Pod Engine
Podcast thumbnail for Cybersecurity Under Pressure. Real Attacks, Real Lessons

Cybersecurity Under Pressure. Real Attacks, Real Lessons

Claim This Podcast

by Antonio González

60 episodes
Updated Daily
Accepts GuestsHas Sponsors

Podcast Overview

This podcast breaks down real cybersecurity incidents to understand what actually went wrong, not in theory, but in practice. Each episode analyzes a recent attack, explains the technical mechanics in clear language, and translates them into concrete lessons for security, engineering, and business teams. Topics covered: OT security, ICS cybersecurity, industrial control systems, critical infrastructure protection, NIS2 compliance, Zero Trust architecture, operational technology resilience, railway cybersecurity, automotive security, and cyber-physical systems.

Language

🇺🇲

Publishing Since

2/7/2026

Visit WebsiteAppleView on Apple PodcastsRSS Feed

2 verified contact emails on file for Cybersecurity Under Pressure. Real Attacks, Real Lessons

Pitch yourself as a guest, propose sponsorships, or reach out directly to the host.

See contact details

Recent Episodes

Episode thumbnail for The Red Signal. Paralyzing a Railway Network with a Single Patch

June 24, 2026

The Red Signal. Paralyzing a Railway Network with a Single Patch

<p>In railway signaling, an uncoordinated security patch rarely causes a fatal accident. But it can paralyze an entire network.</p><p>In this episode of Cybersecurity Under Pressure Real Attacks Real Lessons, we explore the structural tension between RAMS engineering and cybersecurity in critical railway infrastructure.</p><p>We operate under EN 50129, where fail-safe guarantees that an interlocking system degrades into a restrictive state to protect human life. But the incoming prEN 50701 demands continuous patching, active monitoring, and rapid response. One patch. Two masters. Zero margin for error.</p><p>We discuss what happens when you install a security update on a SIL 4 system without Assessment Body approval. The patch might close a CVE, but it triggers an unexpected system halt. The signals turn red, and the timetable collapses.</p><p>We analyze safety and security co-engineering. It is not just about passing documents across a hallway. It is about defining a rigorous Safety Security Interface where your Threat Analysis and Risk Assessment maps mathematically to your System Hazard Analysis.</p><p>Listen now to understand why residual risk in this sector is measured in infrastructure unavailability, and how to articulate hardware modifications when a cyber mitigation requires full CAB recertification.</p>

Episode thumbnail for The Shadow Corridor. Legacy VPNs and the Financial Blast Radius in OT

June 22, 2026

The Shadow Corridor. Legacy VPNs and the Financial Blast Radius in OT

<p>Last month, a maintenance technician connected to a Level 1 PLC via VPN to fix a sensor. He did not know he had just opened the only door an attacker needed.</p><p>In this episode of Cybersecurity Under Pressure Real Attacks Real Lessons, we look at a quiet failure in industrial architecture. The Purdue Model is not dead, but it is being bypassed from the inside. A direct VPN tunnel to OT infrastructure grants broad network access. It wraps lateral movement in implicit trust, delaying IDS correlation until the attacker already has command execution.</p><p>Suddenly, the problem is not a broken sensor. It is a compromised plant floor.</p><p>We discuss why classical VPN access for third party vendors is no longer just technical debt. Under NIS2 and the principles of IEC 62443, it is board level negligence with a compliance countdown attached. We analyze the transition to ZTNA architected for OT, focusing on continuous identity verification and forensic session recording to turn a vendor intervention into a strictly audited, least privilege transaction.</p><p>But deploying ZTNA in legacy railway and automotive networks can become an operational trap. Without accounting for strict machinery manufacturer support contracts and industrial protocols, security teams face severe friction. It requires engineering redesign, not just a software patch.</p><p>Because unmanaged remote access is no longer just an IT concern. It is a direct threat to the OPEX forecast, driving downtime costs, regulatory fines, and insurance premium hikes.</p><p>Listen now and subscribe to Cybersecurity Under Pressure for practical lessons on OT cybersecurity, industrial resilience and real world network defense.</p>

