Artwork

Content provided by Aaron Crows and Aaron Crow. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Aaron Crows and Aaron Crow or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!

Greg Valentine: You’re Compliant. Now Prove it.

36:25
 
Share
 

Manage episode 352307229 series 3431187
Content provided by Aaron Crows and Aaron Crow. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Aaron Crows and Aaron Crow or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

About Greg Valentine: He has over 30 years of experience in the software industry. The past 15 of which have been focused on cyber security. Greg currently holds two certifications including an ISC2 – CISSP, and GIAC – GRID. Greg is responsible for building technical solutions for Industrial Defender so that our clients receive the most effective, and most efficient implementations of the Industrial Defender software. Prior to working at Industrial Defender, Greg held cybersecurity roles at Lockheed Martin, Capgemini, CoreTrace Software and Winternals Software (a sister company to Sysinternals, now owned by Microsoft).

In this episode, Aaron and Greg Valentine discuss:

  • The challenge with proving compliance (e.g. NERC CIP)
  • Gathering quality data without manual walk-downs
  • Making the data useful, reportable and audit-friendly

Key Takeaways:

  • Proving compliance could be challenging. There’s a lot of manual work that goes into collecting data for the auditor. The data that you give has to be secure in a way where the data is unalterable, unmodifiable, or otherwise not possible to tamper with in order to ease the auditor’s peace of mind.
  • You need the right tool to gather the right data that you’ll need for your compliance report. When looking for a product, you need to find a company that’s credible. You need to minimize risk if you want to automate the process and have it run on a regular cadence to solve your compliance reporting problem.
  • The information that's collected for a PLC is very different from the information we collect from an HMI or firewall or switch but it's all critical. Once you have that data in a central repository. Now you can ask interesting questions to find that solution. There's a lot of benefit to aggregating all of this information into a single queryable location.

"[Compliance] is a good first step, you're kind of being forced. And that's not nice. But it's a minimal level of cybersecurity posture to be in. Hopefully, you take that and run with it, you extend and improve from there. But this is your foundation level for cybersecurity. it doesn't matter whatever it happens to be, that you're complying with, that should be your base standing from which you can grow." — Greg Valentine

Connect with Greg Valentine:

LinkedIn: https://www.linkedin.com/in/gvalentine/

Connect with Aaron:

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:

Website: https://www.industrialdefender.com/

LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/

Twitter: https://twitter.com/iDefend_ICS

YouTube: https://www.youtube.com/@industrialdefender7120

Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

  continue reading

47 episodes

Artwork
iconShare
 
Manage episode 352307229 series 3431187
Content provided by Aaron Crows and Aaron Crow. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Aaron Crows and Aaron Crow or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

About Greg Valentine: He has over 30 years of experience in the software industry. The past 15 of which have been focused on cyber security. Greg currently holds two certifications including an ISC2 – CISSP, and GIAC – GRID. Greg is responsible for building technical solutions for Industrial Defender so that our clients receive the most effective, and most efficient implementations of the Industrial Defender software. Prior to working at Industrial Defender, Greg held cybersecurity roles at Lockheed Martin, Capgemini, CoreTrace Software and Winternals Software (a sister company to Sysinternals, now owned by Microsoft).

In this episode, Aaron and Greg Valentine discuss:

  • The challenge with proving compliance (e.g. NERC CIP)
  • Gathering quality data without manual walk-downs
  • Making the data useful, reportable and audit-friendly

Key Takeaways:

  • Proving compliance could be challenging. There’s a lot of manual work that goes into collecting data for the auditor. The data that you give has to be secure in a way where the data is unalterable, unmodifiable, or otherwise not possible to tamper with in order to ease the auditor’s peace of mind.
  • You need the right tool to gather the right data that you’ll need for your compliance report. When looking for a product, you need to find a company that’s credible. You need to minimize risk if you want to automate the process and have it run on a regular cadence to solve your compliance reporting problem.
  • The information that's collected for a PLC is very different from the information we collect from an HMI or firewall or switch but it's all critical. Once you have that data in a central repository. Now you can ask interesting questions to find that solution. There's a lot of benefit to aggregating all of this information into a single queryable location.

"[Compliance] is a good first step, you're kind of being forced. And that's not nice. But it's a minimal level of cybersecurity posture to be in. Hopefully, you take that and run with it, you extend and improve from there. But this is your foundation level for cybersecurity. it doesn't matter whatever it happens to be, that you're complying with, that should be your base standing from which you can grow." — Greg Valentine

Connect with Greg Valentine:

LinkedIn: https://www.linkedin.com/in/gvalentine/

Connect with Aaron:

LinkedIn: https://www.linkedin.com/in/aaronccrow

Learn more about Industrial Defender:

Website: https://www.industrialdefender.com/

LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/

Twitter: https://twitter.com/iDefend_ICS

YouTube: https://www.youtube.com/@industrialdefender7120

Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.

  continue reading

47 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Quick Reference Guide