Ep. 030 - Securing Food Systems with a Defense Mindset with Brian Schleifer

00:00:25 Kristin Demoranville

Hi everyone and welcome back to another episode of the Bison Bytes Podcast. I'm your host Kristin Demoranville. Today we're talking about cyber security, food systems, defense, inspired thinking and breakfast burritos. I am joined by Brian Schleifer or as he goes by Schleif, a season cybersecurity Professional with a background in defense and systems security engineering.

00:00:49 Kristin Demoranville

In this episode, we will talk about the intersection of military, cyber strategy or defense strategy and what it means for protecting our Food and Agriculture systems. Is a smart, grounded conversation that connects real world risks to the systems that feed us every day. Thanks for tuning in and let's jump into it.

00:01:07 Kristin Demoranville

Well, now that we've basically just spent 45 minutes chatting without recording, I decided I should probably hit the record. Brian. Brian, thanks for being here. So we're going to jump straight into it. Favorite food and favorite food memory. They do not need to be the same thing.

00:01:19 Brian Schleifer

Yeah. Thanks for having me on. So I think my favorite food all time, everywhere I go, I'll try it.

00:01:26 Brian Schleifer

Now, breakfast burrito, breakfast burritos. Huge deal. But one of the paramount things that has to be part of this breakfast burrito is a homemade flour tortilla. You have to have that on, and that ties into two different memories, 1 so growing up in Texas, Small Town, Texas, they actually used to create and make breakfast burritos at gas stations. And that's some of the.

00:01:46 Brian Schleifer

Best breakfast burritos you will ever have in your.

00:01:49 Brian Schleifer

Entire life one.

00:01:50 Brian Schleifer

Of the other instances because I was thinking about this as a food memory, San Antonio, TX about an hour and a half from where I grew up used to go with my grand grandparents place called Ponchos.

00:02:00 Brian Schleifer

And.

00:02:01 Brian Schleifer

A couple of people have heard of it. I think it's closed down or closing down at some point. But the coolest part was at tables. They had these little flags so rather than like having a flag down literally flagged down a waitress or waiter, you would have these little flags and you would just basically send the flag up the pole and they come back and they used to have commercials and they'd be like, so Papias. And if anybody knows, the sopapillas.

00:02:21 Brian Schleifer

Or they're sort of like a beignet, but but not they're the the Mexican third version of that, and you bite off the corner and squirt honey in it and eat.

00:02:28 Brian Schleifer

That way, and I remember going and I, you know, I was a not not skinny child. So I used to love to eat and they would have a buffet and that was the biggest thing. Ponchos was this huge Mexican buffet. And I'm sure it was just as good as like go into a lunch room in any elementary school out there. But they had cheese and salatas and it was just like corn with the, like, canned Nacho cheese.

00:02:49 Brian Schleifer

You know, I'm talking about that. They beat up at, like any kind of sports event and pour over. But I remember going and eating like 10 of those bad boys. And I was like, it was a huge accomplishment as a child of 10 or whatever it was at the time and eating those. So breakfast burrito, favorite food all.

00:03:03 Brian Schleifer

Time and memory was ponchos in San Antonio.

00:03:07 Kristin Demoranville

Texas ID or like Mexican food, and I have had the privilege of having it in Mexico, not just on holiday. I was in Mexico City and it changed my life like it's an incredibly we have over processed in the US, but it is an amazing we have authentic and style. Yeah, it really is.

00:03:21 Brian Schleifer

It's a game changer. That's a game changer, Sam.

00:03:23 Kristin Demoranville

Watching I was at a food market because I did a.

00:03:27 Kristin Demoranville

The tour Food St. Tour, and I remember watching Grandma making the tortillas and then it was just a little cheese and then it was a squash blossom was in the the quesadilla. And I thought this is weird, but I'm not. We're not something I have this right. Yeah, it's amazing. It changed my life. It was amazing. I can't even. I haven't had anything since that even.

00:03:46 Kristin Demoranville

Comes close to it in terms of that.

00:03:47 Kristin Demoranville

Type of food and it was so good. So I completely understand the nostalgia around homemade.

00:03:54 Brian Schleifer

It's super interesting because I, you know, doing some research and articles just for some other courses I've done and watching a bunch, you know, like Netflix pumps out all these foods.

00:04:03 Brian Schleifer

And it's documentaries. And it was like, hey, we like, literally the population of the Earth couldn't handle organic food because we can't make enough at this time. And that was sort of some of the initiation or how some processed food came to fruition. And I read what is it called salt, sugar, fat.

00:04:21 Brian Schleifer

I don't know.

00:04:21 Brian Schleifer

If you ever heard of that book and they talked about.

00:04:23 Brian Schleifer

Like margin or whatever the government was gonna try to make all fake butter be painted pink or something and labels like imitation. It was very interesting book. It was very eye opening about the big conglomerates coming in and saying, hey.

00:04:35 Brian Schleifer

We have to have these parts, right? They do and they still do this with the mouth feel and doing testing of all that, right. So how does it feel in your mouth and then that balance with the salt and sugar and fat, of course, right. And anything else, if you go look, I had to write. It was like third grade. Had to write a paper or something. And we looked at the differences between like normal cheese and like fat free cheese.

00:04:55 Brian Schleifer

And if you go look at to this day, go look at labels. Anything that takes away something adds somewhere else. So if you go look and it's higher in fat because it's real.

00:05:04 Brian Schleifer

These and you go look at low sodium, for instance, cheese or whatever. It'll be higher in like sugar or something else to try to achieve that same taste balance. And that's the same for bread and everything else. So I thought that was quite interesting of going back to the.

00:05:16 Brian Schleifer

Process food perspective.

00:05:17 Kristin Demoranville

I learned something recently at the West Globe Awards about how the food industry has learned to market so well to us, that different sensory which you just mentioned is a really big factor into marketing, but Sony?

00:05:29 Kristin Demoranville

Marketing. So like hearing like snap, crackle, pop, you know exactly what I'm talking about. And I say that right, the rice crispy treats are Rice Krispies in general. And the fact that that's a big importance.

00:05:35

Mm-hmm.

00:05:39 Kristin Demoranville

Like the crunch.

00:05:40 Kristin Demoranville

Or healthy like, interact with it. But are the problem with processed food and I'm not picking on anybody at all for this. We're saying, and I think people know this is a lot of.

00:05:48 Kristin Demoranville

It's soft and if we went to actually back to organic or like eating in more of that level, everything would be crunchy and our teeth and our jaws would be really hurting because of it. So you'd have to like ease your way into it, cause everything we eat is soft for the most part.

00:06:02 Brian Schleifer

Or the blender market would do really.

00:06:04 Brian Schleifer

Well, yeah, I.

00:06:05 Kristin Demoranville

Mean. Let's be real. Let's be real.

00:06:07 Brian Schleifer

Want to talk to us?

00:06:08 Brian Schleifer

No, thank you.

00:06:10 Kristin Demoranville

Yeah, it's, it's such a fascinating thing. Netflix documentary. I'm just going to have a shameless plug here for my friend, Doctor Darren Detwiler. He was on the documentary, poisoned, and I had her come in watching that one. If you get a chance, it's talking about the food system.

00:06:22 Kristin Demoranville

And how where it's at with food safety and things like that. And it was very eye opening, especially as an OT ICS person because you they actually showed you some of the behind the scenes and like your hearts are still like palpated a little bit when you see like them showing like.

00:06:22

Absolutely.

00:06:34 Kristin Demoranville

The systems that.

00:06:35 Kristin Demoranville

Are working and you're like, no, no show.

00:06:36

Those things because that people know.

00:06:40 Kristin Demoranville

But it's quite interesting besides the context.

00:06:42 Kristin Demoranville

The actual documentary, which is an award-winning documentary that may actually. So yeah, thanks for that, Brian. But let's introduce you. So everybody, me, Brian, Brian, introduce yourself.

00:06:46

Yes. Yeah.

00:06:52 Kristin Demoranville

Please.

00:06:53 Brian Schleifer

Hello, my name is Brian Schleifer. I go by schleife. I have worked and the defense industry. Oh, goodness gracious. Coming up on almost 25 years now, we're almost getting there 24/7. In 25 years, one end of the year 4. Well, OK. So I'll just go back just a tiny bit just to think, oh, so this small town Texas parents owned a bowling center. This is important because of food and growing up around food.

00:07:13 Brian Schleifer

Bowling center, which people may or may not realize, like some of the people used to be like man bowling centers, have the best food. My parents did Bing up job making food in the bowling center.

00:07:22 Brian Schleifer

Onion rings, man. Phenomenal. We used to get these giant onions delivered and they would make these big rings and we do the whole like flour, milk, flour, milk, flour, milk fry. Just absolutely amazing how I lived through all that grease. I don't know at the time, but grew up there. Then there was a a tipping point. And myself and my mother both pointed. Hey, you need to do something.

