Simplifying Cyber

Cybersecurity and Food Systems

Aaron Pritz, Cody Rivers Season 2 Episode 11

Share episode

Cyber attacks don’t just knock systems offline—they can empty shelves, disrupt feeding schedules, endanger animals, and muddy price signals across the food supply. 

We sat down with Kristin (Demoranville) King, CEO of Anzen Sage and host of Bites and Bytes Podcast, to unpack how modern agriculture runs on a mesh of OT, data, and logistics that adversaries increasingly target. From GPS-guided tractors to sensor-packed dairy parlors, the farm has become an edge-compute environment where ransomware and misconfigurations have real-world consequences you feel at the store and at the table.

Kristin traces her journey from IT into plant floors and incident response, revealing why security wasn’t designed into most food and ag systems and what that means for resilience. We explore the most common attacks—phishing, ransomware, and DDoS—and why they hit harder here than in other sectors. She shares a clear-eyed look at co-op breaches, invoice scams that exploit older operators, and thorny questions about who owns farm-generated data. We also step into underreported territory: radical activism and agroterrorism tactics like doxxing, deepfakes, and drone footage that act like insider threats and can devastate small producers.

You’ll hear practical, low-cost steps that make a difference fast: fold digital checks into safety routines, change default passwords, map critical assets, plan for backup and recovery, and vet vendors with a security-by-design lens. Kristin previews her upcoming Wiley book, "Securing What Feeds Us," which blends systems thinking, OT realities, and grounded business guidance to help leaders connect incidents to food safety and supply outcomes. If you care about cybersecurity, food safety, or just want your groceries to show up reliably, this conversation connects the dots.

🔗 Connect with Us & Get in Touch

Tune in to Simplifying Cyber wherever you get your podcasts, or watch exclusive video content right here on the channel. Subscribe for hot takes on emerging technologies, tips and tricks for everyone looking to stay secure, and in-depth conversations about complex cybersecurity topics.

No gatekeeping and no BS. We’re here to simplify.

Official Website: www.revealrisk.com

LinkedIn: https://www.linkedin.com/company/reveal-risk

🤘 Stay Secure with Us

If this content helped you understand cybersecurity better, please give it a thumbs up, subscribe to our channel for more expert insights, and hit the notification bell so you don't miss our latest updates.

Reveal Risk delivers cybersecurity results, not just reports.

SPEAKER_01:

Thanks for tuning in to Simplifying Cyber. I'm Aaron Pritz. And I'm Cody Rivers. And today we're here with Kristen DeMoranville. She is the CEO and founder of Anzin Sage and also a podcast host of Bites and Bites, which I'm excited of on both of those, excited to learn a little bit about that. And actually, deep in writing a book. We were chatting about six months left on a book called Securing What's Feet What Feeds Us and excited to talk about that. And speaking of talking, Kristen is active on LinkedIn. It's a great platform. She's very out there and mentioned Warren ahead. If you talk to her, she will respond and interact. So fair warning and uh opportunity, I guess, one and the same. But Kristen, welcome to the show. And uh, we're excited to get to know you a little bit. And let's start with a little bit of your story kind of coming into Cyber.

SPEAKER_00:

Thanks. I love being here. You guys are a great team. Obviously, I'm friends with Broadwin, so this works out really well for me. I get to see her briefly too. Awesome. She's I am, yeah, she is pretty cool, right? Maybe we should just have a whole episode about her.

SPEAKER_03:

Just talk about Bronwyn. Just skip the whole podcast and talk about Bronwyn.

SPEAKER_00:

I feel like I could do that for at least 15 minutes straight without, you know, breathing. So it works out. I know she's laughing on the other side of this. Anyways, yes, I am Kristen Demoraville. I am the host of Bites and Bites. I am writing a book. Oh my god. And I do I am CEO and founder of Anzin Sage. I also am CEO and co-founder of a SaaS tool called Ans and OT, which is sort of still in stealth mode. So I'm not that I'm gonna get into it. My partner does a way better job of describing that, anyways, because it's his baby, and I'm just here.

SPEAKER_03:

I have a quick question. Really important question. Bites and bites, which one's first? Is it by order of priority? I wonder this is this is important to me.

SPEAKER_00:

So bites like you bite something, and computer bites. So thank you for clarifying that because people get very confused. And obviously, I do love my play on words. Actually, Anzin Sage is a play on words as well. Um, Anzin is the word for secure, safe in Japanese, and Sage is obviously the herb or the herb if you're over the pond, and a wise person. So it's kind of like, you know. Like that.

