anyway, as I was down this rat hole, I just.

00:16:21 Tom Sego

To get this thesis that the problem with cyber security is not the technology, the problem with cyber security is a human and if we approach this from a human centric view, looking at first principles and figuring out what.

00:16:34 Kristin Demoranville

Remove.

00:16:38 Tom Sego

When you go and catalog a.

00:16:40 Tom Sego

Accidents that.

00:16:41 Tom Sego

Incidents that occur in OT very.

00:16:44 Tom Sego

Almost all of them are the result of some human action or human inaction.

00:16:49 Tom Sego

It's either someone clicking on a link in a phishing e-mail or it's someone sharing usernames and passwords on a sticky note on an HMI in a control room.

00:16:59 Tom Sego

Or it's a misconfigured firewall.

00:17:01 Tom Sego

Or it was configured correctly by the IT group and then conditions on the ground changed and those firewall rules created conflict and then that led to people to then lower their defenses because the people couldn't get their work done.

00:17:15 Tom Sego

And that led to profits.

00:17:16 Tom Sego

So it was this realization that you've got the human adversary and you have.

00:17:21 Tom Sego

User who oftentimes when they face friction, they're looking for workarounds.

00:17:26 Tom Sego

And so I.

00:17:27 Tom Sego

Man, I spent the first decade of my career learning about how to make stuff in factories and in the second part of my career was at Apple trying to make things simple and boil down complexity.

00:17:38 Tom Sego

I just.

00:17:39 Tom Sego

Like I'm at this Nexus of these two.

00:17:42 Tom Sego

I.

00:17:42 Tom Sego

Had the privilege of spending a lot of time.

00:17:45 Tom Sego

With the operators, the superintendents, the engineers, the people who do this kind of hard work and I just felt like I was in a place where.

00:17:54 Tom Sego

Could actually make a difference.

00:17:56 Kristin Demoranville

Of that, the human centric is also another reason why you and I5 really well 'cause I'm the same mentality technology.

00:18:02 Kristin Demoranville

Screw.

00:18:02 Kristin Demoranville

We screw up.

00:18:03 Kristin Demoranville

So whether it's intentional or unintentional and I I think This is why I really love working with the food defense teams and I know you're gonna resonate with this is because.

00:18:14 Kristin Demoranville

They're looking at that same aspect, but just.

00:18:16 Kristin Demoranville

On the food part.

00:18:18 Kristin Demoranville

And how I love how now they see cybersecurity as a partner in that journey.

00:18:23 Kristin Demoranville

Everything is digital.

00:18:24 Kristin Demoranville

The equipment that makes the food, the equipment that brings the food in and.

00:18:28 Kristin Demoranville

The equipment depicts and harvests the food, everything it comes back down to technology, and I think a lot of people are really hung up on AI.

00:18:34 Kristin Demoranville

Which is fine, rightfully.

00:18:35 Kristin Demoranville

This, you know the new shiny, if you will, in some ways.

00:18:38 Kristin Demoranville

It's not really that new.

00:18:39 Kristin Demoranville

It's just a new way. Branding it too well and I think we play so much defense.

00:18:46 Kristin Demoranville

There's not a lot of offense and there's our adversary there always 10 steps ahead of us, a lot of times and we're playing catch up just to make sure they don't get in the door that when these human centric type behaviors cause a problem in OT and I.

00:18:59 Kristin Demoranville

It's really detrimental because it's just one more thing that we have to deal with and This is why I say a lot of times the cyber security is really about social engine.

00:19:07 Kristin Demoranville

Mitigating shame.

00:19:08 Kristin Demoranville

Humans were doing that are trying to just do their job and go home to their families. And the idea for OT and ICS is to make sure they get home. We want them to get home.

00:19:17 Kristin Demoranville

Don't want to.

00:19:17 Tom Sego

Absolutely.

00:19:18 Kristin Demoranville

I am terrified of the day and it's going to happen when a CISO has to admit that a cyber security incident caused a food issue, a food recall, a food.

00:19:30 Kristin Demoranville

And people couldn't go home that.

00:19:32 Kristin Demoranville

That is going to be the worst moment for a CISA because right now, they're very focused on data and.

00:19:32 Tom Sego

Yeah.

00:19:36 Kristin Demoranville

Time. Rightfully so.

00:19:38 Kristin Demoranville

I get that.

00:19:38 Kristin Demoranville

There's a whole lot of.

00:19:40 Kristin Demoranville

There's a whole lot of things if you had privacy into the mix, there's a whole other side to that.

00:19:44 Kristin Demoranville

The fact that Acso will have to stand.

00:19:47 Kristin Demoranville

And.

00:19:47 Kristin Demoranville

Someday it's just because of a cyber attack.

00:19:50 Kristin Demoranville

OT or an it or whatever it was that's going to be really sad day for our industry and I would like to not.

00:19:55 Kristin Demoranville

Would like to.

00:19:56 Kristin Demoranville

On the side of proactive, right?

00:19:58 Kristin Demoranville

And keep pushing that we have to.

00:20:00 Kristin Demoranville

Keep doing the right things.

00:20:01 Tom Sego

This is.

00:20:01 Kristin Demoranville

We're still figuring out as we go.

00:20:03 Kristin Demoranville

I mean, Tom, this is still like the the plane being built while we're.

00:20:06 Kristin Demoranville

The air kind of vibe, right?

00:20:07 Tom Sego

Totally, yeah.

00:20:08 Kristin Demoranville

Yeah.

00:20:08 Tom Sego

Well, I was also thinking you bring up safety. One thing I left out of my bio is that I was also became a certified safety professional when I was at Eli Lilly and I ran safety programs and.

00:20:20 Tom Sego

Back to cyber security, because my thinking back then was looking at the human, both the human behaviors but more import.

00:20:29 Tom Sego

What were the antecedents, the things that human beings would think about that would lead to an unsafe or at risk behavior? And could we design out those risks and so that proactive approach of trying to design out risks, eliminate entire categories of risks if possible?

00:20:47 Tom Sego

Is exactly the fundamental first principle that we put in place at Blast wave, which is can we engineer out the risk of?

00:20:56 Tom Sego

Let's say social engineering and fishing, because again, I don't want to talk too much about our product, but we we eliminate fishing as a risk category because there are no user names and passwords and we fundamentally tried to make this as easy as Apple.