00:07:43 Brian Schleifer

College was not quite there yet, so let's go into the Air Force. So I joined the Air Force and went in. First base was in Virginia and then I was very fortunate. I got to go to Germany right after that. I lived in Germany 3 1/2 years, played rugby for a local team there. Why is that important to the food industry? I had some amazing Jager Schnitzel. I like German.

00:08:02 Brian Schleifer

Food at the German like the Christmas markets are absolutely from phenomenal. Amazing. I learned that not everybody has like refrigerators because a lot of their stuff is different. Like their eggs. They don't put in refrigerators necessarily. They have like farmers market. And it's more just a normal thing and how they've.

00:08:17 Brian Schleifer

Grown up there, but some of.

00:08:18 Brian Schleifer

Best food I lived right next to this building as I drove back from the base of my house and it had. It was three. It was separated into three sections. It had a bread maker, a meat market and alcohol. So you can literally go get everything you needed within these three stores back-to-back to back. It was awesome. So from there from Germany, I went to England.

00:08:38 Brian Schleifer

And I got to live in England for three years, completely different food profile. By the way, love you England. But sometimes the brunches I was like, there's no flavor. But I do love blood pudding. Yorkshire, Yorkshire. You know, what is it? Yorkshire pudding as well. If I'm not mistaken.

00:08:42 Kristin Demoranville

Mm-hmm.

00:08:50 Kristin Demoranville

Yeah. Which is a pop over in the US if you need to compare.

00:08:53 Brian Schleifer

Nice and yeah, like, yeah. But so I I loved all that stuff. It was great. So did England. And of course, through these times traveled around the world for deployments and so on. And then I landed back after England to Nevada and the states lived up in Vegas for, I think it was like 3:00-ish years or so, 3-4 years and then ended up in Florida, retired out of Florida. And then.

00:09:13 Brian Schleifer

Went to a company right after that. So as a DoD defense contractor, then part of that for like I said, coming up almost on six years now in June, working in the cyber security arena. So during the Air Force career, traveling around experiencing all that cold food.

00:09:28 Brian Schleifer

I was very fortunate and I got to dabble anywhere from like putting CAT5 cables and you know, the dirt in Iraq to helping design buildings to, I mean, you name it, right, desktops, servers all the way into cyber physical systems which we're working for UAV's and things like that. After the retirement, more so into like the munitions and then even doing some.

00:09:48 Brian Schleifer

We're testing facilitating that, not hands on keyboards, so just clarify doing that for again munitions and aircrafts and so on. And so they're doing that for for a while now. I will say this is the time I'll go and say this that.

00:10:00 Brian Schleifer

I am speaking for myself, not the Department of Defense, nor the company I currently work for, or the government customers I support. Speaking from my own opinion and for myself. But that's that's a little bit of my background and then just to add on to that sort of how we got in conversations and where we met and the industrial control system, cyber Security conference in Atlanta was I am currently working on my.

00:10:21 Brian Schleifer

Doctorate through Purdue University and in doing so, looking at embedded systems.

00:10:25 Brian Schleifer

For security, what I started to notice was that there's a lot of similarities from the weapon system and the defense industry side to all these other industries, whether that's medical, agricultural, robotics, maritime, you name it, railway. All of these things are very similar. Some have progressed because money has been invested in those instances.

00:10:46 Brian Schleifer

Some threats are different in certain industries, and so you'll see that. But I was noticing I'm like, Oh my gosh, wow, we have all these, you know, our particular company and other people have these skill sets that can transverse. And so that's why we're here, to be honest with you, is is just trying.

00:11:00 Brian Schleifer

Help everyone out and recognize and realize the things that we can do to better not only help secure our systems, but make it safe overall because safety and security are blended. As I'm sure you're.

00:11:09 Kristin Demoranville

Well aware. Yes, of course. Thank you for that. That's awesome. And I even learned a.

00:11:13 Kristin Demoranville

Little bit thank.

00:11:14 Kristin Demoranville

You, Brian and I spent actually quite a bit of time chatting, and it was actually quite funny how we originally met at the conference.

00:11:20 Kristin Demoranville

If I remember correctly, it was a lot of alcohol, not me. I was actually quite sober.

00:11:25 Kristin Demoranville

And I think you were too. Actually it was just everybody else around us. But I remember. I remember sitting. It was the military table, if you will. And I am not a military person. I am. I am engaged to a military ex military man. But it is quite funny to me. I've ever sitting down and I was immediately accepted. There was no questions and.

00:11:27 Brian Schleifer

I need.

00:11:28

More than I.

00:11:44 Kristin Demoranville

It was just you're part of the crew. Welcome. Here you go. Let's talk. And it was.

00:11:48 Kristin Demoranville

I don't think I've laughed. Belly laughed like that in a long time, so I definitely appreciated, you know, the encouragement and to sit and just and chat at the end of the evening when everybody was trying to wrap up and or move on.

00:12:01 Kristin Demoranville

To their next event, yeah.

00:12:01 Brian Schleifer

Yeah, well, you know, and the military, we're all about burning calories. So you know, laughter. What is the 5 calories? We just we have to test your diaphragm out, right. That's the whole in like, as long as your diaphragm is working and we.

00:12:08

That's true.

00:12:11 Brian Schleifer

Have that nice.

00:12:12 Brian Schleifer

You know, wow. Laugh or or things like you're trying to hold it in. And they're shooting from different areas of your body then you know you're.

00:12:19 Kristin Demoranville

Well, I used to sing opera so my diaphragm.

00:12:21 Kristin Demoranville

'S pretty good so.

00:12:23 Kristin Demoranville

But yeah, it's.

00:12:24 Kristin Demoranville

It was a great time and it was. It was nice to have a different perspective at ICS. I think a lot of times we kind of get caught up in our own stuff and to be honest and I think having diversity of thought, whether that's you cover of a different walk of life, you're a different type of person.

00:12:38 Kristin Demoranville

Or you just coming from a different angle is really super important. And so I appreciated the challenges that you were mentioning and establishing what we're talking, especially since you've taken on the.

00:12:48 Kristin Demoranville

The crazy task of getting a pH D full stop regardless of what the subject matter is, and the fact that you're doing in a better systems and you have a systems thinking approach about it and you realize the things are interconnected. I mean that we need more people to connect the dots, especially in both private and public sectors and it's so.

00:13:02 Kristin Demoranville

Thank you. Thanks for doing that work. I think it's great.

00:13:19 Kristin Demoranville

There just jumping in for a quick break and to say a big thank you. Firstly we've made it to 30 episodes of the show. Wow, that's 30 episodes of conversations about agriculture and food technology and the people working hard behind the scenes to keep us safe. Thank you all for being part of this journey. If you haven't already. Please like comment and share.

00:13:40 Kristin Demoranville

Podcast it really does help spread the word and the.

00:13:43 Kristin Demoranville

Mission on a more personal note, I want to take a moment to say thank you to all who reached out recently after the passing of my cat Kai. She was 20 1/2 years old, which is 103 in human years. Obviously she was a huge part of my life and this show since she's been present through all 30 episodes behind the scenes recording and editing.

00:14:04 Kristin Demoranville

Your messages, text emails, pet stories, and photos that have been sent along the way in the last week or so have meant more to me than I could put into words. Brief is a complex creature. A community makes it more bearable, so thank you.

00:14:19 Kristin Demoranville

Surely this community is incredible and I'm so grateful you're here. Thank you so much. All right, back to the episode.

00:14:34 Kristin Demoranville

So now that we've, we've definitely gone through your background in defense and advanced systems, you know in general security.

00:14:41 Kristin Demoranville

How familiar are you with the agricultural and the food sector and critical infrastructure?

00:14:46 Brian Schleifer

Yeah, sure. So part of the studying was looking at that right for some of the courses and that's when I was, it was really eye opening and even looking at now like industry, industrial Technology, 4.0 and the irony is just before I go a little bit backwards. But the irony is I'm currently I have two courses that have started.

00:15:01 Brian Schleifer

May and one of them is strategic management and information technology, I believe. And funny enough, it's it's honed in on industry, technology, 4.0.

00:15:10 Brian Schleifer

So I get to.

00:15:11 Brian Schleifer

Dive in even more, and so again everything like you said, weaves together. So to be honest with you, right. Am I like completely, 100% immersed in agricultural cybersecurity? No. Have I read a ton of articles and like we talked about a little bit before the recording and learned more about the digitization of not only, you know, the data, but also the autonomy of certain agricultural.

00:15:33 Brian Schleifer

Things like tractors and so on, irrigation, all of those was very eye opening to me. Drones looking at the the soil and doing soil.