SPEAKER_01:

That is ironic. We do a lot of cybersecurity program, uh workforce development programs, and we actually named one of our characters for a large oil and gas company, Sage, for a couple of the same reasons that you mentioned. So that's yeah.

SPEAKER_00:

I have some growing my garden that I haven't killed yet, so we're doing good.

SPEAKER_02:

Okay.

SPEAKER_00:

I probably should have said something about that on the podcast at some point, but I haven't yet. So the podcast actually came up out of having similar conversations over and over again. And I was like, I should just record these. Like, we should have a larger platform. People don't know how their food gets to the table. People don't understand the people that are making their food or you know, trucking their food or doing anything with their food, keeping it safe, for example. So I had this brilliant idea to have this podcast and it won an award last year, right along with Broadwin, actually. And it was pretty awesome because I didn't expect it at all. And that was amazing. And then um, yeah, we're uh 12,000 downloads, and I think oh my goodness, I'm at thir like episode 38 or something or something high up there now. So it's actually been going around for a while. So I have guests that are food safety experts, professors, I have farmers, I have OT people, I have IT people, I have oh gosh, I've had marketers on there, you name it. I've had people on data scientists has been a big one lately as well. Um, how they're using AI to start, you know, making more sense of the data that's coming out of the farming industry and agriculture in general. Yeah, some really fun stuff, some really depressing episodes like uh agro terrorism. That's a fun one. That is still killing me slowly thinking about that. And yeah, there's more to come too. I'm about to dive into like the seafood industry because that's a wild, wild west of we don't know what's going on over there from a security standpoint unless you're in the know. Yeah. Yeah.

SPEAKER_01:

So it's so Kristen, I want to hear about, I was gonna say, I want to hear about your journey into food, but maybe before we do that, we you know, at reveal risk, we start we like to start with risk and why it matters to the business. So give us your your your take on the food and agriculture business. And you know, obviously there's a linkage to critical infrastructure, but what threats are out there? What what are companies that are dealing with this facing? And then obviously we can back up from there and get into how did you get into this specific niche? Because that's awesome.

SPEAKER_00:

Sure. Um, that's a great question. So they're facing everything else that every other industry is facing, it's nothing special in that regard. Um, other than when you disrupt food and ag, it has a more cascading effect, not from the financial side, but from a global perspective. So the global supply chain gets damaged in some regard, whether that's a few days or longer, or you have questions with food safety at that point. So that can trigger recalls or foodborne illness. The consequences are more severe in my mind than just paying out a lot of money to fix it or a ransom because you don't know how long and how fast it's going to cause that disruption or ripple or how it's gonna affect health. It's such a complicated system. And if you aren't a systems thinker, it becomes really difficult to deal with. And if you are a systems thinker, it's very difficult to deal with as well, because now you're realizing, oh goodness, everything is broken. And now what do I do? So companies really are facing this uh crisis, if you will. It's not because of the legacy tech, as I'm so tired of people talking about that. It's not just because everything is connected, it's because nothing was was done with security in mind when it was first put in. And that's kind of the rollback we're going through right now. Um, if you look at any of the major breaches that have happened recently, whether that's the automotive or the retail side or any of that, they are doing their due diligence now where they should have done it years ago. Uh, you know, ingress, egress, and and asset inventory and things like that. So I'm that's where the industry is at the moment. Now we have we have different layers to this. Obviously, you have the big corporations that have full security teams and probably a SOC and a knock and all these other fun things. They probably have all the latest tech, all the intrusion detection, all the things like that. And I go, and we can go all the way down to the farm level. And what is a farmer gonna do if their GPS tractor just starts acting a fool or drives itself in a way that it's not supposed to? Or is it what about the privacy of that data? Who owns that data? What happens when a dairy parlor goes crazy and he gets hit with ransomware? What is a farmer supposed to do? More than likely, they're gonna roll back the system and just a standard to factor reset. But that's gonna take a tech because there nobody knows how to do that on the farm because they don't employ security people necessarily. It's it's such an interesting space because it's been so, I don't want to use the word neglected, but just not paid, not really paid attention to for a long time. Um, CISA didn't add it to the critical 16, well now 16 until 2020, which is such a weird moment because we've been eating since the dawn of time.

SPEAKER_02:

Yeah.

SPEAKER_00:

And as I do research for the book that I'm writing, uh I've realized just how ingrained food is in so many other levels, the societal we've gone to war over spices. There's so much platform of security awareness or me going in and doing strategy or whatever it takes. Because I want to make sure that I don't look at my spinach with suspicion every morning like I do right now. I want to actually start having a better relationship with my food and stop the misinformation, disinformation campaigns as well, because that's just part of the deal too. And that's that's a lot of what's been going on.

