Podcast: PrOTect It All (LS 27 · TOP 10% what is this?)
Episode: OT Risk Management That Works: Asset Visibility, Risk Quantification & CISO-Level Strategy
Pub date: 2026-04-13
Get Podcast Transcript →
powered by Listen411 - fast audio-to-text and summarization
You can’t manage risk you can’t measure - or even see.
In this episode of Protect It All, host Aaron Crow sits down with Nicholas Friedman to explore how organizations can move beyond compliance and build real, measurable cybersecurity programs across IT and OT environments.
With experience spanning banking, aerospace, and critical infrastructure, Nicholas shares how risk management principles translate across industries - and why understanding business context is critical to protecting operational systems.
This conversation dives into one of the biggest challenges in OT today: asset visibility and risk quantification. From outdated spreadsheets to modern automation, Aaron and Nicholas break down what it actually takes to understand exposure, justify investment, and communicate risk at the board level.
You’ll learn:
Why asset inventory is the foundation of OT security
How to move from compliance checklists to real risk reduction
The importance of risk quantification for CISOs and executives
How to communicate cybersecurity in business and financial terms
The role of automation and knowledge transfer in scaling security programs
Lessons from banking and aerospace applied to utilities and critical infrastructure
Whether you’re leading a cybersecurity program, managing OT environments, or presenting to the board, this episode delivers practical strategies to align security with business value and measurable outcomes.
Tune in to learn how to turn cybersecurity into a risk-driven, business-aligned strategy - only on Protect It All.
Key Moments:
05:14 Understanding business risk basics
08:40 Building effective OT cybersecurity teams
13:26 Challenges with aging IT and OT systems
14:19 Organizing IT and OT assets
18:31 Understanding OT and IT risks
21:53 Evaluating security risks and priorities
25:31 Improving asset deployment and management
29:14 Evaluating and prioritizing risks
31:12 Shifting focus to success plans
35:59 Selling tech that delivers results
37:22 Hands-on approach to cybersecurity
42:39 Challenges with NERC audit processes
44:47 Balancing compliance and security
49:45 Challenges in power utility operations
51:55 AI, OT, and risk management
56:31 Importance of early compliance planning
About the guest :
Nicholas Friedman is an enterprise risk and governance leader with 25+ years of experience across Fortune 500 companies and government sectors. He specializes in integrated risk management, compliance, and AI governance - helping organizations build scalable frameworks that align security, risk, and business resilience.
How to connect Nicholas Friedman :
Linkedin : https://www.linkedin.com/in/nicholasfriedman/
Website : https://www.templarshield.com/
Connect With Aaron Crow:
Website: www.corvosec.com
LinkedIn: https://www.linkedin.com/in/aaronccrow
Learn more about PrOTect IT All:
Email:
[email protected] Website: https://protectitall.co/
X: https://twitter.com/protectitall
YouTube: https://www.youtube.com/@PrOTectITAll
FaceBook: https://facebook.com/protectitallpodcast
To be a guest or suggest a guest/episode, please email us at
[email protected]Please leave us a review on Apple/Spotify Podcasts:
Apple - https://podcasts.apple.com/us/podcast/protect-it-all/id1727211124
Spotify - https://open.spotify.com/show/1Vvi0euj3rE8xObK0yvYi4
The podcast and artwork embedded on this page are from Aaron Crow, which is the property of its owner and not affiliated with or endorsed by Listen Notes, Inc.
Netherlands