00:15:40 Brian Schleifer

Every so learning and just saying like holy cow, like we're everywhere, right? Like as far as technology goes, it's everywhere to help speed up things, to make it more efficient and bring profitability to, you know, farmers and so on. And so that's, that's my my level, if you will. And then also like I said, realizing Ohh well some of those things that they are implementing are utilizing very similar hardware software.

00:16:01 Brian Schleifer

Firm where that I have witnessed and or, you know, been studying for my degree.

00:16:06 Kristin Demoranville

I like that you've already made the connections, especially with understanding there there does you have to.

00:16:11 Kristin Demoranville

Protect it. Like that's you. You made that connection in your mind. You didn't have to be walked there. You already did it on your own. I find a lot of times I'm spending a lot of energy and awareness which isn't a bad thing, like talking to people about things. That's fine because we're so far removed from our food system and we've made it the most complex system on the planet. That it's people just don't want to.

00:16:31 Kristin Demoranville

Go near it.

00:16:31 Kristin Demoranville

Because it's like trying to find that needle in haystack, literally. Or it's a ball of string there don't want to have to.

00:16:37 Kristin Demoranville

Travel and the cat is still messing with it.

00:16:39 Kristin Demoranville

You know what I mean? It's definitely difficult.

00:16:40 Brian Schleifer

Yeah. Yeah, it's funny. I so I used to travel to Tucson, AZ. Why? And there's a lot of people from Caterpillar there a lot. It's one of their proving grounds. And man, it was eye opening. Just hearing some of their conversations they're taking. They're global, right. They're all over the place. And how much they're looking at cyber security. In fact, there was a gentleman I met at the conference there from.

00:17:00 Brian Schleifer

Killer here's the cool part. You know, hashtag shout out Caterpillar if you have. This is a job available. What? So here's why I like about that. There is cyber security in every aspect of that company. They have enterprise, right? IT they have the manufacturing side and they have the product side. They have literally every component.

00:17:07

Shameless.

00:17:21 Brian Schleifer

If you will respectively from a discipline and focus in that company. So and I thought that was fascinating to me because depending on who you talk to and even the agricultural side, right, they they may have two or three of those those bits, right. If you look at like a John Deere or something like that.

00:17:36 Brian Schleifer

But because they'll tie in, maybe they they do it all and they're trying to incorporate like what we talked.

00:17:41 Brian Schleifer

About the ohh.

00:17:42 Brian Schleifer

You're gonna crack me smart for me. No precision farming.

00:17:44 Brian Schleifer

Precision farming, yeah.

00:17:47 Brian Schleifer

But they're trying to tie that into their equipment so they can provide it to the farmers because they know it's beneficial to them. But I will tell you after reading it and this is the part going back to like what I know or whatever the tie in was, I didn't really consider.

00:17:57 Brian Schleifer

The data, the protection of the data, proprietary data, what is going to help increase and help the farmers out. I didn't really put that together and I was like ohh, they actually have that entity or focus that they're looking at. That's important to them as.

00:18:12 Kristin Demoranville

Well, there's a lot of data in precision farming because everything is all the decisions are made.

00:18:17 Kristin Demoranville

With the data from precision farming, part of the reason why Caterpillar fun fact? Part of the reason why caterpillars become such a powerhouse since our security is because they had a potential vulnerability in their software back in 2021 and they did notify DHS about it, and they worked through it.

00:18:35 Kristin Demoranville

And they all they were contacted. So they take it very seriously, which is great because that's what we need proactiveness not like reactiveness, if you will, Grant said. It was reacting to a vulnerability. However, it was being proactive by letting people know it was happening. So I'm not surprised to hear that at all, Brian, like, they, they definitely were going through it. You know, when that situation.

00:18:55 Kristin Demoranville

Rather, I think the data for me as well was a very big eye.

00:18:58 Kristin Demoranville

Opener years back when I was.

00:19:00 Kristin Demoranville

For a bakery company and realizing that we actually have a lot of secret data on the proprietary data and nobody was talking about it or thinking about it and this was like pretty cloud, so everything was still kind of on Prem, but it was sort of starting to migrate to the cloud and the food industry is really interesting because they've done a good job of migrating some things to cloud. But other things not yet. It's interesting like it's a.

00:19:20 Kristin Demoranville

The evolving process that's happening, but in terms of farmers and equipment, that's autonomous, you have to think about how are they getting their updates, who comes out to fix their equipment.

00:19:29 Kristin Demoranville

Do they have right to repair some? And this is obviously a debate. It's now good put to bed. Thankfully they do have right to repair, especially John Deere, but how do we deal with that updating and so I don't know if you heard about this Brian Bradley because you live in Florida and it didn't affect you, but in the Midwest, the northern Midwest.

00:19:50 Kristin Demoranville

And Canada, they had a solar flare incident, which isn't a cyber security incident, but it knocked out the GPS on their tractor.

00:19:57 Kristin Demoranville

And in order to do precision farming, they need GPS to have the coordinates that is pre programmed by, you know, obviously data and all these things to be able to plant properly and when that was knocked out granted it was like, you know, an act of God. So it was not. We can't really do anything about that.

00:20:05

Alright.

00:20:11 Kristin Demoranville

It caused a.

00:20:12 Kristin Demoranville

Lot of havoc and people who had only learned how to farm in that precision.

00:20:17 Kristin Demoranville

Technology era. We're like, I can't do this. I cannot harvest. I can't do this stuff and it's like the old boys and girls. How to come out of like, retirement, teach them how to.

00:20:27 Kristin Demoranville

Actually harvest properly via analog, so I still got done. It just wasn't done and it's like efficiently it again. That's the word I would say. And it's interesting because it's like the lesson in, you know hacking. Why would that stop a hacker? And they just now know how disruptive that is, whether it's disruptive or financial. Either way, that's the two things we're most worried about.

00:20:47 Kristin Demoranville

And the food industry in general.

00:20:49 Brian Schleifer

Well, Kristin like to me. So one of the things I I think about often, right is there's always the financial aspect, right. So holistically speaking, I think of it from a, I'm gonna say safety and strategic stand.

00:21:01 Brian Schleifer

Point if I were, you know, like playing like a kid, playing risk or something, right? Back in the day, the board game risk. But if I were to try to do something malicious and have that intent in that mindset, what would I do? And one of the things I I like to talk about because they do the military exercises is you take away resources, right? You have psych warfare.

00:21:21 Brian Schleifer

Resources and those are two big deals. How? How do people operate on a day-to-day basis? They need their resources, they need water and they need food. So what can you do? You can look at taking down irrigation and you know farming equipment and where the capabilities that they utilize to do those respective.

00:21:38 Brian Schleifer

And to make the water drinkable and potable for for humans and or the food necessary. And is that the long the long game? Maybe right? If I'm already taking down things like, you know, banking and the health industry and like, now I'm starting to push you back into the, you know, the quote, UN quote, dark ages, if you will. Right now, I'm taking away. I have to go back to the.

00:21:58 Brian Schleifer

Old school farming, as you said, maybe the equipment doesn't exist or they have to try to find pieces and parts that get that back running because any kind of books, fiction, non-fiction that you read, it's a it's a time game, right? It's this whole length of time. So that's just a plan in it, right. There's the whole like, D-Day. And then you go -1 week, two weeks, so, so on and so forth. So you put that strategy.

00:22:17 Brian Schleifer

Really in there. So it's like it's a concern that you look at all these advanced persistent threats that are in these devices that people are fighting and you go, OK, when is that gonna? When are they gonna push that button for a tractor or a food processing plant or you name it right? Anything else? I mean, if they take down the finance industry, how many people that work for respective farmers?

00:22:32

Yeah.

00:22:38 Brian Schleifer

The agricultural business are going to go in on day-to-day work because now they don't have the money to supply back to pay for whatever, right? So there's it's a whole team of events and it's very interesting to think about that from an event phase perspective.

00:22:50 Kristin Demoranville

Especially since the critical infrastructure sectors are actually created based on the military right? You need these things that are to move and.

00:22:57 Kristin Demoranville

If you will, and obviously the betterment of society as a whole, like a country, you can't function without these particular items and the critical 16, we're actually the critical 15 until 2020 when the attitude and act finally which.

00:23:09 Kristin Demoranville

Is like what?

00:23:11 Kristin Demoranville

What took so long for us to put that on the list, I don't know. And again, I really wish somebody would tell me because I really.

00:23:16 Kristin Demoranville

Want to know? I'm very curious about this.

00:23:18 Kristin Demoranville

However, the interesting thing about the food and ag industry is it still lasts at the table for funding. It's very heavily privately owned. We know this and it's because again, it comes into a lot of different human factors, you know, shame.

00:23:33 Kristin Demoranville

The admitting and then something happened. Customer perception. What's going to happen to the shareholders if it causes a foodborne illness? If it kills anybody, those kind of things are all these factors that are in it that aren't good feeling. So we're instead of actually dealing with in a productive manner, we're just.