00:21:09 Tom Sego

So the.

00:21:09 Tom Sego

Was just to make it again. Simple and secure.

00:21:12 Kristin Demoranville

Yeah, it's just a hard thing because we don't have the attention spans that we used to.

00:21:17 Kristin Demoranville

Aren't willing to sit there and figure it out.

00:21:18 Kristin Demoranville

I know Apple is amazing and I feel like the US still hasn't completely grabbed onto it. If you go to Europe, everything's.

00:21:25 Kristin Demoranville

For.

00:21:26 Kristin Demoranville

Most part, except for those small little villages where you have to have cable.

00:21:29 Kristin Demoranville

And I I love.

00:21:30 Kristin Demoranville

And actually, we were just talking about this after a trip to the UK recently that I didn't take my card out once.

00:21:35 Kristin Demoranville

I just paid on Apple Pay the entire time I was there and I feel like adoption is slow, especially in fruit and AG, because.

00:21:44 Kristin Demoranville

Trust is a real big problem.

00:21:45 Kristin Demoranville

Yeah, you have to earn your right into these places.

00:21:48 Kristin Demoranville

Same with some of the utilities as well, right?

00:21:50 Kristin Demoranville

So.

00:21:51 Kristin Demoranville

I always say that you know food and ag and water are the kids table. We have to fight for our right to get to the big table, even though I.

00:21:57 Tom Sego

So.

00:21:58 Tom Sego

Why do you think I know you're the interviewer, but?

00:22:00 Tom Sego

Why do you think that trust has been either slow to build with the security community and the food industry?

00:22:08 Tom Sego

What's getting in the?

00:22:09 Tom Sego

Of that.

00:22:09 Kristin Demoranville

I think it's like a.

00:22:10 Kristin Demoranville

About the industry.

00:22:11 Kristin Demoranville

I think that's one of the big things. If you don't talk the talk or walk the walk properly, I'll give you a good example.

00:22:17 Kristin Demoranville

Same conference that we were at, I happen to sit at 1:00.

00:22:20 Kristin Demoranville

So it's denoted full production table and of course nobody sitting there was from food except for a couple gentlemen that were from the well known company.

00:22:28 Kristin Demoranville

Not going to say.

00:22:29 Kristin Demoranville

But you've probably in the food and I purposes sat next to them because they have their little T-shirts on.

00:22:34 Kristin Demoranville

Were branded, so it was very obvious who they were.

00:22:37 Kristin Demoranville

I said, hey, how you?

00:22:38 Kristin Demoranville

Tell me about what your production like is.

00:22:41 Kristin Demoranville

I really was interested because I'm just like you, Tom.

00:22:44 Kristin Demoranville

Curious. And I'm gonna ask crazy questions.

00:22:46 Kristin Demoranville

So we got chatting and had this really great conversation and the rest of the table sort of had.

00:22:50 Kristin Demoranville

Educational moment. You can wash the light bulbs clicking on.

00:22:52 Kristin Demoranville

Oh, I don't know about that. OK. And at the end of it, the gentleman stood up and said I have never sat in an OT or.

00:22:59 Kristin Demoranville

And had a conversation with anybody who understood.

00:23:02 Kristin Demoranville

Thank you very much, because I now feel like I'm not alone and I thought to myself, that's what it's like being in the food and agricultural industry because you feel like you were on an island, but nobody.

00:23:13 Kristin Demoranville

Mean. Yeah, it's manufacturing.

00:23:14 Kristin Demoranville

You can 100% show up to a manufacturing conference and dominate the conversation.

00:23:19 Kristin Demoranville

But because it's food, which again goes back to food safety regulations, heavy, heavy forecasting on budget.

00:23:26 Kristin Demoranville

But you're running everything on bubble, dumb, and shoestring. It feels like low.

00:23:29 Tom Sego

Low margins.

00:23:31 Kristin Demoranville

Everybody has got 3 or 4 hats on. You know, I didn't even know I was doing OT back in the day when I was doing it at a bakery company.

00:23:38 Kristin Demoranville

It wasn't until I realized that I was doing it like because I had a conversation with an OT engineer that I realized, oh, I'm doing that, but I never really saw.

00:23:46 Kristin Demoranville

The difference or the vibe or that convergence crap I was already doing it, you know, and I think I think if you come in with the attitude of, I understand what you're going through and all the pressure you're under and.

00:23:56 Kristin Demoranville

All of the different nuances that come with food have people get into the door a little better, but the trust factor.

00:24:04 Kristin Demoranville

Hey listeners, I just want to take a quick moment to say thank you. Because of you the bytes and bytes podcast which is.

00:24:12 Kristin Demoranville

An.

00:24:12 Kristin Demoranville

Winner has officially passed 8000 downloads.

00:24:16 Kristin Demoranville

Wow.

00:24:17 Kristin Demoranville

I am beyond grateful for this incredible listening community.

00:24:22 Kristin Demoranville

Your support.

00:24:22 Kristin Demoranville

Your shares and your feedback keep this podcast growing.

00:24:26 Kristin Demoranville

If you'd enjoyed this episode, please do me a favor though, like comment and share. The more people we reach, the more we can raise awareness about the real cyber security challenges and critical infrastructure.

00:24:37 Kristin Demoranville

Now let's jump back into the episode.

00:24:41 Kristin Demoranville

So let's let's take it like one step.

00:24:43 Kristin Demoranville

Just take it all the way back.

00:24:44 Kristin Demoranville

We'll make it simple as you trim trying to do with.

00:24:46 Kristin Demoranville

You're a farmer, multi generation. You're probably like the 6th generation. Let's say your primary crop is soy because God knows everything is made with soy and you need to you have a new regulation where you have to.

00:24:58 Kristin Demoranville

There's a traceability rule that just came out.

00:25:00 Kristin Demoranville

Need to know what seed came from.

00:25:03 Kristin Demoranville

How are you going to do that?

00:25:04 Kristin Demoranville

Likely with technology.

00:25:05 Kristin Demoranville

Who pays for that tax?

00:25:07 Kristin Demoranville

You do as a farmer, you're paying.

00:25:09 Kristin Demoranville

That tax.

