Cyber Brews - The Operational Technologies Podcast

Series 3 - Episode 2!
The landscape of industrial cybersecurity guidance in the UK is evolving, and many organisations are now navigating the transition from HSE’s OG86 guidance to the more comprehensive IEC 62443 standard.
In this episode of Cyber Brews, we explore what that shift really means for engineers, operators, and organisations responsible for industrial control systems and operational technology.
We discuss why OG86 existed, the role it played in protecting safety-related systems, and how the growing cyber threat landscape has driven the move toward IEC 62443’s broader, lifecycle-based approach to cybersecurity.
Along the way, we unpack key differences between the two approaches, the expectations emerging from regulators, and some of the practical challenges organisations face when applying these concepts to real-world OT environments.
So grab a brew and join us as we break down the journey from OG86 to IEC 62443 and what it means for the future of industrial cyber security!

Series 3 – Episode 1!2025 has been a year full of remarkable OT cybersecurity stories, and in this episode of Cyber Brews, we take you behind the scenes of the most impactful events in the industrial cyber world.
From Jaguar Land Rover incidents to human-factor challenges in incident response planning, AI ransomware and defence-in-depth strategies, zero-day threats, and attackers embedding infostealers in PyPI packages, we cover the stories that shaped the year.
We also discuss the wider regulatory and geopolitical landscape, including the Cyber Security and Resilience (Network and Information Systems) Bill, CISA alerts, FBI advisories, and global collaboration to defend critical infrastructure against pro-Russia hacktivist threats.
Join us as we unpack the lessons learned from 2025, explore the evolving threat landscape, and highlight what it takes to protect critical industrial systems in a world where cyber risks are ever-present.
So grab a brew and tune in to the front lines of OT cybersecurity.

Series 2 - Episode 8
CAF 4.0 – What’s Changed Since CAF 3.2?

In this episode of Cyber Brews, we take a closer look at Cyber Assessment Framework (CAF) version 4 and explore how it differs from CAF 3.2.
We talk through the key changes, what they mean in practice for organisations operating in ICS and OT environments, and how teams should start thinking about alignment, evidence, and assurance under the updated framework.
Whether you’re already working with CAF or preparing for future assessments, this episode helps break down what’s new, what’s evolved, and what really matters moving forward.

So grab a brew and join us as we navigate the latest changes in the CAF landscape.

’Twas the night before Patch-mas, when all through the plant,
Not a system was stirring… or so we all thought.
In this Cyber Brews Christmas Special, we put a cyber security spin on the classic ’Twas the Night Before Christmas tale. This festive episode tells a story from the world of ICS and OT security, where late-night alerts, unpatched systems, and seasonal good intentions collide.
With humour, rhyme, and a touch of cyber realism, ’Twas the Night Before Patch-mas is a light-hearted reminder of why patching, preparation, and a bit of caution still matter — even during the holidays.

Grab a brew of hot chocolate, settle in, and enjoy a festive cyber tale.

Series 2 – Episode 7!When something goes wrong in the OT world, every second counts....but whatever happens, don’t panic.
This months episode we take a look into incident response and recovery plans. We break down the essentials of Incident Response in Operational Technology environments — what it is, who needs to know about it, and why it matters — towel is optional.
We discuss what makes a strong Incident Response Plan (IRP), the key components every organisation should include, and how even well-prepared plans can fail when theory meets reality.
Along the way, we share real examples and lessons learned from the front lines of OT security and we talk a little about our latest published cyber security paper on using critical task analysis to understand the human element of incident response plans.
So grab a brew, keep calm, and join us as we hitchhike through the world of OT incident response.