00:23:49 Kristin Demoranville

Going to kind of ignore.

00:23:49 Kristin Demoranville

That and and I think as.

00:23:52 Kristin Demoranville

Our security professionals, OSS, any of the people that are in these particular critical.

00:23:57 Kristin Demoranville

Structures. It is our obligation. If you see something you need to say something, I go back to boars head for example, because that's one of the latest and greatest disastrous things ever. You can tell me that we wouldn't have seen something because we're in everything. We know what's going on. And and again I will say this, that it sees everything. So it is security. We see everything. We see cameras.

00:24:17 Kristin Demoranville

We see who people are walking in and out. We see the firewalls, we see it all. We can probably tell you if there's a spill before you even announced to your supervisor, there's been a spill or something else has happened. We have an.

00:24:30 Kristin Demoranville

As a human to report when we see something that happens, especially when it comes to this data situation and learning how to tackle it, and whereas in what's important and what's secret, we need to acknowledge that there's secret special data in the food industry. I was on a podcast on a couple years back, Brian. The conversation came up with the the host literally said there's nothing secret.

00:24:50 Kristin Demoranville

And the food.

00:24:51 Kristin Demoranville

History and instead of like, you know, beating them up on air, which I did not do, I said, hey, what's your favorite snack? And you mentioned a very heavily processed snack. I was like, oh, hey, did you happen to notice that the the flavor has changed with the the filling and the the actual pastry a couple years back? He's like, yeah, I totally did it. I said, yeah, one more banana 4 than vanilla for it. Right. And.

00:25:11 Kristin Demoranville

He goes. Yeah, that's weird. How do you know that? I said yeah, because my company had bought it. But I was working for, and they used to make it like the filling. Specifically, I said you can't tell me that. That's not. He was like what?

00:25:20 Kristin Demoranville

Do you mean? Doesn't everybody have access to that recipe? I said no.

00:25:24 Kristin Demoranville

Because like you.

00:25:26 Kristin Demoranville

At the beginning here things change. You add a little bit, you take a little bit, you know, a little less little that you know and it it's and all the quality work that goes into it and all the marketing that goes into that, all the things that's covered it, that's secret, that's safe. You know, we need to know this and This is why. And I know you heard me say this many times already when we specially when.

00:25:46 Kristin Demoranville

You need to understand the industry that you are assigned to protect. If you do not understand that industry, you need to leave that industry and go to the industry that you know or learn more, one or the.

00:25:56 Brian Schleifer

Other has happened. I like the second part. I like the. I like the learning more.

00:25:58 Kristin Demoranville

Yeah, I really want.

00:26:00 Brian Schleifer

You know that's, that's why, yeah. And and like, the whole Doctor, Carol Dweck, wrote the book called Mindsets. And they talk about growth mindset and fixed mindset. And it's not only.

00:26:00 Kristin Demoranville

Stay curious, right?

00:26:06

Mm-hmm.

00:26:09 Brian Schleifer

Like what you would?

00:26:10 Brian Schleifer

See at face value of just learning it, it's actually like taking the time and understanding the resources and putting those in place so you can learn. So there's a little bit more as far as the intrinsic motivation goes for that.

00:26:20 Brian Schleifer

But to be honest with you, I I completely agree. And again right, one of the reasons I'm pursuing this terminal degree is to to continue learning. I think that's so important. Things evolve so quickly and again it it's everyone has different mindsets. You stated this a little bit before, but I'm a very much I want a big picture so I can focus on a small piece of that pitch.

00:26:39 Brian Schleifer

I think if you just use small picture or like a very niche area and not understand everything else, you're doing yourself a disservice. So while people like you were there, right, you're at the industrial control system, right? So you got you got way more right. There was a ton of people there from other areas in the industrial industrial area. And so I think that's imperative because if you just stove pipe.

00:27:00 Brian Schleifer

So you're missing out on the opportunity to have conversion.

00:27:03 Brian Schleifer

A great example, right? I was. I was talking a little bit about this in my presentation and we've had a follow up meeting, but there's a group of 60 folks in water, wastewater down in Texas and they do this free event and they invite people that to come over and just have conversations in these areas that they're struggling and whether that could be risk assessment, risk management, penetration testing, you name it, right.

00:27:23 Brian Schleifer

And they have these subject matter experts come in and have that conversation, and they're not able to learn and say, just like you did, right. And this may be more internal. That's OK. Hey, you're on the struggle bus with this. So are we. How do we solve that? Well, we have some people, some experts come and chat with us or we found someone that we can actually learn from.

00:27:40 Brian Schleifer

Right. That we just do some training or something like that. And and honestly, like you said, This is why insurance exists and other people make profit and don't care about reputation is you have to have the buying of leadership or you're not going to have the funding and resources. And if you don't have that, you're not going to have people that care, right. And so they're going to eat it whether.

00:28:00 Brian Schleifer

At the end of the day, if that's their job, right? I thought that was really important. You're talking about distribution of things like solar winds, right? Solar winds is big. Everybody heard about it? I was like, oh, my gosh, we were aghast about that. The big thing was that I forget if it was the size or somebody CIO knew about it, still did it. And then he lost.

00:28:17 Brian Schleifer

His job, like and as he actually got sued, if I'm not mistaken by the government or someone else. That's where the teeth comes in. You see that in the medical industry? In fact, it was just the FDA was like section 704B or whatever. Said medical devices have to have reasonable cybersecurity, which that's talk about policy. I think when you have that subject, we'll talk about what reasonable means I throw up.

00:28:19

Yeah.

00:28:37 Brian Schleifer

Tell me. Hear that word?

00:28:38 Brian Schleifer

By the way, sorry for.

00:28:39 Brian Schleifer

People but anyways. Ohh I I was like, what does that mean? But now there's some war coming out. There's some more direction about medical devices and so on which like I said, it came out like a week ago. There's just more and more more coming out that's pushing that. And you have to follow that documentation and people need to realize.

00:28:56 Brian Schleifer

That on the C-Suite all the way down to the people that are implementing it and because it gets lost in between and again, that's the biggest thing about policy is that middle ground people can write it, talk about it, people know how to implement it with. They're losing that middle ground because that has to do with resource allocation. And then like the true understanding of, like, what do we implement? Right. There's the how I got that.

00:29:16 Brian Schleifer

Just what do we implement? Because reasonable doesn't mean anything, and that's the medical right. I mean, name it that you can throw. Throw it out there. It's across the board.

00:29:19

Yeah.

00:29:23 Kristin Demoranville

I think a lot of the reason why I really I really enjoy working for this are working in food and AG in general as a cybersecurity professional or OT whatever you're calling is they go through the same things that we go through in terms of risk assessments, posture, evaluating, quantifying all these things. They're doing the same thing.

00:29:43 Kristin Demoranville

Just doing it from the food side, right? I challenge anybody who's listening, and I definitely would suggest you look this up too. Is the Peanut Corporation of America. Do you want to talk about really messed up situation with food and allergens?

00:29:58 Kristin Demoranville

And people being hurt just because there was a corrupt head of leadership, there is your 1, I believe he's.

00:30:05 Kristin Demoranville

Still in jail, actually.

00:30:07 Kristin Demoranville

Also two I I said this, I've said this a couple times and I and I I need to find a better way to say it.

00:30:07

Yes.

00:30:12 Kristin Demoranville

Brian, so maybe.

00:30:13 Kristin Demoranville

With your system thinking mindset, maybe you can help me come up with a better way to say it.

00:30:19 Kristin Demoranville

I really, really wish that the the sea suites would take food safety and cybersecurity seriously in the.

00:30:25 Kristin Demoranville

Breath test the cyber physical systems that you mentioned at the beginning and when we start talking are connected to food safety systems and are part of the food safety process and that goes from agriculture all the way into like production. And I don't think any leadership ever wants to get the call that is cyber security incident affected food safety.

00:30:45 Kristin Demoranville

Cause of foodborne illness or any of that right there are recalls that have happened obviously and people catch that which is great, but could you imagine having to be whether you're a CISO, a CIO or CTO, any of the type role?

00:31:00 Kristin Demoranville

And have to call your CEO or your shareholders and your board or anybody and say hey, just so you know this this is what caused this issue like like that's this is this is the disconnect between our industries, everybody's really focused on data and that's great. It has to be protected and glad and we've got enough issues with it, right. And it's definitely the new warfare in a lot of ways.

00:31:07

Yeah.

00:31:08

Yeah.

00:31:22 Kristin Demoranville

And will continue to be, but we are not just dealing with data, we are dealing with safeguarding lives like we are legitimately dealing with things that could end lives, devastate communities.

00:31:32 Kristin Demoranville

Cause more issues environmentally beyond any of that stuff. We just want people to be able to go home at night from their job and also keep their family safe and anyone else in the community around it, right? Yeah. Every time there's a disaster, it's a community issue, right? So when, like, boys, had had a close that plant because they have this awful food safety situation happened and people got sick. And if you.

