DirectConnect | Podcast en RSS.com

DirectConnect

por DirectConnect

Gobierno Tecnología

Temporada 5

Are We More Secure Or Just More Compliant?

In this episode of Direct Connect, Stacy Bresler, Steve Parker, and John Fallon tackle one of the most misunderstood topics in modern cybersecurity: Does compliance actually make you secure? Organizations invest millions in cybersecurity programs, tools, audits, and regulatory requirements—yet breaches continue to happen. Why? They explore the growing disconnect between security risk and compliance risk, discussing how organizations can achieve perfect audit scores while still maintaining significant cybersecurity vulnerabilities. They also examine how regulatory frameworks, vendor marketing, executive reporting, and organizational silos contribute to a false sense of security. Compliance and security are not the same thing—but they must work together. Organizations that treat them as separate initiatives often create inefficiencies, duplicate efforts, and expose themselves to unnecessary risk. True resilience comes from aligning security objectives, compliance obligations, and executive decision-making. -----About Archer Energy Solutions----- Archer helps critical infrastructure organizations manage security risk across cyber, physical, and operational environments. We work with utilities, energy providers, and other essential sectors to strengthen resilience, improve visibility, and stay aligned with evolving regulatory and compliance requirements — including NERC CIP and other industry standards. Our focus is practical, real-world security risk management: • Cybersecurity for IT & OT environments • Physical security strategy and integration • Compliance and audit readiness • Risk assessment and program development • Bridging the gap between operations, security, and leadership Because protecting infrastructure isn’t just about technology — it’s about people, processes, and preparedness. Archer — Managing Tomorrow’s Risks, Today! 📩 Connect with our team to continue the conversation: 🌐 Website: www.archerint.com 📧 Email: contact@archerint.com 🔗 LinkedIn: https://www.linkedin.com/company/archer-energy-solutions-llc 🔗 Facebook: https://www.facebook.com/ArcherInternational #CyberSecurity #CriticalInfrastructure #OTSecurity #PowerGrid #EnergySector #GridSecurity #NERC #FERC #CIP #Compliance #Resilience #Audit #InfrastructureProtection #CyberAttack #ArcherEnergySolutions

Extreme Weather Conditions

In this episode of Direct Connect, Brian Pauling, Brent Castagnetto and John Fallon, discuss the growing impact of extreme weather conditions on utility operations and critical infrastructure resilience. From unexpected spring snowstorms in Colorado to extreme heat forecasts across the Southeast, the conversation explores how utilities can prepare for the challenges ahead. The discussion highlights why compliance and operational teams must work together to ensure utilities remain reliable and resilient during periods of extreme weather. As energy demand rises and weather patterns become more unpredictable, preparation is more important than ever. -----About Archer Energy Solutions----- Archer helps critical infrastructure organizations manage security risk across cyber, physical, and operational environments. We work with utilities, energy providers, and other essential sectors to strengthen resilience, improve visibility, and stay aligned with evolving regulatory and compliance requirements — including NERC CIP and other industry standards. Our focus is practical, real-world security risk management: • Cybersecurity for IT & OT environments • Physical security strategy and integration • Compliance and audit readiness • Risk assessment and program development • Bridging the gap between operations, security, and leadership Because protecting infrastructure isn’t just about technology — it’s about people, processes, and preparedness. Archer — Managing Tomorrow’s Risks, Today! 📩 Connect with our team to continue the conversation: 🌐 Website: www.archerint.com 📧 Email: contact@archerint.com 🔗 LinkedIn: https://www.linkedin.com/company/archer-energy-solutions-llc 🔗 Facebook: https://www.facebook.com/ArcherInternational #CyberSecurity #CriticalInfrastructure #OTSecurity #PowerGrid #EnergySector #GridSecurity #NERC #FERC #CIP #Compliance #Resilience #Audit #InfrastructureProtection #CyberAttack #ArcherEnergySolutions

Is Your Compliance Team Built to Last?

