Shawn Anderson's Cyber Blog

Cloud, Assurance, Forensics, Engineering

Tag: GenAI

Cybersecurity and convergence of IT/IoT/OT environments – It is time!

April 15, 2025 / / 0 Comments

The convergence of Information Technology (IT), the Internet of Things (IoT), and Operational Technology (OT) is reshaping industries, yet OT remains deeply rooted in its on-premises heritage. Industry trends estimate that 80-90% of OT systems are still managed locally, reflecting a historical preference for air-gapped or minimally connected setups to ensure uninterrupted operations in critical infrastructure. A prime example is the Programmable Logic Controller (PLC), a rugged industrial computer that automates processes like running assembly lines in manufacturing, regulating power grids in energy, or controlling water treatment in utilities. PLCs, with lifecycles often spanning 20-30 years, are built for reliability but rarely designed for cloud connectivity, anchoring many OT environments to legacy systems.

Thes systems are often incompatible with cloud connectivity. Recent market analyses highlight a slow but growing shift toward hybrid and cloud-based solutions, with cloud adoption in OT security and management projected to rise significantly—though it still lags on-premises dominance. This hesitancy stems from concerns over latency, cybersecurity risks, and regulatory compliance, particularly in sectors where downtime or breaches could have catastrophic consequences.

For CISOs, CIOs, and CTOs, navigating this transition is a strategic imperative. In this blog, we’ll explore four key points to help technology leaders prepare for this convergence and embrace a future-ready approach. During my three plus years at Boston Meridian we have come across a lot of exciting companies working in OT and helping to bridge the gap. The main topic of discussion coming up seems to be that of “active” vs “passive” or agent vs agentless based solutions. This is a tricky world to navigate because of the legacy of OT systems and the fact many of these operational systems are shifting over to the technical and security teams for monitoring. This requires architecture discussions and how to adopt new and emerging technologies for OT.

  1. The On-Premises OT Landscape and Emerging Cloud Adoption
    With 80-90% of OT systems still on-premises, industries prioritizing control—like manufacturing with its PLCs and SCADA, or energy with its grid management—favor localized setups to mitigate risks. However, IoT integration is nudging these sectors toward hybrid models, where cloud solutions enhance monitoring and analytics while preserving on-premises stability. Understanding this shift’s pace is critical for aligning with industry-specific needs.
  2. Why Hybrid Environments Are the Sweet Spot
    A hybrid approach blends on-premises reliability with cloud flexibility, delivering tailored benefits across OT-reliant sectors. It enables real-time insights and predictive maintenance—think centralized oversight for utilities or optimized logistics in transportation—all while maintaining security. This balance is especially appealing for industries like manufacturing and energy, where legacy systems must coexist with modern demands.
  3. Strategic Choices: Cloud, On-Premises, or a Blend?
    The path forward varies by industry. Staying on-premises offers control, crucial for oil and gas pipelines or healthcare’s smart systems, but limits scalability. Full cloud adoption suits data-driven monitoring in logistics yet risks latency in time-sensitive OT processes. A hybrid model often strikes the right chord—cloud analytics for non-critical workloads paired with local control for mission-critical operations—allowing leaders to tailor strategies to their sector’s realities.
  4. Leveraging AI, ML, and Vulnerability Analysis as the Convergence Catalyst
    Artificial Intelligence (AI) and Machine Learning (ML) transform raw data from IoT, IT, and OT systems into actionable intelligence, revolutionizing both architecture design and monitoring. In architecture design, AI-driven simulations help leaders model resilient hybrid environments, optimizing data flows between on-premises OT and cloud-based IT systems.

For example, in manufacturing, AI can predict how IoT sensors integrate with legacy PLCs, ensuring low-latency performance. ML algorithms refine these designs by learning from operational patterns, enabling adaptive architectures that scale securely—critical for energy grids or transportation networks. For monitoring, AI-powered anomaly detection identifies deviations in real-time, such as unusual equipment behavior in utilities or traffic anomalies in logistics, flagging potential failures before they escalate.

ML enhances this by continuously improving detection accuracy, learning from historical OT data to reduce false positives. Vulnerability analysis, a key AI/ML application, strengthens cybersecurity across converged environments. By scanning IoT devices, IT networks, and OT systems, AI identifies weaknesses—like outdated firmware in healthcare devices or misconfigured SCADA systems in oil and gas—prioritizing risks based on exploitability.