SPEAKER_03:

Oh, I was thinking, I like what you said about like going to a war with food, and especially now, like, you know, it's not so much I gotta go over to your land with a knife or a gun or something. I can sit in my own office and pop in digitally, and you know, you can kind of wreak havoc or chaos in a different location just by hitting the food supply chain.

SPEAKER_00:

Well, yeah, it's it's crazy. And the stereotypes are so ridiculously strong in certain parts of the industries where people literally think hackers are hoodies, wearing hoodies in their mom's basement and probably male. And I keep saying, no, you gotta watch out as that 17-year-old blonde girl in the coffee shop. Like it's no joke. And trying to get people to um to deal with that is really interesting. It's and I'm trying to break past the stereotypes because remember, farming communities and agriculture in general are really tight-knit and they are distrusting by nature because if you're not part of their community, they don't know you. So they don't, if they don't know you, they don't want you in. But that also gets turned on them. I've had farmers tell me that if anybody came on to their farm and requested their Wi-Fi password, they probably just turn it over. And I was like, don't do that. Like, you need to just don't trust anybody. You wouldn't just let anybody into your house. Same concept of you can't let you can't eat at everybody's house kind of thing. You just don't know what's happening. And again, you have to kind of have a healthy suspicion, but you can still be friendly. I mean, it it's just how you roll. And that's it's been a lot of that kind of conversation as of late, too. Of have you thought about this? Did you think about this? Well, security is in our minds, but we don't know what to do, is what I get a lot. And that's uh that's a scary place to be. I'm sure as practitioners, you hear this and go, ugh, you know, because it's hard.

SPEAKER_03:

Well, yeah, to well, to Aaron's point earlier, I think earlier about uh we do a lot of workforce awareness, and there is definitely there's that education portion before the empowerment, because to your point, they may not know. And and I think the farmers are a good example of like in some of the manufacturing areas, there's a corporate entity over the top of it that kind of can help govern and and provide that oversight of that, you know, the education piece. But um, I'm assuming I don't know, it's not my area, but like on the farm side, they don't have that corporate entity behind a mid-time that that's providing that oversight or that education. So it is a friendly, here's the password. And as you see in OT, it's a lot of machinery with a foundational, you know, tie to the internet. So it's a lot of questions.

SPEAKER_01:

So, Kristen, I want to get into the convergence of physical and cyber and farmland and all that. But before we do, let's maybe take a step back and get into how you got into the food industry at a high level. What was your journey to kind of form around this focus?

SPEAKER_00:

Yeah. So I started in food service pretty early on when I was in my first years of college, um, the more corporate side. So I got like the food safety trainings and understood how to handle food. And I say that because food safety and food defense go right along with cybersecurity now. We're kind of partners in this journey. We hold hands, we've got to get through it together because tech is constantly being used and touched by food, as well as to test and regulate our food. So um, I'm glad I learned that early on. I also know how to make a great latte, so that helps too. Um what ended up happening was I went to school to get a degree in environmental management. And um, I originally got the degree because I thought it had nothing to do with technology or security or anything, and joke's totally on me, by the way. I know that now. So obviously the water sector became very interesting to me, and I'm very fascinated by it to this day. And I have great relationships on the water side. I love those people, they're great people, and they're also going through the same struggles that Food and Ag is going through. You know, um, not enough people working, there's too many issues, everything's critical, but nothing's critical kind of vibes, alert fatigues, those kind of things. And then I went to work for a bakery company and it was it was in Atlanta, and it was uh a really interesting place to work because it was just acquired, so there was a lot of change and digital transformation. And I got to see SAP completely break a company, so that was fun times. Um, but within that, I was doing IT, but I was also doing OT, and I didn't even make the connection in my head until somebody said one day, Oh yeah, you're doing OT work. And I was like, Oh, I guess I'm an OT, you know, kind of thing.

SPEAKER_02:

Welcome.

SPEAKER_00:

I know, right? It was like it was sort of a weird induction, like, kid, you've been doing that for a while. Why didn't you realize that kind of vibes? And I shifted into security when I was there, um, kicking and screaming, because I originally didn't really appreciate security. I thought they were kind of annoying and just dumped things onto the teams and didn't actually help and then went off to whatever they did. Um and when right before I left, I actually ended up leaving as the unofficial CISO because my boss had left and we had our first breach or my first major corporate breach. Of course, it happened at the holiday weekend, the whole thing.

SPEAKER_01:

Always.