00:25:09 Kristin Demoranville

It's.

00:25:10 Kristin Demoranville

You might get a grant. You might get some mental tax relief or something like that, but most likely you're paying for it.

00:25:16 Kristin Demoranville

Are you going to pay for it when your entire harvest covers your entire life every year?

00:25:22 Kristin Demoranville

Probably mortgage.

00:25:22 Tom Sego

Play.

00:25:23 Kristin Demoranville

Your.

00:25:23 Kristin Demoranville

So you put your house and your family on the line every time.

00:25:27 Kristin Demoranville

The funny thing is, is nobody gets that.

00:25:29 Kristin Demoranville

Nobody understands that except for those of us who do. If you were going to let people into your life, that trust factor has to be so high because you're basically putting some your life into their hands.

00:25:39 Kristin Demoranville

You will.

00:25:40 Kristin Demoranville

Which puts an entirely different mindset on the situation.

00:25:43 Kristin Demoranville

This is why I always say, do you actually?

00:25:45 Kristin Demoranville

That tack.

00:25:46 Kristin Demoranville

Is it necessary?

00:25:47 Kristin Demoranville

Are you required? OK, it's not compensated.

00:25:49 Tom Sego

That sounds a really good.

00:25:50 Tom Sego

The risk is so high in this area of their life.

00:25:52 Kristin Demoranville

So high.

00:25:53 Tom Sego

They can't take on even a small amount of incremental risk, correct?

00:25:57 Kristin Demoranville

And then if you add cybersecurity on that layer, because now you have new tech that's been introduced and God knows you're not going to put any cyber security necessarily around it because that's just another thing, right?

00:26:07 Kristin Demoranville

You and I know, Tom that products are not made with security in mind because they're not regulated to be having security in mind.

00:26:13 Kristin Demoranville

That adds a whole other layer and then if you add nefariously bad actors, whether it's just bad Actors, Nation state, extreme activists, aggriem all the whole thing on the top of that, now you've got a whole other risk factor that they don't have the experience or the time.

00:26:29 Kristin Demoranville

Deal with.

00:26:30 Kristin Demoranville

They're probably completely freaked out about.

00:26:32 Kristin Demoranville

Got it.

00:26:32 Kristin Demoranville

They might be being terrorized for various.

00:26:35 Kristin Demoranville

Their farm has been exploited for whatever particular reason, and they can't get their crop to move off or on the farm. And all these things come into play. If I was a farmer.

00:26:44 Tom Sego

All because of that traceability, that traceability, connection, that was not their choice.

00:26:50 Tom Sego

Was imposed upon them by the government.

00:26:52 Tom Sego

Now they're facing those extra consequences as a result of that.

00:26:56 Tom Sego

I mean, you got to feel more.

00:26:57 Kristin Demoranville

It's so frustrating to.

00:26:58 Kristin Demoranville

That at the end of the day.

00:27:00 Kristin Demoranville

It usually ends up being the farmer. That's the one that.

00:27:02 Kristin Demoranville

Paying the price.

00:27:03 Kristin Demoranville

It's not the consumer, it's not the manufacturer of food. It ends up being the farmer.

00:27:08 Kristin Demoranville

Base starting point, right?

00:27:10 Kristin Demoranville

That's wrong to me, that's.

00:27:12 Kristin Demoranville

But we could have a whole other discussion about that at some other time, and I'm sure I will be having.

00:27:15 Tom Sego

By the way, I'm I'm working actively with a company that is trying to reduce the cost of various aspects of farming to enable traceability.

00:27:27 Kristin Demoranville

Yes, that's what we should be doing.

00:27:27 Tom Sego

And and then they they've told me they need us on 100% of their work streams to protect them from cyber threats.

00:27:36 Tom Sego

So in that way, the farmer then is going to save money because they're going to use fewer pesticides, less water and so forth because of their technology.

00:27:44 Tom Sego

Then they get the traceability and security for free, essentially.

00:27:48 Kristin Demoranville

Yeah. And especially since there's all these sustainability work environments that are happening, right?

00:27:52 Kristin Demoranville

UK is a great.

00:27:53 Kristin Demoranville

The farmers have to live up to the sustainability aspect, which is going to be done with.

00:27:58 Kristin Demoranville

With the adoption of technology hits a trust button.

00:28:02 Kristin Demoranville

Because why am I going to bring this new equipment in at what we're?

00:28:05 Kristin Demoranville

Right now works.

00:28:06 Kristin Demoranville

What's wrong with the way I do things?

00:28:08 Kristin Demoranville

Are you telling me that there's something wrong with me and it goes back down to?

00:28:11 Kristin Demoranville

Like shame level of.

00:28:13 Kristin Demoranville

Building trust.

00:28:14 Kristin Demoranville

It doesn't require you to point a finger at somebody to say you're not doing it.

00:28:17 Kristin Demoranville

It starts with partnerships and alliances and camaraderie and a sense of community to go take it all the way back.

00:28:25 Kristin Demoranville

That's.

00:28:26 Kristin Demoranville

What we need to?

00:28:27 Kristin Demoranville

And cybersecurity is not exactly a welcoming community, let alone are we good with each other at.

00:28:33 Kristin Demoranville

And it's hard because we have to start focusing on empathy and mitigating shame to get to the risks.

00:28:39 Kristin Demoranville

It's it's so so hard.

00:28:42 Kristin Demoranville

In this.

00:28:42 Kristin Demoranville

Because again, I think this is part of the reason why food and AG has been left to the side is because you actually have to deal with the human factor differently and you can't just fold those your way in.

00:28:54 Tom Sego

Well, and I think the other thing that also dawned on me as I was researching this back at the Genesis.

00:29:00 Tom Sego

Was that the people that are in the cyber security industry, some of the highest density of computer science geeks?

00:29:07 Tom Sego

Who, by the way, I love. I love.

00:29:09 Tom Sego

I get along.

00:29:09 Kristin Demoranville

Yeah, I played a lot.

00:29:10 Tom Sego

Of dungeons with these guys.

00:29:12 Kristin Demoranville

Hey Dungeon Dragons is where it's at.

00:29:13 Kristin Demoranville

Learn community building.

00:29:14 Kristin Demoranville

Then I played creatures too.

00:29:15 Tom Sego

There you go, right.