This proactive approach helps CISOs design segmented architectures that isolate critical OT assets while enabling secure cloud monitoring. Together, these technologies empower leaders to build robust, future-proof systems and maintain vigilant oversight, turning convergence into a competitive advantage.

Industries Poised to Benefit

This convergence impacts on a range of OT-dependent verticals, each with unique stakes:

  • Manufacturing: Industrial control systems and automation stand to gain from hybrid monitoring and AI-driven maintenance.
  • Energy and Utilities: Grid and water management can leverage cloud analytics while securing critical infrastructure.
  • Oil and Gas: Remote pipeline operations benefit from hybrid scalability without compromising safety.
  • Transportation and Logistics: Real-time coordination improves with AI and hybrid visibility.
  • Healthcare: Emerging OT in smart hospitals gains efficiency and security through strategic integration.

For technology leaders across these sectors, the IT/IoT/OT convergence demands action. What is the call to action:

Don’t wait for your organization to ask “what are we doing about OT?”. I know many of my peers are busy with the day to day, “blocking and tackling” and might feel they don’t have the time to look at this. You have to make the time.

Begin by assessing your infrastructure, how can cloud integration enhance your OT systems? Craft a roadmap balancing on-premises strengths with hybrid innovation, and harness AI to unlock data-driven potential. Whether you prioritize cloud agility, reinforce on-premises control, or blend both, preparation is key. Don’t underestimate the value of building architecture diagrams of the different systems. Make sure you have a strategy around vulnerability analysis and visibility. Finally, it’s about resilience and recovery as you WILL have issues. The adversaries are relentless and have more and more tools at their disposal every day.

In a few weeks I will be at the 2025 RSA Conference in San Francisco. I along with the team at Boston Meridian Partners would be happy to chat about the state of the markets or help you navigate the M&A process. Please reach out to us via our webpage and LinkedIn below.

www.bostonmeridian.com

Boston Meridan LinkedIn Page <- Follow this company!

About the author

Shawn Andersonhas an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Mr. Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, he is also recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Mr. Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technological insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

ZTA, Secure by Design, Platform, Best of Suite, what does all this mean???

November 22, 2024 / / 0 Comments

Boom… A little over a month ago, I published a blog around best of breed vs. best integrated vs. best of luck. Other related topics that CISOs, CTOs, and other C-Suite executives often discuss include Zero Trust Architecture (ZTA), Secure by Design, Best of Suite, and platform. Many CISOs and CIOs have strong opinions on these topics. Some feel ZTA is a bogus strategy and impossible to achieve, while others are committed to achieving it. Secure by Design is a dream many of us in the industry have had for decades. This blog will dive deeper into each of these topics, highlight companies in each area, and provide some talking points/benefits for each.

Defining Zero Trust Architecture (ZTA)

On the surface, Zero Trust Architecture is exactly what it sounds like: trust nothing without verification. This means verifying explicitly and using the principle of least privilege, where entities only have access when needed. Another key aspect is the “assume breach” mentality. While I understand the rationale, I prefer explicit verification over assuming a breach. For example, I know my house is secure because the doors are locked, and my dogs would alert me to any intruders. Similarly, a well-architected and monitored network should achieve the same level of security. Zero Trust is a continuous journey rather than a final destination.

Understanding Secure by Design

Secure by Design emphasizes integrating security into every layer of a system from the outset. As a CTO or CISO, fostering a culture of security by design is crucial. This approach includes principles like least privilege, assume breach, and defense in depth. Think of it like a car equipped with safety features such as airbags, seatbelts, and sensors. Similarly, your network should be designed with multiple layers of security. Achieving Secure by Design involves threat modeling, secure coding practices, and regular security training. Companies helping companies with this are Microsoft, Google, AWS, Cisco, IBM, Palo Alto Networks, and Crowdstrike. Crowdstrike has an interesting take on this as they push for “resilient by design” which I prefer as a practitioner. Security is always evolving and adversaries have even more resources to use against us. It’s critical to be resilient to achieve any level of success. Secure by Design is good as well so consider options of both when researching this for your own organizations

Best Integrated vs. Best of Platform

In a previous post, I discussed “best integrated,” which aligns with the concept of “best of platform.” This approach involves selecting a broad set of tools within an extensible framework that supports your goals and security needs. Always choose tools with built-in integration capabilities to ensure seamless operation. Some of the same companies as above are considered highly focused on on “best integrated” and walk the line into platform if customers wish to do so. Technology companies that focus on “platform” are Trend Micro, Qualys, Zscaler, Lacework, and Tenable. Thes companies focus on cloud-native solutions, compliance, advanced threat protection, insurance, and management solutions which all taken together help customers build a “best platform”.

