In this episode of the ICS Arabia Podcast, Scott Reynolds, President of the International Society of Automation (ISA), shares his deep insights on bridging IT and OT cybersecurity, emphasizing how collaboration and mutual understanding are key to building secure, resilient, and efficient industrial systems.Scott discusses: 🔄 The critical role of IT-OT translators in preventing communication and security gaps. 🔐 The importance of ISA/IEC 62443 standards as a unifying cybersecurity framework. 🌐 How IT-OT convergence can succeed through clear governance and shared accountability. 🎓 The need to balance practical experience with formal certification in cybersecurity. 🤖 The growing role of AI and robotics in industrial systems and ISA’s AI assistant, MIMO. 🌍 ISA’s global engagement and the value of volunteering to advance the automation community.🎧 Listen to the full episode to hear Scott’s vision

Join us for a special live session 🎙️ with Mohammed AlDabbous, a leading expert with over 15 years in OT and OT cybersecurity!Currently the Director of Solutions Engineering at Industrial Defender, Mohammed brings a wealth of experience from his roles at Invictux, Nozomi Networks, and Honeywell.We’ll be discussing OT security trends, real-world challenges, and advice for the next generation of cybersecurity professionals.

Open source accelerates development in embedded systems, but hidden license obligations can quickly create legal and operational risk. In this episode of Exploited: The Cyber Truth, host Paul Ducklin is joined by RunSafe Security Founder and CEO Joseph M. Saunders and Salim Blume, Director of Security Applications, for a look at how copyleft risk emerges and why compliance in embedded products is more challenging than many teams expect.

Salim breaks down how restrictive licenses, such as GPL and AGPL, can force the disclosure of proprietary code, interrupt product shipments, or create exposure long after devices are deployed in the field. Joe shares why accurate SBOMs, automated license checks, and enforcing policy at build time are critical to preventing surprises in downstream products. The discussion also touches on the ongoing Vizio case, where the TV manufacturer faces litigation that could compel public release of source code under the GPL, highlighting how open source obligations can surface years after products hit the market.

Together, Paul, Joe, and Salim explore:

• How copyleft obligations can require source-code disclosure
• Why embedded environments complicate license compliance
• Real-world cases where unnoticed GPL dependencies caused major issues, such as Vizio’s GPL lawsuit and Cisco’s WRT54G router family
• The growing implications of AGPL for SaaS and connected services
• How build-time SBOMs and automated controls reduce long-term risk

Whether you're building connected devices, managing software supply chain compliance, or protecting proprietary IP, this episode offers practical guidance to reduce copyleft risk before it becomes a costly problem.

In this episode, I’m joined by Engineer Ali Laribi, the founder of Fortress Plus, to dive deep into what it takes to build and lead in the OT security space — especially when you’re going against the crowd.

Do you really know what’s on your network? A lot of OT devices are white labeled, meaning they have a brand name but under the hood they’re made by someone else. Sean Tufts, Field CTO for Claroty, explains how his team is using AI to sift through all the available data and build a cyber physical library that starts to add specificity to remediation operations, and improve cyber physical security overall

🚨 Featuring: Steve Mustard — engineer, author, ex-ISA President & CEO of National Automation Inc.In this thought-provoking ICS Arabia Podcast episode, Steve dives deep into the critical—but often misunderstood—domain of OT cyber risk management. Drawing on decades of experience, he challenges the traditional focus on tech vulnerabilities and advocates for consequence-driven risk assessments that prioritize safety, operations, and business continuity.🔍 Key Takeaways:Why traditional IT risk models fall short in OT environmentsThe value of ISA/IEC 62443 as a flexible, risk-based frameworkHow multidisciplinary teams (engineering, safety, finance, cyber) create better risk decisionsThe role of incident response, backups, and mechanical fail-safesUS vs UK approaches to cybersecurity regulations