How much does your team size really impact your ability to stay compliant? In this episode of Direct Connect with Archer, Brian Pauling, Managing Partner at Archer and Archer's Account Manager John Fallon, dive into one of the most revealing questions they ask every client: “What’s your team size?” What seems like a simple question quickly uncovers deeper insights into risk, resilience, and compliance performance. From single-person teams to departments of 20+, they explore how team size influences: • Single points of failure and operational risk • The importance of documented procedures and processes • Communication challenges in both small and large teams • The balance between proactive and reactive compliance • The role of attitude, training, and team mentality Using real-world scenarios and relatable analogies, this conversation highlights a critical truth: success isn’t determined by team size—it’s driven by communication, preparation, and execution. Whether you're part of a lean compliance team or a large organization, this discussion will help you identify gaps, strengthen your approach, and improve your overall compliance posture. -----About Archer Energy Solutions----- Archer helps critical infrastructure organizations manage security risk across cyber, physical, and operational environments. We work with utilities, energy providers, and other essential sectors to strengthen resilience, improve visibility, and stay aligned with evolving regulatory and compliance requirements — including NERC CIP and other industry standards. Our focus is practical, real-world security risk management: • Cybersecurity for IT & OT environments • Physical security strategy and integration • Compliance and audit readiness • Risk assessment and program development • Bridging the gap between operations, security, and leadership Because protecting infrastructure isn’t just about technology — it’s about people, processes, and preparedness. Archer — Managing Tomorrow’s Risks, Today! 📩 Connect with our team to continue the conversation: 🌐 Website: www.archerint.com 📧 Email: contact@archerint.com 🔗 LinkedIn: https://www.linkedin.com/company/archer-energy-solutions-llc 🔗 Facebook: https://www.facebook.com/ArcherInternational #CyberSecurity #CriticalInfrastructure #OTSecurity #PowerGrid #EnergySector #GridSecurity #NERC #FERC #CIP #Compliance #Resiliance #Audit #InfrastructureProtection #CyberAttack #ArcherEnergySolutions

Why Documentation of Processes & Procedures Matters (More Than You Think)

Why Documentation of Processes & Procedures Matters (More Than You Think) In this episode of DirectConnect, Steve Parker and Brian Pauling, Managing Partners at Archer, break down a topic that may not sound exciting at first—but is absolutely critical to operational success, compliance, and audit readiness: why documentation of processes and procedures matters. From NERC CIP and O&P requirements to real-world operational challenges, we explore how strong documentation ensures accuracy, consistency, timeliness, and defensibility across both cybersecurity and physical security environments. Whether you're a compliance manager, operator, engineer, or security leader, this conversation highlights why documentation isn't just paperwork—it’s operational resilience. -----About Archer Energy Solutions----- Archer helps critical infrastructure organizations manage security risk across cyber, physical, and operational environments. We work with utilities, energy providers, and other essential sectors to strengthen resilience, improve visibility, and stay aligned with evolving regulatory and compliance requirements — including NERC CIP and other industry standards. Our focus is practical, real-world security risk management: • Cybersecurity for IT & OT environments • Physical security strategy and integration • Compliance and audit readiness • Risk assessment and program development • Bridging the gap between operations, security, and leadership Because protecting infrastructure isn’t just about technology — it’s about people, processes, and preparedness. Archer — Managing Tomorrow’s Risks, Today! 📩 Connect with our team to continue the conversation: 🌐 Website: www.archerint.com 📧 Email: contact@archerint.com 🔗 LinkedIn: https://www.linkedin.com/company/archer-energy-solutions-llc 🔗 Facebook: https://www.facebook.com/ArcherInternational #CyberSecurity #CriticalInfrastructure #OTSecurity #PowerGrid #EnergySector #GridSecurity #NERC #FERC #CIP #Compliance #Resilience #Audit #InfrastructureProtection #CyberAttack #ArcherEnergySolutions

What Cybersecurity Framework Should You Be Using?