Best of Suite

The best of suite approach involves selecting a comprehensive suite of security tools from a single vendor. Having worked at an investment bank for the past three years, I’ve seen a trend towards security consolidation. The managed services space is also growing as more companies outsource their security needs. While the initial cost can be higher, this approach requires careful planning and architecture. It is important to understand there are small differences in each of these. While Microsoft is on many of these lists it is due to the fact you can choose some or all of their capabilities. Google is very similar where you can look at Gartner, 451, or Forrester1 and they will have both companies highly rated. This is important for “Best of Suite”. Other companies to consider would be Salesforce, Oracle, SAP, Adobe, Workday, and ServiceNow. They have “platforms” around Enterprise resource planning, customer relationship management, IT Service Management, and Operations Management. They can integrate tools across marketing, sales, service, and commerce.

Conclusion

Over the past two blogs, we’ve explored best of breed, best integrated, best of suite, platform, and Secure by Design. Each approach has its complexities, costs, and challenges. It’s essential to consider the data and remember that “culture eats strategy” every day of the week. As a new CIO, CTO, or CISO, gaining buy-in from key stakeholders is crucial. My recommendation is to choose a framework, build your architecture based on existing capabilities, and develop a roadmap for gradual improvement. Change requires time and endurance, but with a strategic approach, you can shift the culture one tool at a time.

In conclusion, take a strategic approach rather than a tactical one to avoid constantly playing “whack-a-mole.” A well-developed architecture will align the C-Suite and help you create a robust security plan. Avoid making decisions based on personal preferences alone, and focus on building a cohesive and secure environment.

If I missed speaking with you at Blackhat, I along with the team at Boston Meridian Partners would be happy to jump on a call to chat about the state of the markets or help you navigate the M&A process. Please reach out to us via our webpage and LinkedIn below.

www.bostonmeridian.com

Boston Meridan LinkedIn Page <- Follow this company!

About the author

Shawn Anderson2 has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Mr. Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, he is also recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Mr. Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technology insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

  1. Gartner, 451 Research, Forrester ↩︎
  2. http://www.linkedin.com/in/shawnanderson ↩︎

Boston Meridian Fireside chat at RSA Conference Reception 2024.
It's all about the data!

Observations from RSAC2024 – A Security Roadmap for AI

June 10, 2024 / / 0 Comments

Most of us have fully recovered from our very busy week at this year’s RSA Conference. The massive cyber security event which takes place in San Francisco with over 60k of my closest cybersecurity friends. As most of us already figured would be the topic de jour, there were very few if any in attendance, who were not talking about GenAI. Specifically, the impacts it is and will have on our industry and the rest of the world as we know it.

I have written about Artificial Intelligence (AI) in the past and how it’s going to be the integration of GenAi and different other solutions which will truly cause significant disruption. GenAI and the combination of other technologies such as robotics, medical, oil and gas exploration, retail delivery, fast food experience, and even tier 1 and 2 security operations center functions. This all sounds really cool and fascinates me with the massive potential GenAI has to impact the world.

Boston Meridian Partners, the company I work at, hosts a reception on Sunday evening each year prior to the conference. We host this meeting for numerous startups and friends from the private equity and venture capital world as well as many C suite executives with interest in cyber security. Our goal the past few years has been to get some top-notch speakers to share their wisdom with the crowd and this year’s speakers did not disappoint.

We had Chris Krebs from SentinelOne, Brian Finch from Pillsbury Winthrop Shaw Pittman LLP, and Kate Kuehn from WTI who shared key points on regulatory issues (Note: Thankfully we have the EU who have established many key requirements for the world to follow as our own US government has been slow to pass any legislation with real teeth). They also spent time talking about risk and the importance of collaboration and coordination. While we discussed many key investor topics around GenAI it couldn’t have been a better way to set the stage for the RSA Conference and our very full week of over 150 meetings from across the community. 1

I took away quite a few pointers as I met with startups, CEOs, speakers at numerous events, and in general discussion around a good craft beer or cocktail in the evenings. Here are some take aways from and things to ponder as we push GenAI initiatives in our companies and industries we support.