SPEAKER_00:

I got to experience like the crash teams and you know, the late night pizza and the whole thing. And actually, I just had drinks with my uh old corporate lawyer from there a couple months back, and we were reminiscing about that. And he's like, You were brilliant. I would have never known that was your first breach. And I was like, Why, thank you. I feel like that was the best compliment ever.

SPEAKER_01:

Only gets better from here.

SPEAKER_00:

Yes. And then I left to go work for Sony, and um, Sony didn't really have any factory security knowledge like I did, and which is kind of strange to say to this day. I hope they do now. Um, they uh had a big issue with um uh WannaCry, and that caused um some issues where we had to deal with it quickly. So I ended up kind of shifting my risk role, which was risk and policy, into more of a factory security at the time. And when I left there, I had entrepreneur on my way to and double cybersecurity director. And um I was running the factory security program for Japan, and that was pretty cool. Um, and then I left to go consult because that's what we all seem to do in security for some reason. We just jump in. And then I started working through cosmetic companies and you know, consumer goods and more food companies and pharmaceutical, because that's you know, just a little bump over from food in a lot of ways. And that's how I cut my teeth. And by the time I left consulting, I was standing actually at a conference, um, a food safety conference, actually. They invited um me to speak. I think I was on a panel, I don't remember. Um, and it was like the light bulb went on. We're we're doing the same, we're fighting the same fight, like food security and food defenses, but just differently. We're on the tech side and they're fighting it on like the pathogen side because pathogens are really just hackers, if you think about it, and a very layman's way of looking at it. So I had this incredible light bulb moment and I was like, why aren't we doing more with food? And then by the time I left the consulting world, I had started my firm and I was like, we're gonna, I'm gonna go straight for food and ag. This is amazing. Um, my agricultural ties have come over the time I've been consulting more. I love the ag community. People are great. It's such an amazing place how people feed us, and they we don't even know that they're doing the work. And I really want to give as much as I can to that community. So that's like the most high-level version of how I got into food ever.

SPEAKER_01:

Well, that's great. And just maybe a couple connections. So myself and a couple of our other leaders have spent a long time in the pharmaceutical uh side on the corporate side. And then we have one gentleman, Todd Wilkinson, who I think Brownwin uh has introduced you to who was from animal health. And you know, some of the stories he shared about going into the farms from a pharmaceutical side of animal health, you know, but just the questions I had about like who helps the farmer. So it's great to hear that individuals like you have a specialized focus on them, because I do think your point is valid that it's probably a you know a catching up community of you know, even getting the support that they need to, you know, some of these farms are huge and industrial and everything's connected.

SPEAKER_00:

Everything's connected.

SPEAKER_01:

You mentioned incident and obviously at one of the companies, but I guess from a agriculture standpoint, what what are what are some of the most common examples of a real world world cyber incident within food and ag and which ones matter most? What are you most concerned about as you think about your client base?

SPEAKER_00:

So I would say that everything that's hitting every other sector is hitting food and ag. There's no no the special. I'm sorry to say that. Ransomware DDoS. Mainly it's ransomware and fishing that's been hitting the food industry the most, and which again is very prevalent everywhere else. And andor their tags for each other. Ransomware ends up being particularly nasty in the food and ag industry because it takes a very long time to unravel. I mean, JBS is like a super great example of that. You know, the largest meat company in the world got hit, you know, it was to the point where USDA couldn't even put out the price of meat because they couldn't determine what it would be because they couldn't slaughter for things were so effective. It was a mess. Um, so Canada, Australia, they got punched too with that. Um, Australia had empty shelves. We had a little bit of empty shelves. And then how do you explain to a consumer that it's a cyber attack that's causing this issue? And don't get me wrong, this has been happening more frequently. I mean, there was a milk shortage for that. Everybody blamed it on avian flu this year. It wasn't, it was actually a cyber attack that hit distribution. And because the dairy industry specifically is getting punched the hardest because they are the most connected. If you think about it, everything to do with a milk parlor is connected. Cows can literally, they wear trackers on their ears or they have collars on that literally they can go get milked whenever they want. They can just walk straight in, have their day, and then walk out. What a life. Yeah, I mean, actually, yes, it is quite the life. But the dairy industry is actually a very dangerous industry because cows don't care about human beings. They'll crush you and run you over. They don't care. So it's like you have to take what it is. It's it's cool, but like, oh my gosh. Yes. Yeah. So they've been getting particularly hit with ransomware lately. Um, and what I mean by lately is the last few years, um, to the point where it's resulted in cow death and calf death. It's um, it's really devastating. And this is a global problem. This is not just like indicative of the United States. Um, Canada's been getting hit pretty heavily. Different other places in Europe are getting hit, but like I said, it's because it's so interconnected and it's attacking the PLC on the line. So it's definitely OT and it's definitely happening. Um, and again, the farmers aren't equipped to handle this, and they don't even know who to call. That's the worst part. I only know of one other firm in this in the US that's doing actual like tech work on the ground. And we just met last week. That's pretty wild, right? Like there's nobody doing this. I I can only be so loud and I can only hop up and down so much. And it's really hard because you have to have a certain level of empathy to work inside of food and ag because it's it's someone's life. They've mortgaged their house, you know, they've they they're taking out loans. It's really an industry of a mental health dance. And suicide is very prevalent in the industry as well. It's a lot of things, and then there's all the succession planning with farms, and that's a global problem. So we really, yeah, we need first hand farmers, but we need to hang on to what we have. And if you have a really bad cyber attack, that's gonna, that's gonna devastate a farm. And obviously, like a big corporation probably will be okay. They'll get through it, they'll have enough, they'll have cyber insurance, they have things like that, they'll probably help bounce back. But these smaller farms and these medium-sized farms, they're the ones that are gonna, they're gonna bleed. And that's hard to watch. So I again, as I learn more and I'm into this and everything that's happening, I just it's like I want to stand on top of the mountain and just start yelling. Like, start caring about where your food comes from.