What cybersecurity framework should your organization actually be using? In this episode of Direct Connect, Steve Parker and Stacy Bresler break down one of the most common—and most misunderstood—questions in cybersecurity: Which framework is right for you? From NIST CSF 2.0 to ISO 27001, IEC 62443, and even NERC CIP, they explore: Why sticking with your current framework might be the smartest move When (and how) to layer multiple frameworks together The difference between frameworks, control catalogs, and maturity models How to align cybersecurity with real-world operational needs in critical infrastructure Why governance should come first—before technology 💡 Key takeaway: There is no “one-size-fits-all” framework—but there is a smarter way to build a defensible, scalable security program. Whether you’re starting from scratch or refining an existing program, this conversation will help you cut through the noise and focus on what actually works. 📩 Need help building your cybersecurity framework? Contact Archer today. -----About Archer Energy Solutions----- Archer helps critical infrastructure organizations manage security risk across cyber, physical, and operational environments. We work with utilities, energy providers, and other essential sectors to strengthen resilience, improve visibility, and stay aligned with evolving regulatory and compliance requirements — including NERC CIP and other industry standards. Our focus is practical, real-world security risk management: • Cybersecurity for IT & OT environments • Physical security strategy and integration • Compliance and audit readiness • Risk assessment and program development • Bridging the gap between operations, security, and leadership Because protecting infrastructure isn’t just about technology — it’s about people, processes, and preparedness. Archer — Managing Tomorrow’s Risks, Today! 📩 Connect with our team to continue the conversation: 🌐 Website: www.archerint.com 📧 Email: contact@archerint.com 🔗 LinkedIn: https://www.linkedin.com/company/archer-energy-solutions-llc 🔗 Facebook: https://www.facebook.com/ArcherInternational #CyberSecurity #CriticalInfrastructure #OTSecurity #PowerGrid #EnergySector #GridSecurity #NERC #FERC #CIP #Compliance #Resilience #Audit #InfrastructureProtection #CyberAttack #ArcherEnergySolutions

Does military action abroad increase risk to the U.S. Bulk Power System?

Global conflict doesn’t stay contained—it can ripple into critical infrastructure. In this episode of DirectConnect, Stacy Bresler and Steve Parker, Managing Partners at Archer Energy Solutions, explore a pressing question: Does military activity abroad increase risk to the U.S. Bulk Power System? From state-sponsored cyber threats to supply chain vulnerabilities, they break down what utilities should be thinking about right now—and what actions actually make a difference when time is limited. 💡 In this episode: How global conflicts elevate cyber risk to the grid Why many security recommendations come too late Practical steps you can take right now to strengthen defenses The importance of logging, monitoring, and incident response readiness Supply chain risks and what to watch for Why recovery planning may matter more than prevention ⚡ Whether you're an IT/OT Security Manager, Engineer, or Compliance Lead, this conversation cuts through the noise and focuses on what truly matters in high-risk moments. 📩 Want help strengthening your security posture? Contact Archer: contact@archerint.com #Cybersecurity #CriticalInfrastructure #NERC #CIPCompliance #OTSecurity #BulkPowerSystem #RiskManagement #DirectConnect #Archer