00:31:52 Kristin Demoranville

Who passed that affected that community? That was 500.

00:31:55 Kristin Demoranville

People who lost their jobs.

00:31:56 Kristin Demoranville

Now I was so messed up I was so avoidable right in a lot of ways. Same with Peanut Corporation of America, same concept. I'm really worried about what it's going to take for people to start paying attention because policy is not being written about cybersecurity in the agricultural space. Yeah, there's the farm and cybersecurity bill that's out there, but it's it's not enough. They want you to do.

00:31:59

Uh-huh.

00:32:16 Kristin Demoranville

Exercises and tabletop exercises every three years to test your resilience.

00:32:21 Kristin Demoranville

Every three years. Are you joking? Like that should be quarterly and minimum in my opinion. Well, it's about priorities, right? Can you roll it into your food defense budget? Can you allocate it to production? Can you do other things right? It's all about how you creatively think about the problem and how you're thinking about the solution, because a lot of times we are focused.

00:32:36

Yeah.

00:32:41 Kristin Demoranville

On the problem.

00:32:42 Kristin Demoranville

And it needs to be more about the solution. What is the solution here? Education, awareness, understanding. Connecting dots systems thinking all these things because the food industry is so interconnected with all these other industries.

00:32:54 Kristin Demoranville

I mean, how are we going to move away from oil and gas? We're going to use it. We're going to use food. We're going to do biofuels, we're going to create things with more organic substances because we have to have a solution because we're eventually going to run out of all that, you know what I mean? And we're going to come back to soy is going to be.

00:33:10 Kristin Demoranville

The big premiere, it's.

00:33:11 Kristin Demoranville

Still, it is today already and I think that.

00:33:13 Kristin Demoranville

People need to start taking a look at that. It may not affect your generation and right now, but it's gonna affect kids, grandkids.

00:33:20 Kristin Demoranville

And future generations. And if you don't care about any of that, OK, maybe.

00:33:26 Kristin Demoranville

No, I I just. I really think that people need to start realizing that it's the betterment of humanity and it's for the greater good. And that's something that is really hard for people to wrap their heads around because that's a larger, you know, outside of their their scope because we forget that we're world citizens too or not.

00:33:43 Kristin Demoranville

West American citizens, or wherever you come from.

00:33:46 Kristin Demoranville

Or world citizens.

00:33:47 Kristin Demoranville

Yeah. And I think, yeah.

00:33:47 Brian Schleifer

You reminded me I'm sorry. Go ahead. Yeah, you reminded me of something. So I was talking to my wife last night.

00:33:54 Brian Schleifer

And it's it's it has to do with this right? Cause everywhere I've gone. In fact, Jacob, the guy brought to the last conference was super surprised. And I said, man, I've been. I've heard that this at the conference the last three years I've gone the resource allocation, the C-Suite, how do we get people to understand it by this end? And like I've studied, you know, like company and somebody understand, but who is it's called STP.

00:34:14 Brian Schleifer

System theoretical process analysis and there's one with cyber security and it started off in safety with Nancy Levinson and MIT. And then a gentleman, William Young, goes by dollar, did it for the same security side of the house anyways.

00:34:28 Brian Schleifer

The point being is it's a different way to think about it, and it stemmed from safety and he learned I can utilize a lot of stuff that was used for safety and the security. So I'm going to just tell, you know, talk about two things, if you don't mind. There's a great book called The Power of Habit by Charles Dunham. I always pronounce his last name incorrectly, so my apologies. But one of the chapters.

00:34:48 Brian Schleifer

Or to talk about an aluminum factory. I can't remember. It's it's all real stuff. They were having safety issues like life loss issues and they're trying to figure out how to fix it. And so one of the the guys, you know, they went to the stakeholder meeting, they're pretty.

00:35:01 Brian Schleifer

Excited about learning?

00:35:02 Brian Schleifer

About you know this this new profitability and the guy said.

00:35:06 Brian Schleifer

We're not talking about any kind of stakeholder information. We're not just talking about price. We're going to talk about safety. We are going to prioritize safety and everyone's like, oh, what we want to know about our numbers and how much we're making and all this stuff. And he said, no, we're going to focus on it and.

00:35:18

Yeah.

00:35:22 Brian Schleifer

He started implementing.

00:35:23 Brian Schleifer

Things and putting stuff in place. Some of those were, hey, I'm going to put these suggestion boxes.

00:35:27 Brian Schleifer

Down on the floor. Right and.

00:35:29 Brian Schleifer

How people start writing about how can how we can make things safer.

00:35:33

Well.

00:35:33 Brian Schleifer

They started to do this and I'll make this short. They started to do that, but it actually started to make things more efficient as well. So you're saving lives. You're making it more efficient. Which, oh, by the way, gives you higher profitability because now you're sustaining something longer and it's more efficient. So you're doing more X, you know.

00:35:49 Brian Schleifer

Making whatever kind of aluminum widgets, if you will, and the same amount of time than you did, and there was a point where in there he said that one of the gentlemen got word of the suggestion.

00:35:58 Brian Schleifer

And and one of the things he said was if any board member gets it, it must be presented that you can't ignore it. And one of them did and he fired him on the spot, which I thought was crazy. But what it made me think about with all these things, as you said, the interweaving is, you know, when did OSHA get stood up? When did safety start, and how did that start? Because we're at the point now where.

00:36:18 Brian Schleifer

Cyber security does create.

00:36:20 Brian Schleifer

Of life, I would say more indirectly with the food, right, but directly as an equipment, right? Whether that's a pressurization thing, something failing, creating a fire, you know, direct life of loss, life, loss of life.

00:36:35

So you might.

00:36:35 Kristin Demoranville

Well, yeah, it's the cyber physical.

00:36:37 Brian Schleifer

Yeah, but what I mean by that is I think we're at that time period now.

00:36:42 Brian Schleifer

I think you know, I was asking my wife who was in medical like when did they start? Like, how much? How many resources were allocated to you for safety right in the medical community, when you looked at your budget, did they say 10 or 12% or whatever is for PPE and other safety measures, right? Because that's literally what they do, right? The Checklist Manifesto is a great book talking about some small things that.

00:37:02 Brian Schleifer

Increased, you know, saving lives and it's like how much funding goes to that because now it's like we're looking at that from a cyber security person.

00:37:10 Brian Schleifer

You know, there's these separate organizations that are getting funded in communities because we have safety organizations and you name it, any industry, when are we going to have the funding and out the resource allocation for separate cybersecurity organizations and all those because they're not doing it. They're picking somebody to save face. They're saying, hey, we're going to hire cybersecurity so we can, I hate to say.

00:37:28 Brian Schleifer

This this is pretty.

00:37:29 Brian Schleifer

Whatever. Hey, you know, there's the scapegoat, right? Stuff goes down. It's the same security guy or girl. The guy out, see? Yeah, thanks. You know, thanks for being there and filling that position because they're asking for it, right? They're looking at stuff going around. And this is, by the way, cross industry. And you can go back and look at some history of some people that chose to lose, leave their jobs because they kept asking for things and they weren't getting it.

00:37:50 Brian Schleifer

And it's like, hey, at at the end of the day, it is just as important as safety.

00:37:54 Brian Schleifer

Security and safety are blending together. They make sense. You need to allocate those resources as necessary in both those fields. That's I mean that's where we're.

00:38:04 Kristin Demoranville

At with that, yeah, I mean and that's that's why, you know, PHA's to focus on looking at safety of a facility as well as cyber security is super important. I mean not shameless.

00:38:14 Kristin Demoranville

What my product hands and OT does that and we know a few other people that are focused on that, I do think that people need to start looking at things in parallel because they are similar and this is what's important.

00:38:31 Kristin Demoranville

We found our.

00:38:32 Kristin Demoranville

Episode on Agroterrorism featuring the Animal Agricultural Alliance, insightful. Here's another opportunity to explore more important conversations about our food system, and if you haven't already listened to that episode yet, I would highly recommend it.

00:38:47 Kristin Demoranville

Speaking of important conversations, inspiration comes in countless forms. It's a thought, a conversation, a connection, a chain reaction. We never know exactly how inspiration will hit, but we do know this when ideas and perspectives are shared across the table. They don't just add.

00:39:06 Kristin Demoranville

Multiply at the animal AG Alliance 2025 stakeholder summit happening April 30th through May 2nd in Arlington, VA hundreds of food chain partners will come together to tackle one of the biggest topics in the industry, sustainability.

00:39:23 Kristin Demoranville

This year's theme food for thought, dishing on sustainability. It's all about bringing together a diverse group of decision makers from farms and ranches to restaurants and retailers to discuss the future of how we raise and distribute animal protein with a dash of innovation and a heaping serving of collaboration.

