They are not in charge of security until now, they haven't been accountable to basically provide security.

Of course, they are concerned about the operation being disrupted. Welcome to The Segment, a Zero Trust leadership podcast. I'm your host, Raghunanda Kumar, Head of Industry Solutions at Alumio, the Zero Trust Segmentation Company. Today, I'm joined by Carlos Buenano, CTO of OT at Amis, a leader in asset intelligence cybersecurity. Carlos brings over 30 years of experience in the control systems and telecommunication fields. He's worked for organizations across the globe, holding roles ranging from solutions architect to principal engineer to ICS cybersecurity consultant. For the past five years, he's focused specifically on operationalizing cybersecurity solutions within industrial networks. In this episode, Carlos joins us to discuss the path to OT security, the importance of zero trust in industrial environments, and how to make progress in security while not compromising productivity. So it gives me great pleasure to welcome onto this episode of the segment Carlos Buenagno, CTO for OT at Armist, the leaders in OT security. Carlos, welcome to the segment. Thank

you so much. Thanks for having me. It's a pleasure. A real pleasure to be here.

I think the pleasure is all mine because we're into season two of the podcast and if my recollection is correct, I think this is the first episode where we've had someone who is an expert in OT security, which is so top of mind these days. So I think the path into OT security is not a natural one when people think about careers in information security. So tell

us a bit about your background. Yeah, so I'm an electronic engineer. I specialize in control systems. I remember going to university and having that one subject, control systems, and I got hooked. So programming my PLC, configuring Scala server and pulling information, connecting to sensors and actuators and making the automation happen, it got me hooked from the very beginning. Throughout my career, I developed basically the skills to be a control system engineer. I remember the time where networking was actually part of the transition between serial networks and Ethernet networks. And I got very curious about it and I wanted to be part of it, talk about that transition, and then mixing the whole networking and control systems into one. then I started designing control networks which was actually quite interesting and slowly slowly was actually you know going more into configuring PLC's scatter servers DCS was going into networking programming and defining control networks come across with ISC 62443 and how it defines network segmentation from a green field point of view. Slowly, slowly, start getting involved with systems, access directories, EDRs, and integrating all these different systems, joining all these systems into the domain, protecting these devices and backing them up and making sure I have the procedures in place following ISC 6244-3 at the time. It's almost like I just fell into it. In the last 10 years, I've been focusing only in cybersecurity for OT environments. My understanding of the environment, the OT environment as such, and communicating with the OT personnel, the engineering teams, the plan managers, and giving them the information that they need to hear because it can actually be a very complex conversation with the plan managers because they will want to protect the production and then we need to start introducing security topics. It is actually one of my pleasures.