Series 3 – Episode 1!2025 has been a year full of remarkable OT cybersecurity stories, and in this episode of Cyber Brews, we take you behind the scenes of the most impactful events in the industrial cyber world.

From Jaguar Land Rover incidents to human-factor challenges in incident response planning, AI ransomware and defence-in-depth strategies, zero-day threats, and attackers embedding infostealers in PyPI packages, we cover the stories that shaped the year.

We also discuss the wider regulatory and geopolitical landscape, including the Cyber Security and Resilience (Network and Information Systems) Bill, CISA alerts, FBI advisories, and global collaboration to defend critical infrastructure against pro-Russia hacktivist threats.

Join us as we unpack the lessons learned from 2025, explore the evolving threat landscape, and highlight what it takes to protect critical industrial systems in a world where cyber risks are ever-present.

So grab a brew and tune in to the front lines of OT cybersecurity.

Series 2 - Episode 8

CAF 4.0 – What’s Changed Since CAF 3.2?

In this episode of Cyber Brews, we take a closer look at Cyber Assessment Framework (CAF) version 4 and explore how it differs from CAF 3.2.

We talk through the key changes, what they mean in practice for organisations operating in ICS and OT environments, and how teams should start thinking about alignment, evidence, and assurance under the updated framework.

Whether you’re already working with CAF or preparing for future assessments, this episode helps break down what’s new, what’s evolved, and what really matters moving forward.

So grab a brew and join us as we navigate the latest changes in the CAF landscape.

’Twas the night before Patch-mas, when all through the plant,
Not a system was stirring… or so we all thought.

In this Cyber Brews Christmas Special, we put a cyber security spin on the classic ’Twas the Night Before Christmas tale. This festive episode tells a story from the world of ICS and OT security, where late-night alerts, unpatched systems, and seasonal good intentions collide.

With humour, rhyme, and a touch of cyber realism, ’Twas the Night Before Patch-mas is a light-hearted reminder of why patching, preparation, and a bit of caution still matter — even during the holidays.

Grab a brew of hot chocolate, settle in, and enjoy a festive cyber tale.

Series 2 – Episode 7!When something goes wrong in the OT world, every second counts....but whatever happens, don’t panic.

This months episode we take a look into incident response and recovery plans. We break down the essentials of Incident Response in Operational Technology environments — what it is, who needs to know about it, and why it matters — towel is optional.

We discuss what makes a strong Incident Response Plan (IRP), the key components every organisation should include, and how even well-prepared plans can fail when theory meets reality.

Along the way, we share real examples and lessons learned from the front lines of OT security and we talk a little about our latest published cyber security paper on using critical task analysis to understand the human element of incident response plans.

So grab a brew, keep calm, and join us as we hitchhike through the world of OT incident response.

Something sinister is stirring in the systems…

In this Cyber Brews Halloween Special, we dive into the true story behind one of the most chilling cyber incidents in industrial history the Triton malware attack.

What began as a routine night in a control room turned into a digital nightmare, when rogue code infiltrated safety systems designed to prevent catastrophic industrial accidents.

With a Halloween twist, “Ghost in the Control Room” explores how a few hidden lines of code nearly turned a secure facility into a scene of chaos — and what this haunting real-world case teaches us about human error, resilience, and the invisible forces moving through our networks.

So grab your favourite brew, turn down the lights and settle in for a Halloween Special.

Series 2 – Episode 6!

This month’s brew takes a fresh look at the latest updates in IEC 62443-2-2:2025 — The standard that sets out requirements for industrial automation and control system security programs.

If that sounds a bit dry, don’t worry — we’re serving it up in plain English, with a dash of Dave & Chris -style "banter".

In this episode, we break down what’s new in the revised standard, why it matters, and how these changes impact organizations looking to strengthen their OT security posture.

Key topics on tap this month include:

• What IEC 62443-2-2 actually covers and why it’s important

• The most significant changes in the latest update
  
• How these updates affect compliance and real-world implementation
  

So grab your favourite brew and join us as we try to make sense of the updates in the new IEC 62443-2-2:2025 — hopefully without the headache.

Series 2 – Episode 5!

Cyber Brews: IEC-62443 Security Levels, Simplified?This month’s brew tackles the industrial cybersecurity standard that everyone talks about — but few really get: IEC 62443. If you’ve ever felt lost in a sea of FRs, SRs, and SLs, you’re not alone. We’re here to break it down, coffee (or pint) in hand.

In this episode, we unpack the core components of IEC 62443 — from Foundational Requirements (FRs) to Security Levels (SLs) — and explore what they actually mean for real-world OT environments.

Key topics on tap include:

• What the different Security Levels (SL1 to SL4) actually represent — and why SL4 isn’t always the goal
• The role of Foundational Requirements (FRs) and how they structure your cybersecurity baseline
• How System Requirements (SRs) map to practical controls in the field
• Why context matters: understanding your risk, your environment, and your realistic target level

So whether you’re just getting into IEC 62443 or trying to explain it to someone else without inducing a yawn, this episode’s for you.

Grab your brew of choice and join us as we demystify the standard — one security level at a time.

Series 2 – Episode 4!

Cyber Brews: Trust No One, Verify Everything (Zero Trust)

This month’s brew dives into a game-changing security model that’s making waves in both IT and OT: Zero Trust. Forget the old perimeter mindset — in this episode, we explore why trust is no longer a security strategy, especially when it comes to protecting critical industrial systems.

We kick off with a breakdown of what Zero Trust actually means, where it came from, and why it’s become essential in the world of Operational Technology. As OT and IT networks continue to converge, the traditional “trust but verify” approach just doesn’t cut it anymore.

Key topics on the table include:

• Why OT environments need Zero Trust now more than ever.

• How to apply Role-Based Access Control, Network Segmentation, MFA, and Continuous Monitoring in industrial settings.

• The real-world benefits of Zero Trust: from reduced insider threats to better compliance and resilience.

• Common challenges and how to start making progress, even in complex legacy environments.

So grab your favourite brew and join us as we unravel how Zero Trust could secure the future of OT — one segment, one policy, one verified connection at a time.