00:29:17 Tom Sego

The the computer science.

00:29:18 Tom Sego

So you have this these these like computer science folks who again high incidence of being more socially awkward, less empathetic.

00:29:27 Tom Sego

More like Spock, less like Kirk. And so I I think that also felt like that's another reason why there is some gaps.

00:29:36 Tom Sego

The way things are done, because it's are you empathizing with the farmer.

00:29:40 Tom Sego

Are you empathizing with the the shipping?

00:29:42 Tom Sego

Are you empathizing with the person running the grain elevator?

00:29:45 Tom Sego

You know, are you?

00:29:46 Tom Sego

Are you?

00:29:47 Tom Sego

Or are you just looking at your bits and bytes?

00:29:49 Tom Sego

Or bytes and bytes in this case.

00:29:52 Tom Sego

You're just looking at source and source and destination IP addresses and firewalls and routers.

00:29:56 Kristin Demoranville

Yep, it talks.

00:29:57 Kristin Demoranville

You know, we in OT, we can't stay siloed.

00:30:00 Kristin Demoranville

We have to go across the whole system.

00:30:01 Kristin Demoranville

See this little time.

00:30:02 Kristin Demoranville

Happy to be a disruptor like I'm 100%.

00:30:06 Kristin Demoranville

Do silence very.

00:30:06 Kristin Demoranville

I want to run across the whole thing.

00:30:08 Kristin Demoranville

Want to understand everything I want.

00:30:09 Kristin Demoranville

Be curious.

00:30:10 Kristin Demoranville

I am curious.

00:30:11 Kristin Demoranville

I also.

00:30:11 Kristin Demoranville

The systems thinking approach, Tom, which you also have.

00:30:15 Kristin Demoranville

Understand that if you mess up something here.

00:30:18 Kristin Demoranville

Cross the pond.

00:30:18 Kristin Demoranville

It's going to have a problem as well if you will or you know it's all one big system. If you have an issue with access control at the front of your factory, you're going to have a problem at the other end when things are leaving.

00:30:29 Kristin Demoranville

I think people.

00:30:31 Kristin Demoranville

Instead of justice sitting in the role as a food safety person or as a farmer, you have to start seeing the larger picture your distribution, your transportation logistic. How do you interact with the people around you?

00:30:42 Kristin Demoranville

Are you interacting with them because it's been part of your generational situation for a long time? Or have you invented these people?

00:30:48 Kristin Demoranville

That process feel for.

00:30:50 Kristin Demoranville

What does that look like for you? I.

00:30:51 Kristin Demoranville

We have so many.

00:30:53 Kristin Demoranville

To deal with.

00:30:54 Kristin Demoranville

And then you have people that are like, I can make your tractor autonomous and the security community goes don't do that.

00:31:01 Kristin Demoranville

If you do that, you're gonna do 15 other things to, you know.

00:31:04 Tom Sego

Right.

00:31:04 Kristin Demoranville

Help.

00:31:04 Kristin Demoranville

And I I love helping people, but I don't want to create a position where the help hurts, right?

00:31:12 Kristin Demoranville

We don't want to do that and I think I think both of us as CEO's in our own companies understand that we don't want to create things that make it worse.

00:31:12 Tom Sego

Yeah.

00:31:20 Kristin Demoranville

Want to create things that keep it simple and keep it moving right in the positive direction to keep.

00:31:26 Kristin Demoranville

From these attacks.

00:31:27 Kristin Demoranville

And also be resilient if you go through it.

00:31:29 Kristin Demoranville

The idea is to keep people safe and still keep your company together. If something does happen.

00:31:34 Tom Sego

You know, one thing that I'm going to digress a little bit, but I think it's in the same spirit and theme of what you're talking about.

00:31:40 Tom Sego

And it's kind of looking at like the last several hundreds of years and looking at some of the patterns that have developed over this time. And what's interesting is that a lot of these technological breakthroughs have happened in various points where.

00:31:55 Tom Sego

Indoor plumbing for.

00:31:56 Tom Sego

Or we had instead of individual wells we had.

00:31:59 Tom Sego

Water. Water.

00:32:00 Tom Sego

Instead of individual generators with water wheels, we had the electric grid. Instead of having horses.

00:32:06 Tom Sego

We created this Interstate highway.

00:32:08 Tom Sego

The same thing with logistics and shipping with barges and moving to containers. Computers from mainframe to PC to network PC to cloud.

00:32:17 Tom Sego

You had these kind of changes and breakthroughs and recently it's AI.

00:32:21 Tom Sego

Question is, in order to benefit from that technological breakthrough, it has to be safe.

00:32:26 Tom Sego

Yes, we can't have drinking water unless.

00:32:29 Kristin Demoranville

Drinking one.

00:32:30 Tom Sego

You can't have electricity going into your house unless it's safe and it's not.

00:32:34 Tom Sego

House isn't going to burn down AI.

00:32:36 Tom Sego

We don't even know how to do that today.

00:32:37 Kristin Demoranville

We're figuring out as we go again, insulting the train.

00:32:40 Tom Sego

We're we're connecting the farms, we're connecting all this infrastructure in the food and beverage industry.

00:32:46 Tom Sego

So blast wave is trying to make that connectivity.

00:32:49 Tom Sego

Safe and do it in a very light touch overlay manner so it allows the people to focus on their business. Not having to learn all this other mumbo jumbo cyber security.

00:32:59 Kristin Demoranville

Yeah, I don't think that you need to be a user.

00:33:03 Kristin Demoranville

All the terminology.

00:33:04 Kristin Demoranville

I don't think you do if you think if you're going to be in an industry that's surrounded around it.

00:33:09 Kristin Demoranville

So if your food safety.

00:33:10 Kristin Demoranville

And so you should understand cybersecurity technology, and you should understand how it's.

00:33:15 Kristin Demoranville

To interact with your world.

00:33:16 Kristin Demoranville

I think if you interact with it in a holistic way, I think you should understand.

00:33:20 Kristin Demoranville

I also think the security awareness in general is a super underserved market. We really need to get better at it.

00:33:25 Kristin Demoranville

Need to make it more digestible to use a pun, and I think that's hard.

00:33:28 Tom Sego

Yeah.

00:33:29 Kristin Demoranville

Because This is why I think rural sector based trainings.