Cyber Attack on Poland's Electric System 2025

A cyber attack reached the edge of the electric grid, disrupted visibility, damaged equipment, and walked away. This isn’t theory anymore. Earlier this year, Dragos released an intelligence report on a cyber intrusion into Poland’s electric distribution systems. There was no massive blackout. No dramatic outage. And that’s exactly why this matters. This video explains why that incident wasn’t a failure — it was a proof of access. Attackers demonstrated repeatable access across distributed energy resources, disrupted communications, degraded operational visibility, and damaged equipment beyond repair. Then they stopped. Not because they couldn’t do more — but because they didn’t need to. What this signals is a shift the industry has been slow to confront: the grid is no longer centralized. Risk now lives at the edge — in DERs, remote access paths, identical configurations, third-party vendor connections, and visibility gaps that have been normalized for years. In this discussion, industry experts break down what the report really tells us about grid evolution, why cybersecurity and operations can no longer be separated, and how losing situational awareness may be more dangerous than losing power itself. If your organization relies on distributed assets, vendor access, or believes “low impact” systems aren’t critical — this conversation is about you. Link to the Document: https://hub.dragos.com/report/electrum-targeting-polands-electric-sector?_gl=1*1to76bn*_gcl_aw*R0NMLjE3Njk0NTQzOTguRUFJYUlRb2JDaE1JcGVYem92T3BrZ01WMnhxdEJoMV9NU3duRUFBWUFTQUFFZ0lMQnZEX0J3RQ..*_gcl_au*MTg5NTc2Mjk3LjE3NjU4MzA1NTguMTI2MzI5MDEzMS4xNzY5NzM1MzYxLjE3Njk3MzUzNjE.*_ga*MzE1NzU4NDc2LjE3NjU4MzA1NjA.*_ga_8Z0JSJN44D*czE3Njk3OTYwMTYkbzckZzEkdDE3Njk3OTc1MDQkajYwJGwwJGgw*_ga_7C51GTM128*czE3Njk3OTYwMTYkbzckZzEkdDE3Njk3OTc1MDYkajU4JGwwJGg4NTE2OTYwMDg. #CyberSecurity #CriticalInfrastructure #OTSecurity #PowerGrid #EnergySector #GridSecurity #NERC #FERC #CIP #Compliance #Resilience #Audit #InfrastructureProtection #CyberAttack #ArcherEnergySolutions #Poland #Attack

CIP & Cloud Services: A New Way Forward

NERC is considering a major shift in how CIP standards work — including a parallel “100 Series” designed for cloud and system-based environments. In this episode of Direct Connect with Archer, Steve Parker and John Fallon break down: Why the current device-focused model struggles with cloud What a system-based approach could change The compliance and audit complexity this may introduce How vendors, utilities, and security programs could be affected Link to the CIP & Cloud Services Document: https://www.nerc.com/globalassets/standards/projects/2023-09/white-paper/project-2023-09-risk-management-for-third-party-cloud-services-white-paper_121825.pdf Is this the future of CIP… or a compliance headache in the making? #NERC #CyberSecurity #CriticalInfrastructure #CloudSecurity #NERCCompliance #OTSecurity #CIPStandards #ArcherEnergy

What Challenges will the Industry Face in 2026

In the first Direct Connect of 2026, the Archer team looks ahead at what’s coming for critical infrastructure, cybersecurity, resilience, and compliance in the year ahead. Managing Partner Stacy Bresler is joined by Managing Partners Steve Parker and Brian Pauling, along with Archer's new Account Manager, John Fallon for a candid roundtable discussion on the biggest risks and trends shaping 2026, including: Upcoming NERC CIP changes and regulatory focus areas The accelerating impact of AI, deepfakes, and automated attacks Supply chain, physical security, and remote connectivity risks Extreme weather response and grid reliability challenges The rise of Inverter-Based Resources (IBRs) and grid transformation Why the unknown may be the greatest risk of all From boardroom priorities to frontline security teams, this conversation explores what leaders should be thinking about now to prepare for what’s next. 🎥 Watch to hear where the Archer team believes organizations should focus their time, funding, and people in 2026—and beyond. #DirectConnect #CriticalInfrastructure #Cybersecurity #NERC #CIPCompliance #OperationalResilience #AIinSecurity #IBR #GridTransformation #PhysicalSecurity #SupplyChainRisk #ExtremeWeather #CyberRisk #ArcherEnergySolutions

Temporada 4

Stop Talking About Your Last Audit

In this episode of Direct Connect, Stacy Bresler, Leonard Chamberlin and Steve Parker, Managing Partners at Archer, break down one of the most common (and dangerous) traps in NERC CIP and regulatory compliance: obsessing over your last audit. Auditors change. Risks change. Rules change. Teams change. So why are so many utilities still anchored to what happened 3+ years ago? From shifting threat environments to controls-focused audits, internal controls, and what it really means to be secure vs. simply “passing,” this conversation hits the heart of modern compliance. 👉 If you want to be ready for your next audit, this episode is a must-watch. #NERC #CIPCompliance #CriticalInfrastructure #DirectConnect #AuditPreparation #Cybersecurity #Utilities #PowerGrid #ArcherEnergy #RiskManagement

1 de 9