  1. As mentioned above, collaboration and coordination are key to success. It might seem like a no brainer but many of us are hardheaded and like to “go it alone” which can be a big mistake. It’s imperative we work closely with industry partners, government agencies, and relevant councils to manage AI-related risks and incidents. Fostering this collaboration will enhance GenAI security across the collective.
  2. Risk – I have spoken on this, written about it, and will shout it from the highest mountain as long as I have air in my lungs; “It’s about the data”. It’s super critical to conduct thorough risk assessments specific to GenAI deployments and focus on the data risk. It’s being sucked like a vacuum into these Large Language Models (LLMs) with little to no understanding where the data is going or how it is being used. It is critical for CIO’s and CISO’s to identify potential vulnerabilities, threats, and attack vectors related to AI technologies.
  3. Zero Trust and/or Secure by Design – We use the term “it’s easier to bake it in than spread it on like peanut butter” but often we find companies doing this very thing. Prioritize security from the outset. Ensure those GenAI systems are designed with zero trust (we trust nothing and no one without verification) and with security in mind, incorporating Multi-Factor Authentication, encryption, and access controls.
  4. Supply Chain and 3rd party security – Extending security considerations throughout the entire GenAI supply chain is now a must do these days. One cannot assume the suppliers are doing the right thing or have you in their best interest. They should, but it’s up to you to verify and set up the appropriate controls and service level agreements. This goes back to the “collaborate” discussion above and ensuring safe and responsible use of GenAI.
  5. Finally, we have the geek moment and have to allow technology and or the “hunters” to red team. This should be performed regularly as GenAI exercises and tabletops with the executive team’s involvement. By simulating attacks organizations can identify weaknesses and improve defenses. Since it’s often illegal to go on the offensive against adversaries we must have strong defenses in place.

Overall, it was another amazing week in San Francisco, and I enjoyed meeting so many innovative companies on the show floor. While GenAI is still in its infancy it has quickly become a show of force from all thing’s cybersecurity. GenAI will speed up our ability to do our jobs (but also the adversaries) but we have to be strategic and work faster through the traditional “blocking and tackling” abyss we so often fall into. Teamwork makes the dreamwork!

If you missed us at RSA, I along with the team at Boston Meridian Partners will be at Blackhat, Las Vegas this coming August so please reach out to us via our webpage and LinkedIn below.

www.bostonmeridian.com

Boston Meridan LinkedIn Page <- Follow this company!

Learn More: CISA Roadmap FAQs, CISA AI Roadmap, Cam Sivesind article on “cisa-roadmap-for-ai”, Grayson Milbourne – Forbes Article on “Small Business Roadmap for AI”

About the author

Shawn Anderson2 has an extensive background in cybersecurity, beginning his career while serving in the US Marine Corps. He played a significant role as one of the original agents in the cybercrime unit of the Naval Criminal Investigative Service.

Throughout his career, Anderson has held various positions, including Security Analyst, Systems Engineer, Director of Security, Security Advisor, and twice as a Chief Information Security Officer (CISO). His CISO roles involved leading security initiatives for a large defense contractor’s intelligence business and an energy company specializing in transporting environmentally friendly materials.

Beyond his professional achievements, Anderson is recognized for his expertise in the field of cybersecurity. He is a sought-after speaker, writer, and industry expert, providing valuable insights to both C-Suite executives and boards of directors.

Currently, Anderson serves as the Chief Technology Officer (CTO) for Boston Meridian Partners. In this role, he evaluates emerging technologies, collaborates with major security providers to devise cybersecurity strategies, and delivers technology insights to the private equity and venture capital community.

Overall, Shawn Anderson’s career journey showcases a wealth of experience in cybersecurity and leadership roles, making him a respected and influential figure in the industry.

  1. https://www.linkedin.com/in/christopherckrebs/
    https://www.linkedin.com/in/brianfinch-cybersecurity/
    https://www.linkedin.com/in/katekuehn/
    ↩︎
  2. www.linkedin.com/in/shawnanderson/ ↩︎

© 2025 Shawn Anderson's Cyber Blog

Theme by Anders NorenUp ↑