00:33:32 Kristin Demoranville

Super.

00:33:33 Kristin Demoranville

It's not going to resonate with you if you take the training for a security engineer and you are an operator on a production line, that's not going to resonate.

00:33:41 Kristin Demoranville

Means.

00:33:41 Tom Sego

Not Kristin.

00:33:42 Tom Sego

I don't want them to have to go to a single minute of training.

00:33:45 Tom Sego

I want to make the cybersecurity controls and I want to make the functionality.

00:33:50 Kristin Demoranville

So they don't need.

00:33:51 Tom Sego

To worry about.

00:33:52 Tom Sego

You know, we solve that in the back end. We make the easiest way, the safest.

00:33:57 Kristin Demoranville

Way that is a very that's a huge undertaking, right?

00:34:00 Kristin Demoranville

Especially since.

00:34:01 Kristin Demoranville

There's so many factors that could interact with that.

00:34:01 Tom Sego

It is.

00:34:04 Tom Sego

Well this.

00:34:05 Tom Sego

Well, this is actually one of the.

00:34:07 Tom Sego

Things about the.

00:34:08 Tom Sego

Security industry in general is that you want to add keep on adding layers and layers and layers of things that increase complexity and Steve Jobs would always say that making things simple, reducing complexity to.

00:34:20 Tom Sego

Simple.

00:34:21 Tom Sego

Very hard because you have to understand exactly what the essence of what you're trying to accomplish, and it requires a lot more work than just throwing.

00:34:29 Tom Sego

Log on the fire.

00:34:30 Kristin Demoranville

Yeah, because you wouldn't want to have like a 25 layer cake.

00:34:33 Kristin Demoranville

Really complicated to go after and eat right.

00:34:36 Kristin Demoranville

Take it to food level and also.

00:34:38 Kristin Demoranville

Now, like, that's a lot of cake.

00:34:40 Kristin Demoranville

And I'm not into that anymore.

00:34:41 Kristin Demoranville

My life after work in a bakery company.

00:34:48 Kristin Demoranville

But you're.

00:34:49 Kristin Demoranville

You have to be, you know, a master of the craft. I I think a lot of us in OT are, you know, Jack of all trades, master of none, if you will. Because we have to understand so many different types of systems and processes run and I think.

00:34:59 Tom Sego

Definitely.

00:35:01 Kristin Demoranville

It's important to have those people as like.

00:35:03 Kristin Demoranville

Important to have people that specialize.

00:35:05 Kristin Demoranville

But you don't have to be that if you're going to run a security program necessarily.

00:35:09 Kristin Demoranville

So making it simple, you know as key and not something I feel like we're always striving for anyways.

00:35:16 Kristin Demoranville

People that are trying to explain in a system thinking capacity, how can I make this as simple as possible?

00:35:22 Kristin Demoranville

Someone to understand and be able to execute it and feel comfortable and build that trust and mitigate shame and risk and make sure everything is OK and everybody goes home. It's super daunting.

00:35:33 Kristin Demoranville

Such a large thing.

00:35:34 Kristin Demoranville

It's that big ball of string and there's a cat, certainly knocking it around and I think we have such a big world to go after.

00:35:42 Kristin Demoranville

And so many aspects, the critical infrastructure side of the House, we have so much going on at all times, whether it's adversaries or ourselves or.

00:35:49 Kristin Demoranville

You know, there's other things coming in.

00:35:52 Kristin Demoranville

Governments are.

00:35:53 Kristin Demoranville

You know, new regulations coming from different places in the world. Yeah. And at the end of the day, it's it's just about keeping people safe, like you said.

00:36:00 Kristin Demoranville

I love that trying to make it easy.

00:36:02 Tom Sego

I was going to tell you another story related to one of our customers.

00:36:06 Tom Sego

Who is the largest refrigerated and frozen food storage company in the world?

00:36:13 Tom Sego

This company is.

00:36:14 Tom Sego

They have 300 football field size.

00:36:17 Tom Sego

Think of it in refrigerators or freezers. In the US alone, 35 to 40%.

00:36:23 Tom Sego

The US food supply goes through their warehouses and so one of the.

00:36:26 Tom Sego

Talking about regulations, the FDA requires that these refrigerators and freezers don't get too warm, so the food doesn't spoil, which means they need to have connectivity to logs that show the temperature profile of each one of these.

00:36:39 Tom Sego

And so we helped this company.

00:36:42 Tom Sego

Secure to deliver security to that, those refrigerators and freezers, and we did that in a way that allowed them to remotely manage it and also connect it to the cloud data services that they wanted.

00:36:52 Tom Sego

It was a really great project and they were they were just thrilled.

00:36:57 Tom Sego

They ended up.

00:36:58 Tom Sego

Again, kind of starting out with a very small installation and now there are 100 times the size they were customer of US 2 two years ago.

00:37:06 Kristin Demoranville

That's that's really intense.

00:37:09 Kristin Demoranville

I was talking to someone recently who was telling me about how how cold storage trucks in transit can be hacked and how it is actually pretty easy.

00:37:17 Kristin Demoranville

You'd have to obviously get a vehicle next to.

00:37:18 Kristin Demoranville

You'd have to have a driver and the hacker would have to get into remotely.

00:37:21 Tom Sego

Thanks well so.

00:37:21 Kristin Demoranville

A lot of things.

00:37:22 Kristin Demoranville

Easy, but it's very fast and furious, fives.

00:37:25 Tom Sego

It's very fast and sure it's don't say the reason that they came to us is the reason that a lot of.

00:37:28 Kristin Demoranville

Mm.

00:37:29 Tom Sego

Customers come to us is that they were happy.

00:37:31 Kristin Demoranville

Yeah, of course.

00:37:32 Tom Sego

It was a very innocuous.

00:37:33 Tom Sego

But what the vice President of Research and Development realized is there were only four steps that will be required to turn these giant freezers and refrigerators into bombs. They use ammonia to do the refrigeration for this which?

00:37:50 Tom Sego

Be dangerous.

00:37:51 Tom Sego

It obviously has a pungent odor, so you can detect it.

00:37:53 Kristin Demoranville

Mm.

00:37:54 Tom Sego

Especially it's mixed with, you know, oils and things like that in the processing, but.