SPEAKER_03:

Yeah. I think you're right. A key term we uh you see a lot of the corporate side like resilience because it's you know, it's gonna happen at some point. And so, like, it's how resilient are you, or how much can you withstand an attack? And to your point, if if there's a real low resilience, the the if or the win is gonna happen at some point, and low resilience, to your point, would cause catastrophic damage and then you know, sometimes unrecoverable.

SPEAKER_00:

Yeah, and I love that you guys are training focused in a lot of ways because that is the way to empowerment. And I find that that's what I have to do a lot is I sort of the other day I was telling someone that I'm not really cyber or anything anymore. I'm a risk person and I just train. Like that's what I do. I talk to people, but in all reality, that's not my career. But however, I do find that the more people are aware, the more they'll they'll think about something. They'll hesitate before they do it, or they'll, or they'll talk about it with others and things like that. I I think I've done more training in the last few years of just even the conference talks that I do are some type of enlightenment of hey, maybe you should care about the soybean because it's connected to all other industries. This is why, and this is how it relates to cyber and that kind of thing.

SPEAKER_01:

So, Cody, as you mentioned, resiliency, obviously, similar to myself and my background in pharmaceuticals, like operational uptime and producing product and manufacturing for farming, it's producing animals, keeping them healthy, uh, you know, supply chain of food, fans that cool a, you know, a barn that might be the difference of life or death on a really hot day, kind of beyond the operational effectiveness, resiliency, keeping the farm running. And this may be at the bigger kind of food health corporations, but are there any like industrial espionage and data theft concerns? And I the only one that I know about that, you know, is kind of the hybrid seed, you know, hybrid seed is technology with research. And I went through the FBI Citizens Academy, and I think that's where I learned one of the cases where farmers are kind of recruited to plant specific hybrid seeds that are in testing hidden in the middle of fields, only they know, but there's been a lot of espionage to try to obtain this technology from abroad. So I'm just curious like, how does that intersect with the world that you are in an ag? And do you see that as a prominent top-of-mind threat? Or is that more for the big corporations producing the technology, let less so from the farmer's standpoint?

SPEAKER_00:

