From CISO to Startup: OT Security, Leadership, and Lessons from the Field

In this episode, Patrick Miller interviews Darren Highfill, former CISO of Norfolk Southern, for a candid look behind the curtain of life as a security executive. Darren shares hard-won lessons from building and leading a cybersecurity program in a critical infrastructure environment, including how to gain executive buy-in, scale a team, and align security with business priorities. He reflects on the challenges of translating cyber risk into business risk, managing real-world incidents, and the evolving expectations of the CISO role. Whether you're in the chair now or working toward it, this conversation is packed with practical insights for anyone navigating cybersecurity leadership.

In this episode, we sit down with Lesley Carhart (@hacks4pancakes), a renowned expert in OT/ICS incident response and forensics, to explore the unique challenges of defending critical infrastructure against cyber threats. Lesley shares insights into how internal OT teams can better support external IR teams, evaluates global and sector-specific preparedness, and discusses the impact of regulations on effective incident response. We delve into the complexities of defining and reporting incidents, the potential for improved approaches, and actionable advice for those looking to enhance their IR and forensics skills.

Join us for a discussion on Energizing Cybersecurity Careers: Workforce Development in the OT/ICS Community. Guests Cynthia Hsu and Erin Owens dive into the cybersecurity challenges facing Industrial Control Systems and Operational Technology asset owners. Through open conversations, we explore everything from skill gaps and career pathways to diversity, continuous learning, and the impact of new technologies. This session aims to provide insights into developing a skilled, diverse cybersecurity workforce – starting from the ground up – with a focus on practical strategies for professionals, educators, and anyone interested in the future of ICS/OT security.