00:38:00 Tom Sego

The point is, is that they realize that this could be extremely dangerous if a hacker was able to get.

00:38:06 Tom Sego

To these.

00:38:06 Tom Sego

So they put in place a very impressive, I would say approach to securing these warehouses, not just to meet the FDA requirement on refrigeration, but also.

00:38:17 Tom Sego

Safety of all their plant personnel and neighboring communities.

00:38:20 Kristin Demoranville

And I think that's something that we have to take into account with OT in general is what's the greater consequences beyond the facility, right?

00:38:29 Kristin Demoranville

That would be quite an environmental disaster, ultimately, and could affect the drinking water. It could affect air quality, but it's so fascinating that when you start stacking data like that with the environmental or social even governance data, it starts to give you this really beautiful profile of the.

00:38:45 Kristin Demoranville

And I've actually almost.

00:38:46 Kristin Demoranville

My own product right now. Sorry everybody.

00:38:49 Kristin Demoranville

In it, it's actually really interesting.

00:38:50 Kristin Demoranville

A standard.

00:38:51 Kristin Demoranville

Like Tom, you and I are like data.

00:38:53 Kristin Demoranville

We like to learn, you know, and the more information I have that I can learn about the more infectious I get about it.

00:38:59 Kristin Demoranville

And knowing that we can solve other problems through an OT space is like the coolest thing.

00:39:06 Tom Sego

It's a 2.

00:39:07 Tom Sego

It's a 3 for four.

00:39:09 Tom Sego

Yeah.

00:39:20 Kristin Demoranville

Hey, Cyber community, Are you ready to level up?

00:39:23 Kristin Demoranville

Because Wicked 6 is.

00:39:25 Kristin Demoranville

And this time it's bigger and bolder.

00:39:26 Kristin Demoranville

Woof.

00:39:27 Kristin Demoranville

March 28th through the 30th.

00:39:30 Kristin Demoranville

It's a three day global virtual hack and chat event where women worldwide come together to play games, compete, learn and connect.

00:39:41 Kristin Demoranville

We've got an international speakers technical talks, hands on workshops and of course the Cyber Games.

00:39:48 Kristin Demoranville

Think capture the flag attack and defend and high stake teams tournament all streamed live over three days. Whether you're just starting out or a seasoned pro, there's a challenge for you.

00:39:58 Kristin Demoranville

Plus, there's also networking, prizes, merch, and so much more if you.

00:40:02 Kristin Demoranville

Got a great story to.

00:40:04 Kristin Demoranville

Consider applying to be a speaker, a host, a workshop.

00:40:07 Kristin Demoranville

To show what a cybersecurity career really looks like.

00:40:09 Kristin Demoranville

Like submit a day in a life video.

00:40:12 Kristin Demoranville

To get.

00:40:13 Kristin Demoranville

We're also looking for volunteers, referees and challenge developers to help make this event even more.

00:40:19 Kristin Demoranville

And if you're a company looking to sponsor the future of women in cybersecurity, check out our sponsorship opportunities.

00:40:25 Tom Sego

Right. That's good. OK.

00:40:26 Kristin Demoranville

Head over to Wicked 6 com to sign up all the details and links are in the show notes. Let's level up together.

00:40:39 Kristin Demoranville

Yeah.

00:40:40 Tom Sego

Well, I mean, you look at what happened when the ammonium nitrate plant kinda blew up in Lebanon and and that was the largest non nuclear explosion in history was trom ammonium nitrate. And I think it just goes to show you that the impact of, you know, protecting some.

00:40:55 Tom Sego

These things from a physical.

00:40:58 Tom Sego

Sense human safety and cyber safety all together.

00:41:01 Tom Sego

That's part of the mandate, and it does have.

00:41:03 Tom Sego

It does have cascading consequences that can be devastated.

00:41:05 Kristin Demoranville

Yeah, cyber physical is super important because I think a lot of people forget that.

00:41:09 Kristin Demoranville

You can push a button, but you can also push the button on your couch and I know that seems rather extreme, but it's so interesting to me. Exactly. I was in a media factory years back CDs, DVD games for consoles.

00:41:21 Kristin Demoranville

That's actually a highly chemical based process.

00:41:24 Tom Sego

Yeah.

00:41:24 Kristin Demoranville

No.

00:41:25 Kristin Demoranville

I'm just an average person.

00:41:26 Kristin Demoranville

Wouldn't have known that.

00:41:27 Kristin Demoranville

And I it's.

00:41:28 Tom Sego

Coming in on the trucks.

00:41:30 Tom Sego

Gonna see pellets.

00:41:31 Kristin Demoranville

Yeah, and it's.

00:41:32 Kristin Demoranville

Because when I was there doing a security audit, I have a degree in environmental management.

00:41:37 Kristin Demoranville

Is no surprise to anybody listening.

00:41:39 Kristin Demoranville

And I was a complete nerd about it.

00:41:41 Kristin Demoranville

Went.

00:41:42 Kristin Demoranville

I put the hard helmet.

00:41:43 Kristin Demoranville

I started asking how they were stripping the copper out of the water and all these engineers.

00:41:46 Kristin Demoranville

Around me, like, who is this person?

00:41:48 Kristin Demoranville

But because I was so excited about it, we were able to find some more points of ingress and egress for the Internet that was there, that didn't even know that was put there by regulation from the EPA.

00:41:58 Kristin Demoranville

All because I was a complete nerd and I think I think following down into the the rabbit hole, if you will.

00:42:04 Kristin Demoranville

I know.

00:42:04 Kristin Demoranville

Say Rath holes, but I feel like the vision of that is not as good as a rabbit hole because every pictures Alice in Wonderland.

00:42:09 Tom Sego

Better bunnies are cuter.

00:42:11 Kristin Demoranville

Bunnies are cuter. I think when you do that, it's it just really improves that trust building too, because that facility would contact me and talk to me whenever I wanted to because I build trust.

00:42:22 Kristin Demoranville

It's essentially I look at everybody who works in a factory or production environment in general as an aunt or.

00:42:27 Kristin Demoranville

You know, it's that 5.

00:42:29 Tom Sego

Going to interrupt you one minute just to to tell you just on this trust idea.