I don't, I haven't heard anybody talk about that on the ground really. I think that that is in the realm of conspiracy theorists, so that people stay away from that kind of conversation with me, generally speaking. I do think that they are concerned about their data because they've kind of unintentionally air gapped themselves, farmers. It's weird. There's data everywhere. Um, and the question of who owns it and what happens when something happens to it. There's been a lot of data breaches in co-ops. So the new collect new cooperation, um, there was a seafood co-op that went last year or the year before. They want to get information about their customers, essentially, is what it's coming down to. Just like any other data breach, more data, the happier they are. Um, so I think that there's concern about that. Um, also because the generation is a little bit older in farming, the median age is, you know, roughly around, I don't know, 58 to 63. Obviously, we all know scams are huge, and that's a big concern for them too. There's been a lot of them that have fallen for the scams because if they get an invoice for like a million dollars for like their feedstock, let's just say for their cattle, they're just gonna pay it. They're not gonna think about where it came from or what it is. So there's a lot of that type of, oh God, like what are we done? you know, kind of thing, because that that could devastate a farm as well. And then there's a lot of disinformation, misinformation, and this goes right along what you're saying, Aaron, that's coming out of nation states and it's being fed into radical extreme activists. Now, I'm gonna make it very clear. I have no issues if you are vegan. If you believe in animal, you know, as sentient life, that's great. I'm happy for you. However, if you radicalize and get violent, that's when I have a problem. And this is what's been happening a lot lately. This is this is agro terrorism and a little bit of ecoterrorism mixed in. They will dox families, they'll deep fake, they'll um fly drones over after something has happened, they'll make them look like they're horrible people and it will tank a small farm, or it will cause conflict in these larger farms to the point where animals get slaughtered, or they're letting animals go, or they're, you know, essentially just the worst part is they pose as interns and they'll take pictures. And this is why I tell people you have to cover up your stuff, like take some duct tape. I don't care what you do, cover up your things, change your default passwords, don't let everybody on because that espionage, that type of espionage is happening, but it's for a radical extreme ideology. And it's happening. People are talking about it. And um, I actually just recently wrote an article about it on my Substack and on LinkedIn talking about how the USDA national farm security plan mentioned, you know, extreme versions of this, but on from a not on a domestic, but from international. Whatever you want to say about China, whatever's happening, great, sure, we got to pay attention to it. But we're not dealing with the domestic issues that are happening here. And they're so frequent that far every farmer I know that I've ever spoken to has either had a death threat or knows someone that's had a death threat. What the hell? Like that is it's crazy. So that espionage stuff is actually more around these radical extremists than the corporates trying to sabotage or international trying to get in there. And I'm assuming they're probably just ducktailing on the back of that, let's be honest, because everything is interconnected in the world. So there's that happening as well. And that's that's what's scary. That's really scary, actually.

SPEAKER_03:

Yeah, we we we do a lot of stuff like that. It's called insider risk, but a form of risk, right? You gotta figure out if it's external or internal. Um you deranged, uh, you know, um employee or something, but to your point, uh, didn't didn't think about that. So interesting, interesting uh knowledge there and definitely something I wasn't aware of.

SPEAKER_01:

Yeah, so it's talking about oh, sorry, go ahead.

SPEAKER_00:

No, I was gonna say it's I have to tell people to make sure they check socials and figure out where people's idea, you know, run the background checks, but also include looking at what people are saying and posting, because people post about everything, you know. My I stub my toe today and this is how I feel about it kind of thing. But if they're talking about like, oh hey, I really think that, you know, eating meat is wrong and all maybe you shouldn't have them work on your farm with animals. If you're like a full a full produce farm, maybe it'd be okay. But like those kind of conversations need to be had.

SPEAKER_01:

Yep. So let let's talk about like where are the pain points from a physical and operational technology standpoint within the farms and communities that you work with? Is it outdated infrastructure? You mentioned you do a lot of teaching. Is it lack of awareness? They don't know where to start. Like, where do you typically feel like the low-hanging fruit is for these conversations and for these farmers to make some early progress, you know, quickly?

SPEAKER_00:

So I have two answers. I have, I have, let's just say, the boots in the dirt answer, and then I have a little bit of a different answer. And I'll start with a different answer first. I think that ag tech companies need to stop being so predatory into these farms and also start having security by design in mind. And I know I'm not making friends when I say that, but you people cause a lot of problems that don't need to be there. And I really would like to start seeing security-minded individuals who are creating this incredible, well-used, well-loved, sustainable type products come in with security by design. And I realize they're never gonna do that until it's regulated. So that is one problem, right? Because we do have secure tech that's hitting these areas. The second problem is literally they just don't have time and they're not aware of it. And I think that what I've been doing is rolling into safety checks. So it's part of your safety process now. It's part of your business continuity, it's a pattern of disaster recovery, whatever you want to call it for the farm. It's your oh shit plan. Um, you need to start looking at it just like you would assess for fire or for chemical, because there's an incredible amount of chemicals on a farm. They have all kinds of great security physically, like dogs, cameras, lock gates, things like that. It's just a matter of kind of taking the mindset and moving into the digital space a little bit because again, we're dealing with cyber physical devices. So there's a physical device that needs to be dealt with as well as the fact that you've got to tie up your digital end. And it just comes down to they just don't know. They think it's secure coming out of the gate. And that goes right back to the ag tech conversation. I can't even tell you how many default passwords I've seen or really weird passwords. And it's you could tell that it was like the 15-year-old kid down the street that probably did it for them, which is fine. And that's that's community, and that's the beauty of this. But it comes down to they just don't know what they don't know, and now it's being exploited. That's that's the easiest way of saying it.