00:39:46 Kristin Demoranville

The summit is where meaningful conversations happen, shaping the future of our food system for generations to come.

00:39:52 Kristin Demoranville

Register by April 25th to reserve your seat at the table. For more details visit animalagalliance.org or check out the link in the show notes.

00:40:08 Kristin Demoranville

I think people need to take a step back and realize that again, like food, defense for protection, people in general and fighting the same fight as them security, they're just doing it on the food side. But the technology they use is the stuff that we're supposed to be protecting, if that makes sense.

00:40:23 Kristin Demoranville

So business continuity, disaster recovery off to be included in these conversations and we're doing so many things in silos, Brian, I know you know this that we're missing the ability to go across and I've said it before and I'll continue saying it disruption.

00:40:37 Kristin Demoranville

We need people to come across it and say.

00:40:39 Kristin Demoranville

Hey, just let you know these.

00:40:40 Kristin Demoranville

People over here in Silo are doing the same thing you're doing in silo D like, let's have you talk to each other. To me, finding that common ground where people can stand together as you know, individuals as well as a community is super important. And this is what I love about the OT ICS environment and I'm sure.

00:40:57 Kristin Demoranville

You can speak to this very clearly to where you know we really are a community in ourselves, as if you take it like it's a cybersecurity community is a large I love our niche, I love, I love being in the OT ICS space because.

00:41:10 Kristin Demoranville

We really do get that we're doing more for humanity than just making sure you can send emails and they don't get attacked, you know, and.

00:41:19 Kristin Demoranville

It really it really.

00:41:20 Kristin Demoranville

Brings a sense of of meaning and purpose to your job in a different way as well. You know, making sure that people understand that we are interconnected. We are constantly working. That's why I do the presentations.

00:41:31 Kristin Demoranville

Do about the soybean, how we're all interconnected and how this little plant brings us all into a full circle. And I think that if people started looking at it, not just in their own little environment and get stuck on it, it would probably alleviate some.

00:41:44 Kristin Demoranville

Stress and we start to.

00:41:46 Kristin Demoranville

See that you know. Hey, you got.

00:41:47 Kristin Demoranville

A whole support group behind you and.

00:41:48

You get all.

00:41:48 Kristin Demoranville

These people that are with you so that that's good.

00:41:50 Brian Schleifer

I think cyber security professionals wear many hats, not only in their complete discipline in the service area, but they're also part time PMS and part time storytellers, right? So so you have to go in with the mindset of like being able to story tell and be able to present data appropriately at any given time according to your audience.

00:42:00 Kristin Demoranville

That's.

00:42:10 Brian Schleifer

Right. And what I mean by that is then you get into the PM arena of looking at numbers, right? So I was fortunate, I, you know just through my path or whatever I did some, some some school work and finances.

00:42:21 Brian Schleifer

And not not the big finances. Just, you know, courses or whatever, but it's very eye opening because that that enables you from like you know project management perspective to go in and look at the resource allocation. So you can start going and looking at your companies resource allocation and start funding that out like you know again like hey 20% year over year whatever to add to your cybersecurity needs.

00:42:41 Brian Schleifer

If you will, but the biggest thing is, like you said, having the buy in from those other people and not being a stove pipe. And what I mean by that is a lot of.

00:42:49 Brian Schleifer

The things that we.

00:42:49 Brian Schleifer

Do like if you at all like we we do like mission based risk assessments, right? So it's a little bit.

00:42:55 Brian Schleifer

We're mostly stringent, but more focused and I like it a little bit better than a typical cyber tabletop, so it was so important because we did have.

00:43:04 Brian Schleifer

The right people.

00:43:04 Brian Schleifer

In the room we have the logisticians, we have the like the the war fighter, the operator. We have the people that are responsible for the finances in the room.

00:43:15 Brian Schleifer

Right. We have the decision makers. We have the cyber hacker, ethical professionals in.

00:43:20 Brian Schleifer

The room, they're all.

00:43:22 Brian Schleifer

Sit around talking about that to that same goal at the end of the day, the same goal, which is, you know, again the mission that could be the mission of safe and secure food. It could be the mission of safe power grids, you know, to supply safe water, you know, wastewater, whatever occurring. That's the same goal. And you have to sit in there because then you can.

00:43:42 Brian Schleifer

Hear their perspective.

00:43:43 Brian Schleifer

And you're able to get that you go. OK, awesome. And at the end of the day now, when you're going up that.

00:43:47 Brian Schleifer

That next Echelon, or level or leadership in your?

00:43:50 Brian Schleifer

Asking and you go listen. This is like across.

00:43:52 Brian Schleifer

The board I'm.

00:43:53 Brian Schleifer

Not seeing doing any like paper document where you go sign all the different organizations you know, they're leans on it, but now they all understand. So if you're sitting in the boardroom or another room together with one of those leaders, you all start to get the head nods and you go, hey, remember, Bob, when we were talking about that and, you know, actually how we're getting that supply in.

00:44:10 Brian Schleifer

And how that's such a big deal to you, right. And then. Ohh, yeah. Hey, Jake, remember when we talked about the the need and like, hey, if if it fails then now we're gonna be put back two weeks. Which according to Jane it means now we're gonna losing you know a revenue of $2,000,000. So like you have all the people in the room.

00:44:15

MHM.

00:44:27 Brian Schleifer

You're tying it all in so.

00:44:29 Brian Schleifer

And you have the data and the data. It is so hard. Every leader I've ever gone to, it doesn't matter what kind of personality, because some people like pictures, some people like or some people like numbers. If you show them that data like you've done the research, it is very, very difficult for them to dismiss that. It is very difficult and that's proven out. Go away with your idea, your emotion.

00:44:49 Brian Schleifer

Is your Skype screen person but have the data to back what you're talking about.

00:44:53 Brian Schleifer

Have those use cases like you just mentioned and some other ones I found in that Article I sent to you that are out there and show those people that because sometimes like you said, they're either buried in, like, trying to make profit for their stakeholders or doing something else and they don't see all those things occurring because as you.

00:45:09 Brian Schleifer

Know.

00:45:10 Brian Schleifer

They're not necessarily always publicized in mainstream media.

00:45:13 Brian Schleifer

So very good stuff there. So anyways, I just wanna prove a point like, hey, what's filling your need and sense of purpose and and satisfaction like, you know?

00:45:20 Brian Schleifer

We're doing it globally.

00:45:20 Kristin Demoranville

For all the people around the world. Yeah. And I I think you're right. You know, you have to quantify it and you have to get people to build community together like common ground. That's what those exercises are.

00:45:31 Kristin Demoranville

Or I call them extended security assessments extended risk assessments, rather so ERA's as I call them. And I think it's super important to get everybody from different functions and room together to be able to figure out the common goal of, hey, let's keep the company running, keep it working, keep them safe and then obviously keep make a product that's not going to hurt people kind of thing.

00:45:51 Kristin Demoranville

I think those are super important. I think moving forward though, we need to find a way to do that on a grander scale. I do think that there needs to be better regulated.

00:46:00 Kristin Demoranville

Does that serve better purpose? I do think that we need to have policies that make sense for all these stakeholders in these facilities. There isn't a cyber security, food and agricultural framework yet, but we need to have, I think we need to have a little bit more industry specific frameworks to help people because ultimately what happens is people just need to know.

00:46:20 Kristin Demoranville

How do I not have this happen? What do I do when this happens and how do I prevent this from happening so building of resilience right?

00:46:25 Brian Schleifer

So it's so Frank, listen, that you said that. So this is something I've been thinking about, especially in my new position. So I do security control assessing right, which is think of any kind of nest, you have a security control or some instance. You know the framework is.

00:46:39 Brian Schleifer

More overarching, but then they they they point to controls, right? Security controls and then OK, now the you go to the narrative. You're like, how do I enter these controls? Something I see missing. And I had a young lady, Glenda Snodgrass. So she did a presentation, the same place I did. And the new CMC directive coming out. I don't know if you've seen or heard about it. Probably it's not in your space.

00:47:00 Brian Schleifer

Necessarily, but it has to deal with NIST 171, which are.

00:47:02 Brian Schleifer

A bunch of.

00:47:03 Brian Schleifer

Controls. They're all very similar, by the way. Across the board you need.

00:47:06 Brian Schleifer

But she had some examples in her presentation. She had examples of some some good examples and bad examples of how to actually answer these security controls and.

00:47:15 Brian Schleifer

I thought how.

00:47:16 Brian Schleifer

Important and how imperative that is, because this goes back right. This is that education piece and it's sort of a swinging pendulum, if you will, is if I have a good example, I understand.

00:47:26 Brian Schleifer

Stand. But I can't just rely on a Windows or Linux operating system or something along those lines. Or, you know, VX works or something to protect my system. I can't just say the operation operating system is protecting it. I need to understand that those respective FPGA's or other things in the PLC or SCADA system.