00:42:33 Tom Sego

I feel that this, and I've told my team this, this is our job. Your job is not to sell.

00:42:39 Tom Sego

Your job is to.

00:42:40 Tom Sego

Build trust and prove to the delight of the customer the prospect.

00:42:46 Tom Sego

That we are working for them.

00:42:49 Tom Sego

Not buying something from.

00:42:50 Tom Sego

We are working for them and that mentality is something that is essential in our culture to have the right kind of service mindset.

00:42:59 Kristin Demoranville

We have to, especially when you're going to be working with food and act if you come into it, of I am got the answers and.

00:43:05 Kristin Demoranville

That's not going to work.

00:43:06 Kristin Demoranville

Going to kick you?

00:43:07 Kristin Demoranville

Out and yeah, probably really.

00:43:09 Kristin Demoranville

Actually, I don't like that type of mentality.

00:43:12 Kristin Demoranville

I don't want.

00:43:13 Kristin Demoranville

In my house like that.

00:43:15 Kristin Demoranville

Show up like that.

00:43:16 Kristin Demoranville

It's.

00:43:17 Kristin Demoranville

We telemarketers are annoying for a reason, right? Like.

00:43:20 Tom Sego

It's actually.

00:43:21 Kristin Demoranville

It's it's crazy.

00:43:22 Kristin Demoranville

So as we wrap up here, Tom, I actually have like a.

00:43:26 Kristin Demoranville

Good.

00:43:26 Kristin Demoranville

I'm gonna start asking some more of the guests because I am just curious and I want to know what would you leave? What piece of advice would you leave the listeners about staying secure in today's world?

00:43:35 Kristin Demoranville

This is aside from blast wave.

00:43:37 Kristin Demoranville

Is a.

00:43:38 Kristin Demoranville

This is just your life.

00:43:40 Tom Sego

I think the simplest thing to say is that passwords are bad if you don't know this already, you should.

00:43:46 Tom Sego

But I think that's one thing in a world in which the marketing can be very confusing.

00:43:51 Tom Sego

It's really hard to know when a product actually works and when it doesn't work.

00:43:55 Tom Sego

I think you've got to think is there a way to demonstrate that I am protected?

00:44:02 Tom Sego

There a.

00:44:03 Tom Sego

For me to sleep better at night.

00:44:05 Tom Sego

How do I know that and by asking?

00:44:07 Tom Sego

A series of questions around what controls do you have?

00:44:11 Tom Sego

What threats do you face? And can those controls address those?

00:44:16 Tom Sego

You don't have to have a pH D to ask some of those basic kinds of questions.

00:44:20 Tom Sego

You don't have to be a CISF trained security person to ask this kind of.

00:44:25 Tom Sego

But I think I think the other thing, there's a lot of talk around.

00:44:29 Tom Sego

That people are scared about, and rightly so.

00:44:31 Tom Sego

AI is a very powerful my 16 year old son wanted to get his first service job.

00:44:36 Tom Sego

He wanted to go work at a restaurant or a grocery store, and we looked at his experience, and I wrote a prompt in ChatGPT.

00:44:44 Tom Sego

Took US 3 minutes to put together his resume and.

00:44:49 Tom Sego

I basically said something like write a resume for a 16 year old junior at Palo Alto High School.

00:44:53 Tom Sego

Looking for the first service industry job? They did gardening from the neighbors.

00:44:58 Tom Sego

And they're involved in the national model.

00:45:01 Tom Sego

And it spit out in less than 30 seconds.

00:45:04 Tom Sego

A very professional looking.

00:45:05 Tom Sego

So it's a very powerful tool and people are aware of that. I think the other thing is, is that AI does two things really well.

00:45:12 Tom Sego

Automates things better, and it personalizes things better.

00:45:17 Tom Sego

And so if you can eliminate the risks that are being.

00:45:21 Tom Sego

Automated or personalized, you're cutting AI off at the knees.

00:45:26 Tom Sego

Offensive AI off at the knees.

00:45:29 Tom Sego

And we've.

00:45:30 Tom Sego

Built this, you know, this kind of philosophy I think is really important for us as a community to figure out how to better defend against these AI weaponized threat vectors so.

00:45:38 Kristin Demoranville

Yeah, I think it's an evolving landscape if you.

00:45:42 Kristin Demoranville

And I think it's going to unfortunately take a few bad events to happen before we really get a good handle on AI as a whole in terms of the offense of AI and the defensive AI.

00:45:51 Kristin Demoranville

But I don't think that people should be afraid of it changes.

00:45:56 Kristin Demoranville

Always hard, because that people initially are afraid of.

00:45:59 Kristin Demoranville

I don't necessarily think they should embrace it, but they should have a healthy curiosity about.

00:46:04 Tom Sego

Yeah, just like we did with computers.

00:46:05 Kristin Demoranville

AI.

00:46:07 Tom Sego

Just computers were a tool, and at first maybe you didn't feel you needed one.

00:46:11 Tom Sego

Whatever.

00:46:12 Tom Sego

But then as you started to learn to learn a little more about how you could use that tool, then it became productive and helpful as opposed to.

00:46:20 Kristin Demoranville

Yeah. And I think as long as you we do this in our lives anyways, we're constantly mitigating and assessing risks in our lives at all times. If I run really fast down the stairs and I'm holding like things that are too heavy, I'm probably gonna fall down the.

00:46:32 Kristin Demoranville

Like those.

00:46:33 Kristin Demoranville

Of things or.

00:46:34 Kristin Demoranville

I have a healthy distrust of lettuce because of E coli, you know.

00:46:39 Kristin Demoranville

No, I make better decisions on my food because I have these set of knowledge now with food and I think that people we learn to look both ways for across the road.

00:46:48 Kristin Demoranville

Kind of stuff, right?

00:46:49 Kristin Demoranville

I think we have to start doing that with AI a little bit.

00:46:52 Kristin Demoranville

Use it as your search engine.

00:46:53 Kristin Demoranville

You can ask questions, but make sure you.

00:46:56 Kristin Demoranville

Verify.

00:46:56 Kristin Demoranville

I think.

00:46:57 Kristin Demoranville

I love that you said that marketing is confusing because I'm confused by it all the time.

00:47:00 Tom Sego

After some meeting.