SPEAKER_01:

Yeah. Connecting some dots. I mean, we we do a lot in healthcare and connected devices and healthcare, kind of the same thing. Lots of old tech, you know, security by design flaws. I think healthcare has been in the spotlight for probably, you know, actually amplified in COVID because of such a swarm of impact on healthcare and devices. And really, when ransomware threat actors started targeting healthcare, they kind of avoided it for a while and then just went full at it. But I can only imagine within farming, like it's the same problem with similar equipment for different use cases, but probably further behind than healthcare because they haven't had that giant spotlight shined on them yet, or maybe it's starting to, and that that catch up is occurring.

SPEAKER_00:

Yeah, I don't, I don't think that they haven't had a big spotlight. I mean, JBS is pretty bad, and there's been several after that. In fact, um uh people are now paying attention to food and agriculture, which I greatly appreciate. But if you're going to come in this space, please recognize that it's still an evolving space. It's not, it's not as well rounded and robust as like finance, for example. Part of the problem too is there's no regulation around cybersecurity or anything to do with the tech inside of food and agriculture. There's a few things on the food safety side, but it's like an interpretation type line, like you should secure the tech around food safety equipment or you know, that kind of stuff.

SPEAKER_03:

Pretty high.

SPEAKER_00:

To me, interprets that you should have security controls around that. But then again, to a person who's not a security-minded individual, they'd probably just be like, cool, I just need to lock the door, you know, that kind of thing. Yeah. So I think that there isn't so there's legacy tech, sure, but the problem is is there's never been security around it. So they why would they do it now when they haven't been hit? But the the thing is is people are getting hit more regularly and more often, and people are talking about it and they're they don't know what to do. And that's it's it's so gutting because it's like, you know, you just know it's one of those things like just five things you could do really quickly, kind of thing. Like, here you go. And it wouldn't cost you anything, you just time. And that's another currency that farmers and the ad community in general and food don't have is time. Making that time is hard. But I've like I've you know repeatedly said and will continue to say, and I know both of you probably said it, it's much more cost effective to deal with cybersecurity upfront than after an attack. And I keep reminding people of that. Like, I know this feels like garbage right now, but you're gonna get through it and then you're gonna be more resilient to use the words that we've been using as you go through it because they're going to get hit. It's just a matter of when. And that's that's hard to get that mentality in their minds because they've been so trusting in their whole lives, you know. Hey, I trust this tractor is gonna go forward and not be a problem. Hey, I trust that my chicken houses are going to stay healthy and the right temperature and the feed's gonna come out at the right time and all these things. And the fact that hackers can go down to the level of introducing nutrients, the wrong nutrients, to flies that are fed to chickens is wild to me. Nothing's off limits anymore. Nothing's secret, nothing's safe. You know, it's everything is just everybody's off for at all now. And that's probably why the the healthcare industry took a while because people just expected people not to touch hospitals. Because why would they? But it's the same with food. Yeah, they may eat that food, but they don't care. They're just gonna whatever.

SPEAKER_01:

The barrier was broken, the water flowed, and it it's not coming back, unfortunately. So I want to spend a little bit of time talking about your podcast, Bites and Bites, and uh learning a little bit more what of that that about, and then make sure we talk about your upcoming book, Securing What Feeds Us. So So maybe let's start with the podcast and give us a glimpse of what our listeners might be able to obtain from your show.

SPEAKER_00:

Yeah, the podcast is great. Um I'm still getting used to people telling me that they listen and they um come up to me and they're fans and they really have learned something or it's helped them in their academic career or their career. I I'm so humbled every time someone even mentions they spent time with me because I sometimes feel like I'm ridiculous. So I mean it really is wonderful. The podcast is it's a lot of me chasing my own curiosity, I'll be honest, because I kind of get into these conversations with people that are on the in the food side and the ag side. I'm like, hey, I really want to talk about this on air. Do you mind? That kind of thing happens. Tell me what you're doing, tell me about the things you're working on. So I'm really peeling back the curtain of the food and ag industry to talk about different sectors that people haven't really figured out before. And I obviously have the tech and cyber lens because I'm I mean I can't help myself. But it's really great, you know, hearing about these different incidences that I didn't even know happened. Like um the Peanut Corporation of America, for example. If you don't know what that is, go look it up and we'll talk about it. It's um it was pretty nasty. And to me, that's an insider threat on a whole level. Reminds me a lot of the Boars Head incident, those kind of things. I am now 100% um that that cybersecurity kind of a-hole a little bit now, um, as well as a food safety a-hole at the same time where I go into a restaurant, I won't sit in front of the open kitchen. In fact, I was just at a place the other day and I was facing the open kitchen, and I was like, I need to move. Like, and people are like, What's wrong? Is there something going on? I'm like, no, I just don't want to watch because I'm gonna I'm gonna start heart palpitations watching whatever's happening back there. Um, so that's that's changed me as a person as well because of the podcast. Um, because I talk to all these different individuals now.