00:47:46 Brian Schleifer

Have more configuration.

00:47:48 Brian Schleifer

This hopefully and things I can do to protect my system and holistic holistically the system of systems.

00:47:54 Brian Schleifer

Right. And and.

00:47:55 Brian Schleifer

Also, good goodness gracious, I've written some papers. I OT holy cow, talk about you do all this protecting and the weakest link is, you know, one of your third party vendors just coming in like straight access and then it just feeds everything. But like you really have to look at that and have a good understand.

00:48:10 Brian Schleifer

I mean, and I think using examples is a great idea. You can write a ton of policies and people are gonna interpret it, and then you're they're still gonna fail at the end of the day, they need to have some good examples and use cases specific. No, it doesn't mean like, hey, I write this really, you know, big thing about, you know, the ex works. And this is how this works here. And I'm using something else similar. But it's like it gives you a really good idea. Right. And the people that can read between the lines.

00:48:32 Brian Schleifer

You will have a better understanding right. You know, separation rules, whatever it may be in these these respective instances, they get an understanding like ohh OK, that's what I need to do that.

00:48:41 Brian Schleifer

Answer is that and that should get the wheel spinning and you don't see that that often because I do agree that there's such a gap between these large policies and then the procedures and then the implementation.

00:48:52 Kristin Demoranville

Well, the problem is is that the the policies need to be written at a baseline like this is the bare minimum. You need to do the bare minimum to be secure. I'll just say that air quotes and then.

00:49:03 Brian Schleifer

And that's very subjective.

00:49:04 Kristin Demoranville

And then from there, the industry can add whatever they want on.

00:49:09 Kristin Demoranville

Top of that.

00:49:09 Kristin Demoranville

Right. And I'm saying this because I wrote global policy for a large company. I had to write over multiple languages, multiple cultures, multiple restrictions, multiple laws. All these other things. So we just came up with the absolute minimum and then the operating companies.

00:49:25 Kristin Demoranville

Right, whenever they want on top of it and make it special. It's kind of like the United States has to do the minimum and the federal level, and then the states can do whatever they want at that point. I think that that's how we have to kind of.

00:49:35 Kristin Demoranville

Approach it where here is your minimum cybersecurity.

00:49:38 Kristin Demoranville

Policy and then the industries can add on to it safety. Different. Other regulations need to go on whatever. I think that that's how we have to start approaching it more so than we already are. But again that gets convoluted and then you can have like 15,000 policies and all these regulations that it's going to cause to be ridiculous. I don't think there's one ring to rule them all that.

00:49:58 Kristin Demoranville

Brian, there's no way, right? There's no.

00:50:00 Kristin Demoranville

Way and I think.

00:50:00 Brian Schleifer

Have you ever noticed like?

00:50:02 Brian Schleifer

When you talk to people.

00:50:02

Hmm.

00:50:03 Brian Schleifer

Like since like what I have seen, sit and resonate for long periods of time is a story that uses a real example, right? So I think having policies is absolutely necessary and needed 100%. So please don't take that the wrong way 100%. But I also like an example right and I don't know if this is necessary or not. And who would take this on but it's like hey, when I'm writing these policies and procedures and implement.

00:50:24 Brian Schleifer

Like I'm following a an example system. I mean you name it, it could be a tractor, it could be whatever fits into that space. It could be a manufacturing plant, something along those lines. But I get to follow what that means through those respective steps and levels of documentation. And I mean it's it's out there, right? You really have to hunt it down, but it would be nice if I got to follow that along. And I I don't know if people just.

00:50:45 Brian Schleifer

Choose not to do that on purpose, or if it's too much work or they haven't thought about that, but it's nice, right? Here's an example. Here's my what's that?

00:50:50 Kristin Demoranville

So I follow you.

00:50:52 Kristin Demoranville

I'm following you. I think. I think really what you need is you need a.

00:50:55 Kristin Demoranville

Scenario and along with whatever.

00:50:56 Brian Schleifer

That's exactly right.

00:50:57 Kristin Demoranville

It is. Yeah. So that's that's what the cyber PHA assessments do. They actually write in scenarios. So I think again.

00:51:04 Kristin Demoranville

I completely understand this and not shameless plug. Again that answer them to use the scenarios as.

00:51:09 Kristin Demoranville

Well, but that's all.

00:51:10 Brian Schleifer

By the way, I'll just pass something for you.

00:51:11 Kristin Demoranville

Yeah, I know. You actually just lined me up. You're so funny. Yeah, but it's it's. You're right. And I think that is why you and I resonate as people together because we both speak in analogies. We need to have.

00:51:14 Brian Schleifer

Softball.

00:51:24 Kristin Demoranville

Contacts with our terminologies. We need to have an understanding of how things work and that I find that I learned that back in the day because I've had a very long career, that when I was helping people troubleshoot issues and users and maybe hopping mad or.

00:51:39 Kristin Demoranville

Or just generally like, why is this woman talking to me? I don't understand her technical terminology. I had to find a way to communicate to people where they were. So now which has worked really great. I still find myself doing that and it works really well in C-Suite levels and boards. You have to be able to speak in a way that resonates. And you're right, we're missing that that piece of resonation.

00:52:00 Kristin Demoranville

I think it was a couple of months back. Do you remember when Krispy Kremes got hacked? It was a third party pop and you were talking about third parties. It made me laugh because for the first time in a while I saw the cyber community actually talking about Food and Agriculture on that level because the food industry was in the news and it made me kind of go. You need to have Donuts.

00:52:17 Kristin Demoranville

To have a problem in order to get you to pay attention.

00:52:21 Brian Schleifer

Like that's real, man.

00:52:21 Kristin Demoranville

It was sort of I I was sort of irritated actually. It was really irritating. And then actually a few people when McDonald's went through their issue with the onions that people were sending me all these articles. And I'm like, I know I I'm talking to the experts that are on the news that are informing these articles. Like I know what's happening.

00:52:38 Kristin Demoranville

And and they're like, well, why does this keep happening? And I said because you don't know what it is and what it isn't like. So let's go through this exercise.

00:52:45 Kristin Demoranville

Again, and at the beginning of our conversation, Brian, you were talking about when you lived in Europe and you were talking about eggs. Part of the reason why the United States is so different when it comes to a lot of food things is we live in a very.

00:52:57 Kristin Demoranville

Big country, we have a lot of.

00:52:59 Kristin Demoranville

Space and we have a lot of people so they.

00:53:01 Kristin Demoranville

Don't necessarily have to refrigerate their eggs.

00:53:04 Kristin Demoranville

Because they're not moving them.

00:53:05 Kristin Demoranville

Across vast miles, we refrigerate and wash our eggs because they're in transport. The eggs that get to your shelf for probably several months.

00:53:14 Kristin Demoranville

Old I know people are like, oh, no, don't forget, it's fine. It's it's the food safety ways. It's fine. But in Europe, they don't necessarily have to do that because you could just go maybe a mile to the restore and that egg house was next door, if you will. We have to be careful with apples and oranges here and to use another food and allergy that we have different things.

00:53:34 Kristin Demoranville

Going on here, we have different miles of things travel and because.

00:53:38 Kristin Demoranville

Our.

00:53:38 Kristin Demoranville

Food system is so complex we can get avocado shipped in from XYZ.

00:53:43 Kristin Demoranville

Or we can.

00:53:43 Kristin Demoranville

Get tuna shipped from Japan and it will arrive and you will have it on your plate by your lunch, you know.

00:53:49 Brian Schleifer

Yeah, Kristin, which is so funny. You bring that up because.

00:53:51 Brian Schleifer

I wrote a.

00:53:51 Brian Schleifer

Paper on on another course. Gosh, I can't remember the name of it, but it was with port security and how like they're they're starting to sneak illegal stuff in. But how you know they're going to databases and changing numbers so that they're not tracked or accounted for, but they're putting these big X-rays in so that the trucks that take off the big sea containers, you know, the cargo containers.

00:54:09 Brian Schleifer

The ships will go through this X-ray to find whatever is.

00:54:12 Brian Schleifer

Going in it.

00:54:13 Brian Schleifer

You know, when there was the big thing in the book. Oh, my brain. Just sand worms, you know, and they talked about the petman, non Petan. And they brought down the the port in Holland. And you think about that you're like, OK now my food is sitting somewhere. For how long? Right potentially. Like if there's something going down on the port. So it's like you just said there's all these things in the supply chain.

00:54:33 Brian Schleifer

And all these things that interweave that have such an effect, right, and now those respect the farmers or whoever else are starting.

00:54:40 Brian Schleifer

You know, they're kind of, you know, the money, or at least some point in that supply chain. They're losing money. So there's that cybersecurity that ties all the way back, just like you said, you know, I'm really looking for my tuner from Japan, and it's stuck in a port for however long. So by time I get it. It's.

