Expert Guest

Weston Roberts- Subject Matter Expert

Wes has over 25 years of experience in cybersecurity, having worked for Palo Alto Networks, NETSCOUT, and AT&T. For the past three years, he has focused on security for cyber-physical systems. Wes graduated from Florida State University with a B.S. in Management Information Systems.

Agenda:

1. Introduction of the parties
2. Discussion Topics
   • Business challenges related to integrating IT and OT
   • Have you integrated IT with OT?
   • Is the process still ongoing?
   • What is your endgame?
   • Does OT as an organization still exist, or has IT absorbed it?
3. Conclusions
4. Networking with Peers

The post When IT Inherits OT – Sponsored by Claroty on May 21st, 2025 appeared first on IT RoundTable.

Expert Guests

Kha Phan – Subject Matter Expert

Kha Phan is a distinguished IT professional with over 25 years of experience in the industry. Leveraging his deep expertise in telecom, networking, and software development, Kha helps companies devise digital strategies that seamlessly transition them into the Fourth Industrial Revolution. Recognized by Gartner for his exceptional work in designing and directing transformational changes in network, infrastructure, and cloud environments globally.

At the forefront of AI innovations, Kha drives the development of intelligent systems that revolutionize how organizations leverage technology for strategic advantage.

Kha’s ability to analyze and communicate emerging IT trends, combined with his business and entrepreneurial mindset, makes him a sought-after speaker at industry conferences. He excels at presenting complex concepts in a way that delivers value to diverse audiences. He is retained by enterprises and leading consulting firms to provide valuable insights into IT architecture design and processes.

Dr. WhiteCloud – Subject Matter Expert

Dr. WhiteCloud, MS, MD, is a distinguished data scientist and AI innovator with a proven track record of deploying advanced AI agents and generative models across diverse industries. He earned his master’s degree in Aeronautical Engineering from Caltech, where he researched shock waves in inertial confinement fusion. He later pursued medical school at the University of Iowa and, after completing his residency in family medicine, worked in primary care at the VA and Indian Health Service before transitioning into data science.

On the technical front, he has worked with leading organizations such as PwC, General Mills, Ecolab, Blue Cross Blue Shield, Ryder, Carelon, Allstate, Ellucian, and PepsiCo. His expertise spans NLP, MLOps, data governance, data security, data engineering, data science, machine learning, graph networks, neural networks, AI engineering, software development, and enterprise AI architecture. His career highlights include developing the machine learning model for Allstate’s Identity Protection and deplo

Raj Sangroula – Subject Matter Expert

Raj Sangroula is a seasoned technology leader with over two decades of experience in consulting and technology leadership. Raj recently served as the Chief Digital Officer and General Manager at Sibel Health; Raj has been pivotal in driving advancements in healthcare technology. His expertise spans software engineering, big data, AI, and cybersecurity, making him an influential voice on innovations in AI-driven software and cybersecurity solutions. He has also been instrumental in helping organizations achieve compliance with standards such as ISO 27001, ISO 13485, SOC 2, HITRUST, and ISO 38500.

Raj currently serves as a Principal at Bright Tech Consulting, where he guides deploying cutting-edge technologies with a steadfast commitment to security and compliance, advocating for security-first principles. His impressive portfolio includes collaborations with prominent organizations like Bank of America, Blue Cross Blue Shield, UnitedHealth Group, AbbVie, Roche, Hearst Corporation, and Medidata.

Raj holds a Bachelor of Science in Information Technology from the University of Wisconsin-Milwaukee and has earned certifications such as Microsoft Certified System Engineer and A+ Certification for Computer Hardware and Software Technician. With his passion for leveraging technology to solve complex challenges, Raj continues to make significant contributions to digital health and beyond.

Agenda:

1. Introduction of the parties
2. Kha Phan’s talk on AI security, emerging Agentic framework, and Strategy for success
3. General discussion regarding AI implementation and challenges
4. Conclusions
5. Networking with Peers

The post Is AI Secure and What can it do for me? (special for Healthcare industry)- Sponsored by Bright Technologies on May 15th, 2025 appeared first on IT RoundTable.

Expert Guest

John Newsome – Subject Matter Expert

John is a 30-year industry veteran in IT and Cybersecurity and has worked for some of the most recognizable brands in Cybersecurity, such as Palo Alto Networks, Cisco Systems, Blue Coat (now Symantec), and Websense (now Forcepoint).

John has been a guest speaker and panelist at numerous industry events and tradeshows and has served as a subject matter expert in advanced threat detection and remediation techniques.