00:47:02 Kristin Demoranville

And also there's so much disinformation, misinformation, flying all over the place now too, because of the Internet, which is like the greatest thing ever and the worst.

00:47:10 Tom Sego

Thing ever. You know, there was a really interesting incident that occurred in a it was a manufacturing facility.

00:47:17 Tom Sego

Where they had a lot of different production lines and they got hacked like many kind of food, beverage and manufacturing companies get hacked and they the board asked for there to be a cyber assessment performed.

00:47:29 Tom Sego

Did the cyber assessment and they came up with a list of findings and before they could even implement those findings, they got hacked a second time.

00:47:37 Kristin Demoranville

Insult to injury. Damn, that sucks.

00:47:38 Tom Sego

It is, and so they.

00:47:40 Tom Sego

So who was worried about getting fired?

00:47:42 Tom Sego

You know, move very quickly and the CIO moved extremely quickly.

00:47:46 Tom Sego

Deployed a series of solutions to this factory.

00:47:49 Tom Sego

Had 10 different production lines and believe.

00:47:51 Tom Sego

Or not.

00:47:52 Tom Sego

Four months ago they were hacked a third time after installing.

00:47:54 Kristin Demoranville

Oh.

00:47:56 Tom Sego

So this is where this marketing kind of thing gets really confusing because you have people saying they can do things they can't.

00:48:01 Tom Sego

Plant was brought down for two.

00:48:03 Tom Sego

It cost them $5,000,000 and again these guys don't have margin despair here and nine of the 10.

00:48:10 Tom Sego

Lines shut down from that two day period and one line kept running.

00:48:13 Tom Sego

And the line that kept running was protected by blast waves, and it was one of those examples where you have proofs that we stopped an attack where others didn't.

00:48:23 Tom Sego

I think that that goes a long way to build trust and to show efficacy.

00:48:28 Tom Sego

Under fire, as opposed to marketing spend and you know, I just don't want people to have to go through those things. I mean, the the ransom demand was very high.

00:48:32 Kristin Demoranville

If.

00:48:37 Tom Sego

End up paying it, by the way, and what they ended up paying.

00:48:40 Tom Sego

Was 10 times what the security controls cost.

00:48:43 Kristin Demoranville

Yet the money flows when something happens.

00:48:46 Kristin Demoranville

We don't want to be proactive, but you know it's the return on investment. I always say that like the return on investment, it's so frustrating.

00:48:54 Kristin Demoranville

And it's almost one of those you wish you could. You could take all of your knowledge of all the things you know that happen, and around hacking and everything that happens and just somehow give it to the people that need to make the decisions.

00:49:05 Tom Sego

About sending that money, I want to talk to.

00:49:06 Kristin Demoranville

Honey.

00:49:08 Tom Sego

I want to talk to these food and beverage folks about how to protect them and I to feel this calling to protect our food supply chain and anything I can do.

00:49:21 Tom Sego

Are very we're much. We're much, much, much more cost effective as a company.

00:49:25 Tom Sego

I mean, I'm not.

00:49:27 Tom Sego

Talking about money, I.

00:49:27 Tom Sego

Want to work with these folks to?

00:49:29 Tom Sego

To help protect them because they're exposed in areas and they shouldn't have to learn all this stuff, they should be able to have a trusted partner who can look out for their best interests.

00:49:39 Kristin Demoranville

Absolutely, 100% agree and I hate that most of the time when we interact with companies that they've been hacked or they've had an issue and that's when they're reaching out. I actually recently.

00:49:50 Kristin Demoranville

We reach out because they haven't been hacked and they don't have an issue, but they're worried it's going to happen because it's happening all around them and proactiveness is like we should praise that more in the industry, be proactive.

00:49:59 Tom Sego

Kohlich is.

00:50:00 Kristin Demoranville

Come talk to us, you know. And again, a lot of times from the from the food side is cybersecurity and it's not approachable.

00:50:08 Kristin Demoranville

You guys are really just not friendly and I say we're obviously talking to the wrong people. Like you need to find the friendly.

00:50:15 Kristin Demoranville

Find your friend.

00:50:15 Tom Sego

Yeah, there's a lot of friendly people.

00:50:17 Kristin Demoranville

There's a lot of friendly people and there's a lot of people to talk your ear off, especially if.

00:50:21 Kristin Demoranville

Work in a food company. Bring them food.

00:50:25 Kristin Demoranville

And I always, I always say that, you know, nobody's gonna not be friendly to you if you drop a cupcake on their desk.

00:50:30 Kristin Demoranville

Know you'd have to be a really.

00:50:32 Kristin Demoranville

Like I don't know, borderline evil human. If you're not gonna smile for that something.

00:50:35 Kristin Demoranville

That on your yeah.

00:50:36 Kristin Demoranville

Well, thanks.

00:50:37 Kristin Demoranville

This has been a really fun.

00:50:39 Kristin Demoranville

I'm really glad that we get to reminisce about the things that we love in the industry and what we're trying to do to support it, and you've got great stories.

00:50:45 Kristin Demoranville

Thank you very much for.

00:50:46 Kristin Demoranville

Work that you're doing.

00:50:47 Tom Sego

Thank you for the work you're doing and congratulations on your award-winning podcast.

00:50:52 Tom Sego

That's.

00:50:53 Kristin Demoranville

So.

00:50:53 Kristin Demoranville

Appreciate.

00:50:54 Kristin Demoranville

I'm just trying to get the word out that we are here and we're trying to be part of the community and build trust rather than just a disgruntled it or cybersecurity.

00:51:03 Tom Sego

Person who is.

00:51:04 Kristin Demoranville

Frustrated.

00:51:07 Kristin Demoranville

Anyways, thanks so much, Tom.

00:51:08 Tom Sego

Thank you.

00:51:09 Tom Sego

Care.

00:51:19 Kristin Demoranville

And that's.

00:51:20 Kristin Demoranville

On today's episode, we're sharing his insights stories and his mission to make cybersecurity actually usable.

00:51:26 Kristin Demoranville

And of course, thank you for listening. If you found this episode valuable, please don't forget to like comment and share the show and helps more people find these important conversations and as always.

00:51:38 Kristin Demoranville

Stay.

00:51:39 Kristin Demoranville

Stay curious and we'll see you on the next one. Bye for now.