SPEAKER_01:

Unsee and unhear.

SPEAKER_00:

Yes, and it's led to me into some amazing conversations and partnerships, and having a podcast is great. I mean, you guys know this. And it it's it's such a great place to learn and it's safe. And it's I love it. And the thing I love about the show the most is actually the beginning of the show. I ask everyone the same two questions: your favorite food and your favorite food memory. Because I want to humanize and also it's a great icebreaker. People relax very quickly when they start thinking about their favorite food memory. And I've had some beautiful memories come out, and then I've had some like questionable memories, but it's okay. And generally speaking, people have crazy food fixations. I got pizza a lot. It's really hard to rift off of pizza. Like people always say pizza, and I'm like, what am I supposed to say about this now? But I just talk about toppings and we go there. Um, and then it's just really great. So people can share the work that they're doing and things like that. So it's been fabulous. And I have a lot more farmers coming on now, which has been and ranchers and things like that. So it's been really interesting to hear their side of the story of how they think it'd feel about tech. Um, a lot of them say, I don't think about it. And I'm like, Well, you have a phone, and they're like, Yeah. And then they go, Oh, that is tech. And I'm like, Yeah. So we kind of like go down the line. And it's really, it's really fascinating. And also hear why people do it and why they still do it and why we should really be thanking farmers every day. Um, and then I have a lot of people from food production, and we talk a lot about that world and the craziness that's there. It's it's so it's such a great show. I really enjoy it, and I'm really excited for whatever next season's gonna look like because it's gonna change and evolve every year, of course. So everybody get ready. I don't really know what that looks like yet.

SPEAKER_03:

Oh, well, speaking of that, give us the little give us the book preview, give us a little insider knowledge here.

SPEAKER_00:

Sure. Security What Feeds Us. I'm writing it with Wiley Publishing. So they're the ones that do books for dummies. My book is not a book for dummies, it's a business book, but um, and I think this came from the podcast as well. To be truthful, that's probably how they found me. Uh, it is a first of its kind book because nobody's written about food and agriculture and cybersecurity before, which you know, zero pressure there, obviously, like absolutely zero pressure. And I've started with it's gonna be done in different phases, so it's gonna talk a lot about different the industries as a whole, but then I'm gonna break it down in different sectors, like why you're gonna have to pay attention to it differently here, dairy versus seafood, you know, food production versus agriculture, that kind of stuff. It's gonna be a book of practical information, but also the history of how we got there. So, how do we go from rubbing two sticks together and cooking our meat to like where it is now? Like, let's have that conversation and how it evolved and why we need to evolve alongside it. It's gonna be heavy operational technology. Sorry, everybody, this is my world, um, cyber physical, but we're also gonna talk about the human elements of food and why it's different. I am really enjoying writing it. It is difficult to write. I'm a first-time author, so yikes, is what I'll say to that. However, um, I realize as I'm writing it how important this book is and the information in it and why we need it now, because we really are on the cusp of something really disastrous happening, like a foodborne illness or um some type of food safety scare with a cyber attack. And I really hope that this book will at least inform on a business level, you know, what things can be done or things to look out for or pay attention to. It is not going to have a checklist. Everybody can relax. I've had some people tell me if there's a checklist in it, they're going to scream. It will not have a checklist. It's going to just be baked into common sense knowledge and a lot of systems thinking. Hey, if something's wrong over here, you probably have this problem over there. So lots of anecdotes, lots of stories, lots of my sass. So if you know me, you know that it's there. And yeah, thanks. Yeah, I'm really excited about it. So it'll be out in like uh autumn of 2026, roughly, is what we're targeting. So about a year from now. Yeah, so stay tuned for that. I'm sure there'll be some book signings and other things that I can't believe I just said that out loud kind of thing, like all kinds of things. So I'm really excited.

SPEAKER_01:

Awesome. Well, Kristen, we've loved uh unpacking the history of your career and journey through food and food, physical security, OT. Uh, good luck on the rest of the book. Really appreciate your time. I'm gonna go to check out your podcast, Bites and Bites. Uh, I'm excited. I'm a foodie myself, so I'm excited to connect those dots into a couple things I love cyber and food. Appreciate you coming on the show.

SPEAKER_00:

My pleasure. Thank you.

Head Shot

Aaron Pritz

Host
Head Shot

Cody Rivers

Co-host