Agenda:

1. Introduction of the parties
2. Discussion Topics
   • Business challenges related to integrating IT and OT
   • Have you integrated IT with OT?
   • Is the process still ongoing?
   • What is your endgame?
   • Does OT as an organization still exist, or has IT absorbed it?
3. Conclusions
4. Networking with Peers

The post When IT Inherits OT – Sponsored by Claroty on April 24th, 2025 appeared first on IT RoundTable.

Expert Guest

Randy Guerette – Subject Matter Expert

Randy has 30 years of experience with a broad range of technology solutions, working for Cabletron Systems, Ascend Communications, Lucent Technologies, ADC Telecommunications, Strix Systems, Proxim Wireless, 3Com, Sonus Networks, Bradford Networks, Check Point, and Medigate/Claroty for the last 4 ½ years.

Agenda:

1. Introduction of the parties
2. Discussion Topics
   • Business challenges related to integrating IT and OT
   • Have you integrated IT with OT?
   • Is the process still ongoing?
   • What is your endgame?
   • Does OT as an organization still exist, or has IT absorbed it?
3. Conclusions
4. Networking with Peers

The post When Hospital IT Inherits Clinical Engineering – Sponsored by Claroty on April 10th, 2025 appeared first on IT RoundTable.

Barak Schneeweiss – Subject Matter Expert

Barak has over 25 years of IT experience as a System and Networking Administrator, Integrator, and Network Architect.

In the past few years, he has specialized in full-stack network deployments and segmentation for unmanaged Medical IoT/IoT/OT and Enterprises. Most recently, Barak has enjoyed working in the cyber security space, helping companies reveal and protect xIoT assets.

Agenda:

1. Introduction of the parties
2. Discussion Topics
   • Business challenges related to integrating IT and OT
   • Have you integrated IT with OT?
   • Is the process still ongoing?
   • What is your endgame?
   • Does OT as an organization still exist, or has IT absorbed it?
3. Conclusions
4. Networking with Peers

The post When Hospital IT Inherits Clinical Engineering – Sponsored by Claroty on April 3rd, 2025 appeared first on IT RoundTable.

Expert Guest

Kristy Sabio – Subject Matter Expert

Kristy Sabio has over 10 years of technical experience in the public and private sectors. She served in the US Army as part of the 136th Signal Battalion, providing telecommunication services for US Army Central in the Middle East. After her service, she became an Industrial Control Systems (ICS) Security Consulting Manager who built and matured OT security programs for clients in the manufacturing, energy, and utilities industries.

She currently holds a Master’s degree in Cybersecurity and Information Assurance. She is also certified as a Global Industrial Cyber Security Professional (GICSP), GIAC Response and Industrial Defense (GRID), and Microsoft Azure Fundamentals (AZ-900).

Agenda:

1. Introduction of the parties
2. Discussion Topics
   • Business challenges related to integrating IT and OT
   • Have you integrated IT with OT?
   • Is your OT Security Systems Resilient enough for any challenge?
   • What is your endgame?
   • Does OT as an organization still exist, or has IT absorbed it?
3. Conclusions
4. Networking with Peers

The post When IT Inherits OT – Sponsored by Claroty on March 27th, 2025 appeared first on IT RoundTable.

Expert Guests

Kha Phan – Subject Matter Expert

Kha Phan is a distinguished IT professional with over 25 years of experience in the industry. Leveraging his deep expertise in telecom, networking, and software development, Kha helps companies devise digital strategies that seamlessly transition them into the Fourth Industrial Revolution. Recognized by Gartner for his exceptional work in designing and directing transformational changes in network, infrastructure, and cloud environments globally.

At the forefront of AI innovations, Kha drives the development of intelligent systems that revolutionize how organizations leverage technology for strategic advantage.

Kha’s ability to analyze and communicate emerging IT trends, combined with his business and entrepreneurial mindset, makes him a sought-after speaker at industry conferences. He excels at presenting complex concepts in a way that delivers value to diverse audiences. He is retained by enterprises and leading consulting firms to provide valuable insights into IT architecture design and processes.

Dr. WhiteCloud – Subject Matter Expert

Dr. WhiteCloud, MS, MD, is a distinguished data scientist and AI innovator with a proven track record of deploying advanced AI agents and generative models across diverse industries. He earned his master’s degree in Aeronautical Engineering from Caltech, where he researched shock waves in inertial confinement fusion. He later pursued medical school at the University of Iowa and, after completing his residency in family medicine, worked in primary care at the VA and Indian Health Service before transitioning into data science.

