About Bryson Bort: Bryson Bort is a skilled cybersecurity professional with an impressive background as an entrepreneur and former U.S. Army Officer. He founded SCYTHE, a platform for next-generation attack emulation, and GRIMM, a cybersecurity consulting firm. Additionally, he co-founded the ICS Village, a non-profit organization dedicated to raising awareness about industrial control system security. Bryson has received numerous awards and recognitions, including being named one of the Top 50 in Cyber by Business Insider and a Tech Titan in Washington DC. He also served as a Battle Captain and Brigade Engineering Officer in support of Operation Iraqi Freedom during his military career. Bryson earned his Bachelor of Science in Computer Science with honors from the United States Military Academy at West Point and completed various professional education courses in tactical communications and information assurance. With his extensive experience in the cybersecurity industry, Bryson is a respected thought leader and advisor in the field.In this episode, Aaron and Bryson Bort discuss:The challenges and cultural divide in addressing cybersecurity issues in OT, why IT security solutions don’t work for OT, and why OT security is lagging behind IT securityBridging the gap between OT and IT through education, but also listening and building trust.Vulnerability management and patching versus risk mitigationRansomware in cars, geopolitical concerns, and positive developments in government efforts and regulation to support risk management in education and critical infrastructure's OT side.Key Takeaways:OT cybersecurity requires a different approach than IT cybersecurity due to the complex technical environment and the potential safety risks involved, and tools alone cannot bridge the cultural and skillset divide between OT and IT professionals.When it comes to vulnerability management, IT emphasizes patching and is often compliance driven. In OT it’s important to recognize that systems in an operational environment often cannot be patched without disruption operations, so OT vulnerability management emphasizes risk mitigation, and putting safeguards around the vulnerability.Security is defined by the threat. Security is measured and validated against how well that threat is mitigated. So it’s important to understand the behavioral characteristics of threats in order to take the actions that improve your security posture. Contextualizing what the security threat means to you is important for prioritization. Relatively speaking, the cybersecurity industry is still young, and the U.S. Government's cybersecurity programs are even younger. We will continue to see more development and improvements with regard to unified cybersecurity programs in the near future. "I think a lot of people forget how young this industry is and also how young the government's attempts are at this industry." — Bryson Bort Connect with Bryson Bort:  Website: https://scythe.io/ and https://grimmcyber.com/Show: https://podcasts.apple.com/us/podcast/hack-the-plant/id1528852909LinkedIn: https://www.linkedin.com/in/brysonbort/Twitter: https://twitter.com/brysonbortHack the Capitol 2023: https://www.icsvillage.com/hack-the-capitol-2023Connect with Aaron:LinkedIn: https://www.linkedin.com/in/aaronccrowLearn more about Industrial Defender:Website: https://www.industrialdefender.com/podcast LinkedIn: https://www.linkedin.com/company/industrial-defender-inc/Twitter: https://twitter.com/iDefend_ICSYouTube: https://www.youtube.com/@industrialdefender7120Audio production by Turnkey Podcast Productions. You're the expert. Your podcast will prove it.