00:54:54 Brian Schleifer

Not so great.

00:54:56 Kristin Demoranville

Yeah, and that's.

00:54:57 Kristin Demoranville

Why people don't realize the implications of supply chain in general? Because the ports are going to strike again, it's probably going to happen to this recording they have not, but people don't realize what comes off very quickly in these ports. It has to get to the grocery store and hit our supply chain first. Berries.

00:55:13 Kristin Demoranville

Bananas. I'm allergic to bananas, so I'm all four bananas not making it, but it's really interesting because people don't realize we don't have any seasons in grocery stores anymore. Brian, we can get pretty much what we want. We want it, right? But this is a global thing. This is why we've encouraged people to eat on more seasonal basis because it helps with sustainability.

00:55:17 Brian Schleifer

Doing that before I remember that before. How dare you.

00:55:34 Kristin Demoranville

But what people don't realize is how interconnected we are to the supply chain. If we have another issue like JBS, you know our attracting supply chain, we're not going to have beef moving or we're going to have problems with our beef and things like that. There's so much interdependency.

00:55:47

Right.

00:55:50 Kristin Demoranville

Delete all over the place and start unraveling it. Like I said at the beginning, it's like a both string that is just really large and it's really ridiculous and the cat is still knocking it around.

00:56:00 Brian Schleifer

Well, I think like you said, so I was reading up like it, you know, just to be fair, I was reading up and while you would think like, hey, I can knock down the power grid or something as like you said, the agriculture is a little bit behind that. So they're gonna look at, you know, the lowest hanging fruit. And if agriculture hasn't put the resource time and money into the cyber security, that's a lot easier to put a ransomware attack or something along those lines that ends up affecting, you know, the cyber physical system.

00:56:21 Brian Schleifer

Down the chain than it is trying to strike it more. Maybe a larger company that is supplying power to that respective manufacture.

00:56:28 Brian Schleifer

And plant or supply chain because they have the funding and they have, you know, a stronger protection and higher levels of protection. So again you know low low hanging fruit and ministry.

00:56:38 Kristin Demoranville

All the puns. We're here for all the puns. I was actually just thinking. I was just thinking low hanging fruit. I was about to say the meat and the.

00:56:44 Kristin Demoranville

Potatoes of it.

00:56:45 Kristin Demoranville

Is we go. This is let's really get into it. You know, what really struck me years back was when I went to a food safety conference for the first time and I really had that conversation with the people that.

00:56:46 Brian Schleifer

What we're doing?

00:56:56 Kristin Demoranville

Were going through.

00:56:57 Kristin Demoranville

Things same things we were going through, but.

00:56:58 Kristin Demoranville

From the food side.

00:57:00 Kristin Demoranville

So working in within the food industry years back or even being in the food industry as a server or serving coffee or serving meals, you really start to look at how things are so interdependent and interconnected. And then we had Russia invading Ukraine and they took out power and act first and that this is the way warfare will be. I mean, we're watching.

00:57:20 Kristin Demoranville

Our first cyber warfare really in real time, I mean they're laying fiber optic cables so they can just send out drones. It's it's a lot of things. We don't need to get into all the details. However, it crushed the market for wheat because they couldn't sell.

00:57:34 Kristin Demoranville

And then they were a high producer. But I think what's interesting is that people need to start making those connections, that it's not just about the hackers with the financial and you've you've already alluded to this or we're talking. It's also nation state threat actors. If you were going to take down another country just like risk or civilization or any of those games that we played when we were younger or still play to this day, for that matter, what are you going to go after first?

00:57:56

You're going to.

00:57:57 Kristin Demoranville

Go after electricity and you're going after food.

00:57:59 Kristin Demoranville

And water isn't there as well. Of course, you could take the water out. That would affect the food as well. I think people need to not panic and not think it's a, you know, a disaster catastrophe. Move. Truthfully, it's going to come down to water and food. You got to secure those two things. People in theory can be OK with electricity for an extent, depending on what's going on in their lives and situations.

00:58:20 Kristin Demoranville

But we can't function without food and water. We will have total anarchy, chaos, the whole we will displace and breakdown governments very quickly as well, because they can't take.

00:58:29 Kristin Demoranville

Other people. So this is what this is where I struggle with is we've just added IO T we've added cyber physical systems into these places, right? They're not even made securely. So that's problem. #1 again, product security people. You have my heart. I feel for you, but we haven't created a way for people to take their daily lives like a farmer.

00:58:49 Kristin Demoranville

Just a random farmer to be able to work with those products to feel secure about it and not worry about where their data is going because the cloud is the cloud, right? But how do we not and how is that data not intercepted?

00:59:02 Kristin Demoranville

How do we deal with that? We're already watching some of this happening with a lot of other things that are going on that are in the auxiliary or fires, things like that, people using drones, getting it caught in planes and other things we need to start thinking a little bit more broader, I think.

00:59:18 Kristin Demoranville

In in terms of.

00:59:19 Kristin Demoranville

Hey, if I do something like this, here is the ramifications, and that's for the scenario.

00:59:23 Kristin Demoranville

Girls, that's where those tabletop exercises. That's where those tabletop conversations happen. When we meet each other. Brian, you know, with conferences and stuff, and we have these, like, deep dive conversations.

00:59:33 Kristin Demoranville

Coulda, shoulda, woulda or. How do we move past the problem and get to that solution? We need to do that more, I think. And you're right. Those analogies, those conversations of storytelling, needs to come forward. But a lot of it is embarrassing or we don't want to talk about the shame of something happening. And This is why I say that cyber security is a lot about.

00:59:52 Kristin Demoranville

Chain mitigation as well as risk because we need to get people to move past their feelings, we need to get past the feelings part and start to get to the sense part. Like let's get to the sense conversation. These are the things that matter and this is what happened. And I I don't care. Like I don't care exactly what happened. I just want to get to the part where we make it OK again.

01:00:11 Kristin Demoranville

And that's that's.

01:00:12 Kristin Demoranville

The really important part of what it means to work in these critical infrastructures and sectors, Ryan, thanks for being here. I really I really enjoyed it. You you made me question some things and made me rethink some things and I appreciate that. I love it when guests do that. They challenge me when I'm talking to them in a way. You're right. We need better storytelling.

01:00:31 Kristin Demoranville

We need more analogies. We need to start thinking about things differently, but also not.

01:00:35 Kristin Demoranville

Make a big fuss about.

01:00:36 Kristin Demoranville

Like we don't need to make it a big deal. We just need to start start, you know, and do things that are going to be more proactive. So as we're leaving, I want to make sure that you give a plug out to your podcast and anything.

01:00:47 Brian Schleifer

Else you want to say before we close the show. Yeah. Yeah. First off, you know, thanks for having me on. It was a pleasure. Honor. I 100% getting TLC in.

01:00:54 Brian Schleifer

Person again, at some point at another conference.

01:00:57 Brian Schleifer

Where that is, I don't know just yet, but I really appreciate you having on I I am glad that this is getting out and being shared amongst multiple communities and industries and I think that's very important. Again, just researching and seeing it across the board and striking and I'm so happy that you have a voice out in that community and you're you're the right person to have that.

01:01:16 Brian Schleifer

Yeah, ironically, and funny enough, I do have a YouTube channel podcast that is on also on Apple Podcast on Spotify. It's called people add value, experience and the funny part I said ironically is I don't really talk about cybersecurity. I talk about interesting.

01:01:36 Brian Schleifer

People and small business and entrepreneurship. So while the focus is not cyber security, you know it does come up as far as protection of people and data.

01:01:44 Brian Schleifer

So on, but a lot of it is, you know how people are standing up and protecting their people just in general and how they're surviving as a community. And you know, I do have some restaurant people on and people from the entertainment industry and other other places because again, it's really that tie in across the board. So whatever that may be. So again, I really appreciate.

01:02:04 Brian Schleifer

You taking the time to do this and I'm really excited for this episode to come out. I'm looking forward to feedback because I like to learn and grow. As you stated earlier on. And yeah, I I hope this community continues to learn and again appreciate you taking the time and effort to do this.

01:02:29 Kristin Demoranville

To wrap on today's episode with Bites and Bytes Podcast, I want to say a big thank you to Brian for joining me and sharing his thoughtful insights on cybersecurity leadership and how we think about risk in our global sleep supply. Also, we discussed a lot in this episode. I did my best to put all the links to those topics in the show notes.

01:02:48 Kristin Demoranville

And of course, thank you for listening, supporting and being part.

01:02:51 Kristin Demoranville

Of the community.

01:02:53 Kristin Demoranville

If you enjoyed this episode, don't forget to like, comment and share it with friends and colleagues who might find it valuable until next time, stay safe, stay curious, and we'll see you on the next one. Bye for now.