On the technical front, he has worked with leading organizations such as PwC, General Mills, Ecolab, Blue Cross Blue Shield, Ryder, Carelon, Allstate, Ellucian, and PepsiCo. His expertise spans NLP, MLOps, data governance, data security, data engineering, data science, machine learning, graph networks, neural networks, AI engineering, software development, and enterprise AI architecture. His career highlights include developing the machine learning model for Allstate’s Identity Protection and deploying the first GenAI application at the Joint Commission, where he served as the Enterprise AI Architect. He currently serves as the Chief of Innovation at Bright Technology Consulting.

Throughout his career, he has leveraged cutting-edge technologies to drive impactful business solutions, from automating financial services workflows and enhancing healthcare compliance to innovating educational assessment models. His contributions have consistently optimized operational costs, streamlined processes, and spearheaded digital transformation strategies for Fortune 500 companies and startups. His expertise in autonomous AI agents for invoicing validation, staffing optimization, and customer engagement showcases his technical acumen and visionary leadership in AI-driven business evolution.

Agenda:

1. Introduction of the parties
2. Kha Phan’s talk on AI security, emerging Agentic framework, and Strategy for success
3. General discussion regarding AI implementation and challenges
4. Conclusions
5. Networking with Peers

The post Is AI Secure and What can it do for me? – Sponsored by Bright Technologies on March 20th, 2025 appeared first on IT RoundTable.

Expert Guest

Kristy Sabio – Subject Matter Expert

Kristy Sabio has over 10 years of technical experience in the public and private sectors. She served in the US Army as part of the 136th Signal Battalion, providing telecommunication services for US Army Central in the Middle East. After her service, she became an Industrial Control Systems (ICS) Security Consulting Manager who built and matured OT security programs for clients in the manufacturing, energy, and utilities industries.

She currently holds a Master’s degree in Cybersecurity and Information Assurance. She is also certified as a Global Industrial Cyber Security Professional (GICSP), GIAC Response and Industrial Defense (GRID), and Microsoft Azure Fundamentals (AZ-900).

Agenda:

1. Introduction of the parties
2. Discussion Topics
   • Business challenges related to integrating IT and OT
   • Have you integrated IT with OT?
   • Is your OT Security Systems Resilient enough for any challenge?
   • What is your endgame?
   • Does OT as an organization still exist, or has IT absorbed it?
3. Conclusions
4. Networking with Peers

The post When IT Inherits OT – Sponsored by Claroty on March 13th, 2025 appeared first on IT RoundTable.

Expert Guest

Randy Guerette – Subject Matter Expert

Randy has 30 years of experience with a broad range of technology solutions, working for Cabletron Systems, Ascend Communications, Lucent Technologies, ADC Telecommunications, Strix Systems, Proxim Wireless, 3Com, Sonus Networks, Bradford Networks, Check Point, and Medigate/Claroty for the last 4 ½ years.

Agenda:

1. Introduction of the parties
2. Discussion Topics
   • Business challenges related to integrating IT and OT
   • Have you integrated IT with OT?
   • Is the process still ongoing?
   • What is your endgame?
   • Does OT as an organization still exist, or has IT absorbed it?
3. Conclusions
4. Networking with Peers

The post When Hospital IT Inherits Clinical Engineering – Sponsored by Claroty on March 6th, 2025 appeared first on IT RoundTable.

Incorporating digital technologies such as Industry 4.0 and IoT leads to greater interconnection among OT systems. It is mixing the boundaries between IT and OT security. This link enhances productivity. Nonetheless, it also creates new opportunities for focused attacks and ransomware schemes that disrupt operations for monetary or strategic benefits.

Thankfully, there is a solution to this. Vulnerability management. Despite seeming straightforward, effectively managing vulnerabilities in OT systems significantly reduces risks and protects your organization from costly cyberattacks. 

In this article, we’ll discuss challenges and vulnerability management strategies to deal with them.

What Does Managing Vulnerabilities in OT Mean?

First things first. Managing vulnerabilities in operational technology (OT) environments differs from typical IT systems. In operational contexts, particularly when managing industrial control systems (ICS security), there’s a pressing need to safeguard crucial infrastructure. 

Unlike IT, OT environments include equipment such as programmable logic controllers (PLCs), supervisory control and data acquisition (SCADA) systems, and various Internet of Things (IIoT) devices that often form the foundation of industrial operations.

OT vulnerability management is about dealing with security gaps in outdated or inherently insecure systems. This includes assessing potential flaws in software and components like user accounts and network configurations. The focus is broad. It must cover everything from insecure ports to account, service, and device management.

Vulnerability Management Steps:

1. Assessment: Evaluate both software vulnerabilities and inherent design risks across assets.
2. Prioritization: Decide which issues to address first based on their potential impact and ease of exploitation.
3. Remediation: Implement solutions—often more than just a simple patch. This can involve reconfiguring settings or deploying alternative controls without typical reliance on conventional IT tactics.