Episode thumbnail for Missing Cybersecurity Evidence Can Delay Production

June 19, 2026

Missing Cybersecurity Evidence Can Delay Production

<p>The next production delay may not come from a missing component. It may come from missing cybersecurity evidence.</p><p>In this episode of Cybersecurity Under Pressure: real attacks, real lessons, we look at a growing risk in automotive supply chains: suppliers may deliver the ECU, the software may work, and the release plan may look under control. Then a vulnerability appears, a VSOC event raises questions, or the OEM asks whether a specific component, diagnostic function, OTA path, certificate or backend dependency is affected.</p><p>Suddenly, the blocking item is not hardware.</p><p>It is evidence.</p><p>We discuss why generic documentation is not enough during a real incident. Automotive teams need decision-grade evidence: affected-version mapping, VEX-enriched SBOMs, vulnerability impact analysis, TARA delta, V&amp;V evidence, mitigation status, incident timelines, escalation contacts and cybersecurity case support.</p><p>A raw SBOM can become a trap. Without exploitability justification, engineering teams may waste critical time chasing theoretical CVEs that are not reachable in the actual ECU architecture. The supplier must own the first exploitability assessment, while the OEM or Tier 1 still owns the final risk decision.</p><p>Because supplier governance is no longer just a purchasing annex. It is a production resilience control.</p><p>Listen now and subscribe to Cybersecurity Under Pressure for practical lessons on automotive cybersecurity, supply chain risk and real-world product incident response.</p>

60 total episodes available

Deep-dive analytics for Cybersecurity Under Pressure. Real Attacks, Real Lessons

Sign up to explore

Frequently asked questions

Have a different question and can't find the answer you're looking for? Reach out to our support team by sending us an email and we'll get back to you as soon as we can.

What is Cybersecurity Under Pressure. Real Attacks, Real Lessons?

This podcast breaks down real cybersecurity incidents to understand what actually went wrong, not in theory, but in practice. Each episode analyzes a recent attack, explains the technical mechanics in clear language, and translates them into concrete lessons for security, engineering, and business teams.

Topics covered: OT security, ICS cybersecurity, industrial control systems, critical infrastructure protection, NIS2 compliance, Zero Trust architecture, operational technology resilience, railway cybersecurity, automotive security, and cyber-physical systems.

How often does this podcast release new episodes?

This podcast updates daily.

Where can I listen to this podcast?

This podcast is available on 4 platforms including Apple Podcasts, Spotify, and more. You can also use the RSS feed directly.

Does this podcast accept guests?

No, this podcast does not typically feature guests.

Legal Disclaimer

Pod Engine is not affiliated with, endorsed by, or officially connected with any of the podcasts displayed on this platform. We operate independently as a podcast discovery and analytics service.

All podcast artwork, thumbnails, and content displayed on this page are the property of their respective owners and are protected by applicable copyright laws. This includes, but is not limited to, podcast cover art, episode artwork, show descriptions, episode titles, transcripts, audio snippets, and any other content originating from the podcast creators or their licensors.

We display this content under fair use principles and/or implied license for the purpose of podcast discovery, information, and commentary. We make no claim of ownership over any podcast content, artwork, or related materials shown on this platform. All trademarks, service marks, and trade names are the property of their respective owners.

While we strive to ensure all content usage is properly authorized, if you are a rights holder and believe your content is being used inappropriately or without proper authorization, please contact us immediately at hey@podengine.ai for prompt review and appropriate action, which may include content removal or proper attribution.

By accessing and using this platform, you acknowledge and agree to respect all applicable copyright laws and intellectual property rights of content owners. Any unauthorized reproduction, distribution, or commercial use of the content displayed on this platform is strictly prohibited.