Description

In this episode, we explore the concept of Calculated Risk Rating (CRR) and its importance in OT cybersecurity. Join host Ken Kully, Systems Support Lead at Verve Industrial, and his guests – Zachary Woltjer, Cyber Data Analyst at Verve, and Lance Lamont – as they discuss how to prioritize and address vulnerabilities in industrial environments.

Key Takeaways

• Calculated Risk Rating helps tailor cybersecurity solutions to specific industrial environments
• CRR considers both the impact and likelihood of vulnerabilities being exploited
• The approach helps organizations prioritize their limited resources for maximum security benefit
• Trust between cybersecurity providers and industrial operators is crucial for effective risk management
• Active asset inventory solutions provide richer data for more effective risk mitigation strategies

Timestamps

00:00 – Introduction and sound check

01:00 – Introduction of guest Zachary Woltjer

02:50 – Explanation of Calculated Risk Rating (CRR)

06:21 – Importance of contextualizing vulnerability information

09:47 – Discussion on EPSS (Exploit Prediction Scoring System)

12:43 – Identifying "crown jewels" in industrial environments

18:48 – Process of assigning criticality and likelihood ratings

26:50 – Importance of defense in depth strategies

31:01 – How Verve's teams work together to implement CRR

35:56 – Benefits of active asset inventory solutions

42:35 – Conclusion and outtro

Guest Information

Zachary Woltjer: Cyber Data Analyst on the Customer Success team at Verve Industrial

Lance Lamont: Creator and Explorer at Verve Industrial Protection, leading the research team in exploring OT devices and their security.

Subscribe

Follow and Subscribe

Get in Touch

LinkedIn | YouTube | Twitter/X | Contact Verve