A key challenge is that many OT devices must remain functional continuously, making it difficult to take them offline for patching or updating without impacting operations. Therefore, effective management in this realm requires an understanding that vulnerabilities in OT aren’t limited to software issues.

Engaging in an OT vulnerability management program is a hands-on, collaborative effort. This can involve multiple teams to ensure that the sensitive nature of OT and ICS networks doesn’t clash with the solutions applied. Adopting meticulous, tailored approaches to such systems makes managing vulnerabilities essential to maintaining security and ensuring that these critical operations run smoothly.

Challenges and Strategies for Managing OT Vulnerabilities

Inventory Challenge: Missing Asset Details

In many operational environments, asset tracking is alarmingly inadequate. Fingering through outdated spreadsheets or pooled data from various origins often leaves you with a patchy image of your asset landscape. Without a comprehensive registry, gauging the scope of new vulnerabilities and deciding which OT systems can receive patches becomes a headache.

Asset listings shouldn’t merely be an enumeration. You need solutions that deliver deep insights into each device. This means understanding the critical roles assets play, their operational layers, and whether they allow remote access. Enhancing the context around each asset enriches vulnerability evaluations and threat prioritizations.

Many firms have turned to passive surveillance or network-based systems to start building an asset ledger, but these tools typically fall short. For instance, listening devices can’t catch assets that aren’t directly feeding data through them, often resulting in major blind spots, like serially connected equipment. You need a comprehensive solution that directly interacts with endpoints, offering both wide and detailed visibility.

With a thorough asset inventory and insightful data analyses at your fingertips, vulnerability management transforms into an actionable strategy. Comprehensive asset details, going beyond basic vulnerability scores, help tailor effective remediation plans, enabling you to address threats in a more focused manner.

Challenge: Identifying System Weaknesses

Vulnerability scanners are abundant but not always suited for OT environments. These scanners typically operate by applying the most recent threat markers to devices, creating vulnerabilities that are anticipated for IT rather than OT settings. For OT, where devices interact delicately over many ports, a heavy-handed scanning approach can introduce actual disruptions.

Scans customized for OT take a gentler approach to avoid impacting operations, targeting only the most robust systems during planned outages. While these softer scans are crucial for operational safety, they often miss critical data. This scenario highlights gaps, leaving you with outdated or incomplete vulnerability maps.

An alternative is embracing a dual approach—agent-based management for OS devices paired with agentless tools for network and communication gear. Such a strategy offers detailed insights in real-time, thus enhancing protective measures. Cross-referencing this enriched asset database with vulnerability repositories, like the National Vulnerability Database, helps pin down your infrastructure’s most exposed areas.

Challenge: Deciding Which Vulnerabilities Matter Most

Large volumes of vulnerabilities can become overwhelming. Properly ordering these flaws is crucial for efficient risk management. Prioritization means weighing system criticality, operational impacts, and protective measures.

You should focus on assets that, if compromised, could severely impact essential operations. Another crucial factor is determining if a vulnerability represents a feasible attack path, whether due to inadequate hardening or remote access permissions. Guidelines such as the Common Vulnerability Scoring System (CVSS) contribute to understanding vulnerability severity, yet a context-intensive assessment of asset interconnections is often more revealing.

Challenge: Addressing Vulnerabilities Swiftly

Timing is everything when it comes to fixing vulnerabilities. You need transparent processes to ensure identified risks aren’t left unattended.

Efforts should be made to establish rapid vulnerability response protocols. Given the intricate dependencies within OT environments, balancing this act without disrupting operations requires fine-tuned coordination. A proactive approach involves continuously updating both detection mechanisms and patch management systems, ensuring you’re ready to act when new vulnerabilities are discovered.

Challenge: Monitoring the Vulnerability Management Lifecycle

Continuity in monitoring your system-wide vulnerability management is essential to account for progress and tackle ongoing challenges. Moving vulnerabilities through a cycle—detection, analysis, remediation, and reassessment—demands persistent tracking and documentation.

Documenting each step in the cycle aids in understanding where improvements can be made and ensures that no step stalls over time. Regular vulnerability audits offer you a clearer picture of the evolution of your network’s defenses and provide opportunities to refine your strategies.

Managing vulnerabilities in OT environments presents numerous challenges. By developing a more nuanced understanding of your asset inventory, identifying vulnerabilities, efficiently prioritizing them, closing them in due time, and keeping track of the whole process, you enhance the security and resilience of your OT infrastructure.

The post The Ultimate Guide to OT Vulnerability Management: Essential Tips for Enhanced Security appeared first on IT RoundTable.